From 740bd627594f7184a16edf93d00332bd31b7c5f5 Mon Sep 17 00:00:00 2001
From: Yuntao Liu <liuyuntao12@huawei.com>
Date: Tue, 15 Jul 2025 08:44:20 +0000
Subject: [PATCH 1/2] modify xint proc file permissions to 640

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/ICMGLX

--------------------------------

To meet the principle of least privilege for file permissions,
modify xint proc file permission from 644 to 640.

Fixes: a05426a568e4 ("arm64: Introduce Xint software solution")
Signed-off-by: Yuntao Liu <liuyuntao12@huawei.com>
---
 drivers/irqchip/irq-gic-v3.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/irqchip/irq-gic-v3.c b/drivers/irqchip/irq-gic-v3.c
index 9a31d1845e70..39a854ec93ca 100644
--- a/drivers/irqchip/irq-gic-v3.c
+++ b/drivers/irqchip/irq-gic-v3.c
@@ -853,7 +853,7 @@ void register_irqchip_proc(struct irq_desc *desc, void *irqp)
 		return;
 
 	/* create /proc/irq/<irq>/xint */
-	proc_create_data("xint", 0644, desc->dir, &xint_proc_ops, irqp);
+	proc_create_data("xint", 0640, desc->dir, &xint_proc_ops, irqp);
 }
 
 void unregister_irqchip_proc(struct irq_desc *desc)
-- 
Gitee


From 500f513e86b5d00cf90eaede86c0ae153902b769 Mon Sep 17 00:00:00 2001
From: Yuntao Liu <liuyuntao12@huawei.com>
Date: Tue, 15 Jul 2025 08:44:21 +0000
Subject: [PATCH 2/2] modify xcall proc file permissions to 640

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/ICMGLX

--------------------------------

To meet the principle of least privilege for file permissions,
modify xcall proc file permission from 644 to 640.

Fixes: b97ead69555a ("arm64: Introduce xcall prefetch enable interface")
Signed-off-by: Yuntao Liu <liuyuntao12@huawei.com>
---
 fs/proc/base.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/proc/base.c b/fs/proc/base.c
index 1788ea4e9206..2b3719da025b 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -3616,7 +3616,7 @@ static const struct pid_entry tgid_base_stuff[] = {
 	REG("smart_grid_level", 0644, proc_pid_sg_level_operations),
 #endif
 #ifdef CONFIG_FAST_SYSCALL
-	REG("xcall", 0644, proc_pid_xcall_operations),
+	REG("xcall", 0640, proc_pid_xcall_operations),
 #endif
 #ifdef CONFIG_XCALL_PREFETCH
 	REG("prefetch", 0644, proc_pid_xcall_prefetch_operations),
-- 
Gitee