nvsciipc: enable endpoint security

- allow ioctl access if UID looked up is one of process UID or SGIDs. - removed legacy codes - set UID of set DB ioctl using sysfs JIRA: NVIPC-2817 Change-Id: Ic910b5bdbb362e9cda0cc3af4bcd9c1642725a25 Signed-off-by: Suneel Kumar Pemmineti <spemmineti@nvidia.com> Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3225830 Tested-by: Joshua Cha <joshuac@nvidia.com> Reviewed-by: Simon Je <sje@nvidia.com> GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
2025-12-22 09:11:26 +03:00 · 2024-09-17 15:10:52 +00:00
parent 1fabab5472
commit 04ccb5c0c3
3 changed files with 126 additions and 123 deletions
--- a/include/uapi/linux/nvsciipc_ioctl.h
+++ b/include/uapi/linux/nvsciipc_ioctl.h
@@ -33,29 +33,6 @@ struct nvsciipc_config_entry {
 	uint32_t uid;
 };

-/* TODO: remove it after migration */
-struct nvsciipc_config_entry_legacy {
-	/* endpoint name */
-	char ep_name[NVSCIIPC_MAX_EP_NAME];
-	/* node name for shm/sem */
-	char dev_name[NVSCIIPC_MAX_EP_NAME];
-	uint32_t backend;       /* backend type */
-	uint32_t nframes;       /* frame count */
-	uint32_t frame_size;    /* frame size */
-	/* ep id    for inter-Proc/Thread
-	 * queue id for inter-VM
-	 * dev id   for inter-Chip
-	 */
-	uint32_t id;
-	uint64_t vuid;  /* VM-wide unique id */
-	char rdma_dev_name[NVSCIIPC_MAX_RDMA_NAME];
-	char remote_ip[NVSCIIPC_MAX_IP_NAME];
-	uint32_t remote_port;
-	uint32_t local_port;
-	uint32_t peer_vmid;
-	uint32_t noti_type;
-};
-
 struct nvsciipc_db {
 	int num_eps;
 	struct nvsciipc_config_entry **entry;
@@ -77,13 +54,6 @@ struct nvsciipc_get_db_by_name {
 	uint32_t idx;
 };

-/* TODO: remove it after migration */
-struct nvsciipc_get_db_by_name_legacy {
-	char ep_name[NVSCIIPC_MAX_EP_NAME];
-	struct nvsciipc_config_entry_legacy entry;
-	uint32_t idx;
-};
-
 struct nvsciipc_get_db_by_vuid {
 	uint64_t vuid;
 	struct nvsciipc_config_entry entry;
@@ -95,7 +65,6 @@ struct nvsciipc_get_db_by_idx {
 	uint32_t idx;
 };

-/* for userspace level test, debugging purpose only */
 struct nvsciipc_validate_auth_token {
 	uint32_t auth_token;
 	uint64_t local_vuid;
@@ -107,7 +76,6 @@ struct nvsciipc_topoid {
 	uint32_t vmid;
 };

-/* for userspace level test, debugging purpose only */
 struct nvsciipc_map_vuid {
 	uint64_t vuid;
 	struct nvsciipc_topoid peer_topoid;
@@ -132,11 +100,9 @@ struct nvsciipc_map_vuid {
 #define NVSCIIPC_IOCTL_GET_DB_SIZE \
 	_IOR(NVSCIIPC_IOCTL_MAGIC, 5, uint32_t)

-/* debugging purpose only */
 #define NVSCIIPC_IOCTL_VALIDATE_AUTH_TOKEN \
 	_IOWR(NVSCIIPC_IOCTL_MAGIC, 6, struct nvsciipc_validate_auth_token)

-/* debugging purpose only */
 #define NVSCIIPC_IOCTL_MAP_VUID \
 	_IOWR(NVSCIIPC_IOCTL_MAGIC, 7, struct nvsciipc_map_vuid)