On 21-03-25 08:39:40, Niklas Cassel wrote: > On Thu, Mar 25, 2021 at 09:26:47AM +0100, hch@xxxxxx wrote: > > On Thu, Mar 25, 2021 at 11:09:51AM +0900, Minwoo Im wrote: > > > > I was still allowed to write to NSID2: > > > > > > > > sudo nvme zns report-zones -d 1 /dev/nvme0n2 > > > > SLBA: 0x0 WP: 0x1 Cap: 0x3e000 State: IMP_OPENED Type: SEQWRITE_REQ Attrs: 0x0 > > > > > > > > Should this really be allowed? > > > > > > I think this should not be allowed at all. Thanks for the testing! > > > > It should not be allowed, but it seems like a pre-existing problem > > as nvme_user_cmd does not verify the nsid. > > > > > > I was under the impression that Christoph's argument for implementing per > > > > namespace char devices, was that you should be able to do access control. > > > > Doesn't that mean that for the new char devices, we need to reject ioctls > > > > that specify a nvme_passthru_cmd.nsid != the NSID that the char device > > > > represents? > > > > > > > > > > > > Although, this is not really something new, as we already have the same > > > > behavior when it comes ioctls and the block devices. Perhaps we want to > > > > add the same verification there? > > > > > > I think there should be verifications. > > > > Yes. > > Thanks Minwoo, Christoph, > > I'll cook up a patch based on nvme/nvme-5.13. Just FYI: Actually Javier and I am working on this patch of the next version and have plan to post it on this weekend maybe :) Thanks! > > > Kind regards, > Niklas