From: Bjorn Helgaas <helgaas@kernel.org>
To: Leon Romanovsky <leon@kernel.org>
Cc: "Krzysztof Wilczyński" <kw@linux.com>,
linux-pci@vger.kernel.org, "Ariel Almog" <ariela@nvidia.com>,
"Aditya Prabhune" <aprabhune@nvidia.com>,
"Hannes Reinecke" <hare@suse.de>,
"Heiner Kallweit" <hkallweit1@gmail.com>,
"Arun Easi" <aeasi@marvell.com>,
"Jonathan Chocron" <jonnyc@amazon.com>,
"Bert Kenward" <bkenward@solarflare.com>,
"Matt Carlson" <mcarlson@broadcom.com>,
"Kai-Heng Feng" <kai.heng.feng@canonical.com>,
"Jean Delvare" <jdelvare@suse.de>,
"Alex Williamson" <alex.williamson@redhat.com>,
linux-kernel@vger.kernel.org,
"netdev@vger.kernel.org Thomas Weißschuh" <linux@weissschuh.net>
Subject: Re: [PATCH v1 1/2] PCI/sysfs: Change read permissions for VPD attributes
Date: Mon, 11 Nov 2024 15:48:04 -0600 [thread overview]
Message-ID: <20241111214804.GA1820183@bhelgaas> (raw)
In-Reply-To: <20241111211738.GD71181@unreal>
[+cc Thomas]
On Mon, Nov 11, 2024 at 11:17:38PM +0200, Leon Romanovsky wrote:
> On Mon, Nov 11, 2024 at 02:41:04PM -0600, Bjorn Helgaas wrote:
> > On Thu, Nov 07, 2024 at 08:56:56PM +0200, Leon Romanovsky wrote:
> > > From: Leon Romanovsky <leonro@nvidia.com>
> > >
> > > The Vital Product Data (VPD) attribute is not readable by regular
> > > user without root permissions. Such restriction is not really needed
> > > for many devices in the world, as data presented in that VPD is not
> > > sensitive and access to the HW is safe and tested.
> > >
> > > This change aligns the permissions of the VPD attribute to be accessible
> > > for read by all users, while write being restricted to root only.
> > >
> > > For the driver, there is a need to opt-in in order to allow this
> > > functionality.
> >
> > I don't think the use case is very strong (and not included at all
> > here).
>
> I will add the use case, which is running monitoring application without
> need to be root. IMHO reducing number of applications that require
> privileged access is a very strong case. I personally try to avoid
> applications with root/setuid privileges.
Avoiding root/setuid is a very good thing. I just don't think using
VPD directly from userspace is a great idea because VPD is so slow and
sometimes unreliable to read. And apparently this is a pretty unusual
situation since I haven't heard similar requests for other devices.
Sort of ironic that some vendors, especially Intel and AMD, add new
Device IDs for devices that work exactly the same as their
predecessors, so we are continually adding to the pci_device_id
tables, while here we apparently the same Device ID is used for
devices that differ in ways we actually want to know about.
> > If we do need to do this, I think it's a property of the device, not
> > the driver.
>
> But how will device inform PCI core about safe VPD read?
> Should I add new field to struct pci_device_id? Add a quirk?
> Otherwise, I will need to add a line "pci_dev->downgrade_vpd_read=true"
> to mlx5 probe function and it won't change a lot from current
> implementation.
To me it looks like a pci_dev bit, not a pci_driver bit.
I would set it .probe() so all the code is in one place. And it's not
related to a device defect, as most quirks are.
Bjorn
next prev parent reply other threads:[~2024-11-11 21:48 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-07 18:56 [PATCH v1 0/2] Fix read permissions for VPD attributes Leon Romanovsky
2024-11-07 18:56 ` [PATCH v1 1/2] PCI/sysfs: Change " Leon Romanovsky
2024-11-11 20:41 ` Bjorn Helgaas
2024-11-11 21:17 ` Leon Romanovsky
2024-11-11 21:48 ` Bjorn Helgaas [this message]
2024-11-12 6:36 ` Leon Romanovsky
2024-11-12 0:34 ` Stephen Hemminger
2024-11-12 6:12 ` Leon Romanovsky
2024-11-12 6:44 ` Heiner Kallweit
2024-11-12 7:26 ` Leon Romanovsky
2024-11-12 21:48 ` Bjorn Helgaas
2024-11-11 21:08 ` Thomas Weißschuh
2024-11-07 18:56 ` [PATCH v1 2/2] net/mlx5: Enable unprivileged read of PCI VPD file Leon Romanovsky
2024-11-07 19:09 ` Jakub Kicinski
2024-11-11 20:31 ` [PATCH v1 0/2] Fix read permissions for VPD attributes Leon Romanovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241111214804.GA1820183@bhelgaas \
--to=helgaas@kernel.org \
--cc=aeasi@marvell.com \
--cc=alex.williamson@redhat.com \
--cc=aprabhune@nvidia.com \
--cc=ariela@nvidia.com \
--cc=bkenward@solarflare.com \
--cc=hare@suse.de \
--cc=hkallweit1@gmail.com \
--cc=jdelvare@suse.de \
--cc=jonnyc@amazon.com \
--cc=kai.heng.feng@canonical.com \
--cc=kw@linux.com \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=linux@weissschuh.net \
--cc=mcarlson@broadcom.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox