[AMD Official Use Only - General] One minor comment inline. -----Original Message----- From: amd-gfx <amd-gfx-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Sreekant Somasekharan Sent: Friday, April 28, 2023 3:12 PM To: amd-gfx@xxxxxxxxxxxxxxxxxxxxx Cc: Somasekharan, Sreekant <Sreekant.Somasekharan@xxxxxxx> Subject: [PATCH v2] drm/amdkfd: Expose proc sysfs folder contents after permission check Access to proc sysfs folder/subfolder contents are permitted only if kfd_devcgroup_check_permission() function returns success. This will restrict users from accessing sysfs files for a process running on a device to which users has no access. Signed-off-by: Sreekant Somasekharan <sreekant.somasekharan@xxxxxxx> --- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_process.c b/drivers/gpu/drm/amd/amdkfd/kfd_process.c index 95cc63d9f578..8ff505d29bb4 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_process.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_process.c @@ -275,6 +275,8 @@ static int kfd_get_cu_occupancy(struct attribute *attr, char *buffer) pdd = container_of(attr, struct kfd_process_device, attr_cu_occupancy); dev = pdd->dev; + if (dev && kfd_devcgroup_check_permission(dev)) + return -EPERM; if (dev->kfd2kgd->get_cu_occupancy == NULL) return -EINVAL; @@ -308,10 +310,14 @@ static ssize_t kfd_procfs_show(struct kobject *kobj, struct attribute *attr, } else if (strncmp(attr->name, "vram_", 5) == 0) { struct kfd_process_device *pdd = container_of(attr, struct kfd_process_device, attr_vram); + if (pdd->dev && kfd_devcgroup_check_permission(pdd->dev)) + return -EPERM; return snprintf(buffer, PAGE_SIZE, "%llu\n", READ_ONCE(pdd->vram_usage)); } else if (strncmp(attr->name, "sdma_", 5) == 0) { struct kfd_process_device *pdd = container_of(attr, struct kfd_process_device, attr_sdma); + if (pdd->dev && kfd_devcgroup_check_permission(pdd->dev)) + return -EPERM; [HK]: Move the if condition below the following struct declaration otherwise the following compiler will spew the following warning warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement] struct kfd_sdma_activity_handler_workarea sdma_activity_work_handler; INIT_WORK(&sdma_activity_work_handler.sdma_activity_work, @@ -379,6 +385,8 @@ static ssize_t kfd_procfs_queue_show(struct kobject *kobj, struct attribute *attr, char *buffer) { struct queue *q = container_of(kobj, struct queue, kobj); + if (q->device && kfd_devcgroup_check_permission(q->device)) + return -EPERM; if (!strcmp(attr->name, "size")) return snprintf(buffer, PAGE_SIZE, "%llu", @@ -402,6 +410,8 @@ static ssize_t kfd_procfs_stats_show(struct kobject *kobj, attr_evict); uint64_t evict_jiffies; + if (pdd->dev && kfd_devcgroup_check_permission(pdd->dev)) + return -EPERM; evict_jiffies = atomic64_read(&pdd->evict_duration_counter); return snprintf(buffer, @@ -427,16 +437,22 @@ static ssize_t kfd_sysfs_counters_show(struct kobject *kobj, if (!strcmp(attr->name, "faults")) { pdd = container_of(attr, struct kfd_process_device, attr_faults); + if (pdd->dev && kfd_devcgroup_check_permission(pdd->dev)) + return -EPERM; return sysfs_emit(buf, "%llu\n", READ_ONCE(pdd->faults)); } if (!strcmp(attr->name, "page_in")) { pdd = container_of(attr, struct kfd_process_device, attr_page_in); + if (pdd->dev && kfd_devcgroup_check_permission(pdd->dev)) + return -EPERM; return sysfs_emit(buf, "%llu\n", READ_ONCE(pdd->page_in)); } if (!strcmp(attr->name, "page_out")) { pdd = container_of(attr, struct kfd_process_device, attr_page_out); + if (pdd->dev && kfd_devcgroup_check_permission(pdd->dev)) + return -EPERM; return sysfs_emit(buf, "%llu\n", READ_ONCE(pdd->page_out)); } return 0; -- 2.25.1