Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp7474400pxb;
        Thu, 18 Feb 2021 10:59:41 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwvZTo/iV0Xw5lkTVvh7d7vqnDV2AsH4CNoM/QzOviLIf3gGBbAzexfOyOnwGj9T5tiNFdl
X-Received: by 2002:a17:907:3e04:: with SMTP id hp4mr5467526ejc.188.1613674781246;
        Thu, 18 Feb 2021 10:59:41 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1613674781; cv=none;
        d=google.com; s=arc-20160816;
        b=eLBOtS2oGghPrw83TNEWfmzFJKp253Ee6cqwld0ikWDJdIEB0S4tr0npTra9C4/7M6
         p/ULBuxrHhtrYkXbXw7NP4zQF7zGAnG01x8rFiz5KM0uomJ20o+Q0Q8/f7KwqluMogMm
         yBy1E6zNY/1Psnj/vmMb8Y1IOFUeJoSTjicuzRAKmDSFx6oMzHL9bAMWg7L3caWtisu+
         V6cqIBGQrJJdfZKP6sJPnDYJNgsTkW45JX5KUEq4P34OGEW5LEiafGAOBQzH64uWDNLW
         v3DjEY0ew6oEOctMdZRslgmTaEbjldTv+7y4qP/sr1N5+8txg97Nx54Gqnm42i3HqDsB
         NUWg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=iOzx0OYK+UNNO4YieKhBdXb+NeFDdGB4h/IMLZWKEDE=;
        b=O2RaDdYhMi5mrWxCbNAldNKzX/eH1iZR1eeMd+JjdIJE/w4SmmknCGzOsZghv6QVoE
         JA5STJJchf+ylC+9Apjdu1h8FwFm+G8hH95al4G3aqG7ORmgHEOpavEUH0L6ItrW4ejB
         qwRt4dwG2mKjiJqns9DzNuGYT2/fnTr80/LBl2tSkWUoMzaOpPuyDyxVv2KTvxf//cTb
         CDOe1gbvwNFZ6vrkqgDxvgTh/7nLiWUa3TYjISaeaq3nOnoUQF84rsz0uFfLKPya1uDm
         z2JgspVLvWw/x5f27FbaNsNRINrO+PWs35EuGEl2fW8oqDiCd2QRcnNHxBKACuT0aASx
         6tSg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@dell.com header.s=smtpout1 header.b=bJ8byuD+;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=dell.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id v15si4564320ede.1.2021.02.18.10.59.16;
        Thu, 18 Feb 2021 10:59:41 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@dell.com header.s=smtpout1 header.b=bJ8byuD+;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=dell.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232250AbhBRS5d (ORCPT <rfc822;lpowencom@gmail.com> + 99 others);
        Thu, 18 Feb 2021 13:57:33 -0500
Received: from mx0a-00154904.pphosted.com ([148.163.133.20]:5028 "EHLO
        mx0a-00154904.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S233067AbhBRRKj (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 18 Feb 2021 12:10:39 -0500
Received: from pps.filterd (m0170393.ppops.net [127.0.0.1])
        by mx0a-00154904.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 11IH1WsH029049
        for <linux-kernel@vger.kernel.org>; Thu, 18 Feb 2021 12:09:53 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from : to : cc :
 subject : date : message-id : mime-version : content-transfer-encoding;
 s=smtpout1; bh=iOzx0OYK+UNNO4YieKhBdXb+NeFDdGB4h/IMLZWKEDE=;
 b=bJ8byuD+IfzNsafnTuT5ksNz78g8uFrPi9pvcA84CumsUrxShNo4S8ODQfS2/gvNMziI
 +SjpqhcllOu7hIQ1PJjVEA9Pf+sebVPztePov2p451mBZ8l1w63XRu8Z/vVnl/dbA8EO
 fOriPTB+Psa9fEeQr8Cf52+N/0+GYcs6avI1vBunEEwA4EcshZSmLz72wBzbyNQz7aEB
 jnN7bYyuDp/C3yGqVmxW3NIgw2AKldnBPX3YOCAlCU1j7sikqK2ZPbuj05aT4HjlD4hd
 h4XgJncKyjtDi75bo4NmO3JmzWmVjhyCDAnwi4zGv448Km9VqG9QZR5NDnDXrdWBuHG5 jA== 
Received: from mx0a-00154901.pphosted.com (mx0a-00154901.pphosted.com [67.231.149.39])
        by mx0a-00154904.pphosted.com with ESMTP id 36q6tj70sc-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
        for <linux-kernel@vger.kernel.org>; Thu, 18 Feb 2021 12:09:53 -0500
Received: from pps.filterd (m0133268.ppops.net [127.0.0.1])
        by mx0a-00154901.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 11IGxh2C024487
        for <linux-kernel@vger.kernel.org>; Thu, 18 Feb 2021 12:09:52 -0500
Received: from ausxippc110.us.dell.com (AUSXIPPC110.us.dell.com [143.166.85.200])
        by mx0a-00154901.pphosted.com with ESMTP id 36pw7qbfw8-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
        for <linux-kernel@vger.kernel.org>; Thu, 18 Feb 2021 12:09:52 -0500
X-LoopCount0: from 10.177.160.151
X-PREM-Routing: D-Outbound
X-IronPort-AV: E=Sophos;i="5.81,187,1610431200"; 
   d="scan'208";a="1047578350"
From:   Mario Limonciello <mario.limonciello@dell.com>
To:     Keith Busch <kbusch@kernel.org>
Cc:     Jens Axboe <axboe@fb.com>, Christoph Hellwig <hch@lst.de>,
        Sagi Grimberg <sagi@grimberg.me>,
        linux-nvme@lists.infradead.org,
        LKML <linux-kernel@vger.kernel.org>,
        Richard Hughes <hughsient@gmail.com>, jorgelo@chromium.org,
        campello@google.com, Mario Limonciello <mario.limonciello@dell.com>
Subject: [RFC 0/2] Split out firmware upgrade from CAP_SYS_ADMIN
Date:   Thu, 18 Feb 2021 11:09:45 -0600
Message-Id: <20210218170947.15727-1-mario.limonciello@dell.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369,18.0.761
 definitions=2021-02-18_08:2021-02-18,2021-02-18 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 suspectscore=0
 lowpriorityscore=0 mlxlogscore=513 impostorscore=0 phishscore=0
 priorityscore=1501 adultscore=0 clxscore=1015 bulkscore=0 spamscore=0
 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2009150000 definitions=main-2102180144
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 mlxscore=0 spamscore=0
 adultscore=0 bulkscore=0 suspectscore=0 malwarescore=0 mlxlogscore=639
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000
 definitions=main-2102180144
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Currently NVME (and probably other drivers) require CAP_SYS_ADMIN to
send all commands to the device.  This means that software running
in userspace needs the stronger CAP_SYS_ADMIN permission when realistically
a more limited subset of functionality is actually needed.

To allow software that performs firmware upgrades to run without CAP_SYS_ADMIN,
create a new capability CAP_FIRMWARE_UPGRADE that software can run with.

For the RFC, only include NVME.  Other drivers can be added if suggested.

Mario Limonciello (2):
  capability: Introduce CAP_FIRMWARE_UPGRADE
  nvme: Use CAP_FIRMWARE_UPGRADE to check user commands

 drivers/nvme/host/core.c            | 28 ++++++++++++++++++++++++----
 include/linux/capability.h          |  5 +++++
 include/uapi/linux/capability.h     |  7 ++++++-
 security/selinux/include/classmap.h |  4 ++--
 4 files changed, 37 insertions(+), 7 deletions(-)

-- 
2.25.1