[PATCH-part-2 0/9] nvme support for sgl mptr, safe passthrough
Keith Busch
kbusch at meta.com
Wed Sep 4 11:38:08 PDT 2024
From: Keith Busch <kbusch at kernel.org>
NVMe's implicit memory lengths is a danger to buffer overflows. It's
been know for a long time this vulnerability exists.
The nvme protocol provides sgl with explicit lengths, so if the hardware
is capable, let's use that.
This patch series sets up the driver to always prefer SGL
representations on user passthrough requests. An added bonus to using
SGL for MPTR is that we can support multi-segment integrity buffers,
allowing merging once again. Request merging with metadata, though, is
kind of broken, so that functionality depends on this block patchset
(hence the "part-2" subject prefix):
https://lore.kernel.org/linux-nvme/20240904152605.4055570-1-kbusch@meta.com/
I currently don't have real hardware that supports sgl mptr, but I
believe that's coming to me soon. But in the meantime, if you're like
me, you can use the emulated device. Support for MPTR SGL is provided in
this currently unmerged (but very simple) patch to qemu:
https://lists.nongnu.org/archive/html/qemu-block/2024-08/msg00332.html
Keith Busch (9):
nvme-pci: use sgl capable helper function
nvme-pci: provide prp selection helper
nvme-pci: split out the simple dma mapping
nvme-pci: remove "dma_len" from nvme_iod
nvme-pci: simplify io setup function parameters
nvme-pci: common dma pool alloc helper
nvme-pci: provide a sgl mapping helper
nvme-pci: add support for sgl metadata
nvme: force sgls on user passthrough if possible
drivers/nvme/host/core.c | 4 +-
drivers/nvme/host/ioctl.c | 17 ++
drivers/nvme/host/nvme.h | 7 +
drivers/nvme/host/pci.c | 319 ++++++++++++++++++++++++++------------
include/linux/nvme.h | 1 +
5 files changed, 246 insertions(+), 102 deletions(-)
--
2.43.5
More information about the Linux-nvme
mailing list