Re: [PATCH v3] PCI/sysfs: Change read permissions for VPD attributes

From: Stephen Hemminger
Date: Tue Dec 03 2024 - 12:25:10 EST

Next message: Jann Horn: "[PATCH 0/3] fixes for udmabuf (memfd sealing checks and a leak)"
Previous message: Mark Brown: "Re: [PATCH 1/6] arm64/sme: Flush foreign register state in do_sme_acc()"
In reply to: Leon Romanovsky: "[PATCH v3] PCI/sysfs: Change read permissions for VPD attributes"
Next in thread: Leon Romanovsky: "Re: [PATCH v3] PCI/sysfs: Change read permissions for VPD attributes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 3 Dec 2024 14:15:28 +0200
Leon Romanovsky <leon@xxxxxxxxxx> wrote:

> The Vital Product Data (VPD) attribute is not readable by regular
> user without root permissions. Such restriction is not needed at
> all for Mellanox devices, as data presented in that VPD is not
> sensitive and access to the HW is safe and well tested.
>
> This change changes the permissions of the VPD attribute to be accessible
> for read by all users for Mellanox devices, while write continue to be
> restricted to root only.
>
> The main use case is to remove need to have root/setuid permissions
> while using monitoring library [1].
>
> [leonro@vm ~]$ lspci |grep nox
> 00:09.0 Ethernet controller: Mellanox Technologies MT2910 Family [ConnectX-7]
>
> Before:
> [leonro@vm ~]$ ls -al /sys/bus/pci/devices/0000:00:09.0/vpd
> -rw------- 1 root root 0 Nov 13 12:30 /sys/bus/pci/devices/0000:00:09.0/vpd
> After:
> [leonro@vm ~]$ ls -al /sys/bus/pci/devices/0000:00:09.0/vpd
> -rw-r--r-- 1 root root 0 Nov 13 12:30 /sys/bus/pci/devices/0000:00:09.0/vpd
>
> [1] https://developer.nvidia.com/management-library-nvml
> Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxx>
> ---
> Changelog:
> v3:
> * Used | to change file attributes
> * Remove WARN_ON
> v2: https://lore.kernel.org/all/61a0fa74461c15edfae76222522fa445c28bec34.1731502431.git.leon@xxxxxxxxxx
> * Another implementation to make sure that user is presented with
> correct permissions without need for driver intervention.
> v1: https://lore.kernel.org/all/cover.1731005223.git.leonro@xxxxxxxxxx
> * Changed implementation from open-read-to-everyone to be opt-in
> * Removed stable and Fixes tags, as it seems like feature now.
> v0:
> https://lore.kernel.org/all/65791906154e3e5ea12ea49127cf7c707325ca56.1730102428.git.leonro@xxxxxxxxxx/
> ---
> drivers/pci/vpd.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/drivers/pci/vpd.c b/drivers/pci/vpd.c
> index a469bcbc0da7..a7aa54203321 100644
> --- a/drivers/pci/vpd.c
> +++ b/drivers/pci/vpd.c
> @@ -332,6 +332,13 @@ static umode_t vpd_attr_is_visible(struct kobject *kobj,
> if (!pdev->vpd.cap)
> return 0;
>
> + /*
> + * Mellanox devices have implementation that allows VPD read by
> + * unprivileged users, so just add needed bits to allow read.
> + */
> + if (unlikely(pdev->vendor == PCI_VENDOR_ID_MELLANOX))
> + return a->attr.mode | 0044;
> +
> return a->attr.mode;
> }
>

Could this be with other vendor specific quirks instead?

Also, the wording of the comment is awkward. Suggest:
On Mellanox devices reading VPD is safe for unprivileged users.

Next message: Jann Horn: "[PATCH 0/3] fixes for udmabuf (memfd sealing checks and a leak)"
Previous message: Mark Brown: "Re: [PATCH 1/6] arm64/sme: Flush foreign register state in do_sme_acc()"
In reply to: Leon Romanovsky: "[PATCH v3] PCI/sysfs: Change read permissions for VPD attributes"
Next in thread: Leon Romanovsky: "Re: [PATCH v3] PCI/sysfs: Change read permissions for VPD attributes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]