Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/kern When adding a new veriexec_file_entry, if an entry ...



details:   https://anonhg.NetBSD.org/src/rev/63093a7223ad
branches:  trunk
changeset: 356084:63093a7223ad
user:      pgoyette <pgoyette%NetBSD.org@localhost>
date:      Thu Aug 31 08:47:19 2017 +0000

description:
When adding a new veriexec_file_entry, if an entry already exists with
all the same values (except for the filename) just ignore it.  Otherwise
report the duplicate-entry error.

This allows the user to create a signature file with veriexegen(8) and
not worry about duplicate entries (due to hard-linked files) which will
otherwise cause /etc/rc.d/veriexec to report an error.

Fixes PR kern/52512

XXX Pull-up for -8

diffstat:

 sys/kern/kern_veriexec.c |  31 +++++++++++++++++++++++--------
 1 files changed, 23 insertions(+), 8 deletions(-)

diffs (76 lines):

diff -r 0985adf4ff60 -r 63093a7223ad sys/kern/kern_veriexec.c
--- a/sys/kern/kern_veriexec.c  Thu Aug 31 08:45:03 2017 +0000
+++ b/sys/kern/kern_veriexec.c  Thu Aug 31 08:47:19 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_veriexec.c,v 1.15 2017/08/29 12:48:50 pgoyette Exp $      */
+/*     $NetBSD: kern_veriexec.c,v 1.16 2017/08/31 08:47:19 pgoyette Exp $      */
 
 /*-
  * Copyright (c) 2005, 2006 Elad Efrat <elad%NetBSD.org@localhost>
@@ -29,7 +29,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_veriexec.c,v 1.15 2017/08/29 12:48:50 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_veriexec.c,v 1.16 2017/08/31 08:47:19 pgoyette Exp $");
 
 #include "opt_veriexec.h"
 
@@ -1050,9 +1050,11 @@
 {
        struct veriexec_table_entry *vte;
        struct veriexec_file_entry *vfe = NULL;
+       struct veriexec_file_entry *ovfe;
        struct vnode *vp;
        const char *file, *fp_type;
        int error;
+       bool ignore_dup = false;
 
        if (!prop_dictionary_get_cstring_nocopy(dict, "file", &file))
                return (EINVAL);
@@ -1096,12 +1098,6 @@
 
        rw_enter(&veriexec_op_lock, RW_WRITER);
 
-       if (veriexec_get(vp)) {
-               /* We already have an entry for this file. */
-               error = EEXIST;
-               goto unlock_out;
-       }
-
        /* Continue entry initialization. */
        if (prop_dictionary_get_uint8(dict, "entry-type", &vfe->type) == FALSE)
                vfe->type = 0;
@@ -1140,6 +1136,22 @@
                vfe->status = status;
        }
 
+       /*
+        * If we already have an entry for this file, and it matches
+        * the new entry exactly (except for the filename, which may
+        * hard-linked!), we just ignore the new entry.  If the new
+        * entry differs, report the error.
+        */
+       if ((ovfe = veriexec_get(vp)) != NULL) {
+               error = EEXIST;
+               if (vfe->type == ovfe->type &&
+                   vfe->status == ovfe->status &&
+                   vfe->ops == ovfe->ops &&
+                   memcmp(vfe->fp, ovfe->fp, vfe->ops->hash_len) == 0)
+                       ignore_dup = true;
+               goto unlock_out;
+       }
+
        vte = veriexec_table_lookup(vp->v_mount);
        if (vte == NULL)
                vte = veriexec_table_add(l, vp->v_mount);
@@ -1163,6 +1175,9 @@
        if (error)
                veriexec_file_free(vfe);
 
+       if (ignore_dup && error == EEXIST)
+               error = 0;
+
        return (error);
 }
 



Home | Main Index | Thread Index | Old Index