On 10/13/2023 7:24 PM, Keith Busch wrote:
On Fri, Oct 13, 2023 at 03:44:38PM +0530, Kanchan Joshi wrote:
On 10/13/2023 10:56 AM, Christoph Hellwig wrote:
On Fri, Oct 13, 2023 at 10:44:58AM +0530, Kanchan Joshi wrote:
Changes since v3:
- Block only unprivileged user
That's not really what at least I had in mind. I'd much rather completely disable unprivileged passthrough for now as an easy backportable patch. And then only re-enable it later in a way where it does require using SGLs for all data transfers.
I did not get how forcing SGLs can solve the issue at hand. The problem happened because (i) user specified short buffer/len, and (ii) kernel allocated buffer. Whether the buffer is fed to device using PRP or SGL does not seem to solve the large DMA problem.
The problem is a disconnect between the buffer size provided and the implied size of the command. The idea with SGL is that it requires an explicit buffer size, so the device will know the buffer is short and return an appropriate error.
Thanks for clearing this up. It seems we will have two limitations with this approach - (i) sgl for the external metadata buffer, and (ii) using sgl for data-transfer will reduce the speed of passthrough io, perhaps more than what can happen using the checks. And if we make the sgl opt-in, that means leaving the hole for the case when this was not chosen.