[PATCH 2/2] nvme: fine-granular CAP_SYS_ADMIN for nvme io/admin commands

[Kanchan Joshi]

On 10/19/2023 11:19 AM, Christoph Hellwig wrote:
> On Thu, Oct 19, 2023 at 12:00:03AM +0530, Kanchan Joshi wrote:
>> Passthrough commands are guarded by heavy-handed CAP_SYS_ADMIN checks
>> that neglects the file-mode completely.
>>
>> Add a fine-granular policy that considers file-mode and various other
>> parameters for any approval/denial. Also enable few admin commands that
>> are necssary to get the information required to form the i/o commands.
>> The policy is implemented in a new helper 'nvme_cmd_allowed'.
>>
>> I/O commands needing data-transfers are sent only via SGL.
> 
> This looks mostly good to me, but we should not even send the command
> if we know SGLs aren't supported.
> 

I can do this here (and kill the checks from pcie)-

@@ -134,6 +206,15 @@ static int nvme_map_user_request(struct request 
*req, u64 ubuffer,
                 }
                 *metap = meta;
         }
+       /* Data/Meta transfer for unprivileged passthrough is only via 
SGL */
+       if (bdev && !capable(CAP_SYS_ADMIN)) {
+               if (!nvme_ctrl_sgl_supported(ns->ctrl) ||
+                   (*metap && !nvme_ctrl_meta_sgl_supported(ns->ctrl))) {
+                       ret = -EINVAL;
+                       goto out_unmap;
+               }
+               nvme_req(req)->flags |= NVME_REQ_FORCE_SGL;
+       }