From: Minwoo Im <minwoo.im.dev@gmail.com> To: Niklas Cassel <Niklas.Cassel@wdc.com> Cc: "javier@javigon.com" <javier@javigon.com>, "linux-nvme@lists.infradead.org" <linux-nvme@lists.infradead.org>, "sagi@grimberg.me" <sagi@grimberg.me>, "linux-block@vger.kernel.org" <linux-block@vger.kernel.org>, "kbusch@kernel.org" <kbusch@kernel.org>, "Javier González" <javier.gonz@samsung.com>, "hch@lst.de" <hch@lst.de> Subject: Re: [PATCH V6 1/2] nvme: enable char device per namespace Date: Thu, 25 Mar 2021 11:09:51 +0900 [thread overview] Message-ID: <20210325020951.GA2105@localhost> (raw) In-Reply-To: <YFswq8pgzg9y00GO@x1-carbon.lan> On 21-03-24 12:29:32, Niklas Cassel wrote: > On Mon, Mar 01, 2021 at 08:24:51PM +0100, javier@javigon.com wrote: > > From: Javier González <javier.gonz@samsung.com> > > > > Create a char device per NVMe namespace. This char device is always > > initialized, independently of whether the features implemented by the > > device are supported by the kernel. User-space can therefore always > > issue IOCTLs to the NVMe driver using the char device. > > > > The char device is presented as /dev/nvme-generic-XcYnZ. This naming > > scheme follows the convention of the hidden device (nvmeXcYnZ). Support > > for multipath will follow. > > > > Hello all, > > Looking at the discussion that led up to the current design: > https://lore.kernel.org/linux-block/20201102185851.GA21349@lst.de/ > > Keith initially suggested: > > a) Set up the existing controller character device with a generic > disk-less request_queue to the IO queues accepting IO commands to > arbitrary NSIDs. > > However Christoph replied: > > The problem with a) is that it can't be used to give users or groups > access to just one namespaces, so it causes a real access control > nightmare. > > c) Each namespace gets its own character device, period. Thanks for summarizing this up! > However, testing this patch series out: > > crw------- 1 root root 249, 0 Mar 24 11:32 /dev/nvme-generic-0c0n1 > crw------- 1 root root 249, 1 Mar 24 11:32 /dev/nvme-generic-0c0n2 > crw------- 1 root root 250, 0 Mar 24 11:32 /dev/nvme0 > brw-rw---- 1 root disk 259, 1 Mar 24 11:32 /dev/nvme0n2 > > NSID1 has been rejected (because of ZNS ZOC, which kernel does not support). > > However, if I use the new char device for NSID1, but specify NSID2 to nvme-cli: > > sudo nvme write-zeroes -s 0 -c 0 --namespace-id=2 /dev/nvme-generic-0c0n1 > > I was still allowed to write to NSID2: > > sudo nvme zns report-zones -d 1 /dev/nvme0n2 > SLBA: 0x0 WP: 0x1 Cap: 0x3e000 State: IMP_OPENED Type: SEQWRITE_REQ Attrs: 0x0 > > Should this really be allowed? I think this should not be allowed at all. Thanks for the testing! > > I was under the impression that Christoph's argument for implementing per > namespace char devices, was that you should be able to do access control. > Doesn't that mean that for the new char devices, we need to reject ioctls > that specify a nvme_passthru_cmd.nsid != the NSID that the char device > represents? > > > Although, this is not really something new, as we already have the same > behavior when it comes ioctls and the block devices. Perhaps we want to > add the same verification there? I think there should be verifications. > > Regardless if we want to add a verification for block devices or not, > it just seemed to me that the whole argument for introducing new char > devices was to allow access control per namespace, which doesn't seem > to have been taken into account, but perhaps I'm missing something. Any other points that you think it's not been taken account? I think it should map to previous blkdev operations, but with some verfications there. It would be great if you can share any other points supposed to be supported here :) > Kind regards, > Niklas
WARNING: multiple messages have this Message-ID (diff)
From: Minwoo Im <minwoo.im.dev@gmail.com> To: Niklas Cassel <Niklas.Cassel@wdc.com> Cc: "javier@javigon.com" <javier@javigon.com>, "linux-nvme@lists.infradead.org" <linux-nvme@lists.infradead.org>, "sagi@grimberg.me" <sagi@grimberg.me>, "linux-block@vger.kernel.org" <linux-block@vger.kernel.org>, "kbusch@kernel.org" <kbusch@kernel.org>, "Javier González" <javier.gonz@samsung.com>, "hch@lst.de" <hch@lst.de> Subject: Re: [PATCH V6 1/2] nvme: enable char device per namespace Date: Thu, 25 Mar 2021 11:09:51 +0900 [thread overview] Message-ID: <20210325020951.GA2105@localhost> (raw) In-Reply-To: <YFswq8pgzg9y00GO@x1-carbon.lan> On 21-03-24 12:29:32, Niklas Cassel wrote: > On Mon, Mar 01, 2021 at 08:24:51PM +0100, javier@javigon.com wrote: > > From: Javier González <javier.gonz@samsung.com> > > > > Create a char device per NVMe namespace. This char device is always > > initialized, independently of whether the features implemented by the > > device are supported by the kernel. User-space can therefore always > > issue IOCTLs to the NVMe driver using the char device. > > > > The char device is presented as /dev/nvme-generic-XcYnZ. This naming > > scheme follows the convention of the hidden device (nvmeXcYnZ). Support > > for multipath will follow. > > > > Hello all, > > Looking at the discussion that led up to the current design: > https://lore.kernel.org/linux-block/20201102185851.GA21349@lst.de/ > > Keith initially suggested: > > a) Set up the existing controller character device with a generic > disk-less request_queue to the IO queues accepting IO commands to > arbitrary NSIDs. > > However Christoph replied: > > The problem with a) is that it can't be used to give users or groups > access to just one namespaces, so it causes a real access control > nightmare. > > c) Each namespace gets its own character device, period. Thanks for summarizing this up! > However, testing this patch series out: > > crw------- 1 root root 249, 0 Mar 24 11:32 /dev/nvme-generic-0c0n1 > crw------- 1 root root 249, 1 Mar 24 11:32 /dev/nvme-generic-0c0n2 > crw------- 1 root root 250, 0 Mar 24 11:32 /dev/nvme0 > brw-rw---- 1 root disk 259, 1 Mar 24 11:32 /dev/nvme0n2 > > NSID1 has been rejected (because of ZNS ZOC, which kernel does not support). > > However, if I use the new char device for NSID1, but specify NSID2 to nvme-cli: > > sudo nvme write-zeroes -s 0 -c 0 --namespace-id=2 /dev/nvme-generic-0c0n1 > > I was still allowed to write to NSID2: > > sudo nvme zns report-zones -d 1 /dev/nvme0n2 > SLBA: 0x0 WP: 0x1 Cap: 0x3e000 State: IMP_OPENED Type: SEQWRITE_REQ Attrs: 0x0 > > Should this really be allowed? I think this should not be allowed at all. Thanks for the testing! > > I was under the impression that Christoph's argument for implementing per > namespace char devices, was that you should be able to do access control. > Doesn't that mean that for the new char devices, we need to reject ioctls > that specify a nvme_passthru_cmd.nsid != the NSID that the char device > represents? > > > Although, this is not really something new, as we already have the same > behavior when it comes ioctls and the block devices. Perhaps we want to > add the same verification there? I think there should be verifications. > > Regardless if we want to add a verification for block devices or not, > it just seemed to me that the whole argument for introducing new char > devices was to allow access control per namespace, which doesn't seem > to have been taken into account, but perhaps I'm missing something. Any other points that you think it's not been taken account? I think it should map to previous blkdev operations, but with some verfications there. It would be great if you can share any other points supposed to be supported here :) > Kind regards, > Niklas _______________________________________________ Linux-nvme mailing list Linux-nvme@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-nvme
next prev parent reply other threads:[~2021-03-25 2:10 UTC|newest] Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-03-01 19:24 [PATCH V6 0/2] nvme: enable char device per namespace javier 2021-03-01 19:24 ` javier 2021-03-01 19:24 ` [PATCH V6 1/2] " javier 2021-03-01 19:24 ` javier 2021-03-03 9:10 ` Christoph Hellwig 2021-03-03 9:10 ` Christoph Hellwig 2021-03-03 10:02 ` Javier González 2021-03-03 10:02 ` Javier González 2021-03-09 11:31 ` Christoph Hellwig 2021-03-09 11:31 ` Christoph Hellwig 2021-03-09 12:42 ` Javier González 2021-03-09 12:42 ` Javier González 2021-03-09 15:05 ` Christoph Hellwig 2021-03-09 15:05 ` Christoph Hellwig 2021-03-09 21:18 ` Javier González 2021-03-09 21:18 ` Javier González 2021-03-24 12:29 ` Niklas Cassel 2021-03-24 12:29 ` Niklas Cassel 2021-03-25 2:09 ` Minwoo Im [this message] 2021-03-25 2:09 ` Minwoo Im 2021-03-25 8:26 ` hch 2021-03-25 8:26 ` hch 2021-03-25 8:39 ` Niklas Cassel 2021-03-25 8:39 ` Niklas Cassel 2021-03-25 9:34 ` Minwoo Im 2021-03-25 9:34 ` Minwoo Im 2021-03-25 12:25 ` Niklas Cassel 2021-03-25 12:25 ` Niklas Cassel 2021-03-25 12:33 ` Minwoo Im 2021-03-25 12:33 ` Minwoo Im 2021-03-25 15:14 ` Keith Busch 2021-03-25 15:14 ` Keith Busch 2021-03-01 19:24 ` [PATCH V6 2/2] nvme: allow open for nvme-generic char device javier 2021-03-01 19:24 ` javier
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210325020951.GA2105@localhost \ --to=minwoo.im.dev@gmail.com \ --cc=Niklas.Cassel@wdc.com \ --cc=hch@lst.de \ --cc=javier.gonz@samsung.com \ --cc=javier@javigon.com \ --cc=kbusch@kernel.org \ --cc=linux-block@vger.kernel.org \ --cc=linux-nvme@lists.infradead.org \ --cc=sagi@grimberg.me \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.