From: Leon Romanovsky <leon@kernel.org>
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: "Bjorn Helgaas" <helgaas@kernel.org>,
"Krzysztof Wilczyński" <kw@linux.com>,
linux-pci@vger.kernel.org, "Ariel Almog" <ariela@nvidia.com>,
"Aditya Prabhune" <aprabhune@nvidia.com>,
"Hannes Reinecke" <hare@suse.de>,
"Heiner Kallweit" <hkallweit1@gmail.com>,
"Arun Easi" <aeasi@marvell.com>,
"Jonathan Chocron" <jonnyc@amazon.com>,
"Bert Kenward" <bkenward@solarflare.com>,
"Matt Carlson" <mcarlson@broadcom.com>,
"Kai-Heng Feng" <kai.heng.feng@canonical.com>,
"Jean Delvare" <jdelvare@suse.de>,
"Alex Williamson" <alex.williamson@redhat.com>,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
"Jakub Kicinski" <kuba@kernel.org>,
"Thomas Weißschuh" <linux@weissschuh.net>
Subject: Re: [PATCH v3] PCI/sysfs: Change read permissions for VPD attributes
Date: Tue, 3 Dec 2024 19:40:27 +0200 [thread overview]
Message-ID: <20241203174027.GK1245331@unreal> (raw)
In-Reply-To: <20241203092456.5dde2476@hermes.local>
On Tue, Dec 03, 2024 at 09:24:56AM -0800, Stephen Hemminger wrote:
> On Tue, 3 Dec 2024 14:15:28 +0200
> Leon Romanovsky <leon@kernel.org> wrote:
>
> > The Vital Product Data (VPD) attribute is not readable by regular
> > user without root permissions. Such restriction is not needed at
> > all for Mellanox devices, as data presented in that VPD is not
> > sensitive and access to the HW is safe and well tested.
> >
> > This change changes the permissions of the VPD attribute to be accessible
> > for read by all users for Mellanox devices, while write continue to be
> > restricted to root only.
> >
> > The main use case is to remove need to have root/setuid permissions
> > while using monitoring library [1].
> >
> > [leonro@vm ~]$ lspci |grep nox
> > 00:09.0 Ethernet controller: Mellanox Technologies MT2910 Family [ConnectX-7]
> >
> > Before:
> > [leonro@vm ~]$ ls -al /sys/bus/pci/devices/0000:00:09.0/vpd
> > -rw------- 1 root root 0 Nov 13 12:30 /sys/bus/pci/devices/0000:00:09.0/vpd
> > After:
> > [leonro@vm ~]$ ls -al /sys/bus/pci/devices/0000:00:09.0/vpd
> > -rw-r--r-- 1 root root 0 Nov 13 12:30 /sys/bus/pci/devices/0000:00:09.0/vpd
> >
> > [1] https://developer.nvidia.com/management-library-nvml
> > Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
> > ---
> > Changelog:
> > v3:
> > * Used | to change file attributes
> > * Remove WARN_ON
> > v2: https://lore.kernel.org/all/61a0fa74461c15edfae76222522fa445c28bec34.1731502431.git.leon@kernel.org
> > * Another implementation to make sure that user is presented with
> > correct permissions without need for driver intervention.
> > v1: https://lore.kernel.org/all/cover.1731005223.git.leonro@nvidia.com
> > * Changed implementation from open-read-to-everyone to be opt-in
> > * Removed stable and Fixes tags, as it seems like feature now.
> > v0:
> > https://lore.kernel.org/all/65791906154e3e5ea12ea49127cf7c707325ca56.1730102428.git.leonro@nvidia.com/
> > ---
> > drivers/pci/vpd.c | 7 +++++++
> > 1 file changed, 7 insertions(+)
> >
> > diff --git a/drivers/pci/vpd.c b/drivers/pci/vpd.c
> > index a469bcbc0da7..a7aa54203321 100644
> > --- a/drivers/pci/vpd.c
> > +++ b/drivers/pci/vpd.c
> > @@ -332,6 +332,13 @@ static umode_t vpd_attr_is_visible(struct kobject *kobj,
> > if (!pdev->vpd.cap)
> > return 0;
> >
> > + /*
> > + * Mellanox devices have implementation that allows VPD read by
> > + * unprivileged users, so just add needed bits to allow read.
> > + */
> > + if (unlikely(pdev->vendor == PCI_VENDOR_ID_MELLANOX))
> > + return a->attr.mode | 0044;
> > +
> > return a->attr.mode;
> > }
> >
>
> Could this be with other vendor specific quirks instead?
In previous versions, I asked Bjorn about using quirks and the answer
was that quirks are mainly to fix HW defects fixes and this change doesn't
belong to that category.
https://lore.kernel.org/linux-pci/20241111214804.GA1820183@bhelgaas/
>
> Also, the wording of the comment is awkward. Suggest:
> On Mellanox devices reading VPD is safe for unprivileged users.
Thanks
next prev parent reply other threads:[~2024-12-03 17:40 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-03 12:15 [PATCH v3] PCI/sysfs: Change read permissions for VPD attributes Leon Romanovsky
2024-12-03 17:24 ` Stephen Hemminger
2024-12-03 17:40 ` Leon Romanovsky [this message]
2024-12-03 20:36 ` Bjorn Helgaas
2024-12-04 6:47 ` Leon Romanovsky
2024-12-17 13:22 ` Leon Romanovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241203174027.GK1245331@unreal \
--to=leon@kernel.org \
--cc=aeasi@marvell.com \
--cc=alex.williamson@redhat.com \
--cc=aprabhune@nvidia.com \
--cc=ariela@nvidia.com \
--cc=bkenward@solarflare.com \
--cc=hare@suse.de \
--cc=helgaas@kernel.org \
--cc=hkallweit1@gmail.com \
--cc=jdelvare@suse.de \
--cc=jonnyc@amazon.com \
--cc=kai.heng.feng@canonical.com \
--cc=kuba@kernel.org \
--cc=kw@linux.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=linux@weissschuh.net \
--cc=mcarlson@broadcom.com \
--cc=netdev@vger.kernel.org \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).