From 79ab0ba6c4bd23dfbf5fa64c2e79a0b29dfc8fbf Mon Sep 17 00:00:00 2001
From: Debarshi Dutta <ddutta@nvidia.com>
Date: Tue, 7 Sep 2021 18:18:39 +0530
Subject: [PATCH] gpu: nvgpu: remove sudo restrictions on gpu nodes.

When SMC modes are enabled, devices are created with sudo-only
access permissions. Those permissions are relaxed to allow non-sudo
processes to allow job submission.

Also, allow only root users to poweroff explicitely via the device
power node.

Bug 3374078

Change-Id: Ieb869399c3ada3588708cf2bc99a580414023cb7
Signed-off-by: Debarshi Dutta <ddutta@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvgpu/+/2590584
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
---
 drivers/gpu/nvgpu/os/linux/ioctl.c     | 16 ----------------
 drivers/gpu/nvgpu/os/linux/module.c    |  5 +++++
 drivers/gpu/nvgpu/os/linux/power_ops.c |  2 +-
 3 files changed, 6 insertions(+), 17 deletions(-)

diff --git a/drivers/gpu/nvgpu/os/linux/ioctl.c b/drivers/gpu/nvgpu/os/linux/ioctl.c
index 0d4edb45e..b6815bb52 100644
--- a/drivers/gpu/nvgpu/os/linux/ioctl.c
+++ b/drivers/gpu/nvgpu/os/linux/ioctl.c
@@ -198,10 +198,6 @@ static char *nvgpu_devnode(const char *cdev_name)
 
 static char *nvgpu_pci_devnode(struct device *dev, umode_t *mode)
 {
-	if (mode) {
-		*mode = S_IRUSR | S_IWUSR;
-	}
-
 	/* Special case to maintain legacy names */
 	if (strcmp(dev_name(dev), "channel") == 0) {
 		return kasprintf(GFP_KERNEL, "nvgpu-pci/card-%s",
@@ -214,19 +210,11 @@ static char *nvgpu_pci_devnode(struct device *dev, umode_t *mode)
 
 static char *nvgpu_devnode_v2(struct device *dev, umode_t *mode)
 {
-	if (mode) {
-		*mode = S_IRUSR | S_IWUSR;
-	}
-
 	return kasprintf(GFP_KERNEL, "nvgpu/igpu0/%s", dev_name(dev));
 }
 
 static char *nvgpu_pci_devnode_v2(struct device *dev, umode_t *mode)
 {
-	if (mode) {
-		*mode = S_IRUSR | S_IWUSR;
-	}
-
 	return kasprintf(GFP_KERNEL, "nvgpu/dgpu-%s/%s", dev_name(dev->parent),
 			dev_name(dev));
 }
@@ -235,10 +223,6 @@ static char *nvgpu_mig_fgpu_devnode(struct device *dev, umode_t *mode)
 {
 	struct nvgpu_cdev_class_priv_data *priv_data;
 
-	if (mode) {
-		*mode = S_IRUSR | S_IWUSR;
-	}
-
 	priv_data = dev_get_drvdata(dev);
 
 	if (priv_data->pci) {
diff --git a/drivers/gpu/nvgpu/os/linux/module.c b/drivers/gpu/nvgpu/os/linux/module.c
index 50e107b4b..e660c5156 100644
--- a/drivers/gpu/nvgpu/os/linux/module.c
+++ b/drivers/gpu/nvgpu/os/linux/module.c
@@ -1832,6 +1832,11 @@ int gk20a_driver_force_power_off(struct gk20a *g)
 	struct gk20a_platform *platform = gk20a_get_platform(dev);
 	int err = 0;
 
+	if (!capable(CAP_SYS_NICE)) {
+		nvgpu_err(g, "User doesn't have the permission for this operation");
+		return -EPERM;
+	}
+
 #ifdef CONFIG_NVGPU_DGPU
 	if (g->pci_class) {
 		nvgpu_err(g, "Poweroff is not supported for device yet.");
diff --git a/drivers/gpu/nvgpu/os/linux/power_ops.c b/drivers/gpu/nvgpu/os/linux/power_ops.c
index 0a44b0750..7b11a8fe4 100644
--- a/drivers/gpu/nvgpu/os/linux/power_ops.c
+++ b/drivers/gpu/nvgpu/os/linux/power_ops.c
@@ -136,7 +136,7 @@ int gk20a_power_write(struct file *filp, const char __user *buf,
 		if (err) {
 			nvgpu_err(g, "power_node_write failed at busy");
 			kfree(userinput);
-			return -EINVAL;
+			return err;
 		}
 	} else {
 		nvgpu_err(g, "1/0 are the valid values to power-on the GPU");