[PATCHv2 2/2] nvme-pci: use sgls for all user requests if possible
Christoph Hellwig
hch at lst.de
Wed Nov 13 21:56:43 PST 2024
On Wed, Nov 13, 2024 at 08:48:09AM -0700, Keith Busch wrote:
> > > For controllers that support SGL data mode, this is a viable mitigation
> > > to CVE-2023-6238.
> >
> > The patch itself looks fine, but instead of the handwaivy mitigation,
> > maybe just disable passthrough without SGL support by default to actually
> > fix and not just mitigate the CVE?
>
> SGL is an optional feature that many devices don't implement. Even fewer
> do it for metadata. Disabling it entirely is "breaking userspace" for
> users I need to support.
Well, if that usage creates exploitable behavior we'll need to fix it
and not just paper over it. Although this probably only really matters
for the non-privileged passthrough.
More information about the Linux-nvme
mailing list