By default, allow all to read the HPET registers pages. At the same

time, by, by default disallow writes to the mmaped HPET pages. Intent is to allow userspace to use HPET as fast (i.e. no-syscall) timecounter for gettimeofday(2). Unfortunately, the permission model does not make it possible to safely unhide /dev/hpet in the jails even if default mode is set to 0444, because untrusted jailed root may change device permissions to writeable. Sponsored by: The FreeBSD Foundation MFC after: 3 weeks
2016-08-17 09:20:04 +00:00 · 2016-08-17 09:20:04 +00:00 · 591244e54c
commit 591244e54c
parent c24d51a7f2
1 changed files with 2 additions and 2 deletions
--- a/sys/dev/acpica/acpi_hpet.c
+++ b/sys/dev/acpica/acpi_hpet.c
@ -762,14 +762,14 @@ hpet_attach(device_t dev)
 	mda.mda_devsw = &hpet_cdevsw;
 	mda.mda_uid = UID_ROOT;
 	mda.mda_gid = GID_WHEEL;
-	mda.mda_mode = 0600;
+	mda.mda_mode = 0644;
 	mda.mda_si_drv1 = sc;
 	error = make_dev_s(&mda, &sc->pdev, "hpet%d", device_get_unit(dev));
 	if (error == 0) {
 		sc->mmap_allow = 1;
 		TUNABLE_INT_FETCH("hw.acpi.hpet.mmap_allow",
 		    &sc->mmap_allow);
-		sc->mmap_allow_write = 1;
+		sc->mmap_allow_write = 0;
 		TUNABLE_INT_FETCH("hw.acpi.hpet.mmap_allow_write",
 		    &sc->mmap_allow_write);
 		SYSCTL_ADD_INT(device_get_sysctl_ctx(dev),