* [PATCH] nvme: look up proper namespace in NVME_IOCTL_IO_CMD
@ 2019-09-28 2:15 Minwoo Im
2019-09-29 17:36 ` Keith Busch
0 siblings, 1 reply; 4+ messages in thread
From: Minwoo Im @ 2019-09-28 2:15 UTC (permalink / raw)
To: Keith Busch, Jens Axboe, Christoph Hellwig, Sagi Grimberg
Cc: Minwoo Im, linux-nvme
NVME_IOCTL_IO_CMD is deprecated because IO request for a chardev is
unsafe. But in case userspace gives nsid, kernel should at least look
up the proper namespace instance instead getting the first entry and
checking whether if it's the last one.
Signed-off-by: Minwoo Im <minwoo.im.dev@gmail.com>
---
drivers/nvme/host/core.c | 29 ++++++++---------------------
1 file changed, 8 insertions(+), 21 deletions(-)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index fd7dea36c3b6..5bb29c932d31 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -93,6 +93,8 @@ static int nvme_revalidate_disk(struct gendisk *disk);
static void nvme_put_subsystem(struct nvme_subsystem *subsys);
static void nvme_remove_invalid_namespaces(struct nvme_ctrl *ctrl,
unsigned nsid);
+static struct nvme_ns *nvme_find_get_ns(struct nvme_ctrl *ctrl,
+ unsigned int nsid);
static void nvme_set_queue_dying(struct nvme_ns *ns)
{
@@ -2888,33 +2890,18 @@ static int nvme_dev_user_cmd(struct nvme_ctrl *ctrl, void __user *argp)
{
struct nvme_ns *ns;
int ret;
+ struct nvme_passthru_cmd cmd;
- down_read(&ctrl->namespaces_rwsem);
- if (list_empty(&ctrl->namespaces)) {
- ret = -ENOTTY;
- goto out_unlock;
- }
-
- ns = list_first_entry(&ctrl->namespaces, struct nvme_ns, list);
- if (ns != list_last_entry(&ctrl->namespaces, struct nvme_ns, list)) {
- dev_warn(ctrl->device,
- "NVME_IOCTL_IO_CMD not supported when multiple namespaces present!\n");
- ret = -EINVAL;
- goto out_unlock;
- }
+ if (copy_from_user(&cmd, argp, sizeof(cmd)))
+ return -EFAULT;
- dev_warn(ctrl->device,
- "using deprecated NVME_IOCTL_IO_CMD ioctl on the char device!\n");
- kref_get(&ns->kref);
- up_read(&ctrl->namespaces_rwsem);
+ ns = nvme_find_get_ns(ctrl, cmd.nsid);
+ if (!ns)
+ return -ENOTTY;
ret = nvme_user_cmd(ctrl, ns, argp);
nvme_put_ns(ns);
return ret;
-
-out_unlock:
- up_read(&ctrl->namespaces_rwsem);
- return ret;
}
static long nvme_dev_ioctl(struct file *file, unsigned int cmd,
--
2.17.1
_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] nvme: look up proper namespace in NVME_IOCTL_IO_CMD
2019-09-28 2:15 [PATCH] nvme: look up proper namespace in NVME_IOCTL_IO_CMD Minwoo Im
@ 2019-09-29 17:36 ` Keith Busch
2019-09-29 19:18 ` Christoph Hellwig
[not found] ` <CGME20190929191846epcas5p10576f659553b0a1f189dcdf0cefb5c97@epcms2p3>
0 siblings, 2 replies; 4+ messages in thread
From: Keith Busch @ 2019-09-29 17:36 UTC (permalink / raw)
To: Minwoo Im; +Cc: Jens Axboe, Christoph Hellwig, linux-nvme, Sagi Grimberg
On Sat, Sep 28, 2019 at 11:15:00AM +0900, Minwoo Im wrote:
> NVME_IOCTL_IO_CMD is deprecated because IO request for a chardev is
> unsafe. But in case userspace gives nsid, kernel should at least look
> up the proper namespace instance instead getting the first entry and
> checking whether if it's the last one.
This pretty much defeats the purpose of discouraging using this interface, and
possibly opens security issues if someone can issue IO to a device they
shouldn't be able to access.
_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] nvme: look up proper namespace in NVME_IOCTL_IO_CMD
2019-09-29 17:36 ` Keith Busch
@ 2019-09-29 19:18 ` Christoph Hellwig
[not found] ` <CGME20190929191846epcas5p10576f659553b0a1f189dcdf0cefb5c97@epcms2p3>
1 sibling, 0 replies; 4+ messages in thread
From: Christoph Hellwig @ 2019-09-29 19:18 UTC (permalink / raw)
To: Keith Busch
Cc: Jens Axboe, Minwoo Im, Christoph Hellwig, linux-nvme, Sagi Grimberg
On Sun, Sep 29, 2019 at 11:36:54AM -0600, Keith Busch wrote:
> On Sat, Sep 28, 2019 at 11:15:00AM +0900, Minwoo Im wrote:
> > NVME_IOCTL_IO_CMD is deprecated because IO request for a chardev is
> > unsafe. But in case userspace gives nsid, kernel should at least look
> > up the proper namespace instance instead getting the first entry and
> > checking whether if it's the last one.
>
> This pretty much defeats the purpose of discouraging using this interface, and
> possibly opens security issues if someone can issue IO to a device they
> shouldn't be able to access.
It also breaks any old user relying on the fact that the nsid is
ignored.
_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] nvme: look up proper namespace in NVME_IOCTL_IO_CMD
[not found] ` <CGME20190929191846epcas5p10576f659553b0a1f189dcdf0cefb5c97@epcms2p3>
@ 2019-10-06 2:58 ` Minwoo Im
0 siblings, 0 replies; 4+ messages in thread
From: Minwoo Im @ 2019-10-06 2:58 UTC (permalink / raw)
To: Keith Busch, Minwoo Im, Christoph Hellwig
Cc: Jens Axboe, Sagi Grimberg, linux-nvme, Minwoo Im
> > > NVME_IOCTL_IO_CMD is deprecated because IO request for a chardev is
> > > unsafe. But in case userspace gives nsid, kernel should at least look
> > > up the proper namespace instance instead getting the first entry and
> > > checking whether if it's the last one.
> >
> > This pretty much defeats the purpose of discouraging using this interface,
> and
> > possibly opens security issues if someone can issue IO to a device they
> > shouldn't be able to access.
>
> It also breaks any old user relying on the fact that the nsid is
> ignored.
Oh Yes, It breaks the purpose for the deprecation. Will not try to use I/O
Weith chardev with nsid specified which can give improper nsid from the
userspace
Thanks, Keith and Christoph
_______________________________________________
Linux-nvme mailing list
Linux-nvme@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-nvme
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-10-06 2:58 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-28 2:15 [PATCH] nvme: look up proper namespace in NVME_IOCTL_IO_CMD Minwoo Im
2019-09-29 17:36 ` Keith Busch
2019-09-29 19:18 ` Christoph Hellwig
[not found] ` <CGME20190929191846epcas5p10576f659553b0a1f189dcdf0cefb5c97@epcms2p3>
2019-10-06 2:58 ` Minwoo Im
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).