[PATCH V6 1/2] nvme: enable char device per namespace

Niklas Cassel Niklas.Cassel at wdc.com
Wed Mar 24 12:29:32 GMT 2021 

On Mon, Mar 01, 2021 at 08:24:51PM +0100, javier at javigon.com wrote:
> From: Javier González <javier.gonz at samsung.com>
> 
> Create a char device per NVMe namespace. This char device is always
> initialized, independently of whether the features implemented by the
> device are supported by the kernel. User-space can therefore always
> issue IOCTLs to the NVMe driver using the char device.
> 
> The char device is presented as /dev/nvme-generic-XcYnZ. This naming
> scheme follows the convention of the hidden device (nvmeXcYnZ). Support
> for multipath will follow.
> 

Hello all,

Looking at the discussion that led up to the current design:
https://lore.kernel.org/linux-block/20201102185851.GA21349@lst.de/

Keith initially suggested:

a) Set up the existing controller character device with a generic
   disk-less request_queue to the IO queues accepting IO commands to
   arbitrary NSIDs.

However Christoph replied:

The problem with a) is that it can't be used to give users or groups
access to just one namespaces, so it causes a real access control
nightmare.

c) Each namespace gets its own character device, period.



However, testing this patch series out:

crw------- 1 root root 249,   0 Mar 24 11:32 /dev/nvme-generic-0c0n1
crw------- 1 root root 249,   1 Mar 24 11:32 /dev/nvme-generic-0c0n2
crw------- 1 root root 250,   0 Mar 24 11:32 /dev/nvme0
brw-rw---- 1 root disk 259,   1 Mar 24 11:32 /dev/nvme0n2

NSID1 has been rejected (because of ZNS ZOC, which kernel does not support).

However, if I use the new char device for NSID1, but specify NSID2 to nvme-cli:

sudo nvme write-zeroes -s 0 -c 0 --namespace-id=2 /dev/nvme-generic-0c0n1

I was still allowed to write to NSID2:

sudo nvme zns report-zones -d 1 /dev/nvme0n2
SLBA: 0x0        WP: 0x1        Cap: 0x3e000    State: IMP_OPENED   Type: SEQWRITE_REQ   Attrs: 0x0

Should this really be allowed?

I was under the impression that Christoph's argument for implementing per
namespace char devices, was that you should be able to do access control.
Doesn't that mean that for the new char devices, we need to reject ioctls
that specify a nvme_passthru_cmd.nsid != the NSID that the char device
represents?


Although, this is not really something new, as we already have the same
behavior when it comes ioctls and the block devices. Perhaps we want to
add the same verification there?

Regardless if we want to add a verification for block devices or not,
it just seemed to me that the whole argument for introducing new char
devices was to allow access control per namespace, which doesn't seem
to have been taken into account, but perhaps I'm missing something.


Kind regards,
Niklas

More information about the Linux-nvme mailing list