On Fri, Oct 13, 2023 at 08:41:54PM +0530, Kanchan Joshi wrote: > It seems we will have two limitations with this approach - (i) sgl for > the external metadata buffer, and (ii) using sgl for data-transfer will > reduce the speed of passthrough io, perhaps more than what can happen > using the checks. And if we make the sgl opt-in, that means leaving the > hole for the case when this was not chosen. The main limitation is that the device needs to support SGLs, and we need to as well (we currently don't for metadata). But for any non-stupid workload SGLs should be at least as fast if not faster with modern hardware. But I see no way out. Now can we please get a patch to disable the unprivileged passthrough ASAP to fix this probably exploitable hole? Or should I write one?
