From: Leon Romanovsky <leon@kernel.org>
To: Bjorn Helgaas <helgaas@kernel.org>
Cc: "Bjorn Helgaas" <bhelgaas@google.com>,
"Krzysztof Wilczyński" <kw@linux.com>,
linux-pci@vger.kernel.org, "Ariel Almog" <ariela@nvidia.com>,
"Aditya Prabhune" <aprabhune@nvidia.com>,
"Hannes Reinecke" <hare@suse.de>,
"Heiner Kallweit" <hkallweit1@gmail.com>,
"Arun Easi" <aeasi@marvell.com>,
"Jonathan Chocron" <jonnyc@amazon.com>,
"Bert Kenward" <bkenward@solarflare.com>,
"Matt Carlson" <mcarlson@broadcom.com>,
"Kai-Heng Feng" <kai.heng.feng@canonical.com>,
"Jean Delvare" <jdelvare@suse.de>,
"Alex Williamson" <alex.williamson@redhat.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] PCI/sysfs: Fix read permissions for VPD attributes
Date: Tue, 5 Nov 2024 18:26:55 +0200 [thread overview]
Message-ID: <20241105162655.GG311159@unreal> (raw)
In-Reply-To: <20241105152455.GA1472398@bhelgaas>
On Tue, Nov 05, 2024 at 09:24:55AM -0600, Bjorn Helgaas wrote:
> On Tue, Nov 05, 2024 at 09:51:30AM +0200, Leon Romanovsky wrote:
> > On Mon, Nov 04, 2024 at 06:10:27PM -0600, Bjorn Helgaas wrote:
> > > On Sun, Nov 03, 2024 at 02:33:44PM +0200, Leon Romanovsky wrote:
> > > > On Fri, Nov 01, 2024 at 11:47:37AM -0500, Bjorn Helgaas wrote:
> > > > > On Fri, Nov 01, 2024 at 04:33:00PM +0200, Leon Romanovsky wrote:
> > > > > > On Thu, Oct 31, 2024 at 06:22:52PM -0500, Bjorn Helgaas wrote:
> > > > > > > On Tue, Oct 29, 2024 at 07:04:50PM -0500, Bjorn Helgaas wrote:
> > > > > > > > On Mon, Oct 28, 2024 at 10:05:33AM +0200, Leon Romanovsky wrote:
> > > > > > > > > From: Leon Romanovsky <leonro@nvidia.com>
> > > > > > > > >
> > > > > > > > > The Virtual Product Data (VPD) attribute is not
> > > > > > > > > readable by regular user without root permissions.
> > > > > > > > > Such restriction is not really needed, as data
> > > > > > > > > presented in that VPD is not sensitive at all.
> > > > > > > > >
> > > > > > > > > This change aligns the permissions of the VPD
> > > > > > > > > attribute to be accessible for read by all users,
> > > > > > > > > while write being restricted to root only.
> > ...
>
> > > What's the use case? How does an unprivileged user use the VPD
> > > information?
> >
> > We have to add new field keyword=value in VA section of VPD, which
> > will indicate very specific sub-model for devices used as a bridge.
> >
> > > I can certainly imagine using VPD for bug reporting, but that
> > > would typically involve dmesg, dmidecode, lspci -vv, etc, all of
> > > which already require privilege, so it's not clear to me how
> > > public VPD info would help in that scenario.
> >
> > I'm targeting other scenario - monitoring tool, which doesn't need
> > root permissions for reading data. It needs to distinguish between
> > NIC sub-models.
>
> Maybe the driver could expose something in sysfs? Maybe the driver
> needs to know the sub-model as well, and reading VPD once in the
> driver would make subsequent userspace sysfs reads trivial and fast.
Our PCI driver lays in netdev subsystem and they have long-standing
position do not allow any custom sysfs files. To be fair, we (RDMA)
don't allow custom sysfs files too.
Driver doesn't need to know this information as it is extra key=value in
existing [VA] field, while driver relies on multiple FW capabilities
to enable/disable functionality.
Current [VA] line:
"[VA] Vendor specific: MLX:MN=MLNX:CSKU=V2:UUID=V3:PCI=V0:MODL=CX713106A"
Future [VA] line:
"[VA] Vendor specific: MLX:MN=MLNX:CSKU=V2:UUID=V3:PCI=V0:MODL=CX713106A,SMDL=SOMETHING"
Also the idea that we will duplicate existing functionality doesn't
sound like a good approach to me, and there is no way that it is
possible to expose as subsystem specific file.
What about to allow existing VPD sysfs file to be readable for everyone for our devices?
And if this allow list grows to much, we will open it for all devices in the world?
Thanks
>
> Bjorn
next prev parent reply other threads:[~2024-11-05 16:27 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20241030000450.GA1180398@bhelgaas>
2024-10-31 23:22 ` [PATCH] PCI/sysfs: Fix read permissions for VPD attributes Bjorn Helgaas
2024-11-01 14:33 ` Leon Romanovsky
2024-11-01 16:47 ` Bjorn Helgaas
2024-11-03 12:33 ` Leon Romanovsky
2024-11-05 0:10 ` Bjorn Helgaas
2024-11-05 7:51 ` Leon Romanovsky
2024-11-05 15:24 ` Bjorn Helgaas
2024-11-05 16:26 ` Leon Romanovsky [this message]
2024-11-07 11:31 ` Leon Romanovsky
2024-11-07 14:59 ` Bjorn Helgaas
2024-11-07 16:15 ` Leon Romanovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241105162655.GG311159@unreal \
--to=leon@kernel.org \
--cc=aeasi@marvell.com \
--cc=alex.williamson@redhat.com \
--cc=aprabhune@nvidia.com \
--cc=ariela@nvidia.com \
--cc=bhelgaas@google.com \
--cc=bkenward@solarflare.com \
--cc=hare@suse.de \
--cc=helgaas@kernel.org \
--cc=hkallweit1@gmail.com \
--cc=jdelvare@suse.de \
--cc=jonnyc@amazon.com \
--cc=kai.heng.feng@canonical.com \
--cc=kw@linux.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=mcarlson@broadcom.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox