From: Christoph Hellwig <hch@infradead.org>
To: Keith Busch <keith.busch@intel.com>
Cc: Christoph Hellwig <hch@infradead.org>,
Yan Liu <yan@purestorage.com>,
Matthew Wilcox <willy@linux.intel.com>,
linux-kernel@vger.kernel.org, linux-nvme@lists.infradead.org
Subject: Re: [PATCH 1/1] NVMe: Do not take nsid while a passthrough IO command is being issued via a block device file descriptor
Date: Thu, 22 Jan 2015 07:49:30 -0800 [thread overview]
Message-ID: <20150122154930.GA28027@infradead.org> (raw)
In-Reply-To: <alpine.LNX.2.00.1501221430040.15481@localhost.lm.intel.com>
On Thu, Jan 22, 2015 at 03:21:28PM +0000, Keith Busch wrote:
> The case I considered was the "hidden" attribute in the NVMe LBA Range
> Type feature. It only indicates the storage should be hidden from the OS
> for general use, but the host may still use it for special purposes. In
> truth, the driver doesn't handle the hidden attribute very well and it
> doesn't seem like a well thought out feature in the spec anyway.
At least for Linux we should simply ignore that attribute.
> But if you really need to restrict namespace access, shouldn't that be
> enforced on the target side with reservations or similar mechanism?
Think for example about containers where we give eah container access
to a single nvme namespace, including container root access. Here you
don't really want container A to be able to submit I/O for another
container. A similar case exists for virtualization where we had
problems with SCSI passthrough from guests.
WARNING: multiple messages have this Message-ID (diff)
From: hch@infradead.org (Christoph Hellwig)
Subject: [PATCH 1/1] NVMe: Do not take nsid while a passthrough IO command is being issued via a block device file descriptor
Date: Thu, 22 Jan 2015 07:49:30 -0800 [thread overview]
Message-ID: <20150122154930.GA28027@infradead.org> (raw)
In-Reply-To: <alpine.LNX.2.00.1501221430040.15481@localhost.lm.intel.com>
On Thu, Jan 22, 2015@03:21:28PM +0000, Keith Busch wrote:
> The case I considered was the "hidden" attribute in the NVMe LBA Range
> Type feature. It only indicates the storage should be hidden from the OS
> for general use, but the host may still use it for special purposes. In
> truth, the driver doesn't handle the hidden attribute very well and it
> doesn't seem like a well thought out feature in the spec anyway.
At least for Linux we should simply ignore that attribute.
> But if you really need to restrict namespace access, shouldn't that be
> enforced on the target side with reservations or similar mechanism?
Think for example about containers where we give eah container access
to a single nvme namespace, including container root access. Here you
don't really want container A to be able to submit I/O for another
container. A similar case exists for virtualization where we had
problems with SCSI passthrough from guests.
next prev parent reply other threads:[~2015-01-22 15:49 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-22 0:28 [PATCH 1/1] NVMe: Do not take nsid while a passthrough IO command is being issued via a block device file descriptor Yan Liu
2015-01-22 0:28 ` Yan Liu
2015-01-22 0:47 ` Keith Busch
2015-01-22 0:47 ` Keith Busch
2015-01-22 8:45 ` Christoph Hellwig
2015-01-22 8:45 ` Christoph Hellwig
2015-01-22 15:21 ` Keith Busch
2015-01-22 15:21 ` Keith Busch
2015-01-22 15:49 ` Christoph Hellwig [this message]
2015-01-22 15:49 ` Christoph Hellwig
2015-01-22 16:58 ` Keith Busch
2015-01-22 16:58 ` Keith Busch
[not found] ` <CADMsRTZjajAj682a5FH-AmpphoQ4vw5QxqnJiGEQ+Jg_f7TvoA@mail.gmail.com>
2015-01-22 14:22 ` Keith Busch
2015-01-22 14:22 ` Keith Busch
2015-01-23 0:02 Yan Liu
2015-01-23 0:02 ` Yan Liu
2015-01-23 7:57 ` Christoph Hellwig
2015-01-23 7:57 ` Christoph Hellwig
2015-01-23 16:22 ` Keith Busch
2015-01-23 16:22 ` Keith Busch
2015-01-23 17:27 ` Christoph Hellwig
2015-01-23 17:27 ` Christoph Hellwig
2015-01-23 17:50 ` Keith Busch
2015-01-23 17:50 ` Keith Busch
2015-01-25 14:41 ` Christoph Hellwig
2015-01-25 14:41 ` Christoph Hellwig
2015-01-23 23:57 Yan Liu
2015-01-23 23:57 ` Yan Liu
2015-01-25 14:59 ` Christoph Hellwig
2015-01-25 14:59 ` Christoph Hellwig
2015-01-26 18:02 ` Keith Busch
2015-01-26 18:02 ` Keith Busch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150122154930.GA28027@infradead.org \
--to=hch@infradead.org \
--cc=keith.busch@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=willy@linux.intel.com \
--cc=yan@purestorage.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.