Re: [PATCH] nvme: remove unprivileged passthrough support

14 Oct 2023

      On Sat, Oct 14, 2023 at 02:31:08PM +0530, Kanchan Joshi wrote:
...
Passthrough has got a hole that can be exploited to cause kernel memory
corruption. This is about making the device do larger DMA into
short meta/data buffer owned by kernel [1].
As a stopgap measure, disable the support of unprivileged passthrough.
This patch brings back coarse-granular CAP_SYS_ADMIN checks by reverting
following patches:

7d9d7d59d44 ("nvme: replace the fmode_t argument to the nvme ioctl handlers with a simple bool")
313c08c72ee ("nvme: don't allow unprivileged passthrough on partitions")
6f99ac04c46 ("nvme: consult the CSE log page for unprivileged passthrough")
ea43fceea41 ("nvme: allow unprivileged passthrough of Identify Controller")
e4fbcf32c86 ("nvme: identify-namespace without CAP_SYS_ADMIN")
855b7717f44 ("nvme: fine-granular CAP_SYS_ADMIN for nvme io commands")

[1] https://lore.kernel.org/linux-nvme/20231013051458.39987-1-joshi.k@samsung.co...
CC: stable@vger.kernel.org # 6.2
Fixes <855b7717f44b1> ("nvme: fine-granular CAP_SYS_ADMIN for nvme io commands")
Nit, this should be:
Fixes: 855b7717f44b1 ("nvme: fine-granular CAP_SYS_ADMIN for nvme io commands")

2024

2023

2022

2021

2020

2019

2018

2017

Re: [PATCH] nvme: remove unprivileged passthrough support