Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp3708980rdg; Wed, 18 Oct 2023 03:57:18 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHVuQbtSMkLeinJH3aqGr9Q/d+RhbO+LNrL9eSgc7QxBdiba22xpEMy3DZEygp/Q1R/b88+ X-Received: by 2002:a05:6a00:22d3:b0:68f:cc0e:355d with SMTP id f19-20020a056a0022d300b0068fcc0e355dmr5539558pfj.25.1697626638558; Wed, 18 Oct 2023 03:57:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697626638; cv=none; d=google.com; s=arc-20160816; b=PlC4LxLcvVhJM7w7ZNShcQv1FFf/WaVdImOlrbEMJp/Bp2wrlL9T6E2BiBn0iN7tL+ AZq1TdYfmWkkWyVd7SnIxSxjvJ/p9kYJomLSTcyjLPWkQD0n2LIQRaFd0aPfuRnF3bcJ rC+KccX1Vv8yXQHJyqLLLomhcwEMYTnJPiA2ciOLiGw8MS0SHne0quIPlpySw6gPxRf3 MARve/IyKLmozVTgy7Ot64iMomYV1TXBvLW0KXCJcy1hMp+Ob0MnvfJZOSpHfNx/x/m6 IDkhtRjFA1oCALT4yLa8iGqWkN73qR3kA4uCp659NWumU9noO9oZbFTPfZLNxi1q1F4f ZLYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:ui-outboundreport:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=9vf1ixH2qLJzlXFGb64g2kEhkedNPAsYtGmzXincPmU=; fh=c4ql7d5QsFreQmYQr7ycbAsMayBEmNUOv2nmR/PVp9M=; b=p+MtDuY1nHuEAEa5wI3nwk2vqiuqdK7SOngPZv9cOfpUYbqLzHZAnIwNhGefv3yD6+ LQdnQS1jsCgZEMSPe1LRm9lEOTWcCZ6WFPF4P2kqFRyE/UuzprNEbAltkuiOnq2Cc36v k0i2Uj5zNZZZx9NBKkEOermNvSLHNnfq+RQ0ZN3Kfcved9QY+nMnUQNpYxPCaThdxM09 vEuQgdK5XzAZtcO9IDkBjCHxdc7eGu+dfdx5X1KsDqYQwPfTIq3QdJuGwxURrkaT55CR Mg+DeJpxu1kBWrCIlL1r4DnyYkeJz5mHVPHPbDVadT13oVu5hRcD77ks458Ok6moAyhv 5FMw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Return-Path: Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id w8-20020a63f508000000b00573fd9be4bdsi1953277pgh.493.2023.10.18.03.57.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 03:57:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aisec.fraunhofer.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 52C018023187; Wed, 18 Oct 2023 03:57:15 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229965AbjJRK5H (ORCPT + 99 others); Wed, 18 Oct 2023 06:57:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40444 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229453AbjJRK5C (ORCPT ); Wed, 18 Oct 2023 06:57:02 -0400 X-Greylist: delayed 332 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Wed, 18 Oct 2023 03:56:59 PDT Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E5D3E10A; Wed, 18 Oct 2023 03:56:59 -0700 (PDT) Received: from weisslap.aisec.fraunhofer.de ([91.67.186.133]) by mrelayeu.kundenserver.de (mreue012 [212.227.15.167]) with ESMTPSA (Nemesis) id 1Myevl-1rkb8513aX-00ywBN; Wed, 18 Oct 2023 12:51:00 +0200 From: =?UTF-8?q?Michael=20Wei=C3=9F?= To: Alexander Mikhalitsyn , Christian Brauner , Alexei Starovoitov , Paul Moore Cc: Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Quentin Monnet , Alexander Viro , Miklos Szeredi , Amir Goldstein , "Serge E. Hallyn" , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, gyroidos@aisec.fraunhofer.de, =?UTF-8?q?Michael=20Wei=C3=9F?= Subject: [RFC PATCH v2 07/14] drm/amdkfd: Switch from devcgroup_check_permission to security hook Date: Wed, 18 Oct 2023 12:50:26 +0200 Message-Id: <20231018105033.13669-8-michael.weiss@aisec.fraunhofer.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> References: <20231018105033.13669-1-michael.weiss@aisec.fraunhofer.de> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K1:5hEHFJ1ImyT/QBoZt+16PZOB0PG8GCYi6JjwGtaP6iS7hUpeti4 SQkmld3M5LO4Um0eZThRUP8ulZFPP+a7w11JYT5kc+yKewkRv47KcwH+ZUHSnHecFJqezO1 kmiKN3Jv2MKghSH9lFZYmT8Jk7fJvfL2Y+iJ4CREoeJGJJGWsyQtOo9/38siC3NrBZnmenN bR0USbbnxTsgNCcwoS86Q== UI-OutboundReport: notjunk:1;M01:P0:GtiADAAjAwY=;LC6o+4QflxJbOhLM1dykXA+PqWA DXAh9zy91am0hr7PYpYyD4+FPQqw7awKB7Gcpw5icJ6sQUly0ayUAUWqy/aWUqkIM5Nn7Dkiy WiJk7AzjBK0puAEu89YWyyWS+F5mfZIGUCFRuEzGWpoIo3HuCnRT1BYULf2Wsjl0zQGWF3QSF u7AAH7MrCJwKgv5P1nz+5xGqDmytVwALHJys+Bke29D7IzdFNx8e1T9WBAJPFszCwaVfpIf4k ERBxSLBRNZfVd2kf2AGI4+tAyd3J18rhisnNysVUjl/4eeBPw48jRtMx+k5LC7rJ1ftwc4G/3 EugVRAdbqmmEb/S4Cr73MaIPdCJK3e+md+9X5DfYYy+cPB0yayJeYTJT65mEzO29RN1YTeEDd UUhDHcZvhMtpkHIwLLL8kpkUuf1K7HUO8BrwEjATSlRrjXqaYJWoP5eua8yKaDNsNupmET7n2 Eeerq5i/DZWD0t14Jy4xh/BuAdBwFwvbFpMjaqqdgFiP3MdgarW9ayr9idjmPlZb6n6G5Foj4 NMCDT5uQPjbGM6gFMdjqJg8Sx6vZM3SbsIaGaY4JbBZyRtyAnDGfycaLGsBzGpRJOe0DQ/6NW Yv+dc66TYfV+IlVu+T0OYwgAJwrFTWPE7k25Pn0AkVjOfH2adPwAGsM4Ujms/4D8TfdMGuQkN QM3BJuC64orDPjgDXm/6aYne4+HExF3wazTVThD3kepQkPPpiqGHZKwhObk+8fmtLu8QZfgIF E8yfPKJKZCb9VPRQRIqYCFnabCE8FJ4KmWDXoqJp4kmUCs9uaqLbAClyfwwCxs1j1ZwOI0azk 81t+E0E+AWYMxSTff25Cl+HLAmFD+hsn4EBgD0vujsbgWcGc4y/ETnw4mCMwJCwGNVoSCxVNs vVEcbR9TcxtzDHw== X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Wed, 18 Oct 2023 03:57:15 -0700 (PDT) The new lsm-based cgroup device access control provides an equivalent hook to check device permission. Thus, switch to the more generic security hook security_dev_permission() instead of directly calling devcgroup_check_permission(). Signed-off-by: Michael Weiß --- drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h index fa24e1852493..50979f332e38 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h +++ b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h @@ -38,7 +38,7 @@ #include #include #include -#include +#include #include #include #include @@ -1487,9 +1487,8 @@ static inline int kfd_devcgroup_check_permission(struct kfd_node *kfd) #if defined(CONFIG_CGROUP_DEVICE) || defined(CONFIG_CGROUP_BPF) struct drm_device *ddev = adev_to_drm(kfd->adev); - return devcgroup_check_permission(DEVCG_DEV_CHAR, DRM_MAJOR, - ddev->render->index, - DEVCG_ACC_WRITE | DEVCG_ACC_READ); + return security_dev_permission(S_IFCHR, MKDEV(DRM_MAJOR, ddev->render->index), + MAY_WRITE | MAY_READ); #else return 0; #endif -- 2.30.2