MFC r274366:

Add missing privilege check when setting the dump device.

Approved by:	pjd, secteam (both no objections)
Sponsored by:	Multiplay

4 files changed, 15 insertions, 13 deletions

diff --git a/sys/dev/null/null.c b/sys/dev/null/null.c
index c1208c11..f433987 100644
--- a/sys/dev/null/null.c
+++ b/sys/dev/null/null.c
@@ -36,7 +36,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/kernel.h>
 #include <sys/malloc.h>
 #include <sys/module.h>
-#include <sys/priv.h>
 #include <sys/disk.h>
 #include <sys/bus.h>
 #include <sys/filio.h>
@@ -89,9 +88,7 @@ null_ioctl(struct cdev *dev __unused, u_long cmd, caddr_t data __unused,
 
 	switch (cmd) {
 	case DIOCSKERNELDUMP:
-		error = priv_check(td, PRIV_SETDUMPER);
-		if (error == 0)
-			error = set_dumper(NULL, NULL);
+		error = set_dumper(NULL, NULL, td);
 		break;
 	case FIONBIO:
 		break;
diff --git a/sys/geom/geom_dev.c b/sys/geom/geom_dev.c
index 1123323..8ee9ed8 100644
--- a/sys/geom/geom_dev.c
+++ b/sys/geom/geom_dev.c
@@ -127,14 +127,14 @@ g_dev_fini(struct g_class *mp)
 }
 
 static int
-g_dev_setdumpdev(struct cdev *dev)
+g_dev_setdumpdev(struct cdev *dev, struct thread *td)
 {
 	struct g_kerneldump kd;
 	struct g_consumer *cp;
 	int error, len;
 
 	if (dev == NULL)
-		return (set_dumper(NULL, NULL));
+		return (set_dumper(NULL, NULL, td));
 
 	cp = dev->si_drv2;
 	len = sizeof(kd);
@@ -142,7 +142,7 @@ g_dev_setdumpdev(struct cdev *dev)
 	kd.length = OFF_MAX;
 	error = g_io_getattr("GEOM::kerneldump", cp, &len, &kd);
 	if (error == 0) {
-		error = set_dumper(&kd.di, devtoname(dev));
+		error = set_dumper(&kd.di, devtoname(dev), td);
 		if (error == 0)
 			dev->si_flags |= SI_DUMPDEV;
 	}
@@ -157,7 +157,7 @@ init_dumpdev(struct cdev *dev)
 		return;
 	if (strcmp(devtoname(dev), dumpdev) != 0)
 		return;
-	if (g_dev_setdumpdev(dev) == 0) {
+	if (g_dev_setdumpdev(dev, curthread) == 0) {
 		freeenv(dumpdev);
 		dumpdev = NULL;
 	}
@@ -480,9 +480,9 @@ g_dev_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int fflag, struct thread
 		break;
 	case DIOCSKERNELDUMP:
 		if (*(u_int *)data == 0)
-			error = g_dev_setdumpdev(NULL);
+			error = g_dev_setdumpdev(NULL, td);
 		else
-			error = g_dev_setdumpdev(dev);
+			error = g_dev_setdumpdev(dev, td);
 		break;
 	case DIOCGFLUSH:
 		error = g_io_flush(cp);
@@ -700,7 +700,7 @@ g_dev_orphan(struct g_consumer *cp)
 
 	/* Reset any dump-area set on this device */
 	if (dev->si_flags & SI_DUMPDEV)
-		set_dumper(NULL, NULL);
+		(void)set_dumper(NULL, NULL, curthread);
 
 	/* Destroy the struct cdev *so we get no more requests */
 	destroy_dev_sched_cb(dev, g_dev_callback, cp);
diff --git a/sys/kern/kern_shutdown.c b/sys/kern/kern_shutdown.c
index 55fee01..5eba047 100644
--- a/sys/kern/kern_shutdown.c
+++ b/sys/kern/kern_shutdown.c
@@ -843,9 +843,14 @@ SYSCTL_STRING(_kern_shutdown, OID_AUTO, dumpdevname, CTLFLAG_RD,
 
 /* Registration of dumpers */
 int
-set_dumper(struct dumperinfo *di, const char *devname)
+set_dumper(struct dumperinfo *di, const char *devname, struct thread *td)
 {
 	size_t wantcopy;
+	int error;
+
+	error = priv_check(td, PRIV_SETDUMPER);
+	if (error != 0)
+		return (error);
 
 	if (di == NULL) {
 		bzero(&dumper, sizeof dumper);
diff --git a/sys/sys/conf.h b/sys/sys/conf.h
index e8c5367..d72b58b 100644
--- a/sys/sys/conf.h
+++ b/sys/sys/conf.h
@@ -337,7 +337,7 @@ struct dumperinfo {
 	off_t   mediasize;	/* Space available in bytes. */
 };
 
-int set_dumper(struct dumperinfo *, const char *_devname);
+int set_dumper(struct dumperinfo *, const char *_devname, struct thread *td);
 int dump_write(struct dumperinfo *, void *, vm_offset_t, off_t, size_t);
 void dumpsys(struct dumperinfo *);
 int doadump(boolean_t);