[PATCH 05/21] drm/xe/eudebug: Use ptrace_may_access for xe_eudebug_attach
Lucas De Marchi
lucas.demarchi at intel.com
Mon Jul 29 19:00:10 UTC 2024
On Fri, Jul 26, 2024 at 05:08:02PM GMT, Mika Kuoppala wrote:
>From: Jonathan Cavitt <jonathan.cavitt at intel.com>
>
>xe_eudebug_attach wants to use ptrace_may_access for determining when
>the user has the right to attach a debugger to a given process. With
>ptrace_may_access now exported, this has become possible.
>
>Signed-off-by: Jonathan Cavitt <jonathan.cavitt at intel.com>
>Signed-off-by: Mika Kuoppala <mika.kuoppala at linux.intel.com>
this patch shouldn't exist. The patch exporting ptrace_may_access()
should be moved before xe_eudebug_attach() is added, so it's already
added with the right perm check.
If exporting that is not acceptable (which needs to be discussed with
proper maintainers / mainling-list) then this could remain as a
CAP_SYS_ADMIN.
Lucas De Marchi
>---
> drivers/gpu/drm/xe/xe_eudebug.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
>diff --git a/drivers/gpu/drm/xe/xe_eudebug.c b/drivers/gpu/drm/xe/xe_eudebug.c
>index 8aab02824f8a..c4bc66660218 100644
>--- a/drivers/gpu/drm/xe/xe_eudebug.c
>+++ b/drivers/gpu/drm/xe/xe_eudebug.c
>@@ -246,14 +246,13 @@ xe_eudebug_attach(struct xe_device *xe, struct xe_eudebug *d,
> {
> struct task_struct *target;
> struct xe_eudebug *iter;
>- kuid_t uid = current_uid();
> int ret = 0;
>
> target = find_get_target(pid_nr);
> if (!target)
> return -ENOENT;
>
>- if (!uid_eq(uid, task_uid(target)) && !capable(CAP_SYS_ADMIN)) {
>+ if (!ptrace_may_access(target, PTRACE_MODE_READ_REALCREDS)) {
> put_task_struct(target);
> return -EACCES;
> }
>--
>2.34.1
>
More information about the Intel-xe
mailing list