[PATCHv2 2/2] nvme-pci: use sgls for all user requests if possible
Keith Busch
kbusch at kernel.org
Wed Nov 13 07:48:09 PST 2024
On Wed, Nov 13, 2024 at 05:58:59AM +0100, Christoph Hellwig wrote:
> On Tue, Nov 12, 2024 at 01:06:20PM -0800, Keith Busch wrote:
> > From: Keith Busch <kbusch at kernel.org>
> >
> > If the device supports SGLs, use these for all user requests. This
> > format encodes the expected transfer length so it can catch short buffer
> > errors in a user command, whether it occurred accidently or maliciously.
> >
> > For controllers that support SGL data mode, this is a viable mitigation
> > to CVE-2023-6238.
>
> The patch itself looks fine, but instead of the handwaivy mitigation,
> maybe just disable passthrough without SGL support by default to actually
> fix and not just mitigate the CVE?
SGL is an optional feature that many devices don't implement. Even fewer
do it for metadata. Disabling it entirely is "breaking userspace" for
users I need to support.
More information about the Linux-nvme
mailing list