[PATCH v2] genirq: procfs: Make smp_affinity read-only for interrupts that userspace can't set

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Jeff Xie <jeff.xie@linux.dev>
To: tglx@linutronix.de
Cc: linux-kernel@vger.kernel.org, xiehuan09@gmail.com,
	Jeff Xie <jeff.xie@linux.dev>
Subject: [PATCH v2] genirq: procfs: Make smp_affinity read-only for interrupts that userspace can't set
Date: Sun, 25 Aug 2024 21:19:11 +0800	[thread overview]
Message-ID: <20240825131911.107119-1-jeff.xie@linux.dev> (raw)

The kernel already knows at the time of interrupt allocation that the
affinity cannot be controlled by userspace and therefore creating the
file with write permissions is wrong.

Therefore set the file permissions to read-only for such interrupts.

Signed-off-by: Jeff Xie <jeff.xie@linux.dev>
---
v2:
- Updated the description suggested by tglx
- Corrected the return value from -EIO to -EPERM when the userspace can't set the affinity

 kernel/irq/proc.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/kernel/irq/proc.c b/kernel/irq/proc.c
index 8cccdf40725a..7b3a4c92d148 100644
--- a/kernel/irq/proc.c
+++ b/kernel/irq/proc.c
@@ -142,7 +142,7 @@ static ssize_t write_irq_affinity(int type, struct file *file,
 	int err;
 
 	if (!irq_can_set_affinity_usr(irq) || no_irq_affinity)
-		return -EIO;
+		return -EPERM;
 
 	if (!zalloc_cpumask_var(&new_value, GFP_KERNEL))
 		return -ENOMEM;
@@ -340,6 +340,7 @@ void register_irq_proc(unsigned int irq, struct irq_desc *desc)
 	static DEFINE_MUTEX(register_lock);
 	void __maybe_unused *irqp = (void *)(unsigned long) irq;
 	char name [MAX_NAMELEN];
+	umode_t umode = S_IRUGO;
 
 	if (!root_irq_dir || (desc->irq_data.chip == &no_irq_chip))
 		return;
@@ -362,8 +363,11 @@ void register_irq_proc(unsigned int irq, struct irq_desc *desc)
 		goto out_unlock;
 
 #ifdef CONFIG_SMP
+	if (irq_can_set_affinity_usr(desc->irq_data.irq))
+		umode |= S_IWUSR;
+
 	/* create /proc/irq/<irq>/smp_affinity */
-	proc_create_data("smp_affinity", 0644, desc->dir,
+	proc_create_data("smp_affinity", umode, desc->dir,
 			 &irq_affinity_proc_ops, irqp);
 
 	/* create /proc/irq/<irq>/affinity_hint */
@@ -371,7 +375,7 @@ void register_irq_proc(unsigned int irq, struct irq_desc *desc)
 			irq_affinity_hint_proc_show, irqp);
 
 	/* create /proc/irq/<irq>/smp_affinity_list */
-	proc_create_data("smp_affinity_list", 0644, desc->dir,
+	proc_create_data("smp_affinity_list", umode, desc->dir,
 			 &irq_affinity_list_proc_ops, irqp);
 
 	proc_create_single_data("node", 0444, desc->dir, irq_node_proc_show,
-- 
2.34.1

next             reply	other threads:[~2024-08-25 13:19 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-08-25 13:19 Jeff Xie [this message]
2024-08-26 10:55 ` [PATCH v2] genirq: procfs: Make smp_affinity read-only for interrupts that userspace can't set Thomas Gleixner
2024-08-26 11:27   ` jeff.xie
2024-08-26 12:09 ` [tip: irq/core] genirq/procfs: Correctly set file permissions for affinity control files tip-bot2 for Jeff Xie
2024-08-27  6:22 ` [PATCH v2] genirq: procfs: Make smp_affinity read-only for interrupts that userspace can't set kernel test robot
2024-08-27 10:20 ` [tip: irq/core] genirq/procfs: Correctly set file permissions for affinity control files tip-bot2 for Jeff Xie
2024-08-27 12:02 ` tip-bot2 for Jeff Xie
2024-08-29 14:46 ` [tip: irq/core] genirq/proc: " tip-bot2 for Jeff Xie

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8cccdf40725 dfblob:7b3a4c92d14 )
 OR (
bs:"[PATCH v2] genirq: procfs: Make smp_affinity read-only for interrupts that userspace can't set" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240825131911.107119-1-jeff.xie@linux.dev \
    --to=jeff.xie@linux.dev \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tglx@linutronix.de \
    --cc=xiehuan09@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox