On Tue, Sep 10, 2013 at 05:24:31PM +1000, Paul Kelly wrote: > Dear list, > > Here's a manpage diff for i386_get_ioperm(2) to reflect the > behaviour I have observed (see below diff). Please whack me with a > stick if I have made any obvious mistakes. > >
diff below committed. mark kettenis advised me just to lift the securelevel text from i386_iopl(2), which makes sense. he also wanted it left that both could return EFAULT. thanks for your mail, jmc Index: i386_get_ioperm.2 =================================================================== RCS file: /cvs/src/lib/libarch/i386/i386_get_ioperm.2,v retrieving revision 1.14 diff -u -r1.14 i386_get_ioperm.2 --- i386_get_ioperm.2 26 Jun 2008 05:42:04 -0000 1.14 +++ i386_get_ioperm.2 14 Sep 2013 14:56:27 -0000 @@ -50,7 +50,12 @@ .Fn i386_set_ioperm sets the I/O permission bitmap from the data pointed to by .Fa iomap . -This call is restricted to the superuser. +This call may only be made by the superuser. +Additionally, it is only permitted when the +.Xr securelevel 7 +is less than or equal to 0 or the +.Va machdep.allowaperture +sysctl has been set to a non-zero value. .Pp The permission bitmap contains 1024 bits in 32 longwords. If bit @@ -90,8 +95,16 @@ .It Bq Er EFAULT .Fa iomap points outside the process's allocated address space. +.El +.Pp +Additionally +.Fn i386_set_ioperm +will fail if: +.Bl -tag -width [EINVAL] .It Bq Er EPERM -The caller was not the superuser. +The caller was not the superuser, or the securelevel is greater than zero and +.Va machdep.allowaperture +has not been set to a non-zero value. .El .Sh SEE ALSO .Xr i386_iopl 2
