[PATCH] powerpc/papr_scm: Limit the readability of 'perf_stats' sysfs attribute

Vaibhav Jain vaibhav at linux.ibm.com
Thu Aug 13 14:34:58 AEST 2020


The newly introduced 'perf_stats' attribute uses the default access
mode of 0444 letting non-root users access performance stats of an
nvdimm and potentially force the kernel into issuing large number of
expensive HCALLs. Since the information exposed by this attribute
cannot be cached hence its better to ward of access to this attribute
from users who don't need to access these performance statistics.

Hence this patch adds check in perf_stats_show() to only let users
that are 'perfmon_capable()' to read the nvdimm performance
statistics.

Fixes: 2d02bf835e573 ('powerpc/papr_scm: Fetch nvdimm performance stats from PHYP')
Reported-by: Aneesh Kumar K.V <aneesh.kumar at linux.ibm.com>
Signed-off-by: Vaibhav Jain <vaibhav at linux.ibm.com>
---
 arch/powerpc/platforms/pseries/papr_scm.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/powerpc/platforms/pseries/papr_scm.c b/arch/powerpc/platforms/pseries/papr_scm.c
index f439f0dfea7d1..36c51bf8af9a8 100644
--- a/arch/powerpc/platforms/pseries/papr_scm.c
+++ b/arch/powerpc/platforms/pseries/papr_scm.c
@@ -792,6 +792,10 @@ static ssize_t perf_stats_show(struct device *dev,
 	struct nvdimm *dimm = to_nvdimm(dev);
 	struct papr_scm_priv *p = nvdimm_provider_data(dimm);
 
+	/* Allow access only to perfmon capable users */
+	if (!perfmon_capable())
+		return -EACCES;
+
 	if (!p->stat_buffer_len)
 		return -ENOENT;
 
-- 
2.26.2



More information about the Linuxppc-dev mailing list