[PATCHv2 2/2] nvme-pci: use sgls for all user requests if possible
Keith Busch
kbusch at kernel.org
Thu Nov 14 09:29:48 PST 2024
On Thu, Nov 14, 2024 at 05:42:45PM +0100, Christoph Hellwig wrote:
> On Thu, Nov 14, 2024 at 08:53:49AM -0700, Keith Busch wrote:
> > Only admin users can access this path by default. You have to opt-in for
> > it, so it's not exploitable unless you ask for it.
>
> We do allow non-privileged users to send I/O commands and a small
> whitelist of admin commands by default, limited by the CSE effects.
Not if you can't open the device. The default access permissions don't
allow non-priviledged users.
> > I can't see disabling
> > the interface entirely. In a previous version of this patch, I had the
> > kernel tainted if you tried to do passthrough without SGL support. Would
> > that be a fair compromise if I reintroduce that behavior?
>
> Taint might be a bit too strong, but a one-time message in the log might
> be useful.
Sounds good to me.
More information about the Linux-nvme
mailing list