From nobody Sun Nov 24 02:32:34 2024 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3881E2170D6; Thu, 7 Nov 2024 18:57:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731005834; cv=none; b=SnJ3D1F23249JGOze7ODGCI2gKwSvNML94EefvSWBX/iGYHqM2TFKf+3+dzIkAAy2TXxSpJDtaZD69aEanXxFUUArOsz4CdlRGZ2zV3BieRA8SeKli69ULdxiOEXSkKr2hJZPEoZtcuAuiZugroeykR3hEJwOtt8t0nODDHinuY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731005834; c=relaxed/simple; bh=7paQa5ZsDu1PZxVYxX8jR4ViS0jnHDD2m+t5fDLAccY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=XRIj1dUSlOe/OoWyeF29PMdVJVP4aI5fPbXoQOGwXDesZCqWAO1txo9yHwSaOxrctUfacmS/BrS0cjspNfqeW7MLnmUtuRCLvXEsje+AOjwy7z92/L39hvgtgYPYLdHaeblJ6oiqkTqaxenAfhwp5G36bzmJ7P5p8b+jxGh6Vgk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Ld6Ej07D; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Ld6Ej07D" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 36021C4CECC; Thu, 7 Nov 2024 18:57:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1731005833; bh=7paQa5ZsDu1PZxVYxX8jR4ViS0jnHDD2m+t5fDLAccY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Ld6Ej07DhUE8JDrF+hEIBh2+d31pwfA3ome9c5Nal+GcUw5Jn/vITYAkStDq5Cb3D 7aTH2A5hFZ2DMPXVmZc+8aYyoPq6Nqez+3SyoF3itCNEU6F3NxzlCz71L/DFHiwFV5 v3FEJzTxAAnQK1YSXx7BK+btM7MakQ0JeiWpuMtseFgqQqSCnxnIIeAS6k9djwdleq 3mDPuHCGBgGUJyINbMRhgmUBkxB06Ek0Nu1c0ex6pgnxCYllF8zPVNya2FkVYFwwqm iK7y++KhwpTPVDQ5UydWfs9UfkCm1cJXG5hWaBm5IChtrsjdv+BO4XZHejYKfn0Alq 6E2wpLKYYreOg== From: Leon Romanovsky To: Bjorn Helgaas Cc: Leon Romanovsky , =?UTF-8?q?Krzysztof=20Wilczy=C5=84ski?= , linux-pci@vger.kernel.org, "Ariel Almog" , "Aditya Prabhune" , "Hannes Reinecke" , "Heiner Kallweit" , "Arun Easi" , "Jonathan Chocron" , "Bert Kenward" , "Matt Carlson" , "Kai-Heng Feng" , "Jean Delvare" , "Alex Williamson" , linux-kernel@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v1 1/2] PCI/sysfs: Change read permissions for VPD attributes Date: Thu, 7 Nov 2024 20:56:56 +0200 Message-ID: X-Mailer: git-send-email 2.47.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Leon Romanovsky The Vital Product Data (VPD) attribute is not readable by regular user without root permissions. Such restriction is not really needed for many devices in the world, as data presented in that VPD is not sensitive and access to the HW is safe and tested. This change aligns the permissions of the VPD attribute to be accessible for read by all users, while write being restricted to root only. For the driver, there is a need to opt-in in order to allow this functionality. Signed-off-by: Leon Romanovsky --- drivers/pci/vpd.c | 9 ++++++++- include/linux/pci.h | 7 ++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/drivers/pci/vpd.c b/drivers/pci/vpd.c index e4300f5f304f..7c70930abaa0 100644 --- a/drivers/pci/vpd.c +++ b/drivers/pci/vpd.c @@ -156,6 +156,7 @@ static ssize_t pci_vpd_read(struct pci_dev *dev, loff_t= pos, size_t count, void *arg, bool check_size) { struct pci_vpd *vpd =3D &dev->vpd; + struct pci_driver *drv; unsigned int max_len; int ret =3D 0; loff_t end =3D pos + count; @@ -167,6 +168,12 @@ static ssize_t pci_vpd_read(struct pci_dev *dev, loff_= t pos, size_t count, if (pos < 0) return -EINVAL; =20 + if (!capable(CAP_SYS_ADMIN)) { + drv =3D to_pci_driver(dev->dev.driver); + if (!drv || !drv->downgrade_vpd_read) + return -EPERM; + } + max_len =3D check_size ? vpd->len : PCI_VPD_MAX_SIZE; =20 if (pos >=3D max_len) @@ -317,7 +324,7 @@ static ssize_t vpd_write(struct file *filp, struct kobj= ect *kobj, =20 return ret; } -static BIN_ATTR(vpd, 0600, vpd_read, vpd_write, 0); +static BIN_ATTR_RW(vpd, 0); =20 static struct bin_attribute *vpd_attrs[] =3D { &bin_attr_vpd, diff --git a/include/linux/pci.h b/include/linux/pci.h index 573b4c4c2be6..b8fed74e742e 100644 --- a/include/linux/pci.h +++ b/include/linux/pci.h @@ -943,6 +943,10 @@ struct module; * how to manage the DMA themselves and set this flag so that * the IOMMU layer will allow them to setup and manage their * own I/O address space. + * @downgrade_vpd_read: Device doesn't require root permissions from the u= sers + * to read VPD information. The driver doesn't expose any sen= sitive + * information through that interface and safe to be accessed= by + * unprivileged users. */ struct pci_driver { const char *name; @@ -960,7 +964,8 @@ struct pci_driver { const struct attribute_group **dev_groups; struct device_driver driver; struct pci_dynids dynids; - bool driver_managed_dma; + bool driver_managed_dma : 1; + bool downgrade_vpd_read : 1; }; =20 #define to_pci_driver(__drv) \ --=20 2.47.0 From nobody Sun Nov 24 02:32:34 2024 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9C59E2170D6; Thu, 7 Nov 2024 18:57:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731005839; cv=none; b=X862TGTdU26p8W3goNEXc6AFQtf38HQQOtgE27/HZny6qDCMv7WS1d28xUv5a32jA+kF+Iu03NKr0aeFPDyN1DkVOcz22VQNzFoKIL7j6nP36sx+Upnq/DzEjdKX3UaBdMV3zcZ1yRYizdDob1/ZiD3viJhFHciwUgSm26G8Vvc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731005839; c=relaxed/simple; bh=Jk1glCEODb6LBoL7jnE9DENCd/x3Sr54x9ReG6IrTdA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=jy4+OGK7zKu0cjRrWDjDSnb2/lLAAiTOBhBM3K2gYKmr84fvmEZ4nLXSUud/iRaiqsF/YcBnz1UOCnWSBaWfRQ8VS2p+kvkwK9DYTKlc9d1FUlR4/dH3ZYO/8/MlEq5vgrp896JcDfO8kzzo7gtpqBT4zdnKQHxA3gbu5FRyvlA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Foegwhou; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Foegwhou" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B7A3DC4CECC; Thu, 7 Nov 2024 18:57:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1731005839; bh=Jk1glCEODb6LBoL7jnE9DENCd/x3Sr54x9ReG6IrTdA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Foegwhoude5WqXWP35jdLgyEeAkFM0PFcfVdf01MOefeo57+VbUDM5iOBoj529Nfe 7el/OZoEmt0ke+Avk/ndQI68xoqZ0ZmMHEKupuy0jMHew4QY5ywB32F8fKNv8Drya6 Azj1AKVvB3fshMrG2Z23uYowwsYQ+DXGfBWToFnB6Mk5+Zw9OTN8bfrkRNSPjmGr4K as+zqcVz7OQEcINbP59dm8kXT1lAUv9MxzueUvoGr5bB7sxVC+3II1xiXLY6P6eOZ9 3OonLQJOD5cMhdXWD08iCIU5S6hgJ0JhuHEoqx7BNpeKMDuHp+ZfH1rNF0dl3YWO1Q coEkh890SYsLA== From: Leon Romanovsky To: Bjorn Helgaas Cc: Leon Romanovsky , =?UTF-8?q?Krzysztof=20Wilczy=C5=84ski?= , linux-pci@vger.kernel.org, "Ariel Almog" , "Aditya Prabhune" , "Hannes Reinecke" , "Heiner Kallweit" , "Arun Easi" , "Jonathan Chocron" , "Bert Kenward" , "Matt Carlson" , "Kai-Heng Feng" , "Jean Delvare" , "Alex Williamson" , linux-kernel@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH v1 2/2] net/mlx5: Enable unprivileged read of PCI VPD file Date: Thu, 7 Nov 2024 20:56:57 +0200 Message-ID: X-Mailer: git-send-email 2.47.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Leon Romanovsky mlx5 devices are PCIe spec compliant, doesn't expose any sensitive information Vital Product Data (VPD) section. In addition, these devices are capable to provide an unprivileged read access file exposed by PCI core. The parsed VPD section looks like this: 08:00.0 Ethernet controller: Mellanox Technologies MT2910 Family [ConnectX-7] ... Capabilities: [48] Vital Product Data Product Name: NVIDIA ConnectX-7 HHHL adapter Card, 200GbE / NDR200 IB, = Dual-port QSFP112, PCIe 5.0 x16 with x16 PCIe extension option, Crypto, Secure Boot Capable Read-only fields: [PN] Part number: MCX713106AEHEA_QP1 [EC] Engineering changes: A5 [V2] Vendor specific: MCX713106AEHEA_QP1 [SN] Serial number: MT2314XZ0JUZ [V3] Vendor specific: 0a5efb8958deed118000946dae7db798 [VA] Vendor specific: MLX:MN=3DMLNX:CSKU=3DV2:UUID=3DV3:PCI=3DV0:MO= DL=3DCX713106A [V0] Vendor specific: PCIeGen5 x16 [VU] Vendor specific: MT2314XZ0JUZMLNXS0D0F0 [RV] Reserved: checksum good, 1 byte(s) reserved End Signed-off-by: Leon Romanovsky Acked-by: Jakub Kicinski --- drivers/net/ethernet/mellanox/mlx5/core/main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/main.c b/drivers/net/e= thernet/mellanox/mlx5/core/main.c index 220a9ac75c8b..7e34badd174b 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/main.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c @@ -2280,6 +2280,7 @@ static struct pci_driver mlx5_core_driver =3D { .sriov_configure =3D mlx5_core_sriov_configure, .sriov_get_vf_total_msix =3D mlx5_sriov_get_vf_total_msix, .sriov_set_msix_vec_count =3D mlx5_core_sriov_set_msix_vec_count, + .downgrade_vpd_read =3D true, }; =20 /** --=20 2.47.0