File: [cvs.NetBSD.org] / src / sys / dev / Attic / verified_exec.c (download)
Revision 1.3.2.1, Wed Jul 2 15:26:01 2003 UTC (20 years, 9 months ago) by darrenr
Branch: ktrace-lwp
Changes since 1.3: +7 -4
lines
Apply the aborted ktrace-lwp changes to a specific branch. This is just for
others to review, I'm concerned that patch fuziness may have resulted in some
errant code being generated but I'll look at that later by comparing the diff
from the base to the branch with the file I attempt to apply to it. This will,
at the very least, put the changes in a better context for others to review
them and attempt to tinker with removing passing of 'struct lwp' through
the kernel.
|
/* $NetBSD: verified_exec.c,v 1.3.2.1 2003/07/02 15:26:01 darrenr Exp $ */
/*-
* Copyright (c) 1998-1999 Brett Lymn
* (blymn@baea.com.au, brett_lymn@yahoo.com.au)
* All rights reserved.
*
* This code has been donated to The NetBSD Foundation by the Author.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. The name of the author may not be used to endorse or promote products
* derived from this software withough specific prior written permission
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*
*/
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/proc.h>
#include <sys/errno.h>
#include <sys/verified_exec.h>
#include <sys/buf.h>
#include <sys/malloc.h>
#include <sys/ioctl.h>
#include <sys/device.h>
#include <sys/conf.h>
#include <sys/lock.h>
#include <sys/queue.h>
#include <sys/vnode.h>
#include <sys/fcntl.h>
#include <sys/namei.h>
struct verified_exec_softc {
struct device veriexec_dev;
};
const struct cdevsw verifiedexec_cdevsw = {
verifiedexecopen, verifiedexecclose, noread, nowrite,
verifiedexecioctl, nostop, notty, nopoll, nommap, nokqfilter,
};
/* internal structures */
LIST_HEAD(veriexec_devhead, veriexec_dev_list) veriexec_dev_head;
/*LIST_HEAD(veriexec_file_devhead, veriexec_dev_list) veriexec_file_dev_head;*/
struct veriexec_devhead veriexec_file_dev_head;
/* Autoconfiguration glue */
void verifiedexecattach(struct device *parent, struct device *self,
void *aux);
int verifiedexecopen(dev_t dev, int flags, int fmt, struct proc *p);
int verifiedexecclose(dev_t dev, int flags, int fmt, struct proc *p);
int verifiedexecioctl(dev_t dev, u_long cmd, caddr_t data, int flags,
struct proc *p);
void add_veriexec_inode(struct veriexec_dev_list *list, unsigned long inode,
unsigned char fingerprint[MAXFINGERPRINTLEN],
unsigned char type, unsigned char fp_type);
struct veriexec_dev_list *find_veriexec_dev(unsigned long dev,
struct veriexec_devhead *head);
/*
* Attach for autoconfig to find. Initialise the lists and return...
*/
void
verifiedexecattach(struct device *parent, struct device *self, void *aux)
{
LIST_INIT(&veriexec_dev_head);
LIST_INIT(&veriexec_file_dev_head);
}
int
verifiedexecopen(dev_t dev, int flags, int fmt, struct proc *p)
{
return 0;
}
int
verifiedexecclose(dev_t dev, int flags, int fmt, struct proc *p)
{
#ifdef VERIFIED_EXEC_DEBUG_VERBOSE
struct veriexec_dev_list *lp;
struct veriexec_inode_list *ip;
printf("Loaded exec fingerprint list is:\n");
for (lp = LIST_FIRST(&veriexec_dev_head); lp != NULL;
lp = LIST_NEXT(lp, entries)) {
for (ip = LIST_FIRST(&(lp->inode_head)); ip != NULL;
ip = LIST_NEXT(ip, entries)) {
printf("Got loaded fingerprint for dev %lu, inode %lu\n",
lp->id, ip->inode);
}
}
printf("\n\nLoaded file fingerprint list is:\n");
for (lp = LIST_FIRST(&veriexec_file_dev_head); lp != NULL;
lp = LIST_NEXT(lp, entries)) {
for (ip = LIST_FIRST(&(lp->inode_head)); ip != NULL;
ip = LIST_NEXT(ip, entries)) {
printf("Got loaded fingerprint for dev %lu, inode %lu\n",
lp->id, ip->inode);
}
}
#endif
return 0;
}
/*
* Search the list of devices looking for the one given. If it is not
* in the list then add it.
*/
struct veriexec_dev_list *
find_veriexec_dev(unsigned long dev, struct veriexec_devhead *head)
{
struct veriexec_dev_list *lp;
for (lp = LIST_FIRST(head); lp != NULL;
lp = LIST_NEXT(lp, entries))
if (lp->id == dev) break;
if (lp == NULL) {
/* if pointer is null then entry not there, add a new one */
MALLOC(lp, struct veriexec_dev_list *,
sizeof(struct veriexec_dev_list), M_TEMP, M_WAITOK);
LIST_INIT(&(lp->inode_head));
lp->id = dev;
LIST_INSERT_HEAD(head, lp, entries);
}
return lp;
}
/*
* Add a file's inode and fingerprint to the list of inodes attached
* to the device id. Only add the entry if it is not already on the
* list.
*/
void
add_veriexec_inode(struct veriexec_dev_list *list, unsigned long inode,
unsigned char fingerprint[MAXFINGERPRINTLEN],
unsigned char type, unsigned char fp_type)
{
struct veriexec_inode_list *ip;
for (ip = LIST_FIRST(&(list->inode_head)); ip != NULL;
ip = LIST_NEXT(ip, entries))
/* check for a dupe inode in the list, skip if an entry
* exists for this inode except for when the type is
* VERIEXEC_INDIRECT, always set the type when it is so
* we don't get a hole caused by conflicting types on
* hardlinked files. XXX maybe we should validate
* fingerprint is same and complain if it is not...
*/
if (ip->inode == inode) {
if (type == VERIEXEC_INDIRECT)
ip->type = type;
return;
}
MALLOC(ip, struct veriexec_inode_list *, sizeof(struct veriexec_inode_list),
M_TEMP, M_WAITOK);
ip->type = type;
ip->fp_type = fp_type;
ip->inode = inode;
memcpy(ip->fingerprint, fingerprint, sizeof(ip->fingerprint));
LIST_INSERT_HEAD(&(list->inode_head), ip, entries);
}
/*
* Handle the ioctl for the device
*/
int
verifiedexecioctl(dev_t dev, u_long cmd, caddr_t data, int flags,
struct lwp *l)
{
int error = 0;
struct verified_exec_params *params;
struct nameidata nid;
struct vattr vattr;
struct proc *p;
struct veriexec_dev_list *dlp;
p = l->l_proc;
params = (struct verified_exec_params *)data;
#ifdef VERIFIED_EXEC_DEBUG
printf("veriexec_ioctl: got cmd 0x%lx for file %s\n", cmd, params->file);
#endif
switch (cmd) {
case VERIEXECLOAD:
if (securelevel > 0) {
/* don't allow updates when secure */
error = EPERM;
} else {
/*
* Get the attributes for the file name passed
* stash the file's device id and inode number
* along with it's fingerprint in a list for
* exec to use later.
*/
NDINIT(&nid, LOOKUP, FOLLOW, UIO_USERSPACE,
params->file, l);
if ((error = vn_open(&nid, FREAD, 0)) != 0) {
return(error);
}
error = VOP_GETATTR(nid.ni_vp, &vattr, p->p_ucred, p);
if (error) {
nid.ni_vp->fp_status = FINGERPRINT_INVALID;
VOP_UNLOCK(nid.ni_vp, 0);
(void) vn_close(nid.ni_vp, FREAD,
p->p_ucred, p);
return(error);
}
/* invalidate the node fingerprint status
* which will have been set in the vn_open
* and would always be FINGERPRINT_NOTFOUND
*/
nid.ni_vp->fp_status = FINGERPRINT_INVALID;
VOP_UNLOCK(nid.ni_vp, 0);
(void) vn_close(nid.ni_vp, FREAD, p->p_ucred, p);
/* vattr.va_fsid = dev, vattr.va_fileid = inode */
if (params->type == VERIEXEC_FILE) {
dlp = find_veriexec_dev(vattr.va_fsid,
&veriexec_file_dev_head);
} else {
dlp = find_veriexec_dev(vattr.va_fsid,
&veriexec_dev_head);
}
add_veriexec_inode(dlp, vattr.va_fileid,
params->fingerprint, params->type,
params->fp_type);
}
break;
default:
error = ENODEV;
}
return (error);
}
![[BACK]](/icons/back.gif){kind=icon}
Return to verified_exec.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / dev