[PATCH 05/21] drm/xe/eudebug: Use ptrace_may_access for xe_eudebug_attach

Lucas De Marchi lucas.demarchi at intel.com
Mon Jul 29 19:00:10 UTC 2024


On Fri, Jul 26, 2024 at 05:08:02PM GMT, Mika Kuoppala wrote:
>From: Jonathan Cavitt <jonathan.cavitt at intel.com>
>
>xe_eudebug_attach wants to use ptrace_may_access for determining when
>the user has the right to attach a debugger to a given process.  With
>ptrace_may_access now exported, this has become possible.
>
>Signed-off-by: Jonathan Cavitt <jonathan.cavitt at intel.com>
>Signed-off-by: Mika Kuoppala <mika.kuoppala at linux.intel.com>


this patch shouldn't exist. The patch exporting ptrace_may_access()
should be moved before xe_eudebug_attach() is added, so it's already
added with the right perm check.

If exporting that is not acceptable (which needs to be discussed with
proper maintainers / mainling-list) then this could remain as a
CAP_SYS_ADMIN.

Lucas De Marchi

>---
> drivers/gpu/drm/xe/xe_eudebug.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
>diff --git a/drivers/gpu/drm/xe/xe_eudebug.c b/drivers/gpu/drm/xe/xe_eudebug.c
>index 8aab02824f8a..c4bc66660218 100644
>--- a/drivers/gpu/drm/xe/xe_eudebug.c
>+++ b/drivers/gpu/drm/xe/xe_eudebug.c
>@@ -246,14 +246,13 @@ xe_eudebug_attach(struct xe_device *xe, struct xe_eudebug *d,
> {
> 	struct task_struct *target;
> 	struct xe_eudebug *iter;
>-	kuid_t uid = current_uid();
> 	int ret = 0;
>
> 	target = find_get_target(pid_nr);
> 	if (!target)
> 		return -ENOENT;
>
>-	if (!uid_eq(uid, task_uid(target)) && !capable(CAP_SYS_ADMIN)) {
>+	if (!ptrace_may_access(target, PTRACE_MODE_READ_REALCREDS)) {
> 		put_task_struct(target);
> 		return -EACCES;
> 	}
>-- 
>2.34.1
>


More information about the Intel-xe mailing list