Wed Jun 14 17:48:41 2017 UTC ()
Make the PMC syscalls privileged.


(maxv)
diff -r1.7 -r1.8 src/sys/arch/x86/x86/pmc.c
diff -r1.42 -r1.43 src/sys/secmodel/suser/secmodel_suser.c
diff -r1.73 -r1.74 src/sys/sys/kauth.h
cvs diff -r1.7 -r1.8 src/sys/arch/x86/x86/Attic/pmc.c (expand / switch to unified diff)

--- src/sys/arch/x86/x86/Attic/pmc.c 2017/05/23 08:54:39 1.7
+++ src/sys/arch/x86/x86/Attic/pmc.c 2017/06/14 17:48:40 1.8
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: pmc.c,v 1.7 2017/05/23 08:54:39 nonaka Exp $ */ 1/* $NetBSD: pmc.c,v 1.8 2017/06/14 17:48:40 maxv Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2017 The NetBSD Foundation, Inc. 4 * Copyright (c) 2017 The NetBSD Foundation, Inc.
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * This code is derived from software contributed to The NetBSD Foundation 7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Maxime Villard. 8 * by Maxime Villard.
9 * 9 *
10 * Redistribution and use in source and binary forms, with or without 10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions 11 * modification, are permitted provided that the following conditions
12 * are met: 12 * are met:
13 * 1. Redistributions of source code must retain the above copyright 13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer. 14 * notice, this list of conditions and the following disclaimer.
@@ -57,33 +57,34 @@ @@ -57,33 +57,34 @@
57 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 57 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
58 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 58 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
59 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 59 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
60 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 60 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
61 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 61 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
62 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 62 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
63 */ 63 */
64 64
65/* 65/*
66 * Interface to x86 CPU Performance Counters. 66 * Interface to x86 CPU Performance Counters.
67 */ 67 */
68 68
69#include <sys/cdefs.h> 69#include <sys/cdefs.h>
70__KERNEL_RCSID(0, "$NetBSD: pmc.c,v 1.7 2017/05/23 08:54:39 nonaka Exp $"); 70__KERNEL_RCSID(0, "$NetBSD: pmc.c,v 1.8 2017/06/14 17:48:40 maxv Exp $");
71 71
72#include <sys/param.h> 72#include <sys/param.h>
73#include <sys/systm.h> 73#include <sys/systm.h>
74#include <sys/proc.h> 74#include <sys/proc.h>
75#include <sys/cpu.h> 75#include <sys/cpu.h>
76#include <sys/xcall.h> 76#include <sys/xcall.h>
 77#include <sys/kauth.h>
77 78
78#include <machine/cpufunc.h> 79#include <machine/cpufunc.h>
79#include <machine/cpuvar.h> 80#include <machine/cpuvar.h>
80#include <machine/specialreg.h> 81#include <machine/specialreg.h>
81#include <machine/sysarch.h> 82#include <machine/sysarch.h>
82#include <machine/pmc.h> 83#include <machine/pmc.h>
83#include <machine/cpu_counter.h> 84#include <machine/cpu_counter.h>
84#include <machine/cputypes.h> 85#include <machine/cputypes.h>
85#include <machine/i82489reg.h> 86#include <machine/i82489reg.h>
86#include <machine/i82489var.h> 87#include <machine/i82489var.h>
87 88
88#include <x86/nmi.h> 89#include <x86/nmi.h>
89 90
@@ -315,45 +316,56 @@ pmc_init(void) @@ -315,45 +316,56 @@ pmc_init(void)
315 pmc_state[i].ctrmask = 0xFFFFFFFFFFFFULL; 316 pmc_state[i].ctrmask = 0xFFFFFFFFFFFFULL;
316 } 317 }
317 } 318 }
318 } 319 }
319 320
320 pmc_nmi_handle = nmi_establish(pmc_nmi, NULL); 321 pmc_nmi_handle = nmi_establish(pmc_nmi, NULL);
321 mutex_init(&pmc_lock, MUTEX_DEFAULT, IPL_NONE); 322 mutex_init(&pmc_lock, MUTEX_DEFAULT, IPL_NONE);
322} 323}
323 324
324int 325int
325sys_pmc_info(struct lwp *l, struct x86_pmc_info_args *uargs, register_t *retval) 326sys_pmc_info(struct lwp *l, struct x86_pmc_info_args *uargs, register_t *retval)
326{ 327{
327 struct x86_pmc_info_args rv; 328 struct x86_pmc_info_args rv;
 329 int error;
 330
 331 error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_X86PMC,
 332 NULL, NULL, NULL, NULL);
 333 if (error)
 334 return error;
328 335
329 memset(&rv, 0, sizeof(rv)); 336 memset(&rv, 0, sizeof(rv));
330 337
331 rv.vers = PMC_VERSION; 338 rv.vers = PMC_VERSION;
332 rv.type = pmc_type; 339 rv.type = pmc_type;
333 rv.nctrs = pmc_ncounters; 340 rv.nctrs = pmc_ncounters;
334 341
335 return copyout(&rv, uargs, sizeof(rv)); 342 return copyout(&rv, uargs, sizeof(rv));
336} 343}
337 344
338int 345int
339sys_pmc_startstop(struct lwp *l, struct x86_pmc_startstop_args *uargs, 346sys_pmc_startstop(struct lwp *l, struct x86_pmc_startstop_args *uargs,
340 register_t *retval) 347 register_t *retval)
341{ 348{
342 struct x86_pmc_startstop_args args; 349 struct x86_pmc_startstop_args args;
343 pmc_state_t *pmc; 350 pmc_state_t *pmc;
344 bool start; 351 bool start;
345 int error; 352 int error;
346 353
 354 error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_X86PMC,
 355 NULL, NULL, NULL, NULL);
 356 if (error)
 357 return error;
 358
347 if (pmc_type == PMC_TYPE_NONE) 359 if (pmc_type == PMC_TYPE_NONE)
348 return ENODEV; 360 return ENODEV;
349 361
350 error = copyin(uargs, &args, sizeof(args)); 362 error = copyin(uargs, &args, sizeof(args));
351 if (error) 363 if (error)
352 return error; 364 return error;
353 365
354 if (args.counter >= pmc_ncounters) 366 if (args.counter >= pmc_ncounters)
355 return EINVAL; 367 return EINVAL;
356 368
357 start = (args.flags & (PMC_SETUP_KERNEL|PMC_SETUP_USER)) != 0; 369 start = (args.flags & (PMC_SETUP_KERNEL|PMC_SETUP_USER)) != 0;
358 pmc = &pmc_state[args.counter]; 370 pmc = &pmc_state[args.counter];
359 371
@@ -376,26 +388,31 @@ sys_pmc_startstop(struct lwp *l, struct  @@ -376,26 +388,31 @@ sys_pmc_startstop(struct lwp *l, struct
376 mutex_exit(&pmc_lock); 388 mutex_exit(&pmc_lock);
377 389
378 return 0; 390 return 0;
379} 391}
380 392
381int 393int
382sys_pmc_read(struct lwp *l, struct x86_pmc_read_args *uargs, register_t *retval) 394sys_pmc_read(struct lwp *l, struct x86_pmc_read_args *uargs, register_t *retval)
383{ 395{
384 struct x86_pmc_read_args args; 396 struct x86_pmc_read_args args;
385 pmc_state_t *pmc; 397 pmc_state_t *pmc;
386 size_t nval; 398 size_t nval;
387 int error; 399 int error;
388 400
 401 error = kauth_authorize_machdep(l->l_cred, KAUTH_MACHDEP_X86PMC,
 402 NULL, NULL, NULL, NULL);
 403 if (error)
 404 return error;
 405
389 if (pmc_type == PMC_TYPE_NONE) 406 if (pmc_type == PMC_TYPE_NONE)
390 return ENODEV; 407 return ENODEV;
391 408
392 error = copyin(uargs, &args, sizeof(args)); 409 error = copyin(uargs, &args, sizeof(args));
393 if (error) 410 if (error)
394 return error; 411 return error;
395 412
396 if (args.counter >= pmc_ncounters) 413 if (args.counter >= pmc_ncounters)
397 return EINVAL; 414 return EINVAL;
398 if (args.values == NULL) 415 if (args.values == NULL)
399 return EINVAL; 416 return EINVAL;
400 nval = MIN(ncpu, args.nval); 417 nval = MIN(ncpu, args.nval);
401 418
cvs diff -r1.42 -r1.43 src/sys/secmodel/suser/secmodel_suser.c (expand / switch to unified diff)

--- src/sys/secmodel/suser/secmodel_suser.c 2015/08/17 06:16:03 1.42
+++ src/sys/secmodel/suser/secmodel_suser.c 2017/06/14 17:48:41 1.43
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: secmodel_suser.c,v 1.42 2015/08/17 06:16:03 knakahara Exp $ */ 1/* $NetBSD: secmodel_suser.c,v 1.43 2017/06/14 17:48:41 maxv Exp $ */
2/*- 2/*-
3 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org> 3 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
4 * All rights reserved. 4 * All rights reserved.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
8 * are met: 8 * are met:
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright 11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the 12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution. 13 * documentation and/or other materials provided with the distribution.
14 * 3. The name of the author may not be used to endorse or promote products 14 * 3. The name of the author may not be used to endorse or promote products
@@ -28,27 +28,27 @@ @@ -28,27 +28,27 @@
28 28
29/* 29/*
30 * This file contains kauth(9) listeners needed to implement the traditional 30 * This file contains kauth(9) listeners needed to implement the traditional
31 * NetBSD superuser access restrictions. 31 * NetBSD superuser access restrictions.
32 * 32 *
33 * There are two main resources a request can be issued to: user-owned and 33 * There are two main resources a request can be issued to: user-owned and
34 * system owned. For the first, traditional Unix access checks are done, as 34 * system owned. For the first, traditional Unix access checks are done, as
35 * well as superuser checks. If needed, the request context is examined before 35 * well as superuser checks. If needed, the request context is examined before
36 * a decision is made. For the latter, usually only superuser checks are done 36 * a decision is made. For the latter, usually only superuser checks are done
37 * as normal users are not allowed to access system resources. 37 * as normal users are not allowed to access system resources.
38 */ 38 */
39 39
40#include <sys/cdefs.h> 40#include <sys/cdefs.h>
41__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.42 2015/08/17 06:16:03 knakahara Exp $"); 41__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.43 2017/06/14 17:48:41 maxv Exp $");
42 42
43#include <sys/types.h> 43#include <sys/types.h>
44#include <sys/param.h> 44#include <sys/param.h>
45#include <sys/kauth.h> 45#include <sys/kauth.h>
46 46
47#include <sys/mutex.h> 47#include <sys/mutex.h>
48#include <sys/mount.h> 48#include <sys/mount.h>
49#include <sys/socketvar.h> 49#include <sys/socketvar.h>
50#include <sys/sysctl.h> 50#include <sys/sysctl.h>
51#include <sys/vnode.h> 51#include <sys/vnode.h>
52#include <sys/proc.h> 52#include <sys/proc.h>
53#include <sys/module.h> 53#include <sys/module.h>
54 54
@@ -824,72 +824,73 @@ secmodel_suser_network_cb(kauth_cred_t c @@ -824,72 +824,73 @@ secmodel_suser_network_cb(kauth_cred_t c
824} 824}
825 825
826/* 826/*
827 * kauth(9) listener 827 * kauth(9) listener
828 * 828 *
829 * Security model: Traditional NetBSD 829 * Security model: Traditional NetBSD
830 * Scope: Machdep 830 * Scope: Machdep
831 * Responsibility: Superuser access 831 * Responsibility: Superuser access
832 */ 832 */
833int 833int
834secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action, 834secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action,
835 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 835 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
836{ 836{
837 bool isroot; 837 bool isroot;
838 int result; 838 int result;
839 839
840 isroot = suser_isroot(cred); 840 isroot = suser_isroot(cred);
841 result = KAUTH_RESULT_DEFER; 841 result = KAUTH_RESULT_DEFER;
842 842
843 switch (action) { 843 switch (action) {
844 case KAUTH_MACHDEP_CPU_UCODE_APPLY: 844 case KAUTH_MACHDEP_CPU_UCODE_APPLY:
845 case KAUTH_MACHDEP_IOPERM_GET: 845 case KAUTH_MACHDEP_IOPERM_GET:
846 case KAUTH_MACHDEP_LDT_GET: 846 case KAUTH_MACHDEP_LDT_GET:
847 case KAUTH_MACHDEP_LDT_SET: 847 case KAUTH_MACHDEP_LDT_SET:
848 case KAUTH_MACHDEP_MTRR_GET: 848 case KAUTH_MACHDEP_MTRR_GET:
849 case KAUTH_MACHDEP_CACHEFLUSH: 849 case KAUTH_MACHDEP_CACHEFLUSH:
850 case KAUTH_MACHDEP_IOPERM_SET: 850 case KAUTH_MACHDEP_IOPERM_SET:
851 case KAUTH_MACHDEP_IOPL: 851 case KAUTH_MACHDEP_IOPL:
852 case KAUTH_MACHDEP_MTRR_SET: 852 case KAUTH_MACHDEP_MTRR_SET:
853 case KAUTH_MACHDEP_NVRAM: 853 case KAUTH_MACHDEP_NVRAM:
854 case KAUTH_MACHDEP_UNMANAGEDMEM: 854 case KAUTH_MACHDEP_UNMANAGEDMEM:
855 case KAUTH_MACHDEP_PXG: 855 case KAUTH_MACHDEP_PXG:
 856 case KAUTH_MACHDEP_X86PMC:
856 if (isroot) 857 if (isroot)
857 result = KAUTH_RESULT_ALLOW; 858 result = KAUTH_RESULT_ALLOW;
858 break; 859 break;
859 860
860 default: 861 default:
861 break; 862 break;
862 } 863 }
863 864
864 return (result); 865 return (result);
865} 866}
866 867
867/* 868/*
868 * kauth(9) listener 869 * kauth(9) listener
869 * 870 *
870 * Security model: Traditional NetBSD 871 * Security model: Traditional NetBSD
871 * Scope: Device 872 * Scope: Device
872 * Responsibility: Superuser access 873 * Responsibility: Superuser access
873 */ 874 */
874int 875int
875secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action, 876secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action,
876 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3) 877 void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
877{ 878{
878 bool isroot; 879 bool isroot;
879 int result; 880 int result;
880 881
881 isroot = suser_isroot(cred); 882 isroot = suser_isroot(cred);
882 result = KAUTH_RESULT_DEFER; 883 result = KAUTH_RESULT_DEFER;
883 884
884 switch (action) { 885 switch (action) {
885 case KAUTH_DEVICE_BLUETOOTH_SETPRIV: 886 case KAUTH_DEVICE_BLUETOOTH_SETPRIV:
886 case KAUTH_DEVICE_BLUETOOTH_SEND: 887 case KAUTH_DEVICE_BLUETOOTH_SEND:
887 case KAUTH_DEVICE_BLUETOOTH_RECV: 888 case KAUTH_DEVICE_BLUETOOTH_RECV:
888 case KAUTH_DEVICE_TTY_OPEN: 889 case KAUTH_DEVICE_TTY_OPEN:
889 case KAUTH_DEVICE_TTY_PRIVSET: 890 case KAUTH_DEVICE_TTY_PRIVSET:
890 case KAUTH_DEVICE_TTY_STI: 891 case KAUTH_DEVICE_TTY_STI:
891 case KAUTH_DEVICE_TTY_VIRTUAL: 892 case KAUTH_DEVICE_TTY_VIRTUAL:
892 case KAUTH_DEVICE_RND_ADDDATA: 893 case KAUTH_DEVICE_RND_ADDDATA:
893 case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE: 894 case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE:
894 case KAUTH_DEVICE_RND_GETPRIV: 895 case KAUTH_DEVICE_RND_GETPRIV:
895 case KAUTH_DEVICE_RND_SETPRIV: 896 case KAUTH_DEVICE_RND_SETPRIV:
cvs diff -r1.73 -r1.74 src/sys/sys/kauth.h (expand / switch to unified diff)

--- src/sys/sys/kauth.h 2015/10/06 22:13:39 1.73
+++ src/sys/sys/kauth.h 2017/06/14 17:48:41 1.74
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: kauth.h,v 1.73 2015/10/06 22:13:39 christos Exp $ */ 1/* $NetBSD: kauth.h,v 1.74 2017/06/14 17:48:41 maxv Exp $ */
2 2
3/*- 3/*-
4 * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>  4 * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org>
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * Redistribution and use in source and binary forms, with or without 7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions 8 * modification, are permitted provided that the following conditions
9 * are met: 9 * are met:
10 * 1. Redistributions of source code must retain the above copyright 10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer. 11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the 13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution. 14 * documentation and/or other materials provided with the distribution.
@@ -311,26 +311,27 @@ enum kauth_network_req { @@ -311,26 +311,27 @@ enum kauth_network_req {
311enum { 311enum {
312 KAUTH_MACHDEP_CACHEFLUSH=1, 312 KAUTH_MACHDEP_CACHEFLUSH=1,
313 KAUTH_MACHDEP_CPU_UCODE_APPLY, 313 KAUTH_MACHDEP_CPU_UCODE_APPLY,
314 KAUTH_MACHDEP_IOPERM_GET, 314 KAUTH_MACHDEP_IOPERM_GET,
315 KAUTH_MACHDEP_IOPERM_SET, 315 KAUTH_MACHDEP_IOPERM_SET,
316 KAUTH_MACHDEP_IOPL, 316 KAUTH_MACHDEP_IOPL,
317 KAUTH_MACHDEP_LDT_GET, 317 KAUTH_MACHDEP_LDT_GET,
318 KAUTH_MACHDEP_LDT_SET, 318 KAUTH_MACHDEP_LDT_SET,
319 KAUTH_MACHDEP_MTRR_GET, 319 KAUTH_MACHDEP_MTRR_GET,
320 KAUTH_MACHDEP_MTRR_SET, 320 KAUTH_MACHDEP_MTRR_SET,
321 KAUTH_MACHDEP_NVRAM, 321 KAUTH_MACHDEP_NVRAM,
322 KAUTH_MACHDEP_UNMANAGEDMEM, 322 KAUTH_MACHDEP_UNMANAGEDMEM,
323 KAUTH_MACHDEP_PXG, 323 KAUTH_MACHDEP_PXG,
 324 KAUTH_MACHDEP_X86PMC
324}; 325};
325 326
326/* 327/*
327 * Device scope - actions. 328 * Device scope - actions.
328 */ 329 */
329enum { 330enum {
330 KAUTH_DEVICE_TTY_OPEN=1, 331 KAUTH_DEVICE_TTY_OPEN=1,
331 KAUTH_DEVICE_TTY_PRIVSET, 332 KAUTH_DEVICE_TTY_PRIVSET,
332 KAUTH_DEVICE_TTY_STI, 333 KAUTH_DEVICE_TTY_STI,
333 KAUTH_DEVICE_RAWIO_SPEC, 334 KAUTH_DEVICE_RAWIO_SPEC,
334 KAUTH_DEVICE_RAWIO_PASSTHRU, 335 KAUTH_DEVICE_RAWIO_PASSTHRU,
335 KAUTH_DEVICE_BLUETOOTH_SETPRIV, 336 KAUTH_DEVICE_BLUETOOTH_SETPRIV,
336 KAUTH_DEVICE_RND_ADDDATA, 337 KAUTH_DEVICE_RND_ADDDATA,