[PATCHv2 2/2] nvme-pci: use sgls for all user requests if possible
Christoph Hellwig
hch at lst.de
Tue Nov 12 20:58:59 PST 2024
On Tue, Nov 12, 2024 at 01:06:20PM -0800, Keith Busch wrote:
> From: Keith Busch <kbusch at kernel.org>
>
> If the device supports SGLs, use these for all user requests. This
> format encodes the expected transfer length so it can catch short buffer
> errors in a user command, whether it occurred accidently or maliciously.
>
> For controllers that support SGL data mode, this is a viable mitigation
> to CVE-2023-6238.
The patch itself looks fine, but instead of the handwaivy mitigation,
maybe just disable passthrough without SGL support by default to actually
fix and not just mitigate the CVE?
More information about the Linux-nvme
mailing list