Re: [PATCH 1/1] NVMe: Do not take nsid while a passthrough IO command is being issued via a block device file descriptor

From: Christoph Hellwig
Date: Thu Jan 22 2015 - 10:49:41 EST


On Thu, Jan 22, 2015 at 03:21:28PM +0000, Keith Busch wrote:
> The case I considered was the "hidden" attribute in the NVMe LBA Range
> Type feature. It only indicates the storage should be hidden from the OS
> for general use, but the host may still use it for special purposes. In
> truth, the driver doesn't handle the hidden attribute very well and it
> doesn't seem like a well thought out feature in the spec anyway.

At least for Linux we should simply ignore that attribute.

> But if you really need to restrict namespace access, shouldn't that be
> enforced on the target side with reservations or similar mechanism?

Think for example about containers where we give eah container access
to a single nvme namespace, including container root access. Here you
don't really want container A to be able to submit I/O for another
container. A similar case exists for virtualization where we had
problems with SCSI passthrough from guests.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/