lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 23 Sep 2021 06:21:57 +0200
From:   Krzysztof WilczyƄski <kw@...ux.com>
To:     Dongdong Liu <liudongdong3@...wei.com>
Cc:     helgaas@...nel.org, hch@...radead.org, logang@...tatee.com,
        leon@...nel.org, linux-pci@...r.kernel.org, rajur@...lsio.com,
        hverkuil-cisco@...all.nl, linux-media@...r.kernel.org,
        netdev@...r.kernel.org
Subject: Re: [PATCH V9 4/8] PCI/sysfs: Add a 10-Bit Tag sysfs file PCIe
 Endpoint devices

Hi,

Thank you for sending the patch over!  A few small comments below.

[...]
> +static ssize_t pci_10bit_tag_store(struct device *dev,
> +				   struct device_attribute *attr,
> +				   const char *buf, size_t count)
> +{
> +	struct pci_dev *pdev = to_pci_dev(dev);
> +	bool enable;

Would you mind adding the following capabilities check here?

	if (!capable(CAP_SYS_ADMIN))
		return -EPERM;

This is so we make sure that whatever user is going to use this sysfs
attribute actually has enough permissions to update this value safely.

> +	if (kstrtobool(buf, &enable) < 0)
> +		return -EINVAL;
> +
> +	if (pdev->driver)
> +		return -EBUSY;
> +
> +	if (enable) {
> +		if (!pcie_rp_10bit_tag_cmp_supported(pdev))
> +			return -EPERM;

Would it make sense to also verify 10-Bit Tag Completer support on the
"disable" path too?   We won't be able to set a value if there is no
support, but nothing will stop us from clearing it regardless - unless
this would be safe to do?  What do you think?

> +		pcie_capability_set_word(pdev, PCI_EXP_DEVCTL2,
> +				PCI_EXP_DEVCTL2_10BIT_TAG_REQ_EN);
> +	} else {
> +		pcie_capability_clear_word(pdev, PCI_EXP_DEVCTL2,
> +				   PCI_EXP_DEVCTL2_10BIT_TAG_REQ_EN);
> +	}
> +
> +	return count;
> +}

[...]
> +> +static umode_t pcie_dev_10bit_tag_attrs_are_visible(struct kobject *kobj,
> +					  struct attribute *a, int n)

The preferred function name for the .is_visible() callback in a case when
there is only a single sysfs attribute being added would be:

  pcie_dev_10bit_tag_attr_is_visible()

Albeit, I appreciate that you followed the existing naming pattern.

	Krzysztof

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ