author: Pawel Biernacki <kaktus@FreeBSD.org> 2020-02-26 14:26:36 +0000
committer: Pawel Biernacki <kaktus@FreeBSD.org> 2020-02-26 14:26:36 +0000
commit: 7029da5c36f2d3cf6bb6c81bf551229f416399e8 (patch)
tree: 53cae9da1371117a3ac21d0d0f3f030a692807ae /sys/security
parent: d7313dc6f5fcab29946951936597772dfff6a4be (diff)
15 files changed, 36 insertions, 19 deletions
diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c
index 0c08b83335853..3f5c20f5f3138 100644
--- a/sys/security/audit/audit.c
+++ b/sys/security/audit/audit.c
@@ -90,7 +90,7 @@ MALLOC_DEFINE(M_AUDITPATH, "audit_path", "Audit path storage");
 MALLOC_DEFINE(M_AUDITTEXT, "audit_text", "Audit text storage");
 MALLOC_DEFINE(M_AUDITGIDSET, "audit_gidset", "Audit GID set storage");
 
-static SYSCTL_NODE(_security, OID_AUTO, audit, CTLFLAG_RW, 0,
+static SYSCTL_NODE(_security, OID_AUTO, audit, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD audit controls");
 
 /*
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c
index e11bf12648a33..8504b9dba2030 100644
--- a/sys/security/mac/mac_framework.c
+++ b/sys/security/mac/mac_framework.c
@@ -103,7 +103,7 @@ SDT_PROBE_DEFINE1(mac, , policy, unregister,
 /*
  * Root sysctl node for all MAC and MAC policy controls.
  */
-SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW, 0,
+SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD MAC policy controls");
 
 /*
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
index b5bf8c32dbef4..84e38fcc52187 100644
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@@ -92,7 +92,8 @@
 
 SYSCTL_DECL(_security_mac);
 
-static SYSCTL_NODE(_security_mac, OID_AUTO, biba, CTLFLAG_RW, 0,
+static SYSCTL_NODE(_security_mac, OID_AUTO, biba,
+    CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_biba policy controls");
 
 static int	biba_label_size = sizeof(struct mac_biba);
diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c
index 225db602b6cfc..65cfb36ea4963 100644
--- a/sys/security/mac_bsdextended/mac_bsdextended.c
+++ b/sys/security/mac_bsdextended/mac_bsdextended.c
@@ -72,7 +72,8 @@ static struct mtx ugidfw_mtx;
 
 SYSCTL_DECL(_security_mac);
 
-static SYSCTL_NODE(_security_mac, OID_AUTO, bsdextended, CTLFLAG_RW, 0,
+static SYSCTL_NODE(_security_mac, OID_AUTO, bsdextended,
+    CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD extended BSD MAC policy controls");
 
 static int	ugidfw_enabled = 1;
diff --git a/sys/security/mac_ifoff/mac_ifoff.c b/sys/security/mac_ifoff/mac_ifoff.c
index 28097b502989a..a19ddd34b22bb 100644
--- a/sys/security/mac_ifoff/mac_ifoff.c
+++ b/sys/security/mac_ifoff/mac_ifoff.c
@@ -62,7 +62,8 @@
 
 SYSCTL_DECL(_security_mac);
 
-static SYSCTL_NODE(_security_mac, OID_AUTO, ifoff, CTLFLAG_RW, 0,
+static SYSCTL_NODE(_security_mac, OID_AUTO, ifoff,
+    CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_ifoff policy controls");
 
 static int	ifoff_enabled = 1;
diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
index ac6ec7b00e4fd..dca68b4877d82 100644
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@@ -93,7 +93,8 @@ struct mac_lomac_proc {
 
 SYSCTL_DECL(_security_mac);
 
-static SYSCTL_NODE(_security_mac, OID_AUTO, lomac, CTLFLAG_RW, 0,
+static SYSCTL_NODE(_security_mac, OID_AUTO, lomac,
+    CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_lomac policy controls");
 
 static int	lomac_label_size = sizeof(struct mac_lomac);
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c
index 935c1594b60a4..a0e71403b8028 100644
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@@ -93,7 +93,8 @@
 
 SYSCTL_DECL(_security_mac);
 
-static SYSCTL_NODE(_security_mac, OID_AUTO, mls, CTLFLAG_RW, 0,
+static SYSCTL_NODE(_security_mac, OID_AUTO, mls,
+    CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_mls policy controls");
 
 static int	mls_label_size = sizeof(struct mac_mls);
diff --git a/sys/security/mac_ntpd/mac_ntpd.c b/sys/security/mac_ntpd/mac_ntpd.c
index 7a586e94b9f11..c8b8520a88590 100644
--- a/sys/security/mac_ntpd/mac_ntpd.c
+++ b/sys/security/mac_ntpd/mac_ntpd.c
@@ -38,7 +38,8 @@
 
 SYSCTL_DECL(_security_mac);
 
-static SYSCTL_NODE(_security_mac, OID_AUTO, ntpd, CTLFLAG_RW, 0,
+static SYSCTL_NODE(_security_mac, OID_AUTO, ntpd,
+    CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "mac_ntpd policy controls");
 
 static int ntpd_enabled = 1;
diff --git a/sys/security/mac_partition/mac_partition.c b/sys/security/mac_partition/mac_partition.c
index 8f02263023f27..afacc19975a08 100644
--- a/sys/security/mac_partition/mac_partition.c
+++ b/sys/security/mac_partition/mac_partition.c
@@ -65,7 +65,8 @@
 
 SYSCTL_DECL(_security_mac);
 
-static SYSCTL_NODE(_security_mac, OID_AUTO, partition, CTLFLAG_RW, 0,
+static SYSCTL_NODE(_security_mac, OID_AUTO, partition,
+    CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_partition policy controls");
 
 static int	partition_enabled = 1;
diff --git a/sys/security/mac_portacl/mac_portacl.c b/sys/security/mac_portacl/mac_portacl.c
index f140103270bda..8eb421c0fce8b 100644
--- a/sys/security/mac_portacl/mac_portacl.c
+++ b/sys/security/mac_portacl/mac_portacl.c
@@ -83,7 +83,8 @@
 
 SYSCTL_DECL(_security_mac);
 
-static SYSCTL_NODE(_security_mac, OID_AUTO, portacl, CTLFLAG_RW, 0,
+static SYSCTL_NODE(_security_mac, OID_AUTO, portacl,
+    CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_portacl policy controls");
 
 static int	portacl_enabled = 1;
@@ -372,7 +373,9 @@ out:
 }
 
 SYSCTL_PROC(_security_mac_portacl, OID_AUTO, rules,
-       CTLTYPE_STRING|CTLFLAG_RW, 0, 0, sysctl_rules, "A", "Rules");
+    CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_MPSAFE,
+    0, 0, sysctl_rules, "A",
+    "Rules");
 
 static int
 rules_check(struct ucred *cred, int family, int type, u_int16_t port)
diff --git a/sys/security/mac_seeotheruids/mac_seeotheruids.c b/sys/security/mac_seeotheruids/mac_seeotheruids.c
index 2d964645e8e97..f20a2298ce3cb 100644
--- a/sys/security/mac_seeotheruids/mac_seeotheruids.c
+++ b/sys/security/mac_seeotheruids/mac_seeotheruids.c
@@ -63,7 +63,8 @@
 
 SYSCTL_DECL(_security_mac);
 
-static SYSCTL_NODE(_security_mac, OID_AUTO, seeotheruids, CTLFLAG_RW, 0,
+static SYSCTL_NODE(_security_mac, OID_AUTO, seeotheruids,
+    CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_seeotheruids policy controls");
 
 static int	seeotheruids_enabled = 1;
diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c
index f75e5c64bbb50..6ee3c34dcc941 100644
--- a/sys/security/mac_stub/mac_stub.c
+++ b/sys/security/mac_stub/mac_stub.c
@@ -89,7 +89,8 @@
 
 SYSCTL_DECL(_security_mac);
 
-static SYSCTL_NODE(_security_mac, OID_AUTO, stub, CTLFLAG_RW, 0,
+static SYSCTL_NODE(_security_mac, OID_AUTO, stub,
+    CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_stub policy controls");
 
 static int	stub_enabled = 1;
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c
index 6dea9b5f6d4da..12291fbd37d9e 100644
--- a/sys/security/mac_test/mac_test.c
+++ b/sys/security/mac_test/mac_test.c
@@ -80,7 +80,8 @@
 
 SYSCTL_DECL(_security_mac);
 
-static SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW, 0,
+static SYSCTL_NODE(_security_mac, OID_AUTO, test,
+    CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_test policy controls");
 
 #define	MAGIC_BPF	0xfe1ad1b6
@@ -112,7 +113,8 @@ static int	test_slot;
 SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD,
     &test_slot, 0, "Slot allocated by framework");
 
-static SYSCTL_NODE(_security_mac_test, OID_AUTO, counter, CTLFLAG_RW, 0,
+static SYSCTL_NODE(_security_mac_test, OID_AUTO, counter,
+    CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_test counters controls");
 
 #define	COUNTER_DECL(variable)						\
diff --git a/sys/security/mac_veriexec/mac_veriexec.c b/sys/security/mac_veriexec/mac_veriexec.c
index 5bf3d25c3bd02..8d43d59c9a3ce 100644
--- a/sys/security/mac_veriexec/mac_veriexec.c
+++ b/sys/security/mac_veriexec/mac_veriexec.c
@@ -76,7 +76,7 @@ static int sysctl_mac_veriexec_db(SYSCTL_HANDLER_ARGS);
 
 SYSCTL_DECL(_security_mac);
 
-SYSCTL_NODE(_security_mac, OID_AUTO, veriexec, CTLFLAG_RW, 0,
+SYSCTL_NODE(_security_mac, OID_AUTO, veriexec, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "MAC/veriexec policy controls");
 
 int	mac_veriexec_debug;
@@ -85,11 +85,13 @@ SYSCTL_INT(_security_mac_veriexec, OID_AUTO, debug, CTLFLAG_RW,
 
 static int	mac_veriexec_state;
 SYSCTL_PROC(_security_mac_veriexec, OID_AUTO, state,
-    CTLTYPE_STRING | CTLFLAG_RD, 0, 0, sysctl_mac_veriexec_state, "A",
+    CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_NEEDGIANT,
+    0, 0, sysctl_mac_veriexec_state, "A",
     "Verified execution subsystem state");
 
 SYSCTL_PROC(_security_mac_veriexec, OID_AUTO, db,
-    CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_SKIP, 0, 0, sysctl_mac_veriexec_db,
+    CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_SKIP | CTLFLAG_NEEDGIANT,
+    0, 0, sysctl_mac_veriexec_db,
     "A", "Verified execution fingerprint database");
 
 static int mac_veriexec_slot;
diff --git a/sys/security/mac_veriexec/veriexec_fingerprint.c b/sys/security/mac_veriexec/veriexec_fingerprint.c
index 9eb57f7e8bd2a..700e2d8a3d637 100644
--- a/sys/security/mac_veriexec/veriexec_fingerprint.c
+++ b/sys/security/mac_veriexec/veriexec_fingerprint.c
@@ -64,7 +64,8 @@ static int mac_veriexec_late;
 static int sysctl_mac_veriexec_algorithms(SYSCTL_HANDLER_ARGS);
 
 SYSCTL_PROC(_security_mac_veriexec, OID_AUTO, algorithms,
-    CTLTYPE_STRING | CTLFLAG_RD, 0, 0, sysctl_mac_veriexec_algorithms, "A",
+    CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_NEEDGIANT,
+    0, 0, sysctl_mac_veriexec_algorithms, "A",
     "Verified execution supported hashing algorithms");
 
 static int
author	Pawel Biernacki <kaktus@FreeBSD.org>	2020-02-26 14:26:36 +0000
committer	Pawel Biernacki <kaktus@FreeBSD.org>	2020-02-26 14:26:36 +0000
commit	7029da5c36f2d3cf6bb6c81bf551229f416399e8 (patch)
tree	53cae9da1371117a3ac21d0d0f3f030a692807ae /sys/security
parent	d7313dc6f5fcab29946951936597772dfff6a4be (diff)