dt(4) is a debugging interface that allows userland to read kernel
addresses. So its access should be restricted by default, just like
mem(4).
Diff prevent opening the pseudo-device unless `allowkmem' is set.
ok?
Index: sys/dev/dt/dt_dev.c
===================================================================
RCS file: /cvs/src/sys/dev/dt/dt_dev.c,v
retrieving revision 1.1
diff -u -p -r1.1 dt_dev.c
--- sys/dev/dt/dt_dev.c 21 Jan 2020 16:16:23 -0000 1.1
+++ sys/dev/dt/dt_dev.c 22 Jan 2020 13:59:01 -0000
@@ -132,6 +132,10 @@ dtopen(dev_t dev, int flags, int mode, s
{
struct dt_softc *sc;
int unit = minor(dev);
+ extern int allowkmem;
+
+ if (!allowkmem)
+ return EPERM;
KASSERT(dtlookup(unit) == NULL);
Index: share/man/man4/dt.4
===================================================================
RCS file: /cvs/src/share/man/man4/dt.4,v
retrieving revision 1.1
diff -u -p -r1.1 dt.4
--- share/man/man4/dt.4 21 Jan 2020 16:18:28 -0000 1.1
+++ share/man/man4/dt.4 22 Jan 2020 14:01:13 -0000
@@ -28,6 +28,11 @@ It has to be configured and enabled thro
.Xr ioctl 2
interface exposed by the pseudo-device
.Pa /dev/dt .
+.Pp
+This device can only be opened when the
+.Va kern.allowkmem
+.Xr sysctl 2
+variable is set.
.\"Sh IOCTL INTERFACE
.\"
.Sh FILES
