Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-8]: src/sys/kern Pull up following revision(s) (requested by pgoy...



details:   https://anonhg.NetBSD.org/src/rev/5a7687a601ad
branches:  netbsd-8
changeset: 434271:5a7687a601ad
user:      martin <martin%NetBSD.org@localhost>
date:      Thu Aug 31 11:46:23 2017 +0000

description:
Pull up following revision(s) (requested by pgoyette in ticket #251):
        sys/kern/kern_veriexec.c: revision 1.16
When adding a new veriexec_file_entry, if an entry already exists with
all the same values (except for the filename) just ignore it.  Otherwise
report the duplicate-entry error.
This allows the user to create a signature file with veriexegen(8) and
not worry about duplicate entries (due to hard-linked files) which will
otherwise cause /etc/rc.d/veriexec to report an error.
Fixes PR kern/52512
XXX Pull-up for -8

diffstat:

 sys/kern/kern_veriexec.c |  31 +++++++++++++++++++++++--------
 1 files changed, 23 insertions(+), 8 deletions(-)

diffs (76 lines):

diff -r c1cb02315019 -r 5a7687a601ad sys/kern/kern_veriexec.c
--- a/sys/kern/kern_veriexec.c  Thu Aug 31 11:43:44 2017 +0000
+++ b/sys/kern/kern_veriexec.c  Thu Aug 31 11:46:23 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_veriexec.c,v 1.12 2017/04/12 10:30:02 hannken Exp $       */
+/*     $NetBSD: kern_veriexec.c,v 1.12.4.1 2017/08/31 11:46:23 martin Exp $    */
 
 /*-
  * Copyright (c) 2005, 2006 Elad Efrat <elad%NetBSD.org@localhost>
@@ -29,7 +29,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_veriexec.c,v 1.12 2017/04/12 10:30:02 hannken Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_veriexec.c,v 1.12.4.1 2017/08/31 11:46:23 martin Exp $");
 
 #include "opt_veriexec.h"
 
@@ -1050,9 +1050,11 @@
 {
        struct veriexec_table_entry *vte;
        struct veriexec_file_entry *vfe = NULL;
+       struct veriexec_file_entry *ovfe;
        struct vnode *vp;
        const char *file, *fp_type;
        int error;
+       bool ignore_dup = false;
 
        if (!prop_dictionary_get_cstring_nocopy(dict, "file", &file))
                return (EINVAL);
@@ -1096,12 +1098,6 @@
 
        rw_enter(&veriexec_op_lock, RW_WRITER);
 
-       if (veriexec_get(vp)) {
-               /* We already have an entry for this file. */
-               error = EEXIST;
-               goto unlock_out;
-       }
-
        /* Continue entry initialization. */
        if (prop_dictionary_get_uint8(dict, "entry-type", &vfe->type) == FALSE)
                vfe->type = 0;
@@ -1140,6 +1136,22 @@
                vfe->status = status;
        }
 
+       /*
+        * If we already have an entry for this file, and it matches
+        * the new entry exactly (except for the filename, which may
+        * hard-linked!), we just ignore the new entry.  If the new
+        * entry differs, report the error.
+        */
+       if ((ovfe = veriexec_get(vp)) != NULL) {
+               error = EEXIST;
+               if (vfe->type == ovfe->type &&
+                   vfe->status == ovfe->status &&
+                   vfe->ops == ovfe->ops &&
+                   memcmp(vfe->fp, ovfe->fp, vfe->ops->hash_len) == 0)
+                       ignore_dup = true;
+               goto unlock_out;
+       }
+
        vte = veriexec_table_lookup(vp->v_mount);
        if (vte == NULL)
                vte = veriexec_table_add(l, vp->v_mount);
@@ -1163,6 +1175,9 @@
        if (error)
                veriexec_file_free(vfe);
 
+       if (ignore_dup && error == EEXIST)
+               error = 0;
+
        return (error);
 }
 



Home | Main Index | Thread Index | Old Index