From: Kanchan Joshi <joshi.k@samsung.com>
To: Chaitanya Kulkarni <chaitanyak@nvidia.com>
Cc: "linux-nvme@lists.infradead.org" <linux-nvme@lists.infradead.org>,
"hch@lst.de" <hch@lst.de>, "axboe@kernel.dk" <axboe@kernel.dk>,
"sagi@grimberg.me" <sagi@grimberg.me>,
"kbusch@kernel.org" <kbusch@kernel.org>,
"gost.dev@samsung.com" <gost.dev@samsung.com>
Subject: Re: [PATCH 2/2] nvme: identify-namespace without CAP_SYS_ADMIN
Date: Mon, 31 Oct 2022 19:17:59 +0530 [thread overview]
Message-ID: <20221031134759.GA20135@test-zns> (raw)
In-Reply-To: <737c7d72-ff5e-1f0e-304c-24bbb23f30a1@nvidia.com>
[-- Attachment #1: Type: text/plain, Size: 2309 bytes --]
On Mon, Oct 31, 2022 at 06:55:56AM +0000, Chaitanya Kulkarni wrote:
>On 10/20/22 00:02, Kanchan Joshi wrote:
>> Allow all identify-namespace variants (CNS 00h, 05h and 08h) without
>> requiring CAP_SYS_ADMIN. The information (retrieved using id-ns) is
>> needed to form IO commands for passthrough interface.
>>
>> Signed-off-by: Kanchan Joshi <joshi.k@samsung.com>
>> ---
>> drivers/nvme/host/ioctl.c | 14 ++++++++++++--
>> 1 file changed, 12 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c
>> index 9c581b1a8956..9273db147872 100644
>> --- a/drivers/nvme/host/ioctl.c
>> +++ b/drivers/nvme/host/ioctl.c
>> @@ -15,9 +15,19 @@ bool nvme_cmd_allowed(struct nvme_ns *ns, struct nvme_command *c, fmode_t mode)
>> if (capable(CAP_SYS_ADMIN))
>> return true;
>>
>> - /* admin commands are not allowed */
>> - if (!ns)
>> + /* policy for admin commands */
>
>above comment is not needed as it is clear from the opcode below
>you are dealing with admin commands only that too specific cns
>values ..
>
>> + if (!ns) {
>> + if (opcode == nvme_admin_identify) {
>> + switch (c->identify.cns) {
>> + case NVME_ID_CNS_NS:
>> + case NVME_ID_CNS_CS_NS:
>> + case NVME_ID_CNS_NS_CS_INDEP:
>> + return true;
>> + }
>> + }
>> + /* other admin commands are not allowed */
>
>same here..
All right, will kill these.
>
>> return false;
>
>if and swicth and two returns are looking confusing, I'd use
>nested switch case default here..
Do you think that'll give better looking code?
I did not write that because it did not seem good fit for the
situtation. It involved aligning more curly braces:
- /* admin commands are not allowed */
- if (!ns)
+ if (!ns) {
+ switch (opcode) {
+ case nvme_admin_identify: {
+ switch (c->identify.cns) {
+ case NVME_ID_CNS_NS:
+ case NVME_ID_CNS_CS_NS:
+ case NVME_ID_CNS_NS_CS_INDEP:
+ return true;
+ }
+ }
+ }
return false;
+ }
Above is without default. And with two defaults, it just gets more
wordy.
And future growth in above admin opcodes is not expected too.
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
next prev parent reply other threads:[~2022-10-31 13:59 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20221020071338epcas5p16d72f5d4d868b889e3a98688bc454a98@epcas5p1.samsung.com>
2022-10-20 7:02 ` [PATCH 0/2] Granular CAP_SYS_ADMIN Kanchan Joshi
[not found] ` <CGME20221020071343epcas5p3722073ab4822d39d6ca91606869f0379@epcas5p3.samsung.com>
2022-10-20 7:02 ` [PATCH 1/2] nvme: fine-granular CAP_SYS_ADMIN for nvme io commands Kanchan Joshi
[not found] ` <CGME20221020071346epcas5p4c3b8da5e60f94947ad570cbd151eb38d@epcas5p4.samsung.com>
2022-10-20 7:02 ` [PATCH 2/2] nvme: identify-namespace without CAP_SYS_ADMIN Kanchan Joshi
2022-10-31 6:55 ` Chaitanya Kulkarni
2022-10-31 13:47 ` Kanchan Joshi [this message]
2022-11-01 5:20 ` Chaitanya Kulkarni
2022-10-25 19:43 ` [PATCH 0/2] Granular CAP_SYS_ADMIN Jens Axboe
2022-10-25 20:07 ` Keith Busch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221031134759.GA20135@test-zns \
--to=joshi.k@samsung.com \
--cc=axboe@kernel.dk \
--cc=chaitanyak@nvidia.com \
--cc=gost.dev@samsung.com \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.