From: Niklas Cassel <[email protected]>
When a passthru command targets a specific namespace, the ns parameter to
nvme_user_cmd()/nvme_user_cmd64() is set. However, there is currently no
validation that the nsid specified in the passthru command targets the
namespace/nsid represented by the block device that the ioctl was
performed on.
Add a check that validates that the nsid in the passthru command matches
that of the supplied namespace.
Signed-off-by: Niklas Cassel <[email protected]>
---
Changes since v1:
-Added error print.
drivers/nvme/host/core.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
index f13eb4ded95f..a50352ea3f7b 100644
--- a/drivers/nvme/host/core.c
+++ b/drivers/nvme/host/core.c
@@ -1599,6 +1599,12 @@ static int nvme_user_cmd(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
return -EFAULT;
if (cmd.flags)
return -EINVAL;
+ if (ns && cmd.nsid != ns->head->ns_id) {
+ dev_err(ctrl->device,
+ "%s: nsid (%u) in cmd does not match nsid (%u) of namespace\n",
+ current->comm, cmd.nsid, ns->head->ns_id);
+ return -EINVAL;
+ }
memset(&c, 0, sizeof(c));
c.common.opcode = cmd.opcode;
@@ -1643,6 +1649,12 @@ static int nvme_user_cmd64(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
return -EFAULT;
if (cmd.flags)
return -EINVAL;
+ if (ns && cmd.nsid != ns->head->ns_id) {
+ dev_err(ctrl->device,
+ "%s: nsid (%u) in cmd does not match nsid (%u) of namespace\n",
+ current->comm, cmd.nsid, ns->head->ns_id);
+ return -EINVAL;
+ }
memset(&c, 0, sizeof(c));
c.common.opcode = cmd.opcode;
--
2.30.2
Reviewed-by: Sagi Grimberg <[email protected]>
On 26.03.2021 19:48, Niklas Cassel wrote:
>From: Niklas Cassel <[email protected]>
>
>When a passthru command targets a specific namespace, the ns parameter to
>nvme_user_cmd()/nvme_user_cmd64() is set. However, there is currently no
>validation that the nsid specified in the passthru command targets the
>namespace/nsid represented by the block device that the ioctl was
>performed on.
>
>Add a check that validates that the nsid in the passthru command matches
>that of the supplied namespace.
>
>Signed-off-by: Niklas Cassel <[email protected]>
>---
>Changes since v1:
>-Added error print.
>
> drivers/nvme/host/core.c | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
>diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
>index f13eb4ded95f..a50352ea3f7b 100644
>--- a/drivers/nvme/host/core.c
>+++ b/drivers/nvme/host/core.c
>@@ -1599,6 +1599,12 @@ static int nvme_user_cmd(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
> return -EFAULT;
> if (cmd.flags)
> return -EINVAL;
>+ if (ns && cmd.nsid != ns->head->ns_id) {
>+ dev_err(ctrl->device,
>+ "%s: nsid (%u) in cmd does not match nsid (%u) of namespace\n",
>+ current->comm, cmd.nsid, ns->head->ns_id);
>+ return -EINVAL;
>+ }
>
> memset(&c, 0, sizeof(c));
> c.common.opcode = cmd.opcode;
>@@ -1643,6 +1649,12 @@ static int nvme_user_cmd64(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
> return -EFAULT;
> if (cmd.flags)
> return -EINVAL;
>+ if (ns && cmd.nsid != ns->head->ns_id) {
>+ dev_err(ctrl->device,
>+ "%s: nsid (%u) in cmd does not match nsid (%u) of namespace\n",
>+ current->comm, cmd.nsid, ns->head->ns_id);
>+ return -EINVAL;
>+ }
>
> memset(&c, 0, sizeof(c));
> c.common.opcode = cmd.opcode;
>--
>2.30.2
Looks good to me
Reviewed-by: Javier González <[email protected]>
On Fri, Mar 26, 2021 at 07:48:00PM +0000, Niklas Cassel wrote:
> From: Niklas Cassel <[email protected]>
>
> When a passthru command targets a specific namespace, the ns parameter to
> nvme_user_cmd()/nvme_user_cmd64() is set. However, there is currently no
> validation that the nsid specified in the passthru command targets the
> namespace/nsid represented by the block device that the ioctl was
> performed on.
>
> Add a check that validates that the nsid in the passthru command matches
> that of the supplied namespace.
git-am doesn't seem to like this patch:
pplying: nvme: disallow passthru cmd from targeting a nsid != nsid of the block
dev
error: invalid mode on line 2: 100644<br>
--- a/drivers/nvme/host/core.c<br>
+++ b/drivers/nvme/host/core.c<br>
@@ -1599,6 +1599,12 @@ static int nvme_user_cmd(struct nvme_ctrl *ctrl, struct
nvme_ns *ns,<br>
? ? ? ? ? ? ? ? return -EFAULT;<br>
? ? ? ? if (cmd.flags)<br>
? ? ? ? ? ? ? ? return -EINVAL;<br>
+? ? ? ?if (ns && cmd.nsid != ns->head->ns_id) {<br>
+? ? ? ? ? ? ? ?dev_err(ctrl->device,<br>
+? ? ? ? ? ? ? ? ? ? ? ?"%s: nsid (%u) in cmd does not match nsid (%u) of
namespace\n",<br>
+? ? ? ? ? ? ? ? ? ? ? ?current->comm, cmd.nsid, ns->head->ns_id);<br>
+? ? ? ? ? ? ? ?return -EINVAL;<br>
+? ? ? ?}<br>
<br>
? ? ? ? memset(&c, 0, sizeof(c));<br>
? ? ? ? c.common.opcode = cmd.opcode;<br>
@@ -1643,6 +1649,12 @@ static int nvme_user_cmd64(struct nvme_ctrl *ctrl,
struct nvme_ns *ns,<br>
? ? ? ? ? ? ? ? return -EFAULT;<br>
? ? ? ? if (cmd.flags)<br>
? ? ? ? ? ? ? ? return -EINVAL;<br>
+? ? ? ?if (ns && cmd.nsid != ns->head->ns_id) {<br>
+? ? ? ? ? ? ? ?dev_err(ctrl->device,<br>
+? ? ? ? ? ? ? ? ? ? ? ?"%s: nsid (%u) in cmd does not match nsid (%u) of
namespace\n",<br>
+? ? ? ? ? ? ? ? ? ? ? ?current->comm, cmd.nsid, ns->head->ns_id);<br>
+? ? ? ? ? ? ? ?return -EINVAL;<br>
+? ? ? ?}<br>
<br>
? ? ? ? memset(&c, 0, sizeof(c));<br>
? ? ? ? c.common.opcode = cmd.opcode;<br></blockquote></div></div><div
dir="auto"><br style="font-family:sans-serif;font-size:12.8px"><span
style="font-family:sans-serif;font-size:12.8px">Looks good.</span></div><div
dir="auto"><span style="font-family:sans-serif;font-size:12.8px">Reviewed-by:
Kanchan Joshi <joshi.k</span><a href="mailto:[email protected]"
style="text-decoration-line:none;color:rgb(66,133,244);font-family:sans-serif;font-size:12.8px">@samsung.com</a><span
style="font-family:sans-serif;font-size:12.8px">></span><br></div><div
dir="auto"><br></div><div dir="auto"><div class="gmail_quote"><blockquote
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc
solid;padding-left:1ex"></blockquote></div></div></div>