git: ef712e91a866 - stable/14 - qat: restrict sysctl access to privileged users
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 20 Jun 2025 13:52:35 UTC
The branch stable/14 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=ef712e91a8669c9ab8bc6456d02027fced6920fc
commit ef712e91a8669c9ab8bc6456d02027fced6920fc
Author: Hareshx Sankar Raj <hareshx.sankar.raj@intel.com>
AuthorDate: 2025-04-30 22:27:51 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-06-20 12:47:27 +0000
qat: restrict sysctl access to privileged users
Access to crucial QAT driver internals, such as
firmware counters and transport debug via
sysctl, has been limited to privileged users only.
Reviewed by: markj, ziaee
MFC after: 2 weeks
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D50379
(cherry picked from commit 8aa51e6d7de0a828020de64560d1385e15955a1c)
---
sys/dev/qat/qat_common/adf_cfg_sysctl.c | 15 ++++-
sys/dev/qat/qat_common/adf_clock.c | 34 +++++++++--
sys/dev/qat/qat_common/adf_freebsd_cfg_dev_dbg.c | 6 +-
.../qat/qat_common/adf_freebsd_cnvnr_ctrs_dbg.c | 4 ++
sys/dev/qat/qat_common/adf_freebsd_heartbeat_dbg.c | 66 +++++++++++++++++++---
sys/dev/qat/qat_common/adf_freebsd_pfvf_ctrs_dbg.c | 6 +-
.../qat/qat_common/adf_freebsd_transport_debug.c | 9 ++-
sys/dev/qat/qat_common/adf_freebsd_ver_dbg.c | 10 ++++
sys/dev/qat/qat_common/adf_fw_counters.c | 4 ++
sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ae_config.c | 7 ++-
.../qat_hw/qat_c4xxx/adf_c4xxx_misc_error_stats.c | 6 +-
.../qat_hw/qat_c4xxx/adf_c4xxx_pke_replay_stats.c | 6 +-
sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ras.c | 15 ++++-
13 files changed, 167 insertions(+), 21 deletions(-)
diff --git a/sys/dev/qat/qat_common/adf_cfg_sysctl.c b/sys/dev/qat/qat_common/adf_cfg_sysctl.c
index 621c3cc5b6c6..1a836765c94a 100644
--- a/sys/dev/qat/qat_common/adf_cfg_sysctl.c
+++ b/sys/dev/qat/qat_common/adf_cfg_sysctl.c
@@ -1,5 +1,5 @@
/* SPDX-License-Identifier: BSD-3-Clause */
-/* Copyright(c) 2007-2022 Intel Corporation */
+/* Copyright(c) 2007-2025 Intel Corporation */
#include <sys/types.h>
#include <sys/sysctl.h>
#include <sys/systm.h>
@@ -10,6 +10,7 @@
#include "adf_common_drv.h"
#include <sys/mutex.h>
#include <sys/sbuf.h>
+#include <sys/priv.h>
#define ADF_CFG_SYSCTL_BUF_SZ ADF_CFG_MAX_VAL
#define ADF_CFG_UP_STR "up"
@@ -105,6 +106,9 @@ static int adf_cfg_sysctl_services_handle(SYSCTL_HANDLER_ARGS)
int ret = 0;
int i = 0;
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
accel_dev = arg1;
if (!accel_dev)
return ENXIO;
@@ -156,6 +160,9 @@ static int adf_cfg_sysctl_mode_handle(SYSCTL_HANDLER_ARGS)
int ret = 0;
int i = 0;
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
accel_dev = arg1;
if (!accel_dev)
return ENXIO;
@@ -204,6 +211,9 @@ static int adf_cfg_sysctl_handle(SYSCTL_HANDLER_ARGS)
unsigned int len;
int ret = 0;
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
accel_dev = arg1;
if (!accel_dev)
return ENXIO;
@@ -245,6 +255,9 @@ static int adf_cfg_sysctl_num_processes_handle(SYSCTL_HANDLER_ARGS)
uint32_t num_user_processes = 0;
int ret = 0;
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
accel_dev = arg1;
if (!accel_dev)
return ENXIO;
diff --git a/sys/dev/qat/qat_common/adf_clock.c b/sys/dev/qat/qat_common/adf_clock.c
index 36204c9939ac..f5d4116505b6 100644
--- a/sys/dev/qat/qat_common/adf_clock.c
+++ b/sys/dev/qat/qat_common/adf_clock.c
@@ -1,9 +1,10 @@
/* SPDX-License-Identifier: BSD-3-Clause */
-/* Copyright(c) 2007-2022 Intel Corporation */
+/* Copyright(c) 2007-2025 Intel Corporation */
#include "adf_accel_devices.h"
#include "adf_common_drv.h"
#include <linux/delay.h>
+#include <sys/priv.h>
#define MEASURE_CLOCK_RETRIES 10
#define MEASURE_CLOCK_DELTA_THRESHOLD 100
@@ -21,11 +22,30 @@
} \
} while (0)
+static int adf_clock_read_frequency(SYSCTL_HANDLER_ARGS)
+{
+ struct adf_accel_dev *accel_dev = arg1;
+ struct adf_hw_device_data *hw_data;
+ int error = EFAULT;
+
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
+ if (accel_dev == NULL)
+ return EINVAL;
+
+ hw_data = accel_dev->hw_device;
+
+ error = sysctl_handle_int(oidp, &hw_data->clock_frequency, 0, req);
+ if (error || !req->newptr)
+ return error;
+
+ return (0);
+}
+
int
adf_clock_debugfs_add(struct adf_accel_dev *accel_dev)
{
- struct adf_hw_device_data *hw_data = accel_dev->hw_device;
-
struct sysctl_ctx_list *qat_sysctl_ctx;
struct sysctl_oid *qat_sysctl_tree;
struct sysctl_oid *rc = 0;
@@ -35,13 +55,15 @@ adf_clock_debugfs_add(struct adf_accel_dev *accel_dev)
qat_sysctl_tree =
device_get_sysctl_tree(accel_dev->accel_pci_dev.pci_dev);
- rc = SYSCTL_ADD_UINT(qat_sysctl_ctx,
+ rc = SYSCTL_ADD_PROC(qat_sysctl_ctx,
SYSCTL_CHILDREN(qat_sysctl_tree),
OID_AUTO,
CLK_DBGFS_FILE,
- CTLFLAG_RD,
- &hw_data->clock_frequency,
+ CTLTYPE_INT | CTLFLAG_RD,
+ accel_dev,
0,
+ adf_clock_read_frequency,
+ "IU",
"clock frequency");
HB_SYSCTL_ERR(rc);
return 0;
diff --git a/sys/dev/qat/qat_common/adf_freebsd_cfg_dev_dbg.c b/sys/dev/qat/qat_common/adf_freebsd_cfg_dev_dbg.c
index 7585dd9b29d4..6068d7d99496 100644
--- a/sys/dev/qat/qat_common/adf_freebsd_cfg_dev_dbg.c
+++ b/sys/dev/qat/qat_common/adf_freebsd_cfg_dev_dbg.c
@@ -1,5 +1,5 @@
/* SPDX-License-Identifier: BSD-3-Clause */
-/* Copyright(c) 2007-2022 Intel Corporation */
+/* Copyright(c) 2007-2025 Intel Corporation */
#include "qat_freebsd.h"
#include "adf_common_drv.h"
#include "adf_cfg_device.h"
@@ -12,6 +12,7 @@
#include <sys/sx.h>
#include <sys/systm.h>
#include <sys/malloc.h>
+#include <sys/priv.h>
static int qat_dev_cfg_show(SYSCTL_HANDLER_ARGS)
{
@@ -21,6 +22,9 @@ static int qat_dev_cfg_show(SYSCTL_HANDLER_ARGS)
struct sbuf sb;
int error;
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
sbuf_new_for_sysctl(&sb, NULL, 128, req);
dev_cfg = arg1;
sx_slock(&dev_cfg->lock);
diff --git a/sys/dev/qat/qat_common/adf_freebsd_cnvnr_ctrs_dbg.c b/sys/dev/qat/qat_common/adf_freebsd_cnvnr_ctrs_dbg.c
index ead172635e59..539059589bc8 100644
--- a/sys/dev/qat/qat_common/adf_freebsd_cnvnr_ctrs_dbg.c
+++ b/sys/dev/qat/qat_common/adf_freebsd_cnvnr_ctrs_dbg.c
@@ -3,6 +3,7 @@
#include <sys/types.h>
#include <sys/sysctl.h>
#include <sys/systm.h>
+#include <sys/priv.h>
#include "adf_cnvnr_freq_counters.h"
#include "adf_common_drv.h"
#include "adf_cfg.h"
@@ -45,6 +46,9 @@ static int qat_cnvnr_ctrs_dbg_read(SYSCTL_HANDLER_ARGS)
char report[MAX_REPORT_SIZE];
char *report_ptr = report;
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
/* Defensive check */
if (!accel_dev || accel_dev->accel_id > ADF_MAX_DEVICES)
return EINVAL;
diff --git a/sys/dev/qat/qat_common/adf_freebsd_heartbeat_dbg.c b/sys/dev/qat/qat_common/adf_freebsd_heartbeat_dbg.c
index 8690c000760c..e7b4840600e1 100644
--- a/sys/dev/qat/qat_common/adf_freebsd_heartbeat_dbg.c
+++ b/sys/dev/qat/qat_common/adf_freebsd_heartbeat_dbg.c
@@ -3,6 +3,7 @@
#include <sys/types.h>
#include <sys/sysctl.h>
#include <sys/systm.h>
+#include <sys/priv.h>
#include "adf_heartbeat_dbg.h"
#include "adf_common_drv.h"
#include "adf_cfg.h"
@@ -17,6 +18,49 @@
} \
} while (0)
+
+static int qat_dev_hb_read_sent(SYSCTL_HANDLER_ARGS)
+{
+ struct adf_accel_dev *accel_dev = arg1;
+ struct adf_heartbeat *hb;
+ int error = EFAULT;
+
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
+ if (accel_dev == NULL)
+ return EINVAL;
+
+ hb = accel_dev->heartbeat;
+
+ error = sysctl_handle_int(oidp, &hb->hb_sent_counter, 0, req);
+ if (error || !req->newptr)
+ return error;
+
+ return (0);
+}
+
+static int qat_dev_hb_read_failed(SYSCTL_HANDLER_ARGS)
+{
+ struct adf_accel_dev *accel_dev = arg1;
+ struct adf_heartbeat *hb;
+ int error = EFAULT;
+
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
+ if (accel_dev == NULL)
+ return EINVAL;
+
+ hb = accel_dev->heartbeat;
+
+ error = sysctl_handle_int(oidp, &hb->hb_failed_counter, 0, req);
+ if (error || !req->newptr)
+ return error;
+
+ return (0);
+}
+
/* Handler for HB status check */
static int qat_dev_hb_read(SYSCTL_HANDLER_ARGS)
{
@@ -24,6 +68,10 @@ static int qat_dev_hb_read(SYSCTL_HANDLER_ARGS)
struct adf_accel_dev *accel_dev = arg1;
struct adf_heartbeat *hb;
int ret = 0;
+
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
if (accel_dev == NULL) {
return EINVAL;
}
@@ -63,24 +111,28 @@ adf_heartbeat_dbg_add(struct adf_accel_dev *accel_dev)
device_get_sysctl_tree(accel_dev->accel_pci_dev.pci_dev);
hb->heartbeat_sent.oid =
- SYSCTL_ADD_UINT(qat_hb_sysctl_ctx,
+ SYSCTL_ADD_PROC(qat_hb_sysctl_ctx,
SYSCTL_CHILDREN(qat_hb_sysctl_tree),
OID_AUTO,
"heartbeat_sent",
- CTLFLAG_RD,
- &hb->hb_sent_counter,
+ CTLTYPE_INT | CTLFLAG_RD,
+ accel_dev,
0,
- "HB sent count");
+ qat_dev_hb_read_sent,
+ "IU",
+ "HB failed count");
HB_SYSCTL_ERR(hb->heartbeat_sent.oid);
hb->heartbeat_failed.oid =
- SYSCTL_ADD_UINT(qat_hb_sysctl_ctx,
+ SYSCTL_ADD_PROC(qat_hb_sysctl_ctx,
SYSCTL_CHILDREN(qat_hb_sysctl_tree),
OID_AUTO,
"heartbeat_failed",
- CTLFLAG_RD,
- &hb->hb_failed_counter,
+ CTLTYPE_INT | CTLFLAG_RD,
+ accel_dev,
0,
+ qat_dev_hb_read_failed,
+ "IU",
"HB failed count");
HB_SYSCTL_ERR(hb->heartbeat_failed.oid);
diff --git a/sys/dev/qat/qat_common/adf_freebsd_pfvf_ctrs_dbg.c b/sys/dev/qat/qat_common/adf_freebsd_pfvf_ctrs_dbg.c
index 76830e2920c3..a50e5fa62a18 100644
--- a/sys/dev/qat/qat_common/adf_freebsd_pfvf_ctrs_dbg.c
+++ b/sys/dev/qat/qat_common/adf_freebsd_pfvf_ctrs_dbg.c
@@ -1,9 +1,10 @@
/* SPDX-License-Identifier: BSD-3-Clause */
-/* Copyright(c) 2007-2022 Intel Corporation */
+/* Copyright(c) 2007-2025 Intel Corporation */
#include "adf_accel_devices.h"
#include "adf_common_drv.h"
#include "adf_dev_err.h"
#include "adf_freebsd_pfvf_ctrs_dbg.h"
+#include <sys/priv.h>
#define MAX_REPORT_LINES (14)
#define MAX_REPORT_LINE_LEN (64)
@@ -92,6 +93,9 @@ static int adf_pfvf_ctrs_show(SYSCTL_HANDLER_ARGS)
struct pfvf_stats *pfvf_counters = arg1;
char report[MAX_REPORT_SIZE];
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
if (!pfvf_counters)
return EINVAL;
diff --git a/sys/dev/qat/qat_common/adf_freebsd_transport_debug.c b/sys/dev/qat/qat_common/adf_freebsd_transport_debug.c
index 35375bb20014..78ea6a7a5083 100644
--- a/sys/dev/qat/qat_common/adf_freebsd_transport_debug.c
+++ b/sys/dev/qat/qat_common/adf_freebsd_transport_debug.c
@@ -1,5 +1,5 @@
/* SPDX-License-Identifier: BSD-3-Clause */
-/* Copyright(c) 2007-2022 Intel Corporation */
+/* Copyright(c) 2007-2025 Intel Corporation */
#include "qat_freebsd.h"
#include "adf_cfg.h"
#include "adf_common_drv.h"
@@ -14,6 +14,7 @@
#include <sys/sbuf.h>
#include <sys/sysctl.h>
#include <sys/systm.h>
+#include <sys/priv.h>
static int adf_ring_show(SYSCTL_HANDLER_ARGS)
{
@@ -25,6 +26,9 @@ static int adf_ring_show(SYSCTL_HANDLER_ARGS)
int error, word;
uint32_t *wp, *end;
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
sbuf_new_for_sysctl(&sb, NULL, 128, req);
{
int head, tail, empty;
@@ -125,6 +129,9 @@ static int adf_bank_show(SYSCTL_HANDLER_ARGS)
struct sbuf sb;
int error, ring_id;
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
sbuf_new_for_sysctl(&sb, NULL, 128, req);
bank = arg1;
accel_dev = bank->accel_dev;
diff --git a/sys/dev/qat/qat_common/adf_freebsd_ver_dbg.c b/sys/dev/qat/qat_common/adf_freebsd_ver_dbg.c
index 98cde6a742c1..041481435426 100644
--- a/sys/dev/qat/qat_common/adf_freebsd_ver_dbg.c
+++ b/sys/dev/qat/qat_common/adf_freebsd_ver_dbg.c
@@ -5,12 +5,16 @@
#include "adf_common_drv.h"
#include "adf_accel_devices.h"
#include "adf_ver_dbg.h"
+#include <sys/priv.h>
static int adf_sysctl_read_fw_versions(SYSCTL_HANDLER_ARGS)
{
struct adf_accel_dev *accel_dev = arg1;
char fw_version[ADF_CFG_MAX_VAL_LEN_IN_BYTES];
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
if (!accel_dev)
return -EINVAL;
@@ -34,6 +38,9 @@ static int adf_sysctl_read_hw_versions(SYSCTL_HANDLER_ARGS)
struct adf_accel_dev *accel_dev = arg1;
char hw_version[ADF_CFG_MAX_VAL_LEN_IN_BYTES];
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
if (!accel_dev)
return -EINVAL;
@@ -55,6 +62,9 @@ static int adf_sysctl_read_mmp_versions(SYSCTL_HANDLER_ARGS)
struct adf_accel_dev *accel_dev = arg1;
char mmp_version[ADF_CFG_MAX_VAL_LEN_IN_BYTES];
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
if (!accel_dev)
return -EINVAL;
diff --git a/sys/dev/qat/qat_common/adf_fw_counters.c b/sys/dev/qat/qat_common/adf_fw_counters.c
index 1acabe4c9364..1356fa89e775 100644
--- a/sys/dev/qat/qat_common/adf_fw_counters.c
+++ b/sys/dev/qat/qat_common/adf_fw_counters.c
@@ -9,6 +9,7 @@
#include "icp_qat_fw_init_admin.h"
#include <sys/mutex.h>
#include <sys/sbuf.h>
+#include <sys/priv.h>
#define ADF_FW_COUNTERS_BUF_SZ 4096
#define ADF_RAS_EVENT_STR "RAS events"
@@ -126,6 +127,9 @@ int adf_read_fw_counters(SYSCTL_HANDLER_ARGS)
struct sbuf *sbuf = NULL;
char *cbuf = NULL;
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
if (accel_dev == NULL) {
return EINVAL;
}
diff --git a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ae_config.c b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ae_config.c
index e68d0bca80fc..a2bb36727fd4 100644
--- a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ae_config.c
+++ b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ae_config.c
@@ -1,5 +1,5 @@
/* SPDX-License-Identifier: BSD-3-Clause */
-/* Copyright(c) 2007-2022 Intel Corporation */
+/* Copyright(c) 2007-2025 Intel Corporation */
#include "adf_c4xxx_hw_data.h"
#include <linux/kernel.h>
#include <linux/types.h>
@@ -9,6 +9,7 @@
#include <linux/io.h>
#include <sys/sbuf.h>
#include <sys/sysctl.h>
+#include <sys/priv.h>
#include <adf_accel_devices.h>
#include <adf_common_drv.h>
#include <adf_cfg.h>
@@ -59,6 +60,10 @@ static int adf_ae_config_show(SYSCTL_HANDLER_ARGS)
u8 ae_index;
u8 num_aes;
int ret = 0;
+
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
u32 num_au = hw_data->get_num_accel_units(hw_data);
sbuf_new_for_sysctl(&sb, NULL, 2048, req);
diff --git a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_misc_error_stats.c b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_misc_error_stats.c
index 3821e60df746..4fdbec791ce6 100644
--- a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_misc_error_stats.c
+++ b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_misc_error_stats.c
@@ -1,11 +1,12 @@
/* SPDX-License-Identifier: BSD-3-Clause */
-/* Copyright(c) 2007-2022 Intel Corporation */
+/* Copyright(c) 2007-2025 Intel Corporation */
#include "adf_c4xxx_hw_data.h"
#include "adf_c4xxx_misc_error_stats.h"
#include "adf_common_drv.h"
#include "adf_cfg_common.h"
#include <sys/sbuf.h>
#include <sys/sysctl.h>
+#include <sys/priv.h>
#define MISC_ERROR_DBG_FILE "misc_error_stats"
#define LINE \
@@ -23,6 +24,9 @@ static int qat_misc_error_show(SYSCTL_HANDLER_ARGS)
{
struct sbuf sb;
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
sbuf_new_for_sysctl(&sb, NULL, 256, req);
sbuf_printf(&sb, "\n");
sbuf_printf(&sb, LINE);
diff --git a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_pke_replay_stats.c b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_pke_replay_stats.c
index 61a879900f9c..06145a3d7906 100644
--- a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_pke_replay_stats.c
+++ b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_pke_replay_stats.c
@@ -1,11 +1,12 @@
/* SPDX-License-Identifier: BSD-3-Clause */
-/* Copyright(c) 2007-2022 Intel Corporation */
+/* Copyright(c) 2007-2025 Intel Corporation */
#include "adf_c4xxx_hw_data.h"
#include "adf_c4xxx_pke_replay_stats.h"
#include "adf_common_drv.h"
#include "icp_qat_fw_init_admin.h"
#include <sys/sbuf.h>
#include <sys/sysctl.h>
+#include <sys/priv.h>
#define PKE_REPLAY_DBG_FILE "pke_replay_stats"
#define LINE \
@@ -21,6 +22,9 @@ static int qat_pke_replay_counters_show(SYSCTL_HANDLER_ARGS)
u64 suc_counter = 0;
u64 unsuc_counter = 0;
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
sbuf_new_for_sysctl(&sb, NULL, 256, req);
sbuf_printf(&sb, "\n");
diff --git a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ras.c b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ras.c
index d7cf8e350fa4..af4c6d123c84 100644
--- a/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ras.c
+++ b/sys/dev/qat/qat_hw/qat_c4xxx/adf_c4xxx_ras.c
@@ -1,10 +1,11 @@
/* SPDX-License-Identifier: BSD-3-Clause */
-/* Copyright(c) 2007-2022 Intel Corporation */
+/* Copyright(c) 2007-2025 Intel Corporation */
#include "adf_c4xxx_ras.h"
#include "adf_accel_devices.h"
#include "adf_c4xxx_hw_data.h"
#include <adf_dev_err.h>
#include "adf_c4xxx_inline.h"
+#include <sys/priv.h>
#define ADF_RAS_STR_LEN 64
@@ -13,6 +14,9 @@ static int adf_sysctl_read_ras_correctable(SYSCTL_HANDLER_ARGS)
struct adf_accel_dev *accel_dev = arg1;
unsigned long counter = 0;
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
if (accel_dev->ras_counters)
counter = atomic_read(&accel_dev->ras_counters[ADF_RAS_CORR]);
@@ -24,6 +28,9 @@ static int adf_sysctl_read_ras_uncorrectable(SYSCTL_HANDLER_ARGS)
struct adf_accel_dev *accel_dev = arg1;
unsigned long counter = 0;
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
if (accel_dev->ras_counters)
counter = atomic_read(&accel_dev->ras_counters[ADF_RAS_UNCORR]);
@@ -35,6 +42,9 @@ static int adf_sysctl_read_ras_fatal(SYSCTL_HANDLER_ARGS)
struct adf_accel_dev *accel_dev = arg1;
unsigned long counter = 0;
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
if (accel_dev->ras_counters)
counter = atomic_read(&accel_dev->ras_counters[ADF_RAS_FATAL]);
@@ -47,6 +57,9 @@ static int adf_sysctl_write_ras_reset(SYSCTL_HANDLER_ARGS)
int value = 0;
int ret = SYSCTL_IN(req, &value, sizeof(value));
+ if (priv_check(curthread, PRIV_DRIVER) != 0)
+ return EPERM;
+
if (!ret && value != 0 && accel_dev->ras_counters) {
}