Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-7]: src Pull up following revision(s) (requested by maxv in ticke...
details: https://anonhg.NetBSD.org/src/rev/5af27949a5da
branches: netbsd-7
changeset: 799347:5af27949a5da
user: snj <snj%NetBSD.org@localhost>
date: Tue May 19 04:42:31 2015 +0000
description:
Pull up following revision(s) (requested by maxv in ticket #764):
sbin/veriexecctl/veriexecctl.c: revision 1.38
share/man/man9/veriexec.9: revision 1.10
sys/conf/files: revision 1.1128
sys/dev/verified_exec.c: revisions 1.70, 1.71
sys/kern/kern_veriexec.c: revisions 1.1-1.8
sys/kern/kern_verifiedexec.c: delete
Rename kern_verifiedexec.c to kern_veriexec.c. "Veriexec" is the name of
the subsystem, not "Verifiedexec".
The revisions of kern_verifiedexec.c are now in Attic/.
No change between kern_verifiedexec.c and kern_veriexec.c.
Also, update the man page accordingly.
Okayed by christos@ and blymn@ some months ago.
--
KNF
--
Don't mix veriexec lock and file lock in veriexec_file_verify().
Now:
- 'veriexec_op_lock' needs to be held when calling veriexec_file_verify()
- the 'file_lock_state' argument indicates if the file is locked
- add some KASSERTs
--
Instead of duplicating code, add veriexec_fp_status(). Also reorder a
useless goto.
--
Make veriexec_renamechk() more readable. Also add a KASSERT on vte_count.
No real functional change
--
If we already have an entry for the file being loaded, return EEXIST, don't
silently skip it.
--
Remove FreeBSD.
ok elad@
--
KASSERT x then y, not (x && y).
--
KNF
--
Not to add even more confusion in an already overcomplicated subsystem,
remove the FreeBSD code. This code is likely to be outdated, and Veriexec
is in all cases not available on FreeBSD.
--
Be a bit more verbose if the kernel rejects a file
diffstat:
sbin/veriexecctl/veriexecctl.c | 9 +-
share/man/man9/veriexec.9 | 6 +-
sys/conf/files | 4 +-
sys/dev/verified_exec.c | 48 +-
sys/kern/kern_veriexec.c | 1550 +++++++++++++++++++++++++++++++++++++++
sys/kern/kern_verifiedexec.c | 1584 ----------------------------------------
6 files changed, 1567 insertions(+), 1634 deletions(-)
diffs (truncated from 3305 to 300 lines):
diff -r f1040babe5ca -r 5af27949a5da sbin/veriexecctl/veriexecctl.c
--- a/sbin/veriexecctl/veriexecctl.c Tue May 19 04:19:49 2015 +0000
+++ b/sbin/veriexecctl/veriexecctl.c Tue May 19 04:42:31 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: veriexecctl.c,v 1.37 2014/07/27 04:23:44 dholland Exp $ */
+/* $NetBSD: veriexecctl.c,v 1.37.2.1 2015/05/19 04:42:31 snj Exp $ */
/*-
* Copyright 2005 Elad Efrat <elad%NetBSD.org@localhost>
@@ -248,10 +248,11 @@
err(1, "Cannot open `%s'", file);
yyin = fdopen(lfd, "r");
+ yyparse();
+ fclose(yyin);
- yyparse();
-
- (void)fclose(yyin);
+ if (error != EXIT_SUCCESS)
+ errx(1, "Cannot load '%s'", file);
} else if (argc == 2 && strcasecmp(argv[0], "delete") == 0) {
prop_dictionary_t dp;
struct stat sb;
diff -r f1040babe5ca -r 5af27949a5da share/man/man9/veriexec.9
--- a/share/man/man9/veriexec.9 Tue May 19 04:19:49 2015 +0000
+++ b/share/man/man9/veriexec.9 Tue May 19 04:42:31 2015 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: veriexec.9,v 1.27 2014/03/18 18:20:40 riastradh Exp $
+.\" $NetBSD: veriexec.9,v 1.27.4.1 2015/05/19 04:42:31 snj Exp $
.\"
.\" Copyright 2006 Elad Efrat <elad%NetBSD.org@localhost>
.\" Copyright 2006 Brett Lymn <blymn%NetBSD.org@localhost>
@@ -27,7 +27,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd March 18, 2011
+.Dd February 13, 2015
.Dt VERIEXEC 9
.Os
.Sh NAME
@@ -295,7 +295,7 @@
.It Sy Path Purpose
.It src/sys/dev/verified_exec.c driver for userland communication
.It src/sys/sys/verified_exec.h shared (userland/kernel) header file
-.It src/sys/kern/kern_verifiedexec.c subsystem code
+.It src/sys/kern/kern_veriexec.c subsystem code
.It src/sys/kern/vfs_syscalls.c rename, remove, and unmount policies
.It src/sys/kern/vfs_vnops.c regular file access policy
.El
diff -r f1040babe5ca -r 5af27949a5da sys/conf/files
--- a/sys/conf/files Tue May 19 04:19:49 2015 +0000
+++ b/sys/conf/files Tue May 19 04:42:31 2015 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: files,v 1.1096.2.5 2015/05/15 03:44:19 snj Exp $
+# $NetBSD: files,v 1.1096.2.6 2015/05/19 04:42:31 snj Exp $
# @(#)files.newconf 7.5 (Berkeley) 5/10/93
version 20100430
@@ -1419,7 +1419,7 @@
# Veriexec
defpseudo veriexec
-file kern/kern_verifiedexec.c veriexec
+file kern/kern_veriexec.c veriexec
file dev/verified_exec.c veriexec needs-flag
# isochronous pseudo device for IEEE 1394, i.LINK or FireWire
diff -r f1040babe5ca -r 5af27949a5da sys/dev/verified_exec.c
--- a/sys/dev/verified_exec.c Tue May 19 04:19:49 2015 +0000
+++ b/sys/dev/verified_exec.c Tue May 19 04:42:31 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: verified_exec.c,v 1.69 2014/07/25 08:10:35 dholland Exp $ */
+/* $NetBSD: verified_exec.c,v 1.69.2.1 2015/05/19 04:42:32 snj Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <elad%NetBSD.org@localhost>
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.69 2014/07/25 08:10:35 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.69.2.1 2015/05/19 04:42:32 snj Exp $");
#include <sys/param.h>
#include <sys/errno.h>
@@ -42,15 +42,9 @@
#include <sys/syslog.h>
#include <sys/proc.h>
-#ifdef __FreeBSD__
-#include <sys/kernel.h>
-#include <sys/device_port.h>
-#include <sys/ioccom.h>
-#else
#include <sys/ioctl.h>
#include <sys/device.h>
#define DEVPORT_DEVICE struct device
-#endif
#include <prop/proplib.h>
@@ -60,39 +54,22 @@
static dev_type_ioctl(veriexecioctl);
struct veriexec_softc {
- DEVPORT_DEVICE veriexec_dev;
+ DEVPORT_DEVICE veriexec_dev;
};
-#if defined(__FreeBSD__)
-# define CDEV_MAJOR 216
-# define BDEV_MAJOR -1
-#endif
-
const struct cdevsw veriexec_cdevsw = {
- .d_open = veriexecopen,
+ .d_open = veriexecopen,
.d_close = veriexecclose,
.d_read = noread,
.d_write = nowrite,
- .d_ioctl = veriexecioctl,
-#ifdef __NetBSD__
+ .d_ioctl = veriexecioctl,
.d_stop = nostop,
.d_tty = notty,
-#endif
.d_poll = nopoll,
.d_mmap = nommap,
.d_discard = nodiscard,
-#if defined(__NetBSD__)
- .d_kqfilter = nokqfilter,
- .d_flag = D_OTHER,
-#elif defined(__FreeBSD__)
- nostrategy,
- "veriexec",
- CDEV_MAJOR,
- nodump,
- nopsize,
- 0, /* flags */
- BDEV_MAJOR
-#endif
+ .d_kqfilter = nokqfilter,
+ .d_flag = D_OTHER,
};
/* count of number of times device is open (we really only allow one open) */
@@ -291,14 +268,3 @@
return (error);
}
-#if defined(__FreeBSD__)
-static void
-veriexec_drvinit(void *unused)
-{
- make_dev(&verifiedexec_cdevsw, 0, UID_ROOT, GID_WHEEL, 0600,
- "veriexec");
- verifiedexecattach(0, 0, 0);
-}
-
-SYSINIT(veriexec, SI_SUB_PSEUDO, SI_ORDER_ANY, veriexec_drvinit, NULL);
-#endif
diff -r f1040babe5ca -r 5af27949a5da sys/kern/kern_veriexec.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/kern/kern_veriexec.c Tue May 19 04:42:31 2015 +0000
@@ -0,0 +1,1550 @@
+/* $NetBSD: kern_veriexec.c,v 1.8.2.2 2015/05/19 04:42:32 snj Exp $ */
+
+/*-
+ * Copyright (c) 2005, 2006 Elad Efrat <elad%NetBSD.org@localhost>
+ * Copyright (c) 2005, 2006 Brett Lymn <blymn%NetBSD.org@localhost>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the authors may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__KERNEL_RCSID(0, "$NetBSD: kern_veriexec.c,v 1.8.2.2 2015/05/19 04:42:32 snj Exp $");
+
+#include "opt_veriexec.h"
+
+#include <sys/param.h>
+#include <sys/mount.h>
+#include <sys/kmem.h>
+#include <sys/vnode.h>
+#include <sys/namei.h>
+#include <sys/exec.h>
+#include <sys/once.h>
+#include <sys/proc.h>
+#include <sys/rwlock.h>
+#include <sys/syslog.h>
+#include <sys/sysctl.h>
+#include <sys/inttypes.h>
+#include <sys/verified_exec.h>
+#include <sys/sha1.h>
+#include <sys/sha2.h>
+#include <sys/rmd160.h>
+#include <sys/md5.h>
+#include <uvm/uvm_extern.h>
+#include <sys/fileassoc.h>
+#include <sys/kauth.h>
+#include <sys/conf.h>
+#include <miscfs/specfs/specdev.h>
+#include <prop/proplib.h>
+#include <sys/fcntl.h>
+
+/* Readable values for veriexec_file_report(). */
+#define REPORT_ALWAYS 0x01 /* Always print */
+#define REPORT_VERBOSE 0x02 /* Print when verbose >= 1 */
+#define REPORT_DEBUG 0x04 /* Print when verbose >= 2 (debug) */
+#define REPORT_PANIC 0x08 /* Call panic() */
+#define REPORT_ALARM 0x10 /* Alarm - also print pid/uid/.. */
+#define REPORT_LOGMASK (REPORT_ALWAYS|REPORT_VERBOSE|REPORT_DEBUG)
+
+/* state of locking for veriexec_file_verify */
+#define VERIEXEC_UNLOCKED 0x00 /* Nothing locked, callee does it */
+#define VERIEXEC_LOCKED 0x01 /* Global op lock held */
+
+/* state of file locking for veriexec_file_verify */
+#define VERIEXEC_FILE_UNLOCKED 0x02 /* Nothing locked, callee does it */
+#define VERIEXEC_FILE_LOCKED 0x04 /* File locked */
+
+#define VERIEXEC_RW_UPGRADE(lock) while((rw_tryupgrade(lock)) == 0){};
+
+struct veriexec_fpops {
+ const char *type;
+ size_t hash_len;
+ size_t context_size;
+ veriexec_fpop_init_t init;
+ veriexec_fpop_update_t update;
+ veriexec_fpop_final_t final;
+ LIST_ENTRY(veriexec_fpops) entries;
+};
+
+/* Veriexec per-file entry data. */
+struct veriexec_file_entry {
+ krwlock_t lock; /* r/w lock */
+ u_char *filename; /* File name. */
+ u_char type; /* Entry type. */
+ u_char status; /* Evaluation status. */
+ u_char page_fp_status; /* Per-page FP status. */
+ u_char *fp; /* Fingerprint. */
+ void *page_fp; /* Per-page fingerprints */
+ size_t npages; /* Number of pages. */
+ size_t last_page_size; /* To support < PAGE_SIZE */
+ struct veriexec_fpops *ops; /* Fingerprint ops vector*/
+ size_t filename_len; /* Length of filename. */
+};
+
+/* Veriexec per-table data. */
+struct veriexec_table_entry {
+ uint64_t vte_count; /* Number of Veriexec entries. */
+ const struct sysctlnode *vte_node;
+};
+
+static int veriexec_verbose;
+static int veriexec_strict;
+static int veriexec_bypass = 1;
+
+static char *veriexec_fp_names = NULL;
+static size_t veriexec_name_max = 0;
+
+static const struct sysctlnode *veriexec_count_node;
+
+static fileassoc_t veriexec_hook;
+static specificdata_key_t veriexec_mountspecific_key;
+
+static LIST_HEAD(, veriexec_fpops) veriexec_fpops_list =
+ LIST_HEAD_INITIALIZER(veriexec_fpops_list);
+
+static int veriexec_raw_cb(kauth_cred_t, kauth_action_t, void *,
+ void *, void *, void *, void *);
+static struct veriexec_fpops *veriexec_fpops_lookup(const char *);
+static void veriexec_file_free(struct veriexec_file_entry *);
+
+static unsigned int veriexec_tablecount = 0;
+
+/*
+ * Veriexec operations global lock - most ops hold this as a read
Home |
Main Index |
Thread Index |
Old Index