From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Dan Williams <dan.j.williams@intel.com>
Cc: linux-nvdimm@lists.01.org,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
linux-acpi@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 08/12] driver-core: Introduce DEVICE_ATTR_ADMIN_{RO,RW}
Date: Fri, 26 Jun 2020 07:06:11 +0200 [thread overview]
Message-ID: <20200626050611.GA223424@kroah.com> (raw)
In-Reply-To: <159312906372.1850128.11611897078988158727.stgit@dwillia2-desk3.amr.corp.intel.com>
On Thu, Jun 25, 2020 at 04:51:03PM -0700, Dan Williams wrote:
> A common pattern for using plain DEVICE_ATTR() instead of
> DEVICE_ATTR_RO() and DEVICE_ATTR_RW() is for attributes that want to
> limit read to only root. I.e. many users of DEVICE_ATTR() are
> specifying 0400 or 0600 for permissions.
>
> Given the expectation that CAP_SYS_ADMIN is needed to access these
> sensitive attributes and an explicit helper with the _ADMIN_ identifier
> for DEVICE_ATTR_ADMIN_{RO,RW}.
>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Cc: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
> ---
> include/linux/device.h | 4 ++++
> include/linux/sysfs.h | 7 +++++++
> 2 files changed, 11 insertions(+)
>
> diff --git a/include/linux/device.h b/include/linux/device.h
> index 15460a5ac024..d7c2570368fa 100644
> --- a/include/linux/device.h
> +++ b/include/linux/device.h
> @@ -128,8 +128,12 @@ ssize_t device_store_bool(struct device *dev, struct device_attribute *attr,
> __ATTR_PREALLOC(_name, _mode, _show, _store)
> #define DEVICE_ATTR_RW(_name) \
> struct device_attribute dev_attr_##_name = __ATTR_RW(_name)
> +#define DEVICE_ATTR_ADMIN_RW(_name) \
> + struct device_attribute dev_attr_##_name = __ATTR_RW_MODE(_name, 0600)
> #define DEVICE_ATTR_RO(_name) \
> struct device_attribute dev_attr_##_name = __ATTR_RO(_name)
> +#define DEVICE_ATTR_ADMIN_RO(_name) \
> + struct device_attribute dev_attr_##_name = __ATTR_RO_MODE(_name, 0400)
> #define DEVICE_ATTR_WO(_name) \
> struct device_attribute dev_attr_##_name = __ATTR_WO(_name)
> #define DEVICE_ULONG_ATTR(_name, _mode, _var) \
> diff --git a/include/linux/sysfs.h b/include/linux/sysfs.h
> index 86067dbe7745..34e84122f635 100644
> --- a/include/linux/sysfs.h
> +++ b/include/linux/sysfs.h
> @@ -123,6 +123,13 @@ struct attribute_group {
> .show = _name##_show, \
> }
>
> +#define __ATTR_RW_MODE(_name, _mode) { \
> + .attr = { .name = __stringify(_name), \
> + .mode = VERIFY_OCTAL_PERMISSIONS(_mode) }, \
> + .show = _name##_show, \
> + .store = _name##_store, \
> +}
> +
> #define __ATTR_WO(_name) { \
> .attr = { .name = __stringify(_name), .mode = 0200 }, \
> .store = _name##_store, \
>
Nice! Want me to take this now, I know of many other places that could
be cleaned up to use this (like the raw device bug that I just fixed...)
If not:
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
_______________________________________________
Linux-nvdimm mailing list -- linux-nvdimm@lists.01.org
To unsubscribe send an email to linux-nvdimm-leave@lists.01.org
WARNING: multiple messages have this Message-ID (diff)
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Dan Williams <dan.j.williams@intel.com>
Cc: linux-nvdimm@lists.01.org,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
vishal.l.verma@intel.com, linux-acpi@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 08/12] driver-core: Introduce DEVICE_ATTR_ADMIN_{RO,RW}
Date: Fri, 26 Jun 2020 07:06:11 +0200 [thread overview]
Message-ID: <20200626050611.GA223424@kroah.com> (raw)
In-Reply-To: <159312906372.1850128.11611897078988158727.stgit@dwillia2-desk3.amr.corp.intel.com>
On Thu, Jun 25, 2020 at 04:51:03PM -0700, Dan Williams wrote:
> A common pattern for using plain DEVICE_ATTR() instead of
> DEVICE_ATTR_RO() and DEVICE_ATTR_RW() is for attributes that want to
> limit read to only root. I.e. many users of DEVICE_ATTR() are
> specifying 0400 or 0600 for permissions.
>
> Given the expectation that CAP_SYS_ADMIN is needed to access these
> sensitive attributes and an explicit helper with the _ADMIN_ identifier
> for DEVICE_ATTR_ADMIN_{RO,RW}.
>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Cc: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
> ---
> include/linux/device.h | 4 ++++
> include/linux/sysfs.h | 7 +++++++
> 2 files changed, 11 insertions(+)
>
> diff --git a/include/linux/device.h b/include/linux/device.h
> index 15460a5ac024..d7c2570368fa 100644
> --- a/include/linux/device.h
> +++ b/include/linux/device.h
> @@ -128,8 +128,12 @@ ssize_t device_store_bool(struct device *dev, struct device_attribute *attr,
> __ATTR_PREALLOC(_name, _mode, _show, _store)
> #define DEVICE_ATTR_RW(_name) \
> struct device_attribute dev_attr_##_name = __ATTR_RW(_name)
> +#define DEVICE_ATTR_ADMIN_RW(_name) \
> + struct device_attribute dev_attr_##_name = __ATTR_RW_MODE(_name, 0600)
> #define DEVICE_ATTR_RO(_name) \
> struct device_attribute dev_attr_##_name = __ATTR_RO(_name)
> +#define DEVICE_ATTR_ADMIN_RO(_name) \
> + struct device_attribute dev_attr_##_name = __ATTR_RO_MODE(_name, 0400)
> #define DEVICE_ATTR_WO(_name) \
> struct device_attribute dev_attr_##_name = __ATTR_WO(_name)
> #define DEVICE_ULONG_ATTR(_name, _mode, _var) \
> diff --git a/include/linux/sysfs.h b/include/linux/sysfs.h
> index 86067dbe7745..34e84122f635 100644
> --- a/include/linux/sysfs.h
> +++ b/include/linux/sysfs.h
> @@ -123,6 +123,13 @@ struct attribute_group {
> .show = _name##_show, \
> }
>
> +#define __ATTR_RW_MODE(_name, _mode) { \
> + .attr = { .name = __stringify(_name), \
> + .mode = VERIFY_OCTAL_PERMISSIONS(_mode) }, \
> + .show = _name##_show, \
> + .store = _name##_store, \
> +}
> +
> #define __ATTR_WO(_name) { \
> .attr = { .name = __stringify(_name), .mode = 0200 }, \
> .store = _name##_store, \
>
Nice! Want me to take this now, I know of many other places that could
be cleaned up to use this (like the raw device bug that I just fixed...)
If not:
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
next prev parent reply other threads:[~2020-06-26 5:06 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-25 23:50 [PATCH 00/12] ACPI/NVDIMM: Runtime Firmware Activation Dan Williams
2020-06-25 23:50 ` Dan Williams
2020-06-25 23:50 ` [PATCH 01/12] libnvdimm: Validate command family indices Dan Williams
2020-06-25 23:50 ` Dan Williams
2020-07-01 19:33 ` Sasha Levin
2020-07-01 19:33 ` Sasha Levin
2020-07-10 14:02 ` Sasha Levin
2020-07-10 14:02 ` Sasha Levin
2020-06-25 23:50 ` [PATCH 02/12] ACPI: NFIT: Move bus_dsm_mask out of generic nvdimm_bus_descriptor Dan Williams
2020-06-25 23:50 ` Dan Williams
2020-06-25 23:50 ` [PATCH 03/12] ACPI: NFIT: Define runtime firmware activation commands Dan Williams
2020-06-25 23:50 ` Dan Williams
2020-06-25 23:50 ` [PATCH 04/12] tools/testing/nvdimm: Cleanup dimm index passing Dan Williams
2020-06-25 23:50 ` Dan Williams
2020-06-25 23:50 ` [PATCH 05/12] tools/testing/nvdimm: Add command debug messages Dan Williams
2020-06-25 23:50 ` Dan Williams
2020-06-25 23:50 ` [PATCH 06/12] tools/testing/nvdimm: Prepare nfit_ctl_test() for ND_CMD_CALL emulation Dan Williams
2020-06-25 23:50 ` Dan Williams
2020-06-25 23:50 ` [PATCH 07/12] tools/testing/nvdimm: Emulate firmware activation commands Dan Williams
2020-06-25 23:50 ` Dan Williams
2020-06-25 23:51 ` [PATCH 08/12] driver-core: Introduce DEVICE_ATTR_ADMIN_{RO,RW} Dan Williams
2020-06-25 23:51 ` Dan Williams
2020-06-26 5:06 ` Greg Kroah-Hartman [this message]
2020-06-26 5:06 ` Greg Kroah-Hartman
2020-06-26 5:09 ` Dan Williams
2020-06-26 5:09 ` Dan Williams
2020-06-25 23:51 ` [PATCH 09/12] libnvdimm: Convert to DEVICE_ATTR_ADMIN_RO() Dan Williams
2020-06-25 23:51 ` Dan Williams
2020-06-25 23:51 ` [PATCH 10/12] libnvdimm: Add runtime firmware activation sysfs interface Dan Williams
2020-06-25 23:51 ` Dan Williams
2020-06-25 23:51 ` [PATCH 11/12] PM, libnvdimm: Add syscore_quiesced() callback for firmware activation Dan Williams
2020-06-25 23:51 ` Dan Williams
2020-06-26 14:23 ` Rafael J. Wysocki
2020-06-26 14:23 ` Rafael J. Wysocki
2020-06-25 23:51 ` [PATCH 12/12] ACPI: NFIT: Add runtime firmware activate support Dan Williams
2020-06-25 23:51 ` Dan Williams
2020-06-26 14:22 ` [PATCH 00/12] ACPI/NVDIMM: Runtime Firmware Activation Rafael J. Wysocki
2020-06-26 14:22 ` Rafael J. Wysocki
2020-06-26 18:43 ` Dan Williams
2020-06-26 18:43 ` Dan Williams
2020-06-28 17:22 ` Rafael J. Wysocki
2020-06-28 17:22 ` Rafael J. Wysocki
2020-06-29 23:37 ` Dan Williams
2020-06-29 23:37 ` Dan Williams
2020-06-30 10:55 ` Rafael J. Wysocki
2020-06-30 10:55 ` Rafael J. Wysocki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200626050611.GA223424@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=dan.j.williams@intel.com \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nvdimm@lists.01.org \
--cc=rafael.j.wysocki@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.