On Mon, Nov 11, 2024 at 02:41:04PM -0600, Bjorn Helgaas wrote:
> On Thu, Nov 07, 2024 at 08:56:56PM +0200, Leon Romanovsky wrote:
> > From: Leon Romanovsky <leonro@xxxxxxxxxx>
> >
> > The Vital Product Data (VPD) attribute is not readable by regular
> > user without root permissions. Such restriction is not really needed
> > for many devices in the world, as data presented in that VPD is not
> > sensitive and access to the HW is safe and tested.
> >
> > This change aligns the permissions of the VPD attribute to be accessible
> > for read by all users, while write being restricted to root only.
> >
> > For the driver, there is a need to opt-in in order to allow this
> > functionality.
>
> I don't think the use case is very strong (and not included at all
> here).
I will add the use case, which is running monitoring application without
need to be root. IMHO reducing number of applications that require
privileged access is a very strong case. I personally try to avoid
applications with root/setuid privileges.
>
> If we do need to do this, I think it's a property of the device, not
> the driver.
But how will device inform PCI core about safe VPD read?
Should I add new field to struct pci_device_id? Add a quirk?
Otherwise, I will need to add a line "pci_dev->downgrade_vpd_read=true"
to mlx5 probe function and it won't change a lot from current
implementation.
>
> > Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxx>
> > ---
> > drivers/pci/vpd.c | 9 ++++++++-
> > include/linux/pci.h | 7 ++++++-
> > 2 files changed, 14 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/pci/vpd.c b/drivers/pci/vpd.c
> > index e4300f5f304f..7c70930abaa0 100644
> > --- a/drivers/pci/vpd.c
> > +++ b/drivers/pci/vpd.c
> > @@ -156,6 +156,7 @@ static ssize_t pci_vpd_read(struct pci_dev *dev, loff_t pos, size_t count,
> > void *arg, bool check_size)
> > {
> > struct pci_vpd *vpd = &dev->vpd;
> > + struct pci_driver *drv;
> > unsigned int max_len;
> > int ret = 0;
> > loff_t end = pos + count;
> > @@ -167,6 +168,12 @@ static ssize_t pci_vpd_read(struct pci_dev *dev, loff_t pos, size_t count,
> > if (pos < 0)
> > return -EINVAL;
> >
> > + if (!capable(CAP_SYS_ADMIN)) {
> > + drv = to_pci_driver(dev->dev.driver);
> > + if (!drv || !drv->downgrade_vpd_read)
> > + return -EPERM;
> > + }
> > +
> > max_len = check_size ? vpd->len : PCI_VPD_MAX_SIZE;
> >
> > if (pos >= max_len)
> > @@ -317,7 +324,7 @@ static ssize_t vpd_write(struct file *filp, struct kobject *kobj,
> >
> > return ret;
> > }
> > -static BIN_ATTR(vpd, 0600, vpd_read, vpd_write, 0);
> > +static BIN_ATTR_RW(vpd, 0);
> >
> > static struct bin_attribute *vpd_attrs[] = {
> > &bin_attr_vpd,
> > diff --git a/include/linux/pci.h b/include/linux/pci.h
> > index 573b4c4c2be6..b8fed74e742e 100644
> > --- a/include/linux/pci.h
> > +++ b/include/linux/pci.h
> > @@ -943,6 +943,10 @@ struct module;
> > * how to manage the DMA themselves and set this flag so that
> > * the IOMMU layer will allow them to setup and manage their
> > * own I/O address space.
> > + * @downgrade_vpd_read: Device doesn't require root permissions from the users
> > + * to read VPD information. The driver doesn't expose any sensitive
> > + * information through that interface and safe to be accessed by
> > + * unprivileged users.
> > */
> > struct pci_driver {
> > const char *name;
> > @@ -960,7 +964,8 @@ struct pci_driver {
> > const struct attribute_group **dev_groups;
> > struct device_driver driver;
> > struct pci_dynids dynids;
> > - bool driver_managed_dma;
> > + bool driver_managed_dma : 1;
> > + bool downgrade_vpd_read : 1;
> > };
> >
> > #define to_pci_driver(__drv) \
> > --
> > 2.47.0
> >
