Re: [PATCH 1/1] NVMe: Do not take nsid while a passthrough IO command is being issued via a block device file descriptor

From: Keith Busch
Date: Thu Jan 22 2015 - 11:58:45 EST


On Thu, 22 Jan 2015, Christoph Hellwig wrote:
On Thu, Jan 22, 2015 at 03:21:28PM +0000, Keith Busch wrote:
But if you really need to restrict namespace access, shouldn't that be
enforced on the target side with reservations or similar mechanism?

Think for example about containers where we give eah container access
to a single nvme namespace, including container root access. Here you
don't really want container A to be able to submit I/O for another
container. A similar case exists for virtualization where we had
problems with SCSI passthrough from guests.


Okay, that's a great point.

Yan, we should apply this if you can submit a patch for the linux-block
tree.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/