On Fri, Oct 13, 2023 at 9:17 PM Christoph Hellwig <hch@xxxxxx> wrote: > The main limitation is that the device needs to support SGLs, and > we need to as well (we currently don't for metadata). But for any > non-stupid workload SGLs should be at least as fast if not faster > with modern hardware. But I see no way out. You may agree that it's a hardware-assisted way out. It is offloading the checks to a SGL-capable device. I wrote some quick code in that direction but could not readily get my hands on a device that exposes metadata-with-sgl capability. That reminded me that we are limiting unprivileged-passthrough to a niche set of devices/users. That is the opposite of what the feature was for. OTOH, this patch implemented a software-only way out. There are some checks, but someone (either SW or HW) has to do those to keep things right. The patch ensures the regular user cannot exploit the hole and that the root user continues to work as before (Keith's concern). So, I really wonder why we don't want to go for the way that solves it generically.
