[PATCH v2 1/2] nvme: fix memory corruption for passthrough metadata

[Keith Busch]

On Wed, Sep 06, 2023 at 09:18:15PM +0530, Kanchan Joshi wrote:
> Would you really prefer to have nvme_add_user_metadata() changed to do
> away with allocation and use userspace meta-buffer directly?

I mean, sure, if it's possible. We can avoid a costly copy if the user
metabuffer is aligned and physically contiguous.

> Even with that route, extended-lba-with-short-unaligned-buffer remains
> unhandled. That will still require similar checks that I would like
> to avoid but cannnot.
> 
> So how about this -

There's lots of bad things you can do with this interface. Example,
provide an unaligned single byte user buffer and send an Identify
command.

We never provided opcode decoding sanity checks before because it's a
bad maintenance burden, adds performance killing overhead, couldn't
catch all the cases anyway due to vendor specific and future opcodes,
and harms the flexibility of the interface. The burden is usually on the
user for these kinds of priviledged interfaces: if you abuse it, "you
get to keep both pieces" territory.