[src/netbsd-3]: src/sys/kern Pull up revision 1.28 (requested by elad in tick...

[tron <tron%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/2480b78ad822
branches:  netbsd-3
changeset: 576383:2480b78ad822
user:      tron <tron%NetBSD.org@localhost>
date:      Sat Jul 02 15:54:12 2005 +0000

description:
Pull up revision 1.28 (requested by elad in ticket #487):
- Avoid pollution of struct vnode. Save the fingerprint evaluation status
in the veriexec table entry; the lookups are very cheap now. Suggested
by Chuq.
- Handle non-regular (!VREG) files correctly).
- Remove (no longer needed) FINGERPRINT_NOENTRY.

diffstat:

 sys/kern/kern_verifiedexec.c |  78 +++++++++++++++++++++----------------------
 1 files changed, 38 insertions(+), 40 deletions(-)

diffs (137 lines):

diff -r 1201a70f245d -r 2480b78ad822 sys/kern/kern_verifiedexec.c
--- a/sys/kern/kern_verifiedexec.c      Sat Jul 02 15:54:03 2005 +0000
+++ b/sys/kern/kern_verifiedexec.c      Sat Jul 02 15:54:12 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_verifiedexec.c,v 1.9.2.18 2005/07/02 15:52:41 tron Exp $  */
+/*     $NetBSD: kern_verifiedexec.c,v 1.9.2.19 2005/07/02 15:54:12 tron Exp $  */
 
 /*-
  * Copyright 2005 Elad Efrat <elad%bsd.org.il@localhost>
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.9.2.18 2005/07/02 15:52:41 tron Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_verifiedexec.c,v 1.9.2.19 2005/07/02 15:54:12 tron Exp $");
 
 #include <sys/param.h>
 #include <sys/mount.h>
@@ -351,47 +351,46 @@
  */
 int
 veriexec_verify(struct proc *p, struct vnode *vp, struct vattr *va,
-               const u_char *name, int flag)
+               const u_char *name, int flag, struct veriexec_hash_entry **ret)
 {
-        u_char *digest;
+       struct veriexec_hash_entry *vhe = NULL;
+        u_char *digest = NULL;
         int error = 0;
 
-       /* Evaluate fingerprint if needed and set the status on the vp. */
-       if (vp->fp_status == FINGERPRINT_NOTEVAL) {
-               if ((vp->v_type != VREG) || (vp->vhe =
-                    veriexec_lookup(va->va_fsid, va->va_fileid)) == NULL) {
-                       vp->fp_status = FINGERPRINT_NOENTRY;
-                       goto out;
-               }
+       /* XXXEE Ignore non-VREG files. */
+       if (vp->v_type != VREG)
+               return (0);
 
-               veriexec_dprintf(("veriexec: veriexec_verify: Got entry for "
-                                 "%s. (dev=%d, inode=%u)\n", name,
-                                 va->va_fsid, va->va_fileid));
+       /* Lookup veriexec table entry, save pointer if requested. */
+       vhe = veriexec_lookup(va->va_fsid, va->va_fileid);
+       if (ret != NULL)
+               *ret = vhe;
+       if (vhe == NULL)
+               goto out;
 
-               digest = (u_char *) malloc(vp->vhe->ops->hash_len, M_TEMP,
+       /* Evaluate fingerprint if needed. */
+       if (vhe->status == FINGERPRINT_NOTEVAL) {
+               /* Calculate fingerprint for on-disk file. */
+               digest = (u_char *) malloc(vhe->ops->hash_len, M_TEMP,
                                           M_WAITOK);
-               error = veriexec_fp_calc(p, vp, vp->vhe, va->va_size, digest);
-               
+               error = veriexec_fp_calc(p, vp, vhe, va->va_size, digest);
                if (error) {
-                       veriexec_dprintf(("veriexec: veriexec_verify: "
-                                         "Calculation error.\n"));
+                       /* XXXEE verbose+ printf here */
                        free(digest, M_TEMP);
                        return (error);
                }
 
-               if (veriexec_fp_cmp(vp->vhe->ops, vp->vhe->fp, digest) == 0) {
-                       vp->fp_status = FINGERPRINT_VALID;
+               /* Compare fingerprint with loaded data. */
+               if (veriexec_fp_cmp(vhe->ops, vhe->fp, digest) == 0) {
+                       vhe->status = FINGERPRINT_VALID;
                } else {
-                       vp->fp_status = FINGERPRINT_NOMATCH;
+                       vhe->status = FINGERPRINT_NOMATCH;
                }
 
                free(digest, M_TEMP);
        }
 
-       if (vp->vhe == NULL)
-               goto out;
-
-       if (flag != vp->vhe->type) {
+       if (flag != vhe->type) {
                veriexec_report("Incorrect access type.", name, va, p,
                                REPORT_NOVERBOSE, REPORT_ALARM,
                                REPORT_NOPANIC);
@@ -402,7 +401,19 @@
        }
 
 out:
-        switch (vp->fp_status) {
+       /* No entry in the veriexec tables. */
+       if (vhe == NULL) {
+               veriexec_report("veriexec_verify: No entry.", name, va,
+                   p, REPORT_VERBOSE, REPORT_NOALARM, REPORT_NOPANIC);
+
+               /* Lockdown mode: Deny access to non-monitored files. */
+               if (veriexec_strict >= 3)
+                       return (EPERM);
+
+               return (0);
+       }
+
+        switch (vhe->status) {
        case FINGERPRINT_NOTEVAL:
                /* Should not happen. */
                veriexec_report("veriexec_verify: Not-evaluated status "
@@ -427,17 +438,6 @@
 
                break;
 
-       case FINGERPRINT_NOENTRY:
-               /* No entry in the list. */
-               veriexec_report("veriexec_verify: No entry.", name, va,
-                   p, REPORT_VERBOSE, REPORT_NOALARM, REPORT_NOPANIC);
-
-               /* Lockdown mode: Deny access to non-monitored files. */
-               if (veriexec_strict >= 3)
-                       error = EPERM;
-
-               break;
-
        default:
                /*
                 * Should never happen.
@@ -494,8 +494,6 @@
        free(vhe->fp, M_TEMP);
        free(vhe, M_TEMP);
        tbl->hash_count--;
-       vp->fp_status = FINGERPRINT_NOENTRY;
-       vp->vhe = NULL;
 
        return (error);
 }