On 2019-07-25 1:34 p.m., Greg Kroah-Hartman wrote: > On Thu, Jul 25, 2019 at 12:02:30PM -0700, Sagi Grimberg wrote: >> >>>>>> Why do you have a "string" within the kernel and are not using the >>>>>> normal open() call from userspace on the character device node on the >>>>>> filesystem in your namespace/mount/whatever? >>>>> >>>>> NVMe-OF is configured using configfs. The target is specified by the >>>>> user writing a path to a configfs attribute. This is the way it works >>>>> today but with blkdev_get_by_path()[1]. For the passthru code, we need >>>>> to get a nvme_ctrl instead of a block_device, but the principal is the same. >>>> >>>> Why isn't a fd being passed in there instead of a random string? >>> >>> I wouldn't know the answer to this but I assume because once we decided >>> to use configfs, there was no way for the user to pass the kernel an fd. >> >> That's definitely not changing. But this is not different than how we >> use the block device or file configuration, this just happen to need the >> nvme controller chardev now to issue I/O. > > So, as was kind of alluded to in another part of the thread, what are > you doing about permissions? It seems that any user/group permissions > are out the window when you have the kernel itself do the opening of the > char device, right? Why is that ok? You can pass it _any_ character > device node and away it goes? What if you give it a "wrong" one? Char > devices are very different from block devices this way. Well the permission question is no different from the block-device case we already have. The user has to be root to configure a target so it has access to the block/char device. Containers and NVMe-of are really not designed to mix and would take a lot of work to make this make any sense (And that's way out of scope of what I'm trying to do here and doesn't change the need for a the cdev_get_by_path()). If the user specifies a non-nvme char device, it is rejected by the code in nvme_ctrl_get_by_path() when it compares the fops. See patch 4. Logan
