diff options
| author | gnn <gnn@FreeBSD.org> | 2016-12-20 16:37:45 +0000 |
|---|---|---|
| committer | gnn <gnn@FreeBSD.org> | 2016-12-20 16:37:45 +0000 |
| commit | 5948c02144da73dcafa58f0d42027e46598f7cd3 (patch) | |
| tree | 0ad635103f3f24fd733047795743ba155ebc70f4 /sys/cddl | |
| parent | 3283329fd246fab46c1594aef819d12a0d95c328 (diff) | |
| download | FreeBSD-src-5948c02144da73dcafa58f0d42027e46598f7cd3.zip FreeBSD-src-5948c02144da73dcafa58f0d42027e46598f7cd3.tar.gz | |
MFC: 309069
Add tunable to disable destructive dtrace
Submitted by: Joerg Pernfuss <code.jpe@gmail.com>
Reviewed by: rstone, markj
Diffstat (limited to 'sys/cddl')
| -rw-r--r-- | sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c | 4 | ||||
| -rw-r--r-- | sys/cddl/dev/dtrace/dtrace_load.c | 11 | ||||
| -rw-r--r-- | sys/cddl/dev/dtrace/dtrace_sysctl.c | 3 |
3 files changed, 18 insertions, 0 deletions
diff --git a/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c b/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c index e14af78..7317f97 100644 --- a/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c +++ b/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c @@ -157,6 +157,10 @@ * /etc/system. */ int dtrace_destructive_disallow = 0; +#ifndef illumos +/* Positive logic version of dtrace_destructive_disallow for loader tunable */ +int dtrace_allow_destructive = 1; +#endif dtrace_optval_t dtrace_nonroot_maxsize = (16 * 1024 * 1024); size_t dtrace_difo_maxsize = (256 * 1024); dtrace_optval_t dtrace_dof_maxsize = (8 * 1024 * 1024); diff --git a/sys/cddl/dev/dtrace/dtrace_load.c b/sys/cddl/dev/dtrace/dtrace_load.c index 7f7dd79..3ff12e0 100644 --- a/sys/cddl/dev/dtrace/dtrace_load.c +++ b/sys/cddl/dev/dtrace/dtrace_load.c @@ -52,6 +52,17 @@ dtrace_load(void *dummy) int i; #endif +#ifndef illumos + /* + * DTrace uses negative logic for the destructive mode switch, so it + * is required to translate from the sysctl which uses positive logic. + */ + if (dtrace_allow_destructive) + dtrace_destructive_disallow = 0; + else + dtrace_destructive_disallow = 1; +#endif + /* Hook into the trap handler. */ dtrace_trap_func = dtrace_trap; diff --git a/sys/cddl/dev/dtrace/dtrace_sysctl.c b/sys/cddl/dev/dtrace/dtrace_sysctl.c index 04a8935..87fa705 100644 --- a/sys/cddl/dev/dtrace/dtrace_sysctl.c +++ b/sys/cddl/dev/dtrace/dtrace_sysctl.c @@ -92,3 +92,6 @@ SYSCTL_QUAD(_kern_dtrace, OID_AUTO, dof_maxsize, CTLFLAG_RW, SYSCTL_QUAD(_kern_dtrace, OID_AUTO, helper_actions_max, CTLFLAG_RW, &dtrace_helper_actions_max, 0, "maximum number of allowed helper actions"); + +SYSCTL_INT(_security_bsd, OID_AUTO, allow_destructive_dtrace, CTLFLAG_RDTUN, + &dtrace_allow_destructive, 1, "Allow destructive mode DTrace scripts"); |
