Subject: CVS commit: src/sys
To: None <source-changes@NetBSD.org>
From: Elad Efrat <elad@netbsd.org>
List: source-changes
Date: 11/30/2006 01:09:48
Module Name:	src
Committed By:	elad
Date:		Thu Nov 30 01:09:48 UTC 2006

Modified Files:
	src/sys/dev: verified_exec.c
	src/sys/kern: kern_verifiedexec.c vfs_syscalls.c vfs_vnops.c
	src/sys/sys: verified_exec.h

Log Message:
Massive restructuring and cleanup of Veriexec, mainly in preparation
for work on some future functionality.

  - Veriexec data-structures are no longer exposed.

  - Thanks to using proplib for data passing now, the interface
    changes further to accomodate that.

    Introduce four new functions. First, veriexec_file_add(), to add
    a new file to be monitored by Veriexec, to replace both
    veriexec_load() and veriexec_hashadd(). veriexec_table_add(), to
    replace veriexec_newtable(), will be used to optimize hash table
    size (during preload), and finally, veriexec_convert(), to convert
    an internal entry to one userland can read.

  - Introduce veriexec_unmountchk(), to enforce Veriexec unmount
    policy. This cleans up a bit of code in kern/vfs_syscalls.c.

  - Rename veriexec_tblfind() with veriexec_table_lookup(), and make
    it static. More functions that became static: veriexec_fp_cmp(),
    veriexec_fp_calc().

  - veriexec_verify() no longer returns the entry as well, but just
    sets a boolean indicating whether an entry was found or not.

  - veriexec_purge() now takes a struct vnode *.

  - veriexec_add_fp_name() was merged into veriexec_add_fp_ops(), that
    changed its name to veriexec_fpops_add(). veriexec_find_ops() was
    also renamed to veriexec_fpops_lookup().

    Also on the fp-ops front, the three function types used to initialize,
    update, and finalize a hash context were renamed to
    veriexec_fpop_init_t, veriexec_fpop_update_t, and veriexec_fpop_final_t
    respectively.

  - Introduce a new malloc(9) type, M_VERIEXEC, and use it instead of
    M_TEMP, so we can tell exactly how much memory is used by Veriexec.

  - And, most importantly, whitespace and indentation nits.

Built successfuly for amd64, i386, sparc, and sparc64. Tested on amd64.


To generate a diff of this commit:
cvs rdiff -r1.50 -r1.51 src/sys/dev/verified_exec.c
cvs rdiff -r1.74 -r1.75 src/sys/kern/kern_verifiedexec.c
cvs rdiff -r1.278 -r1.279 src/sys/kern/vfs_syscalls.c
cvs rdiff -r1.128 -r1.129 src/sys/kern/vfs_vnops.c
cvs rdiff -r1.43 -r1.44 src/sys/sys/verified_exec.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.