summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/arch/alpha/alpha/mem.c15
-rw-r--r--sys/arch/amd64/amd64/mem.c7
-rw-r--r--sys/arch/arm/arm/mem.c21
-rw-r--r--sys/arch/hppa/hppa/mem.c16
-rw-r--r--sys/arch/i386/i386/mem.c6
-rw-r--r--sys/arch/m88k/m88k/mem.c21
-rw-r--r--sys/arch/macppc/macppc/mem.c18
-rw-r--r--sys/arch/mips64/mips64/mem.c9
-rw-r--r--sys/arch/sh/sh/mem.c8
-rw-r--r--sys/arch/socppc/socppc/mem.c18
-rw-r--r--sys/arch/sparc64/sparc64/mem.c15
-rw-r--r--sys/kern/kern_sysctl.c10
-rw-r--r--sys/sys/sysctl.h10
13 files changed, 125 insertions, 49 deletions
diff --git a/sys/arch/alpha/alpha/mem.c b/sys/arch/alpha/alpha/mem.c
index ad3812ae22c..9a971403c36 100644
--- a/sys/arch/alpha/alpha/mem.c
+++ b/sys/arch/alpha/alpha/mem.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mem.c,v 1.30 2016/08/15 22:01:59 tedu Exp $ */
+/* $OpenBSD: mem.c,v 1.31 2016/09/25 15:23:36 deraadt Exp $ */
/* $NetBSD: mem.c,v 1.26 2000/03/29 03:48:20 simonb Exp $ */
/*
@@ -70,12 +70,18 @@ extern int allowaperture;
int
mmopen(dev_t dev, int flag, int mode, struct proc *p)
{
+ extern int allowkmem;
switch (minor(dev)) {
case 0:
case 1:
+ if (securelevel <= 0 || allowkmem)
+ break;
+ return (EPERM);
+ }
case 2:
- return (0);
+ case 12:
+ break;
#ifdef APERTURE
case 4:
if (suser(p, 0) != 0 || !allowaperture)
@@ -86,13 +92,12 @@ mmopen(dev_t dev, int flag, int mode, struct proc *p)
if (ap_open_count > 0 && allowaperture < 3)
return (EPERM);
ap_open_count++;
- return (0);
+ break;
#endif
- case 12:
- return (0);
default:
return (ENXIO);
}
+ return (0);
}
int
diff --git a/sys/arch/amd64/amd64/mem.c b/sys/arch/amd64/amd64/mem.c
index 739dd29a4be..0dfe2300e08 100644
--- a/sys/arch/amd64/amd64/mem.c
+++ b/sys/arch/amd64/amd64/mem.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mem.c,v 1.30 2016/08/15 22:01:59 tedu Exp $ */
+/* $OpenBSD: mem.c,v 1.31 2016/09/25 15:23:36 deraadt Exp $ */
/*
* Copyright (c) 1988 University of Utah.
* Copyright (c) 1982, 1986, 1990, 1993
@@ -81,9 +81,14 @@ int mem_range_attr_set(struct mem_range_desc *, int *);
int
mmopen(dev_t dev, int flag, int mode, struct proc *p)
{
+ extern int allowkmem;
+
switch (minor(dev)) {
case 0:
case 1:
+ if (securelevel <= 0 || allowkmem)
+ break;
+ return (EPERM);
case 2:
case 12:
break;
diff --git a/sys/arch/arm/arm/mem.c b/sys/arch/arm/arm/mem.c
index 2e76a251861..c05990f6c52 100644
--- a/sys/arch/arm/arm/mem.c
+++ b/sys/arch/arm/arm/mem.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mem.c,v 1.18 2016/08/16 18:21:54 tedu Exp $ */
+/* $OpenBSD: mem.c,v 1.19 2016/09/25 15:23:37 deraadt Exp $ */
/* $NetBSD: mem.c,v 1.11 2003/10/16 12:02:58 jdolecek Exp $ */
/*
@@ -101,15 +101,20 @@ extern int allowaperture;
int
mmopen(dev_t dev, int flag, int mode, struct proc *p)
{
+ extern int allowkmem;
+
switch (minor(dev)) {
- case 0:
- case 1:
- case 2:
- case 12:
+ case 0:
+ case 1:
+ if (securelevel <= 0 || allowkmem)
break;
+ return (EPERM);
+ case 2:
+ case 12:
+ break;
#ifdef APERTURE
case 4:
- if (suser(p, 0) != 0 || !allowaperture)
+ if (suser(p, 0) != 0 || !allowaperture)
return (EPERM);
/* authorize only one simultaneous open() unless
@@ -119,8 +124,8 @@ mmopen(dev_t dev, int flag, int mode, struct proc *p)
ap_open_count++;
break;
#endif
- default:
- return (ENXIO);
+ default:
+ return (ENXIO);
}
return (0);
}
diff --git a/sys/arch/hppa/hppa/mem.c b/sys/arch/hppa/hppa/mem.c
index 6b43cccb6e3..94984bdc47a 100644
--- a/sys/arch/hppa/hppa/mem.c
+++ b/sys/arch/hppa/hppa/mem.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mem.c,v 1.1 2016/08/19 20:48:36 tedu Exp $ */
+/* $OpenBSD: mem.c,v 1.2 2016/09/25 15:23:37 deraadt Exp $ */
/*
* Copyright (c) 1998-2004 Michael Shalayeff
@@ -302,6 +302,20 @@ viper_eisa_en(void)
int
mmopen(dev_t dev, int flag, int ioflag, struct proc *p)
{
+ extern int allowkmem;
+
+ switch (minor(dev)) {
+ case 0:
+ case 1:
+ if (securelevel <= 0 || allowkmem)
+ break;
+ return (EPERM);
+ case 2:
+ case 12:
+ break;
+ default:
+ return (ENXIO);
+ }
return (0);
}
diff --git a/sys/arch/i386/i386/mem.c b/sys/arch/i386/i386/mem.c
index 5282cca2683..42c6282a608 100644
--- a/sys/arch/i386/i386/mem.c
+++ b/sys/arch/i386/i386/mem.c
@@ -1,5 +1,5 @@
/* $NetBSD: mem.c,v 1.31 1996/05/03 19:42:19 christos Exp $ */
-/* $OpenBSD: mem.c,v 1.50 2016/08/16 18:19:15 tedu Exp $ */
+/* $OpenBSD: mem.c,v 1.51 2016/09/25 15:23:37 deraadt Exp $ */
/*
* Copyright (c) 1988 University of Utah.
* Copyright (c) 1982, 1986, 1990, 1993
@@ -76,10 +76,14 @@ static int mem_ioctl(dev_t, u_long, caddr_t, int, struct proc *);
int
mmopen(dev_t dev, int flag, int mode, struct proc *p)
{
+ extern int allowkmem;
switch (minor(dev)) {
case 0:
case 1:
+ if (securelevel <= 0 || allowkmem)
+ break;
+ return (EPERM);
case 2:
case 12:
break;
diff --git a/sys/arch/m88k/m88k/mem.c b/sys/arch/m88k/m88k/mem.c
index ff057b58b04..93167c253ab 100644
--- a/sys/arch/m88k/m88k/mem.c
+++ b/sys/arch/m88k/m88k/mem.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mem.c,v 1.4 2016/08/01 15:58:22 tedu Exp $ */
+/* $OpenBSD: mem.c,v 1.5 2016/09/25 15:23:37 deraadt Exp $ */
/*
* Copyright (c) 1988 University of Utah.
@@ -58,16 +58,21 @@ extern void *etext;
int
mmopen(dev_t dev, int flag, int mode, struct proc *p)
{
+ extern int allowkmem;
switch (minor(dev)) {
- case 0:
- case 1:
- case 2:
- case 12:
- return (0);
- default:
- return (ENXIO);
+ case 0:
+ case 1:
+ if (securelevel <= 0 || allowkmem)
+ break;
+ return (EPERM);
+ case 2:
+ case 12:
+ break;
+ default:
+ return (ENXIO);
}
+ return (0);
}
int
diff --git a/sys/arch/macppc/macppc/mem.c b/sys/arch/macppc/macppc/mem.c
index 81360d042a7..0404d92dad9 100644
--- a/sys/arch/macppc/macppc/mem.c
+++ b/sys/arch/macppc/macppc/mem.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mem.c,v 1.23 2016/08/15 22:01:59 tedu Exp $ */
+/* $OpenBSD: mem.c,v 1.24 2016/09/25 15:23:37 deraadt Exp $ */
/* $NetBSD: mem.c,v 1.1 1996/09/30 16:34:50 ws Exp $ */
/*
@@ -191,13 +191,17 @@ mem_i2c_exec(void *cookie, i2c_op_t op, i2c_addr_t addr,
int
mmopen(dev_t dev, int flag, int mode, struct proc *p)
{
+ extern int allowkmem;
switch (minor(dev)) {
- case 0:
- case 1:
- case 2:
- case 12:
+ case 0:
+ case 1:
+ if (securelevel <= 0 || allowkmem)
break;
+ return (EPERM);
+ case 2:
+ case 12:
+ break;
#ifdef APERTURE
case 4:
if (suser(p, 0) != 0 || !allowaperture)
@@ -210,8 +214,8 @@ mmopen(dev_t dev, int flag, int mode, struct proc *p)
ap_open_count++;
break;
#endif
- default:
- return (ENXIO);
+ default:
+ return (ENXIO);
}
return (0);
}
diff --git a/sys/arch/mips64/mips64/mem.c b/sys/arch/mips64/mips64/mem.c
index bab2383934a..28706b9ba6d 100644
--- a/sys/arch/mips64/mips64/mem.c
+++ b/sys/arch/mips64/mips64/mem.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mem.c,v 1.21 2016/08/01 15:58:22 tedu Exp $ */
+/* $OpenBSD: mem.c,v 1.22 2016/09/25 15:23:37 deraadt Exp $ */
/* $NetBSD: mem.c,v 1.6 1995/04/10 11:55:03 mycroft Exp $ */
/*
@@ -71,16 +71,21 @@ cdev_decl(mm);
int
mmopen(dev_t dev, int flag, int mode, struct proc *p)
{
+ extern int allowkmem;
switch (minor(dev)) {
case 0:
case 1:
+ if (securelevel <= 0 || allowkmem)
+ break;
+ return (EPERM);
case 2:
case 12:
- return (0);
+ break;
default:
return (ENXIO);
}
+ return (0);
}
int
diff --git a/sys/arch/sh/sh/mem.c b/sys/arch/sh/sh/mem.c
index fdbe75a5b71..596864a52ca 100644
--- a/sys/arch/sh/sh/mem.c
+++ b/sys/arch/sh/sh/mem.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mem.c,v 1.8 2016/08/16 18:21:54 tedu Exp $ */
+/* $OpenBSD: mem.c,v 1.9 2016/09/25 15:23:37 deraadt Exp $ */
/* $NetBSD: mem.c,v 1.21 2006/07/23 22:06:07 ad Exp $ */
/*
@@ -101,16 +101,20 @@ cdev_decl(mm);
int
mmopen(dev_t dev, int flag, int mode, struct proc *p)
{
+ extern int allowkmem;
+
switch (minor(dev)) {
case 0:
case 1:
+ if (securelevel <= 0 || allowkmem)
+ break;
+ return (EPERM);
case 2:
case 12:
break;
default:
return (ENXIO);
}
-
return (0);
}
diff --git a/sys/arch/socppc/socppc/mem.c b/sys/arch/socppc/socppc/mem.c
index e17f055de68..54aaa6688ba 100644
--- a/sys/arch/socppc/socppc/mem.c
+++ b/sys/arch/socppc/socppc/mem.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mem.c,v 1.5 2016/08/15 22:01:59 tedu Exp $ */
+/* $OpenBSD: mem.c,v 1.6 2016/09/25 15:23:37 deraadt Exp $ */
/* $NetBSD: mem.c,v 1.1 1996/09/30 16:34:50 ws Exp $ */
/*
@@ -58,13 +58,17 @@
int
mmopen(dev_t dev, int flag, int mode, struct proc *p)
{
+ extern int allowkmem;
switch (minor(dev)) {
- case 0:
- case 1:
- case 2:
- case 12:
+ case 0:
+ case 1:
+ if (securelevel <= 0 || allowkmem)
break;
+ return (EPERM);
+ case 2:
+ case 12:
+ break;
#ifdef xAPERTURE
case 4:
if (suser(p, 0) != 0 || !allowaperture)
@@ -76,8 +80,8 @@ mmopen(dev_t dev, int flag, int mode, struct proc *p)
ap_open_count++;
break;
#endif
- default:
- return (ENXIO);
+ default:
+ return (ENXIO);
}
return (0);
}
diff --git a/sys/arch/sparc64/sparc64/mem.c b/sys/arch/sparc64/sparc64/mem.c
index 7e21614180f..d4780e51c4b 100644
--- a/sys/arch/sparc64/sparc64/mem.c
+++ b/sys/arch/sparc64/sparc64/mem.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mem.c,v 1.17 2016/08/16 18:17:36 tedu Exp $ */
+/* $OpenBSD: mem.c,v 1.18 2016/09/25 15:23:37 deraadt Exp $ */
/* $NetBSD: mem.c,v 1.18 2001/04/24 04:31:12 thorpej Exp $ */
/*
@@ -62,7 +62,20 @@ caddr_t zeropage;
int
mmopen(dev_t dev, int flag, int mode, struct proc *p)
{
+ extern int allowkmem;
+ switch (minor(dev)) {
+ case 0:
+ case 1:
+ if (securelevel <= 0 || allowkmem)
+ break;
+ return (EPERM);
+ case 2:
+ case 12:
+ break;
+ default:
+ return (ENXIO);
+ }
return (0);
}
diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c
index c0d9e1eabcc..c36988f0773 100644
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kern_sysctl.c,v 1.311 2016/09/21 14:06:50 deraadt Exp $ */
+/* $OpenBSD: kern_sysctl.c,v 1.312 2016/09/25 15:23:37 deraadt Exp $ */
/* $NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $ */
/*-
@@ -118,6 +118,8 @@ extern fixpt_t ccpu;
extern long numvnodes;
extern u_int net_livelocks;
+int allowkmem;
+
extern void nmbclust_update(void);
int sysctl_diskinit(int, struct proc *);
@@ -340,6 +342,12 @@ kern_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
return (EPERM);
securelevel = level;
return (0);
+ case KERN_ALLOWKMEM:
+ if (securelevel > 0)
+ return (sysctl_rdint(oldp, oldlenp, newp,
+ allowkmem));
+ return (sysctl_int(oldp, oldlenp, newp, newlen,
+ &allowkmem));
case KERN_HOSTNAME:
error = sysctl_tstring(oldp, oldlenp, newp, newlen,
hostname, sizeof(hostname));
diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h
index 506c6908cad..591f7bd0ad3 100644
--- a/sys/sys/sysctl.h
+++ b/sys/sys/sysctl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sysctl.h,v 1.166 2016/09/21 14:06:50 deraadt Exp $ */
+/* $OpenBSD: sysctl.h,v 1.167 2016/09/25 15:23:37 deraadt Exp $ */
/* $NetBSD: sysctl.h,v 1.16 1996/04/09 20:55:36 cgd Exp $ */
/*
@@ -137,7 +137,7 @@ struct ctlname {
#define KERN_SYSVMSG 34 /* int: SysV message queue suppoprt */
#define KERN_SYSVSEM 35 /* int: SysV semaphore support */
#define KERN_SYSVSHM 36 /* int: SysV shared memory support */
-/* was KERN_ARND 37 */
+/* was KERN_ARND 37 */
#define KERN_MSGBUFSIZE 38 /* int: size of message buffer */
#define KERN_MALLOCSTATS 39 /* node: malloc statistics */
#define KERN_CPTIME 40 /* array: cp_time */
@@ -152,7 +152,7 @@ struct ctlname {
#define KERN_POOL 49 /* struct: pool information */
#define KERN_STACKGAPRANDOM 50 /* int: stackgap_random */
#define KERN_SYSVIPC_INFO 51 /* struct: SysV sem/shm/msg info */
-/* was KERN_USERCRYPTO 52 */
+#define KERN_ALLOWKMEM 52 /* int: allowkmem */
/* was KERN_CRYPTODEVALLOWSOFT 53 */
#define KERN_SPLASSERT 54 /* int: splassert */
#define KERN_PROC_ARGS 55 /* node: proc args and env */
@@ -224,7 +224,7 @@ struct ctlname {
{ "sysvmsg", CTLTYPE_INT }, \
{ "sysvsem", CTLTYPE_INT }, \
{ "sysvshm", CTLTYPE_INT }, \
- { "arandom", CTLTYPE_INT }, \
+ { "gap", 0 }, \
{ "msgbufsize", CTLTYPE_INT }, \
{ "malloc", CTLTYPE_NODE }, \
{ "cp_time", CTLTYPE_STRUCT }, \
@@ -239,7 +239,7 @@ struct ctlname {
{ "pool", CTLTYPE_NODE }, \
{ "stackgap_random", CTLTYPE_INT }, \
{ "sysvipc_info", CTLTYPE_INT }, \
- { "gap", 0 }, \
+ { "allowkmem", CTLTYPE_INT }, \
{ "gap", 0 }, \
{ "splassert", CTLTYPE_INT }, \
{ "procargs", CTLTYPE_NODE }, \
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-24 05:47:08 +0000