From 811f8546cff9ab3d811ad5aeeb3df65395ad7282 Mon Sep 17 00:00:00 2001
From: Deepak Goyal <dgoyal@nvidia.com>
Date: Tue, 25 Apr 2023 10:51:46 +0000
Subject: [PATCH] nvgpu: sysfs: remove 'allow_all' from prod build

REG_OPS whitelist can be bypassed using sysfs
/sys/devices/gpu.0/allow_all
Sysfs are privileged, need Root access to set this sysfs.
This node should not be exposed by NVGPU-RM in Linux prod builds.

Bug 4083557

Change-Id: I984212df7a9f2dfeb6759cc502ae485daa1d82d4
Signed-off-by: Deepak Goyal <dgoyal@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvgpu/+/2893829
Reviewed-by: Sagar Kamble <skamble@nvidia.com>
Reviewed-by: Vaibhav Kachore <vkachore@nvidia.com>
GVS: Gerrit_Virtual_Submit <buildbot_gerritrpt@nvidia.com>
---
 drivers/gpu/nvgpu/os/linux/sysfs.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/nvgpu/os/linux/sysfs.c b/drivers/gpu/nvgpu/os/linux/sysfs.c
index 8ac91a6b2..8be675543 100644
--- a/drivers/gpu/nvgpu/os/linux/sysfs.c
+++ b/drivers/gpu/nvgpu/os/linux/sysfs.c
@@ -1516,8 +1516,12 @@ void nvgpu_remove_sysfs(struct device *dev)
 	device_remove_file(dev, &dev_attr_force_idle);
 	device_remove_file(dev, &dev_attr_railgate_enable);
 #endif
-	device_remove_file(dev, &dev_attr_allow_all);
 	device_remove_file(dev, &dev_attr_golden_img_status);
+#ifdef CONFIG_NVGPU_DEBUGGER
+	if (g->support_gpu_tools) {
+		device_remove_file(dev, &dev_attr_allow_all);
+	}
+#endif
 	device_remove_file(dev, &dev_attr_tpc_fs_mask);
 	device_remove_file(dev, &dev_attr_tpc_pg_mask);
 	device_remove_file(dev, &dev_attr_gpc_fs_mask);
@@ -1593,8 +1597,12 @@ int nvgpu_create_sysfs(struct device *dev)
 	error |= device_create_file(dev, &dev_attr_force_idle);
 	error |= device_create_file(dev, &dev_attr_railgate_enable);
 #endif
-	error |= device_create_file(dev, &dev_attr_allow_all);
 	error |= device_create_file(dev, &dev_attr_golden_img_status);
+#ifdef CONFIG_NVGPU_DEBUGGER
+	if (g->support_gpu_tools) {
+		error |= device_create_file(dev, &dev_attr_allow_all);
+	}
+#endif
 	error |= device_create_file(dev, &dev_attr_tpc_fs_mask);
 	error |= device_create_file(dev, &dev_attr_tpc_pg_mask);
 	error |= device_create_file(dev, &dev_attr_gpc_fs_mask);