nvme-pci: use sgls for all user requests if possible

keithbusch · keithbusch · commit 6fad84a4d624 · 2024-11-18T09:27:47.000-08:00
If the device supports SGLs, use these for all user requests. This format encodes the expected transfer length so it can catch short buffer errors in a user command, whether it occurred accidently or maliciously. For controllers that support SGL data mode, this is a viable mitigation to CVE-2023-6238. For controllers that don't support SGLs, log a warning in the passthrough path since not having the capability can corrupt data if the interface is not used correctly. Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Keith Busch <kbusch@kernel.org>
diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c
@@ -120,12 +120,20 @@ static int nvme_map_user_request(struct request *req, u64 ubuffer,
 	struct nvme_ns *ns = q->queuedata;
 	struct block_device *bdev = ns ? ns->disk->part0 : NULL;
 	bool supports_metadata = bdev && blk_get_integrity(bdev->bd_disk);
+	struct nvme_ctrl *ctrl = nvme_req(req)->ctrl;
 	bool has_metadata = meta_buffer && meta_len;
 	struct bio *bio = NULL;
 	int ret;
 
-	if (has_metadata && !supports_metadata)
-		return -EINVAL;
+	if (!nvme_ctrl_sgl_supported(ctrl))
+		dev_warn_once(ctrl->device, "using unchecked data buffer\n");
+	if (has_metadata) {
+		if (!supports_metadata)
+			return -EINVAL;
+		if (!nvme_ctrl_meta_sgl_supported(ctrl))
+			dev_warn_once(ctrl->device,
+				      "using unchecked metadata buffer\n");
+	}
 
 	if (ioucmd && (ioucmd->flags & IORING_URING_CMD_FIXED)) {
 		struct iov_iter iter;
diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
@@ -515,7 +515,8 @@ static inline bool nvme_pci_metadata_use_sgls(struct nvme_dev *dev,
 {
 	if (!nvme_ctrl_meta_sgl_supported(&dev->ctrl))
 		return false;
-	return req->nr_integrity_segments > 1;
+	return req->nr_integrity_segments > 1 ||
+		nvme_req(req)->flags & NVME_REQ_USERCMD;
 }
 
 static inline bool nvme_pci_use_sgls(struct nvme_dev *dev, struct request *req,
@@ -533,7 +534,7 @@ static inline bool nvme_pci_use_sgls(struct nvme_dev *dev, struct request *req,
 	if (nvme_pci_metadata_use_sgls(dev, req))
 		return true;
 	if (!sgl_threshold || avg_seg_size < sgl_threshold)
-		return false;
+		return nvme_req(req)->flags & NVME_REQ_USERCMD;
 	return true;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -515,7 +515,8 @@ static inline bool nvme_pci_metadata_use_sgls(struct nvme_dev *dev,`
`515`	`515`	`{`
`516`	`516`	`if (!nvme_ctrl_meta_sgl_supported(&dev->ctrl))`
`517`	`517`	`return false;`
`518`		`- return req->nr_integrity_segments > 1;`
	`518`	`+ return req->nr_integrity_segments > 1 \|\|`
	`519`	`+ nvme_req(req)->flags & NVME_REQ_USERCMD;`
`519`	`520`	`}`
`520`	`521`
`521`	`522`	`static inline bool nvme_pci_use_sgls(struct nvme_dev dev, struct request req,`
`@@ -533,7 +534,7 @@ static inline bool nvme_pci_use_sgls(struct nvme_dev dev, struct request req,`
`533`	`534`	`if (nvme_pci_metadata_use_sgls(dev, req))`
`534`	`535`	`return true;`
`535`	`536`	`if (!sgl_threshold \|\| avg_seg_size < sgl_threshold)`
`536`		`- return false;`
	`537`	`+ return nvme_req(req)->flags & NVME_REQ_USERCMD;`
`537`	`538`	`return true;`
`538`	`539`	`}`
`539`	`540`