Date: Fri, 20 Jun 2025 13:52:35 GMT From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: ef712e91a866 - stable/14 - qat: restrict sysctl access to privileged users Message-ID: <202506201352.55KDqZgZ058444@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=ef712e91a8669c9ab8bc6456d02027fced6920fc commit ef712e91a8669c9ab8bc6456d02027fced6920fc Author: Hareshx Sankar Raj <hareshx.sankar.raj@intel.com> AuthorDate: 2025-04-30 22:27:51 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2025-06-20 12:47:27 +0000 qat: restrict sysctl access to privileged users Access to crucial QAT driver internals, such as firmware counters and transport debug via sysctl, has been limited to privileged users only. Reviewed by: markj, ziaee MFC after: 2 weeks Sponsored by: Intel Corporation Differential Revision: https://reviews.freebsd.org/D50379 (cherry picked from commit 8aa51e6d7de0a828020de64560d1385e15955a1c) --- sys/dev/qat/qat_common/adf_cfg_sysctl.c | 15 ++++- sys/dev/qat/qat_common/adf_clock.c | 34 +++++++++-- sys/dev/qat/qat_common/adf_freebsd_cfg_dev_dbg.c | 6 +- .../qat/qat_common/adf_freebsd_cnvnr_ctrs_dbg.c | 4 ++ sys/dev/qat/qat_common/adf_freebsd_heartbeat_dbg.c | 66 +++++++++++++++++++--- sys/dev/qat/qat_common/adf_freebsd_pfvf_ctrs_dbg.c | 6 +- .../qat/qat_common/adf_freebsd_transport_debug.c | 9 ++- sys/dev/qat/qat_common/adf_freebsd_ver_dbg.c | 10 ++++ sys/dev/qat/qat_common/adf_fw_counters.c | 4 ++ sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ae_config.c | 7 ++- .../qat_hw/qat_c4xxx/adf_c4xxx_misc_error_stats.c | 6 +- .../qat_hw/qat_c4xxx/adf_c4xxx_pke_replay_stats.c | 6 +- sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ras.c | 15 ++++- 13 files changed, 167 insertions(+), 21 deletions(-) diff --git a/sys/dev/qat/qat_common/adf_cfg_sysctl.c b/sys/dev/qat/qat_common/adf_cfg_sysctl.c index 621c3cc5b6c6..1a836765c94a 100644 --- a/sys/dev/qat/qat_common/adf_cfg_sysctl.c +++ b/sys/dev/qat/qat_common/adf_cfg_sysctl.c @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: BSD-3-Clause */ -/* Copyright(c) 2007-2022 Intel Corporation */ +/* Copyright(c) 2007-2025 Intel Corporation */ #include <sys/types.h> #include <sys/sysctl.h> #include <sys/systm.h> @@ -10,6 +10,7 @@ #include "adf_common_drv.h" #include <sys/mutex.h> #include <sys/sbuf.h> +#include <sys/priv.h> #define ADF_CFG_SYSCTL_BUF_SZ ADF_CFG_MAX_VAL #define ADF_CFG_UP_STR "up" @@ -105,6 +106,9 @@ static int adf_cfg_sysctl_services_handle(SYSCTL_HANDLER_ARGS) int ret = 0; int i = 0; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + accel_dev = arg1; if (!accel_dev) return ENXIO; @@ -156,6 +160,9 @@ static int adf_cfg_sysctl_mode_handle(SYSCTL_HANDLER_ARGS) int ret = 0; int i = 0; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + accel_dev = arg1; if (!accel_dev) return ENXIO; @@ -204,6 +211,9 @@ static int adf_cfg_sysctl_handle(SYSCTL_HANDLER_ARGS) unsigned int len; int ret = 0; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + accel_dev = arg1; if (!accel_dev) return ENXIO; @@ -245,6 +255,9 @@ static int adf_cfg_sysctl_num_processes_handle(SYSCTL_HANDLER_ARGS) uint32_t num_user_processes = 0; int ret = 0; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + accel_dev = arg1; if (!accel_dev) return ENXIO; diff --git a/sys/dev/qat/qat_common/adf_clock.c b/sys/dev/qat/qat_common/adf_clock.c index 36204c9939ac..f5d4116505b6 100644 --- a/sys/dev/qat/qat_common/adf_clock.c +++ b/sys/dev/qat/qat_common/adf_clock.c @@ -1,9 +1,10 @@ /* SPDX-License-Identifier: BSD-3-Clause */ -/* Copyright(c) 2007-2022 Intel Corporation */ +/* Copyright(c) 2007-2025 Intel Corporation */ #include "adf_accel_devices.h" #include "adf_common_drv.h" #include <linux/delay.h> +#include <sys/priv.h> #define MEASURE_CLOCK_RETRIES 10 #define MEASURE_CLOCK_DELTA_THRESHOLD 100 @@ -21,11 +22,30 @@ } \ } while (0) +static int adf_clock_read_frequency(SYSCTL_HANDLER_ARGS) +{ + struct adf_accel_dev *accel_dev = arg1; + struct adf_hw_device_data *hw_data; + int error = EFAULT; + + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + + if (accel_dev == NULL) + return EINVAL; + + hw_data = accel_dev->hw_device; + + error = sysctl_handle_int(oidp, &hw_data->clock_frequency, 0, req); + if (error || !req->newptr) + return error; + + return (0); +} + int adf_clock_debugfs_add(struct adf_accel_dev *accel_dev) { - struct adf_hw_device_data *hw_data = accel_dev->hw_device; - struct sysctl_ctx_list *qat_sysctl_ctx; struct sysctl_oid *qat_sysctl_tree; struct sysctl_oid *rc = 0; @@ -35,13 +55,15 @@ adf_clock_debugfs_add(struct adf_accel_dev *accel_dev) qat_sysctl_tree = device_get_sysctl_tree(accel_dev->accel_pci_dev.pci_dev); - rc = SYSCTL_ADD_UINT(qat_sysctl_ctx, + rc = SYSCTL_ADD_PROC(qat_sysctl_ctx, SYSCTL_CHILDREN(qat_sysctl_tree), OID_AUTO, CLK_DBGFS_FILE, - CTLFLAG_RD, - &hw_data->clock_frequency, + CTLTYPE_INT | CTLFLAG_RD, + accel_dev, 0, + adf_clock_read_frequency, + "IU", "clock frequency"); HB_SYSCTL_ERR(rc); return 0; diff --git a/sys/dev/qat/qat_common/adf_freebsd_cfg_dev_dbg.c b/sys/dev/qat/qat_common/adf_freebsd_cfg_dev_dbg.c index 7585dd9b29d4..6068d7d99496 100644 --- a/sys/dev/qat/qat_common/adf_freebsd_cfg_dev_dbg.c +++ b/sys/dev/qat/qat_common/adf_freebsd_cfg_dev_dbg.c @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: BSD-3-Clause */ -/* Copyright(c) 2007-2022 Intel Corporation */ +/* Copyright(c) 2007-2025 Intel Corporation */ #include "qat_freebsd.h" #include "adf_common_drv.h" #include "adf_cfg_device.h" @@ -12,6 +12,7 @@ #include <sys/sx.h> #include <sys/systm.h> #include <sys/malloc.h> +#include <sys/priv.h> static int qat_dev_cfg_show(SYSCTL_HANDLER_ARGS) { @@ -21,6 +22,9 @@ static int qat_dev_cfg_show(SYSCTL_HANDLER_ARGS) struct sbuf sb; int error; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + sbuf_new_for_sysctl(&sb, NULL, 128, req); dev_cfg = arg1; sx_slock(&dev_cfg->lock); diff --git a/sys/dev/qat/qat_common/adf_freebsd_cnvnr_ctrs_dbg.c b/sys/dev/qat/qat_common/adf_freebsd_cnvnr_ctrs_dbg.c index ead172635e59..539059589bc8 100644 --- a/sys/dev/qat/qat_common/adf_freebsd_cnvnr_ctrs_dbg.c +++ b/sys/dev/qat/qat_common/adf_freebsd_cnvnr_ctrs_dbg.c @@ -3,6 +3,7 @@ #include <sys/types.h> #include <sys/sysctl.h> #include <sys/systm.h> +#include <sys/priv.h> #include "adf_cnvnr_freq_counters.h" #include "adf_common_drv.h" #include "adf_cfg.h" @@ -45,6 +46,9 @@ static int qat_cnvnr_ctrs_dbg_read(SYSCTL_HANDLER_ARGS) char report[MAX_REPORT_SIZE]; char *report_ptr = report; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + /* Defensive check */ if (!accel_dev || accel_dev->accel_id > ADF_MAX_DEVICES) return EINVAL; diff --git a/sys/dev/qat/qat_common/adf_freebsd_heartbeat_dbg.c b/sys/dev/qat/qat_common/adf_freebsd_heartbeat_dbg.c index 8690c000760c..e7b4840600e1 100644 --- a/sys/dev/qat/qat_common/adf_freebsd_heartbeat_dbg.c +++ b/sys/dev/qat/qat_common/adf_freebsd_heartbeat_dbg.c @@ -3,6 +3,7 @@ #include <sys/types.h> #include <sys/sysctl.h> #include <sys/systm.h> +#include <sys/priv.h> #include "adf_heartbeat_dbg.h" #include "adf_common_drv.h" #include "adf_cfg.h" @@ -17,6 +18,49 @@ } \ } while (0) + +static int qat_dev_hb_read_sent(SYSCTL_HANDLER_ARGS) +{ + struct adf_accel_dev *accel_dev = arg1; + struct adf_heartbeat *hb; + int error = EFAULT; + + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + + if (accel_dev == NULL) + return EINVAL; + + hb = accel_dev->heartbeat; + + error = sysctl_handle_int(oidp, &hb->hb_sent_counter, 0, req); + if (error || !req->newptr) + return error; + + return (0); +} + +static int qat_dev_hb_read_failed(SYSCTL_HANDLER_ARGS) +{ + struct adf_accel_dev *accel_dev = arg1; + struct adf_heartbeat *hb; + int error = EFAULT; + + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + + if (accel_dev == NULL) + return EINVAL; + + hb = accel_dev->heartbeat; + + error = sysctl_handle_int(oidp, &hb->hb_failed_counter, 0, req); + if (error || !req->newptr) + return error; + + return (0); +} + /* Handler for HB status check */ static int qat_dev_hb_read(SYSCTL_HANDLER_ARGS) { @@ -24,6 +68,10 @@ static int qat_dev_hb_read(SYSCTL_HANDLER_ARGS) struct adf_accel_dev *accel_dev = arg1; struct adf_heartbeat *hb; int ret = 0; + + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + if (accel_dev == NULL) { return EINVAL; } @@ -63,24 +111,28 @@ adf_heartbeat_dbg_add(struct adf_accel_dev *accel_dev) device_get_sysctl_tree(accel_dev->accel_pci_dev.pci_dev); hb->heartbeat_sent.oid = - SYSCTL_ADD_UINT(qat_hb_sysctl_ctx, + SYSCTL_ADD_PROC(qat_hb_sysctl_ctx, SYSCTL_CHILDREN(qat_hb_sysctl_tree), OID_AUTO, "heartbeat_sent", - CTLFLAG_RD, - &hb->hb_sent_counter, + CTLTYPE_INT | CTLFLAG_RD, + accel_dev, 0, - "HB sent count"); + qat_dev_hb_read_sent, + "IU", + "HB failed count"); HB_SYSCTL_ERR(hb->heartbeat_sent.oid); hb->heartbeat_failed.oid = - SYSCTL_ADD_UINT(qat_hb_sysctl_ctx, + SYSCTL_ADD_PROC(qat_hb_sysctl_ctx, SYSCTL_CHILDREN(qat_hb_sysctl_tree), OID_AUTO, "heartbeat_failed", - CTLFLAG_RD, - &hb->hb_failed_counter, + CTLTYPE_INT | CTLFLAG_RD, + accel_dev, 0, + qat_dev_hb_read_failed, + "IU", "HB failed count"); HB_SYSCTL_ERR(hb->heartbeat_failed.oid); diff --git a/sys/dev/qat/qat_common/adf_freebsd_pfvf_ctrs_dbg.c b/sys/dev/qat/qat_common/adf_freebsd_pfvf_ctrs_dbg.c index 76830e2920c3..a50e5fa62a18 100644 --- a/sys/dev/qat/qat_common/adf_freebsd_pfvf_ctrs_dbg.c +++ b/sys/dev/qat/qat_common/adf_freebsd_pfvf_ctrs_dbg.c @@ -1,9 +1,10 @@ /* SPDX-License-Identifier: BSD-3-Clause */ -/* Copyright(c) 2007-2022 Intel Corporation */ +/* Copyright(c) 2007-2025 Intel Corporation */ #include "adf_accel_devices.h" #include "adf_common_drv.h" #include "adf_dev_err.h" #include "adf_freebsd_pfvf_ctrs_dbg.h" +#include <sys/priv.h> #define MAX_REPORT_LINES (14) #define MAX_REPORT_LINE_LEN (64) @@ -92,6 +93,9 @@ static int adf_pfvf_ctrs_show(SYSCTL_HANDLER_ARGS) struct pfvf_stats *pfvf_counters = arg1; char report[MAX_REPORT_SIZE]; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + if (!pfvf_counters) return EINVAL; diff --git a/sys/dev/qat/qat_common/adf_freebsd_transport_debug.c b/sys/dev/qat/qat_common/adf_freebsd_transport_debug.c index 35375bb20014..78ea6a7a5083 100644 --- a/sys/dev/qat/qat_common/adf_freebsd_transport_debug.c +++ b/sys/dev/qat/qat_common/adf_freebsd_transport_debug.c @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: BSD-3-Clause */ -/* Copyright(c) 2007-2022 Intel Corporation */ +/* Copyright(c) 2007-2025 Intel Corporation */ #include "qat_freebsd.h" #include "adf_cfg.h" #include "adf_common_drv.h" @@ -14,6 +14,7 @@ #include <sys/sbuf.h> #include <sys/sysctl.h> #include <sys/systm.h> +#include <sys/priv.h> static int adf_ring_show(SYSCTL_HANDLER_ARGS) { @@ -25,6 +26,9 @@ static int adf_ring_show(SYSCTL_HANDLER_ARGS) int error, word; uint32_t *wp, *end; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + sbuf_new_for_sysctl(&sb, NULL, 128, req); { int head, tail, empty; @@ -125,6 +129,9 @@ static int adf_bank_show(SYSCTL_HANDLER_ARGS) struct sbuf sb; int error, ring_id; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + sbuf_new_for_sysctl(&sb, NULL, 128, req); bank = arg1; accel_dev = bank->accel_dev; diff --git a/sys/dev/qat/qat_common/adf_freebsd_ver_dbg.c b/sys/dev/qat/qat_common/adf_freebsd_ver_dbg.c index 98cde6a742c1..041481435426 100644 --- a/sys/dev/qat/qat_common/adf_freebsd_ver_dbg.c +++ b/sys/dev/qat/qat_common/adf_freebsd_ver_dbg.c @@ -5,12 +5,16 @@ #include "adf_common_drv.h" #include "adf_accel_devices.h" #include "adf_ver_dbg.h" +#include <sys/priv.h> static int adf_sysctl_read_fw_versions(SYSCTL_HANDLER_ARGS) { struct adf_accel_dev *accel_dev = arg1; char fw_version[ADF_CFG_MAX_VAL_LEN_IN_BYTES]; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + if (!accel_dev) return -EINVAL; @@ -34,6 +38,9 @@ static int adf_sysctl_read_hw_versions(SYSCTL_HANDLER_ARGS) struct adf_accel_dev *accel_dev = arg1; char hw_version[ADF_CFG_MAX_VAL_LEN_IN_BYTES]; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + if (!accel_dev) return -EINVAL; @@ -55,6 +62,9 @@ static int adf_sysctl_read_mmp_versions(SYSCTL_HANDLER_ARGS) struct adf_accel_dev *accel_dev = arg1; char mmp_version[ADF_CFG_MAX_VAL_LEN_IN_BYTES]; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + if (!accel_dev) return -EINVAL; diff --git a/sys/dev/qat/qat_common/adf_fw_counters.c b/sys/dev/qat/qat_common/adf_fw_counters.c index 1acabe4c9364..1356fa89e775 100644 --- a/sys/dev/qat/qat_common/adf_fw_counters.c +++ b/sys/dev/qat/qat_common/adf_fw_counters.c @@ -9,6 +9,7 @@ #include "icp_qat_fw_init_admin.h" #include <sys/mutex.h> #include <sys/sbuf.h> +#include <sys/priv.h> #define ADF_FW_COUNTERS_BUF_SZ 4096 #define ADF_RAS_EVENT_STR "RAS events" @@ -126,6 +127,9 @@ int adf_read_fw_counters(SYSCTL_HANDLER_ARGS) struct sbuf *sbuf = NULL; char *cbuf = NULL; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + if (accel_dev == NULL) { return EINVAL; } diff --git a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ae_config.c b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ae_config.c index e68d0bca80fc..a2bb36727fd4 100644 --- a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ae_config.c +++ b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ae_config.c @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: BSD-3-Clause */ -/* Copyright(c) 2007-2022 Intel Corporation */ +/* Copyright(c) 2007-2025 Intel Corporation */ #include "adf_c4xxx_hw_data.h" #include <linux/kernel.h> #include <linux/types.h> @@ -9,6 +9,7 @@ #include <linux/io.h> #include <sys/sbuf.h> #include <sys/sysctl.h> +#include <sys/priv.h> #include <adf_accel_devices.h> #include <adf_common_drv.h> #include <adf_cfg.h> @@ -59,6 +60,10 @@ static int adf_ae_config_show(SYSCTL_HANDLER_ARGS) u8 ae_index; u8 num_aes; int ret = 0; + + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + u32 num_au = hw_data->get_num_accel_units(hw_data); sbuf_new_for_sysctl(&sb, NULL, 2048, req); diff --git a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_misc_error_stats.c b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_misc_error_stats.c index 3821e60df746..4fdbec791ce6 100644 --- a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_misc_error_stats.c +++ b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_misc_error_stats.c @@ -1,11 +1,12 @@ /* SPDX-License-Identifier: BSD-3-Clause */ -/* Copyright(c) 2007-2022 Intel Corporation */ +/* Copyright(c) 2007-2025 Intel Corporation */ #include "adf_c4xxx_hw_data.h" #include "adf_c4xxx_misc_error_stats.h" #include "adf_common_drv.h" #include "adf_cfg_common.h" #include <sys/sbuf.h> #include <sys/sysctl.h> +#include <sys/priv.h> #define MISC_ERROR_DBG_FILE "misc_error_stats" #define LINE \ @@ -23,6 +24,9 @@ static int qat_misc_error_show(SYSCTL_HANDLER_ARGS) { struct sbuf sb; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + sbuf_new_for_sysctl(&sb, NULL, 256, req); sbuf_printf(&sb, "\n"); sbuf_printf(&sb, LINE); diff --git a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_pke_replay_stats.c b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_pke_replay_stats.c index 61a879900f9c..06145a3d7906 100644 --- a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_pke_replay_stats.c +++ b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_pke_replay_stats.c @@ -1,11 +1,12 @@ /* SPDX-License-Identifier: BSD-3-Clause */ -/* Copyright(c) 2007-2022 Intel Corporation */ +/* Copyright(c) 2007-2025 Intel Corporation */ #include "adf_c4xxx_hw_data.h" #include "adf_c4xxx_pke_replay_stats.h" #include "adf_common_drv.h" #include "icp_qat_fw_init_admin.h" #include <sys/sbuf.h> #include <sys/sysctl.h> +#include <sys/priv.h> #define PKE_REPLAY_DBG_FILE "pke_replay_stats" #define LINE \ @@ -21,6 +22,9 @@ static int qat_pke_replay_counters_show(SYSCTL_HANDLER_ARGS) u64 suc_counter = 0; u64 unsuc_counter = 0; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + sbuf_new_for_sysctl(&sb, NULL, 256, req); sbuf_printf(&sb, "\n"); diff --git a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ras.c b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ras.c index d7cf8e350fa4..af4c6d123c84 100644 --- a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ras.c +++ b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ras.c @@ -1,10 +1,11 @@ /* SPDX-License-Identifier: BSD-3-Clause */ -/* Copyright(c) 2007-2022 Intel Corporation */ +/* Copyright(c) 2007-2025 Intel Corporation */ #include "adf_c4xxx_ras.h" #include "adf_accel_devices.h" #include "adf_c4xxx_hw_data.h" #include <adf_dev_err.h> #include "adf_c4xxx_inline.h" +#include <sys/priv.h> #define ADF_RAS_STR_LEN 64 @@ -13,6 +14,9 @@ static int adf_sysctl_read_ras_correctable(SYSCTL_HANDLER_ARGS) struct adf_accel_dev *accel_dev = arg1; unsigned long counter = 0; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + if (accel_dev->ras_counters) counter = atomic_read(&accel_dev->ras_counters[ADF_RAS_CORR]); @@ -24,6 +28,9 @@ static int adf_sysctl_read_ras_uncorrectable(SYSCTL_HANDLER_ARGS) struct adf_accel_dev *accel_dev = arg1; unsigned long counter = 0; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + if (accel_dev->ras_counters) counter = atomic_read(&accel_dev->ras_counters[ADF_RAS_UNCORR]); @@ -35,6 +42,9 @@ static int adf_sysctl_read_ras_fatal(SYSCTL_HANDLER_ARGS) struct adf_accel_dev *accel_dev = arg1; unsigned long counter = 0; + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + if (accel_dev->ras_counters) counter = atomic_read(&accel_dev->ras_counters[ADF_RAS_FATAL]); @@ -47,6 +57,9 @@ static int adf_sysctl_write_ras_reset(SYSCTL_HANDLER_ARGS) int value = 0; int ret = SYSCTL_IN(req, &value, sizeof(value)); + if (priv_check(curthread, PRIV_DRIVER) != 0) + return EPERM; + if (!ret && value != 0 && accel_dev->ras_counters) { }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202506201352.55KDqZgZ058444>