Would it be feasible to extend either the the hardware-observe interface (or another as appropriate) to add access to some files under /proc/driver for Nvidia GPUs? Specifically:
-
/proc/driver/nvidia/version, which contains pretty much the same info asglxinfo -Bprovides, but does so even if the Nvidia GPU isn’t rendering anything the process can access. -
/proc/driver/nvidia/gpus/*/informationwhich contains more detailed information about a specific GPU attached to the machine.
The specific use case in mind is for a snap of Lutris — Lutris (like Steam) shouldn’t require classic confinement, but it tries to detect graphics devices attached to the machine whether or not they’re currently what’s rendering the process.
Samples of the files from my machine:
$ cat /proc/driver/nvidia/version
NVRM version: NVIDIA UNIX x86_64 Kernel Module 530.41.03 Thu Mar 16 19:48:20 UTC 2023
GCC version: gcc version 11.3.0 (Ubuntu 11.3.0-1ubuntu1~22.04.1)
$ glxinfo -B # Already accessible with the OpenGL interface
name of display: :0
display: :0 screen: 0
direct rendering: Yes
Memory info (GL_NVX_gpu_memory_info):
Dedicated video memory: 6144 MB
Total available memory: 6144 MB
Currently available dedicated video memory: 3809 MB
OpenGL vendor string: NVIDIA Corporation
OpenGL renderer string: NVIDIA GeForce GTX 1660 SUPER/PCIe/SSE2
OpenGL core profile version string: 4.6.0 NVIDIA 530.41.03
OpenGL core profile shading language version string: 4.60 NVIDIA
OpenGL core profile context flags: (none)
OpenGL core profile profile mask: core profile
OpenGL version string: 4.6.0 NVIDIA 530.41.03
OpenGL shading language version string: 4.60 NVIDIA
OpenGL context flags: (none)
OpenGL profile mask: (none)
OpenGL ES profile version string: OpenGL ES 3.2 NVIDIA 530.41.03
OpenGL ES profile shading language version string: OpenGL ES GLSL ES 3.20
$ cat /proc/driver/nvidia/gpus/0000\:01\:00.0/information
Model: NVIDIA GeForce GTX 1660 SUPER
IRQ: 35
GPU UUID: GPU-31d8410c-70e7-5d12-f582-05ed3e77a29c
Video BIOS: 90.16.48.00.aa
Bus Type: PCIe
DMA Size: 47 bits
DMA Mask: 0x7fffffffffff
Bus Location: 0000:01:00.0
Device Minor: 0
GPU Excluded: No
The biggest risks I can see here are w.r.t. the GPU information. Specifically, the GPU’s UUID (which can uniquely identify that GPU and could be used for tracking a machine, though no more than the contents of /dev/disk/by-uuid can) and the video BIOS version (which could theoretically be used to help deliver GPU malware). The other information is already mostly available elsewhere (e.g. via lspci), but not necessarily in the needed format.
Potential precedent is that the opengl interface already provides some of this access.
