nvme: consult the CSE log page for unprivileged passthrough

Commands like Write Zeros can change the contents of a namespaces without actually transferring data. To protect against this, check the Commands Supported and Effects log is supported by the controller for any unprivileg command passthrough and refuse unprivileged passthrough if the command has any effects that can change data or metadata. Note: While the Commands Support and Effects log page has only been mandatory since NVMe 2.0, it is widely supported because Windows requires it for any command passthrough from userspace. Fixes: e4fbcf32c860 ("nvme: identify-namespace without CAP_SYS_ADMIN") Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Keith Busch <kbusch@kernel.org> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Reviewed-by: Kanchan Joshi <joshi.k@samsung.com>
author: Christoph Hellwig <hch@lst.de> 2022-12-13 18:13:38 +0300
committer: Christoph Hellwig <hch@lst.de> 2022-12-28 19:26:31 +0300
commit: 6f99ac04c469b5d0a180a4ccea99d25d5dc9d21c (patch)
tree: c1f058709af3082050c3219bfd1d06ba686d11ac /include/linux/nvme.h
parent: 831ed60c2aca2d7c517b2da22897a90224a97d27 (diff)
download: linux-6f99ac04c469b5d0a180a4ccea99d25d5dc9d21c.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/nvme.h b/include/linux/nvme.h
index d1cd53f2b6ab..4fad4aa245fb 100644
--- a/include/linux/nvme.h
+++ b/include/linux/nvme.h
@@ -642,6 +642,7 @@ enum {
 	NVME_CMD_EFFECTS_CCC		= 1 << 4,
 	NVME_CMD_EFFECTS_CSE_MASK	= GENMASK(18, 16),
 	NVME_CMD_EFFECTS_UUID_SEL	= 1 << 19,
+	NVME_CMD_EFFECTS_SCOPE_MASK	= GENMASK(31, 20),
 };
 
 struct nvme_effects_log {
author	Christoph Hellwig <hch@lst.de>	2022-12-13 18:13:38 +0300
committer	Christoph Hellwig <hch@lst.de>	2022-12-28 19:26:31 +0300
commit	6f99ac04c469b5d0a180a4ccea99d25d5dc9d21c (patch)
tree	c1f058709af3082050c3219bfd1d06ba686d11ac /include/linux/nvme.h
parent	831ed60c2aca2d7c517b2da22897a90224a97d27 (diff)
download	linux-6f99ac04c469b5d0a180a4ccea99d25d5dc9d21c.tar.xz