On Thu, Jul 25, 2019 at 12:05:29PM -0700, Sagi Grimberg wrote: > > > > > NVMe-OF is configured using configfs. The target is specified by the > > > > user writing a path to a configfs attribute. This is the way it works > > > > today but with blkdev_get_by_path()[1]. For the passthru code, we need > > > > to get a nvme_ctrl instead of a block_device, but the principal is the same. > > > > > > Why isn't a fd being passed in there instead of a random string? > > > > I suppose we could echo a string of the file descriptor number there, > > and look up the fd in the process' file descriptor table ... > > Assuming that there is a open handle somewhere out there... Well, that's how we'd know that the application echoing /dev/nvme3 into configfs actually has permission to access /dev/nvme3. Think about containers, for example. It's not exactly safe to mount configfs in a non-root container since it can access any NVMe device in the system, not just ones which it's been given permission to access. Right?
