Print this page
2917 DTrace in a zone should have limited provider access

Split Close
Expand all
Collapse all
          --- old/usr/src/uts/common/dtrace/sdt_subr.c
          +++ new/usr/src/uts/common/dtrace/sdt_subr.c
↓ open down ↓ 12 lines elided ↑ open up ↑
  13   13   * When distributing Covered Code, include this CDDL HEADER in each
  14   14   * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15   15   * If applicable, add the following below this CDDL HEADER, with the
  16   16   * fields enclosed by brackets "[]" replaced with your own identifying
  17   17   * information: Portions Copyright [yyyy] [name of copyright owner]
  18   18   *
  19   19   * CDDL HEADER END
  20   20   */
  21   21  /*
  22   22   * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
       23 + * Copyright (c) 2012, Joyent, Inc. All rights reserved.
  23   24   */
  24   25  
  25   26  #include <sys/sdt_impl.h>
  26   27  
  27   28  static dtrace_pattr_t vtrace_attr = {
  28   29  { DTRACE_STABILITY_UNSTABLE, DTRACE_STABILITY_UNSTABLE, DTRACE_CLASS_ISA },
  29   30  { DTRACE_STABILITY_PRIVATE, DTRACE_STABILITY_PRIVATE, DTRACE_CLASS_UNKNOWN },
  30   31  { DTRACE_STABILITY_PRIVATE, DTRACE_STABILITY_PRIVATE, DTRACE_CLASS_UNKNOWN },
  31   32  { DTRACE_STABILITY_PRIVATE, DTRACE_STABILITY_PRIVATE, DTRACE_CLASS_UNKNOWN },
  32   33  { DTRACE_STABILITY_UNSTABLE, DTRACE_STABILITY_UNSTABLE, DTRACE_CLASS_ISA },
↓ open down ↓ 57 lines elided ↑ open up ↑
  90   91  
  91   92  static dtrace_pattr_t iscsi_attr = {
  92   93  { DTRACE_STABILITY_EVOLVING, DTRACE_STABILITY_EVOLVING, DTRACE_CLASS_ISA },
  93   94  { DTRACE_STABILITY_PRIVATE, DTRACE_STABILITY_PRIVATE, DTRACE_CLASS_UNKNOWN },
  94   95  { DTRACE_STABILITY_PRIVATE, DTRACE_STABILITY_PRIVATE, DTRACE_CLASS_UNKNOWN },
  95   96  { DTRACE_STABILITY_PRIVATE, DTRACE_STABILITY_PRIVATE, DTRACE_CLASS_ISA },
  96   97  { DTRACE_STABILITY_EVOLVING, DTRACE_STABILITY_EVOLVING, DTRACE_CLASS_ISA },
  97   98  };
  98   99  
  99  100  sdt_provider_t sdt_providers[] = {
 100      -        { "vtrace", "__vtrace_", &vtrace_attr, 0 },
 101      -        { "sysinfo", "__cpu_sysinfo_", &info_attr, 0 },
 102      -        { "vminfo", "__cpu_vminfo_", &info_attr, 0 },
 103      -        { "fpuinfo", "__fpuinfo_", &fpu_attr, 0 },
 104      -        { "sched", "__sched_", &stab_attr, 0 },
 105      -        { "proc", "__proc_", &stab_attr, 0 },
 106      -        { "io", "__io_", &stab_attr, 0 },
 107      -        { "ip", "__ip_", &stab_attr, 0 },
 108      -        { "tcp", "__tcp_", &stab_attr, 0 },
 109      -        { "udp", "__udp_", &stab_attr, 0 },
 110      -        { "mib", "__mib_", &stab_attr, 0 },
 111      -        { "fsinfo", "__fsinfo_", &fsinfo_attr, 0 },
 112      -        { "iscsi", "__iscsi_", &iscsi_attr, 0 },
 113      -        { "nfsv3", "__nfsv3_", &stab_attr, 0 },
 114      -        { "nfsv4", "__nfsv4_", &stab_attr, 0 },
 115      -        { "xpv", "__xpv_", &xpv_attr, 0 },
 116      -        { "fc", "__fc_", &fc_attr, 0 },
 117      -        { "srp", "__srp_", &fc_attr, 0 },
 118      -        { "sysevent", "__sysevent_", &stab_attr, 0 },
 119      -        { "sdt", NULL, &sdt_attr, 0 },
      101 +        { "vtrace", "__vtrace_", &vtrace_attr },
      102 +        { "sysinfo", "__cpu_sysinfo_", &info_attr, DTRACE_PRIV_USER },
      103 +        { "vminfo", "__cpu_vminfo_", &info_attr, DTRACE_PRIV_USER },
      104 +        { "fpuinfo", "__fpuinfo_", &fpu_attr },
      105 +        { "sched", "__sched_", &stab_attr, DTRACE_PRIV_USER },
      106 +        { "proc", "__proc_", &stab_attr, DTRACE_PRIV_USER },
      107 +        { "io", "__io_", &stab_attr },
      108 +        { "ip", "__ip_", &stab_attr },
      109 +        { "tcp", "__tcp_", &stab_attr },
      110 +        { "udp", "__udp_", &stab_attr },
      111 +        { "mib", "__mib_", &stab_attr },
      112 +        { "fsinfo", "__fsinfo_", &fsinfo_attr },
      113 +        { "iscsi", "__iscsi_", &iscsi_attr },
      114 +        { "nfsv3", "__nfsv3_", &stab_attr },
      115 +        { "nfsv4", "__nfsv4_", &stab_attr },
      116 +        { "xpv", "__xpv_", &xpv_attr },
      117 +        { "fc", "__fc_", &fc_attr },
      118 +        { "srp", "__srp_", &fc_attr },
      119 +        { "sysevent", "__sysevent_", &stab_attr },
      120 +        { "sdt", NULL, &sdt_attr },
 120  121          { NULL }
 121  122  };
 122  123  
 123  124  sdt_argdesc_t sdt_args[] = {
 124  125          { "sched", "wakeup", 0, 0, "kthread_t *", "lwpsinfo_t *" },
 125  126          { "sched", "wakeup", 1, 0, "kthread_t *", "psinfo_t *" },
 126  127          { "sched", "dequeue", 0, 0, "kthread_t *", "lwpsinfo_t *" },
 127  128          { "sched", "dequeue", 1, 0, "kthread_t *", "psinfo_t *" },
 128  129          { "sched", "dequeue", 2, 1, "disp_t *", "cpuinfo_t *" },
 129  130          { "sched", "enqueue", 0, 0, "kthread_t *", "lwpsinfo_t *" },
↓ open down ↓ 1018 lines elided ↑ open up ↑
1148 1149          { "fc", "abts-receive", 1, 1, "fct_i_local_port_t *",
1149 1150              "fc_port_info_t *" },
1150 1151          { "fc", "abts-receive", 2, 2, "fct_i_remote_port_t *",
1151 1152              "fc_port_info_t *" },
1152 1153  
1153 1154  
1154 1155          { NULL }
1155 1156  };
1156 1157  
1157 1158  /*ARGSUSED*/
     1159 +int
     1160 +sdt_mode(void *arg, dtrace_id_t id, void *parg)
     1161 +{
     1162 +        /*
     1163 +         * We tell DTrace that we're in kernel mode, that the firing needs to
     1164 +         * be dropped for anything that doesn't have necessary privileges, and
     1165 +         * that it needs to be restricted for anything that has restricted
     1166 +         * (i.e., not all-zone) privileges.
     1167 +         */
     1168 +        return (DTRACE_MODE_KERNEL | DTRACE_MODE_NOPRIV_DROP |
     1169 +            DTRACE_MODE_LIMITEDPRIV_RESTRICT);
     1170 +}
     1171 +
     1172 +/*ARGSUSED*/
1158 1173  void
1159 1174  sdt_getargdesc(void *arg, dtrace_id_t id, void *parg, dtrace_argdesc_t *desc)
1160 1175  {
1161 1176          sdt_probe_t *sdp = parg;
1162 1177          int i;
1163 1178  
1164 1179          desc->dtargd_native[0] = '\0';
1165 1180          desc->dtargd_xlate[0] = '\0';
1166 1181  
1167 1182          for (i = 0; sdt_args[i].sda_provider != NULL; i++) {
↓ open down ↓ 24 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX