Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys Make the PMC syscalls privileged.
details: https://anonhg.NetBSD.org/src/rev/d7c6d0cce2c7
branches: trunk
changeset: 354390:d7c6d0cce2c7
user: maxv <maxv%NetBSD.org@localhost>
date: Wed Jun 14 17:48:40 2017 +0000
description:
Make the PMC syscalls privileged.
diffstat:
sys/arch/x86/x86/pmc.c | 21 +++++++++++++++++++--
sys/secmodel/suser/secmodel_suser.c | 23 ++++++++++++-----------
sys/sys/kauth.h | 3 ++-
3 files changed, 33 insertions(+), 14 deletions(-)
diffs (140 lines):
diff -r 2feeedbeccfb -r d7c6d0cce2c7 sys/arch/x86/x86/pmc.c
--- a/sys/arch/x86/x86/pmc.c Wed Jun 14 17:37:40 2017 +0000
+++ b/sys/arch/x86/x86/pmc.c Wed Jun 14 17:48:40 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pmc.c,v 1.7 2017/05/23 08:54:39 nonaka Exp $ */
+/* $NetBSD: pmc.c,v 1.8 2017/06/14 17:48:40 maxv Exp $ */
/*
* Copyright (c) 2017 The NetBSD Foundation, Inc.
@@ -67,13 +67,14 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: pmc.c,v 1.7 2017/05/23 08:54:39 nonaka Exp $");
+__KERNEL_RCSID(0, "$NetBSD: pmc.c,v 1.8 2017/06/14 17:48:40 maxv Exp $");
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
#include <sys/cpu.h>
#include <sys/xcall.h>
+#include <sys/kauth.h>
#include <machine/cpufunc.h>
#include <machine/cpuvar.h>
@@ -325,6 +326,12 @@
sys_pmc_info(struct lwp *l, struct x86_pmc_info_args *uargs, register_t *retval)
{
struct x86_pmc_info_args rv;
+ int error;
+
+ error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_X86PMC,
+ NULL, NULL, NULL, NULL);
+ if (error)
+ return error;
memset(&rv, 0, sizeof(rv));
@@ -344,6 +351,11 @@
bool start;
int error;
+ error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_X86PMC,
+ NULL, NULL, NULL, NULL);
+ if (error)
+ return error;
+
if (pmc_type == PMC_TYPE_NONE)
return ENODEV;
@@ -386,6 +398,11 @@
size_t nval;
int error;
+ error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_X86PMC,
+ NULL, NULL, NULL, NULL);
+ if (error)
+ return error;
+
if (pmc_type == PMC_TYPE_NONE)
return ENODEV;
diff -r 2feeedbeccfb -r d7c6d0cce2c7 sys/secmodel/suser/secmodel_suser.c
--- a/sys/secmodel/suser/secmodel_suser.c Wed Jun 14 17:37:40 2017 +0000
+++ b/sys/secmodel/suser/secmodel_suser.c Wed Jun 14 17:48:40 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.42 2015/08/17 06:16:03 knakahara Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.43 2017/06/14 17:48:41 maxv Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.42 2015/08/17 06:16:03 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.43 2017/06/14 17:48:41 maxv Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -834,13 +834,13 @@
secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action,
void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
- bool isroot;
- int result;
+ bool isroot;
+ int result;
- isroot = suser_isroot(cred);
- result = KAUTH_RESULT_DEFER;
+ isroot = suser_isroot(cred);
+ result = KAUTH_RESULT_DEFER;
- switch (action) {
+ switch (action) {
case KAUTH_MACHDEP_CPU_UCODE_APPLY:
case KAUTH_MACHDEP_IOPERM_GET:
case KAUTH_MACHDEP_LDT_GET:
@@ -853,6 +853,7 @@
case KAUTH_MACHDEP_NVRAM:
case KAUTH_MACHDEP_UNMANAGEDMEM:
case KAUTH_MACHDEP_PXG:
+ case KAUTH_MACHDEP_X86PMC:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
@@ -875,11 +876,11 @@
secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action,
void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
- bool isroot;
- int result;
+ bool isroot;
+ int result;
- isroot = suser_isroot(cred);
- result = KAUTH_RESULT_DEFER;
+ isroot = suser_isroot(cred);
+ result = KAUTH_RESULT_DEFER;
switch (action) {
case KAUTH_DEVICE_BLUETOOTH_SETPRIV:
diff -r 2feeedbeccfb -r d7c6d0cce2c7 sys/sys/kauth.h
--- a/sys/sys/kauth.h Wed Jun 14 17:37:40 2017 +0000
+++ b/sys/sys/kauth.h Wed Jun 14 17:48:40 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.73 2015/10/06 22:13:39 christos Exp $ */
+/* $NetBSD: kauth.h,v 1.74 2017/06/14 17:48:41 maxv Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <elad%NetBSD.org@localhost>
@@ -321,6 +321,7 @@
KAUTH_MACHDEP_NVRAM,
KAUTH_MACHDEP_UNMANAGEDMEM,
KAUTH_MACHDEP_PXG,
+ KAUTH_MACHDEP_X86PMC
};
/*
Home |
Main Index |
Thread Index |
Old Index