[PATCH V6 1/2] nvme: enable char device per namespace

[hch at lst.de]

On Thu, Mar 25, 2021 at 11:09:51AM +0900, Minwoo Im wrote:
> > I was still allowed to write to NSID2:
> > 
> > sudo nvme zns report-zones -d 1 /dev/nvme0n2
> > SLBA: 0x0        WP: 0x1        Cap: 0x3e000    State: IMP_OPENED   Type: SEQWRITE_REQ   Attrs: 0x0
> > 
> > Should this really be allowed?
> 
> I think this should not be allowed at all.  Thanks for the testing!

It should not be allowed, but it seems like a pre-existing problem
as nvme_user_cmd does not verify the nsid.

> > I was under the impression that Christoph's argument for implementing per
> > namespace char devices, was that you should be able to do access control.
> > Doesn't that mean that for the new char devices, we need to reject ioctls
> > that specify a nvme_passthru_cmd.nsid != the NSID that the char device
> > represents?
> > 
> > 
> > Although, this is not really something new, as we already have the same
> > behavior when it comes ioctls and the block devices. Perhaps we want to
> > add the same verification there?
> 
> I think there should be verifications.

Yes.

> > Regardless if we want to add a verification for block devices or not,
> > it just seemed to me that the whole argument for introducing new char
> > devices was to allow access control per namespace, which doesn't seem
> > to have been taken into account, but perhaps I'm missing something.
> 
> Any other points that you think it's not been taken account?  I think it
> should map to previous blkdev operations, but with some verfications
> there.  It would be great if you can share any other points supposed to
> be supported here :)

Agreed.