Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: veriexecctl(8) segfaults when no argument is given

2008/9/8, Brett Lymn <blymn%baesystems.com.au@localhost>:
> On Mon, Sep 08, 2008 at 11:07:31PM +0930, Brett Lymn wrote:
>  > On Mon, Sep 08, 2008 at 04:09:46PM +0300, Stathis Kamperis wrote:
>  > >
>  > > On the other hand, if I compile a kernel with your patch + LOCKDEBUG,
>  > > when I try to startX, I get a panic and here is the associated
>  > > backtrace:
>  > >
>  >
>  > Ah - It looks like we bail out of veriexec_file_verify() without
>  > setting vfep to something.  Try this (untested) patch:
>  >
>
>
> bah... that had a possible NULL dereference.  This one should be
>  better:
>
>
>  Index: kern_verifiedexec.c
>  ===================================================================
>  RCS file: /cvsroot/src/sys/kern/kern_verifiedexec.c,v
>  retrieving revision 1.109
>  diff -u -r1.109 kern_verifiedexec.c
>  --- kern_verifiedexec.c 20 Jul 2008 08:50:20 -0000      1.109
>
> +++ kern_verifiedexec.c 8 Sep 2008 15:26:53 -0000
>  @@ -585,6 +585,9 @@
>
>  #define VFE_NEEDS_EVAL(vfe) ((vfe->status == FINGERPRINT_NOTEVAL) || \
>                              (vfe->type & VERIEXEC_UNTRUSTED))
>
>
> +       if (vfep != NULL)
>
> +               *vfep = NULL;
>  +
>         if (vp->v_type != VREG)
>                 return (0);
>
>
>

Woot:) It works!

Here is the diff that solved the panic when running a LOCKDEBUG
enabled kernel (when typying startx) _and_ the `tstile' thing (when
inside X):


[stathis@netbsd ~] cat brett-elad.diff
Index: kern_verifiedexec.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_verifiedexec.c,v
retrieving revision 1.109
diff -u -r1.109 kern_verifiedexec.c
--- kern_verifiedexec.c 20 Jul 2008 08:50:20 -0000      1.109
+++ kern_verifiedexec.c 8 Sep 2008 15:49:02 -0000
@@ -585,6 +585,9 @@
 #define VFE_NEEDS_EVAL(vfe) ((vfe->status == FINGERPRINT_NOTEVAL) || \
                             (vfe->type & VERIEXEC_UNTRUSTED))

+        if (vfep != NULL)
+            *vfep = NULL;
+
        if (vp->v_type != VREG)
                return (0);

@@ -930,7 +933,8 @@
                if (tvfe != NULL)
                        (void)veriexec_file_delete(l, tovp);

-       }
+       } else
+               rw_exit(&veriexec_op_lock);

        return (0);
 }
@@ -1312,7 +1316,7 @@
                                         vfe, digest);
                if (error) {
                        kmem_free(digest, vfe->ops->hash_len);
-                       goto out;
+                       goto unlock_out;
                }

                if (veriexec_fp_cmp(vfe->ops, vfe->fp, digest) == 0)


Best regards,
Stathis Kamperis
Home | Main Index | Thread Index | Old Index