From: Chaitanya Kulkarni <chaitanyak@nvidia.com>
To: Kanchan Joshi <joshi.k@samsung.com>
Cc: "linux-nvme@lists.infradead.org" <linux-nvme@lists.infradead.org>,
"hch@lst.de" <hch@lst.de>, "axboe@kernel.dk" <axboe@kernel.dk>,
"sagi@grimberg.me" <sagi@grimberg.me>,
"kbusch@kernel.org" <kbusch@kernel.org>,
"gost.dev@samsung.com" <gost.dev@samsung.com>
Subject: Re: [PATCH 2/2] nvme: identify-namespace without CAP_SYS_ADMIN
Date: Mon, 31 Oct 2022 06:55:56 +0000 [thread overview]
Message-ID: <737c7d72-ff5e-1f0e-304c-24bbb23f30a1@nvidia.com> (raw)
In-Reply-To: <20221020070205.57366-3-joshi.k@samsung.com>
On 10/20/22 00:02, Kanchan Joshi wrote:
> Allow all identify-namespace variants (CNS 00h, 05h and 08h) without
> requiring CAP_SYS_ADMIN. The information (retrieved using id-ns) is
> needed to form IO commands for passthrough interface.
>
> Signed-off-by: Kanchan Joshi <joshi.k@samsung.com>
> ---
> drivers/nvme/host/ioctl.c | 14 ++++++++++++--
> 1 file changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c
> index 9c581b1a8956..9273db147872 100644
> --- a/drivers/nvme/host/ioctl.c
> +++ b/drivers/nvme/host/ioctl.c
> @@ -15,9 +15,19 @@ bool nvme_cmd_allowed(struct nvme_ns *ns, struct nvme_command *c, fmode_t mode)
> if (capable(CAP_SYS_ADMIN))
> return true;
>
> - /* admin commands are not allowed */
> - if (!ns)
> + /* policy for admin commands */
above comment is not needed as it is clear from the opcode below
you are dealing with admin commands only that too specific cns
values ..
> + if (!ns) {
> + if (opcode == nvme_admin_identify) {
> + switch (c->identify.cns) {
> + case NVME_ID_CNS_NS:
> + case NVME_ID_CNS_CS_NS:
> + case NVME_ID_CNS_NS_CS_INDEP:
> + return true;
> + }
> + }
> + /* other admin commands are not allowed */
same here..
> return false;
if and swicth and two returns are looking confusing, I'd use
nested switch case default here..
> + }
>
> /* exclude vendor-specific io and fabrics commands */
> if (opcode >= nvme_cmd_vendor_start || opcode == nvme_fabrics_command)
-ck
next prev parent reply other threads:[~2022-10-31 6:56 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20221020071338epcas5p16d72f5d4d868b889e3a98688bc454a98@epcas5p1.samsung.com>
2022-10-20 7:02 ` [PATCH 0/2] Granular CAP_SYS_ADMIN Kanchan Joshi
[not found] ` <CGME20221020071343epcas5p3722073ab4822d39d6ca91606869f0379@epcas5p3.samsung.com>
2022-10-20 7:02 ` [PATCH 1/2] nvme: fine-granular CAP_SYS_ADMIN for nvme io commands Kanchan Joshi
[not found] ` <CGME20221020071346epcas5p4c3b8da5e60f94947ad570cbd151eb38d@epcas5p4.samsung.com>
2022-10-20 7:02 ` [PATCH 2/2] nvme: identify-namespace without CAP_SYS_ADMIN Kanchan Joshi
2022-10-31 6:55 ` Chaitanya Kulkarni [this message]
2022-10-31 13:47 ` Kanchan Joshi
2022-11-01 5:20 ` Chaitanya Kulkarni
2022-10-25 19:43 ` [PATCH 0/2] Granular CAP_SYS_ADMIN Jens Axboe
2022-10-25 20:07 ` Keith Busch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=737c7d72-ff5e-1f0e-304c-24bbb23f30a1@nvidia.com \
--to=chaitanyak@nvidia.com \
--cc=axboe@kernel.dk \
--cc=gost.dev@samsung.com \
--cc=hch@lst.de \
--cc=joshi.k@samsung.com \
--cc=kbusch@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.