Module Name: src
Committed By: maxv
Date: Wed Jun 14 17:48:41 UTC 2017
Modified Files:
src/sys/arch/x86/x86: pmc.c
src/sys/secmodel/suser: secmodel_suser.c
src/sys/sys: kauth.h
Log Message:
Make the PMC syscalls privileged.
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/sys/arch/x86/x86/pmc.c
cvs rdiff -u -r1.42 -r1.43 src/sys/secmodel/suser/secmodel_suser.c
cvs rdiff -u -r1.73 -r1.74 src/sys/sys/kauth.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/x86/x86/pmc.c
diff -u src/sys/arch/x86/x86/pmc.c:1.7 src/sys/arch/x86/x86/pmc.c:1.8
--- src/sys/arch/x86/x86/pmc.c:1.7 Tue May 23 08:54:39 2017
+++ src/sys/arch/x86/x86/pmc.c Wed Jun 14 17:48:40 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: pmc.c,v 1.7 2017/05/23 08:54:39 nonaka Exp $ */
+/* $NetBSD: pmc.c,v 1.8 2017/06/14 17:48:40 maxv Exp $ */
/*
* Copyright (c) 2017 The NetBSD Foundation, Inc.
@@ -67,13 +67,14 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: pmc.c,v 1.7 2017/05/23 08:54:39 nonaka Exp $");
+__KERNEL_RCSID(0, "$NetBSD: pmc.c,v 1.8 2017/06/14 17:48:40 maxv Exp $");
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
#include <sys/cpu.h>
#include <sys/xcall.h>
+#include <sys/kauth.h>
#include <machine/cpufunc.h>
#include <machine/cpuvar.h>
@@ -325,6 +326,12 @@ int
sys_pmc_info(struct lwp *l, struct x86_pmc_info_args *uargs, register_t *retval)
{
struct x86_pmc_info_args rv;
+ int error;
+
+ error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_X86PMC,
+ NULL, NULL, NULL, NULL);
+ if (error)
+ return error;
memset(&rv, 0, sizeof(rv));
@@ -344,6 +351,11 @@ sys_pmc_startstop(struct lwp *l, struct
bool start;
int error;
+ error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_X86PMC,
+ NULL, NULL, NULL, NULL);
+ if (error)
+ return error;
+
if (pmc_type == PMC_TYPE_NONE)
return ENODEV;
@@ -386,6 +398,11 @@ sys_pmc_read(struct lwp *l, struct x86_p
size_t nval;
int error;
+ error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_X86PMC,
+ NULL, NULL, NULL, NULL);
+ if (error)
+ return error;
+
if (pmc_type == PMC_TYPE_NONE)
return ENODEV;
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.42 src/sys/secmodel/suser/secmodel_suser.c:1.43
--- src/sys/secmodel/suser/secmodel_suser.c:1.42 Mon Aug 17 06:16:03 2015
+++ src/sys/secmodel/suser/secmodel_suser.c Wed Jun 14 17:48:41 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.42 2015/08/17 06:16:03 knakahara Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.43 2017/06/14 17:48:41 maxv Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.42 2015/08/17 06:16:03 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.43 2017/06/14 17:48:41 maxv Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -834,13 +834,13 @@ int
secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action,
void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
- bool isroot;
- int result;
+ bool isroot;
+ int result;
- isroot = suser_isroot(cred);
- result = KAUTH_RESULT_DEFER;
+ isroot = suser_isroot(cred);
+ result = KAUTH_RESULT_DEFER;
- switch (action) {
+ switch (action) {
case KAUTH_MACHDEP_CPU_UCODE_APPLY:
case KAUTH_MACHDEP_IOPERM_GET:
case KAUTH_MACHDEP_LDT_GET:
@@ -853,6 +853,7 @@ secmodel_suser_machdep_cb(kauth_cred_t c
case KAUTH_MACHDEP_NVRAM:
case KAUTH_MACHDEP_UNMANAGEDMEM:
case KAUTH_MACHDEP_PXG:
+ case KAUTH_MACHDEP_X86PMC:
if (isroot)
result = KAUTH_RESULT_ALLOW;
break;
@@ -875,11 +876,11 @@ int
secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action,
void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
{
- bool isroot;
- int result;
+ bool isroot;
+ int result;
- isroot = suser_isroot(cred);
- result = KAUTH_RESULT_DEFER;
+ isroot = suser_isroot(cred);
+ result = KAUTH_RESULT_DEFER;
switch (action) {
case KAUTH_DEVICE_BLUETOOTH_SETPRIV:
Index: src/sys/sys/kauth.h
diff -u src/sys/sys/kauth.h:1.73 src/sys/sys/kauth.h:1.74
--- src/sys/sys/kauth.h:1.73 Tue Oct 6 22:13:39 2015
+++ src/sys/sys/kauth.h Wed Jun 14 17:48:41 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: kauth.h,v 1.73 2015/10/06 22:13:39 christos Exp $ */
+/* $NetBSD: kauth.h,v 1.74 2017/06/14 17:48:41 maxv Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org>
@@ -321,6 +321,7 @@ enum {
KAUTH_MACHDEP_NVRAM,
KAUTH_MACHDEP_UNMANAGEDMEM,
KAUTH_MACHDEP_PXG,
+ KAUTH_MACHDEP_X86PMC
};
/*
