From: Kanchan Joshi <joshi.k@samsung.com>
To: hch@lst.de, axboe@kernel.dk, kbusch@kernel.org, sagi@grimberg.me
Cc: linux-nvme@lists.infradead.org, j.granados@samsung.com,
javier.gonz@samsung.com, Kanchan Joshi <joshi.k@samsung.com>
Subject: [RFC 0/2] nvme command whitelisting
Date: Fri, 9 Sep 2022 22:03:05 +0530 [thread overview]
Message-ID: <20220909163307.30150-1-joshi.k@samsung.com> (raw)
In-Reply-To: CGME20220909164315epcas5p17de296f5c0796ecf92fe3d0e4a020901@epcas5p1.samsung.com
Hi All,
Passthrough has turned much more useful than it used to be. Specifically
it has begun to offer
- Availability: via /dev/ngXnY, for any current/future nvme command-set
- Efficiency: via io_uring driven passthrough
Now that user-space has more reasons to pick this path than before, the
existing CAP_SYS_ADMIN based checks are worth a revisit. Nvme-native
applications requires 'querying' certain information (such as lba-format,
namespace size, log-pages/get-feature etc.) to start doing io on the
device.
Currently both io and admin commands are kept under a
coarse-granular CAP_SYS_ADMIN check, even if device has successfully been
opened with write access. In example below, ng0n1 appears as if it may
allow unprivileged read/write operations but it does not (same as ng0n2).
$ ls -l /dev/ng*
crw-rw-rw- 1 root root 242, 0 Sep 9 19:20 /dev/ng0n1
crw------- 1 root root 242, 1 Sep 9 19:20 /dev/ng0n2
This series attempts a shift from CAP_SYS_ADMIN to fine-granular whitelisting,
similar to what SCSI already has.
Patch 1: contains the whitelisting implementation. Patch-description
outlines the policy.
Patch 2: Changes the sync/async passthrough to employ whitelisting.
Purpose of the RFC is to seek feedback on below two points and path
forward hereon.
- Whitelisting scheme as described in patch 1
- Driver-defined static list (current one) vs dynamic list
(mutable through sysfs or new admin-only ioctl)
Kanchan Joshi (2):
nvme: add whitelisting infrastructure
nvme: CAP_SYS_ADMIN to nvme-whitelisting
drivers/nvme/host/ioctl.c | 106 ++++++++++++++++++++++++++------------
1 file changed, 74 insertions(+), 32 deletions(-)
--
2.25.1
next parent reply other threads:[~2022-09-09 16:43 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20220909164315epcas5p17de296f5c0796ecf92fe3d0e4a020901@epcas5p1.samsung.com>
2022-09-09 16:33 ` Kanchan Joshi [this message]
[not found] ` <CGME20220909164318epcas5p15d022bfc15bb4f22dbe4fb424576243d@epcas5p1.samsung.com>
2022-09-09 16:33 ` [RFC 1/2] nvme: add whitelisting infrastructure Kanchan Joshi
2022-09-09 16:55 ` Jens Axboe
2022-09-10 5:35 ` Christoph Hellwig
2022-09-22 6:44 ` Kanchan Joshi
2022-09-09 16:57 ` Keith Busch
2022-09-10 5:34 ` Christoph Hellwig
2022-09-22 7:17 ` Kanchan Joshi
2022-09-18 16:19 ` Joel Granados
2022-09-26 16:16 ` Keith Busch
2022-10-03 11:54 ` Joel Granados
2022-09-21 10:58 ` Joel Granados
[not found] ` <CGME20220909164322epcas5p392a312c882521eb8148ca8503999dcb6@epcas5p3.samsung.com>
2022-09-09 16:33 ` [RFC 2/2] nvme: CAP_SYS_ADMIN to nvme-whitelisting Kanchan Joshi
2022-09-18 16:49 ` [RFC 0/2] nvme command whitelisting Joel Granados
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220909163307.30150-1-joshi.k@samsung.com \
--to=joshi.k@samsung.com \
--cc=axboe@kernel.dk \
--cc=hch@lst.de \
--cc=j.granados@samsung.com \
--cc=javier.gonz@samsung.com \
--cc=kbusch@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).