[{"id":3675786,"web_url":"http://patchwork.ozlabs.org/comment/3675786/","msgid":"<37f2e32a-804d-7c59-d3d0-7148ef2cd95a@linux.intel.com>","list_archive_url":null,"date":"2026-04-10T10:18:43","subject":"Re: [PATCH 04/20] PCI/sysfs: Add CAP_SYS_ADMIN check to\n __resource_resize_store()","submitter":{"id":83553,"url":"http://patchwork.ozlabs.org/api/people/83553/","name":"Ilpo Järvinen","email":"ilpo.jarvinen@linux.intel.com"},"content":"On Fri, 10 Apr 2026, Krzysztof Wilczyński wrote:\n\n> Currently, the __resource_resize_store() allows writing to the\n> resourceN_resize sysfs attribute to change a BAR's size without\n> checking for capabilities, currently relying only on the file\n> access check.\n> \n> Resizing a BAR modifies PCI device configuration and can disrupt\n> active drivers.  After the upcoming conversion to static attributes,\n> it will also trigger resource file updates via sysfs_update_groups().\n> \n> Thus, add a CAP_SYS_ADMIN check to prevent unprivileged users from\n> performing BAR resize operations.\n> \n> Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>\n> ---\n>  drivers/pci/pci-sysfs.c | 3 +++\n>  1 file changed, 3 insertions(+)\n> \n> diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c\n> index ac4e7c516e78..6b8c8e62f68a 100644\n> --- a/drivers/pci/pci-sysfs.c\n> +++ b/drivers/pci/pci-sysfs.c\n> @@ -1619,6 +1619,9 @@ static ssize_t __resource_resize_store(struct device *dev, int n,\n>  \tint ret;\n>  \tu16 cmd;\n>  \n> +\tif (!capable(CAP_SYS_ADMIN))\n> +\t\treturn -EPERM;\n> +\n>  \tif (kstrtoul(buf, 0, &size) < 0)\n>  \t\treturn -EINVAL;\n>  \n> \n\nReviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>","headers":{"Return-Path":"\n <linux-pci+bounces-52292-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","linux-pci@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=e9qftu5R;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=172.234.253.10; helo=sea.lore.kernel.org;\n envelope-from=linux-pci+bounces-52292-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com\n header.b=\"e9qftu5R\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=192.198.163.12","smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=linux.intel.com","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=linux.intel.com"],"Received":["from sea.lore.kernel.org (sea.lore.kernel.org [172.234.253.10])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fsXyr0RqTz1y2d\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 10 Apr 2026 20:26:28 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id E99163024132\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 10 Apr 2026 10:19:01 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 378283537D0;\n\tFri, 10 Apr 2026 10:19:01 +0000 (UTC)","from mgamail.intel.com (mgamail.intel.com [192.198.163.12])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id D9BCF2E63C;\n\tFri, 10 Apr 2026 10:18:59 +0000 (UTC)","from fmviesa009.fm.intel.com ([10.60.135.149])\n  by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 10 Apr 2026 03:18:59 -0700","from ijarvine-mobl1.ger.corp.intel.com (HELO localhost)\n ([10.245.244.118])\n  by fmviesa009-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 10 Apr 2026 03:18:51 -0700"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1775816341; cv=none;\n b=Rk/AeHBeXsV+73vhZpa7SayrFa+TK6HaG3BL3QbF4BFz9YY3tQOsSd5fifJGiM6oe5zh+3NStQuAutty+dtFc6y1kTEuI68eMY98ypq184LACu7snp7orZfaHP9bRREyHSw7HwrCT8nN+feRJLgFA9nwCzYdu1RQrzJRGZwjdtk=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1775816341; c=relaxed/simple;\n\tbh=sJjahAyArFT38iar0FyVHZtbbpGo+U5iy6pPkK42kPc=;\n\th=From:Date:To:cc:Subject:In-Reply-To:Message-ID:References:\n\t MIME-Version:Content-Type;\n b=Kw+hw4DYIK/0xhnUnN7TG6TzTUoSQWBL8wmDMtPdKS3NtxhXdLpE0M7LWCAg7tECfUXQh106i8z4e4G4+GuMxG+DWkkRGU/JgDZnZGF7LT7n1uGUkKrfiBmEkkj3X1P/IqXHhCi4CsNItnvL6oPlsLEwMRpYsgiM69Ne5ouVQZU=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=linux.intel.com;\n spf=pass smtp.mailfrom=linux.intel.com;\n dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com\n header.b=e9qftu5R; arc=none smtp.client-ip=192.198.163.12","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple;\n  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n  t=1775816340; x=1807352340;\n  h=from:date:to:cc:subject:in-reply-to:message-id:\n   references:mime-version;\n  bh=sJjahAyArFT38iar0FyVHZtbbpGo+U5iy6pPkK42kPc=;\n  b=e9qftu5RIehFO20cuwVplezN6PCakuRMJlCiAGIwz+lBVpgN7Wm4JNdK\n   cuNP1J7JPWB2KgCOmrKNk5QfSAnF/yQLtHplh0StcFwRfHS2wVLzZapmC\n   TM3fBsSbVbzIqPs8D0Ai1Rsawz/fb7uAHjeNjUGx7HSJe2OXyOz93UW6I\n   G7afNe3sjdQr0bxijUrn/qBLymA2SBw2/2Y9qO6OMJxZd1/0NQo7lDsUa\n   Zxrtsg0GUr8T1Y8ZxKWzc2OJqEJg9DMWJnFkGmB9zbH7h0eJBFcKVubba\n   oOPMXx1+6xjWjJX6QmOLpsRyYNRkgKR3uhTw55YEfF2NV53GX3VAuBoJM\n   Q==;","X-CSE-ConnectionGUID":["aN7lLnGfQyq4MptTwkv8mw==","0SVrldBuSXepU1rqThYmYw=="],"X-CSE-MsgGUID":["+UAc0gqOS9C/K9Af3RKEug==","ei3zn7N0QJCCee3wDOarkg=="],"X-IronPort-AV":["E=McAfee;i=\"6800,10657,11754\"; a=\"80723099\"","E=Sophos;i=\"6.23,171,1770624000\";\n   d=\"scan'208\";a=\"80723099\"","E=Sophos;i=\"6.23,171,1770624000\";\n   d=\"scan'208\";a=\"222559193\""],"X-ExtLoop1":"1","From":"=?utf-8?q?Ilpo_J=C3=A4rvinen?= <ilpo.jarvinen@linux.intel.com>","Date":"Fri, 10 Apr 2026 13:18:43 +0300 (EEST)","To":"=?iso-8859-2?q?Krzysztof_Wilczy=F1ski?= <kwilczynski@kernel.org>","cc":"Bjorn Helgaas <bhelgaas@google.com>, Bjorn Helgaas <helgaas@kernel.org>,\n  Manivannan Sadhasivam <mani@kernel.org>,\n  Lorenzo Pieralisi <lpieralisi@kernel.org>,\n  Magnus Lindholm <linmag7@gmail.com>, Matt Turner <mattst88@gmail.com>,\n  Richard Henderson <richard.henderson@linaro.org>,\n  Christophe Leroy <chleroy@kernel.org>,\n  Madhavan Srinivasan <maddy@linux.ibm.com>,\n  Michael Ellerman <mpe@ellerman.id.au>, Nicholas Piggin <npiggin@gmail.com>,\n  Dexuan Cui <decui@microsoft.com>,\n =?iso-8859-2?q?Krzysztof_Ha=B3asa?= <khalasa@piap.pl>,\n  Lukas Wunner <lukas@wunner.de>, Oliver O'Halloran <oohall@gmail.com>,\n  Saurabh Singh Sengar <ssengar@microsoft.com>,\n  Shuan He <heshuan@bytedance.com>,\n  Srivatsa Bhat <srivatsabhat@microsoft.com>, linux-pci@vger.kernel.org,\n  linux-alpha@vger.kernel.org, linuxppc-dev@lists.ozlabs.org","Subject":"Re: [PATCH 04/20] PCI/sysfs: Add CAP_SYS_ADMIN check to\n __resource_resize_store()","In-Reply-To":"<20260410055040.39233-5-kwilczynski@kernel.org>","Message-ID":"<37f2e32a-804d-7c59-d3d0-7148ef2cd95a@linux.intel.com>","References":"<20260410055040.39233-1-kwilczynski@kernel.org>\n <20260410055040.39233-5-kwilczynski@kernel.org>","Precedence":"bulk","X-Mailing-List":"linux-pci@vger.kernel.org","List-Id":"<linux-pci.vger.kernel.org>","List-Subscribe":"<mailto:linux-pci+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:linux-pci+unsubscribe@vger.kernel.org>","MIME-Version":"1.0","Content-Type":"multipart/mixed; boundary=\"8323328-297789617-1775816323=:1195\""}}]