[PATCH] drm/amdkfd: Expose proc sysfs folder contents after permission check
Sreekant Somasekharan
sreekant.somasekharan at amd.com
Fri Apr 28 19:01:38 UTC 2023
Access to proc sysfs folder/subfolder contents are permitted only
if kfd_devcgroup_check_permission() function returns success. This
will restrict users from accessing sysfs files for a process running
on a device to which users has no access.
Signed-off-by: Sreekant Somasekharan <sreekant.somasekharan at amd.com>
---
drivers/gpu/drm/amd/amdkfd/kfd_process.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_process.c b/drivers/gpu/drm/amd/amdkfd/kfd_process.c
index 95cc63d9f578..195e4491a763 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_process.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_process.c
@@ -275,6 +275,8 @@ static int kfd_get_cu_occupancy(struct attribute *attr, char *buffer)
pdd = container_of(attr, struct kfd_process_device, attr_cu_occupancy);
dev = pdd->dev;
+ if (dev && kfd_devcgroup_check_permission(dev))
+ return -EPERM;
if (dev->kfd2kgd->get_cu_occupancy == NULL)
return -EINVAL;
@@ -303,15 +305,18 @@ static ssize_t kfd_procfs_show(struct kobject *kobj, struct attribute *attr,
if (strcmp(attr->name, "pasid") == 0) {
struct kfd_process *p = container_of(attr, struct kfd_process,
attr_pasid);
-
return snprintf(buffer, PAGE_SIZE, "%d\n", p->pasid);
} else if (strncmp(attr->name, "vram_", 5) == 0) {
struct kfd_process_device *pdd = container_of(attr, struct kfd_process_device,
attr_vram);
+ if (pdd->dev && kfd_devcgroup_check_permission(pdd->dev))
+ return -EPERM;
return snprintf(buffer, PAGE_SIZE, "%llu\n", READ_ONCE(pdd->vram_usage));
} else if (strncmp(attr->name, "sdma_", 5) == 0) {
struct kfd_process_device *pdd = container_of(attr, struct kfd_process_device,
attr_sdma);
+ if (pdd->dev && kfd_devcgroup_check_permission(pdd->dev))
+ return -EPERM;
struct kfd_sdma_activity_handler_workarea sdma_activity_work_handler;
INIT_WORK(&sdma_activity_work_handler.sdma_activity_work,
@@ -379,6 +384,8 @@ static ssize_t kfd_procfs_queue_show(struct kobject *kobj,
struct attribute *attr, char *buffer)
{
struct queue *q = container_of(kobj, struct queue, kobj);
+ if (q->device && kfd_devcgroup_check_permission(q->device))
+ return -EPERM;
if (!strcmp(attr->name, "size"))
return snprintf(buffer, PAGE_SIZE, "%llu",
@@ -402,6 +409,8 @@ static ssize_t kfd_procfs_stats_show(struct kobject *kobj,
attr_evict);
uint64_t evict_jiffies;
+ if (pdd->dev && kfd_devcgroup_check_permission(pdd->dev))
+ return -EPERM;
evict_jiffies = atomic64_read(&pdd->evict_duration_counter);
return snprintf(buffer,
@@ -427,16 +436,22 @@ static ssize_t kfd_sysfs_counters_show(struct kobject *kobj,
if (!strcmp(attr->name, "faults")) {
pdd = container_of(attr, struct kfd_process_device,
attr_faults);
+ if (pdd->dev && kfd_devcgroup_check_permission(pdd->dev))
+ return -EPERM;
return sysfs_emit(buf, "%llu\n", READ_ONCE(pdd->faults));
}
if (!strcmp(attr->name, "page_in")) {
pdd = container_of(attr, struct kfd_process_device,
attr_page_in);
+ if (pdd->dev && kfd_devcgroup_check_permission(pdd->dev))
+ return -EPERM;
return sysfs_emit(buf, "%llu\n", READ_ONCE(pdd->page_in));
}
if (!strcmp(attr->name, "page_out")) {
pdd = container_of(attr, struct kfd_process_device,
attr_page_out);
+ if (pdd->dev && kfd_devcgroup_check_permission(pdd->dev))
+ return -EPERM;
return sysfs_emit(buf, "%llu\n", READ_ONCE(pdd->page_out));
}
return 0;
--
2.25.1
More information about the amd-gfx
mailing list