All of lore.kernel.org
 help / color / mirror / Atom feed
From: Joel Granados <j.granados@samsung.com>
To: Kanchan Joshi <joshi.k@samsung.com>
Cc: <hch@lst.de>, <axboe@kernel.dk>, <kbusch@kernel.org>,
	<sagi@grimberg.me>, <linux-nvme@lists.infradead.org>,
	<javier.gonz@samsung.com>
Subject: Re: [RFC 1/2] nvme: add whitelisting infrastructure
Date: Wed, 21 Sep 2022 12:58:22 +0200	[thread overview]
Message-ID: <20220921105822.nhy6bg3tda4ln5yo@localhost> (raw)
In-Reply-To: <20220909163307.30150-2-joshi.k@samsung.com>

[-- Attachment #1: Type: text/plain, Size: 2203 bytes --]

On Fri, Sep 09, 2022 at 10:03:06PM +0530, Kanchan Joshi wrote:
> If CAP_SYS_ADMIN is present, nothing else is checked, as before.
> If CAP_SYS_ADMIN is not present, take the decision based on
> - type of nvme command (io or admin)
> - nature of nvme-command (write or read)
> - mode with which file was opened (read-only, read-write etc.)
> 
> io-commands that write/read are allowed only if matching file mode is
> present.
> for admin-commands, few read-only admin command are allowed and that too
> when mode matches.
> 
> Signed-off-by: Kanchan Joshi <joshi.k@samsung.com>
> ---
>  drivers/nvme/host/ioctl.c | 36 ++++++++++++++++++++++++++++++++++++
>  1 file changed, 36 insertions(+)
> 
> diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c
> index 548aca8b5b9f..0d99135a1745 100644
> --- a/drivers/nvme/host/ioctl.c
> +++ b/drivers/nvme/host/ioctl.c
> @@ -20,6 +20,42 @@ static void __user *nvme_to_user_ptr(uintptr_t ptrval)
>  	return (void __user *)ptrval;
>  }
>  
> +bool nvme_io_cmd_allowed(u8 opcode, fmode_t mode)
These all should be static functions. right? So we keep the scope within
the file?

Best
> +{
> +	/* allow write/read based on what was allowed for open */
> +	/* TBD: try to use nvme_is_write() here */
> +	if (opcode & 1)
> +		return (mode & FMODE_WRITE);
> +	else
> +		return (mode & FMODE_READ);
> +}
> +
> +bool nvme_admin_cmd_allowed(u8 opcode, fmode_t mode)
> +{
> +	/* allowed few read-only commands post the mode check */
> +	switch (opcode) {
> +	case nvme_admin_identify:
> +	case nvme_admin_get_log_page:
> +	case nvme_admin_get_features:
> +		return (mode & FMODE_READ);
> +	default:
> +		return false;
> +	}
> +}
> +
> +bool nvme_cmd_allowed(struct nvme_ns *ns, u8 opcode, fmode_t mode)
> +{
> +	bool ret;
> +	/* root can do anything */
> +	if (capable(CAP_SYS_ADMIN))
> +		return true;
> +	if (ns == NULL)
> +		ret = nvme_admin_cmd_allowed(opcode, mode);
> +	else
> +		ret = nvme_io_cmd_allowed(opcode, mode);
> +	return ret;
> +}
> +
>  static void *nvme_add_user_metadata(struct bio *bio, void __user *ubuf,
>  		unsigned len, u32 seed, bool write)
>  {
> -- 
> 2.25.1
> 

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

  parent reply	other threads:[~2022-09-21 10:58 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CGME20220909164315epcas5p17de296f5c0796ecf92fe3d0e4a020901@epcas5p1.samsung.com>
2022-09-09 16:33 ` [RFC 0/2] nvme command whitelisting Kanchan Joshi
     [not found]   ` <CGME20220909164318epcas5p15d022bfc15bb4f22dbe4fb424576243d@epcas5p1.samsung.com>
2022-09-09 16:33     ` [RFC 1/2] nvme: add whitelisting infrastructure Kanchan Joshi
2022-09-09 16:55       ` Jens Axboe
2022-09-10  5:35         ` Christoph Hellwig
2022-09-22  6:44           ` Kanchan Joshi
2022-09-09 16:57       ` Keith Busch
2022-09-10  5:34         ` Christoph Hellwig
2022-09-22  7:17           ` Kanchan Joshi
2022-09-18 16:19       ` Joel Granados
2022-09-26 16:16         ` Keith Busch
2022-10-03 11:54           ` Joel Granados
2022-09-21 10:58       ` Joel Granados [this message]
     [not found]   ` <CGME20220909164322epcas5p392a312c882521eb8148ca8503999dcb6@epcas5p3.samsung.com>
2022-09-09 16:33     ` [RFC 2/2] nvme: CAP_SYS_ADMIN to nvme-whitelisting Kanchan Joshi
2022-09-18 16:49   ` [RFC 0/2] nvme command whitelisting Joel Granados

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220921105822.nhy6bg3tda4ln5yo@localhost \
    --to=j.granados@samsung.com \
    --cc=axboe@kernel.dk \
    --cc=hch@lst.de \
    --cc=javier.gonz@samsung.com \
    --cc=joshi.k@samsung.com \
    --cc=kbusch@kernel.org \
    --cc=linux-nvme@lists.infradead.org \
    --cc=sagi@grimberg.me \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.