linux-block.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Sagi Grimberg <sagi@grimberg.me>
To: Matthew Wilcox <willy@infradead.org>
Cc: linux-block@vger.kernel.org,
	Chaitanya Kulkarni <Chaitanya.Kulkarni@wdc.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	linux-kernel@vger.kernel.org, linux-nvme@lists.infradead.org,
	Stephen Bates <sbates@raithlin.com>, Jens Axboe <axboe@fb.com>,
	linux-fsdevel@vger.kernel.org,
	Alexander Viro <viro@zeniv.linux.org.uk>,
	Keith Busch <kbusch@kernel.org>, Max Gurtovoy <maxg@mellanox.com>,
	Logan Gunthorpe <logang@deltatee.com>,
	Christoph Hellwig <hch@lst.de>
Subject: Re: [PATCH v6 02/16] chardev: introduce cdev_get_by_path()
Date: Thu, 25 Jul 2019 12:31:14 -0700	[thread overview]
Message-ID: <e91094eb-3ce8-b42b-663a-b62d4617fc96@grimberg.me> (raw)
In-Reply-To: <20190725191124.GE30641@bombadil.infradead.org>


>>>>> NVMe-OF is configured using configfs. The target is specified by the
>>>>> user writing a path to a configfs attribute. This is the way it works
>>>>> today but with blkdev_get_by_path()[1]. For the passthru code, we need
>>>>> to get a nvme_ctrl instead of a block_device, but the principal is the same.
>>>>
>>>> Why isn't a fd being passed in there instead of a random string?
>>>
>>> I suppose we could echo a string of the file descriptor number there,
>>> and look up the fd in the process' file descriptor table ...
>>
>> Assuming that there is a open handle somewhere out there...
> 
> Well, that's how we'd know that the application echoing /dev/nvme3 into
> configfs actually has permission to access /dev/nvme3.

Actually, the application is exposing a target device to someone else,
its actually preferable that it doesn't have access to it as its
possibly can create a consistency hole, but that is usually a root
application anyways... We could verify at least that though..

>  Think about
> containers, for example.  It's not exactly safe to mount configfs in a
> non-root container since it can access any NVMe device in the system,
> not just ones which it's been given permission to access.  Right?

I'm seeing this as an equivalent to an application that is binding a
socket to an ip address, and the kernel looks-up according to the net
namespace that the socket has.

I do agree this is an area that was never really thought of. But what
you are describing requires infrastructure around it instead of forcing
the user to pass an fd to validate around it.

  parent reply	other threads:[~2019-07-25 19:31 UTC|newest]

Thread overview: 61+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-25 17:23 [PATCH v6 00/16] nvmet: add target passthru commands support Logan Gunthorpe
2019-07-25 17:23 ` [PATCH v6 01/16] chardev: factor out cdev_lookup() helper Logan Gunthorpe
2019-07-25 17:23 ` [PATCH v6 02/16] chardev: introduce cdev_get_by_path() Logan Gunthorpe
2019-07-25 17:40   ` Greg Kroah-Hartman
2019-07-25 17:53     ` Logan Gunthorpe
2019-07-25 17:58       ` Matthew Wilcox
2019-07-25 18:08         ` Logan Gunthorpe
2019-07-25 18:08       ` Greg Kroah-Hartman
2019-07-25 18:14         ` Logan Gunthorpe
2019-07-25 18:27           ` Greg Kroah-Hartman
2019-07-25 18:36             ` Logan Gunthorpe
2019-07-25 19:02               ` Sagi Grimberg
2019-07-25 19:34                 ` Greg Kroah-Hartman
2019-07-25 19:37                   ` Sagi Grimberg
2019-07-25 19:43                     ` Greg Kroah-Hartman
2019-07-25 19:45                       ` Sagi Grimberg
2019-07-25 19:43                     ` Sagi Grimberg
2019-07-25 19:41                   ` Logan Gunthorpe
2019-07-25 19:00             ` Matthew Wilcox
2019-07-25 19:05               ` Sagi Grimberg
2019-07-25 19:11                 ` Matthew Wilcox
2019-07-25 19:24                   ` Logan Gunthorpe
2019-07-25 19:26                     ` Matthew Wilcox
2019-07-25 19:31                       ` Logan Gunthorpe
2019-07-25 23:55                     ` Al Viro
2019-07-26  4:29                       ` Sagi Grimberg
2019-07-26  7:13                         ` Greg Kroah-Hartman
2019-07-26 15:46                         ` Logan Gunthorpe
2019-07-25 19:31                   ` Sagi Grimberg [this message]
2019-07-25 18:10       ` Greg Kroah-Hartman
2019-07-25 18:16         ` Logan Gunthorpe
2019-07-25 17:23 ` [PATCH v6 03/16] chardev: export cdev_put() Logan Gunthorpe
2019-07-25 17:23 ` [PATCH v6 04/16] nvme-core: introduce nvme_get_by_path() Logan Gunthorpe
2019-07-25 17:50   ` Matthew Wilcox
2019-07-25 17:54     ` Logan Gunthorpe
2019-07-25 19:58       ` Keith Busch
2019-07-25 20:12         ` Sagi Grimberg
2019-07-25 20:28         ` Logan Gunthorpe
2019-07-25 20:31           ` Keith Busch
2019-07-25 20:37             ` Logan Gunthorpe
2019-07-25 17:23 ` [PATCH v6 05/16] nvme-core: export existing ctrl and ns interfaces Logan Gunthorpe
2019-07-25 17:23 ` [PATCH v6 06/16] nvmet: add return value to nvmet_add_async_event() Logan Gunthorpe
2019-07-25 17:23 ` [PATCH v6 07/16] nvmet: make nvmet_copy_ns_identifier() non-static Logan Gunthorpe
2019-07-25 17:23 ` [PATCH v6 08/16] nvmet-passthru: update KConfig with config passthru option Logan Gunthorpe
2019-07-25 17:23 ` [PATCH v6 09/16] nvmet-passthru: add passthru code to process commands Logan Gunthorpe
2019-07-25 17:23 ` [PATCH v6 10/16] nvmet-passthru: add enable/disable helpers Logan Gunthorpe
2019-07-25 17:23 ` [PATCH v6 11/16] nvmet-core: allow one host per passthru-ctrl Logan Gunthorpe
2019-07-25 17:23 ` [PATCH v6 12/16] nvmet-core: don't check the data len for pt-ctrl Logan Gunthorpe
2019-07-25 17:23 ` [PATCH v6 13/16] nvmet-configfs: introduce passthru configfs interface Logan Gunthorpe
2019-07-25 17:23 ` [PATCH v6 14/16] block: don't check blk_rq_is_passthrough() in blk_do_io_stat() Logan Gunthorpe
2019-07-25 17:23 ` [PATCH v6 15/16] block: call blk_account_io_start() in blk_execute_rq_nowait() Logan Gunthorpe
2019-07-25 17:23 ` [PATCH v6 16/16] nvmet-passthru: support block accounting Logan Gunthorpe
2019-07-26  6:23 ` [PATCH v6 00/16] nvmet: add target passthru commands support Hannes Reinecke
2019-07-26 17:07   ` Logan Gunthorpe
2019-07-26 22:21     ` Sagi Grimberg
2019-07-26 22:37       ` Logan Gunthorpe
2019-07-26 23:13         ` Sagi Grimberg
2019-07-27  0:09           ` Logan Gunthorpe
2019-07-27  0:50             ` Stephen  Bates
2019-07-29 16:15               ` Sagi Grimberg
2019-07-29 16:17                 ` Logan Gunthorpe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e91094eb-3ce8-b42b-663a-b62d4617fc96@grimberg.me \
    --to=sagi@grimberg.me \
    --cc=Chaitanya.Kulkarni@wdc.com \
    --cc=axboe@fb.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=hch@lst.de \
    --cc=kbusch@kernel.org \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nvme@lists.infradead.org \
    --cc=logang@deltatee.com \
    --cc=maxg@mellanox.com \
    --cc=sbates@raithlin.com \
    --cc=viro@zeniv.linux.org.uk \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).