diff options
| author | Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com> | 2026-01-06 22:07:29 -0800 |
|---|---|---|
| committer | Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> | 2026-01-13 16:31:33 +0200 |
| commit | 69cd1ca440a96c85dcedcddfa5e0af6012f60b8b (patch) | |
| tree | ffa4802a24ae30f7dea3ff882b54d27716b29ae8 /drivers/platform | |
| parent | dc7901b5a1563a9c9eb29b3b0b0dac3162065cd8 (diff) | |
platform/x86: ISST: Check for admin capability for write commands
In some SST deployments, administrators want to allow reading SST
capabilities for non-root users. This can be achieved by changing file
permissions for "/dev/isst_interface", but they still want to prevent
any changes to the SST configuration by non-root users.
This capability was available before for non-TPMI SST. Extend the same
capability for TPMI SST by adding a check for CAP_SYS_ADMIN for all
write commands.
Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Link: https://patch.msgid.link/20260107060729.1634420-1-srinivas.pandruvada@linux.intel.com
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Diffstat (limited to 'drivers/platform')
| -rw-r--r-- | drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c b/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c index 13b11c3a2ec4..f71d7df03f35 100644 --- a/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c +++ b/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c @@ -612,7 +612,7 @@ static long isst_if_core_power_state(void __user *argp) return -EINVAL; if (core_power.get_set) { - if (power_domain_info->write_blocked) + if (power_domain_info->write_blocked || !capable(CAP_SYS_ADMIN)) return -EPERM; _write_cp_info("cp_enable", core_power.enable, SST_CP_CONTROL_OFFSET, @@ -659,7 +659,7 @@ static long isst_if_clos_param(void __user *argp) return -EINVAL; if (clos_param.get_set) { - if (power_domain_info->write_blocked) + if (power_domain_info->write_blocked || !capable(CAP_SYS_ADMIN)) return -EPERM; _write_cp_info("clos.min_freq", clos_param.min_freq_mhz, @@ -751,7 +751,8 @@ static long isst_if_clos_assoc(void __user *argp) power_domain_info = &sst_inst->power_domain_info[part][punit_id]; - if (assoc_cmds.get_set && power_domain_info->write_blocked) + if (assoc_cmds.get_set && (power_domain_info->write_blocked || + !capable(CAP_SYS_ADMIN))) return -EPERM; offset = SST_CLOS_ASSOC_0_OFFSET + @@ -928,7 +929,7 @@ static int isst_if_set_perf_level(void __user *argp) if (!power_domain_info) return -EINVAL; - if (power_domain_info->write_blocked) + if (power_domain_info->write_blocked || !capable(CAP_SYS_ADMIN)) return -EPERM; if (!(power_domain_info->pp_header.allowed_level_mask & BIT(perf_level.level))) @@ -988,7 +989,7 @@ static int isst_if_set_perf_feature(void __user *argp) if (!power_domain_info) return -EINVAL; - if (power_domain_info->write_blocked) + if (power_domain_info->write_blocked || !capable(CAP_SYS_ADMIN)) return -EPERM; _write_pp_info("perf_feature", perf_feature.feature, SST_PP_CONTROL_OFFSET, |