Print this page
2917 DTrace in a zone should have limited provider access
*** 18,27 ****
--- 18,28 ----
*
* CDDL HEADER END
*/
/*
* Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, Joyent, Inc. All rights reserved.
*/
#include <sys/sdt_impl.h>
static dtrace_pattr_t vtrace_attr = {
*** 95,124 ****
{ DTRACE_STABILITY_PRIVATE, DTRACE_STABILITY_PRIVATE, DTRACE_CLASS_ISA },
{ DTRACE_STABILITY_EVOLVING, DTRACE_STABILITY_EVOLVING, DTRACE_CLASS_ISA },
};
sdt_provider_t sdt_providers[] = {
! { "vtrace", "__vtrace_", &vtrace_attr, 0 },
! { "sysinfo", "__cpu_sysinfo_", &info_attr, 0 },
! { "vminfo", "__cpu_vminfo_", &info_attr, 0 },
! { "fpuinfo", "__fpuinfo_", &fpu_attr, 0 },
! { "sched", "__sched_", &stab_attr, 0 },
! { "proc", "__proc_", &stab_attr, 0 },
! { "io", "__io_", &stab_attr, 0 },
! { "ip", "__ip_", &stab_attr, 0 },
! { "tcp", "__tcp_", &stab_attr, 0 },
! { "udp", "__udp_", &stab_attr, 0 },
! { "mib", "__mib_", &stab_attr, 0 },
! { "fsinfo", "__fsinfo_", &fsinfo_attr, 0 },
! { "iscsi", "__iscsi_", &iscsi_attr, 0 },
! { "nfsv3", "__nfsv3_", &stab_attr, 0 },
! { "nfsv4", "__nfsv4_", &stab_attr, 0 },
! { "xpv", "__xpv_", &xpv_attr, 0 },
! { "fc", "__fc_", &fc_attr, 0 },
! { "srp", "__srp_", &fc_attr, 0 },
! { "sysevent", "__sysevent_", &stab_attr, 0 },
! { "sdt", NULL, &sdt_attr, 0 },
{ NULL }
};
sdt_argdesc_t sdt_args[] = {
{ "sched", "wakeup", 0, 0, "kthread_t *", "lwpsinfo_t *" },
--- 96,125 ----
{ DTRACE_STABILITY_PRIVATE, DTRACE_STABILITY_PRIVATE, DTRACE_CLASS_ISA },
{ DTRACE_STABILITY_EVOLVING, DTRACE_STABILITY_EVOLVING, DTRACE_CLASS_ISA },
};
sdt_provider_t sdt_providers[] = {
! { "vtrace", "__vtrace_", &vtrace_attr },
! { "sysinfo", "__cpu_sysinfo_", &info_attr, DTRACE_PRIV_USER },
! { "vminfo", "__cpu_vminfo_", &info_attr, DTRACE_PRIV_USER },
! { "fpuinfo", "__fpuinfo_", &fpu_attr },
! { "sched", "__sched_", &stab_attr, DTRACE_PRIV_USER },
! { "proc", "__proc_", &stab_attr, DTRACE_PRIV_USER },
! { "io", "__io_", &stab_attr },
! { "ip", "__ip_", &stab_attr },
! { "tcp", "__tcp_", &stab_attr },
! { "udp", "__udp_", &stab_attr },
! { "mib", "__mib_", &stab_attr },
! { "fsinfo", "__fsinfo_", &fsinfo_attr },
! { "iscsi", "__iscsi_", &iscsi_attr },
! { "nfsv3", "__nfsv3_", &stab_attr },
! { "nfsv4", "__nfsv4_", &stab_attr },
! { "xpv", "__xpv_", &xpv_attr },
! { "fc", "__fc_", &fc_attr },
! { "srp", "__srp_", &fc_attr },
! { "sysevent", "__sysevent_", &stab_attr },
! { "sdt", NULL, &sdt_attr },
{ NULL }
};
sdt_argdesc_t sdt_args[] = {
{ "sched", "wakeup", 0, 0, "kthread_t *", "lwpsinfo_t *" },
*** 1153,1162 ****
--- 1154,1177 ----
{ NULL }
};
/*ARGSUSED*/
+ int
+ sdt_mode(void *arg, dtrace_id_t id, void *parg)
+ {
+ /*
+ * We tell DTrace that we're in kernel mode, that the firing needs to
+ * be dropped for anything that doesn't have necessary privileges, and
+ * that it needs to be restricted for anything that has restricted
+ * (i.e., not all-zone) privileges.
+ */
+ return (DTRACE_MODE_KERNEL | DTRACE_MODE_NOPRIV_DROP |
+ DTRACE_MODE_LIMITEDPRIV_RESTRICT);
+ }
+
+ /*ARGSUSED*/
void
sdt_getargdesc(void *arg, dtrace_id_t id, void *parg, dtrace_argdesc_t *desc)
{
sdt_probe_t *sdp = parg;
int i;