On 21-03-24 12:29:32, Niklas Cassel wrote: > On Mon, Mar 01, 2021 at 08:24:51PM +0100, javier@xxxxxxxxxxx wrote: > > From: Javier González <javier.gonz@xxxxxxxxxxx> > > > > Create a char device per NVMe namespace. This char device is always > > initialized, independently of whether the features implemented by the > > device are supported by the kernel. User-space can therefore always > > issue IOCTLs to the NVMe driver using the char device. > > > > The char device is presented as /dev/nvme-generic-XcYnZ. This naming > > scheme follows the convention of the hidden device (nvmeXcYnZ). Support > > for multipath will follow. > > > > Hello all, > > Looking at the discussion that led up to the current design: > https://lore.kernel.org/linux-block/20201102185851.GA21349@xxxxxx/ > > Keith initially suggested: > > a) Set up the existing controller character device with a generic > disk-less request_queue to the IO queues accepting IO commands to > arbitrary NSIDs. > > However Christoph replied: > > The problem with a) is that it can't be used to give users or groups > access to just one namespaces, so it causes a real access control > nightmare. > > c) Each namespace gets its own character device, period. Thanks for summarizing this up! > However, testing this patch series out: > > crw------- 1 root root 249, 0 Mar 24 11:32 /dev/nvme-generic-0c0n1 > crw------- 1 root root 249, 1 Mar 24 11:32 /dev/nvme-generic-0c0n2 > crw------- 1 root root 250, 0 Mar 24 11:32 /dev/nvme0 > brw-rw---- 1 root disk 259, 1 Mar 24 11:32 /dev/nvme0n2 > > NSID1 has been rejected (because of ZNS ZOC, which kernel does not support). > > However, if I use the new char device for NSID1, but specify NSID2 to nvme-cli: > > sudo nvme write-zeroes -s 0 -c 0 --namespace-id=2 /dev/nvme-generic-0c0n1 > > I was still allowed to write to NSID2: > > sudo nvme zns report-zones -d 1 /dev/nvme0n2 > SLBA: 0x0 WP: 0x1 Cap: 0x3e000 State: IMP_OPENED Type: SEQWRITE_REQ Attrs: 0x0 > > Should this really be allowed? I think this should not be allowed at all. Thanks for the testing! > > I was under the impression that Christoph's argument for implementing per > namespace char devices, was that you should be able to do access control. > Doesn't that mean that for the new char devices, we need to reject ioctls > that specify a nvme_passthru_cmd.nsid != the NSID that the char device > represents? > > > Although, this is not really something new, as we already have the same > behavior when it comes ioctls and the block devices. Perhaps we want to > add the same verification there? I think there should be verifications. > > Regardless if we want to add a verification for block devices or not, > it just seemed to me that the whole argument for introducing new char > devices was to allow access control per namespace, which doesn't seem > to have been taken into account, but perhaps I'm missing something. Any other points that you think it's not been taken account? I think it should map to previous blkdev operations, but with some verfications there. It would be great if you can share any other points supposed to be supported here :) > Kind regards, > Niklas
