lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20241105162655.GG311159@unreal>
Date: Tue, 5 Nov 2024 18:26:55 +0200
From: Leon Romanovsky <leon@...nel.org>
To: Bjorn Helgaas <helgaas@...nel.org>
Cc: Bjorn Helgaas <bhelgaas@...gle.com>,
	Krzysztof WilczyƄski <kw@...ux.com>,
	linux-pci@...r.kernel.org, Ariel Almog <ariela@...dia.com>,
	Aditya Prabhune <aprabhune@...dia.com>,
	Hannes Reinecke <hare@...e.de>,
	Heiner Kallweit <hkallweit1@...il.com>,
	Arun Easi <aeasi@...vell.com>, Jonathan Chocron <jonnyc@...zon.com>,
	Bert Kenward <bkenward@...arflare.com>,
	Matt Carlson <mcarlson@...adcom.com>,
	Kai-Heng Feng <kai.heng.feng@...onical.com>,
	Jean Delvare <jdelvare@...e.de>,
	Alex Williamson <alex.williamson@...hat.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] PCI/sysfs: Fix read permissions for VPD attributes

On Tue, Nov 05, 2024 at 09:24:55AM -0600, Bjorn Helgaas wrote:
> On Tue, Nov 05, 2024 at 09:51:30AM +0200, Leon Romanovsky wrote:
> > On Mon, Nov 04, 2024 at 06:10:27PM -0600, Bjorn Helgaas wrote:
> > > On Sun, Nov 03, 2024 at 02:33:44PM +0200, Leon Romanovsky wrote:
> > > > On Fri, Nov 01, 2024 at 11:47:37AM -0500, Bjorn Helgaas wrote:
> > > > > On Fri, Nov 01, 2024 at 04:33:00PM +0200, Leon Romanovsky wrote:
> > > > > > On Thu, Oct 31, 2024 at 06:22:52PM -0500, Bjorn Helgaas wrote:
> > > > > > > On Tue, Oct 29, 2024 at 07:04:50PM -0500, Bjorn Helgaas wrote:
> > > > > > > > On Mon, Oct 28, 2024 at 10:05:33AM +0200, Leon Romanovsky wrote:
> > > > > > > > > From: Leon Romanovsky <leonro@...dia.com>
> > > > > > > > > 
> > > > > > > > > The Virtual Product Data (VPD) attribute is not
> > > > > > > > > readable by regular user without root permissions.
> > > > > > > > > Such restriction is not really needed, as data
> > > > > > > > > presented in that VPD is not sensitive at all.
> > > > > > > > > 
> > > > > > > > > This change aligns the permissions of the VPD
> > > > > > > > > attribute to be accessible for read by all users,
> > > > > > > > > while write being restricted to root only.
> > ...
> 
> > > What's the use case?  How does an unprivileged user use the VPD
> > > information?
> > 
> > We have to add new field keyword=value in VA section of VPD, which
> > will indicate very specific sub-model for devices used as a bridge.
> > 
> > > I can certainly imagine using VPD for bug reporting, but that
> > > would typically involve dmesg, dmidecode, lspci -vv, etc, all of
> > > which already require privilege, so it's not clear to me how
> > > public VPD info would help in that scenario.
> > 
> > I'm targeting other scenario - monitoring tool, which doesn't need
> > root permissions for reading data. It needs to distinguish between
> > NIC sub-models.
> 
> Maybe the driver could expose something in sysfs?  Maybe the driver
> needs to know the sub-model as well, and reading VPD once in the
> driver would make subsequent userspace sysfs reads trivial and fast.

Our PCI driver lays in netdev subsystem and they have long-standing
position do not allow any custom sysfs files. To be fair, we (RDMA)
don't allow custom sysfs files too.

Driver doesn't need to know this information as it is extra key=value in
existing [VA] field, while driver relies on multiple FW capabilities
to enable/disable functionality.

Current [VA] line:
"[VA] Vendor specific: MLX:MN=MLNX:CSKU=V2:UUID=V3:PCI=V0:MODL=CX713106A"
Future [VA] line:
"[VA] Vendor specific: MLX:MN=MLNX:CSKU=V2:UUID=V3:PCI=V0:MODL=CX713106A,SMDL=SOMETHING"

Also the idea that we will duplicate existing functionality doesn't
sound like a good approach to me, and there is no way that it is
possible to expose as subsystem specific file.

What about to allow existing VPD sysfs file to be readable for everyone for our devices?
And if this allow list grows to much, we will open it for all devices in the world?

Thanks

> 
> Bjorn

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ