Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/kern ... and I forgot to actually remove kern_verifiedex...
details: https://anonhg.NetBSD.org/src/rev/d5a78fccd65d
branches: trunk
changeset: 806261:d5a78fccd65d
user: maxv <maxv%NetBSD.org@localhost>
date: Fri Feb 13 17:55:24 2015 +0000
description:
... and I forgot to actually remove kern_verifiedexec.c.
As I said in the first revision of kern_veriexec.c: rename
kern_verifiedexec.c to kern_veriexec.c. The old history is now in Attic/,
and no change between kern_verifiedexec.c and kern_veriexec.c.
okayed by christos@ and blymn@ some months ago.
diffstat:
sys/kern/kern_verifiedexec.c | 1584 ------------------------------------------
1 files changed, 0 insertions(+), 1584 deletions(-)
diffs (truncated from 1588 to 300 lines):
diff -r 3d986bf85a0a -r d5a78fccd65d sys/kern/kern_verifiedexec.c
--- a/sys/kern/kern_verifiedexec.c Fri Feb 13 17:50:48 2015 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1584 +0,0 @@
-/* $NetBSD: kern_verifiedexec.c,v 1.134 2014/04/15 06:14:55 maxv Exp $ */
-
-/*-
- * Copyright (c) 2005, 2006 Elad Efrat <elad%NetBSD.org@localhost>
- * Copyright (c) 2005, 2006 Brett Lymn <blymn%NetBSD.org@localhost>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. The name of the authors may not be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.134 2014/04/15 06:14:55 maxv Exp $");
-
-#include "opt_veriexec.h"
-
-#include <sys/param.h>
-#include <sys/mount.h>
-#include <sys/kmem.h>
-#include <sys/vnode.h>
-#include <sys/namei.h>
-#include <sys/exec.h>
-#include <sys/once.h>
-#include <sys/proc.h>
-#include <sys/rwlock.h>
-#include <sys/syslog.h>
-#include <sys/sysctl.h>
-#include <sys/inttypes.h>
-#include <sys/verified_exec.h>
-#if defined(__FreeBSD__)
-# include <sys/systm.h>
-# include <sys/imgact.h>
-# include <crypto/sha1.h>
-# include <crypto/sha2/sha2.h>
-# include <crypto/ripemd160/rmd160.h>
-#else
-# include <sys/sha1.h>
-# include <sys/sha2.h>
-# include <sys/rmd160.h>
-#endif
-#include <sys/md5.h>
-#include <uvm/uvm_extern.h>
-#include <sys/fileassoc.h>
-#include <sys/kauth.h>
-#include <sys/conf.h>
-#include <miscfs/specfs/specdev.h>
-#include <prop/proplib.h>
-#include <sys/fcntl.h>
-
-/* Readable values for veriexec_file_report(). */
-#define REPORT_ALWAYS 0x01 /* Always print */
-#define REPORT_VERBOSE 0x02 /* Print when verbose >= 1 */
-#define REPORT_DEBUG 0x04 /* Print when verbose >= 2 (debug) */
-#define REPORT_PANIC 0x08 /* Call panic() */
-#define REPORT_ALARM 0x10 /* Alarm - also print pid/uid/.. */
-#define REPORT_LOGMASK (REPORT_ALWAYS|REPORT_VERBOSE|REPORT_DEBUG)
-
-/* state of locking for veriexec_file_verify */
-#define VERIEXEC_UNLOCKED 0x00 /* Nothing locked, callee does it */
-#define VERIEXEC_LOCKED 0x01 /* Global op lock held */
-
-
-#define VERIEXEC_RW_UPGRADE(lock) while((rw_tryupgrade(lock)) == 0){};
-
-struct veriexec_fpops {
- const char *type;
- size_t hash_len;
- size_t context_size;
- veriexec_fpop_init_t init;
- veriexec_fpop_update_t update;
- veriexec_fpop_final_t final;
- LIST_ENTRY(veriexec_fpops) entries;
-};
-
-/* Veriexec per-file entry data. */
-struct veriexec_file_entry {
- krwlock_t lock; /* r/w lock */
- u_char *filename; /* File name. */
- u_char type; /* Entry type. */
- u_char status; /* Evaluation status. */
- u_char page_fp_status; /* Per-page FP status. */
- u_char *fp; /* Fingerprint. */
- void *page_fp; /* Per-page fingerprints */
- size_t npages; /* Number of pages. */
- size_t last_page_size; /* To support < PAGE_SIZE */
- struct veriexec_fpops *ops; /* Fingerprint ops vector*/
- size_t filename_len; /* Length of filename. */
-};
-
-/* Veriexec per-table data. */
-struct veriexec_table_entry {
- uint64_t vte_count; /* Number of Veriexec entries. */
- const struct sysctlnode *vte_node;
-};
-
-static int veriexec_verbose;
-static int veriexec_strict;
-static int veriexec_bypass = 1;
-
-static char *veriexec_fp_names = NULL;
-static size_t veriexec_name_max = 0;
-
-static const struct sysctlnode *veriexec_count_node;
-
-static fileassoc_t veriexec_hook;
-static specificdata_key_t veriexec_mountspecific_key;
-
-static LIST_HEAD(, veriexec_fpops) veriexec_fpops_list =
- LIST_HEAD_INITIALIZER(veriexec_fpops_list);
-
-static int veriexec_raw_cb(kauth_cred_t, kauth_action_t, void *,
- void *, void *, void *, void *);
-static struct veriexec_fpops *veriexec_fpops_lookup(const char *);
-static void veriexec_file_free(struct veriexec_file_entry *);
-
-static unsigned int veriexec_tablecount = 0;
-
-/*
- * Veriexec operations global lock - most ops hold this as a read
- * lock, it is upgraded to a write lock when destroying veriexec file
- * table entries.
- */
-static krwlock_t veriexec_op_lock;
-
-/*
- * Sysctl helper routine for Veriexec.
- */
-static int
-sysctl_kern_veriexec_algorithms(SYSCTLFN_ARGS)
-{
- size_t len;
- int error;
- const char *p;
-
- if (newp != NULL)
- return EPERM;
-
- if (namelen != 0)
- return EINVAL;
-
- p = veriexec_fp_names == NULL ? "" : veriexec_fp_names;
-
- len = strlen(p) + 1;
-
- if (*oldlenp < len && oldp)
- return ENOMEM;
-
- if (oldp && (error = copyout(p, oldp, len)) != 0)
- return error;
-
- *oldlenp = len;
- return 0;
-}
-
-static int
-sysctl_kern_veriexec_strict(SYSCTLFN_ARGS)
-{
- struct sysctlnode node;
- int error, newval;
-
- node = *rnode;
- node.sysctl_data = &newval;
-
- newval = veriexec_strict;
- error = sysctl_lookup(SYSCTLFN_CALL(&node));
- if (error || newp == NULL)
- return error;
-
- if (newval < veriexec_strict)
- return EPERM;
-
- veriexec_strict = newval;
-
- return 0;
-}
-
-SYSCTL_SETUP(sysctl_kern_veriexec_setup, "sysctl kern.veriexec setup")
-{
- const struct sysctlnode *rnode = NULL;
-
- sysctl_createv(clog, 0, NULL, &rnode,
- CTLFLAG_PERMANENT,
- CTLTYPE_NODE, "veriexec",
- SYSCTL_DESCR("Veriexec"),
- NULL, 0, NULL, 0,
- CTL_KERN, CTL_CREATE, CTL_EOL);
-
- sysctl_createv(clog, 0, &rnode, NULL,
- CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
- CTLTYPE_INT, "verbose",
- SYSCTL_DESCR("Veriexec verbose level"),
- NULL, 0, &veriexec_verbose, 0,
- CTL_CREATE, CTL_EOL);
- sysctl_createv(clog, 0, &rnode, NULL,
- CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
- CTLTYPE_INT, "strict",
- SYSCTL_DESCR("Veriexec strict level"),
- sysctl_kern_veriexec_strict, 0, NULL, 0,
- CTL_CREATE, CTL_EOL);
- sysctl_createv(clog, 0, &rnode, NULL,
- CTLFLAG_PERMANENT,
- CTLTYPE_STRING, "algorithms",
- SYSCTL_DESCR("Veriexec supported hashing "
- "algorithms"),
- sysctl_kern_veriexec_algorithms, 0, NULL, 0,
- CTL_CREATE, CTL_EOL);
- sysctl_createv(clog, 0, &rnode, &veriexec_count_node,
- CTLFLAG_PERMANENT,
- CTLTYPE_NODE, "count",
- SYSCTL_DESCR("Number of fingerprints on mount(s)"),
- NULL, 0, NULL, 0,
- CTL_CREATE, CTL_EOL);
-}
-
-/*
- * Add ops to the fignerprint ops vector list.
- */
-int
-veriexec_fpops_add(const char *fp_type, size_t hash_len, size_t ctx_size,
- veriexec_fpop_init_t init, veriexec_fpop_update_t update,
- veriexec_fpop_final_t final)
-{
- struct veriexec_fpops *ops;
-
- /* Sanity check all parameters. */
- if ((fp_type == NULL) || (hash_len == 0) || (ctx_size == 0) ||
- (init == NULL) || (update == NULL) || (final == NULL))
- return (EFAULT);
-
- if (veriexec_fpops_lookup(fp_type) != NULL)
- return (EEXIST);
-
- ops = kmem_alloc(sizeof(*ops), KM_SLEEP);
-
- ops->type = fp_type;
- ops->hash_len = hash_len;
- ops->context_size = ctx_size;
- ops->init = init;
- ops->update = update;
- ops->final = final;
-
- LIST_INSERT_HEAD(&veriexec_fpops_list, ops, entries);
-
- /*
- * If we don't have space for any names, allocate enough for six
- * which should be sufficient. (it's also enough for all algorithms
- * we can support at the moment)
- */
- if (veriexec_fp_names == NULL) {
- veriexec_name_max = 64;
- veriexec_fp_names = kmem_zalloc(veriexec_name_max, KM_SLEEP);
- }
-
- /*
- * If we're running out of space for storing supported algorithms,
- * extend the buffer with space for four names.
- */
- while (veriexec_name_max - (strlen(veriexec_fp_names) + 1) <
- strlen(fp_type)) {
- char *newp;
- unsigned int new_max;
-
- /* Add space for four algorithm names. */
- new_max = veriexec_name_max + 64;
- newp = kmem_zalloc(new_max, KM_SLEEP);
- strlcpy(newp, veriexec_fp_names, new_max);
- kmem_free(veriexec_fp_names, veriexec_name_max);
- veriexec_fp_names = newp;
- veriexec_name_max = new_max;
- }
-
- if (*veriexec_fp_names != '\0')
- strlcat(veriexec_fp_names, " ", veriexec_name_max);
-
- strlcat(veriexec_fp_names, fp_type, veriexec_name_max);
-
- return (0);
Home |
Main Index |
Thread Index |
Old Index