[PATCH for-next 1/2] nvme: add the permission-policy for command control
Christoph Hellwig
hch at lst.de
Tue Sep 27 00:31:09 PDT 2022
> +bool nvme_cmd_allowed(struct nvme_ns *ns, u8 opcode, fmode_t mode)
This adds an unused function, so I think it should be merged into the
next patch to have one coherent change.
> +{
> + /* root can do anything */
> + if (capable(CAP_SYS_ADMIN))
> + return true;
> + /* admin commands are not allowed */
Empty lines between the check would be nice for readability.
> + if (ns == NULL)
if (!ns)
> + /* exclude vendor-specific io and fabrics commands */
> + if (opcode >= nvme_cmd_vendor_start ||
> + opcode== nvme_fabrics_command)
Odd indentation here, this should be:
if (opcode >= nvme_cmd_vendor_start || opcode == nvme_fabrics_command)
> + /* allow write cmds only if matching FMODE is present */
> + if (opcode & 1)
> + return mode & FMODE_WRITE;
> + /* allow read cmds */
/* allow read cmds when the device permissions allow access */
More information about the Linux-nvme
mailing list