]> git.proxmox.com Git - mirror_ubuntu-kernels.git/commit
nvme: don't allow unprivileged passthrough on partitions
authorChristoph Hellwig <hch@lst.de>
Sun, 8 Jan 2023 06:56:54 +0000 (07:56 +0100)
committerChristoph Hellwig <hch@lst.de>
Tue, 10 Jan 2023 07:15:57 +0000 (08:15 +0100)
commit313c08c72ee7f87c54e34baec5cc4f4005e8800d
tree6235c0f563f6039d02bf548fee681dc250af776e
parent7b7fdb8e2dbc15ad4e81a328f1c60d1691c6d6be
nvme: don't allow unprivileged passthrough on partitions

Passthrough commands can always access the entire device, and thus
submitting them on partitions is an privelege escalation.

In hindsight we should have never allowed any passthrough commands on
partitions, but it's probably too late to change that decision now.

Fixes: e4fbcf32c860 ("nvme: identify-namespace without CAP_SYS_ADMIN")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Kanchan Joshi <joshi.k@samsung.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
drivers/nvme/host/ioctl.c