| Message ID | 20231018105033.13669-8-michael.weiss@aisec.fraunhofer.de |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id
ib8csp4703306vqb;
Wed, 18 Oct 2023 03:57:21 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IFfi3WpjfmhJRj8QwBWw/UBrI3g9FQ/UqPcOTIJMu3a3/m3R23i7VAjwQPbww2O6Ss6rhCE
X-Received: by 2002:a17:90b:1b44:b0:274:60c7:e15a with SMTP id
nv4-20020a17090b1b4400b0027460c7e15amr5186431pjb.4.1697626641542;
Wed, 18 Oct 2023 03:57:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697626641; cv=none;
d=google.com; s=arc-20160816;
b=AXu70gxQeVvJczFWLjN9/P/JuJSNtjMh8wDlwhM472LO1BQcdbuowYOSLSGkE64Ks8
jVjjuXC5bwmWLUzDA0PROblItmVFJ+0HutLrhkmywB8vhvJsvdwqxVWr2pl9Yct+2SRK
ZjnVY6SNKNuW414CmaLOOF9H/zMIOL25+KMkADtFp0GZnygeQIypKJmJCo70ZyzBNpCq
JbUVNuRnTzJoi/gJ3Q/0CZ/WMKCQBEUB25JAvfE6Qy26jpZ2sT//tw9got5XfYdz+Cm/
pBG+OhSEYEFA9TTNkjQLhOGHyWCqtyq8iwRz1k2xjvo6Ls+3HB3q73ngwiOGCMoCkOkE
/TUQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:ui-outboundreport:content-transfer-encoding
:mime-version:references:in-reply-to:message-id:date:subject:cc:to
:from;
bh=9vf1ixH2qLJzlXFGb64g2kEhkedNPAsYtGmzXincPmU=;
fh=c4ql7d5QsFreQmYQr7ycbAsMayBEmNUOv2nmR/PVp9M=;
b=p+MtDuY1nHuEAEa5wI3nwk2vqiuqdK7SOngPZv9cOfpUYbqLzHZAnIwNhGefv3yD6+
LQdnQS1jsCgZEMSPe1LRm9lEOTWcCZ6WFPF4P2kqFRyE/UuzprNEbAltkuiOnq2Cc36v
k0i2Uj5zNZZZx9NBKkEOermNvSLHNnfq+RQ0ZN3Kfcved9QY+nMnUQNpYxPCaThdxM09
vEuQgdK5XzAZtcO9IDkBjCHxdc7eGu+dfdx5X1KsDqYQwPfTIq3QdJuGwxURrkaT55CR
Mg+DeJpxu1kBWrCIlL1r4DnyYkeJz5mHVPHPbDVadT13oVu5hRcD77ks458Ok6moAyhv
5FMw==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:3 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de
Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3])
by mx.google.com with ESMTPS id
mh14-20020a17090b4ace00b0027d06db85ffsi1397602pjb.38.2023.10.18.03.57.21
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 18 Oct 2023 03:57:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:3 as permitted sender)
client-ip=2620:137:e000::3:3;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:3 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by lipwig.vger.email (Postfix) with ESMTP id E991C817905C;
Wed, 18 Oct 2023 03:57:16 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229956AbjJRK5H (ORCPT <rfc822;lkml4gm@gmail.com> + 24 others);
Wed, 18 Oct 2023 06:57:07 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40444 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229453AbjJRK5C (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 18 Oct 2023 06:57:02 -0400
X-Greylist: delayed 332 seconds by postgrey-1.37 at lindbergh.monkeyblade.net;
Wed, 18 Oct 2023 03:56:59 PDT
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.131])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E5D3E10A;
Wed, 18 Oct 2023 03:56:59 -0700 (PDT)
Received: from weisslap.aisec.fraunhofer.de ([91.67.186.133]) by
mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis)
id 1Myevl-1rkb8513aX-00ywBN; Wed, 18 Oct 2023 12:51:00 +0200
From: =?utf-8?q?Michael_Wei=C3=9F?= <michael.weiss@aisec.fraunhofer.de>
To: Alexander Mikhalitsyn <alexander@mihalicyn.com>,
Christian Brauner <brauner@kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
Paul Moore <paul@paul-moore.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>, Martin KaFai Lau <martin.lau@linux.dev>,
Song Liu <song@kernel.org>, Yonghong Song <yhs@fb.com>,
John Fastabend <john.fastabend@gmail.com>, KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>, Quentin Monnet <quentin@isovalent.com>,
Alexander Viro <viro@zeniv.linux.org.uk>, Miklos Szeredi <miklos@szeredi.hu>,
Amir Goldstein <amir73il@gmail.com>, "Serge E. Hallyn" <serge@hallyn.com>,
bpf@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org, gyroidos@aisec.fraunhofer.de, =?utf-8?q?Mich?=
=?utf-8?q?ael_Wei=C3=9F?= <michael.weiss@aisec.fraunhofer.de>
Subject: [RFC PATCH v2 07/14] drm/amdkfd: Switch from
devcgroup_check_permission to security hook
Date: Wed, 18 Oct 2023 12:50:26 +0200
Message-Id: <20231018105033.13669-8-michael.weiss@aisec.fraunhofer.de>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de>
References: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K1:5hEHFJ1ImyT/QBoZt+16PZOB0PG8GCYi6JjwGtaP6iS7hUpeti4
SQkmld3M5LO4Um0eZThRUP8ulZFPP+a7w11JYT5kc+yKewkRv47KcwH+ZUHSnHecFJqezO1
kmiKN3Jv2MKghSH9lFZYmT8Jk7fJvfL2Y+iJ4CREoeJGJJGWsyQtOo9/38siC3NrBZnmenN
bR0USbbnxTsgNCcwoS86Q==
UI-OutboundReport: notjunk:1;M01:P0:GtiADAAjAwY=;LC6o+4QflxJbOhLM1dykXA+PqWA
DXAh9zy91am0hr7PYpYyD4+FPQqw7awKB7Gcpw5icJ6sQUly0ayUAUWqy/aWUqkIM5Nn7Dkiy
WiJk7AzjBK0puAEu89YWyyWS+F5mfZIGUCFRuEzGWpoIo3HuCnRT1BYULf2Wsjl0zQGWF3QSF
u7AAH7MrCJwKgv5P1nz+5xGqDmytVwALHJys+Bke29D7IzdFNx8e1T9WBAJPFszCwaVfpIf4k
ERBxSLBRNZfVd2kf2AGI4+tAyd3J18rhisnNysVUjl/4eeBPw48jRtMx+k5LC7rJ1ftwc4G/3
EugVRAdbqmmEb/S4Cr73MaIPdCJK3e+md+9X5DfYYy+cPB0yayJeYTJT65mEzO29RN1YTeEDd
UUhDHcZvhMtpkHIwLLL8kpkUuf1K7HUO8BrwEjATSlRrjXqaYJWoP5eua8yKaDNsNupmET7n2
Eeerq5i/DZWD0t14Jy4xh/BuAdBwFwvbFpMjaqqdgFiP3MdgarW9ayr9idjmPlZb6n6G5Foj4
NMCDT5uQPjbGM6gFMdjqJg8Sx6vZM3SbsIaGaY4JbBZyRtyAnDGfycaLGsBzGpRJOe0DQ/6NW
Yv+dc66TYfV+IlVu+T0OYwgAJwrFTWPE7k25Pn0AkVjOfH2adPwAGsM4Ujms/4D8TfdMGuQkN
QM3BJuC64orDPjgDXm/6aYne4+HExF3wazTVThD3kepQkPPpiqGHZKwhObk+8fmtLu8QZfgIF
E8yfPKJKZCb9VPRQRIqYCFnabCE8FJ4KmWDXoqJp4kmUCs9uaqLbAClyfwwCxs1j1ZwOI0azk
81t+E0E+AWYMxSTff25Cl+HLAmFD+hsn4EBgD0vujsbgWcGc4y/ETnw4mCMwJCwGNVoSCxVNs
vVEcbR9TcxtzDHw==
X-Spam-Status: No,
score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]);
Wed, 18 Oct 2023 03:57:17 -0700 (PDT)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1780090553369516579
X-GMAIL-MSGID: 1780090553369516579
|
| Series |
device_cgroup: guard mknod for non-initial user namespace
|
|
Commit Message
Michael Weiß
Oct. 18, 2023, 10:50 a.m. UTC
The new lsm-based cgroup device access control provides an
equivalent hook to check device permission. Thus, switch to the
more generic security hook security_dev_permission() instead of
directly calling devcgroup_check_permission().
Signed-off-by: Michael Weiß <michael.weiss@aisec.fraunhofer.de>
---
drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h index fa24e1852493..50979f332e38 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h +++ b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h @@ -38,7 +38,7 @@ #include <linux/seq_file.h> #include <linux/kref.h> #include <linux/sysfs.h> -#include <linux/device_cgroup.h> +#include <linux/security.h> #include <drm/drm_file.h> #include <drm/drm_drv.h> #include <drm/drm_device.h> @@ -1487,9 +1487,8 @@ static inline int kfd_devcgroup_check_permission(struct kfd_node *kfd) #if defined(CONFIG_CGROUP_DEVICE) || defined(CONFIG_CGROUP_BPF) struct drm_device *ddev = adev_to_drm(kfd->adev); - return devcgroup_check_permission(DEVCG_DEV_CHAR, DRM_MAJOR, - ddev->render->index, - DEVCG_ACC_WRITE | DEVCG_ACC_READ); + return security_dev_permission(S_IFCHR, MKDEV(DRM_MAJOR, ddev->render->index), + MAY_WRITE | MAY_READ); #else return 0; #endif