Module Name: src
Committed By: elad
Date: Tue Oct 6 21:07:06 UTC 2009
Modified Files:
src/sys/arch/x86/x86: x86_machdep.c
src/sys/kern: init_main.c kern_stub.c
src/sys/secmodel/suser: secmodel_suser.c
src/sys/sys: systm.h
Log Message:
Add a (weak aliased) machdep_init() as a place to do machdep initialization
that can't happen as early as the other init functions as called from
cpu_startup() -- for example, register kauth(9) listeners.
Put unprivileged policy in the x86 code; used by i386, amd64, and xen.
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/sys/arch/x86/x86/x86_machdep.c
cvs rdiff -u -r1.405 -r1.406 src/sys/kern/init_main.c
cvs rdiff -u -r1.19 -r1.20 src/sys/kern/kern_stub.c
cvs rdiff -u -r1.28 -r1.29 src/sys/secmodel/suser/secmodel_suser.c
cvs rdiff -u -r1.235 -r1.236 src/sys/sys/systm.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/x86/x86/x86_machdep.c
diff -u src/sys/arch/x86/x86/x86_machdep.c:1.34 src/sys/arch/x86/x86/x86_machdep.c:1.35
--- src/sys/arch/x86/x86/x86_machdep.c:1.34 Mon Oct 5 23:59:31 2009
+++ src/sys/arch/x86/x86/x86_machdep.c Tue Oct 6 21:07:05 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: x86_machdep.c,v 1.34 2009/10/05 23:59:31 rmind Exp $ */
+/* $NetBSD: x86_machdep.c,v 1.35 2009/10/06 21:07:05 elad Exp $ */
/*-
* Copyright (c) 2002, 2006, 2007 YAMAMOTO Takashi,
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: x86_machdep.c,v 1.34 2009/10/05 23:59:31 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: x86_machdep.c,v 1.35 2009/10/06 21:07:05 elad Exp $");
#include "opt_modular.h"
@@ -74,6 +74,8 @@
/* --------------------------------------------------------------------- */
+static kauth_listener_t x86_listener;
+
/*
* Given the type of a bootinfo entry, looks for a matching item inside
* the bootinfo structure. If found, returns a pointer to it (which must
@@ -816,3 +818,35 @@
DELAY(500000); /* wait 0.5 sec to see if that did it */
}
}
+
+static int
+x86_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
+ void *arg0, void *arg1, void *arg2, void *arg3)
+{
+ int result;
+
+ result = KAUTH_RESULT_DEFER;
+
+ switch (action) {
+ case KAUTH_MACHDEP_IOPERM_GET:
+ case KAUTH_MACHDEP_LDT_GET:
+ case KAUTH_MACHDEP_LDT_SET:
+ case KAUTH_MACHDEP_MTRR_GET:
+ result = KAUTH_RESULT_ALLOW;
+
+ break;
+
+ default:
+ break;
+ }
+
+ return result;
+}
+
+void
+machdep_init(void)
+{
+
+ x86_listener = kauth_listen_scope(KAUTH_SCOPE_MACHDEP,
+ x86_listener_cb, NULL);
+}
Index: src/sys/kern/init_main.c
diff -u src/sys/kern/init_main.c:1.405 src/sys/kern/init_main.c:1.406
--- src/sys/kern/init_main.c:1.405 Sat Oct 3 22:32:56 2009
+++ src/sys/kern/init_main.c Tue Oct 6 21:07:05 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: init_main.c,v 1.405 2009/10/03 22:32:56 elad Exp $ */
+/* $NetBSD: init_main.c,v 1.406 2009/10/06 21:07:05 elad Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -97,7 +97,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.405 2009/10/03 22:32:56 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.406 2009/10/06 21:07:05 elad Exp $");
#include "opt_ddb.h"
#include "opt_ipsec.h"
@@ -569,6 +569,8 @@
wapbl_init();
#endif
+ machdep_init();
+
/*
* Create process 1 (init(8)). We do this now, as Unix has
* historically had init be process 1, and changing this would
Index: src/sys/kern/kern_stub.c
diff -u src/sys/kern/kern_stub.c:1.19 src/sys/kern/kern_stub.c:1.20
--- src/sys/kern/kern_stub.c:1.19 Sun Jul 19 02:50:44 2009
+++ src/sys/kern/kern_stub.c Tue Oct 6 21:07:06 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_stub.c,v 1.19 2009/07/19 02:50:44 rmind Exp $ */
+/* $NetBSD: kern_stub.c,v 1.20 2009/10/06 21:07:06 elad Exp $ */
/*-
* Copyright (c) 2007, 2008 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_stub.c,v 1.19 2009/07/19 02:50:44 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_stub.c,v 1.20 2009/10/06 21:07:06 elad Exp $");
#include "opt_ptrace.h"
#include "opt_ktrace.h"
@@ -130,6 +130,8 @@
__weak_alias(ktr_point,nullop);
#endif /* KTRACE */
+__weak_alias(machdep_init,nullop);
+
#if !defined(KERN_SA)
/*
* Scheduler activations system calls. These need to remain, even when
Index: src/sys/secmodel/suser/secmodel_suser.c
diff -u src/sys/secmodel/suser/secmodel_suser.c:1.28 src/sys/secmodel/suser/secmodel_suser.c:1.29
--- src/sys/secmodel/suser/secmodel_suser.c:1.28 Tue Oct 6 20:34:22 2009
+++ src/sys/secmodel/suser/secmodel_suser.c Tue Oct 6 21:07:06 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: secmodel_suser.c,v 1.28 2009/10/06 20:34:22 elad Exp $ */
+/* $NetBSD: secmodel_suser.c,v 1.29 2009/10/06 21:07:06 elad Exp $ */
/*-
* Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
* All rights reserved.
@@ -38,7 +38,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.28 2009/10/06 20:34:22 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.29 2009/10/06 21:07:06 elad Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -800,9 +800,6 @@
case KAUTH_MACHDEP_LDT_GET:
case KAUTH_MACHDEP_LDT_SET:
case KAUTH_MACHDEP_MTRR_GET:
- result = KAUTH_RESULT_ALLOW;
- break;
-
case KAUTH_MACHDEP_CACHEFLUSH:
case KAUTH_MACHDEP_IOPERM_SET:
case KAUTH_MACHDEP_IOPL:
Index: src/sys/sys/systm.h
diff -u src/sys/sys/systm.h:1.235 src/sys/sys/systm.h:1.236
--- src/sys/sys/systm.h:1.235 Sun Mar 29 10:58:28 2009
+++ src/sys/sys/systm.h Tue Oct 6 21:07:05 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: systm.h,v 1.235 2009/03/29 10:58:28 ad Exp $ */
+/* $NetBSD: systm.h,v 1.236 2009/10/06 21:07:05 elad Exp $ */
/*-
* Copyright (c) 1982, 1988, 1991, 1993
@@ -397,6 +397,8 @@
void kmstartup(void);
#endif
+void machdep_init(void);
+
#ifdef _KERNEL
#include <lib/libkern/libkern.h>
