On Thu, Oct 19, 2023 at 07:04:11AM +0200, Christoph Hellwig wrote: > On Wed, Oct 18, 2023 at 03:26:20PM -0600, Keith Busch wrote: > > On further consideration and some offline chats, I believe this large > > change is a bit too late for 6.6. I think this should wait for 6.7 (and > > stable), hopefully preserving non-root access in some sane capacity. > > It's backed out now, and current nvme-6.6 PR does not include this > > patch. > > Umm, what are the offlist discussions? We leave an exploitable hole > in, so I don't think waiting any longer is an option. Jens repeated what he told me offline on this thread here, and dropped the pull request that contained this patch: https://lists.infradead.org/pipermail/linux-nvme/2023-October/042684.html BTW, don't you still need someone with root access to change the permissions on the device handle in order for an unpriveledged user to reach this hole? It's not open access by default, you still have to opt-in.
