Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/kern ... and I forgot to actually remove kern_verifiedex...



details:   https://anonhg.NetBSD.org/src/rev/d5a78fccd65d
branches:  trunk
changeset: 806261:d5a78fccd65d
user:      maxv <maxv%NetBSD.org@localhost>
date:      Fri Feb 13 17:55:24 2015 +0000

description:
... and I forgot to actually remove kern_verifiedexec.c.

As I said in the first revision of kern_veriexec.c: rename
kern_verifiedexec.c to kern_veriexec.c. The old history is now in Attic/,
and no change between kern_verifiedexec.c and kern_veriexec.c.

okayed by christos@ and blymn@ some months ago.

diffstat:

 sys/kern/kern_verifiedexec.c |  1584 ------------------------------------------
 1 files changed, 0 insertions(+), 1584 deletions(-)

diffs (truncated from 1588 to 300 lines):

diff -r 3d986bf85a0a -r d5a78fccd65d sys/kern/kern_verifiedexec.c
--- a/sys/kern/kern_verifiedexec.c      Fri Feb 13 17:50:48 2015 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,1584 +0,0 @@
-/*     $NetBSD: kern_verifiedexec.c,v 1.134 2014/04/15 06:14:55 maxv Exp $     */
-
-/*-
- * Copyright (c) 2005, 2006 Elad Efrat <elad%NetBSD.org@localhost>
- * Copyright (c) 2005, 2006 Brett Lymn <blymn%NetBSD.org@localhost>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the authors may not be used to endorse or promote products
- *    derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.134 2014/04/15 06:14:55 maxv Exp $");
-
-#include "opt_veriexec.h"
-
-#include <sys/param.h>
-#include <sys/mount.h>
-#include <sys/kmem.h>
-#include <sys/vnode.h>
-#include <sys/namei.h>
-#include <sys/exec.h>
-#include <sys/once.h>
-#include <sys/proc.h>
-#include <sys/rwlock.h>
-#include <sys/syslog.h>
-#include <sys/sysctl.h>
-#include <sys/inttypes.h>
-#include <sys/verified_exec.h>
-#if defined(__FreeBSD__)
-# include <sys/systm.h>
-# include <sys/imgact.h>
-# include <crypto/sha1.h>
-# include <crypto/sha2/sha2.h>
-# include <crypto/ripemd160/rmd160.h>
-#else
-# include <sys/sha1.h>
-# include <sys/sha2.h>
-# include <sys/rmd160.h>
-#endif
-#include <sys/md5.h>
-#include <uvm/uvm_extern.h>
-#include <sys/fileassoc.h>
-#include <sys/kauth.h>
-#include <sys/conf.h>
-#include <miscfs/specfs/specdev.h>
-#include <prop/proplib.h>
-#include <sys/fcntl.h>
-
-/* Readable values for veriexec_file_report(). */
-#define        REPORT_ALWAYS           0x01    /* Always print */
-#define        REPORT_VERBOSE          0x02    /* Print when verbose >= 1 */
-#define        REPORT_DEBUG            0x04    /* Print when verbose >= 2 (debug) */
-#define        REPORT_PANIC            0x08    /* Call panic() */
-#define        REPORT_ALARM            0x10    /* Alarm - also print pid/uid/.. */
-#define        REPORT_LOGMASK          (REPORT_ALWAYS|REPORT_VERBOSE|REPORT_DEBUG)
-
-/* state of locking for veriexec_file_verify */
-#define VERIEXEC_UNLOCKED      0x00    /* Nothing locked, callee does it */
-#define VERIEXEC_LOCKED                0x01    /* Global op lock held */
-
-
-#define VERIEXEC_RW_UPGRADE(lock)      while((rw_tryupgrade(lock)) == 0){};
-
-struct veriexec_fpops {
-       const char *type;
-       size_t hash_len;
-       size_t context_size;
-       veriexec_fpop_init_t init;
-       veriexec_fpop_update_t update;
-       veriexec_fpop_final_t final;
-       LIST_ENTRY(veriexec_fpops) entries;
-};
-
-/* Veriexec per-file entry data. */
-struct veriexec_file_entry {
-       krwlock_t lock;                         /* r/w lock */
-       u_char *filename;                       /* File name. */
-       u_char type;                            /* Entry type. */
-       u_char status;                          /* Evaluation status. */
-       u_char page_fp_status;                  /* Per-page FP status. */
-       u_char *fp;                             /* Fingerprint. */
-       void *page_fp;                          /* Per-page fingerprints */
-       size_t npages;                          /* Number of pages. */
-       size_t last_page_size;                  /* To support < PAGE_SIZE */
-       struct veriexec_fpops *ops;             /* Fingerprint ops vector*/
-       size_t filename_len;                    /* Length of filename. */
-};
-
-/* Veriexec per-table data. */
-struct veriexec_table_entry {
-       uint64_t vte_count;                     /* Number of Veriexec entries. */
-       const struct sysctlnode *vte_node;
-};
-
-static int veriexec_verbose;
-static int veriexec_strict;
-static int veriexec_bypass = 1;
-
-static char *veriexec_fp_names = NULL;
-static size_t veriexec_name_max = 0;
-
-static const struct sysctlnode *veriexec_count_node;
-
-static fileassoc_t veriexec_hook;
-static specificdata_key_t veriexec_mountspecific_key;
-
-static LIST_HEAD(, veriexec_fpops) veriexec_fpops_list =
-       LIST_HEAD_INITIALIZER(veriexec_fpops_list);
-
-static int veriexec_raw_cb(kauth_cred_t, kauth_action_t, void *,
-    void *, void *, void *, void *);
-static struct veriexec_fpops *veriexec_fpops_lookup(const char *);
-static void veriexec_file_free(struct veriexec_file_entry *);
-
-static unsigned int veriexec_tablecount = 0;
-
-/*
- * Veriexec operations global lock - most ops hold this as a read
- * lock, it is upgraded to a write lock when destroying veriexec file
- * table entries.
- */
-static krwlock_t veriexec_op_lock;
-
-/*
- * Sysctl helper routine for Veriexec.
- */
-static int
-sysctl_kern_veriexec_algorithms(SYSCTLFN_ARGS)
-{
-       size_t len;
-       int error;
-       const char *p;
-
-       if (newp != NULL)
-               return EPERM;
-
-       if (namelen != 0)
-               return EINVAL;
-
-       p = veriexec_fp_names == NULL ? "" : veriexec_fp_names;
-
-       len = strlen(p) + 1;
-
-       if (*oldlenp < len && oldp)
-               return ENOMEM;
-
-       if (oldp && (error = copyout(p, oldp, len)) != 0)
-               return error;
-
-       *oldlenp = len;
-       return 0;
-}
-
-static int
-sysctl_kern_veriexec_strict(SYSCTLFN_ARGS)
-{
-       struct sysctlnode node;
-       int error, newval;
-
-       node = *rnode;
-       node.sysctl_data = &newval;
-
-       newval = veriexec_strict;
-       error = sysctl_lookup(SYSCTLFN_CALL(&node));
-       if (error || newp == NULL)
-               return error;
-
-       if (newval < veriexec_strict)
-               return EPERM;
-
-       veriexec_strict = newval;
-
-       return 0;
-}
-
-SYSCTL_SETUP(sysctl_kern_veriexec_setup, "sysctl kern.veriexec setup")
-{
-       const struct sysctlnode *rnode = NULL;
-
-       sysctl_createv(clog, 0, NULL, &rnode,
-                      CTLFLAG_PERMANENT,
-                      CTLTYPE_NODE, "veriexec",
-                      SYSCTL_DESCR("Veriexec"),
-                      NULL, 0, NULL, 0,
-                      CTL_KERN, CTL_CREATE, CTL_EOL);
-
-       sysctl_createv(clog, 0, &rnode, NULL,
-                      CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
-                      CTLTYPE_INT, "verbose",
-                      SYSCTL_DESCR("Veriexec verbose level"),
-                      NULL, 0, &veriexec_verbose, 0,
-                      CTL_CREATE, CTL_EOL);
-       sysctl_createv(clog, 0, &rnode, NULL,
-                      CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
-                      CTLTYPE_INT, "strict",
-                      SYSCTL_DESCR("Veriexec strict level"),
-                      sysctl_kern_veriexec_strict, 0, NULL, 0,
-                      CTL_CREATE, CTL_EOL);
-       sysctl_createv(clog, 0, &rnode, NULL,
-                      CTLFLAG_PERMANENT,
-                      CTLTYPE_STRING, "algorithms",
-                      SYSCTL_DESCR("Veriexec supported hashing "
-                                   "algorithms"),
-                      sysctl_kern_veriexec_algorithms, 0, NULL, 0,
-                      CTL_CREATE, CTL_EOL);
-       sysctl_createv(clog, 0, &rnode, &veriexec_count_node,
-                      CTLFLAG_PERMANENT,
-                      CTLTYPE_NODE, "count",
-                      SYSCTL_DESCR("Number of fingerprints on mount(s)"),
-                      NULL, 0, NULL, 0,
-                      CTL_CREATE, CTL_EOL);
-}
-
-/*
- * Add ops to the fignerprint ops vector list.
- */
-int
-veriexec_fpops_add(const char *fp_type, size_t hash_len, size_t ctx_size,
-    veriexec_fpop_init_t init, veriexec_fpop_update_t update,
-    veriexec_fpop_final_t final)
-{
-       struct veriexec_fpops *ops;
-
-       /* Sanity check all parameters. */
-       if ((fp_type == NULL) || (hash_len == 0) || (ctx_size == 0) ||
-           (init == NULL) || (update == NULL) || (final == NULL))
-               return (EFAULT);
-
-       if (veriexec_fpops_lookup(fp_type) != NULL)
-               return (EEXIST);
-
-       ops = kmem_alloc(sizeof(*ops), KM_SLEEP);
-
-       ops->type = fp_type;
-       ops->hash_len = hash_len;
-       ops->context_size = ctx_size;
-       ops->init = init;
-       ops->update = update;
-       ops->final = final;
-
-       LIST_INSERT_HEAD(&veriexec_fpops_list, ops, entries);
-
-       /*
-        * If we don't have space for any names, allocate enough for six
-        * which should be sufficient. (it's also enough for all algorithms
-        * we can support at the moment)
-        */
-       if (veriexec_fp_names == NULL) {
-               veriexec_name_max = 64;
-               veriexec_fp_names = kmem_zalloc(veriexec_name_max, KM_SLEEP);
-       }
-
-       /*
-        * If we're running out of space for storing supported algorithms,
-        * extend the buffer with space for four names.
-        */
-       while (veriexec_name_max - (strlen(veriexec_fp_names) + 1) <
-           strlen(fp_type)) {
-               char *newp;
-               unsigned int new_max;
-
-               /* Add space for four algorithm names. */
-               new_max = veriexec_name_max + 64;
-               newp = kmem_zalloc(new_max, KM_SLEEP);
-               strlcpy(newp, veriexec_fp_names, new_max);
-               kmem_free(veriexec_fp_names, veriexec_name_max);
-               veriexec_fp_names = newp;
-               veriexec_name_max = new_max;
-       }
-
-       if (*veriexec_fp_names != '\0')
-               strlcat(veriexec_fp_names, " ", veriexec_name_max);
-
-       strlcat(veriexec_fp_names, fp_type, veriexec_name_max);
-
-       return (0);



Home | Main Index | Thread Index | Old Index