From: Jens Axboe <axboe@kernel.dk>
To: Kanchan Joshi <joshi.k@samsung.com>,
hch@lst.de, kbusch@kernel.org, sagi@grimberg.me
Cc: linux-nvme@lists.infradead.org, j.granados@samsung.com,
javier.gonz@samsung.com
Subject: Re: [RFC 1/2] nvme: add whitelisting infrastructure
Date: Fri, 9 Sep 2022 10:55:45 -0600 [thread overview]
Message-ID: <47e19485-f321-cd2a-3408-173434b04d01@kernel.dk> (raw)
In-Reply-To: <20220909163307.30150-2-joshi.k@samsung.com>
On 9/9/22 10:33 AM, Kanchan Joshi wrote:
> If CAP_SYS_ADMIN is present, nothing else is checked, as before.
> If CAP_SYS_ADMIN is not present, take the decision based on
> - type of nvme command (io or admin)
> - nature of nvme-command (write or read)
> - mode with which file was opened (read-only, read-write etc.)
>
> io-commands that write/read are allowed only if matching file mode is
> present.
> for admin-commands, few read-only admin command are allowed and that too
> when mode matches.
>
> Signed-off-by: Kanchan Joshi <joshi.k@samsung.com>
> ---
> drivers/nvme/host/ioctl.c | 36 ++++++++++++++++++++++++++++++++++++
> 1 file changed, 36 insertions(+)
>
> diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c
> index 548aca8b5b9f..0d99135a1745 100644
> --- a/drivers/nvme/host/ioctl.c
> +++ b/drivers/nvme/host/ioctl.c
> @@ -20,6 +20,42 @@ static void __user *nvme_to_user_ptr(uintptr_t ptrval)
> return (void __user *)ptrval;
> }
>
> +bool nvme_io_cmd_allowed(u8 opcode, fmode_t mode)
> +{
> + /* allow write/read based on what was allowed for open */
> + /* TBD: try to use nvme_is_write() here */
> + if (opcode & 1)
> + return (mode & FMODE_WRITE);
> + else
> + return (mode & FMODE_READ);
> +}
The read/write distinction doesn't make a lot of sense to me. You've
already been able to open the device at this point. It would only make
sense to limit some things based on FMODE_WRITE imho, not FMODE_READ.
--
Jens Axboe
next prev parent reply other threads:[~2022-09-09 16:55 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20220909164315epcas5p17de296f5c0796ecf92fe3d0e4a020901@epcas5p1.samsung.com>
2022-09-09 16:33 ` [RFC 0/2] nvme command whitelisting Kanchan Joshi
[not found] ` <CGME20220909164318epcas5p15d022bfc15bb4f22dbe4fb424576243d@epcas5p1.samsung.com>
2022-09-09 16:33 ` [RFC 1/2] nvme: add whitelisting infrastructure Kanchan Joshi
2022-09-09 16:55 ` Jens Axboe [this message]
2022-09-10 5:35 ` Christoph Hellwig
2022-09-22 6:44 ` Kanchan Joshi
2022-09-09 16:57 ` Keith Busch
2022-09-10 5:34 ` Christoph Hellwig
2022-09-22 7:17 ` Kanchan Joshi
2022-09-18 16:19 ` Joel Granados
2022-09-26 16:16 ` Keith Busch
2022-10-03 11:54 ` Joel Granados
2022-09-21 10:58 ` Joel Granados
[not found] ` <CGME20220909164322epcas5p392a312c882521eb8148ca8503999dcb6@epcas5p3.samsung.com>
2022-09-09 16:33 ` [RFC 2/2] nvme: CAP_SYS_ADMIN to nvme-whitelisting Kanchan Joshi
2022-09-18 16:49 ` [RFC 0/2] nvme command whitelisting Joel Granados
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47e19485-f321-cd2a-3408-173434b04d01@kernel.dk \
--to=axboe@kernel.dk \
--cc=hch@lst.de \
--cc=j.granados@samsung.com \
--cc=javier.gonz@samsung.com \
--cc=joshi.k@samsung.com \
--cc=kbusch@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).