[PATCHv2 2/2] nvme-pci: use sgls for all user requests if possible
Keith Busch
kbusch at kernel.org
Thu Nov 14 07:53:49 PST 2024
On Thu, Nov 14, 2024 at 06:56:43AM +0100, Christoph Hellwig wrote:
> On Wed, Nov 13, 2024 at 08:48:09AM -0700, Keith Busch wrote:
> > > > For controllers that support SGL data mode, this is a viable mitigation
> > > > to CVE-2023-6238.
> > >
> > > The patch itself looks fine, but instead of the handwaivy mitigation,
> > > maybe just disable passthrough without SGL support by default to actually
> > > fix and not just mitigate the CVE?
> >
> > SGL is an optional feature that many devices don't implement. Even fewer
> > do it for metadata. Disabling it entirely is "breaking userspace" for
> > users I need to support.
>
> Well, if that usage creates exploitable behavior we'll need to fix it
> and not just paper over it. Although this probably only really matters
> for the non-privileged passthrough.
Only admin users can access this path by default. You have to opt-in for
it, so it's not exploitable unless you ask for it. I can't see disabling
the interface entirely. In a previous version of this patch, I had the
kernel tainted if you tried to do passthrough without SGL support. Would
that be a fair compromise if I reintroduce that behavior?
More information about the Linux-nvme
mailing list