tech-kern: Re: CVS commit: src/sys/kern

Subject: Re: CVS commit: src/sys/kern
To: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
From: Elad Efrat <elad@NetBSD.org>
List: tech-kern
Date: 12/18/2006 08:23:25
This is a multi-part message in MIME format.
--------------010106020000000701010705
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

YAMAMOTO Takashi wrote:
>> at the moment, we can't really implement this cleanly (unless,
>> separating to two functions, one placed at the top, one placed at the
>> bottom, is clean).
> 
> why can't you use the "table" cleanup callback?

like attached diff?

-e.

--------------010106020000000701010705
Content-Type: text/plain;
 name="unmount.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="unmount.diff"

Index: kern_verifiedexec.c
===================================================================
RCS file: /usr/cvs/src/sys/kern/kern_verifiedexec.c,v
retrieving revision 1.81
diff -u -p -r1.81 kern_verifiedexec.c
--- kern_verifiedexec.c	14 Dec 2006 11:15:27 -0000	1.81
+++ kern_verifiedexec.c	17 Dec 2006 05:02:44 -0000
@@ -778,8 +778,11 @@ veriexec_clear(void *data, int file_spec
 	} else {
 		struct veriexec_table_entry *vte = data;
 
-		if (vte != NULL)
+		if (vte != NULL) {
+			sysctl_free(__UNCONST(vte->vte_node));
+			veriexec_tablecount--;
 			free(vte, M_VERIEXEC);
+		}
 	}
 }
 
@@ -1118,9 +1121,6 @@ veriexec_table_delete(struct mount *mp) 
 	if (vte == NULL)
 		return (ENOENT);
 
-	sysctl_free(__UNCONST(vte->vte_node));
-	veriexec_tablecount--;
-
 	return (fileassoc_table_clear(mp, veriexec_hook));
 }
 
@@ -1173,8 +1173,8 @@ veriexec_unmountchk(struct mount *mp)
 	switch (veriexec_strict) {
 	case VERIEXEC_LEARNING:
 	case VERIEXEC_IDS:
-		if (veriexec_table_delete(mp) == 0) {
-			log(LOG_INFO, "Veriexec: IDS mode, allowing  unmount "
+		if (veriexec_table_lookup(mp) != NULL) {
+			log(LOG_INFO, "Veriexec: IDS mode, allowing unmount "
 			    "of \"%s\".\n", mp->mnt_stat.f_mntonname);
 		}
 
@@ -1184,7 +1184,7 @@ veriexec_unmountchk(struct mount *mp)
 	case VERIEXEC_IPS: {
 		struct veriexec_table_entry *vte;
 
-		vte = fileassoc_tabledata_lookup(mp, veriexec_hook);
+		vte = veriexec_table_lookup(mp);
 		if ((vte != NULL) && (vte->vte_count > 0)) {
 			log(LOG_ALERT, "Veriexec: IPS mode, preventing"
 			    " unmount of \"%s\" with monitored files.\n",

--------------010106020000000701010705--