From: Leon Romanovsky <leonro@xxxxxxxxxx> The Vital Product Data (VPD) attribute is not readable by regular user without root permissions. Such restriction is not needed at all for Mellanox devices, as data presented in that VPD is not sensitive and access to the HW is safe and well tested. This change changes the permissions of the VPD attribute to be accessible for read by all users for Mellanox devices, while write continue to be restricted to root only. The main use case is to remove need to have root/setuid permissions while using monitoring library [1]. [leonro@vm ~]$ lspci |grep nox 00:09.0 Ethernet controller: Mellanox Technologies MT2910 Family [ConnectX-7] Before: [leonro@vm ~]$ ls -al /sys/bus/pci/devices/0000:00:09.0/vpd -rw------- 1 root root 0 Nov 13 12:30 /sys/bus/pci/devices/0000:00:09.0/vpd After: [leonro@vm ~]$ ls -al /sys/bus/pci/devices/0000:00:09.0/vpd -rw-r--r-- 1 root root 0 Nov 13 12:30 /sys/bus/pci/devices/0000:00:09.0/vpd [1] https://developer.nvidia.com/management-library-nvml Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxx> --- Changelog: v4: * Change comment to the variant suggested by Stephen v3: https://lore.kernel.org/all/18f36b3cbe2b7e67eed876337f8ba85afbc12e73.1733227737.git.leon@xxxxxxxxxx * Used | to change file attributes * Remove WARN_ON v2: https://lore.kernel.org/all/61a0fa74461c15edfae76222522fa445c28bec34.1731502431.git.leon@xxxxxxxxxx * Another implementation to make sure that user is presented with correct permissions without need for driver intervention. v1: https://lore.kernel.org/all/cover.1731005223.git.leonro@xxxxxxxxxx * Changed implementation from open-read-to-everyone to be opt-in * Removed stable and Fixes tags, as it seems like feature now. v0: https://lore.kernel.org/all/65791906154e3e5ea12ea49127cf7c707325ca56.1730102428.git.leonro@xxxxxxxxxx/ --- drivers/pci/vpd.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/pci/vpd.c b/drivers/pci/vpd.c index a469bcbc0da7..c873ab47526b 100644 --- a/drivers/pci/vpd.c +++ b/drivers/pci/vpd.c @@ -332,6 +332,13 @@ static umode_t vpd_attr_is_visible(struct kobject *kobj, if (!pdev->vpd.cap) return 0; + /* + * On Mellanox devices reading VPD is safe for unprivileged users, + * so just add needed bits to allow read. + */ + if (unlikely(pdev->vendor == PCI_VENDOR_ID_MELLANOX)) + return a->attr.mode | 0044; + return a->attr.mode; } -- 2.47.1
