[PATCH 04/20] PCI/sysfs: Add CAP_SYS_ADMIN check to __resource_resize_store()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Krzysztof Wilczyński" <kwilczynski@kernel.org>
To: Bjorn Helgaas <bhelgaas@google.com>
Cc: "Bjorn Helgaas" <helgaas@kernel.org>,
	"Manivannan Sadhasivam" <mani@kernel.org>,
	"Lorenzo Pieralisi" <lpieralisi@kernel.org>,
	"Magnus Lindholm" <linmag7@gmail.com>,
	"Matt Turner" <mattst88@gmail.com>,
	"Richard Henderson" <richard.henderson@linaro.org>,
	"Christophe Leroy" <chleroy@kernel.org>,
	"Madhavan Srinivasan" <maddy@linux.ibm.com>,
	"Michael Ellerman" <mpe@ellerman.id.au>,
	"Nicholas Piggin" <npiggin@gmail.com>,
	"Dexuan Cui" <decui@microsoft.com>,
	"Krzysztof Hałasa" <khalasa@piap.pl>,
	"Lukas Wunner" <lukas@wunner.de>,
	"Oliver O'Halloran" <oohall@gmail.com>,
	"Saurabh Singh Sengar" <ssengar@microsoft.com>,
	"Shuan He" <heshuan@bytedance.com>,
	"Srivatsa Bhat" <srivatsabhat@microsoft.com>,
	"Ilpo Järvinen" <ilpo.jarvinen@linux.intel.com>,
	linux-pci@vger.kernel.org, linux-alpha@vger.kernel.org,
	linuxppc-dev@lists.ozlabs.org
Subject: [PATCH 04/20] PCI/sysfs: Add CAP_SYS_ADMIN check to __resource_resize_store()
Date: Fri, 10 Apr 2026 05:50:24 +0000	[thread overview]
Message-ID: <20260410055040.39233-5-kwilczynski@kernel.org> (raw)
In-Reply-To: <20260410055040.39233-1-kwilczynski@kernel.org>

Currently, the __resource_resize_store() allows writing to the
resourceN_resize sysfs attribute to change a BAR's size without
checking for capabilities, currently relying only on the file
access check.

Resizing a BAR modifies PCI device configuration and can disrupt
active drivers.  After the upcoming conversion to static attributes,
it will also trigger resource file updates via sysfs_update_groups().

Thus, add a CAP_SYS_ADMIN check to prevent unprivileged users from
performing BAR resize operations.

Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
---
 drivers/pci/pci-sysfs.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
index ac4e7c516e78..6b8c8e62f68a 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -1619,6 +1619,9 @@ static ssize_t __resource_resize_store(struct device *dev, int n,
 	int ret;
 	u16 cmd;
 
+	if (!capable(CAP_SYS_ADMIN))
+		return -EPERM;
+
 	if (kstrtoul(buf, 0, &size) < 0)
 		return -EINVAL;
 
-- 
2.53.0

next prev parent reply	other threads:[~2026-04-10  5:50 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-10  5:50 [PATCH 00/20] PCI: Convert all dynamic sysfs attributes to static Krzysztof Wilczyński
2026-04-10  5:50 ` [PATCH 01/20] PCI/sysfs: Use PCI resource accessor macros Krzysztof Wilczyński
2026-04-10 10:20   ` Ilpo Järvinen
2026-04-10  5:50 ` [PATCH 02/20] PCI/sysfs: Only allow supported resource types in I/O and MMIO helpers Krzysztof Wilczyński
2026-04-10  5:50 ` [PATCH 03/20] PCI/sysfs: Use BAR length in pci_llseek_resource() when attr->size is zero Krzysztof Wilczyński
2026-04-10  5:50 ` Krzysztof Wilczyński [this message]
2026-04-10 10:18   ` [PATCH 04/20] PCI/sysfs: Add CAP_SYS_ADMIN check to __resource_resize_store() Ilpo Järvinen
2026-04-10  5:50 ` [PATCH 05/20] PCI/sysfs: Add static PCI resource attribute macros Krzysztof Wilczyński
2026-04-10  5:50 ` [PATCH 06/20] PCI/sysfs: Convert PCI resource files to static attributes Krzysztof Wilczyński
2026-04-10 10:49   ` Ilpo Järvinen
2026-04-10 11:13     ` Krzysztof Wilczyński
2026-04-10  5:50 ` [PATCH 07/20] PCI/sysfs: Convert __resource_resize_store() to use " Krzysztof Wilczyński
2026-04-10  5:50 ` [PATCH 08/20] PCI/sysfs: Add stubs for pci_{create,remove}_sysfs_dev_files() Krzysztof Wilczyński
2026-04-10  5:50 ` [PATCH 09/20] PCI/sysfs: Limit pci_sysfs_init() late_initcall compile scope Krzysztof Wilczyński
2026-04-10  5:50 ` [PATCH 10/20] alpha/PCI: Add security_locked_down() check to pci_mmap_resource() Krzysztof Wilczyński
2026-04-10 11:04   ` Ilpo Järvinen
2026-04-10 11:10     ` Krzysztof Wilczyński
2026-04-10  5:50 ` [PATCH 11/20] alpha/PCI: Use BAR index in sysfs attr->private instead of resource pointer Krzysztof Wilczyński
2026-04-10  5:50 ` [PATCH 12/20] alpha/PCI: Use PCI resource accessor macros Krzysztof Wilczyński
2026-04-10 11:11   ` Ilpo Järvinen
2026-04-10 11:27     ` Krzysztof Wilczyński
2026-04-10  5:50 ` [PATCH 13/20] alpha/PCI: Clean up __pci_mmap_fits() Krzysztof Wilczyński
2026-04-10 11:14   ` Ilpo Järvinen
2026-04-10 11:21     ` Krzysztof Wilczyński
2026-04-10 11:32       ` Ilpo Järvinen
2026-04-10 11:55         ` Krzysztof Wilczyński
2026-04-10  5:50 ` [PATCH 14/20] alpha/PCI: Add static PCI resource attribute macros Krzysztof Wilczyński
2026-04-10 11:19   ` Ilpo Järvinen
2026-04-10 11:48     ` Krzysztof Wilczyński
2026-04-10  5:50 ` [PATCH 15/20] alpha/PCI: Convert resource files to static attributes Krzysztof Wilczyński
2026-04-10  5:50 ` [PATCH 16/20] PCI/sysfs: Remove pci_{create,remove}_sysfs_dev_files() Krzysztof Wilczyński
2026-04-10  5:50 ` [PATCH 17/20] alpha/PCI: Compute legacy size in pci_mmap_legacy_page_range() Krzysztof Wilczyński
2026-04-10  5:50 ` [PATCH 18/20] PCI/sysfs: Add __weak pci_legacy_has_sparse() helper Krzysztof Wilczyński
2026-04-10  5:50 ` [PATCH 19/20] PCI/sysfs: Convert legacy I/O and memory attributes to static definitions Krzysztof Wilczyński
2026-04-10 11:47   ` Ilpo Järvinen
2026-04-10 12:04     ` Krzysztof Wilczyński
2026-04-10  5:50 ` [PATCH 20/20] PCI/sysfs: Remove pci_create_legacy_files() and pci_sysfs_init() Krzysztof Wilczyński
2026-04-10 18:18 ` [PATCH 00/20] PCI: Convert all dynamic sysfs attributes to static Krzysztof Wilczyński

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:ac4e7c516e7 dfblob:6b8c8e62f68 )
 OR (
bs:"[PATCH 04/20] PCI/sysfs: Add CAP_SYS_ADMIN check to __resource_resize_store()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260410055040.39233-5-kwilczynski@kernel.org \
    --to=kwilczynski@kernel.org \
    --cc=bhelgaas@google.com \
    --cc=chleroy@kernel.org \
    --cc=decui@microsoft.com \
    --cc=helgaas@kernel.org \
    --cc=heshuan@bytedance.com \
    --cc=ilpo.jarvinen@linux.intel.com \
    --cc=khalasa@piap.pl \
    --cc=linmag7@gmail.com \
    --cc=linux-alpha@vger.kernel.org \
    --cc=linux-pci@vger.kernel.org \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=lpieralisi@kernel.org \
    --cc=lukas@wunner.de \
    --cc=maddy@linux.ibm.com \
    --cc=mani@kernel.org \
    --cc=mattst88@gmail.com \
    --cc=mpe@ellerman.id.au \
    --cc=npiggin@gmail.com \
    --cc=oohall@gmail.com \
    --cc=richard.henderson@linaro.org \
    --cc=srivatsabhat@microsoft.com \
    --cc=ssengar@microsoft.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.