From nobody Fri Jun 6 13:57:07 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bDND36kBHz5xB72; Fri, 06 Jun 2025 13:57:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bDND33V3nz3mGB; Fri, 06 Jun 2025 13:57:07 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1749218227; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=zrv5KkLGUMYVVpdamrr5MC98U2hCVkdzvaMRfGX72eQ=; b=ompjWqIvA2+VyaU9ccNkRPIupKq1acyoGyPfcxJMXMP6U4vz0INnnmXzOy9RRjkov3/DGa IyKUwNOqrJveCJlvE1UT+TIXbS//uYNfjEFm9IcAlo3amAZWj0K+9dRFElgltDfbedCHvD 7t9bW6F/JtHBeiFbk3krPGHf0QtbWQx/kdE90rvR8j8TWKv6WvHmzltdfzbAEuPmT4PiWM 7jbieYZmRogmttnvUljiORirjcqOvhGlJuCxKro/Dbe9kWZ1cbZPzeSdxekqnbtp/raSGh p+nQIkIFQCt1nNWDa6b4GqKmdxlyLw5CVgUzxvIvF9ZYzcpeLTC3WHNNekTddA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1749218227; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=zrv5KkLGUMYVVpdamrr5MC98U2hCVkdzvaMRfGX72eQ=; b=qKXZTLsHW1XVXjR1pLN/pGYc6tICB/wD9v8T9Ijs0lcImab94xQ7vTRAfr5ENoGnS4JK3u hywQtncFkSKdfKHJa6WRn4jWmpMWVGb939qH/av+fkrom+RLxM1ek/wXnt5br6h/zcw347 IWb4HQPWu6Zqv+/b92UhtAYmqWnwUjnigBo8TYDP9nvq5N9Q3hXmXHZTQodmNDSwjx+eqj gpVtmSsld+h9vzpEDWwCH2WZUNmuU+kMkQ+RFR/sBLdJQwjNsiHVcZceNfXdGoA+Ul6MJQ PDLb9n8/HRY/MaXAJmM+0bSJXszBd1QkgyENTSaBTFmQWtqYJgloYzPbm57Wgg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1749218227; a=rsa-sha256; cv=none; b=ivo2W962qtRyiQWo/5thHCFrsCJXGFJZ5W00DX9HV2/ozDKJbsGARkfQnvo7C5H094PKvr FxM5uLBzhW779W+tuwEf5Wj6VNpMdlYkIf0m0DlTQusFDN3RgCr6jq2RrLcv/8qsBwqyO6 aOhqHPojQWsV0T/MxP4w9nEfjPs8YmkUh03tFyNxLSRfZzZQlJlhh6by2+WqofMNVfoOfo KIKnyBEqZXmj6zVI9jZ2MHVO6wRvopRw+ns3uYHKOOchZzwBvBvz3+SjVgSXKjFz7zKTbt BoBijDrb/iuyvu0uOXOi4wsWkSKXE2EwqAHGbGqrYleJwnEhTSlcYSYkGp68mw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bDND330MNzxj9; Fri, 06 Jun 2025 13:57:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 556Dv729084026; Fri, 6 Jun 2025 13:57:07 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 556Dv7Ep084023; Fri, 6 Jun 2025 13:57:07 GMT (envelope-from git) Date: Fri, 6 Jun 2025 13:57:07 GMT Message-Id: <202506061357.556Dv7Ep084023@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: 8aa51e6d7de0 - main - qat: restrict sysctl access to privileged users List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 8aa51e6d7de0a828020de64560d1385e15955a1c Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=8aa51e6d7de0a828020de64560d1385e15955a1c commit 8aa51e6d7de0a828020de64560d1385e15955a1c Author: Hareshx Sankar Raj AuthorDate: 2025-04-30 22:27:51 +0000 Commit: Mark Johnston CommitDate: 2025-06-06 13:43:33 +0000 qat: restrict sysctl access to privileged users Access to crucial QAT driver internals, such as firmware counters and transport debug via sysctl, has been limited to privileged users only. Reviewed by: markj, ziaee MFC after: 2 weeks Sponsored by: Intel Corporation Differential Revision: https://reviews.freebsd.org/D50379 --- sys/dev/qat/qat_common/adf_cfg_sysctl.c | 15 ++++- sys/dev/qat/qat_common/adf_clock.c | 34 +++++++++-- sys/dev/qat/qat_common/adf_freebsd_cfg_dev_dbg.c | 6 +- .../qat/qat_common/adf_freebsd_cnvnr_ctrs_dbg.c | 4 ++ sys/dev/qat/qat_common/adf_freebsd_heartbeat_dbg.c | 66 +++++++++++++++++++--- sys/dev/qat/qat_common/adf_freebsd_pfvf_ctrs_dbg.c | 6 +- .../qat/qat_common/adf_freebsd_transport_debug.c | 9 ++- sys/dev/qat/qat_common/adf_freebsd_ver_dbg.c | 10 ++++ sys/dev/qat/qat_common/adf_fw_counters.c | 4 ++ sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ae_config.c | 7 ++- .../qat_hw/qat_c4xxx/adf_c4xxx_misc_error_stats.c | 6 +- .../qat_hw/qat_c4xxx/adf_c4xxx_pke_replay_stats.c | 6 +- sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ras.c | 15 ++++- 13 files changed, 167 insertions(+), 21 deletions(-) diff --git a/sys/dev/qat/qat_common/adf_cfg_sysctl.c b/sys/dev/qat/qat_common/adf_cfg_sysctl.c index 621c3cc5b6c6..1a836765c94a 100644 --- a/sys/dev/qat/qat_common/adf_cfg_sysctl.c +++ b/sys/dev/qat/qat_common/adf_cfg_sysctl.c @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: BSD-3-Clause */ -/* Copyright(c) 2007-2022 Intel Corporation */ +/* Copyright(c) 2007-2025 Intel Corporation */ #include #include #include @@ -10,6 +10,7 @@ #include "adf_common_drv.h" #include #include +#include #define ADF_CFG_SYSCTL_BUF_SZ ADF_CFG_MAX_VAL #define ADF_CFG_UP_STR "up" @@ -105,6 +106,9 @@ static int adf_cfg_sysctl_services_handle(SYSCTL_HANDLER_ARGS) int ret = 0; int i = 0; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + accel_dev = arg1; if (!accel_dev) return ENXIO; @@ -156,6 +160,9 @@ static int adf_cfg_sysctl_mode_handle(SYSCTL_HANDLER_ARGS) int ret = 0; int i = 0; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + accel_dev = arg1; if (!accel_dev) return ENXIO; @@ -204,6 +211,9 @@ static int adf_cfg_sysctl_handle(SYSCTL_HANDLER_ARGS) unsigned int len; int ret = 0; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + accel_dev = arg1; if (!accel_dev) return ENXIO; @@ -245,6 +255,9 @@ static int adf_cfg_sysctl_num_processes_handle(SYSCTL_HANDLER_ARGS) uint32_t num_user_processes = 0; int ret = 0; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + accel_dev = arg1; if (!accel_dev) return ENXIO; diff --git a/sys/dev/qat/qat_common/adf_clock.c b/sys/dev/qat/qat_common/adf_clock.c index 36204c9939ac..f5d4116505b6 100644 --- a/sys/dev/qat/qat_common/adf_clock.c +++ b/sys/dev/qat/qat_common/adf_clock.c @@ -1,9 +1,10 @@ /* SPDX-License-Identifier: BSD-3-Clause */ -/* Copyright(c) 2007-2022 Intel Corporation */ +/* Copyright(c) 2007-2025 Intel Corporation */ #include "adf_accel_devices.h" #include "adf_common_drv.h" #include +#include #define MEASURE_CLOCK_RETRIES 10 #define MEASURE_CLOCK_DELTA_THRESHOLD 100 @@ -21,11 +22,30 @@ } \ } while (0) +static int adf_clock_read_frequency(SYSCTL_HANDLER_ARGS) +{ + struct adf_accel_dev *accel_dev = arg1; + struct adf_hw_device_data *hw_data; + int error = EFAULT; + + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + + if (accel_dev == NULL) + return EINVAL; + + hw_data = accel_dev->hw_device; + + error = sysctl_handle_int(oidp, &hw_data->clock_frequency, 0, req); + if (error || !req->newptr) + return error; + + return (0); +} + int adf_clock_debugfs_add(struct adf_accel_dev *accel_dev) { - struct adf_hw_device_data *hw_data = accel_dev->hw_device; - struct sysctl_ctx_list *qat_sysctl_ctx; struct sysctl_oid *qat_sysctl_tree; struct sysctl_oid *rc = 0; @@ -35,13 +55,15 @@ adf_clock_debugfs_add(struct adf_accel_dev *accel_dev) qat_sysctl_tree = device_get_sysctl_tree(accel_dev->accel_pci_dev.pci_dev); - rc = SYSCTL_ADD_UINT(qat_sysctl_ctx, + rc = SYSCTL_ADD_PROC(qat_sysctl_ctx, SYSCTL_CHILDREN(qat_sysctl_tree), OID_AUTO, CLK_DBGFS_FILE, - CTLFLAG_RD, - &hw_data->clock_frequency, + CTLTYPE_INT | CTLFLAG_RD, + accel_dev, 0, + adf_clock_read_frequency, + "IU", "clock frequency"); HB_SYSCTL_ERR(rc); return 0; diff --git a/sys/dev/qat/qat_common/adf_freebsd_cfg_dev_dbg.c b/sys/dev/qat/qat_common/adf_freebsd_cfg_dev_dbg.c index 7585dd9b29d4..6068d7d99496 100644 --- a/sys/dev/qat/qat_common/adf_freebsd_cfg_dev_dbg.c +++ b/sys/dev/qat/qat_common/adf_freebsd_cfg_dev_dbg.c @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: BSD-3-Clause */ -/* Copyright(c) 2007-2022 Intel Corporation */ +/* Copyright(c) 2007-2025 Intel Corporation */ #include "qat_freebsd.h" #include "adf_common_drv.h" #include "adf_cfg_device.h" @@ -12,6 +12,7 @@ #include #include #include +#include static int qat_dev_cfg_show(SYSCTL_HANDLER_ARGS) { @@ -21,6 +22,9 @@ static int qat_dev_cfg_show(SYSCTL_HANDLER_ARGS) struct sbuf sb; int error; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + sbuf_new_for_sysctl(&sb, NULL, 128, req); dev_cfg = arg1; sx_slock(&dev_cfg->lock); diff --git a/sys/dev/qat/qat_common/adf_freebsd_cnvnr_ctrs_dbg.c b/sys/dev/qat/qat_common/adf_freebsd_cnvnr_ctrs_dbg.c index ead172635e59..539059589bc8 100644 --- a/sys/dev/qat/qat_common/adf_freebsd_cnvnr_ctrs_dbg.c +++ b/sys/dev/qat/qat_common/adf_freebsd_cnvnr_ctrs_dbg.c @@ -3,6 +3,7 @@ #include #include #include +#include #include "adf_cnvnr_freq_counters.h" #include "adf_common_drv.h" #include "adf_cfg.h" @@ -45,6 +46,9 @@ static int qat_cnvnr_ctrs_dbg_read(SYSCTL_HANDLER_ARGS) char report[MAX_REPORT_SIZE]; char *report_ptr = report; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + /* Defensive check */ if (!accel_dev || accel_dev->accel_id > ADF_MAX_DEVICES) return EINVAL; diff --git a/sys/dev/qat/qat_common/adf_freebsd_heartbeat_dbg.c b/sys/dev/qat/qat_common/adf_freebsd_heartbeat_dbg.c index 8690c000760c..e7b4840600e1 100644 --- a/sys/dev/qat/qat_common/adf_freebsd_heartbeat_dbg.c +++ b/sys/dev/qat/qat_common/adf_freebsd_heartbeat_dbg.c @@ -3,6 +3,7 @@ #include #include #include +#include #include "adf_heartbeat_dbg.h" #include "adf_common_drv.h" #include "adf_cfg.h" @@ -17,6 +18,49 @@ } \ } while (0) + +static int qat_dev_hb_read_sent(SYSCTL_HANDLER_ARGS) +{ + struct adf_accel_dev *accel_dev = arg1; + struct adf_heartbeat *hb; + int error = EFAULT; + + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + + if (accel_dev == NULL) + return EINVAL; + + hb = accel_dev->heartbeat; + + error = sysctl_handle_int(oidp, &hb->hb_sent_counter, 0, req); + if (error || !req->newptr) + return error; + + return (0); +} + +static int qat_dev_hb_read_failed(SYSCTL_HANDLER_ARGS) +{ + struct adf_accel_dev *accel_dev = arg1; + struct adf_heartbeat *hb; + int error = EFAULT; + + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + + if (accel_dev == NULL) + return EINVAL; + + hb = accel_dev->heartbeat; + + error = sysctl_handle_int(oidp, &hb->hb_failed_counter, 0, req); + if (error || !req->newptr) + return error; + + return (0); +} + /* Handler for HB status check */ static int qat_dev_hb_read(SYSCTL_HANDLER_ARGS) { @@ -24,6 +68,10 @@ static int qat_dev_hb_read(SYSCTL_HANDLER_ARGS) struct adf_accel_dev *accel_dev = arg1; struct adf_heartbeat *hb; int ret = 0; + + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + if (accel_dev == NULL) { return EINVAL; } @@ -63,24 +111,28 @@ adf_heartbeat_dbg_add(struct adf_accel_dev *accel_dev) device_get_sysctl_tree(accel_dev->accel_pci_dev.pci_dev); hb->heartbeat_sent.oid = - SYSCTL_ADD_UINT(qat_hb_sysctl_ctx, + SYSCTL_ADD_PROC(qat_hb_sysctl_ctx, SYSCTL_CHILDREN(qat_hb_sysctl_tree), OID_AUTO, "heartbeat_sent", - CTLFLAG_RD, - &hb->hb_sent_counter, + CTLTYPE_INT | CTLFLAG_RD, + accel_dev, 0, - "HB sent count"); + qat_dev_hb_read_sent, + "IU", + "HB failed count"); HB_SYSCTL_ERR(hb->heartbeat_sent.oid); hb->heartbeat_failed.oid = - SYSCTL_ADD_UINT(qat_hb_sysctl_ctx, + SYSCTL_ADD_PROC(qat_hb_sysctl_ctx, SYSCTL_CHILDREN(qat_hb_sysctl_tree), OID_AUTO, "heartbeat_failed", - CTLFLAG_RD, - &hb->hb_failed_counter, + CTLTYPE_INT | CTLFLAG_RD, + accel_dev, 0, + qat_dev_hb_read_failed, + "IU", "HB failed count"); HB_SYSCTL_ERR(hb->heartbeat_failed.oid); diff --git a/sys/dev/qat/qat_common/adf_freebsd_pfvf_ctrs_dbg.c b/sys/dev/qat/qat_common/adf_freebsd_pfvf_ctrs_dbg.c index 76830e2920c3..a50e5fa62a18 100644 --- a/sys/dev/qat/qat_common/adf_freebsd_pfvf_ctrs_dbg.c +++ b/sys/dev/qat/qat_common/adf_freebsd_pfvf_ctrs_dbg.c @@ -1,9 +1,10 @@ /* SPDX-License-Identifier: BSD-3-Clause */ -/* Copyright(c) 2007-2022 Intel Corporation */ +/* Copyright(c) 2007-2025 Intel Corporation */ #include "adf_accel_devices.h" #include "adf_common_drv.h" #include "adf_dev_err.h" #include "adf_freebsd_pfvf_ctrs_dbg.h" +#include #define MAX_REPORT_LINES (14) #define MAX_REPORT_LINE_LEN (64) @@ -92,6 +93,9 @@ static int adf_pfvf_ctrs_show(SYSCTL_HANDLER_ARGS) struct pfvf_stats *pfvf_counters = arg1; char report[MAX_REPORT_SIZE]; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + if (!pfvf_counters) return EINVAL; diff --git a/sys/dev/qat/qat_common/adf_freebsd_transport_debug.c b/sys/dev/qat/qat_common/adf_freebsd_transport_debug.c index 35375bb20014..78ea6a7a5083 100644 --- a/sys/dev/qat/qat_common/adf_freebsd_transport_debug.c +++ b/sys/dev/qat/qat_common/adf_freebsd_transport_debug.c @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: BSD-3-Clause */ -/* Copyright(c) 2007-2022 Intel Corporation */ +/* Copyright(c) 2007-2025 Intel Corporation */ #include "qat_freebsd.h" #include "adf_cfg.h" #include "adf_common_drv.h" @@ -14,6 +14,7 @@ #include #include #include +#include static int adf_ring_show(SYSCTL_HANDLER_ARGS) { @@ -25,6 +26,9 @@ static int adf_ring_show(SYSCTL_HANDLER_ARGS) int error, word; uint32_t *wp, *end; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + sbuf_new_for_sysctl(&sb, NULL, 128, req); { int head, tail, empty; @@ -125,6 +129,9 @@ static int adf_bank_show(SYSCTL_HANDLER_ARGS) struct sbuf sb; int error, ring_id; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + sbuf_new_for_sysctl(&sb, NULL, 128, req); bank = arg1; accel_dev = bank->accel_dev; diff --git a/sys/dev/qat/qat_common/adf_freebsd_ver_dbg.c b/sys/dev/qat/qat_common/adf_freebsd_ver_dbg.c index 98cde6a742c1..041481435426 100644 --- a/sys/dev/qat/qat_common/adf_freebsd_ver_dbg.c +++ b/sys/dev/qat/qat_common/adf_freebsd_ver_dbg.c @@ -5,12 +5,16 @@ #include "adf_common_drv.h" #include "adf_accel_devices.h" #include "adf_ver_dbg.h" +#include static int adf_sysctl_read_fw_versions(SYSCTL_HANDLER_ARGS) { struct adf_accel_dev *accel_dev = arg1; char fw_version[ADF_CFG_MAX_VAL_LEN_IN_BYTES]; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + if (!accel_dev) return -EINVAL; @@ -34,6 +38,9 @@ static int adf_sysctl_read_hw_versions(SYSCTL_HANDLER_ARGS) struct adf_accel_dev *accel_dev = arg1; char hw_version[ADF_CFG_MAX_VAL_LEN_IN_BYTES]; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + if (!accel_dev) return -EINVAL; @@ -55,6 +62,9 @@ static int adf_sysctl_read_mmp_versions(SYSCTL_HANDLER_ARGS) struct adf_accel_dev *accel_dev = arg1; char mmp_version[ADF_CFG_MAX_VAL_LEN_IN_BYTES]; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + if (!accel_dev) return -EINVAL; diff --git a/sys/dev/qat/qat_common/adf_fw_counters.c b/sys/dev/qat/qat_common/adf_fw_counters.c index 1acabe4c9364..1356fa89e775 100644 --- a/sys/dev/qat/qat_common/adf_fw_counters.c +++ b/sys/dev/qat/qat_common/adf_fw_counters.c @@ -9,6 +9,7 @@ #include "icp_qat_fw_init_admin.h" #include #include +#include #define ADF_FW_COUNTERS_BUF_SZ 4096 #define ADF_RAS_EVENT_STR "RAS events" @@ -126,6 +127,9 @@ int adf_read_fw_counters(SYSCTL_HANDLER_ARGS) struct sbuf *sbuf = NULL; char *cbuf = NULL; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + if (accel_dev == NULL) { return EINVAL; } diff --git a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ae_config.c b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ae_config.c index e68d0bca80fc..a2bb36727fd4 100644 --- a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ae_config.c +++ b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ae_config.c @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: BSD-3-Clause */ -/* Copyright(c) 2007-2022 Intel Corporation */ +/* Copyright(c) 2007-2025 Intel Corporation */ #include "adf_c4xxx_hw_data.h" #include #include @@ -9,6 +9,7 @@ #include #include #include +#include #include #include #include @@ -59,6 +60,10 @@ static int adf_ae_config_show(SYSCTL_HANDLER_ARGS) u8 ae_index; u8 num_aes; int ret = 0; + + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + u32 num_au = hw_data->get_num_accel_units(hw_data); sbuf_new_for_sysctl(&sb, NULL, 2048, req); diff --git a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_misc_error_stats.c b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_misc_error_stats.c index 3821e60df746..4fdbec791ce6 100644 --- a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_misc_error_stats.c +++ b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_misc_error_stats.c @@ -1,11 +1,12 @@ /* SPDX-License-Identifier: BSD-3-Clause */ -/* Copyright(c) 2007-2022 Intel Corporation */ +/* Copyright(c) 2007-2025 Intel Corporation */ #include "adf_c4xxx_hw_data.h" #include "adf_c4xxx_misc_error_stats.h" #include "adf_common_drv.h" #include "adf_cfg_common.h" #include #include +#include #define MISC_ERROR_DBG_FILE "misc_error_stats" #define LINE \ @@ -23,6 +24,9 @@ static int qat_misc_error_show(SYSCTL_HANDLER_ARGS) { struct sbuf sb; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + sbuf_new_for_sysctl(&sb, NULL, 256, req); sbuf_printf(&sb, "\n"); sbuf_printf(&sb, LINE); diff --git a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_pke_replay_stats.c b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_pke_replay_stats.c index 61a879900f9c..06145a3d7906 100644 --- a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_pke_replay_stats.c +++ b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_pke_replay_stats.c @@ -1,11 +1,12 @@ /* SPDX-License-Identifier: BSD-3-Clause */ -/* Copyright(c) 2007-2022 Intel Corporation */ +/* Copyright(c) 2007-2025 Intel Corporation */ #include "adf_c4xxx_hw_data.h" #include "adf_c4xxx_pke_replay_stats.h" #include "adf_common_drv.h" #include "icp_qat_fw_init_admin.h" #include #include +#include #define PKE_REPLAY_DBG_FILE "pke_replay_stats" #define LINE \ @@ -21,6 +22,9 @@ static int qat_pke_replay_counters_show(SYSCTL_HANDLER_ARGS) u64 suc_counter = 0; u64 unsuc_counter = 0; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + sbuf_new_for_sysctl(&sb, NULL, 256, req); sbuf_printf(&sb, "\n"); diff --git a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ras.c b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ras.c index d7cf8e350fa4..af4c6d123c84 100644 --- a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ras.c +++ b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ras.c @@ -1,10 +1,11 @@ /* SPDX-License-Identifier: BSD-3-Clause */ -/* Copyright(c) 2007-2022 Intel Corporation */ +/* Copyright(c) 2007-2025 Intel Corporation */ #include "adf_c4xxx_ras.h" #include "adf_accel_devices.h" #include "adf_c4xxx_hw_data.h" #include #include "adf_c4xxx_inline.h" +#include #define ADF_RAS_STR_LEN 64 @@ -13,6 +14,9 @@ static int adf_sysctl_read_ras_correctable(SYSCTL_HANDLER_ARGS) struct adf_accel_dev *accel_dev = arg1; unsigned long counter = 0; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + if (accel_dev->ras_counters) counter = atomic_read(&accel_dev->ras_counters[ADF_RAS_CORR]); @@ -24,6 +28,9 @@ static int adf_sysctl_read_ras_uncorrectable(SYSCTL_HANDLER_ARGS) struct adf_accel_dev *accel_dev = arg1; unsigned long counter = 0; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + if (accel_dev->ras_counters) counter = atomic_read(&accel_dev->ras_counters[ADF_RAS_UNCORR]); @@ -35,6 +42,9 @@ static int adf_sysctl_read_ras_fatal(SYSCTL_HANDLER_ARGS) struct adf_accel_dev *accel_dev = arg1; unsigned long counter = 0; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + if (accel_dev->ras_counters) counter = atomic_read(&accel_dev->ras_counters[ADF_RAS_FATAL]); @@ -47,6 +57,9 @@ static int adf_sysctl_write_ras_reset(SYSCTL_HANDLER_ARGS) int value = 0; int ret = SYSCTL_IN(req, &value, sizeof(value)); + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + if (!ret && value != 0 && accel_dev->ras_counters) { }