[PATCH for-next 1/2] nvme: add the permission-policy for command control

Christoph Hellwig hch at lst.de
Tue Sep 27 00:31:09 PDT 2022


> +bool nvme_cmd_allowed(struct nvme_ns *ns, u8 opcode, fmode_t mode)

This adds an unused function, so I think it should be merged into the
next patch to have one coherent change.

> +{
> +	/* root can do anything */
> +	if (capable(CAP_SYS_ADMIN))
> +		return true;
> +	/* admin commands are not allowed */

Empty lines between the check would be nice for readability.

> +	if (ns == NULL)

	if (!ns)

> +	/* exclude vendor-specific io and fabrics commands */
> +	if (opcode >= nvme_cmd_vendor_start ||
> +			opcode== nvme_fabrics_command)

Odd indentation here, this should be:

	if (opcode >= nvme_cmd_vendor_start || opcode == nvme_fabrics_command)

> +	/* allow write cmds only if matching FMODE is present */
> +	if (opcode & 1)
> +		return mode & FMODE_WRITE;


> +	/* allow read cmds */

	/* allow read cmds when the device permissions allow access */




More information about the Linux-nvme mailing list