| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241121170020.GB160612@unreal> Date: Thu, 21 Nov 2024 19:00:20 +0200 From: Leon Romanovsky <leon@...nel.org> To: Jean Delvare <jdelvare@...e.de> Cc: Bjorn Helgaas <helgaas@...nel.org>, Krzysztof Wilczyński <kw@...ux.com>, linux-pci@...r.kernel.org, Ariel Almog <ariela@...dia.com>, Aditya Prabhune <aprabhune@...dia.com>, Hannes Reinecke <hare@...e.de>, Heiner Kallweit <hkallweit1@...il.com>, Arun Easi <aeasi@...vell.com>, Jonathan Chocron <jonnyc@...zon.com>, Bert Kenward <bkenward@...arflare.com>, Matt Carlson <mcarlson@...adcom.com>, Kai-Heng Feng <kai.heng.feng@...onical.com>, Alex Williamson <alex.williamson@...hat.com>, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, Jakub Kicinski <kuba@...nel.org>, Thomas Weißschuh <linux@...ssschuh.net>, Stephen Hemminger <stephen@...workplumber.org> Subject: Re: [PATCH v2] PCI/sysfs: Change read permissions for VPD attributes On Thu, Nov 21, 2024 at 03:11:16PM +0100, Jean Delvare wrote: > On Thu, 21 Nov 2024 14:13:01 +0200, Leon Romanovsky wrote: > > On Thu, Nov 21, 2024 at 01:01:27PM +0100, Jean Delvare wrote: > > > On Wed, 13 Nov 2024 14:59:58 +0200, Leon Romanovsky wrote: > > > > --- a/drivers/pci/vpd.c > > > > +++ b/drivers/pci/vpd.c > > > > @@ -332,6 +332,14 @@ static umode_t vpd_attr_is_visible(struct kobject *kobj, > > > > if (!pdev->vpd.cap) > > > > return 0; > > > > > > > > + /* > > > > + * Mellanox devices have implementation that allows VPD read by > > > > + * unprivileged users, so just add needed bits to allow read. > > > > + */ > > > > + WARN_ON_ONCE(a->attr.mode != 0600); > > > > + if (unlikely(pdev->vendor == PCI_VENDOR_ID_MELLANOX)) > > > > + return a->attr.mode + 0044; > > > > > > When manipulating bitfields, | is preferred. This would make the > > > operation safe regardless of the initial value, so you can even get rid > > > of the WARN_ON_ONCE() above. > > > > The WARN_ON_ONCE() is intended to catch future changes in VPD sysfs > > attributes. My intention is that once that WARN will trigger, the > > author will be forced to reevaluate the latter if ( ... PCI_VENDOR_ID_MELLANOX) > > condition and maybe we won't need it anymore. Without WARN_ON_ONCE, it > > is easy to miss that code. > > The default permissions are 10 lines above in the same file. Doesn't > seem that easy to miss to me. > > In my opinion, WARN_ON should be limited to cases where something really > bad has happened. It's not supposed to be a reminder for developers to > perform some code clean-up. Remember that WARN_ON has a run-time cost > and it could be evaluated for a possibly large number of PCI devices > (although admittedly VPD support seems to be present only in a limited > number of PCI device). Sorry about which run-time cost are you referring? This is slow path and extra if() inside WARN_ON which has unlikely keyword, makes no difference when accessing HW. In addition, this check is for devices which already known to have VPD (see pdev->vpd.cap check above). > > Assuming you properly use | instead of +, then nothing bad will happen > if the default permissions change, the code will simply become a no-op, > until someone notices and deletes it. No harm done. > > I'm not maintaining this part of the kernel so I can't speak or decide > on behalf of the maintainers, but in my opinion, if you really want to > leave a note for future developers, then a comment in the source code > is a better way, as it has no run-time cost, and will also be found > earlier by the developers (no need for run-time testing). I don't have any strong feelings about this WARN_ON_ONCE, will remove. Thanks > > Thanks, > -- > Jean Delvare > SUSE L3 Support
Powered by blists - more mailing lists