From: Keith Busch <[email protected]>
To: <[email protected]>, <[email protected]>
Cc: <[email protected]>, <[email protected]>, <[email protected]>,
<[email protected]>, Keith Busch <[email protected]>
Subject: [PATCH 2/2] nvme: use uring_cmd sys_admin flag
Date: Mon, 4 Dec 2023 09:53:42 -0800 [thread overview]
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
From: Keith Busch <[email protected]>
The nvme passthrough interface through io_uring is intended to be fast, so we
should avoid calling capable() every io. Checking other permission first helped
reduce this overhead, but it's still called for many commands.
Use the new uring_cmd sys admin issue_flag to see if we can skip
additional checks. The ioctl path won't be able to use this
optimization, but that wasn't considered a fast path anyway.
Signed-off-by: Keith Busch <[email protected]>
---
drivers/nvme/host/ioctl.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c
index 6c5ae820bc0fc..83c0a1170505c 100644
--- a/drivers/nvme/host/ioctl.c
+++ b/drivers/nvme/host/ioctl.c
@@ -11,6 +11,7 @@
enum {
NVME_IOCTL_VEC = (1 << 0),
NVME_IOCTL_PARTITION = (1 << 1),
+ NVME_IOCTL_SYS_ADMIN = (1 << 2),
};
static bool nvme_cmd_allowed(struct nvme_ns *ns, struct nvme_command *c,
@@ -18,6 +19,9 @@ static bool nvme_cmd_allowed(struct nvme_ns *ns, struct nvme_command *c,
{
u32 effects;
+ if (flags & NVME_IOCTL_SYS_ADMIN)
+ return true;
+
/*
* Do not allow unprivileged passthrough on partitions, as that allows an
* escape from the containment of the partition.
@@ -445,7 +449,7 @@ static int nvme_uring_cmd_io(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
struct request *req;
blk_opf_t rq_flags = REQ_ALLOC_CACHE;
blk_mq_req_flags_t blk_flags = 0;
- int ret;
+ int ret, flags = 0;
c.common.opcode = READ_ONCE(cmd->opcode);
c.common.flags = READ_ONCE(cmd->flags);
@@ -468,7 +472,11 @@ static int nvme_uring_cmd_io(struct nvme_ctrl *ctrl, struct nvme_ns *ns,
c.common.cdw14 = cpu_to_le32(READ_ONCE(cmd->cdw14));
c.common.cdw15 = cpu_to_le32(READ_ONCE(cmd->cdw15));
- if (!nvme_cmd_allowed(ns, &c, 0, ioucmd->file->f_mode & FMODE_WRITE))
+ if (issue_flags & IO_URING_F_SYS_ADMIN)
+ flags |= NVME_IOCTL_SYS_ADMIN;
+
+ if (!nvme_cmd_allowed(ns, &c, flags,
+ ioucmd->file->f_mode & FMODE_WRITE))
return -EACCES;
d.metadata = READ_ONCE(cmd->metadata);
--
2.34.1
next prev parent reply other threads:[~2023-12-04 17:54 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-04 17:53 [PATCH 1/2] iouring: one capable call per iouring instance Keith Busch
2023-12-04 17:53 ` Keith Busch [this message]
2023-12-04 18:05 ` Jens Axboe
2023-12-04 18:45 ` Pavel Begunkov
2023-12-05 16:21 ` Kanchan Joshi
2023-12-06 21:09 ` Keith Busch
2023-12-04 18:15 ` Jens Axboe
2023-12-04 18:40 ` Jeff Moyer
2023-12-04 18:57 ` Keith Busch
2023-12-05 4:14 ` Ming Lei
2023-12-05 4:31 ` Keith Busch
2023-12-05 5:25 ` Ming Lei
2023-12-05 15:45 ` Keith Busch
2023-12-06 3:08 ` Ming Lei
2023-12-06 15:31 ` Keith Busch
2023-12-07 1:23 ` Ming Lei
2023-12-07 17:48 ` Christoph Hellwig
2023-12-04 19:01 ` Jens Axboe
2023-12-04 19:22 ` Jeff Moyer
2023-12-04 19:33 ` Jens Axboe
2023-12-04 19:37 ` Keith Busch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox