Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp11236661ybi; Thu, 25 Jul 2019 12:26:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqz/ic5Bi+To1obOoBZBAUwSxeA42WjKyx+PQtFPHiWo3i+wCfkWgYZimre9sWdSlNfrvjkr X-Received: by 2002:aa7:97bb:: with SMTP id d27mr18085247pfq.93.1564082800219; Thu, 25 Jul 2019 12:26:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564082800; cv=none; d=google.com; s=arc-20160816; b=BjLru53o8l5u8l1fIUjyHcnUzRYM6cLC/EOCjsVtK8jwhdqBrnLDbivNMRbcsnevCH Z/TSaLFq3zgBDk0+NyuTaGaOuBbgl97ETsW/qhcWHx8MWQDPgfAhnhj3sCTFGr8Hx+LP UeCIejdJfzg577q68eaRsf+GoTbdbZ+Qk7CJuPxpFsHC4rbRzqVGpwNvUbUdMCHqqe5L /8qZLIpKksQ8dawT2xUWMiKEf0Rz6mrSN7P/lkup25b/YncyndbXPpaGtrIXOthrW/t0 bS4buoeczcw6JylRQX0bGXiv7/uS6tU/YQ8xm1fZaMS2TxN05y6Am3UE7iRkjW5CCIK5 6dzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:subject:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to; bh=HC69+XDbnH7buUiVSqwRI4Nuduf3OWXMSyBg+imGX74=; b=sUEyD1PadR95ifSJf3UKviEVmxq0UDuiUILk6iAo+Jua7gSozY2PH5C5KuO8ZfNrB3 Baw0zlx9/+caKJeruZPLZ4q/Mk/iK40+qPCB7Zu/wQF86FJKLz11T2+j8OcbURKim0QS oPg0Nhy5khUEyyX0/xQVxLNW5bGV63D8YG3RmtHzoFTgzWu7Zdl3z6kWz726Bzx5Y2T5 wjYOAE4KvrjKXX5m8lTPDIFQMSn7ONYc6+F5iLx54uC/dulqoCRI7WmzAL127TniX/yp kMv59X2I9J6PkjBf+Zw45gBqfFJzNK3caeuKolzXFbmrFy5KEzm9zG1OqDrgLmk4vzoi cRPg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 61si19251637plb.270.2019.07.25.12.26.25; Thu, 25 Jul 2019 12:26:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726688AbfGYTYg (ORCPT + 99 others); Thu, 25 Jul 2019 15:24:36 -0400 Received: from ale.deltatee.com ([207.54.116.67]:42362 "EHLO ale.deltatee.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726604AbfGYTYf (ORCPT ); Thu, 25 Jul 2019 15:24:35 -0400 Received: from s01061831bf6ec98c.cg.shawcable.net ([68.147.80.180] helo=[192.168.6.132]) by ale.deltatee.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1hqjLk-0003sJ-99; Thu, 25 Jul 2019 13:24:25 -0600 To: Matthew Wilcox , Sagi Grimberg Cc: Greg Kroah-Hartman , Jens Axboe , Chaitanya Kulkarni , linux-kernel@vger.kernel.org, linux-nvme@lists.infradead.org, Stephen Bates , linux-block@vger.kernel.org, Keith Busch , Alexander Viro , linux-fsdevel@vger.kernel.org, Max Gurtovoy , Christoph Hellwig References: <20190725172335.6825-1-logang@deltatee.com> <20190725172335.6825-3-logang@deltatee.com> <20190725174032.GA27818@kroah.com> <682ff89f-04e0-7a94-5aeb-895ac65ee7c9@deltatee.com> <20190725180816.GA32305@kroah.com> <20190725182701.GA11547@kroah.com> <20190725190024.GD30641@bombadil.infradead.org> <27943e06-a503-162e-356b-abb9e106ab2e@grimberg.me> <20190725191124.GE30641@bombadil.infradead.org> From: Logan Gunthorpe Message-ID: <425dd2ac-333d-a8c4-ce49-870c8dadf436@deltatee.com> Date: Thu, 25 Jul 2019 13:24:22 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <20190725191124.GE30641@bombadil.infradead.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-SA-Exim-Connect-IP: 68.147.80.180 X-SA-Exim-Rcpt-To: hch@lst.de, maxg@mellanox.com, linux-fsdevel@vger.kernel.org, viro@zeniv.linux.org.uk, kbusch@kernel.org, linux-block@vger.kernel.org, sbates@raithlin.com, linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org, Chaitanya.Kulkarni@wdc.com, axboe@fb.com, gregkh@linuxfoundation.org, sagi@grimberg.me, willy@infradead.org X-SA-Exim-Mail-From: logang@deltatee.com X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ale.deltatee.com X-Spam-Level: X-Spam-Status: No, score=-8.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, GREYLIST_ISWHITE autolearn=ham autolearn_force=no version=3.4.2 Subject: Re: [PATCH v6 02/16] chardev: introduce cdev_get_by_path() X-SA-Exim-Version: 4.2.1 (built Tue, 02 Aug 2016 21:08:31 +0000) X-SA-Exim-Scanned: Yes (on ale.deltatee.com) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019-07-25 1:11 p.m., Matthew Wilcox wrote: > On Thu, Jul 25, 2019 at 12:05:29PM -0700, Sagi Grimberg wrote: >> >>>>> NVMe-OF is configured using configfs. The target is specified by the >>>>> user writing a path to a configfs attribute. This is the way it works >>>>> today but with blkdev_get_by_path()[1]. For the passthru code, we need >>>>> to get a nvme_ctrl instead of a block_device, but the principal is the same. >>>> >>>> Why isn't a fd being passed in there instead of a random string? >>> >>> I suppose we could echo a string of the file descriptor number there, >>> and look up the fd in the process' file descriptor table ... >> >> Assuming that there is a open handle somewhere out there... Yes, that would be a step backwards from an interface. The user would then need a special process to open the fd and pass it through configfs. They couldn't just do it with basic bash commands. > Well, that's how we'd know that the application echoing /dev/nvme3 into > configfs actually has permission to access /dev/nvme3. It's the kernel that's accessing the device so it has permission. root permission is required to configure the kernel. > Think about > containers, for example. It's not exactly safe to mount configfs in a > non-root container since it can access any NVMe device in the system, > not just ones which it's been given permission to access. Right? I don't think it really makes any sense to talk about NVMe-of and containers. Though, if we did it would be solely on the configuration interface so that users inside a container might be able to configure a new target for resources they can see and they'd have to have their own view into configfs.... Logan