Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/kern When adding a new veriexec_file_entry, if an entry ...
details: https://anonhg.NetBSD.org/src/rev/63093a7223ad
branches: trunk
changeset: 356084:63093a7223ad
user: pgoyette <pgoyette%NetBSD.org@localhost>
date: Thu Aug 31 08:47:19 2017 +0000
description:
When adding a new veriexec_file_entry, if an entry already exists with
all the same values (except for the filename) just ignore it. Otherwise
report the duplicate-entry error.
This allows the user to create a signature file with veriexegen(8) and
not worry about duplicate entries (due to hard-linked files) which will
otherwise cause /etc/rc.d/veriexec to report an error.
Fixes PR kern/52512
XXX Pull-up for -8
diffstat:
sys/kern/kern_veriexec.c | 31 +++++++++++++++++++++++--------
1 files changed, 23 insertions(+), 8 deletions(-)
diffs (76 lines):
diff -r 0985adf4ff60 -r 63093a7223ad sys/kern/kern_veriexec.c
--- a/sys/kern/kern_veriexec.c Thu Aug 31 08:45:03 2017 +0000
+++ b/sys/kern/kern_veriexec.c Thu Aug 31 08:47:19 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_veriexec.c,v 1.15 2017/08/29 12:48:50 pgoyette Exp $ */
+/* $NetBSD: kern_veriexec.c,v 1.16 2017/08/31 08:47:19 pgoyette Exp $ */
/*-
* Copyright (c) 2005, 2006 Elad Efrat <elad%NetBSD.org@localhost>
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_veriexec.c,v 1.15 2017/08/29 12:48:50 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_veriexec.c,v 1.16 2017/08/31 08:47:19 pgoyette Exp $");
#include "opt_veriexec.h"
@@ -1050,9 +1050,11 @@
{
struct veriexec_table_entry *vte;
struct veriexec_file_entry *vfe = NULL;
+ struct veriexec_file_entry *ovfe;
struct vnode *vp;
const char *file, *fp_type;
int error;
+ bool ignore_dup = false;
if (!prop_dictionary_get_cstring_nocopy(dict, "file", &file))
return (EINVAL);
@@ -1096,12 +1098,6 @@
rw_enter(&veriexec_op_lock, RW_WRITER);
- if (veriexec_get(vp)) {
- /* We already have an entry for this file. */
- error = EEXIST;
- goto unlock_out;
- }
-
/* Continue entry initialization. */
if (prop_dictionary_get_uint8(dict, "entry-type", &vfe->type) == FALSE)
vfe->type = 0;
@@ -1140,6 +1136,22 @@
vfe->status = status;
}
+ /*
+ * If we already have an entry for this file, and it matches
+ * the new entry exactly (except for the filename, which may
+ * hard-linked!), we just ignore the new entry. If the new
+ * entry differs, report the error.
+ */
+ if ((ovfe = veriexec_get(vp)) != NULL) {
+ error = EEXIST;
+ if (vfe->type == ovfe->type &&
+ vfe->status == ovfe->status &&
+ vfe->ops == ovfe->ops &&
+ memcmp(vfe->fp, ovfe->fp, vfe->ops->hash_len) == 0)
+ ignore_dup = true;
+ goto unlock_out;
+ }
+
vte = veriexec_table_lookup(vp->v_mount);
if (vte == NULL)
vte = veriexec_table_add(l, vp->v_mount);
@@ -1163,6 +1175,9 @@
if (error)
veriexec_file_free(vfe);
+ if (ignore_dup && error == EEXIST)
+ error = 0;
+
return (error);
}
Home |
Main Index |
Thread Index |
Old Index