[src/trunk]: src Rename kern_verifiedexec.c to kern_veriexec.c. "Veriexec" is...

[maxv <maxv%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/3d986bf85a0a
branches:  trunk
changeset: 806260:3d986bf85a0a
user:      maxv <maxv%NetBSD.org@localhost>
date:      Fri Feb 13 17:50:48 2015 +0000

description:
Rename kern_verifiedexec.c to kern_veriexec.c. "Veriexec" is the name of
the subsystem, not "Verifiedexec".

The revisions of kern_verifiedexec.c are now in Attic/.

No change between kern_verifiedexec.c and kern_veriexec.c.

Also, update the man page accordingly.

Okayed by christos@ and blymn@ some months ago.

diffstat:

 share/man/man9/veriexec.9 |     6 +-
 sys/conf/files            |     4 +-
 sys/kern/kern_veriexec.c  |  1584 +++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 1589 insertions(+), 5 deletions(-)

diffs (truncated from 1633 to 300 lines):

diff -r d706b6aea6d0 -r 3d986bf85a0a share/man/man9/veriexec.9
--- a/share/man/man9/veriexec.9 Fri Feb 13 17:40:13 2015 +0000
+++ b/share/man/man9/veriexec.9 Fri Feb 13 17:50:48 2015 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: veriexec.9,v 1.27 2014/03/18 18:20:40 riastradh Exp $
+.\" $NetBSD: veriexec.9,v 1.28 2015/02/13 17:50:48 maxv Exp $
 .\"
 .\" Copyright 2006 Elad Efrat <elad%NetBSD.org@localhost>
 .\" Copyright 2006 Brett Lymn <blymn%NetBSD.org@localhost>
@@ -27,7 +27,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd March 18, 2011
+.Dd February 13, 2015
 .Dt VERIEXEC 9
 .Os
 .Sh NAME
@@ -295,7 +295,7 @@
 .It Sy Path    Purpose
 .It src/sys/dev/verified_exec.c        driver for userland communication
 .It src/sys/sys/verified_exec.h        shared (userland/kernel) header file
-.It src/sys/kern/kern_verifiedexec.c   subsystem code
+.It src/sys/kern/kern_veriexec.c       subsystem code
 .It src/sys/kern/vfs_syscalls.c        rename, remove, and unmount policies
 .It src/sys/kern/vfs_vnops.c   regular file access policy
 .El
diff -r d706b6aea6d0 -r 3d986bf85a0a sys/conf/files
--- a/sys/conf/files    Fri Feb 13 17:40:13 2015 +0000
+++ b/sys/conf/files    Fri Feb 13 17:50:48 2015 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: files,v 1.1127 2015/01/27 21:34:43 skrll Exp $
+#      $NetBSD: files,v 1.1128 2015/02/13 17:50:48 maxv Exp $
 #      @(#)files.newconf       7.5 (Berkeley) 5/10/93
 
 version        20141030
@@ -1422,7 +1422,7 @@
 
 # Veriexec
 defpseudo veriexec
-file   kern/kern_verifiedexec.c        veriexec
+file   kern/kern_veriexec.c    veriexec
 file   dev/verified_exec.c             veriexec        needs-flag
 
 # isochronous pseudo device for IEEE 1394, i.LINK or FireWire
diff -r d706b6aea6d0 -r 3d986bf85a0a sys/kern/kern_veriexec.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/kern/kern_veriexec.c  Fri Feb 13 17:50:48 2015 +0000
@@ -0,0 +1,1584 @@
+/*     $NetBSD: kern_veriexec.c,v 1.1 2015/02/13 17:50:48 maxv Exp $   */
+
+/*-
+ * Copyright (c) 2005, 2006 Elad Efrat <elad%NetBSD.org@localhost>
+ * Copyright (c) 2005, 2006 Brett Lymn <blymn%NetBSD.org@localhost>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the authors may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__KERNEL_RCSID(0, "$NetBSD: kern_veriexec.c,v 1.1 2015/02/13 17:50:48 maxv Exp $");
+
+#include "opt_veriexec.h"
+
+#include <sys/param.h>
+#include <sys/mount.h>
+#include <sys/kmem.h>
+#include <sys/vnode.h>
+#include <sys/namei.h>
+#include <sys/exec.h>
+#include <sys/once.h>
+#include <sys/proc.h>
+#include <sys/rwlock.h>
+#include <sys/syslog.h>
+#include <sys/sysctl.h>
+#include <sys/inttypes.h>
+#include <sys/verified_exec.h>
+#if defined(__FreeBSD__)
+# include <sys/systm.h>
+# include <sys/imgact.h>
+# include <crypto/sha1.h>
+# include <crypto/sha2/sha2.h>
+# include <crypto/ripemd160/rmd160.h>
+#else
+# include <sys/sha1.h>
+# include <sys/sha2.h>
+# include <sys/rmd160.h>
+#endif
+#include <sys/md5.h>
+#include <uvm/uvm_extern.h>
+#include <sys/fileassoc.h>
+#include <sys/kauth.h>
+#include <sys/conf.h>
+#include <miscfs/specfs/specdev.h>
+#include <prop/proplib.h>
+#include <sys/fcntl.h>
+
+/* Readable values for veriexec_file_report(). */
+#define        REPORT_ALWAYS           0x01    /* Always print */
+#define        REPORT_VERBOSE          0x02    /* Print when verbose >= 1 */
+#define        REPORT_DEBUG            0x04    /* Print when verbose >= 2 (debug) */
+#define        REPORT_PANIC            0x08    /* Call panic() */
+#define        REPORT_ALARM            0x10    /* Alarm - also print pid/uid/.. */
+#define        REPORT_LOGMASK          (REPORT_ALWAYS|REPORT_VERBOSE|REPORT_DEBUG)
+
+/* state of locking for veriexec_file_verify */
+#define VERIEXEC_UNLOCKED      0x00    /* Nothing locked, callee does it */
+#define VERIEXEC_LOCKED                0x01    /* Global op lock held */
+
+
+#define VERIEXEC_RW_UPGRADE(lock)      while((rw_tryupgrade(lock)) == 0){};
+
+struct veriexec_fpops {
+       const char *type;
+       size_t hash_len;
+       size_t context_size;
+       veriexec_fpop_init_t init;
+       veriexec_fpop_update_t update;
+       veriexec_fpop_final_t final;
+       LIST_ENTRY(veriexec_fpops) entries;
+};
+
+/* Veriexec per-file entry data. */
+struct veriexec_file_entry {
+       krwlock_t lock;                         /* r/w lock */
+       u_char *filename;                       /* File name. */
+       u_char type;                            /* Entry type. */
+       u_char status;                          /* Evaluation status. */
+       u_char page_fp_status;                  /* Per-page FP status. */
+       u_char *fp;                             /* Fingerprint. */
+       void *page_fp;                          /* Per-page fingerprints */
+       size_t npages;                          /* Number of pages. */
+       size_t last_page_size;                  /* To support < PAGE_SIZE */
+       struct veriexec_fpops *ops;             /* Fingerprint ops vector*/
+       size_t filename_len;                    /* Length of filename. */
+};
+
+/* Veriexec per-table data. */
+struct veriexec_table_entry {
+       uint64_t vte_count;                     /* Number of Veriexec entries. */
+       const struct sysctlnode *vte_node;
+};
+
+static int veriexec_verbose;
+static int veriexec_strict;
+static int veriexec_bypass = 1;
+
+static char *veriexec_fp_names = NULL;
+static size_t veriexec_name_max = 0;
+
+static const struct sysctlnode *veriexec_count_node;
+
+static fileassoc_t veriexec_hook;
+static specificdata_key_t veriexec_mountspecific_key;
+
+static LIST_HEAD(, veriexec_fpops) veriexec_fpops_list =
+       LIST_HEAD_INITIALIZER(veriexec_fpops_list);
+
+static int veriexec_raw_cb(kauth_cred_t, kauth_action_t, void *,
+    void *, void *, void *, void *);
+static struct veriexec_fpops *veriexec_fpops_lookup(const char *);
+static void veriexec_file_free(struct veriexec_file_entry *);
+
+static unsigned int veriexec_tablecount = 0;
+
+/*
+ * Veriexec operations global lock - most ops hold this as a read
+ * lock, it is upgraded to a write lock when destroying veriexec file
+ * table entries.
+ */
+static krwlock_t veriexec_op_lock;
+
+/*
+ * Sysctl helper routine for Veriexec.
+ */
+static int
+sysctl_kern_veriexec_algorithms(SYSCTLFN_ARGS)
+{
+       size_t len;
+       int error;
+       const char *p;
+
+       if (newp != NULL)
+               return EPERM;
+
+       if (namelen != 0)
+               return EINVAL;
+
+       p = veriexec_fp_names == NULL ? "" : veriexec_fp_names;
+
+       len = strlen(p) + 1;
+
+       if (*oldlenp < len && oldp)
+               return ENOMEM;
+
+       if (oldp && (error = copyout(p, oldp, len)) != 0)
+               return error;
+
+       *oldlenp = len;
+       return 0;
+}
+
+static int
+sysctl_kern_veriexec_strict(SYSCTLFN_ARGS)
+{
+       struct sysctlnode node;
+       int error, newval;
+
+       node = *rnode;
+       node.sysctl_data = &newval;
+
+       newval = veriexec_strict;
+       error = sysctl_lookup(SYSCTLFN_CALL(&node));
+       if (error || newp == NULL)
+               return error;
+
+       if (newval < veriexec_strict)
+               return EPERM;
+
+       veriexec_strict = newval;
+
+       return 0;
+}
+
+SYSCTL_SETUP(sysctl_kern_veriexec_setup, "sysctl kern.veriexec setup")
+{
+       const struct sysctlnode *rnode = NULL;
+
+       sysctl_createv(clog, 0, NULL, &rnode,
+                      CTLFLAG_PERMANENT,
+                      CTLTYPE_NODE, "veriexec",
+                      SYSCTL_DESCR("Veriexec"),
+                      NULL, 0, NULL, 0,
+                      CTL_KERN, CTL_CREATE, CTL_EOL);
+
+       sysctl_createv(clog, 0, &rnode, NULL,
+                      CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+                      CTLTYPE_INT, "verbose",
+                      SYSCTL_DESCR("Veriexec verbose level"),
+                      NULL, 0, &veriexec_verbose, 0,
+                      CTL_CREATE, CTL_EOL);
+       sysctl_createv(clog, 0, &rnode, NULL,
+                      CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
+                      CTLTYPE_INT, "strict",
+                      SYSCTL_DESCR("Veriexec strict level"),
+                      sysctl_kern_veriexec_strict, 0, NULL, 0,
+                      CTL_CREATE, CTL_EOL);
+       sysctl_createv(clog, 0, &rnode, NULL,
+                      CTLFLAG_PERMANENT,
+                      CTLTYPE_STRING, "algorithms",
+                      SYSCTL_DESCR("Veriexec supported hashing "
+                                   "algorithms"),
+                      sysctl_kern_veriexec_algorithms, 0, NULL, 0,
+                      CTL_CREATE, CTL_EOL);
+       sysctl_createv(clog, 0, &rnode, &veriexec_count_node,
+                      CTLFLAG_PERMANENT,
+                      CTLTYPE_NODE, "count",
+                      SYSCTL_DESCR("Number of fingerprints on mount(s)"),
+                      NULL, 0, NULL, 0,
+                      CTL_CREATE, CTL_EOL);
+}
+
+/*
+ * Add ops to the fignerprint ops vector list.
+ */
+int
+veriexec_fpops_add(const char *fp_type, size_t hash_len, size_t ctx_size,
+    veriexec_fpop_init_t init, veriexec_fpop_update_t update,
+    veriexec_fpop_final_t final)
+{
+       struct veriexec_fpops *ops;
+
+       /* Sanity check all parameters. */
+       if ((fp_type == NULL) || (hash_len == 0) || (ctx_size == 0) ||
+           (init == NULL) || (update == NULL) || (final == NULL))
+               return (EFAULT);
+
+       if (veriexec_fpops_lookup(fp_type) != NULL)
+               return (EEXIST);
+