Just like dt(4) or mem(4), ksyms(4) allows userland to read kernel
addresses.
Diff below makes `allowkmem' a requirement for opening the
pseudo-device.
ok?
Index: sys/dev/ksyms.c
===================================================================
RCS file: /cvs/src/sys/dev/ksyms.c,v
retrieving revision 1.32
diff -u -p -r1.32 ksyms.c
--- sys/dev/ksyms.c 25 Jan 2019 00:19:26 -0000 1.32
+++ sys/dev/ksyms.c 22 Jan 2020 14:14:20 -0000
@@ -114,13 +114,14 @@ ksymsattach(int num)
int
ksymsopen(dev_t dev, int flag, int mode, struct proc *p)
{
+ extern int allowkmem;
/* There are no non-zero minor devices */
if (minor(dev) != 0)
return (ENXIO);
/* This device is read-only */
- if ((flag & FWRITE))
+ if ((flag & FWRITE) || !allowkmem)
return (EPERM);
/* ksym_syms must be initialized */
Index: share/man/man4/ksyms.4
===================================================================
RCS file: /cvs/src/share/man/man4/ksyms.4,v
retrieving revision 1.14
diff -u -p -r1.14 ksyms.4
--- share/man/man4/ksyms.4 25 Jan 2019 00:19:26 -0000 1.14
+++ share/man/man4/ksyms.4 22 Jan 2020 14:14:57 -0000
@@ -63,7 +63,10 @@ An open of
will fail if:
.Bl -tag -width Er
.It Bq Er EPERM
-An open was attempted with write permissions.
+An open was attempted with write permissions or the
+.Va kern.allowkmem
+.Xr sysctl 2
+is not set.
.It Bq Er ENXIO
No kernel symbols were saved by the boot loader (usually because
they were removed with
