6417 Want a privilege for accessing information about physical memory

Reviewed by: Robert Mustacchi <rm@joyent.com>
Approved by: Gordon Ross <gordon.ross@nexenta.com>

6 files changed, 63 insertions, 24 deletions

diff --git a/usr/src/man/man2/meminfo.2 b/usr/src/man/man2/meminfo.2
index e606865486..797b91a2ef 100644
--- a/usr/src/man/man2/meminfo.2
+++ b/usr/src/man/man2/meminfo.2
@@ -1,9 +1,10 @@
 '\" te
 .\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved.
+.\" Copyright 2015, Joyent, Inc.
 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH MEMINFO 2 "Feb 21, 2003"
+.TH MEMINFO 2 "Mar 10, 2015"
 .SH NAME
 meminfo \- provide information about memory
 .SH SYNOPSIS
@@ -18,7 +19,6 @@ meminfo \- provide information about memory
 .fi
 
 .SH PARAMETERS
-.sp
 .ne 2
 .na
 \fB\fIinaddr\fR\fR
@@ -77,7 +77,6 @@ to first member of \fIinfo_req\fR, and so on
 .RE
 
 .SH DESCRIPTION
-.sp
 .LP
 The \fBmeminfo()\fR function provides information about virtual and physical
 memory particular to the calling process.  The user or developer of performance
@@ -151,13 +150,16 @@ lgrp of \fIn\fRth physical replica of specified virtual address
 locality group of specified physical address
 .RE
 
-.SH RETURN VALUES
 .sp
 .LP
+All but \fBMEMINFO_VLGRP\fR and \fBMEMINFO_VPAGESIZE\fR require the
+\fBPRIV_PROC_MEMINFO\fR privilege.
+
+.SH RETURN VALUES
+.LP
 Upon successful completion \fBmeminfo()\fR returns 0. Otherwise \(mi1 is
 returned and \fBerrno\fR is set to indicate the error.
 .SH ERRORS
-.sp
 .LP
 The \fBmeminfo()\fR function will fail if:
 .sp
@@ -243,7 +245,6 @@ print_info(void **addrvec, int how_many)
 .in -2
 
 .SH ATTRIBUTES
-.sp
 .LP
 See \fBattributes\fR(5) for descriptions of the following attributes:
 .sp
@@ -261,8 +262,7 @@ MT-Level	Async-Signal-Safe
 .TE
 
 .SH SEE ALSO
-.sp
 .LP
 \fBmemcntl\fR(2), \fBmmap\fR(2), \fBgethomelgroup\fR(3C),
 \fBgetpagesize\fR(3C), \fBmadvise\fR(3C), \fBsysconf\fR(3C),
-\fBattributes\fR(5)
+\fBattributes\fR(5), \fBprivileges\fR(5)
diff --git a/usr/src/man/man5/privileges.5 b/usr/src/man/man5/privileges.5
index f088477eba..6f7ce67ac3 100644
--- a/usr/src/man/man5/privileges.5
+++ b/usr/src/man/man5/privileges.5
@@ -1,10 +1,10 @@
 '\" te
 .\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved.
-.\" Copyright 2013, Joyent, Inc. All Rights Reserved.
+.\" Copyright 2015, Joyent, Inc. All Rights Reserved.
 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
 .\"  See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with
 .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH PRIVILEGES 5 "Sep 8, 2015"
+.TH PRIVILEGES 5 "Oct 30, 2015"
 .SH NAME
 privileges \- process privilege model
 .SH DESCRIPTION
@@ -523,6 +523,16 @@ Allow a process to lock pages in physical memory.
 .sp
 .ne 2
 .na
+\fB\fBPRIV_PROC_MEMINFO\fR\fR
+.ad
+.sp .6
+.RS 4n
+Allow a process to access physical memory information.
+.RE
+
+.sp
+.ne 2
+.na
 \fB\fBPRIV_PROC_OWNER\fR\fR
 .ad
 .sp .6
diff --git a/usr/src/uts/common/os/policy.c b/usr/src/uts/common/os/policy.c
index 05deaaf43b..07bc2920da 100644
--- a/usr/src/uts/common/os/policy.c
+++ b/usr/src/uts/common/os/policy.c
@@ -2072,6 +2072,12 @@ secpolicy_tasksys(const cred_t *cr)
 }
 
 int
+secpolicy_meminfo(const cred_t *cr)
+{
+	return (PRIV_POLICY(cr, PRIV_PROC_MEMINFO, B_FALSE, EPERM, NULL));
+}
+
+int
 secpolicy_pfexec_register(const cred_t *cr)
 {
 	return (PRIV_POLICY(cr, PRIV_SYS_ADMIN, B_TRUE, EPERM, NULL));
diff --git a/usr/src/uts/common/os/priv_defs b/usr/src/uts/common/os/priv_defs
index bfacce1739..a3cdaccc2a 100644
--- a/usr/src/uts/common/os/priv_defs
+++ b/usr/src/uts/common/os/priv_defs
@@ -20,7 +20,7 @@
  */
 /*
  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2013, Joyent, Inc. All rights reserved.
+ * Copyright 2015, Joyent, Inc. All rights reserved.
  *
 INSERT COMMENT
  */
@@ -291,6 +291,10 @@ privilege PRIV_PROC_LOCK_MEMORY
 
 	Allows a process to lock pages in physical memory.
 
+privilege PRIV_PROC_MEMINFO
+
+	Allows a process to access physical memory information.
+
 privilege PRIV_PROC_OWNER
 
 	Allows a process to send signals to other processes, inspect
diff --git a/usr/src/uts/common/sys/policy.h b/usr/src/uts/common/sys/policy.h
index 276c4d386e..5f5b66d437 100644
--- a/usr/src/uts/common/sys/policy.h
+++ b/usr/src/uts/common/sys/policy.h
@@ -20,7 +20,7 @@
  */
 /*
  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
- * Copyright 2013, Joyent, Inc. All rights reserved.
+ * Copyright 2015, Joyent, Inc. All rights reserved.
  */
 
 #ifndef	_SYS_POLICY_H
@@ -107,6 +107,7 @@ int secpolicy_ipc_config(const cred_t *);
 int secpolicy_ipc_owner(const cred_t *, const struct kipc_perm *);
 int secpolicy_kmdb(const cred_t *);
 int secpolicy_lock_memory(const cred_t *);
+int secpolicy_meminfo(const cred_t *);
 int secpolicy_modctl(const cred_t *, int);
 int secpolicy_net(const cred_t *, int, boolean_t);
 int secpolicy_net_bindmlp(const cred_t *);
diff --git a/usr/src/uts/common/syscall/lgrpsys.c b/usr/src/uts/common/syscall/lgrpsys.c
index 44d616fa34..a8afac8627 100644
--- a/usr/src/uts/common/syscall/lgrpsys.c
+++ b/usr/src/uts/common/syscall/lgrpsys.c
@@ -22,10 +22,9 @@
 /*
  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ * Copyright 2015 Joyent, Inc.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 /*
  * lgroup system calls
  */
@@ -40,6 +39,7 @@
 #include <sys/lgrp_user.h>
 #include <sys/promif.h>		/* for prom_printf() */
 #include <sys/sysmacros.h>
+#include <sys/policy.h>
 
 #include <vm/as.h>
 
@@ -141,6 +141,24 @@ meminfo(int addr_count, struct meminfo *mip)
 	}
 
 	/*
+	 * Validate privs for each req.
+	 */
+	for (i = 0; i < info_count; i++) {
+		switch (req_array[i] & MEMINFO_MASK) {
+		case MEMINFO_VLGRP:
+		case MEMINFO_VPAGESIZE:
+			break;
+		default:
+			if (secpolicy_meminfo(CRED()) != 0) {
+				kmem_free(req_array, req_size);
+				kmem_free(in_array, in_size);
+				return (set_errno(EPERM));
+			}
+			break;
+		}
+	}
+
+	/*
 	 * allocate buffer out_array which holds the results and will have
 	 * to be copied out later
 	 */
@@ -186,7 +204,7 @@ meminfo(int addr_count, struct meminfo *mip)
 			pfn = hat_getpfnum(hat, (caddr_t)vaddr);
 			if (pfn != PFN_INVALID) {
 				paddr = (uint64_t)((pfn << PAGESHIFT) |
-					(addr & PAGEOFFSET));
+				    (addr & PAGEOFFSET));
 				for (j = 0; j < info_count; j++) {
 					switch (req_array[j] & MEMINFO_MASK) {
 					case MEMINFO_VPHYSICAL:
@@ -207,9 +225,9 @@ meminfo(int addr_count, struct meminfo *mip)
 						lgrp = lgrp_pfn_to_lgrp(pfn);
 						if (lgrp) {
 							out_array[out_idx + j] =
-								lgrp->lgrp_id;
+							    lgrp->lgrp_id;
 							val_array[i] |=
-								VALID_REQ << j;
+							    VALID_REQ << j;
 						}
 						break;
 					case MEMINFO_VPAGESIZE:
@@ -219,12 +237,12 @@ meminfo(int addr_count, struct meminfo *mip)
 						 * input virtual address
 						 */
 						pgsz = hat_getpagesize(hat,
-							(caddr_t)vaddr);
+						    (caddr_t)vaddr);
 						if (pgsz != -1) {
 							out_array[out_idx + j] =
-									pgsz;
+							    pgsz;
 							val_array[i] |=
-								VALID_REQ << j;
+							    VALID_REQ << j;
 						}
 						break;
 					case MEMINFO_VREPLCNT:
@@ -273,7 +291,7 @@ meminfo(int addr_count, struct meminfo *mip)
 
 	/* copy out the results and validity bits and free the buffers */
 	if ((copyout(out_array, minfo.mi_outdata, out_size) != 0) ||
-		(copyout(val_array, minfo.mi_validity, val_size) != 0))
+	    (copyout(val_array, minfo.mi_validity, val_size) != 0))
 		ret = set_errno(EFAULT);
 
 	kmem_free(in_array, in_size);
@@ -1399,7 +1417,7 @@ lgrp_snapshot(void)
 
 	lgrp_snap->ss_latencies = lgrp_lats =
 	    (int **)((uintptr_t)lgrp_rsets + (LGRP_RSRC_COUNT *
-		snap_nlgrpsmax * bitmask_size));
+	    snap_nlgrpsmax * bitmask_size));
 
 	/*
 	 * Fill in lgroup information
@@ -1818,7 +1836,7 @@ lgrp_snapshot_copy32(caddr32_t buf, size32_t bufsize)
 	info_size = P2ROUNDUP(snap_nlgrpsmax * sizeof (lgrp_info32_t),
 	    sizeof (processorid_t));
 	cpuids_size = P2ROUNDUP(snap_ncpus * sizeof (processorid_t),
-		    sizeof (ulong_t));
+	    sizeof (ulong_t));
 
 	bitmask_size = BT_SIZEOFMAP32(snap_nlgrpsmax);
 
@@ -1837,7 +1855,7 @@ lgrp_snapshot_copy32(caddr32_t buf, size32_t bufsize)
 	    (snap_nlgrpsmax * snap_nlgrpsmax * sizeof (int));
 
 	snap_size = snap_hdr_size + info_size + cpuids_size + bitmasks_size +
-		lats_size;
+	    lats_size;
 
 	if (buf == NULL || bufsize <= 0) {
 		return (snap_size);