svn commit: r310328 - in stable/11/sys/cddl: contrib/opensolaris/uts/common/dtrace dev/dtrace

George V. Neville-Neil gnn at FreeBSD.org
Tue Dec 20 16:37:47 UTC 2016 

Author: gnn
Date: Tue Dec 20 16:37:45 2016
New Revision: 310328
URL: https://svnweb.freebsd.org/changeset/base/310328

Log:
  MFC: 309069
  
  Add tunable to disable destructive dtrace
  
  Submitted by:	Joerg Pernfuss <code.jpe at gmail.com>
  Reviewed by:	rstone, markj

Modified:
  stable/11/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c
  stable/11/sys/cddl/dev/dtrace/dtrace_load.c
  stable/11/sys/cddl/dev/dtrace/dtrace_sysctl.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c
==============================================================================
--- stable/11/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c	Tue Dec 20 15:45:53 2016	(r310327)
+++ stable/11/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c	Tue Dec 20 16:37:45 2016	(r310328)
@@ -157,6 +157,10 @@
  * /etc/system.
  */
 int		dtrace_destructive_disallow = 0;
+#ifndef illumos
+/* Positive logic version of dtrace_destructive_disallow for loader tunable */
+int		dtrace_allow_destructive = 1;
+#endif
 dtrace_optval_t	dtrace_nonroot_maxsize = (16 * 1024 * 1024);
 size_t		dtrace_difo_maxsize = (256 * 1024);
 dtrace_optval_t	dtrace_dof_maxsize = (8 * 1024 * 1024);

Modified: stable/11/sys/cddl/dev/dtrace/dtrace_load.c
==============================================================================
--- stable/11/sys/cddl/dev/dtrace/dtrace_load.c	Tue Dec 20 15:45:53 2016	(r310327)
+++ stable/11/sys/cddl/dev/dtrace/dtrace_load.c	Tue Dec 20 16:37:45 2016	(r310328)
@@ -52,6 +52,17 @@ dtrace_load(void *dummy)
 	int i;
 #endif
 
+#ifndef illumos
+	/*
+	 * DTrace uses negative logic for the destructive mode switch, so it
+	 * is required to translate from the sysctl which uses positive logic.
+	 */ 
+	if (dtrace_allow_destructive)
+		dtrace_destructive_disallow = 0;
+	else
+		dtrace_destructive_disallow = 1;
+#endif
+
 	/* Hook into the trap handler. */
 	dtrace_trap_func = dtrace_trap;
 

Modified: stable/11/sys/cddl/dev/dtrace/dtrace_sysctl.c
==============================================================================
--- stable/11/sys/cddl/dev/dtrace/dtrace_sysctl.c	Tue Dec 20 15:45:53 2016	(r310327)
+++ stable/11/sys/cddl/dev/dtrace/dtrace_sysctl.c	Tue Dec 20 16:37:45 2016	(r310328)
@@ -92,3 +92,6 @@ SYSCTL_QUAD(_kern_dtrace, OID_AUTO, dof_
 
 SYSCTL_QUAD(_kern_dtrace, OID_AUTO, helper_actions_max, CTLFLAG_RW,
     &dtrace_helper_actions_max, 0, "maximum number of allowed helper actions");
+
+SYSCTL_INT(_security_bsd, OID_AUTO, allow_destructive_dtrace, CTLFLAG_RDTUN,
+    &dtrace_allow_destructive, 1, "Allow destructive mode DTrace scripts");

More information about the svn-src-stable mailing list