[v4] PCI/sysfs: Change read permissions for VPD attributes

Message ID	c93a253b24701513dbeeb307cb2b9e3afd4c74b5.1737271118.git.leon@kernel.org (mailing list archive)
State	New
Headers	show Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D1638143888; Sun, 19 Jan 2025 07:28:09 +0000 (UTC) From: Leon Romanovsky <leon@kernel.org> To: Cc: Leon Romanovsky <leonro@nvidia.com>, Bjorn Helgaas <helgaas@kernel.org>, =?utf-8?q?Krzysztof_Wilczy=C5=84ski?= <kw@linux.com>, linux-pci@vger.kernel.org, Ariel Almog <ariela@nvidia.com>, Aditya Prabhune <aprabhune@nvidia.com>, Hannes Reinecke <hare@suse.de>, Heiner Kallweit <hkallweit1@gmail.com>, Arun Easi <aeasi@marvell.com>, Jonathan Chocron <jonnyc@amazon.com>, Bert Kenward <bkenward@solarflare.com>, Matt Carlson <mcarlson@broadcom.com>, Kai-Heng Feng <kai.heng.feng@canonical.com>, Jean Delvare <jdelvare@suse.de>, Alex Williamson <alex.williamson@redhat.com>, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, Jakub Kicinski <kuba@kernel.org>, =?utf-8?q?Thomas_?= =?utf-8?q?Wei=C3=9Fschuh?= <linux@weissschuh.net>, Stephen Hemminger <stephen@networkplumber.org> Subject: [PATCH v4] PCI/sysfs: Change read permissions for VPD attributes Date: Sun, 19 Jan 2025 09:27:54 +0200 Message-ID: <c93a253b24701513dbeeb307cb2b9e3afd4c74b5.1737271118.git.leon@kernel.org> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[v4] PCI/sysfs: Change read permissions for VPD attributes \| expand [v4] PCI/sysfs: Change read permissions for VPD attributes

Message ID

c93a253b24701513dbeeb307cb2b9e3afd4c74b5.1737271118.git.leon@kernel.org (mailing list archive)

State

New

Headers

From: Leon Romanovsky <leon@kernel.org>
To: 
Cc: Leon Romanovsky <leonro@nvidia.com>, Bjorn Helgaas <helgaas@kernel.org>,
	=?utf-8?q?Krzysztof_Wilczy=C5=84ski?= <kw@linux.com>,
 linux-pci@vger.kernel.org, Ariel Almog <ariela@nvidia.com>,
 Aditya Prabhune <aprabhune@nvidia.com>, Hannes Reinecke <hare@suse.de>,
 Heiner Kallweit <hkallweit1@gmail.com>, Arun Easi <aeasi@marvell.com>,
 Jonathan Chocron <jonnyc@amazon.com>, Bert Kenward <bkenward@solarflare.com>,
 Matt Carlson <mcarlson@broadcom.com>,
 Kai-Heng Feng <kai.heng.feng@canonical.com>, Jean Delvare <jdelvare@suse.de>,
 Alex Williamson <alex.williamson@redhat.com>, linux-kernel@vger.kernel.org,
 netdev@vger.kernel.org, Jakub Kicinski <kuba@kernel.org>, =?utf-8?q?Thomas_?=
	=?utf-8?q?Wei=C3=9Fschuh?= <linux@weissschuh.net>,
 Stephen Hemminger <stephen@networkplumber.org>
Subject: [PATCH v4] PCI/sysfs: Change read permissions for VPD attributes
Date: Sun, 19 Jan 2025 09:27:54 +0200
Message-ID: 
 <c93a253b24701513dbeeb307cb2b9e3afd4c74b5.1737271118.git.leon@kernel.org>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[v4] PCI/sysfs: Change read permissions for VPD attributes | expand

Context	Check	Description
netdev/tree_selection	success	Not a local patch

Context

Check

Description

netdev/tree_selection

success

Not a local patch

Commit Message

Leon Romanovsky Jan. 19, 2025, 7:27 a.m. UTC

From: Leon Romanovsky <leonro@nvidia.com>

The Vital Product Data (VPD) attribute is not readable by regular
user without root permissions. Such restriction is not needed at
all for Mellanox devices, as data presented in that VPD is not
sensitive and access to the HW is safe and well tested.

This change changes the permissions of the VPD attribute to be accessible
for read by all users for Mellanox devices, while write continue to be
restricted to root only.

The main use case is to remove need to have root/setuid permissions
while using monitoring library [1].

[leonro@vm ~]$ lspci |grep nox
00:09.0 Ethernet controller: Mellanox Technologies MT2910 Family [ConnectX-7]

Before:
[leonro@vm ~]$ ls -al /sys/bus/pci/devices/0000:00:09.0/vpd
-rw------- 1 root root 0 Nov 13 12:30 /sys/bus/pci/devices/0000:00:09.0/vpd
After:
[leonro@vm ~]$ ls -al /sys/bus/pci/devices/0000:00:09.0/vpd
-rw-r--r-- 1 root root 0 Nov 13 12:30 /sys/bus/pci/devices/0000:00:09.0/vpd

[1] https://developer.nvidia.com/management-library-nvml
Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
---
Changelog:
v4:
 * Change comment to the variant suggested by Stephen
v3: https://lore.kernel.org/all/18f36b3cbe2b7e67eed876337f8ba85afbc12e73.1733227737.git.leon@kernel.org
 * Used | to change file attributes
 * Remove WARN_ON
v2: https://lore.kernel.org/all/61a0fa74461c15edfae76222522fa445c28bec34.1731502431.git.leon@kernel.org
 * Another implementation to make sure that user is presented with
   correct permissions without need for driver intervention.
v1: https://lore.kernel.org/all/cover.1731005223.git.leonro@nvidia.com
 * Changed implementation from open-read-to-everyone to be opt-in
 * Removed stable and Fixes tags, as it seems like feature now.
v0: https://lore.kernel.org/all/65791906154e3e5ea12ea49127cf7c707325ca56.1730102428.git.leonro@nvidia.com/
---
 drivers/pci/vpd.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/pci/vpd.c b/drivers/pci/vpd.c
index a469bcbc0da7..c873ab47526b 100644
--- a/drivers/pci/vpd.c
+++ b/drivers/pci/vpd.c
@@ -332,6 +332,13 @@  static umode_t vpd_attr_is_visible(struct kobject *kobj,
 	if (!pdev->vpd.cap)
 		return 0;
 
+	/*
+	 * On Mellanox devices reading VPD is safe for unprivileged users,
+	 * so just add needed bits to allow read.
+	 */
+	if (unlikely(pdev->vendor == PCI_VENDOR_ID_MELLANOX))
+		return a->attr.mode | 0044;
+
 	return a->attr.mode;
 }

[v4] PCI/sysfs: Change read permissions for VPD attributes

Checks

Commit Message

Patch