[{"id":3675780,"web_url":"http://patchwork.ozlabs.org/comment/3675780/","msgid":"<37f2e32a-804d-7c59-d3d0-7148ef2cd95a@linux.intel.com>","date":"2026-04-10T10:18:43","subject":"Re: [PATCH 04/20] PCI/sysfs: Add CAP_SYS_ADMIN check to\n __resource_resize_store()","submitter":{"id":83553,"url":"http://patchwork.ozlabs.org/api/people/83553/","name":"Ilpo Järvinen","email":"ilpo.jarvinen@linux.intel.com"},"content":"On Fri, 10 Apr 2026, Krzysztof Wilczyński wrote:\n\n> Currently, the __resource_resize_store() allows writing to the\n> resourceN_resize sysfs attribute to change a BAR's size without\n> checking for capabilities, currently relying only on the file\n> access check.\n> \n> Resizing a BAR modifies PCI device configuration and can disrupt\n> active drivers.  After the upcoming conversion to static attributes,\n> it will also trigger resource file updates via sysfs_update_groups().\n> \n> Thus, add a CAP_SYS_ADMIN check to prevent unprivileged users from\n> performing BAR resize operations.\n> \n> Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>\n> ---\n>  drivers/pci/pci-sysfs.c | 3 +++\n>  1 file changed, 3 insertions(+)\n> \n> diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c\n> index ac4e7c516e78..6b8c8e62f68a 100644\n> --- a/drivers/pci/pci-sysfs.c\n> +++ b/drivers/pci/pci-sysfs.c\n> @@ -1619,6 +1619,9 @@ static ssize_t __resource_resize_store(struct device *dev, int n,\n>  \tint ret;\n>  \tu16 cmd;\n>  \n> +\tif (!capable(CAP_SYS_ADMIN))\n> +\t\treturn -EPERM;\n> +\n>  \tif (kstrtoul(buf, 0, &size) < 0)\n>  \t\treturn -EINVAL;\n>  \n> \n\nReviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>","headers":{"Return-Path":"\n <linuxppc-dev+bounces-19554-incoming=patchwork.ozlabs.org@lists.ozlabs.org>","X-Original-To":["incoming@patchwork.ozlabs.org","linuxppc-dev@lists.ozlabs.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=cBzXEcEQ;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org\n (client-ip=2404:9400:21b9:f100::1; helo=lists.ozlabs.org;\n envelope-from=linuxppc-dev+bounces-19554-incoming=patchwork.ozlabs.org@lists.ozlabs.org;\n receiver=patchwork.ozlabs.org)","lists.ozlabs.org;\n arc=none smtp.remote-ip=192.198.163.12","lists.ozlabs.org;\n dmarc=pass (p=none dis=none) header.from=linux.intel.com","lists.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=cBzXEcEQ;\n\tdkim-atps=neutral","lists.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=linux.intel.com\n (client-ip=192.198.163.12; helo=mgamail.intel.com;\n envelope-from=ilpo.jarvinen@linux.intel.com; receiver=lists.ozlabs.org)"],"Received":["from lists.ozlabs.org (lists.ozlabs.org\n [IPv6:2404:9400:21b9:f100::1])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1 raw public key)\n server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fsXpX0TYWz1yGS\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 10 Apr 2026 20:19:15 +1000 (AEST)","from boromir.ozlabs.org (localhost [127.0.0.1])\n\tby lists.ozlabs.org (Postfix) with ESMTP id 4fsXpP2xvNz2yft;\n\tFri, 10 Apr 2026 20:19:09 +1000 (AEST)","from mgamail.intel.com (mgamail.intel.com [192.198.163.12])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby lists.ozlabs.org (Postfix) with ESMTPS id 4fsXpK6lHqz2xLt\n\tfor <linuxppc-dev@lists.ozlabs.org>; Fri, 10 Apr 2026 20:19:03 +1000 (AEST)","from fmviesa009.fm.intel.com ([10.60.135.149])\n  by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 10 Apr 2026 03:18:59 -0700","from ijarvine-mobl1.ger.corp.intel.com (HELO localhost)\n ([10.245.244.118])\n  by fmviesa009-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 10 Apr 2026 03:18:51 -0700"],"ARC-Seal":"i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707; t=1775816349;\n\tcv=none;\n b=XDZH4nQsuQK850F7fmwn7UVAvie3iGypsuX7R5DrI2aVsWpzzyWSxvPCn5h7M1AdNrZ8t9COoc8FYEqRYUZh04x9nq6AWD4Qt2Xk2Roo6FKlGqHEuprcfRarsJv0N2SdEugpCLZUtzxiAztBnscodshHhzkxV8zX81WP8WSPNxwTHP9Bvg5eb4AWhVPK8e6ee2aH/xVDYInQtel6wD3Y6muFsZ02l0RJIE3A6zjCa6eUtf4xGrcT9i/8v8XkD+WXK6MdQVfjbra1gDEGdI8Kakxgm1EHRac62Kp66rW+7gfOZDd3J2jl4N9LOLGl43ObnORDx1adL7mbjTBMaon59w==","ARC-Message-Signature":"i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707;\n\tt=1775816349; c=relaxed/relaxed;\n\tbh=vFaGX6ZmLYUchXB0jpeW6gCU36JGliVsHKfEF0C6DMA=;\n\th=From:Date:To:cc:Subject:In-Reply-To:Message-ID:References:\n\t MIME-Version:Content-Type;\n b=S82CKuG1V+g88EchNF0zQbmcSa9tDc86LDqBCmf902CrmrqVksb4oF7xFfUezIaHaG4JEkPrfjtDpxPKOJ0bfrjveAfPpG4fVnkJLstlLqZNBr9b1bq4PVnYGY3UqG8LmeMqBu4FMSbw+QzIujcPL8qv28mMTPpyMVpVco7r2SqeTTuoglmjDTSQH6wqY05TGh5RJHPMSNV0OtOp056Ey7VYsjU9zdIKFB0cqZ7RMyGvhBgp6GRNtxvaeRxGXojViBUiThYYQY578nSX2Uwz0S+WuDkTPMAP6AiDG20LiXs7or2FtSjKCwtI2UWbp06foHlR2Fjw5c23LocbAI348g==","ARC-Authentication-Results":"i=1; lists.ozlabs.org;\n dmarc=pass (p=none dis=none) header.from=linux.intel.com;\n dkim=pass (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=cBzXEcEQ; dkim-atps=neutral;\n spf=pass (client-ip=192.198.163.12; helo=mgamail.intel.com;\n envelope-from=ilpo.jarvinen@linux.intel.com;\n receiver=lists.ozlabs.org) smtp.mailfrom=linux.intel.com","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple;\n  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n  t=1775816346; x=1807352346;\n  h=from:date:to:cc:subject:in-reply-to:message-id:\n   references:mime-version;\n  bh=sJjahAyArFT38iar0FyVHZtbbpGo+U5iy6pPkK42kPc=;\n  b=cBzXEcEQauJfUXxHDLnRmLrvo8o/2K6tefF/ukZAx1a1WPId+MLh458s\n   6FQuVdn16LsMtoqqvogDub2fQCl0RnmmR7jVr9mr+la4uLHmLYpVxOb2l\n   ypwh01KwaK6lUy00TuQVRm+OrepecvcJaIQDPKJwBapVOuKRMOMdETfrb\n   wMQozkU+PrxJ0sAIwjGGBZgstVOb+i8ch5NzL96yYRAAnqmyQncDYPGQP\n   LWdoZvfjJ61TdUDvPkIxcshYuLOAGzRdRzu8TWk43ipePTWH0FBOCkQMZ\n   3kuUa6ngjgicT4TVawfN9TcOCPuik1cuXqxRKn3GCvvAgiRkE7c7CqV+A\n   A==;","X-CSE-ConnectionGUID":["e+wK17T/TQWKSkWjGWtA1w==","0SVrldBuSXepU1rqThYmYw=="],"X-CSE-MsgGUID":["i/cMDOXpRv2hXu8FgRzPng==","ei3zn7N0QJCCee3wDOarkg=="],"X-IronPort-AV":["E=McAfee;i=\"6800,10657,11754\"; a=\"80723107\"","E=Sophos;i=\"6.23,171,1770624000\";\n   d=\"scan'208\";a=\"80723107\"","E=Sophos;i=\"6.23,171,1770624000\";\n   d=\"scan'208\";a=\"222559193\""],"X-ExtLoop1":"1","From":"=?utf-8?q?Ilpo_J=C3=A4rvinen?= <ilpo.jarvinen@linux.intel.com>","Date":"Fri, 10 Apr 2026 13:18:43 +0300 (EEST)","To":"=?iso-8859-2?q?Krzysztof_Wilczy=F1ski?= <kwilczynski@kernel.org>","cc":"Bjorn Helgaas <bhelgaas@google.com>, Bjorn Helgaas <helgaas@kernel.org>,\n  Manivannan Sadhasivam <mani@kernel.org>,\n  Lorenzo Pieralisi <lpieralisi@kernel.org>,\n  Magnus Lindholm <linmag7@gmail.com>, Matt Turner <mattst88@gmail.com>,\n  Richard Henderson <richard.henderson@linaro.org>,\n  Christophe Leroy <chleroy@kernel.org>,\n  Madhavan Srinivasan <maddy@linux.ibm.com>,\n  Michael Ellerman <mpe@ellerman.id.au>, Nicholas Piggin <npiggin@gmail.com>,\n  Dexuan Cui <decui@microsoft.com>,\n =?iso-8859-2?q?Krzysztof_Ha=B3asa?= <khalasa@piap.pl>,\n  Lukas Wunner <lukas@wunner.de>, Oliver O'Halloran <oohall@gmail.com>,\n  Saurabh Singh Sengar <ssengar@microsoft.com>,\n  Shuan He <heshuan@bytedance.com>,\n  Srivatsa Bhat <srivatsabhat@microsoft.com>, linux-pci@vger.kernel.org,\n  linux-alpha@vger.kernel.org, linuxppc-dev@lists.ozlabs.org","Subject":"Re: [PATCH 04/20] PCI/sysfs: Add CAP_SYS_ADMIN check to\n __resource_resize_store()","In-Reply-To":"<20260410055040.39233-5-kwilczynski@kernel.org>","Message-ID":"<37f2e32a-804d-7c59-d3d0-7148ef2cd95a@linux.intel.com>","References":"<20260410055040.39233-1-kwilczynski@kernel.org>\n <20260410055040.39233-5-kwilczynski@kernel.org>","X-Mailing-List":"linuxppc-dev@lists.ozlabs.org","List-Id":"<linuxppc-dev.lists.ozlabs.org>","List-Help":"<mailto:linuxppc-dev+help@lists.ozlabs.org>","List-Owner":"<mailto:linuxppc-dev+owner@lists.ozlabs.org>","List-Post":"<mailto:linuxppc-dev@lists.ozlabs.org>","List-Archive":"<https://lore.kernel.org/linuxppc-dev/>,\n  <https://lists.ozlabs.org/pipermail/linuxppc-dev/>","List-Subscribe":"<mailto:linuxppc-dev+subscribe@lists.ozlabs.org>,\n  <mailto:linuxppc-dev+subscribe-digest@lists.ozlabs.org>,\n  <mailto:linuxppc-dev+subscribe-nomail@lists.ozlabs.org>","List-Unsubscribe":"<mailto:linuxppc-dev+unsubscribe@lists.ozlabs.org>","Precedence":"list","MIME-Version":"1.0","Content-Type":"multipart/mixed; boundary=\"8323328-297789617-1775816323=:1195\"","X-Spam-Status":"No, score=-2.3 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,\n\tDKIM_VALID,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS autolearn=disabled\n\tversion=4.0.1 OzLabs 8","X-Spam-Checker-Version":"SpamAssassin 4.0.1 (2024-03-25) on lists.ozlabs.org"}}]