[PATCH] nvme: look up proper namespace in NVME_IOCTL_IO_CMD

[PATCH] nvme: look up proper namespace in NVME_IOCTL_IO_CMD

[Minwoo Im]

NVME_IOCTL_IO_CMD is deprecated because IO request for a chardev is
unsafe.  But in case userspace gives nsid, kernel should at least look
up the proper namespace instance instead getting the first entry and
checking whether if it's the last one.

Signed-off-by: Minwoo Im <minwoo.im.dev@gmail.com>
---
 drivers/nvme/host/core.c | 29 ++++++++---------------------
 1 file changed, 8 insertions(+), 21 deletions(-)

diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index fd7dea36c3b6..5bb29c932d31 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -93,6 +93,8 @@ static int nvme_revalidate_disk(struct gendisk *disk);
 static void nvme_put_subsystem(struct nvme_subsystem *subsys);
 static void nvme_remove_invalid_namespaces(struct nvme_ctrl *ctrl,
 					   unsigned nsid);
+static struct nvme_ns *nvme_find_get_ns(struct nvme_ctrl *ctrl,
+					unsigned int nsid);
 
 static void nvme_set_queue_dying(struct nvme_ns *ns)
 {
@@ -2888,33 +2890,18 @@ static int nvme_dev_user_cmd(struct nvme_ctrl *ctrl, void __user *argp)
 {
 	struct nvme_ns *ns;
 	int ret;
+	struct nvme_passthru_cmd cmd;
 
-	down_read(&ctrl->namespaces_rwsem);
-	if (list_empty(&ctrl->namespaces)) {
-		ret = -ENOTTY;
-		goto out_unlock;
-	}
-
-	ns = list_first_entry(&ctrl->namespaces, struct nvme_ns, list);
-	if (ns != list_last_entry(&ctrl->namespaces, struct nvme_ns, list)) {
-		dev_warn(ctrl->device,
-			"NVME_IOCTL_IO_CMD not supported when multiple namespaces present!\n");
-		ret = -EINVAL;
-		goto out_unlock;
-	}
+	if (copy_from_user(&cmd, argp, sizeof(cmd)))
+		return -EFAULT;
 
-	dev_warn(ctrl->device,
-		"using deprecated NVME_IOCTL_IO_CMD ioctl on the char device!\n");
-	kref_get(&ns->kref);
-	up_read(&ctrl->namespaces_rwsem);
+	ns = nvme_find_get_ns(ctrl, cmd.nsid);
+	if (!ns)
+		return -ENOTTY;
 
 	ret = nvme_user_cmd(ctrl, ns, argp);
 	nvme_put_ns(ns);
 	return ret;
-
-out_unlock:
-	up_read(&ctrl->namespaces_rwsem);
-	return ret;
 }
 
 static long nvme_dev_ioctl(struct file *file, unsigned int cmd,
-- 
2.17.1


_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme

Re: [PATCH] nvme: look up proper namespace in NVME_IOCTL_IO_CMD

[Keith Busch]

On Sat, Sep 28, 2019 at 11:15:00AM +0900, Minwoo Im wrote:
> NVME_IOCTL_IO_CMD is deprecated because IO request for a chardev is
> unsafe.  But in case userspace gives nsid, kernel should at least look
> up the proper namespace instance instead getting the first entry and
> checking whether if it's the last one.

This pretty much defeats the purpose of discouraging using this interface, and
possibly opens security issues if someone can issue IO to a device they
shouldn't be able to access.

_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme

Re: [PATCH] nvme: look up proper namespace in NVME_IOCTL_IO_CMD

[Christoph Hellwig]

On Sun, Sep 29, 2019 at 11:36:54AM -0600, Keith Busch wrote:
> On Sat, Sep 28, 2019 at 11:15:00AM +0900, Minwoo Im wrote:
> > NVME_IOCTL_IO_CMD is deprecated because IO request for a chardev is
> > unsafe.  But in case userspace gives nsid, kernel should at least look
> > up the proper namespace instance instead getting the first entry and
> > checking whether if it's the last one.
> 
> This pretty much defeats the purpose of discouraging using this interface, and
> possibly opens security issues if someone can issue IO to a device they
> shouldn't be able to access.

It also breaks any old user relying on the fact that the nsid is
ignored.

_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme

Re: [PATCH] nvme: look up proper namespace in NVME_IOCTL_IO_CMD

[Minwoo Im]

> > > NVME_IOCTL_IO_CMD is deprecated because IO request for a chardev is
> > > unsafe.  But in case userspace gives nsid, kernel should at least look
> > > up the proper namespace instance instead getting the first entry and
> > > checking whether if it's the last one.
> >
> > This pretty much defeats the purpose of discouraging using this interface,
> and
> > possibly opens security issues if someone can issue IO to a device they
> > shouldn't be able to access.
> 
> It also breaks any old user relying on the fact that the nsid is
> ignored.

Oh Yes, It breaks the purpose for the deprecation. Will not try to use I/O
Weith chardev with nsid specified which can give improper nsid  from the
userspace


Thanks, Keith and Christoph

_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme