On 10/13/2023 10:44 AM, Kanchan Joshi wrote:
> User can specify a smaller meta buffer than what the device is
> wired to update/access. Kernel makes a copy of the meta buffer into
> which the device does DMA.
> As a result, the device overwrites the unrelated kernel memory, causing
> random kernel crashes.
>
> Same issue is possible for extended-lba case also. When user specifies a
> short unaligned buffer, the kernel makes a copy and uses that for DMA.
>
> Detect these situations and prevent corruption for unprivileged user
> passthrough. No change to status-quo for privileged/root user.
>
> Fixes: 63263d60e0f9 ("nvme: Use metadata for passthrough commands")
Since change is only for unprivileged user, I should have changed this
'Fixes:' to point to this patch instead:
5b7717f44b1 (nvme: fine-granular CAP_SYS_ADMIN for nvme io commands)
