14 files changed, 62 insertions, 31 deletions

diff --git a/sys/arch/alpha/alpha/mem.c b/sys/arch/alpha/alpha/mem.c
index 42e9f48d50e..88b722f2d2f 100644
--- a/sys/arch/alpha/alpha/mem.c
+++ b/sys/arch/alpha/alpha/mem.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mem.c,v 1.35 2024/06/23 22:08:37 kettenis Exp $ */
+/* $OpenBSD: mem.c,v 1.36 2024/10/28 10:18:02 mvs Exp $ */
 /* $NetBSD: mem.c,v 1.26 2000/03/29 03:48:20 simonb Exp $ */
 
 /*
@@ -51,6 +51,7 @@
 #include <sys/msgbuf.h>
 #include <sys/mman.h>
 #include <sys/conf.h>
+#include <sys/atomic.h>
 
 #include <machine/cpu.h>
 
@@ -76,7 +77,8 @@ mmopen(dev_t dev, int flag, int mode, struct proc *p)
 	switch (minor(dev)) {
 	case 0:
 	case 1:
-		if (securelevel <= 0 || allowkmem)
+		if (atomic_load_int(&securelevel) <= 0 ||
+		    atomic_load_int(&allowkmem))
 			break;
 		return (EPERM);
 	case 2:
diff --git a/sys/arch/amd64/amd64/mem.c b/sys/arch/amd64/amd64/mem.c
index 55205417d6b..53db257d2fa 100644
--- a/sys/arch/amd64/amd64/mem.c
+++ b/sys/arch/amd64/amd64/mem.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mem.c,v 1.36 2024/06/23 22:08:37 kettenis Exp $ */
+/*	$OpenBSD: mem.c,v 1.37 2024/10/28 10:18:02 mvs Exp $ */
 /*
  * Copyright (c) 1988 University of Utah.
  * Copyright (c) 1982, 1986, 1990, 1993
@@ -51,6 +51,7 @@
 #include <sys/ioccom.h>
 #include <sys/malloc.h>
 #include <sys/memrange.h>
+#include <sys/atomic.h>
 
 #include <machine/cpu.h>
 
@@ -84,7 +85,8 @@ mmopen(dev_t dev, int flag, int mode, struct proc *p)
 	switch (minor(dev)) {
 	case 0:
 	case 1:
-		if (securelevel <= 0 || allowkmem)
+		if (atomic_load_int(&securelevel) <= 0 ||
+		    atomic_load_int(&allowkmem))
 			break;
 		return (EPERM);
 	case 2:
diff --git a/sys/arch/arm/arm/mem.c b/sys/arch/arm/arm/mem.c
index 85c0f69d5f1..25f702810ae 100644
--- a/sys/arch/arm/arm/mem.c
+++ b/sys/arch/arm/arm/mem.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mem.c,v 1.24 2024/06/23 22:08:37 kettenis Exp $	*/
+/*	$OpenBSD: mem.c,v 1.25 2024/10/28 10:18:02 mvs Exp $	*/
 /*	$NetBSD: mem.c,v 1.11 2003/10/16 12:02:58 jdolecek Exp $	*/
 
 /*
@@ -80,6 +80,7 @@
 #include <sys/uio.h>
 #include <sys/malloc.h>
 #include <sys/rwlock.h>
+#include <sys/atomic.h>
 
 #include <arm/conf.h>
 
@@ -103,7 +104,8 @@ mmopen(dev_t dev, int flag, int mode, struct proc *p)
 	switch (minor(dev)) {
 	case 0:
 	case 1:
-		if (securelevel <= 0 || allowkmem)
+		if (atomic_load_int(&securelevel) <= 0 ||
+		    atomic_load_int(&allowkmem))
 			break;
 		return (EPERM);
 	case 2:
diff --git a/sys/arch/arm64/arm64/mem.c b/sys/arch/arm64/arm64/mem.c
index 2084b979d04..fd0308065a7 100644
--- a/sys/arch/arm64/arm64/mem.c
+++ b/sys/arch/arm64/arm64/mem.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mem.c,v 1.7 2024/06/23 22:08:37 kettenis Exp $	*/
+/*	$OpenBSD: mem.c,v 1.8 2024/10/28 10:18:02 mvs Exp $	*/
 /*	$NetBSD: mem.c,v 1.11 2003/10/16 12:02:58 jdolecek Exp $	*/
 
 /*
@@ -83,6 +83,7 @@
 #include <sys/proc.h>
 #include <sys/fcntl.h>
 #include <sys/rwlock.h>
+#include <sys/atomic.h>
 
 #include <machine/cpu.h>
 #include <arm64/conf.h>
@@ -107,7 +108,8 @@ mmopen(dev_t dev, int flag, int mode, struct proc *p)
 	switch (minor(dev)) {
 	case 0:
 	case 1:
-		if (securelevel <= 0 || allowkmem)
+		if (atomic_load_int(&securelevel) <= 0 ||
+		    atomic_load_int(&allowkmem))
 			break;
 		return (EPERM);
 	case 2:
diff --git a/sys/arch/hppa/hppa/mem.c b/sys/arch/hppa/hppa/mem.c
index 90dd7da574d..2fc070e76c4 100644
--- a/sys/arch/hppa/hppa/mem.c
+++ b/sys/arch/hppa/hppa/mem.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mem.c,v 1.7 2024/06/23 22:08:37 kettenis Exp $	*/
+/*	$OpenBSD: mem.c,v 1.8 2024/10/28 10:18:02 mvs Exp $	*/
 
 /*
  * Copyright (c) 1998-2004 Michael Shalayeff
@@ -81,6 +81,7 @@
 #include <sys/device.h>
 #include <sys/errno.h>
 #include <sys/ioctl.h>
+#include <sys/atomic.h>
 
 #include <uvm/uvm_extern.h>
 
@@ -306,7 +307,8 @@ mmopen(dev_t dev, int flag, int ioflag, struct proc *p)
 	switch (minor(dev)) {
 	case 0:
 	case 1:
-		if (securelevel <= 0 || allowkmem)
+		if (atomic_load_int(&securelevel) <= 0 ||
+		    atomic_load_int(&allowkmem))
 			break;
 		return (EPERM);
 	case 2:
diff --git a/sys/arch/i386/i386/mem.c b/sys/arch/i386/i386/mem.c
index 6ae49d78e0d..6d534949240 100644
--- a/sys/arch/i386/i386/mem.c
+++ b/sys/arch/i386/i386/mem.c
@@ -1,5 +1,5 @@
 /*	$NetBSD: mem.c,v 1.31 1996/05/03 19:42:19 christos Exp $	*/
-/*	$OpenBSD: mem.c,v 1.57 2024/06/23 22:08:37 kettenis Exp $ */
+/*	$OpenBSD: mem.c,v 1.58 2024/10/28 10:18:03 mvs Exp $ */
 /*
  * Copyright (c) 1988 University of Utah.
  * Copyright (c) 1982, 1986, 1990, 1993
@@ -48,6 +48,7 @@
 #include <sys/malloc.h>
 #include <sys/memrange.h>
 #include <sys/rwlock.h>
+#include <sys/atomic.h>
 
 #include <machine/conf.h>
 
@@ -78,7 +79,8 @@ mmopen(dev_t dev, int flag, int mode, struct proc *p)
 	switch (minor(dev)) {
 	case 0:
 	case 1:
-		if (securelevel <= 0 || allowkmem)
+		if (atomic_load_int(&securelevel) <= 0 ||
+		    atomic_load_int(&allowkmem))
 			break;
 		return (EPERM);
 	case 2:
diff --git a/sys/arch/m88k/m88k/mem.c b/sys/arch/m88k/m88k/mem.c
index 217d2394c8b..0157fd2a0e1 100644
--- a/sys/arch/m88k/m88k/mem.c
+++ b/sys/arch/m88k/m88k/mem.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mem.c,v 1.7 2024/06/23 22:08:37 kettenis Exp $ */
+/*	$OpenBSD: mem.c,v 1.8 2024/10/28 10:18:03 mvs Exp $ */
 
 /*
  * Copyright (c) 1988 University of Utah.
@@ -46,6 +46,7 @@
 #include <sys/systm.h>
 #include <sys/uio.h>
 #include <sys/malloc.h>
+#include <sys/atomic.h>
 
 #include <machine/conf.h>
 
@@ -64,7 +65,8 @@ mmopen(dev_t dev, int flag, int mode, struct proc *p)
 	switch (minor(dev)) {
 	case 0:
 	case 1:
-		if (securelevel <= 0 || allowkmem)
+		if (atomic_load_int(&securelevel) <= 0 ||
+		    atomic_load_int(&allowkmem))
 			break;
 		return (EPERM);
 	case 2:
diff --git a/sys/arch/macppc/macppc/mem.c b/sys/arch/macppc/macppc/mem.c
index 1046e68e466..7e5ce6d1b31 100644
--- a/sys/arch/macppc/macppc/mem.c
+++ b/sys/arch/macppc/macppc/mem.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mem.c,v 1.29 2024/06/23 22:08:37 kettenis Exp $	*/
+/*	$OpenBSD: mem.c,v 1.30 2024/10/28 10:18:03 mvs Exp $	*/
 /*	$NetBSD: mem.c,v 1.1 1996/09/30 16:34:50 ws Exp $ */
 
 /*
@@ -48,6 +48,7 @@
 #include <sys/ioccom.h>
 #include <sys/uio.h>
 #include <sys/malloc.h>
+#include <sys/atomic.h>
 
 #include <machine/cpu.h>
 
@@ -196,7 +197,8 @@ mmopen(dev_t dev, int flag, int mode, struct proc *p)
 	switch (minor(dev)) {
 	case 0:
 	case 1:
-		if (securelevel <= 0 || allowkmem)
+		if (atomic_load_int(&securelevel) <= 0 ||
+		    atomic_load_int(&allowkmem))
 			break;
 		return (EPERM);
 	case 2:
diff --git a/sys/arch/mips64/mips64/mem.c b/sys/arch/mips64/mips64/mem.c
index 6a7f2d88e1d..47d49ef0d78 100644
--- a/sys/arch/mips64/mips64/mem.c
+++ b/sys/arch/mips64/mips64/mem.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mem.c,v 1.25 2024/06/23 22:08:37 kettenis Exp $	*/
+/*	$OpenBSD: mem.c,v 1.26 2024/10/28 10:18:03 mvs Exp $	*/
 /*	$NetBSD: mem.c,v 1.6 1995/04/10 11:55:03 mycroft Exp $	*/
 
 /*
@@ -54,6 +54,7 @@
 #include <sys/systm.h>
 #include <sys/uio.h>
 #include <sys/malloc.h>
+#include <sys/atomic.h>
 
 #include <machine/autoconf.h>
 #include <machine/cpu.h>
@@ -77,7 +78,8 @@ mmopen(dev_t dev, int flag, int mode, struct proc *p)
 	switch (minor(dev)) {
 	case 0:
 	case 1:
-		if (securelevel <= 0 || allowkmem)
+		if (atomic_load_int(&securelevel) <= 0 ||
+		    atomic_load_int(&allowkmem))
 			break;
 		return (EPERM);
 	case 2:
diff --git a/sys/arch/powerpc64/powerpc64/mem.c b/sys/arch/powerpc64/powerpc64/mem.c
index dc691ab63cc..3174f3f61c0 100644
--- a/sys/arch/powerpc64/powerpc64/mem.c
+++ b/sys/arch/powerpc64/powerpc64/mem.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mem.c,v 1.2 2024/06/23 22:08:37 kettenis Exp $	*/
+/*	$OpenBSD: mem.c,v 1.3 2024/10/28 10:18:03 mvs Exp $	*/
 
 /*
  * Copyright (c) 1988 University of Utah.
@@ -49,6 +49,7 @@
 #include <sys/malloc.h>
 #include <sys/fcntl.h>
 #include <sys/rwlock.h>
+#include <sys/atomic.h>
 
 #include <machine/cpu.h>
 #include <machine/conf.h>
@@ -68,7 +69,8 @@ mmopen(dev_t dev, int flag, int mode, struct proc *p)
 	switch (minor(dev)) {
 	case 0:
 	case 1:
-		if (securelevel <= 0 || allowkmem)
+		if (atomic_load_int(&securelevel) <= 0 ||
+		    atomic_load_int(&allowkmem))
 			break;
 		return (EPERM);
 	case 2:
diff --git a/sys/arch/riscv64/riscv64/mem.c b/sys/arch/riscv64/riscv64/mem.c
index 8fededf437e..cc6d9939dd5 100644
--- a/sys/arch/riscv64/riscv64/mem.c
+++ b/sys/arch/riscv64/riscv64/mem.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mem.c,v 1.6 2024/06/23 22:08:37 kettenis Exp $	*/
+/*	$OpenBSD: mem.c,v 1.7 2024/10/28 10:18:03 mvs Exp $	*/
 
 /*
  * Copyright (c) 1982, 1986, 1990, 1993
@@ -80,6 +80,7 @@
 #include <sys/malloc.h>
 #include <sys/proc.h>
 #include <sys/rwlock.h>
+#include <sys/atomic.h>
 
 #include <machine/conf.h>
 
@@ -103,7 +104,8 @@ mmopen(dev_t dev, int flag, int mode, struct proc *p)
 	switch (minor(dev)) {
 	case 0:
 	case 1:
-		if (securelevel <= 0 || allowkmem)
+		if (atomic_load_int(&securelevel) <= 0 ||
+		    atomic_load_int(&allowkmem))
 			break;
 		return (EPERM);
 	case 2:
diff --git a/sys/arch/sh/sh/mem.c b/sys/arch/sh/sh/mem.c
index d645b61cd8d..88c15695034 100644
--- a/sys/arch/sh/sh/mem.c
+++ b/sys/arch/sh/sh/mem.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mem.c,v 1.12 2024/06/23 22:08:37 kettenis Exp $	*/
+/*	$OpenBSD: mem.c,v 1.13 2024/10/28 10:18:03 mvs Exp $	*/
 /*	$NetBSD: mem.c,v 1.21 2006/07/23 22:06:07 ad Exp $	*/
 
 /*
@@ -88,6 +88,7 @@
 #include <sys/malloc.h>
 #include <sys/proc.h>
 #include <sys/conf.h>
+#include <sys/atomic.h>
 
 #include <uvm/uvm_extern.h>
 
@@ -107,7 +108,8 @@ mmopen(dev_t dev, int flag, int mode, struct proc *p)
 	switch (minor(dev)) {
 	case 0:
 	case 1:
-		if (securelevel <= 0 || allowkmem)
+		if (atomic_load_int(&securelevel) <= 0 ||
+		    atomic_load_int(&allowkmem))
 			break;
 		return (EPERM);
 	case 2:
diff --git a/sys/arch/sparc64/sparc64/mem.c b/sys/arch/sparc64/sparc64/mem.c
index acd60dd5fca..19b8152295d 100644
--- a/sys/arch/sparc64/sparc64/mem.c
+++ b/sys/arch/sparc64/sparc64/mem.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mem.c,v 1.21 2024/06/23 22:08:37 kettenis Exp $	*/
+/*	$OpenBSD: mem.c,v 1.22 2024/10/28 10:18:03 mvs Exp $	*/
 /*	$NetBSD: mem.c,v 1.18 2001/04/24 04:31:12 thorpej Exp $ */
 
 /*
@@ -50,6 +50,7 @@
 #include <sys/proc.h>
 #include <sys/rwlock.h>
 #include <sys/conf.h>
+#include <sys/atomic.h>
 
 #include <machine/conf.h>
 #include <machine/ctlreg.h>
@@ -68,7 +69,8 @@ mmopen(dev_t dev, int flag, int mode, struct proc *p)
 	switch (minor(dev)) {
 	case 0:
 	case 1:
-		if (securelevel <= 0 || allowkmem)
+		if (atomic_load_int(&securelevel) <= 0 ||
+		    atomic_load_int(&allowkmem))
 			break;
 		return (EPERM);
 	case 2:
diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c
index 5b3469af6e2..b8291ae7733 100644
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_sysctl.c,v 1.449 2024/10/25 21:02:34 mvs Exp $	*/
+/*	$OpenBSD: kern_sysctl.c,v 1.450 2024/10/28 10:18:03 mvs Exp $	*/
 /*	$NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $	*/
 
 /*-
@@ -122,6 +122,11 @@
 #include "ucom.h"
 #include "video.h"
 
+/*
+ * Locks used to protect data:
+ *	a	atomic
+ */
+
 extern struct forkstat forkstat;
 extern struct nchstats nchstats;
 extern int fscale;
@@ -132,7 +137,7 @@ extern int audio_record_enable;
 extern int video_record_enable;
 extern int autoconf_serial;
 
-int allowkmem;
+int allowkmem;		/* [a] */
 
 int sysctl_securelevel(void *, size_t *, void *, size_t, struct proc *);
 int sysctl_diskinit(int, struct proc *);
@@ -504,6 +509,9 @@ kern_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
 	}
 
 	switch (name[0]) {
+	case KERN_ALLOWKMEM:
+		return (sysctl_securelevel_int(oldp, oldlenp, newp, newlen,
+		    &allowkmem));
 	case KERN_OSTYPE:
 		return (sysctl_rdstring(oldp, oldlenp, newp, ostype));
 	case KERN_OSRELEASE:
@@ -616,9 +624,6 @@ kern_sysctl_locked(int *name, u_int namelen, void *oldp, size_t *oldlenp,
 	switch (name[0]) {
 	case KERN_SECURELVL:
 		return (sysctl_securelevel(oldp, oldlenp, newp, newlen, p));
-	case KERN_ALLOWKMEM:
-		return (sysctl_securelevel_int(oldp, oldlenp, newp, newlen,
-		    &allowkmem));
 	case KERN_HOSTNAME:
 		error = sysctl_tstring(oldp, oldlenp, newp, newlen,
 		    hostname, sizeof(hostname));