![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.netbsd.org] / src / sys / kern
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.127.2.1 / (download) - annotate - [select for diffs], Tue Apr 17 00:08:27 2012 UTC (5 weeks, 4 days ago) by yamt
Branch: yamt-pagecache
Changes since 1.127: +35 -5
lines
Diff to previous 1.127 (colored) next main 1.128 (colored)
sync with head
Revision 1.128.2.1 / (download) - annotate - [select for diffs], Thu Apr 5 21:33:39 2012 UTC (7 weeks, 1 day ago) by mrg
Branch: jmcneill-usbmp
Changes since 1.128: +31 -3
lines
Diff to previous 1.128 (colored) next main 1.129 (colored)
sync to latest -current.
Revision 1.129 / (download) - annotate - [select for diffs], Tue Mar 13 18:40:52 2012 UTC (2 months, 1 week ago) by elad
Branch: MAIN
CVS Tags: yamt-pagecache-base5,
yamt-pagecache-base4,
jmcneill-usbmp-base9,
jmcneill-usbmp-base8,
HEAD
Changes since 1.128: +31 -3
lines
Diff to previous 1.128 (colored)
Replace the remaining KAUTH_GENERIC_ISSUSER authorization calls with
something meaningful. All relevant documentation has been updated or
written.
Most of these changes were brought up in the following messages:
http://mail-index.netbsd.org/tech-kern/2012/01/18/msg012490.html
http://mail-index.netbsd.org/tech-kern/2012/01/19/msg012502.html
http://mail-index.netbsd.org/tech-kern/2012/02/17/msg012728.html
Thanks to christos, manu, njoly, and jmmv for input.
Huge thanks to pgoyette for spinning these changes through some build
cycles and ATF.
Revision 1.128 / (download) - annotate - [select for diffs], Sun Nov 20 10:32:33 2011 UTC (6 months ago) by hannken
Branch: MAIN
CVS Tags: netbsd-6-base,
netbsd-6,
jmcneill-usbmp-pre-base2,
jmcneill-usbmp-base7,
jmcneill-usbmp-base6,
jmcneill-usbmp-base5,
jmcneill-usbmp-base4,
jmcneill-usbmp-base3,
jmcneill-usbmp-base2,
jmcneill-usbmp-base
Branch point for: jmcneill-usbmp
Changes since 1.127: +6 -4
lines
Diff to previous 1.127 (colored)
Fix locking against self in veriexec_fp_calc().
Revision 1.127 / (download) - annotate - [select for diffs], Fri Oct 14 09:23:31 2011 UTC (7 months, 1 week ago) by hannken
Branch: MAIN
CVS Tags: yamt-pagecache-base3,
yamt-pagecache-base2,
yamt-pagecache-base,
jmcneill-audiomp3-base,
jmcneill-audiomp3
Branch point for: yamt-pagecache
Changes since 1.126: +4 -2
lines
Diff to previous 1.126 (colored)
Change the vnode locking protocol of VOP_GETATTR() to request at least a shared lock. Make all calls outside of file systems respect it. The calls from file systems need review. No objections from tech-kern.
Revision 1.126 / (download) - annotate - [select for diffs], Thu Sep 1 18:33:11 2011 UTC (8 months, 3 weeks ago) by matt
Branch: MAIN
Changes since 1.125: +4 -3
lines
Diff to previous 1.125 (colored)
Allocate a color compatible VA for the page we are entering.
Revision 1.124.2.1 / (download) - annotate - [select for diffs], Mon Jun 6 09:09:33 2011 UTC (11 months, 2 weeks ago) by jruoho
Branch: jruoho-x86intr
Changes since 1.124: +3 -3
lines
Diff to previous 1.124 (colored) next main 1.125 (colored)
Sync with HEAD.
Revision 1.111.4.1.4.1 / (download) - annotate - [select for diffs], Wed May 25 23:58:48 2011 UTC (12 months ago) by matt
Branch: matt-nb5-mips64
Changes since 1.111.4.1: +4 -3
lines
Diff to previous 1.111.4.1 (colored) next main 1.112 (colored)
Make uvm_map recognize UVM_FLAG_COLORMATCH which tells uvm_map that the 'align' argument specifies the starting color of the KVA range to be returned. When calling uvm_km_alloc with UVM_KMF_VAONLY, also specify the starting color of the kva range returned (UMV_KMF_COLORMATCH) and pass those to uvm_map. In uvm_pglistalloc, make sure the pages being returned have sequentially advancing colors (so they can be mapped in a contiguous address range). Add a few missing UVM_FLAG_COLORMATCH flags to uvm_pagealloc calls. Make the socket and pipe loan color-safe. Make the mips pmap enforce strict page color (color(VA) == color(PA)).
Revision 1.121.4.1 / (download) - annotate - [select for diffs], Sat Mar 5 20:55:17 2011 UTC (14 months, 3 weeks ago) by rmind
Branch: rmind-uvmplock
Changes since 1.121: +41 -28
lines
Diff to previous 1.121 (colored) next main 1.122 (colored)
sync with head
Revision 1.124.4.1 / (download) - annotate - [select for diffs], Tue Feb 8 16:19:59 2011 UTC (15 months, 2 weeks ago) by bouyer
Branch: bouyer-quota2
Changes since 1.124: +3 -3
lines
Diff to previous 1.124 (colored) next main 1.125 (colored)
Sync with HEAD
Revision 1.125 / (download) - annotate - [select for diffs], Sat Jan 29 00:38:25 2011 UTC (15 months, 3 weeks ago) by christos
Branch: MAIN
CVS Tags: rmind-uvmplock-nbase,
rmind-uvmplock-base,
cherry-xenmp-base,
cherry-xenmp,
bouyer-quota2-nbase,
bouyer-quota2-base
Changes since 1.124: +3 -3
lines
Diff to previous 1.124 (colored)
allow get the size of the request sysctls to work.
Revision 1.124 / (download) - annotate - [select for diffs], Sat Jan 8 20:29:13 2011 UTC (16 months, 2 weeks ago) by christos
Branch: MAIN
CVS Tags: jruoho-x86intr-base
Branch point for: jruoho-x86intr,
bouyer-quota2
Changes since 1.123: +3 -3
lines
Diff to previous 1.123 (colored)
fix sysctl again.
Revision 1.123 / (download) - annotate - [select for diffs], Sun Jan 2 20:50:55 2011 UTC (16 months, 3 weeks ago) by christos
Branch: MAIN
Changes since 1.122: +40 -27
lines
Diff to previous 1.122 (colored)
Simplify and avoid kernel segv when the list is NULL.
Revision 1.122 / (download) - annotate - [select for diffs], Wed Nov 17 20:07:50 2010 UTC (18 months, 1 week ago) by dholland
Branch: MAIN
CVS Tags: matt-mips64-premerge-20101231
Changes since 1.121: +3 -3
lines
Diff to previous 1.121 (colored)
typo in comment
Revision 1.108.4.3 / (download) - annotate - [select for diffs], Thu Mar 11 15:04:18 2010 UTC (2 years, 2 months ago) by yamt
Branch: yamt-nfs-mp
Changes since 1.108.4.2: +22 -53
lines
Diff to previous 1.108.4.2 (colored) to branchpoint 1.108 (colored) next main 1.109 (colored)
sync with head
Revision 1.121 / (download) - annotate - [select for diffs], Mon Dec 28 07:16:41 2009 UTC (2 years, 4 months ago) by elad
Branch: MAIN
CVS Tags: yamt-nfs-mp-base9,
yamt-nfs-mp-base11,
yamt-nfs-mp-base10,
uebayasi-xip-base4,
uebayasi-xip-base3,
uebayasi-xip-base2,
uebayasi-xip-base1,
uebayasi-xip-base,
uebayasi-xip
Branch point for: rmind-uvmplock
Changes since 1.120: +10 -6
lines
Diff to previous 1.120 (colored)
In veriexec_file_verify(), always check 'lockstate' before unlocking 'veriexec_op_lock'. Triggering a panic is possible in the path from veriexec_openchk() (easily repeatable). The two switch cases at the bottom of the function are going to panic anyway, but they might as well panic as they're intended to as opposed to tripping over a locking violation...
Revision 1.120 / (download) - annotate - [select for diffs], Mon Dec 28 02:35:20 2009 UTC (2 years, 4 months ago) by elad
Branch: MAIN
Changes since 1.119: +4 -3
lines
Diff to previous 1.119 (colored)
Our error paths can call veriexec_file_free(), whicn in turn will try to rw_destroy() the vfe lock. The easiest way to fix it for now is simply to initialize the lock right after allocating the vfe...
Revision 1.119 / (download) - annotate - [select for diffs], Fri Dec 25 22:57:54 2009 UTC (2 years, 5 months ago) by elad
Branch: MAIN
Changes since 1.118: +6 -3
lines
Diff to previous 1.118 (colored)
Only kmem_free() the filename if we have one.
Revision 1.118 / (download) - annotate - [select for diffs], Sat Nov 7 07:27:49 2009 UTC (2 years, 6 months ago) by cegger
Branch: MAIN
CVS Tags: matt-premerge-20091211
Changes since 1.117: +3 -3
lines
Diff to previous 1.117 (colored)
Add a flags argument to pmap_kenter_pa(9). Patch showed on tech-kern@ http://mail-index.netbsd.org/tech-kern/2009/11/04/msg006434.html No objections.
Revision 1.117 / (download) - annotate - [select for diffs], Tue Oct 6 04:28:10 2009 UTC (2 years, 7 months ago) by elad
Branch: MAIN
CVS Tags: jym-xensuspend-nbase
Changes since 1.116: +7 -46
lines
Diff to previous 1.116 (colored)
Factor out a block of code that appears in three places (Veriexec, keylock, and securelevel) so that others can use it as well.
Revision 1.116 / (download) - annotate - [select for diffs], Sat Oct 3 21:03:55 2009 UTC (2 years, 7 months ago) by elad
Branch: MAIN
Changes since 1.115: +3 -3
lines
Diff to previous 1.115 (colored)
Update a comment. No functional change.
Revision 1.112.2.2 / (download) - annotate - [select for diffs], Thu Jul 23 23:32:35 2009 UTC (2 years, 10 months ago) by jym
Branch: jym-xensuspend
Changes since 1.112.2.1: +11 -12
lines
Diff to previous 1.112.2.1 (colored) to branchpoint 1.112 (colored) next main 1.113 (colored)
Sync with HEAD.
Revision 1.108.4.2 / (download) - annotate - [select for diffs], Sat Jul 18 14:53:23 2009 UTC (2 years, 10 months ago) by yamt
Branch: yamt-nfs-mp
Changes since 1.108.4.1: +11 -12
lines
Diff to previous 1.108.4.1 (colored) to branchpoint 1.108 (colored)
sync with head.
Revision 1.115 / (download) - annotate - [select for diffs], Mon Jun 29 05:08:18 2009 UTC (2 years, 10 months ago) by dholland
Branch: MAIN
CVS Tags: yamt-nfs-mp-base8,
yamt-nfs-mp-base7,
yamt-nfs-mp-base6,
jymxensuspend-base
Changes since 1.114: +11 -12
lines
Diff to previous 1.114 (colored)
Convert 67 namei call sites to use namei_simple, in these functions: check_console, veriexecclose, veriexec_delete, veriexec_file_add, emul_find_root, coff_load_shlib (sh3 version), coff_load_shlib, compat_20_sys_statfs, compat_20_netbsd32_statfs, ELFNAME2(netbsd32,probe_noteless), darwin_sys_statfs, ibcs2_sys_statfs, ibcs2_sys_statvfs, linux_sys_uselib, osf1_sys_statfs, sunos_sys_statfs, sunos32_sys_statfs, ultrix_sys_statfs, do_sys_mount, fss_create_files (3 of 4), adosfs_mount, cd9660_mount, coda_ioctl, coda_mount, ext2fs_mount, ffs_mount, filecore_mount, hfs_mount, lfs_mount, msdosfs_mount, ntfs_mount, sysvbfs_mount, udf_mount, union_mount, sys_chflags, sys_lchflags, sys_chmod, sys_lchmod, sys_chown, sys_lchown, sys___posix_chown, sys___posix_lchown, sys_link, do_sys_pstatvfs, sys_quotactl, sys_revoke, sys_truncate, do_sys_utimes, sys_extattrctl, sys_extattr_set_file, sys_extattr_set_link, sys_extattr_get_file, sys_extattr_get_link, sys_extattr_delete_file, sys_extattr_delete_link, sys_extattr_list_file, sys_extattr_list_link, sys_setxattr, sys_lsetxattr, sys_getxattr, sys_lgetxattr, sys_listxattr, sys_llistxattr, sys_removexattr, sys_lremovexattr All have been scrutinized (several times, in fact) and compile-tested, but not all have been explicitly tested in action. XXX: While I haven't (intentionally) changed the use or nonuse of XXX: TRYEMULROOT in any of these places, I'm not convinced all the XXX: uses are correct; an audit might be desirable.
Revision 1.112.2.1 / (download) - annotate - [select for diffs], Wed May 13 17:21:57 2009 UTC (3 years ago) by jym
Branch: jym-xensuspend
Changes since 1.112: +24 -6
lines
Diff to previous 1.112 (colored)
Sync with HEAD. Commit is split, to avoid a "too many arguments" protocol error.
Revision 1.108.4.1 / (download) - annotate - [select for diffs], Mon May 4 08:13:47 2009 UTC (3 years ago) by yamt
Branch: yamt-nfs-mp
Changes since 1.108: +190 -63
lines
Diff to previous 1.108 (colored)
sync with head.
Revision 1.114 / (download) - annotate - [select for diffs], Sat May 2 21:47:12 2009 UTC (3 years ago) by elad
Branch: MAIN
CVS Tags: yamt-nfs-mp-base5,
yamt-nfs-mp-base4,
yamt-nfs-mp-base3,
jym-xensuspend-base
Changes since 1.113: +20 -6
lines
Diff to previous 1.113 (colored)
Fix locking around mountlist usage, as pointed out by ad@ in: http://mail-index.netbsd.org/source-changes-d/2009/04/22/msg000322.html http://mail-index.netbsd.org/tech-kern/2009/04/22/msg004897.html Use vfs_busy() and vfs_unbusy(), and properly iterate the mountlist.
Revision 1.111.2.2 / (download) - annotate - [select for diffs], Tue Apr 28 07:37:00 2009 UTC (3 years ago) by skrll
Branch: nick-hppapmap
Changes since 1.111.2.1: +6 -2
lines
Diff to previous 1.111.2.1 (colored) to branchpoint 1.111 (colored) next main 1.112 (colored)
Sync with HEAD.
Revision 1.113 / (download) - annotate - [select for diffs], Mon Apr 20 22:09:54 2009 UTC (3 years, 1 month ago) by elad
Branch: MAIN
CVS Tags: nick-hppapmap-base4,
nick-hppapmap-base3,
nick-hppapmap-base
Changes since 1.112: +6 -2
lines
Diff to previous 1.112 (colored)
PR/41251: YAMAMOTO Takashi: veriexec locking seems broken Part 1: Take the mountlist_lock before traversing the mount list.
Revision 1.111.2.1 / (download) - annotate - [select for diffs], Mon Jan 19 13:19:39 2009 UTC (3 years, 4 months ago) by skrll
Branch: nick-hppapmap
Changes since 1.111: +4 -3
lines
Diff to previous 1.111 (colored)
Sync with HEAD.
Revision 1.107.6.5 / (download) - annotate - [select for diffs], Sat Jan 17 13:29:19 2009 UTC (3 years, 4 months ago) by mjf
Branch: mjf-devfs2
Changes since 1.107.6.4: +8 -6
lines
Diff to previous 1.107.6.4 (colored) to branchpoint 1.107 (colored) next main 1.108 (colored)
Sync with HEAD.
Revision 1.111.4.1 / (download) - annotate - [select for diffs], Thu Dec 18 00:56:27 2008 UTC (3 years, 5 months ago) by snj
Branch: netbsd-5
CVS Tags: netbsd-5-1-RELEASE,
netbsd-5-1-RC4,
netbsd-5-1-RC3,
netbsd-5-1-RC2,
netbsd-5-1-RC1,
netbsd-5-1-2-RELEASE,
netbsd-5-1-1-RELEASE,
netbsd-5-1,
netbsd-5-0-RELEASE,
netbsd-5-0-RC4,
netbsd-5-0-RC3,
netbsd-5-0-RC2,
netbsd-5-0-RC1,
netbsd-5-0-2-RELEASE,
netbsd-5-0-1-RELEASE,
netbsd-5-0,
matt-nb5-pq3-base,
matt-nb5-pq3,
matt-nb5-mips64-u2-k2-k4-k7-k8-k9,
matt-nb5-mips64-u1-k1-k5,
matt-nb5-mips64-premerge-20101231,
matt-nb5-mips64-premerge-20091211,
matt-nb5-mips64-k15,
matt-nb4-mips64-k7-u2a-k9b
Branch point for: matt-nb5-mips64
Changes since 1.111: +4 -3
lines
Diff to previous 1.111 (colored) next main 1.112 (colored)
Pull up following revision(s) (requested by elad in ticket #189):
sys/dev/verified_exec.c: revision 1.64
sys/kern/kern_verifiedexec.c: revision 1.112
PR/39559: Juan RP: veriexec(4): too easy to cause a NULL dereference
through it in kernel
Patch from PR applied with tiny modifications, thanks!
Discussed with blymn@ a while ago.
Revision 1.112 / (download) - annotate - [select for diffs], Sun Dec 14 23:20:23 2008 UTC (3 years, 5 months ago) by elad
Branch: MAIN
CVS Tags: nick-hppapmap-base2,
mjf-devfs2-base
Branch point for: jym-xensuspend
Changes since 1.111: +4 -3
lines
Diff to previous 1.111 (colored)
PR/39559: Juan RP: veriexec(4): too easy to cause a NULL dereference
through it in kernel
Patch from PR applied with tiny modifications, thanks!
Discussed with blymn@ a while ago.
Revision 1.108.10.2 / (download) - annotate - [select for diffs], Sat Dec 13 01:15:08 2008 UTC (3 years, 5 months ago) by haad
Branch: haad-dm
Changes since 1.108.10.1: +8 -7
lines
Diff to previous 1.108.10.1 (colored) to branchpoint 1.108 (colored) next main 1.109 (colored)
Update haad-dm branch to haad-dm-base2.
Revision 1.111 / (download) - annotate - [select for diffs], Thu Oct 23 13:18:14 2008 UTC (3 years, 7 months ago) by blymn
Branch: MAIN
CVS Tags: netbsd-5-base,
matt-mips64-base2,
haad-nbase2,
haad-dm-base2,
haad-dm-base,
ad-audiomp2-base,
ad-audiomp2
Branch point for: nick-hppapmap,
netbsd-5
Changes since 1.110: +8 -7
lines
Diff to previous 1.110 (colored)
Conditionalise bypass of veriexec routines on veriexec_strict to prevent loophole if tables fail to load and strict is then raised.
Revision 1.108.10.1 / (download) - annotate - [select for diffs], Sun Oct 19 22:17:28 2008 UTC (3 years, 7 months ago) by haad
Branch: haad-dm
Changes since 1.108: +160 -53
lines
Diff to previous 1.108 (colored)
Sync with HEAD.
Revision 1.107.6.4 / (download) - annotate - [select for diffs], Sun Sep 28 10:40:53 2008 UTC (3 years, 7 months ago) by mjf
Branch: mjf-devfs2
Changes since 1.107.6.3: +160 -53
lines
Diff to previous 1.107.6.3 (colored) to branchpoint 1.107 (colored)
Sync with HEAD.
Revision 1.108.6.2 / (download) - annotate - [select for diffs], Wed Sep 24 16:38:56 2008 UTC (3 years, 8 months ago) by wrstuden
Branch: wrstuden-revivesa
Changes since 1.108.6.1: +8 -4
lines
Diff to previous 1.108.6.1 (colored) to branchpoint 1.108 (colored) next main 1.109 (colored)
Merge in changes between wrstuden-revivesa-base-2 and wrstuden-revivesa-base-3.
Revision 1.108.6.1 / (download) - annotate - [select for diffs], Thu Sep 18 04:31:43 2008 UTC (3 years, 8 months ago) by wrstuden
Branch: wrstuden-revivesa
Changes since 1.108: +154 -51
lines
Diff to previous 1.108 (colored)
Sync with wrstuden-revivesa-base-2.
Revision 1.110 / (download) - annotate - [select for diffs], Wed Sep 10 16:36:54 2008 UTC (3 years, 8 months ago) by blymn
Branch: MAIN
CVS Tags: wrstuden-revivesa-base-4,
wrstuden-revivesa-base-3,
haad-dm-base1
Changes since 1.109: +8 -4
lines
Diff to previous 1.109 (colored)
* Fix from Elad to correct a couple of places where functions exited without releasing locks. * Corrected a panic caused by veriexec_file_verify() not setting the returned struct veriexec_file_entry **vfep in all cases. Thanks to Stathis Kamperis for finding the issues and testing the fixes.
Revision 1.108.8.1 / (download) - annotate - [select for diffs], Mon Jul 28 14:37:36 2008 UTC (3 years, 9 months ago) by simonb
Branch: simonb-wapbl
Changes since 1.108: +154 -51
lines
Diff to previous 1.108 (colored) next main 1.109 (colored)
Sync with head.
Revision 1.109 / (download) - annotate - [select for diffs], Sun Jul 20 08:50:20 2008 UTC (3 years, 10 months ago) by blymn
Branch: MAIN
CVS Tags: wrstuden-revivesa-base-2,
simonb-wapbl-nbase,
simonb-wapbl-base
Changes since 1.108: +154 -51
lines
Diff to previous 1.108 (colored)
Add locking around veriexec operations to prevent all sorts of badness happening. This fixes kern/38646.
Revision 1.107.6.3 / (download) - annotate - [select for diffs], Sun Jun 29 10:44:28 2008 UTC (3 years, 10 months ago) by mjf
Branch: mjf-devfs2
Changes since 1.107.6.2: +51 -157
lines
Diff to previous 1.107.6.2 (colored) to branchpoint 1.107 (colored)
I accidentally committed a local modification. Revert it.
Revision 1.107.6.2 / (download) - annotate - [select for diffs], Sun Jun 29 09:33:14 2008 UTC (3 years, 10 months ago) by mjf
Branch: mjf-devfs2
Changes since 1.107.6.1: +157 -51
lines
Diff to previous 1.107.6.1 (colored) to branchpoint 1.107 (colored)
Sync with HEAD.
Revision 1.107.6.1 / (download) - annotate - [select for diffs], Thu Apr 3 12:43:03 2008 UTC (4 years, 1 month ago) by mjf
Branch: mjf-devfs2
Changes since 1.107: +4 -2
lines
Diff to previous 1.107 (colored)
Sync with HEAD.
Revision 1.107.2.1 / (download) - annotate - [select for diffs], Mon Mar 24 07:16:14 2008 UTC (4 years, 2 months ago) by keiichi
Branch: keiichi-mipv6
Changes since 1.107: +4 -2
lines
Diff to previous 1.107 (colored) next main 1.108 (colored)
sync with head.
Revision 1.101.8.2 / (download) - annotate - [select for diffs], Sun Mar 23 02:05:00 2008 UTC (4 years, 2 months ago) by matt
Branch: matt-armv6
Changes since 1.101.8.1: +5 -3
lines
Diff to previous 1.101.8.1 (colored) to branchpoint 1.101 (colored) next main 1.102 (colored)
sync with HEAD
Revision 1.31.2.8 / (download) - annotate - [select for diffs], Wed Feb 27 08:36:55 2008 UTC (4 years, 2 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.31.2.7: +4 -2
lines
Diff to previous 1.31.2.7 (colored) next main 1.32 (colored)
sync with head.
Revision 1.108 / (download) - annotate - [select for diffs], Sat Feb 23 16:05:17 2008 UTC (4 years, 3 months ago) by chris
Branch: MAIN
CVS Tags: yamt-pf42-baseX,
yamt-pf42-base4,
yamt-pf42-base3,
yamt-pf42-base2,
yamt-pf42-base,
yamt-pf42,
yamt-nfs-mp-base2,
yamt-nfs-mp-base,
yamt-lazymbuf-base15,
yamt-lazymbuf-base14,
wrstuden-revivesa-base-1,
wrstuden-revivesa-base,
matt-armv6-nbase,
keiichi-mipv6-nbase,
keiichi-mipv6-base,
hpcarm-cleanup-nbase,
hpcarm-cleanup-base,
ad-socklock-base1
Branch point for: yamt-nfs-mp,
wrstuden-revivesa,
simonb-wapbl,
haad-dm
Changes since 1.107: +4 -2
lines
Diff to previous 1.107 (colored)
Add missing pmap_update(pmap_kernel()); calls after pmap_kenter_pa and pmap_remove.
Revision 1.101.14.4 / (download) - annotate - [select for diffs], Mon Feb 18 21:06:46 2008 UTC (4 years, 3 months ago) by mjf
Branch: mjf-devfs
Changes since 1.101.14.3: +85 -52
lines
Diff to previous 1.101.14.3 (colored) to branchpoint 1.101 (colored) next main 1.102 (colored)
Sync with HEAD.
Revision 1.31.2.7 / (download) - annotate - [select for diffs], Mon Jan 21 09:46:16 2008 UTC (4 years, 4 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.31.2.6: +86 -53
lines
Diff to previous 1.31.2.6 (colored)
sync with head
Revision 1.104.4.3 / (download) - annotate - [select for diffs], Sat Jan 19 12:15:23 2008 UTC (4 years, 4 months ago) by bouyer
Branch: bouyer-xeni386
Changes since 1.104.4.2: +1 -1
lines
Diff to previous 1.104.4.2 (colored) to branchpoint 1.104 (colored) next main 1.105 (colored)
Sync with HEAD
Revision 1.107 / (download) - annotate - [select for diffs], Tue Jan 15 18:51:43 2008 UTC (4 years, 4 months ago) by ad
Branch: MAIN
CVS Tags: nick-net80211-sync-base,
nick-net80211-sync,
mjf-devfs-base,
bouyer-xeni386-nbase,
bouyer-xeni386-base
Branch point for: mjf-devfs2,
keiichi-mipv6
Changes since 1.106: +3 -3
lines
Diff to previous 1.106 (colored)
Use vp->v_rdev.
Revision 1.101.8.1 / (download) - annotate - [select for diffs], Wed Jan 9 01:56:12 2008 UTC (4 years, 4 months ago) by matt
Branch: matt-armv6
Changes since 1.101: +90 -60
lines
Diff to previous 1.101 (colored)
sync with HEAD
Revision 1.104.4.2 / (download) - annotate - [select for diffs], Tue Jan 8 22:11:38 2008 UTC (4 years, 4 months ago) by bouyer
Branch: bouyer-xeni386
CVS Tags: bouyer-xeni386-merge1
Changes since 1.104.4.1: +43 -46
lines
Diff to previous 1.104.4.1 (colored) to branchpoint 1.104 (colored)
Sync with HEAD
Revision 1.106 / (download) - annotate - [select for diffs], Thu Jan 3 17:51:05 2008 UTC (4 years, 4 months ago) by elad
Branch: MAIN
CVS Tags: matt-armv6-base
Changes since 1.105: +45 -48
lines
Diff to previous 1.105 (colored)
Replace malloc/free usage with kmem_alloc/kmem_zalloc/kmem_free. okay yamt@.
Revision 1.104.4.1 / (download) - annotate - [select for diffs], Wed Jan 2 21:56:04 2008 UTC (4 years, 4 months ago) by bouyer
Branch: bouyer-xeni386
Changes since 1.104: +41 -5
lines
Diff to previous 1.104 (colored)
Sync with HEAD
Revision 1.105 / (download) - annotate - [select for diffs], Wed Jan 2 11:48:52 2008 UTC (4 years, 4 months ago) by ad
Branch: MAIN
Changes since 1.104: +41 -5
lines
Diff to previous 1.104 (colored)
Merge vmlocking2 to head.
Revision 1.103.2.2 / (download) - annotate - [select for diffs], Tue Jan 1 19:51:08 2008 UTC (4 years, 4 months ago) by ad
Branch: vmlocking2
Changes since 1.103.2.1: +41 -5
lines
Diff to previous 1.103.2.1 (colored) to branchpoint 1.103 (colored) next main 1.104 (colored)
- Bypass the fileassoc stuff if veriexec is not in use. - Wrap veriexec with kernel_lock.
Revision 1.101.14.3 / (download) - annotate - [select for diffs], Thu Dec 27 00:46:05 2007 UTC (4 years, 5 months ago) by mjf
Branch: mjf-devfs
Changes since 1.101.14.2: +3 -3
lines
Diff to previous 1.101.14.2 (colored) to branchpoint 1.101 (colored)
Sync with HEAD.
Revision 1.103.2.1 / (download) - annotate - [select for diffs], Wed Dec 26 19:57:12 2007 UTC (4 years, 5 months ago) by ad
Branch: vmlocking2
Changes since 1.103: +3 -3
lines
Diff to previous 1.103 (colored)
Sync with head.
Revision 1.101.6.3 / (download) - annotate - [select for diffs], Sun Dec 9 19:38:22 2007 UTC (4 years, 5 months ago) by jmcneill
Branch: jmcneill-pm
Changes since 1.101.6.2: +3 -3
lines
Diff to previous 1.101.6.2 (colored) to branchpoint 1.101 (colored) next main 1.102 (colored)
Sync with HEAD.
Revision 1.104 / (download) - annotate - [select for diffs], Sat Dec 8 19:29:48 2007 UTC (4 years, 5 months ago) by pooka
Branch: MAIN
CVS Tags: yamt-kmem-base3,
yamt-kmem-base2,
yamt-kmem-base,
yamt-kmem,
vmlocking2-base3,
jmcneill-pm-base,
cube-autoconf-base,
cube-autoconf
Branch point for: bouyer-xeni386
Changes since 1.103: +3 -3
lines
Diff to previous 1.103 (colored)
Remove cn_lwp from struct componentname. curlwp should be used from on. The NDINIT() macro no longer takes the lwp parameter and associates the credentials of the calling thread with the namei structure.
Revision 1.101.14.2 / (download) - annotate - [select for diffs], Sat Dec 8 18:20:34 2007 UTC (4 years, 5 months ago) by mjf
Branch: mjf-devfs
Changes since 1.101.14.1: +3 -3
lines
Diff to previous 1.101.14.1 (colored) to branchpoint 1.101 (colored)
Sync with HEAD.
Revision 1.31.2.6 / (download) - annotate - [select for diffs], Fri Dec 7 17:32:54 2007 UTC (4 years, 5 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.31.2.5: +3 -3
lines
Diff to previous 1.31.2.5 (colored)
sync with head
Revision 1.101.6.2 / (download) - annotate - [select for diffs], Tue Nov 27 19:38:08 2007 UTC (4 years, 5 months ago) by joerg
Branch: jmcneill-pm
Changes since 1.101.6.1: +3 -3
lines
Diff to previous 1.101.6.1 (colored) to branchpoint 1.101 (colored)
Sync with HEAD. amd64 Xen support needs testing.
Revision 1.103 / (download) - annotate - [select for diffs], Mon Nov 26 19:02:02 2007 UTC (4 years, 6 months ago) by pooka
Branch: MAIN
CVS Tags: vmlocking2-base2,
vmlocking2-base1,
vmlocking-nbase,
reinoud-bufcleanup-nbase,
reinoud-bufcleanup-base
Branch point for: vmlocking2
Changes since 1.102: +3 -3
lines
Diff to previous 1.102 (colored)
Remove the "struct lwp *" argument from all VFS and VOP interfaces. The general trend is to remove it from all kernel interfaces and this is a start. In case the calling lwp is desired, curlwp should be used. quick consensus on tech-kern
Revision 1.101.14.1 / (download) - annotate - [select for diffs], Mon Nov 19 00:48:45 2007 UTC (4 years, 6 months ago) by mjf
Branch: mjf-devfs
Changes since 1.101: +6 -9
lines
Diff to previous 1.101 (colored)
Sync with HEAD.
Revision 1.31.2.5 / (download) - annotate - [select for diffs], Thu Nov 15 11:44:46 2007 UTC (4 years, 6 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.31.2.4: +6 -9
lines
Diff to previous 1.31.2.4 (colored)
sync with head.
Revision 1.101.6.1 / (download) - annotate - [select for diffs], Wed Nov 14 19:04:43 2007 UTC (4 years, 6 months ago) by joerg
Branch: jmcneill-pm
Changes since 1.101: +6 -9
lines
Diff to previous 1.101 (colored)
Sync with HEAD.
Revision 1.101.12.1 / (download) - annotate - [select for diffs], Tue Nov 13 16:02:14 2007 UTC (4 years, 6 months ago) by bouyer
Branch: bouyer-xenamd64
Changes since 1.101: +6 -9
lines
Diff to previous 1.101 (colored) next main 1.102 (colored)
Sync with HEAD
Revision 1.102 / (download) - annotate - [select for diffs], Sun Nov 11 23:22:24 2007 UTC (4 years, 6 months ago) by matt
Branch: MAIN
CVS Tags: bouyer-xenamd64-base2,
bouyer-xenamd64-base
Changes since 1.101: +6 -9
lines
Diff to previous 1.101 (colored)
Change some initialization of static queues to compile time. (xxx_INIT to xxx_HEAD_INITIALIZER). Drop code which inits non-auto (global or static) variables to 0 since that's already implied by being non-auto. Init some static/global cpu_simple_locks at compile time.
Revision 1.31.2.4 / (download) - annotate - [select for diffs], Mon Sep 3 14:40:59 2007 UTC (4 years, 8 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.31.2.3: +338 -186
lines
Diff to previous 1.31.2.3 (colored)
sync with head.
Revision 1.97.6.1 / (download) - annotate - [select for diffs], Wed Jul 11 20:10:00 2007 UTC (4 years, 10 months ago) by mjf
Branch: mjf-ufs-trans
Changes since 1.97: +338 -186
lines
Diff to previous 1.97 (colored) next main 1.98 (colored)
Sync with head.
Revision 1.101 / (download) - annotate - [select for diffs], Mon Jul 9 21:10:54 2007 UTC (4 years, 10 months ago) by ad
Branch: MAIN
CVS Tags: yamt-x86pmap-base4,
yamt-x86pmap-base3,
yamt-x86pmap-base2,
yamt-x86pmap-base,
yamt-x86pmap,
vmlocking-base,
nick-csl-alignment-base5,
nick-csl-alignment-base,
nick-csl-alignment,
mjf-ufs-trans-base,
matt-mips64-base,
matt-mips64,
matt-armv6-prevmlocking,
jmcneill-base,
hpcarm-cleanup
Branch point for: mjf-devfs,
matt-armv6,
jmcneill-pm,
bouyer-xenamd64
Changes since 1.100: +5 -4
lines
Diff to previous 1.100 (colored)
Merge some of the less invasive changes from the vmlocking branch: - kthread, callout, devsw API changes - select()/poll() improvements - miscellaneous MT safety improvements
Revision 1.9.2.31 / (download) - annotate - [select for diffs], Tue Jun 26 17:00:47 2007 UTC (4 years, 11 months ago) by ghen
Branch: netbsd-3
Changes since 1.9.2.30: +27 -11
lines
Diff to previous 1.9.2.30 (colored) to branchpoint 1.9 (colored) next main 1.10 (colored)
Pull up following revision(s) (requested by blymn in ticket #1471): sys/kern/kern_verifiedexec.c: patch sys/kern/vfs_syscalls.c: patch sys/sys/verified_exec.h: patch Prevent users to rename a file to a veriexec protected file and to run unfingerprinted files at strict level two or above.
Revision 1.9.2.30 / (download) - annotate - [select for diffs], Tue Jun 26 15:23:59 2007 UTC (4 years, 11 months ago) by ghen
Branch: netbsd-3
Changes since 1.9.2.29: +5 -15
lines
Diff to previous 1.9.2.29 (colored) to branchpoint 1.9 (colored)
Revert #1471 in favour of #1751.
Revision 1.9.2.28.4.1 / (download) - annotate - [select for diffs], Sat Jun 23 19:50:02 2007 UTC (4 years, 11 months ago) by ghen
Branch: netbsd-3-1
CVS Tags: netbsd-3-1-1-RELEASE
Changes since 1.9.2.28: +27 -11
lines
Diff to previous 1.9.2.28 (colored) next main 1.9.2.29 (colored)
Pull up following revision(s) (requested by blymn in ticket #1471): sys/kern/kern_verifiedexec.c: patch sys/kern/vfs_syscalls.c: patch Prevent users to rename a file to a veriexec protected file and to run unfingerprinted files at strict level two or above.
Revision 1.9.2.28.2.1 / (download) - annotate - [select for diffs], Sat Jun 23 19:49:57 2007 UTC (4 years, 11 months ago) by ghen
Branch: netbsd-3-0
CVS Tags: netbsd-3-0-3-RELEASE
Changes since 1.9.2.28: +27 -11
lines
Diff to previous 1.9.2.28 (colored) next main 1.9.2.29 (colored)
Pull up following revision(s) (requested by blymn in ticket #1471): sys/kern/kern_verifiedexec.c: patch sys/kern/vfs_syscalls.c: patch Prevent users to rename a file to a veriexec protected file and to run unfingerprinted files at strict level two or above.
Revision 1.97.4.3 / (download) - annotate - [select for diffs], Fri Jun 8 14:17:23 2007 UTC (4 years, 11 months ago) by ad
Branch: vmlocking
Changes since 1.97.4.2: +332 -192
lines
Diff to previous 1.97.4.2 (colored) to branchpoint 1.97 (colored) next main 1.98 (colored)
Sync with head.
Revision 1.100 / (download) - annotate - [select for diffs], Sat May 19 22:11:22 2007 UTC (5 years ago) by christos
Branch: MAIN
Changes since 1.99: +5 -5
lines
Diff to previous 1.99 (colored)
- remove pathname_ interface. - use macros to deal with pathnames in userspace, when veriexec is used. - reorder the veriexec_ call arguments for consistency. With help from elad@ finding the last bug.
Revision 1.95.2.3 / (download) - annotate - [select for diffs], Thu May 17 13:41:46 2007 UTC (5 years ago) by yamt
Branch: yamt-idlelwp
Changes since 1.95.2.2: +329 -189
lines
Diff to previous 1.95.2.2 (colored) to branchpoint 1.95 (colored) next main 1.96 (colored)
sync with head.
Revision 1.99 / (download) - annotate - [select for diffs], Tue May 15 19:47:45 2007 UTC (5 years ago) by elad
Branch: MAIN
CVS Tags: yamt-idlelwp-base8
Changes since 1.98: +329 -189
lines
Diff to previous 1.98 (colored)
Some Veriexec stuff that's been rotting in my tree for months.
Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.
- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.
- Fix memory leak in rename handling when overwriting a monitored
file.
- Fix table deletion logic.
- Don't prevent query requests if not in learning mode.
KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.
- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.
- veriexec_report() was removed, it is now internal.
- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.
- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.
New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.
- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:
# veriexecctl dump > /etc/signatures
Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.
Idea from Brett Lymn.
- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:
# veriexecctl flush
- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.
- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.
Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.
- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.
- Some of the messages Veriexec prints were improved.
- Various documentation fixes.
All relevant man-pages were updated to reflect the above changes.
Binary compatibility with existing veriexecctl binaries is maintained.
Revision 1.95.2.2 / (download) - annotate - [select for diffs], Sun Apr 15 16:03:50 2007 UTC (5 years, 1 month ago) by yamt
Branch: yamt-idlelwp
Changes since 1.95.2.1: +15 -4
lines
Diff to previous 1.95.2.1 (colored) to branchpoint 1.95 (colored)
sync with head.
Revision 1.97.4.2 / (download) - annotate - [select for diffs], Fri Apr 13 20:56:18 2007 UTC (5 years, 1 month ago) by ad
Branch: vmlocking
Changes since 1.97.4.1: +5 -4
lines
Diff to previous 1.97.4.1 (colored) to branchpoint 1.97 (colored)
- Make the devsw interface MP safe, and add some comments. - Allow individual block/character drivers to be marked MP safe. - Provide wrappers around the device methods that look up the device, returning ENXIO if it's not found, and acquire the kernel lock if needed.
Revision 1.97.4.1 / (download) - annotate - [select for diffs], Tue Apr 10 13:26:40 2007 UTC (5 years, 1 month ago) by ad
Branch: vmlocking
Changes since 1.97: +15 -4
lines
Diff to previous 1.97 (colored)
Sync with head.
Revision 1.98 / (download) - annotate - [select for diffs], Tue Apr 3 09:17:31 2007 UTC (5 years, 1 month ago) by yamt
Branch: MAIN
CVS Tags: thorpej-atomic-base,
thorpej-atomic
Changes since 1.97: +15 -4
lines
Diff to previous 1.97 (colored)
- don't use veriexec_mountspecific_key uninitialized. - fix weird "Veriexec: IDS mode, allowing unmount" messages.
Revision 1.78.2.9 / (download) - annotate - [select for diffs], Sat Mar 10 12:18:34 2007 UTC (5 years, 2 months ago) by bouyer
Branch: netbsd-4
CVS Tags: wrstuden-fixsa-newbase,
wrstuden-fixsa-base-1,
wrstuden-fixsa-base,
wrstuden-fixsa,
netbsd-4-0-RELEASE,
netbsd-4-0-RC5,
netbsd-4-0-RC4,
netbsd-4-0-RC3,
netbsd-4-0-RC2,
netbsd-4-0-RC1,
netbsd-4-0-1-RELEASE,
netbsd-4-0,
matt-nb4-arm-base,
matt-nb4-arm
Changes since 1.78.2.8: +11 -9
lines
Diff to previous 1.78.2.8 (colored) to branchpoint 1.78 (colored) next main 1.79 (colored)
Pull up following revision(s) (requested by elad in ticket #407): sys/kern/kern_verifiedexec.c: patch sys/uvm/uvm_mmap.c: revision 1.104 via patch If Veriexec prevents indirect execution of the binary, in addition to just blocking the mmap() if exec bit is requested, also strip exec bit from maxprot for further mprotect() calls. Okay joerg@.
Revision 1.95.2.1 / (download) - annotate - [select for diffs], Tue Feb 27 16:54:26 2007 UTC (5 years, 2 months ago) by yamt
Branch: yamt-idlelwp
Changes since 1.95: +11 -11
lines
Diff to previous 1.95 (colored)
- sync with head. - move sched_changepri back to kern_synch.c as it doesn't know PPQ anymore.
Revision 1.31.2.3 / (download) - annotate - [select for diffs], Mon Feb 26 09:11:13 2007 UTC (5 years, 2 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.31.2.2: +40 -45
lines
Diff to previous 1.31.2.2 (colored)
sync with head.
Revision 1.97 / (download) - annotate - [select for diffs], Thu Feb 22 06:34:44 2007 UTC (5 years, 3 months ago) by thorpej
Branch: MAIN
CVS Tags: reinoud-bufcleanup,
ad-audiomp-base,
ad-audiomp
Branch point for: vmlocking,
mjf-ufs-trans
Changes since 1.96: +8 -8
lines
Diff to previous 1.96 (colored)
TRUE -> true, FALSE -> false
Revision 1.96 / (download) - annotate - [select for diffs], Wed Feb 21 23:00:04 2007 UTC (5 years, 3 months ago) by thorpej
Branch: MAIN
Changes since 1.95: +6 -6
lines
Diff to previous 1.95 (colored)
Replace the Mach-derived boolean_t type with the C99 bool type. A future commit will replace use of TRUE and FALSE with true and false.
Revision 1.66.2.3 / (download) - annotate - [select for diffs], Fri Feb 9 21:03:53 2007 UTC (5 years, 3 months ago) by ad
Branch: newlock2
Changes since 1.66.2.2: +2 -8
lines
Diff to previous 1.66.2.2 (colored) to branchpoint 1.66 (colored) next main 1.67 (colored)
Sync with HEAD.
Revision 1.95 / (download) - annotate - [select for diffs], Tue Feb 6 01:09:48 2007 UTC (5 years, 3 months ago) by elad
Branch: MAIN
CVS Tags: post-newlock2-merge,
newlock2-nbase,
newlock2-base
Branch point for: yamt-idlelwp
Changes since 1.94: +2 -8
lines
Diff to previous 1.94 (colored)
PR/35253: YAMAMOTO Takashi: fileassoc hash size problem fileassoc_table_add() was removed from the KPI and made internal. From now fileassoc(9) will manage the optimal table size internally. Input from and okay yamt@.
Revision 1.78.2.8 / (download) - annotate - [select for diffs], Sat Jan 20 14:03:11 2007 UTC (5 years, 4 months ago) by bouyer
Branch: netbsd-4
Changes since 1.78.2.7: +3 -3
lines
Diff to previous 1.78.2.7 (colored) to branchpoint 1.78 (colored)
Apply patch (requested by elad in ticket #378): sys/kern/kern_verifiedexec.c: patch fix build failure introduced by ticket #362
Revision 1.78.2.7 / (download) - annotate - [select for diffs], Fri Jan 19 22:12:50 2007 UTC (5 years, 4 months ago) by bouyer
Branch: netbsd-4
Changes since 1.78.2.6: +2 -2
lines
Diff to previous 1.78.2.6 (colored) to branchpoint 1.78 (colored)
Pull up following revision(s) (requested by elad in ticket #362): sys/dev/verified_exec.c: revision 1.57 sys/sys/verified_exec.h: revision 1.53 sys/kern/kern_verifiedexec.c: revision 1.94 share/man/man9/veriexec.9: revision 1.13 veriexec_file_delete() and veriexec_table_delete() now take 'struct lwp *' too.
Revision 1.66.2.2 / (download) - annotate - [select for diffs], Fri Jan 12 01:04:07 2007 UTC (5 years, 4 months ago) by ad
Branch: newlock2
Changes since 1.66.2.1: +734 -189
lines
Diff to previous 1.66.2.1 (colored) to branchpoint 1.66 (colored)
Sync with head.
Revision 1.94 / (download) - annotate - [select for diffs], Thu Jan 11 16:24:48 2007 UTC (5 years, 4 months ago) by elad
Branch: MAIN
Changes since 1.93: +4 -4
lines
Diff to previous 1.93 (colored)
veriexec_file_delete() and veriexec_table_delete() now take 'struct lwp *' too.
Revision 1.93 / (download) - annotate - [select for diffs], Thu Jan 11 15:10:25 2007 UTC (5 years, 4 months ago) by elad
Branch: MAIN
Changes since 1.92: +3 -3
lines
Diff to previous 1.92 (colored)
Make 'veriexec_verbose' static.
Revision 1.92 / (download) - annotate - [select for diffs], Tue Jan 9 12:49:36 2007 UTC (5 years, 4 months ago) by elad
Branch: MAIN
Changes since 1.91: +3 -6
lines
Diff to previous 1.91 (colored)
Remove advertising clause from all of my stuff.
Revision 1.91 / (download) - annotate - [select for diffs], Sun Jan 7 13:55:17 2007 UTC (5 years, 4 months ago) by elad
Branch: MAIN
Changes since 1.90: +23 -21
lines
Diff to previous 1.90 (colored)
Update copyright/license, okay blymn@ few days ago.
Revision 1.78.2.6 / (download) - annotate - [select for diffs], Sat Jan 6 13:22:04 2007 UTC (5 years, 4 months ago) by bouyer
Branch: netbsd-4
Changes since 1.78.2.5: +46 -2
lines
Diff to previous 1.78.2.5 (colored) to branchpoint 1.78 (colored)
Pull up following revision(s) (requested by elad in ticket #318): sys/kern/kern_verifiedexec.c: revision 1.88 sys/kern/vfs_vnops.c: revision 1.130 sys/sys/verified_exec.h: revision 1.48 Avoid TOCTOU in Veriexec by introducing veriexec_openchk() to enforce the policy and using a single namei() call in vn_open().
Revision 1.78.2.5 / (download) - annotate - [select for diffs], Thu Jan 4 18:55:18 2007 UTC (5 years, 4 months ago) by bouyer
Branch: netbsd-4
Changes since 1.78.2.4: +9 -14
lines
Diff to previous 1.78.2.4 (colored) to branchpoint 1.78 (colored)
Pull up following revision(s) (requested by elad in ticket #315): sys/kern/kern_verifiedexec.c: revision 1.87 Veriexec should not explicitly allow anything (raw disk access).
Revision 1.78.2.4 / (download) - annotate - [select for diffs], Thu Jan 4 18:54:30 2007 UTC (5 years, 4 months ago) by bouyer
Branch: netbsd-4
Changes since 1.78.2.3: +4 -4
lines
Diff to previous 1.78.2.3 (colored) to branchpoint 1.78 (colored)
Pull up following revision(s) (requested by elad in ticket #314): sys/kern/kern_verifiedexec.c: revision 1.86 sys/kern/kern_pax.c: revision 1.11 Fix copy/paste error: Veriexec's sysctl setup routine was named after PaX's.
Revision 1.78.2.3 / (download) - annotate - [select for diffs], Thu Jan 4 18:49:30 2007 UTC (5 years, 4 months ago) by bouyer
Branch: netbsd-4
Changes since 1.78.2.2: +15 -9
lines
Diff to previous 1.78.2.2 (colored) to branchpoint 1.78 (colored)
Pull up following revision(s) (requested by elad in ticket #310): sys/kern/kern_verifiedexec.c: revision 1.85 share/man/man9/veriexec.9: revision 1.11 sys/sys/verified_exec.h: revision 1.47 veriexec_lookup() should not return an internal data-structure, but rather just a boolean value.
Revision 1.90 / (download) - annotate - [select for diffs], Wed Jan 3 18:32:11 2007 UTC (5 years, 4 months ago) by elad
Branch: MAIN
Changes since 1.89: +6 -6
lines
Diff to previous 1.89 (colored)
Make more things static. From halflife.
Revision 1.89 / (download) - annotate - [select for diffs], Sun Dec 31 12:07:16 2006 UTC (5 years, 4 months ago) by elad
Branch: MAIN
Changes since 1.88: +6 -4
lines
Diff to previous 1.88 (colored)
#if 0 -> #ifdef notyet, and no need to forward declare internal data-structures anymore.
Revision 1.31.2.2 / (download) - annotate - [select for diffs], Sat Dec 30 20:50:06 2006 UTC (5 years, 4 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.31.2.1: +883 -326
lines
Diff to previous 1.31.2.1 (colored)
sync with head.
Revision 1.88 / (download) - annotate - [select for diffs], Sat Dec 30 15:26:55 2006 UTC (5 years, 4 months ago) by elad
Branch: MAIN
Changes since 1.87: +46 -2
lines
Diff to previous 1.87 (colored)
Avoid TOCTOU in Veriexec by introducing veriexec_openchk() to enforce the policy and using a single namei() call in vn_open().
Revision 1.87 / (download) - annotate - [select for diffs], Fri Dec 29 11:34:14 2006 UTC (5 years, 4 months ago) by elad
Branch: MAIN
Changes since 1.86: +9 -14
lines
Diff to previous 1.86 (colored)
Veriexec should not explicitly allow anything (raw disk access).
Revision 1.86 / (download) - annotate - [select for diffs], Tue Dec 26 19:31:33 2006 UTC (5 years, 5 months ago) by elad
Branch: MAIN
Changes since 1.85: +4 -4
lines
Diff to previous 1.85 (colored)
Fix copy/paste error: Veriexec's sysctl setup routine was named after PaX's.
Revision 1.85 / (download) - annotate - [select for diffs], Tue Dec 26 07:50:40 2006 UTC (5 years, 5 months ago) by elad
Branch: MAIN
Changes since 1.84: +17 -11
lines
Diff to previous 1.84 (colored)
veriexec_lookup() should not return an internal data-structure, but rather just a boolean value.
Revision 1.84 / (download) - annotate - [select for diffs], Sat Dec 23 08:35:43 2006 UTC (5 years, 5 months ago) by yamt
Branch: MAIN
Changes since 1.83: +46 -27
lines
Diff to previous 1.83 (colored)
- remove the fileassoc "tabledata" functionality. use mountspecific instead. - make pax_segvguard_cb static. tested and ok'ed by elad.
Revision 1.66.4.3 / (download) - annotate - [select for diffs], Thu Dec 21 15:07:59 2006 UTC (5 years, 5 months ago) by yamt
Branch: yamt-splraiseipl
Changes since 1.66.4.2: +5 -2
lines
Diff to previous 1.66.4.2 (colored) to branchpoint 1.66 (colored) next main 1.67 (colored)
sync with head.
Revision 1.83 / (download) - annotate - [select for diffs], Wed Dec 20 01:51:48 2006 UTC (5 years, 5 months ago) by christos
Branch: MAIN
CVS Tags: yamt-splraiseipl-base5
Changes since 1.82: +5 -2
lines
Diff to previous 1.82 (colored)
fix kernel panic with veriexec and raidframe.
Revision 1.66.4.2 / (download) - annotate - [select for diffs], Mon Dec 18 11:42:15 2006 UTC (5 years, 5 months ago) by yamt
Branch: yamt-splraiseipl
Changes since 1.66.4.1: +20 -14
lines
Diff to previous 1.66.4.1 (colored) to branchpoint 1.66 (colored)
sync with head.
Revision 1.82 / (download) - annotate - [select for diffs], Mon Dec 18 06:43:12 2006 UTC (5 years, 5 months ago) by elad
Branch: MAIN
CVS Tags: yamt-splraiseipl-base4
Changes since 1.81: +9 -9
lines
Diff to previous 1.81 (colored)
Split handling of unmount in Veriexec, where veriexec_unmountchk() will do the permission check only, and the removal of the table/entries will be done by fileassoc(9) after a successful unmount. Prompted by and okay yamt@.
Revision 1.78.2.2 / (download) - annotate - [select for diffs], Sun Dec 17 21:41:13 2006 UTC (5 years, 5 months ago) by riz
Branch: netbsd-4
Changes since 1.78.2.1: +6 -1
lines
Diff to previous 1.78.2.1 (colored) to branchpoint 1.78 (colored)
Pull up following revision(s) (requested by elad in ticket #275): sys/kern/kern_verifiedexec.c: revision 1.81 PR/35252: YAMAMOTO Takashi: veriexec doesn't handle unmount Call veriexec_table_delete() in the cases where we won't be failing the unmount request.
Revision 1.78.2.1 / (download) - annotate - [select for diffs], Sun Dec 17 21:34:01 2006 UTC (5 years, 5 months ago) by riz
Branch: netbsd-4
Changes since 1.78: +3 -4
lines
Diff to previous 1.78 (colored)
Pull up following revision(s) (requested by elad in ticket #274): sys/kern/kern_verifiedexec.c: revision 1.80 entry-type is uint8
Revision 1.81 / (download) - annotate - [select for diffs], Thu Dec 14 11:15:27 2006 UTC (5 years, 5 months ago) by elad
Branch: MAIN
Changes since 1.80: +8 -3
lines
Diff to previous 1.80 (colored)
PR/35252: YAMAMOTO Takashi: veriexec doesn't handle unmount Call veriexec_table_delete() in the cases where we won't be failing the unmount request.
Revision 1.80 / (download) - annotate - [select for diffs], Thu Dec 14 05:15:33 2006 UTC (5 years, 5 months ago) by elad
Branch: MAIN
Changes since 1.79: +3 -4
lines
Diff to previous 1.79 (colored)
entry-type is uint8
Revision 1.79 / (download) - annotate - [select for diffs], Mon Dec 11 15:24:28 2006 UTC (5 years, 5 months ago) by yamt
Branch: MAIN
Changes since 1.78: +8 -6
lines
Diff to previous 1.78 (colored)
- remove a static configuration, FILEASSOC_NHOOKS. do it dynamically instead. - make fileassoc_t a pointer and remove FILEASSOC_INVAL. - clean up kern_fileassoc.c. unify duplicated code. - unexport fileassoc_init using RUN_ONCE(9). - plug memory leaks in fileassoc_file_delete and fileassoc_table_delete. - always call callbacks, regardless of the value of the associated data. ok'ed by elad.
Revision 1.66.4.1 / (download) - annotate - [select for diffs], Sun Dec 10 07:18:45 2006 UTC (5 years, 5 months ago) by yamt
Branch: yamt-splraiseipl
Changes since 1.66: +638 -166
lines
Diff to previous 1.66 (colored)
sync with head.
Revision 1.78 / (download) - annotate - [select for diffs], Thu Nov 30 16:53:48 2006 UTC (5 years, 5 months ago) by elad
Branch: MAIN
CVS Tags: yamt-splraiseipl-base3,
netbsd-4-base
Branch point for: netbsd-4
Changes since 1.77: +40 -49
lines
Diff to previous 1.77 (colored)
More cleaning... split veriexec_delete() to veriexec_file_delete() to handle a single entry and veriexec_table_delete() to handle an entire table. veriexec_convert() now takes a struct vnode *, and made veriexec_table_lookup() take struct mount * (that's entirely internal now). Tested on amd64, built successfully on amd64, i386, sparc, and sparc64.
Revision 1.77 / (download) - annotate - [select for diffs], Thu Nov 30 13:42:46 2006 UTC (5 years, 5 months ago) by elad
Branch: MAIN
Changes since 1.76: +5 -5
lines
Diff to previous 1.76 (colored)
Return 'error' in veriexec_unmountchk(), not always 0.
Revision 1.76 / (download) - annotate - [select for diffs], Thu Nov 30 01:42:21 2006 UTC (5 years, 5 months ago) by elad
Branch: MAIN
Changes since 1.75: +11 -4
lines
Diff to previous 1.75 (colored)
Make sure that memory freed as M_VERIEXEC was allocated with that type. Pointed out by Jason Thorpe, thanks!
Revision 1.75 / (download) - annotate - [select for diffs], Thu Nov 30 01:09:47 2006 UTC (5 years, 5 months ago) by elad
Branch: MAIN
Changes since 1.74: +389 -126
lines
Diff to previous 1.74 (colored)
Massive restructuring and cleanup of Veriexec, mainly in preparation
for work on some future functionality.
- Veriexec data-structures are no longer exposed.
- Thanks to using proplib for data passing now, the interface
changes further to accomodate that.
Introduce four new functions. First, veriexec_file_add(), to add
a new file to be monitored by Veriexec, to replace both
veriexec_load() and veriexec_hashadd(). veriexec_table_add(), to
replace veriexec_newtable(), will be used to optimize hash table
size (during preload), and finally, veriexec_convert(), to convert
an internal entry to one userland can read.
- Introduce veriexec_unmountchk(), to enforce Veriexec unmount
policy. This cleans up a bit of code in kern/vfs_syscalls.c.
- Rename veriexec_tblfind() with veriexec_table_lookup(), and make
it static. More functions that became static: veriexec_fp_cmp(),
veriexec_fp_calc().
- veriexec_verify() no longer returns the entry as well, but just
sets a boolean indicating whether an entry was found or not.
- veriexec_purge() now takes a struct vnode *.
- veriexec_add_fp_name() was merged into veriexec_add_fp_ops(), that
changed its name to veriexec_fpops_add(). veriexec_find_ops() was
also renamed to veriexec_fpops_lookup().
Also on the fp-ops front, the three function types used to initialize,
update, and finalize a hash context were renamed to
veriexec_fpop_init_t, veriexec_fpop_update_t, and veriexec_fpop_final_t
respectively.
- Introduce a new malloc(9) type, M_VERIEXEC, and use it instead of
M_TEMP, so we can tell exactly how much memory is used by Veriexec.
- And, most importantly, whitespace and indentation nits.
Built successfuly for amd64, i386, sparc, and sparc64. Tested on amd64.
Revision 1.74 / (download) - annotate - [select for diffs], Tue Nov 28 22:22:02 2006 UTC (5 years, 5 months ago) by elad
Branch: MAIN
Changes since 1.73: +10 -13
lines
Diff to previous 1.73 (colored)
Make Veriexec use proplib(3) for kernel-userland data passing. Obviously, this breaks the already unstable Veriexec ABI, but that's it. Some cool additions are planned to be introduced, and this just makes it so that NetBSD 4.0 users will be able to easily use them as well. This also removes the fingerprint type name limit, so relevant code was adjusted. Thoroughly tested (even uncovered a bug in proplib! thanks for fixing that cube@!). Documentation updated.
Revision 1.73 / (download) - annotate - [select for diffs], Mon Nov 27 17:45:36 2006 UTC (5 years, 5 months ago) by elad
Branch: MAIN
Changes since 1.72: +86 -2
lines
Diff to previous 1.72 (colored)
Move Veriexec's sysctl(9) setup routine and helper to kern_verifiedexec.c.
Revision 1.72 / (download) - annotate - [select for diffs], Sun Nov 26 20:27:27 2006 UTC (5 years, 5 months ago) by elad
Branch: MAIN
Changes since 1.71: +127 -16
lines
Diff to previous 1.71 (colored)
Implement Veriexec's raw disk policy on-top of kauth(9)'s device scope, using both the rawio_spec and passthru actions to detect raw disk activity. Same for kernel memory policy. Update documentation (no longer need to expose veriexec_rawchk()) and remove all Veriexec-related bits from specfs.
Revision 1.71 / (download) - annotate - [select for diffs], Sun Nov 26 16:22:36 2006 UTC (5 years, 6 months ago) by elad
Branch: MAIN
Changes since 1.70: +4 -4
lines
Diff to previous 1.70 (colored)
I wanted to do this for so long: veriexec_init_fp_ops() -> veriexec_init().
Revision 1.70 / (download) - annotate - [select for diffs], Thu Nov 23 13:11:29 2006 UTC (5 years, 6 months ago) by elad
Branch: MAIN
Changes since 1.69: +20 -2
lines
Diff to previous 1.69 (colored)
Document flaw in veriexec_rawchk(). This is what I added to the comment: * XXX: This is bogus. There's an obvious race condition between the time * XXX: the disk is open for writing, in which an attacker can access a * XXX: monitored file to get its signature cached again, and when the raw * XXX: file is overwritten on disk. * XXX: * XXX: To solve this, we need something like the following: * XXX: open raw disk: * XXX: - raise refcount, * XXX: - invalidate fingerprints, * XXX: - mark all entries with "no cache" flag * XXX: * XXX: veriexec_verify: * XXX: - if "no cache", don't cache evaluation result * XXX: * XXX: close raw disk: * XXX: - lower refcount, * XXX: - if refcount == 0, remove "no cache" flag from all entries
Revision 1.66.2.1 / (download) - annotate - [select for diffs], Sat Nov 18 21:39:22 2006 UTC (5 years, 6 months ago) by ad
Branch: newlock2
Changes since 1.66: +36 -35
lines
Diff to previous 1.66 (colored)
Sync with head.
Revision 1.9.2.29 / (download) - annotate - [select for diffs], Thu Nov 2 12:51:21 2006 UTC (5 years, 6 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.28: +15 -5
lines
Diff to previous 1.9.2.28 (colored) to branchpoint 1.9 (colored)
Pull up following revision(s) (requested by elad in ticket #1471): sys/kern/vfs_syscalls.c: revision 1.254 via patch sys/kern/kern_verifiedexec.c: revision 1.58 via patch Add destination file vnode to rename checking.
Revision 1.69 / (download) - annotate - [select for diffs], Mon Oct 30 11:29:12 2006 UTC (5 years, 6 months ago) by elad
Branch: MAIN
Changes since 1.68: +7 -7
lines
Diff to previous 1.68 (colored)
Use consistent logging messages.
Revision 1.68 / (download) - annotate - [select for diffs], Fri Oct 27 21:20:48 2006 UTC (5 years, 6 months ago) by christos
Branch: MAIN
Changes since 1.67: +6 -4
lines
Diff to previous 1.67 (colored)
Merge kernel and userland rmd160 and sha2 implementation. XXX: We still install rmd160.h and sha2.h in /usr/include/crypto, unlike the other hash functions which get installed in /usr/include for compatibility.
Revision 1.67 / (download) - annotate - [select for diffs], Tue Oct 24 22:38:41 2006 UTC (5 years, 7 months ago) by elad
Branch: MAIN
Changes since 1.66: +27 -28
lines
Diff to previous 1.66 (colored)
Various cleanups. Make some "#ifdef DIAGNOSTIC" blocks always compiled in; others convert to KASSERT() where appropriate. Add some sanity checks and comments while here.
Revision 1.48.4.1 / (download) - annotate - [select for diffs], Sat Sep 9 02:57:16 2006 UTC (5 years, 8 months ago) by rpaulo
Branch: rpaulo-netinet-merge-pcb
Changes since 1.48: +242 -236
lines
Diff to previous 1.48 (colored) next main 1.49 (colored)
sync with head
Revision 1.48.8.5 / (download) - annotate - [select for diffs], Sun Sep 3 15:25:22 2006 UTC (5 years, 8 months ago) by yamt
Branch: yamt-pdpolicy
Changes since 1.48.8.4: +43 -2
lines
Diff to previous 1.48.8.4 (colored) to branchpoint 1.48 (colored) next main 1.49 (colored)
sync with head.
Revision 1.65.2.1 / (download) - annotate - [select for diffs], Mon Aug 14 13:29:54 2006 UTC (5 years, 9 months ago) by tron
Branch: abandoned-netbsd-4
Changes since 1.65: +43 -2
lines
Diff to previous 1.65 (colored) next main 1.66 (colored)
Pull up following revision(s) (requested by elad in ticket #15): sys/miscfs/specfs/spec_vnops.c: revision 1.88 share/man/man9/fileassoc.9: revision 1.7 sys/kern/kern_verifiedexec.c: revision 1.66 sys/sys/verified_exec.h: revision 1.39 sys/sys/fileassoc.h: revision 1.3 lib/libc/gen/sysctl.3: revision 1.178 share/man/man9/veriexec.9: revision 1.4 sys/kern/kern_fileassoc.c: revision 1.6 Pretending to be Elad's keyboard: fileassoc.diff adds a fileassoc_table_run() routine that allows you to pass a callback to be called with every entry on a given mount. veriexec.diff adds some raw device access policies: if raw disk is opened at strict level 1, all fingerprints on this disk will be invalidated as a safety measure. level 2 will not allow opening disk for raw writing if we monitor it, and prevent raw writes to memory. level 3 will not allow opening any disk for raw writing. both update all relevant documentation. veriexec concept is okay blymn@.
Revision 1.66 / (download) - annotate - [select for diffs], Fri Aug 11 19:17:47 2006 UTC (5 years, 9 months ago) by christos
Branch: MAIN
CVS Tags: yamt-splraiseipl-base2,
yamt-splraiseipl-base,
yamt-pdpolicy-base9,
yamt-pdpolicy-base8,
rpaulo-netinet-merge-pcb-base
Branch point for: yamt-splraiseipl,
newlock2
Changes since 1.65: +43 -2
lines
Diff to previous 1.65 (colored)
Pretending to be Elad's keyboard: fileassoc.diff adds a fileassoc_table_run() routine that allows you to pass a callback to be called with every entry on a given mount. veriexec.diff adds some raw device access policies: if raw disk is opened at strict level 1, all fingerprints on this disk will be invalidated as a safety measure. level 2 will not allow opening disk for raw writing if we monitor it, and prevent raw writes to memory. level 3 will not allow opening any disk for raw writing. both update all relevant documentation. veriexec concept is okay blymn@.
Revision 1.48.8.4 / (download) - annotate - [select for diffs], Fri Aug 11 15:45:46 2006 UTC (5 years, 9 months ago) by yamt
Branch: yamt-pdpolicy
Changes since 1.48.8.3: +194 -223
lines
Diff to previous 1.48.8.3 (colored) to branchpoint 1.48 (colored)
sync with head
Revision 1.65 / (download) - annotate - [select for diffs], Wed Jul 26 16:34:07 2006 UTC (5 years, 10 months ago) by elad
Branch: MAIN
CVS Tags: yamt-pdpolicy-base7,
abandoned-netbsd-4-base
Branch point for: abandoned-netbsd-4
Changes since 1.64: +11 -17
lines
Diff to previous 1.64 (colored)
sync kpi with docs, remove old comments
Revision 1.64 / (download) - annotate - [select for diffs], Wed Jul 26 15:14:24 2006 UTC (5 years, 10 months ago) by elad
Branch: MAIN
Changes since 1.63: +4 -4
lines
Diff to previous 1.63 (colored)
fix logic in veriexec_report()
Revision 1.63 / (download) - annotate - [select for diffs], Mon Jul 24 21:32:39 2006 UTC (5 years, 10 months ago) by elad
Branch: MAIN
Changes since 1.62: +15 -15
lines
Diff to previous 1.62 (colored)
replace magic numbers for strict levels (0-3) with defines.
Revision 1.62 / (download) - annotate - [select for diffs], Mon Jul 24 21:15:05 2006 UTC (5 years, 10 months ago) by elad
Branch: MAIN
Changes since 1.61: +15 -21
lines
Diff to previous 1.61 (colored)
finally do things properly. veriexec_report() takes flags, not three ints.
Revision 1.61 / (download) - annotate - [select for diffs], Mon Jul 24 16:37:28 2006 UTC (5 years, 10 months ago) by elad
Branch: MAIN
Changes since 1.60: +3 -3
lines
Diff to previous 1.60 (colored)
some fixes:
- adapt to NVERIEXEC in init_sysctl.c.
- we now need "veriexec.h" for NVERIEXEC.
- "opt_verified_exec.h" -> "opt_veriexec.h", and include it only where
it is needed.
Revision 1.60 / (download) - annotate - [select for diffs], Mon Jul 24 16:27:15 2006 UTC (5 years, 10 months ago) by elad
Branch: MAIN
Changes since 1.59: +4 -4
lines
Diff to previous 1.59 (colored)
prevent removal of monitored files as early as ids mode. okay blymn@
Revision 1.59 / (download) - annotate - [select for diffs], Sun Jul 23 22:06:11 2006 UTC (5 years, 10 months ago) by ad
Branch: MAIN
Changes since 1.58: +9 -9
lines
Diff to previous 1.58 (colored)
Use the LWP cached credentials where sane.
Revision 1.58 / (download) - annotate - [select for diffs], Wed Jul 19 12:45:20 2006 UTC (5 years, 10 months ago) by blymn
Branch: MAIN
Changes since 1.57: +10 -6
lines
Diff to previous 1.57 (colored)
Add destination file vnode to rename checking.
Revision 1.57 / (download) - annotate - [select for diffs], Sat Jul 15 20:07:36 2006 UTC (5 years, 10 months ago) by elad
Branch: MAIN
Changes since 1.56: +16 -28
lines
Diff to previous 1.56 (colored)
minor api cleanup, and remove useless VOP_GETATTR() calls.
Revision 1.56 / (download) - annotate - [select for diffs], Sat Jul 15 16:48:51 2006 UTC (5 years, 10 months ago) by elad
Branch: MAIN
Changes since 1.55: +3 -3
lines
Diff to previous 1.55 (colored)
update my email on the copyright to @netbsd.org
Revision 1.55 / (download) - annotate - [select for diffs], Sat Jul 15 16:43:35 2006 UTC (5 years, 10 months ago) by elad
Branch: MAIN
Changes since 1.54: +23 -2
lines
Diff to previous 1.54 (colored)
move veriexec_clear() from dev/verified_exec.c to kern/kern_verifiedexec.c
Revision 1.54 / (download) - annotate - [select for diffs], Sat Jul 15 16:33:16 2006 UTC (5 years, 10 months ago) by elad
Branch: MAIN
Changes since 1.53: +33 -45
lines
Diff to previous 1.53 (colored)
some cleanup and fixes: - fix possible panic and vfs refcnt issue - use log(9) instead of printf(9) where possible - indent - stop logging fsid/fileid
Revision 1.53 / (download) - annotate - [select for diffs], Fri Jul 14 18:41:40 2006 UTC (5 years, 10 months ago) by elad
Branch: MAIN
Changes since 1.52: +119 -142
lines
Diff to previous 1.52 (colored)
okay, since there was no way to divide this to two commits, here it goes.. introduce fileassoc(9), a kernel interface for associating meta-data with files using in-kernel memory. this is very similar to what we had in veriexec till now, only abstracted so it can be used more easily by more consumers. this also prompted the redesign of the interface, making it work on vnodes and mounts and not directly on devices and inodes. internally, we still use file-id but that's gonna change soon... the interface will remain consistent. as a result, veriexec went under some heavy changes to conform to the new interface. since we no longer use device numbers to identify file-systems, the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now kern.veriexec.tableN.* where 'N' is NOT the device number but rather a way to distinguish several mounts. also worth noting is the plugging of unmount/delete operations wrt/fileassoc and veriexec. tons of input from yamt@, wrstuden@, martin@, and christos@.
Revision 1.51.2.1 / (download) - annotate - [select for diffs], Thu Jul 13 17:49:50 2006 UTC (5 years, 10 months ago) by gdamore
Branch: gdamore-uart
Changes since 1.51: +9 -4
lines
Diff to previous 1.51 (colored) next main 1.52 (colored)
Merge from HEAD.
Revision 1.52 / (download) - annotate - [select for diffs], Sun Jul 9 10:13:53 2006 UTC (5 years, 10 months ago) by blymn
Branch: MAIN
Changes since 1.51: +9 -4
lines
Diff to previous 1.51 (colored)
Fix behaviour of files with no signatures on exec.
Revision 1.48.8.3 / (download) - annotate - [select for diffs], Mon Jun 26 12:52:56 2006 UTC (5 years, 11 months ago) by yamt
Branch: yamt-pdpolicy
Changes since 1.48.8.2: +7 -5
lines
Diff to previous 1.48.8.2 (colored) to branchpoint 1.48 (colored)
sync with head.
Revision 1.31.2.1 / (download) - annotate - [select for diffs], Wed Jun 21 15:09:38 2006 UTC (5 years, 11 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.31: +236 -54
lines
Diff to previous 1.31 (colored)
sync with head.
Revision 1.50.2.1 / (download) - annotate - [select for diffs], Mon Jun 19 04:07:16 2006 UTC (5 years, 11 months ago) by chap
Branch: chap-midi
Changes since 1.50: +7 -5
lines
Diff to previous 1.50 (colored) next main 1.51 (colored)
Sync with head.
Revision 1.48.6.2 / (download) - annotate - [select for diffs], Thu Jun 1 22:38:08 2006 UTC (5 years, 11 months ago) by kardel
Branch: simonb-timecounters
CVS Tags: simonb-timcounters-final
Changes since 1.48.6.1: +17 -13
lines
Diff to previous 1.48.6.1 (colored) to branchpoint 1.48 (colored) next main 1.49 (colored)
Sync with head.
Revision 1.51 / (download) - annotate - [select for diffs], Thu May 25 11:23:11 2006 UTC (6 years ago) by blymn
Branch: MAIN
CVS Tags: yamt-pdpolicy-base6,
simonb-timecounters-base,
gdamore-uart-base,
chap-midi-nbase,
chap-midi-base
Branch point for: gdamore-uart
Changes since 1.50: +7 -5
lines
Diff to previous 1.50 (colored)
Add kauth header for function prototypes Whitespace clean up.
Revision 1.48.12.2 / (download) - annotate - [select for diffs], Wed May 24 15:50:41 2006 UTC (6 years ago) by tron
Branch: peter-altq
Changes since 1.48.12.1: +10 -8
lines
Diff to previous 1.48.12.1 (colored) to branchpoint 1.48 (colored) next main 1.49 (colored)
Merge 2006-05-24 NetBSD-current into the "peter-altq" branch.
Revision 1.48.8.2 / (download) - annotate - [select for diffs], Wed May 24 10:58:41 2006 UTC (6 years ago) by yamt
Branch: yamt-pdpolicy
Changes since 1.48.8.1: +12 -10
lines
Diff to previous 1.48.8.1 (colored) to branchpoint 1.48 (colored)
sync with head.
Revision 1.50 / (download) - annotate - [select for diffs], Sun May 14 21:15:11 2006 UTC (6 years ago) by elad
Branch: MAIN
CVS Tags: yamt-pdpolicy-base5
Branch point for: chap-midi
Changes since 1.49: +12 -10
lines
Diff to previous 1.49 (colored)
integrate kauth.
Revision 1.48.6.1 / (download) - annotate - [select for diffs], Sat Apr 22 11:39:59 2006 UTC (6 years, 1 month ago) by simonb
Branch: simonb-timecounters
Changes since 1.48: +6 -16
lines
Diff to previous 1.48 (colored)
Sync with head.
Revision 1.48.10.3 / (download) - annotate - [select for diffs], Wed Apr 19 05:13:59 2006 UTC (6 years, 1 month ago) by elad
Branch: elad-kernelauth
Changes since 1.48.10.2: +6 -16
lines
Diff to previous 1.48.10.2 (colored) to branchpoint 1.48 (colored) next main 1.49 (colored)
sync with head.
Revision 1.48.10.2 / (download) - annotate - [select for diffs], Tue Apr 18 12:02:14 2006 UTC (6 years, 1 month ago) by elad
Branch: elad-kernelauth
Changes since 1.48.10.1: +4 -4
lines
Diff to previous 1.48.10.1 (colored) to branchpoint 1.48 (colored)
kauth cleanup, inspired by yamt@, thanks!
Revision 1.48.8.1 / (download) - annotate - [select for diffs], Sat Apr 1 12:07:39 2006 UTC (6 years, 1 month ago) by yamt
Branch: yamt-pdpolicy
Changes since 1.48: +6 -16
lines
Diff to previous 1.48 (colored)
sync with head.
Revision 1.48.12.1 / (download) - annotate - [select for diffs], Fri Mar 31 09:45:28 2006 UTC (6 years, 1 month ago) by tron
Branch: peter-altq
Changes since 1.48: +6 -16
lines
Diff to previous 1.48 (colored)
Merge 2006-03-31 NetBSD-current into the "peter-altq" branch.
Revision 1.49 / (download) - annotate - [select for diffs], Thu Mar 30 04:06:42 2006 UTC (6 years, 1 month ago) by chs
Branch: MAIN
CVS Tags: yamt-pdpolicy-base4,
yamt-pdpolicy-base3,
elad-kernelauth-base
Changes since 1.48: +6 -16
lines
Diff to previous 1.48 (colored)
use uvm_km_alloc() instead of uvm_map().
Revision 1.48.10.1 / (download) - annotate - [select for diffs], Wed Mar 8 00:53:40 2006 UTC (6 years, 2 months ago) by elad
Branch: elad-kernelauth
Changes since 1.48: +10 -8
lines
Diff to previous 1.48 (colored)
Adapt to kernel authorization KPI.
Revision 1.48 / (download) - annotate - [select for diffs], Mon Dec 12 16:26:33 2005 UTC (6 years, 5 months ago) by elad
Branch: MAIN
CVS Tags: yamt-uio_vmspace-base5,
yamt-uio_vmspace,
yamt-pdpolicy-base2,
yamt-pdpolicy-base,
peter-altq-base
Branch point for: yamt-pdpolicy,
simonb-timecounters,
rpaulo-netinet-merge-pcb,
peter-altq,
elad-kernelauth
Changes since 1.47: +28 -29
lines
Diff to previous 1.47 (colored)
Catch up with ktrace-lwp merge.
While I'm here, stop using cur{lwp,proc}.
Revision 1.3.2.6 / (download) - annotate - [select for diffs], Sun Dec 11 10:29:12 2005 UTC (6 years, 5 months ago) by christos
Branch: ktrace-lwp
Changes since 1.3.2.5: +3 -5
lines
Diff to previous 1.3.2.5 (colored) next main 1.4 (colored)
Sync with head.
Revision 1.47 / (download) - annotate - [select for diffs], Thu Dec 8 22:41:45 2005 UTC (6 years, 5 months ago) by yamt
Branch: MAIN
CVS Tags: ktrace-lwp-base
Changes since 1.46: +3 -3
lines
Diff to previous 1.46 (colored)
use VM_PAGE_TO_PHYS macro.
Revision 1.45.6.1 / (download) - annotate - [select for diffs], Tue Nov 29 21:23:29 2005 UTC (6 years, 5 months ago) by yamt
Branch: yamt-readahead
Changes since 1.45: +2 -4
lines
Diff to previous 1.45 (colored) next main 1.46 (colored)
sync with head.
Revision 1.46 / (download) - annotate - [select for diffs], Fri Nov 25 12:02:09 2005 UTC (6 years, 6 months ago) by elad
Branch: MAIN
CVS Tags: yamt-readahead-base3
Changes since 1.45: +2 -4
lines
Diff to previous 1.45 (colored)
Remove few no longer needed XXX comments about fsid/fileid being not the same type as dev_t/ino_t.
Revision 1.3.2.5 / (download) - annotate - [select for diffs], Thu Nov 10 14:09:45 2005 UTC (6 years, 6 months ago) by skrll
Branch: ktrace-lwp
Changes since 1.3.2.4: +618 -257
lines
Diff to previous 1.3.2.4 (colored)
Sync with HEAD. Here we go again...
Revision 1.9.2.28 / (download) - annotate - [select for diffs], Sat Oct 15 17:33:31 2005 UTC (6 years, 7 months ago) by riz
Branch: netbsd-3
CVS Tags: netbsd-3-1-RELEASE,
netbsd-3-1-RC4,
netbsd-3-1-RC3,
netbsd-3-1-RC2,
netbsd-3-1-RC1,
netbsd-3-0-RELEASE,
netbsd-3-0-RC6,
netbsd-3-0-RC5,
netbsd-3-0-RC4,
netbsd-3-0-RC3,
netbsd-3-0-RC2,
netbsd-3-0-RC1,
netbsd-3-0-2-RELEASE,
netbsd-3-0-1-RELEASE
Branch point for: netbsd-3-1,
netbsd-3-0
Changes since 1.9.2.27: +4 -3
lines
Diff to previous 1.9.2.27 (colored) to branchpoint 1.9 (colored)
Apply patch (requested by elad in ticket #885): Check if vhe->fp is not NULL before passing it to free(), to prevent a crash.
Revision 1.45 / (download) - annotate - [select for diffs], Wed Oct 12 14:26:47 2005 UTC (6 years, 7 months ago) by elad
Branch: MAIN
CVS Tags: yamt-vop-base3,
yamt-vop-base2,
yamt-vop-base,
yamt-vop,
yamt-readahead-pervnode,
yamt-readahead-perfile,
yamt-readahead-base2,
yamt-readahead-base,
thorpej-vnode-attr-base,
thorpej-vnode-attr
Branch point for: yamt-readahead
Changes since 1.44: +6 -4
lines
Diff to previous 1.44 (colored)
Debug nits from Brett Lymn: - The fingerprint should be printed before we increment the pointer. - Add missing index increment.
Revision 1.44 / (download) - annotate - [select for diffs], Tue Oct 11 23:59:40 2005 UTC (6 years, 7 months ago) by elad
Branch: MAIN
Changes since 1.43: +8 -10
lines
Diff to previous 1.43 (colored)
- Don't pass NULL to free(). Fixes local crash reported by Matthew Sporleder. - %ld -> PRIu64 for inodes.
Revision 1.43 / (download) - annotate - [select for diffs], Mon Oct 10 17:36:29 2005 UTC (6 years, 7 months ago) by elad
Branch: MAIN
Changes since 1.42: +54 -40
lines
Diff to previous 1.42 (colored)
Style changes, lots of input from blymn@.
Revision 1.42 / (download) - annotate - [select for diffs], Fri Oct 7 18:07:46 2005 UTC (6 years, 7 months ago) by elad
Branch: MAIN
Changes since 1.41: +45 -47
lines
Diff to previous 1.41 (colored)
Various fixes from blymn@ and myself. Also, put genfs changes under #if 0, and don't do per-page fingerprints until this is properly discussed, as requested by yamt@.
Revision 1.41 / (download) - annotate - [select for diffs], Wed Oct 5 16:21:46 2005 UTC (6 years, 7 months ago) by elad
Branch: MAIN
Changes since 1.40: +3 -2
lines
Diff to previous 1.40 (colored)
Don't forget to unmap memory once we're done with it. Pointed out by yamt@.
Revision 1.40 / (download) - annotate - [select for diffs], Wed Oct 5 15:59:31 2005 UTC (6 years, 7 months ago) by elad
Branch: MAIN
Changes since 1.39: +6 -10
lines
Diff to previous 1.39 (colored)
Don't use static variables here. Pointed out by yamt@.
Revision 1.39 / (download) - annotate - [select for diffs], Wed Oct 5 13:48:48 2005 UTC (6 years, 7 months ago) by elad
Branch: MAIN
Changes since 1.38: +140 -7
lines
Diff to previous 1.38 (colored)
Introduce per-page fingerprints in Veriexec. This closes a hole pointed out by Thor Lancelot Simon on tech-kern ~3 years ago. The problem was with running binaries from remote storage, where our kernel (and Veriexec) has no control over any changes to files. An attacker could, after the fingerprint has been verified and program loaded to memory, inject malicious code into the backing store on the remote storage, followed by a forced flush, causing a page-in of the malicious data from backing store, bypassing integrity checks. Initial implementation by Brett Lymn.
Revision 1.9.2.27 / (download) - annotate - [select for diffs], Thu Sep 8 21:06:31 2005 UTC (6 years, 8 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.26: +4 -2
lines
Diff to previous 1.9.2.26 (colored) to branchpoint 1.9 (colored)
Apply patch (requested by elad in ticket #740): Defopt VERIFIED_EXEC.
Revision 1.38 / (download) - annotate - [select for diffs], Fri Sep 2 14:16:50 2005 UTC (6 years, 8 months ago) by elad
Branch: MAIN
Changes since 1.37: +4 -7
lines
Diff to previous 1.37 (colored)
Sync comments with 64-bit inode changes.
Revision 1.9.2.26 / (download) - annotate - [select for diffs], Fri Sep 2 12:16:17 2005 UTC (6 years, 8 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.25: +48 -2
lines
Diff to previous 1.9.2.25 (colored) to branchpoint 1.9 (colored)
Apply patch (requested by elad in ticket #709): Implements the rename policy. Implications per strict level: 0, 1: Log renames of monitored files. 2: Prevent renames of monitored files. 3: Prevent renames.
Revision 1.9.2.25 / (download) - annotate - [select for diffs], Tue Aug 23 14:45:21 2005 UTC (6 years, 9 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.24: +2 -4
lines
Diff to previous 1.9.2.24 (colored) to branchpoint 1.9 (colored)
Backout ticket 685. It causes build failures.
Revision 1.9.2.24 / (download) - annotate - [select for diffs], Tue Aug 23 13:43:57 2005 UTC (6 years, 9 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.23: +4 -2
lines
Diff to previous 1.9.2.23 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.32 (requested by elad in ticket #685): defopt verified_exec.
Revision 1.37 / (download) - annotate - [select for diffs], Fri Aug 19 16:58:29 2005 UTC (6 years, 9 months ago) by christos
Branch: MAIN
Changes since 1.36: +10 -9
lines
Diff to previous 1.36 (colored)
more 64 bit inode lossage.
Revision 1.36 / (download) - annotate - [select for diffs], Fri Aug 19 12:30:02 2005 UTC (6 years, 9 months ago) by elad
Branch: MAIN
Changes since 1.35: +47 -2
lines
Diff to previous 1.35 (colored)
Introduce veriexec_renamechk(). Rename policy: - Strict levels 0, 1: Log renames of monitored files. - Strict level 2: Prevent renames of monitored files. - Strict level 3: Prevent renames.
Revision 1.9.2.23 / (download) - annotate - [select for diffs], Tue Aug 16 12:43:11 2005 UTC (6 years, 9 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.22: +7 -3
lines
Diff to previous 1.9.2.22 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.35 (requested by elad in ticket #669): The veriexec API uses dev_t and ino_t for device and inode numbers. VOP_GETATTR() fills a struct vattr, where va_fsid and va_fileid (device and inode..) are typed as long. Add some casts when using these values and surround them with XXXs about the potential size mismatch, as long can be 64 bits but dev_t and ino_t are always 32 bits. This is safe because *for now* we're still using 32 bit inode numbers. Discussed with blymn@.
Revision 1.9.2.22 / (download) - annotate - [select for diffs], Tue Aug 16 12:34:50 2005 UTC (6 years, 9 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.21: +4 -4
lines
Diff to previous 1.9.2.21 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.34 (requested by elad in ticket #668): Fix printing formats. - size_t is %zu - dev_t is uint32_t is %u - long is %ld
Revision 1.35 / (download) - annotate - [select for diffs], Sat Aug 13 12:56:44 2005 UTC (6 years, 9 months ago) by elad
Branch: MAIN
Changes since 1.34: +7 -3
lines
Diff to previous 1.34 (colored)
The veriexec API uses dev_t and ino_t for device and inode numbers. VOP_GETATTR() fills a struct vattr, where va_fsid and va_fileid (device and inode..) are typed as long. Add some casts when using these values and surround them with XXXs about the potential size mismatch, as long can be 64 bits but dev_t and ino_t are always 32 bits. This is safe because *for now* we're still using 32 bit inode numbers. Discussed with blymn@.
Revision 1.34 / (download) - annotate - [select for diffs], Sat Aug 13 12:08:34 2005 UTC (6 years, 9 months ago) by elad
Branch: MAIN
Changes since 1.33: +4 -4
lines
Diff to previous 1.33 (colored)
Fix printing formats. - size_t is %zu - dev_t is uint32_t is %u - long is %ld
Revision 1.9.2.21 / (download) - annotate - [select for diffs], Fri Aug 12 06:45:44 2005 UTC (6 years, 9 months ago) by snj
Branch: netbsd-3
Changes since 1.9.2.20: +3 -3
lines
Diff to previous 1.9.2.20 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.33 (requested by elad in ticket #644): Support multiple entry types. Direct, indirect, and file can now be combined in the signatures file using commas.
Revision 1.33 / (download) - annotate - [select for diffs], Tue Aug 2 16:14:10 2005 UTC (6 years, 9 months ago) by elad
Branch: MAIN
Changes since 1.32: +3 -3
lines
Diff to previous 1.32 (colored)
Support multiple entry types. Direct, indirect, and file can now be combined in the signatures file using commas.
Revision 1.32 / (download) - annotate - [select for diffs], Sat Jul 16 22:47:18 2005 UTC (6 years, 10 months ago) by christos
Branch: MAIN
Changes since 1.31: +4 -2
lines
Diff to previous 1.31 (colored)
defopt verified_exec.
Revision 1.9.2.20 / (download) - annotate - [select for diffs], Sat Jul 2 15:58:29 2005 UTC (6 years, 10 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.19: +10 -11
lines
Diff to previous 1.9.2.19 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.29 (requested by elad in ticket #487): - Use more calls to veriexec_report() where possible. - Change #ifdef VERIFIED_EXEC_VERBOSE to another verbose level, 2. Add sysctl(3) bits. - Simplify access type conflict handling during load. This depends on the values of access type defines to be ordered from least to most 'strict'.
Revision 1.9.2.19 / (download) - annotate - [select for diffs], Sat Jul 2 15:54:12 2005 UTC (6 years, 10 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.18: +38 -40
lines
Diff to previous 1.9.2.18 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.28 (requested by elad in ticket #487): - Avoid pollution of struct vnode. Save the fingerprint evaluation status in the veriexec table entry; the lookups are very cheap now. Suggested by Chuq. - Handle non-regular (!VREG) files correctly). - Remove (no longer needed) FINGERPRINT_NOENTRY.
Revision 1.9.2.18 / (download) - annotate - [select for diffs], Sat Jul 2 15:52:41 2005 UTC (6 years, 10 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.17: +8 -3
lines
Diff to previous 1.9.2.17 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.27 (requested by elad in ticket #487): Oops. Don't allow file delete even if it's not monitored if we're in lockdown mode (strict level 3).
Revision 1.9.2.17 / (download) - annotate - [select for diffs], Sat Jul 2 15:51:33 2005 UTC (6 years, 10 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.16: +30 -118
lines
Diff to previous 1.9.2.16 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.26 (requested by elad in ticket #487): More veriexec changes: - Better organize strict level. Now we have 4 levels: - Level 0, learning mode: Warnings only about anything that might've resulted in 'access denied' or similar in a higher strict level. - Level 1, IDS mode: - Deny access on fingerprint mismatch. - Deny modification of veriexec tables. - Level 2, IPS mode: - All implications of strict level 1. - Deny write access to monitored files. - Prevent removal of monitored files. - Enforce access type - 'direct', 'indirect', or 'file'. - Level 3, lockdown mode: - All implications of strict level 2. - Prevent creation of new files. - Deny access to non-monitored files. - Update sysctl(3) man-page with above. (date bumped too :) - Remove FINGERPRINT_INDIRECT from possible fp_status values; it's no longer needed. - Simplify veriexec_removechk() in light of new strict level policies. - Eliminate use of 'securelevel'; veriexec now behaves according to its strict level only.
Revision 1.9.2.16 / (download) - annotate - [select for diffs], Sat Jul 2 15:48:21 2005 UTC (6 years, 10 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.15: +6 -5
lines
Diff to previous 1.9.2.15 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.25 (requested by elad in ticket #487): Sync reality with comments. This makes strict level 1 work as expected. Reported by Nino Dehne.
Revision 1.9.2.15 / (download) - annotate - [select for diffs], Sat Jul 2 15:48:04 2005 UTC (6 years, 10 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.14: +6 -5
lines
Diff to previous 1.9.2.14 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.24 (requested by elad in ticket #487): Correctly handle the case of executing a 'FILE' entry.
Revision 1.9.2.14 / (download) - annotate - [select for diffs], Sat Jul 2 15:47:50 2005 UTC (6 years, 10 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.13: +4 -3
lines
Diff to previous 1.9.2.13 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.23 (requested by elad in ticket #487): Fix potential NULL pointer access.
Revision 1.9.2.13 / (download) - annotate - [select for diffs], Sat Jul 2 15:47:29 2005 UTC (6 years, 10 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.12: +3 -4
lines
Diff to previous 1.9.2.12 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.22 (requested by elad in ticket #487): Cosmetic change..
Revision 1.9.2.12 / (download) - annotate - [select for diffs], Sat Jul 2 15:47:07 2005 UTC (6 years, 10 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.11: +3 -3
lines
Diff to previous 1.9.2.11 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.21 (requested by elad in ticket #487): Oops - forgot to remove it in previous commit. Checking the fingerprint status is enough here.
Revision 1.9.2.11 / (download) - annotate - [select for diffs], Sat Jul 2 15:46:46 2005 UTC (6 years, 10 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.10: +33 -17
lines
Diff to previous 1.9.2.10 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.20 (requested by elad in ticket #487): More veriexec refactoring. - Use u_char for the fingerprint status. - Add a pointer to the vnode's veriexec hash table entry in the vnode struct. This saves a lookup and will also used by planned features. - When removing a file from the tables, set the vnode fingerprint status to NOENTRY. - Add switch to do flag-specific handling in veriexec_verify(). At the moment this prevents execution of FILE entries in strict level 2, but it will also be used by planned features. - Use memset() instead of bzero(). - Various cosmetic changes.
Revision 1.31 / (download) - annotate - [select for diffs], Fri Jul 1 19:50:04 2005 UTC (6 years, 10 months ago) by elad
Branch: MAIN
Branch point for: yamt-lazymbuf
Changes since 1.30: +3 -3
lines
Diff to previous 1.30 (colored)
Use `const struct sysctlnode *veriexec_count_node' so it works with the recent changes in sysctl(9).
Revision 1.30 / (download) - annotate - [select for diffs], Wed Jun 22 21:50:27 2005 UTC (6 years, 11 months ago) by elad
Branch: MAIN
Changes since 1.29: +3 -3
lines
Diff to previous 1.29 (colored)
Fix logic in verbose printing.
Revision 1.29 / (download) - annotate - [select for diffs], Mon Jun 20 15:06:18 2005 UTC (6 years, 11 months ago) by elad
Branch: MAIN
Changes since 1.28: +10 -11
lines
Diff to previous 1.28 (colored)
- Use more calls to veriexec_report() where possible. - Change #ifdef VERIFIED_EXEC_VERBOSE to another verbose level, 2. Add sysctl(3) bits. - Simplify access type conflict handling during load. This depends on the values of access type defines to be ordered from least to most 'strict'.
Revision 1.28 / (download) - annotate - [select for diffs], Sun Jun 19 18:22:36 2005 UTC (6 years, 11 months ago) by elad
Branch: MAIN
Changes since 1.27: +38 -40
lines
Diff to previous 1.27 (colored)
- Avoid pollution of struct vnode. Save the fingerprint evaluation status in the veriexec table entry; the lookups are very cheap now. Suggested by Chuq. - Handle non-regular (!VREG) files correctly). - Remove (no longer needed) FINGERPRINT_NOENTRY.
Revision 1.27 / (download) - annotate - [select for diffs], Fri Jun 17 22:39:08 2005 UTC (6 years, 11 months ago) by elad
Branch: MAIN
Changes since 1.26: +8 -3
lines
Diff to previous 1.26 (colored)
Oops. Don't allow file delete even if it's not monitored if we're in lockdown mode (strict level 3).
Revision 1.26 / (download) - annotate - [select for diffs], Fri Jun 17 17:46:18 2005 UTC (6 years, 11 months ago) by elad
Branch: MAIN
Changes since 1.25: +30 -118
lines
Diff to previous 1.25 (colored)
More veriexec changes:
- Better organize strict level. Now we have 4 levels:
- Level 0, learning mode: Warnings only about anything that might've
resulted in 'access denied' or similar in a higher strict level.
- Level 1, IDS mode:
- Deny access on fingerprint mismatch.
- Deny modification of veriexec tables.
- Level 2, IPS mode:
- All implications of strict level 1.
- Deny write access to monitored files.
- Prevent removal of monitored files.
- Enforce access type - 'direct', 'indirect', or 'file'.
- Level 3, lockdown mode:
- All implications of strict level 2.
- Prevent creation of new files.
- Deny access to non-monitored files.
- Update sysctl(3) man-page with above. (date bumped too :)
- Remove FINGERPRINT_INDIRECT from possible fp_status values; it's no
longer needed.
- Simplify veriexec_removechk() in light of new strict level policies.
- Eliminate use of 'securelevel'; veriexec now behaves according to
its strict level only.
Revision 1.25 / (download) - annotate - [select for diffs], Tue Jun 14 21:55:21 2005 UTC (6 years, 11 months ago) by elad
Branch: MAIN
Changes since 1.24: +6 -5
lines
Diff to previous 1.24 (colored)
Sync reality with comments. This makes strict level 1 work as expected. Reported by Nino Dehne.
Revision 1.24 / (download) - annotate - [select for diffs], Mon Jun 13 22:46:56 2005 UTC (6 years, 11 months ago) by elad
Branch: MAIN
Changes since 1.23: +6 -5
lines
Diff to previous 1.23 (colored)
Correctly handle the case of executing a 'FILE' entry.
Revision 1.23 / (download) - annotate - [select for diffs], Mon Jun 13 21:09:49 2005 UTC (6 years, 11 months ago) by elad
Branch: MAIN
Changes since 1.22: +4 -3
lines
Diff to previous 1.22 (colored)
Fix potential NULL pointer access.
Revision 1.22 / (download) - annotate - [select for diffs], Mon Jun 13 20:52:13 2005 UTC (6 years, 11 months ago) by elad
Branch: MAIN
Changes since 1.21: +3 -4
lines
Diff to previous 1.21 (colored)
Cosmetic change..
Revision 1.21 / (download) - annotate - [select for diffs], Mon Jun 13 20:23:15 2005 UTC (6 years, 11 months ago) by elad
Branch: MAIN
Changes since 1.20: +3 -3
lines
Diff to previous 1.20 (colored)
Oops - forgot to remove it in previous commit. Checking the fingerprint status is enough here.
Revision 1.20 / (download) - annotate - [select for diffs], Mon Jun 13 20:17:54 2005 UTC (6 years, 11 months ago) by elad
Branch: MAIN
Changes since 1.19: +33 -17
lines
Diff to previous 1.19 (colored)
More veriexec refactoring.
- Use u_char for the fingerprint status.
- Add a pointer to the vnode's veriexec hash table entry in the vnode
struct. This saves a lookup and will also used by planned features.
- When removing a file from the tables, set the vnode fingerprint status
to NOENTRY.
- Add switch to do flag-specific handling in veriexec_verify(). At the
moment this prevents execution of FILE entries in strict level 2, but
it will also be used by planned features.
- Use memset() instead of bzero().
- Various cosmetic changes.
Revision 1.9.2.10 / (download) - annotate - [select for diffs], Fri Jun 10 15:25:14 2005 UTC (6 years, 11 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.9: +11 -11
lines
Diff to previous 1.9.2.9 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.19 (requested by elad in ticket #389): Make veriexec_fp_cmp() a bit more useful by allowing it to compare two fingerprints based on a common algorithm without requiring an actual entry in the tables.
Revision 1.9.2.9 / (download) - annotate - [select for diffs], Fri Jun 10 15:24:46 2005 UTC (6 years, 11 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.8: +6 -8
lines
Diff to previous 1.9.2.8 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.18 (requested by elad in ticket #389): Use PAGE_SIZE chunks, not VERIEXEC_BUFSIZE - it's very important that the size is not arbitrary and is exactly the size of a page.
Revision 1.9.2.8 / (download) - annotate - [select for diffs], Fri Jun 10 15:24:18 2005 UTC (6 years, 11 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.7: +87 -73
lines
Diff to previous 1.9.2.7 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.17 (requested by elad in ticket #389): - Add VERIEXEC_OPINIT() and veriexec_add_fp_ops(), simplifying the addition of fingerprinting algorithms to the ops vector. - Cleanup in veriexec_add_fp_name(). - Remove veriexec_default_ops and use the above API for adding the default methods in veriexec_init_fp_ops().
Revision 1.9.2.7 / (download) - annotate - [select for diffs], Fri Jun 10 15:16:04 2005 UTC (6 years, 11 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.6: +9 -2
lines
Diff to previous 1.9.2.6 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.16 (requested by elad in ticket #389): Add indication for number of fingerprinted files on each device. When a table is created for a new device, a new variable is created under the kern.veriexec.count node named "dev_<id>". For example, dev_0, dev_3, etc.
Revision 1.9.2.6 / (download) - annotate - [select for diffs], Fri Jun 10 15:10:03 2005 UTC (6 years, 11 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.5: +125 -98
lines
Diff to previous 1.9.2.5 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.15 (requested by elad in ticket #389): Some changes in veriexec. New features: - Add a veriexec_report() routine to make most reporting consistent and remove some common code. - Add 'strict' mode that controls how veriexec behaves. - Add sysctl knobs: o kern.veriexec.verbose controls verbosity levels. Value: 0, 1. o kern.veriexec.strict controls strict level. Values: 0, 1, 2. See documentation in sysctl(3) for details. o kern.veriexec.algorithms returns a string with a space separated list of supported hashing algorithms in veriexec. - Updated documentation in man pages for sysctl(3) and sysctl(8). Bug fixes: - veriexec_removechk(): Code cleanup + handle FINGERPRINT_NOTEVAL correctly. - exec_script(): Don't pass 0 as flag when executing a script; use the defined VERIEXEC_INDIRECT - which is 1. Makes indirect execution enforcement work. - Fix some printing formats and types..
Revision 1.9.2.5 / (download) - annotate - [select for diffs], Fri Jun 10 15:04:29 2005 UTC (6 years, 11 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.4: +19 -19
lines
Diff to previous 1.9.2.4 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.14 (requested by elad in ticket #389): Panic strings should not end with \n.
Revision 1.9.2.4 / (download) - annotate - [select for diffs], Fri Jun 10 15:04:06 2005 UTC (6 years, 11 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.3: +2 -3
lines
Diff to previous 1.9.2.3 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.13 (requested by elad in ticket #389): Don't adjust the size of the hash table on file removes, it breaks things.
Revision 1.9.2.3 / (download) - annotate - [select for diffs], Fri Jun 10 15:00:14 2005 UTC (6 years, 11 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.2: +9 -3
lines
Diff to previous 1.9.2.2 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.12 (requested by elad in ticket #389): Fix possible bad memory reference, add panic on inconsistent state.
Revision 1.9.2.2 / (download) - annotate - [select for diffs], Fri Jun 10 14:59:55 2005 UTC (6 years, 11 months ago) by tron
Branch: netbsd-3
Changes since 1.9.2.1: +3 -13
lines
Diff to previous 1.9.2.1 (colored) to branchpoint 1.9 (colored)
Pull up revision 1.11 (requested by elad in ticket #389): Remove bogus DIAGNOSTIC check and panic.
Revision 1.9.2.1 / (download) - annotate - [select for diffs], Fri Jun 10 14:47:17 2005 UTC (6 years, 11 months ago) by tron
Branch: netbsd-3
Changes since 1.9: +460 -263
lines
Diff to previous 1.9 (colored)
Pull up revision 1.10 (requested by elad in ticket #389): Rototill of the verified exec functionality. * We now use hash tables instead of a list to store the in kernel fingerprints. * Fingerprint methods handling has been made more flexible, it is now even simpler to add new methods. * the loader no longer passes in magic numbers representing the fingerprint method so veriexecctl is not longer kernel specific. * fingerprint methods can be tailored out using options in the kernel config file. * more fingerprint methods added - rmd160, sha256/384/512 * veriexecctl can now report the fingerprint methods supported by the running kernel. * regularised the naming of some portions of veriexec.
Revision 1.19 / (download) - annotate - [select for diffs], Sun May 29 16:07:10 2005 UTC (6 years, 11 months ago) by elad
Branch: MAIN
Changes since 1.18: +11 -11
lines
Diff to previous 1.18 (colored)
Make veriexec_fp_cmp() a bit more useful by allowing it to compare two fingerprints based on a common algorithm without requiring an actual entry in the tables.
Revision 1.18 / (download) - annotate - [select for diffs], Sat May 28 16:37:20 2005 UTC (6 years, 11 months ago) by elad
Branch: MAIN
Changes since 1.17: +6 -8
lines
Diff to previous 1.17 (colored)
Use PAGE_SIZE chunks, not VERIEXEC_BUFSIZE - it's very important that the size is not arbitrary and is exactly the size of a page.
Revision 1.17 / (download) - annotate - [select for diffs], Sat May 28 15:49:36 2005 UTC (6 years, 11 months ago) by elad
Branch: MAIN
Changes since 1.16: +87 -73
lines
Diff to previous 1.16 (colored)
- Add VERIEXEC_OPINIT() and veriexec_add_fp_ops(), simplifying the addition of fingerprinting algorithms to the ops vector. - Cleanup in veriexec_add_fp_name(). - Remove veriexec_default_ops and use the above API for adding the default methods in veriexec_init_fp_ops().
Revision 1.16 / (download) - annotate - [select for diffs], Sun May 22 22:34:01 2005 UTC (7 years ago) by elad
Branch: MAIN
Changes since 1.15: +9 -2
lines
Diff to previous 1.15 (colored)
Add indication for number of fingerprinted files on each device. When a table is created for a new device, a new variable is created under the kern.veriexec.count node named "dev_<id>". For example, dev_0, dev_3, etc.
Revision 1.15 / (download) - annotate - [select for diffs], Thu May 19 20:16:19 2005 UTC (7 years ago) by elad
Branch: MAIN
Changes since 1.14: +125 -98
lines
Diff to previous 1.14 (colored)
Some changes in veriexec.
New features:
- Add a veriexec_report() routine to make most reporting consistent and
remove some common code.
- Add 'strict' mode that controls how veriexec behaves.
- Add sysctl knobs:
o kern.veriexec.verbose controls verbosity levels. Value: 0, 1.
o kern.veriexec.strict controls strict level. Values: 0, 1, 2. See
documentation in sysctl(3) for details.
o kern.veriexec.algorithms returns a string with a space separated
list of supported hashing algorithms in veriexec.
- Updated documentation in man pages for sysctl(3) and sysctl(8).
Bug fixes:
- veriexec_removechk(): Code cleanup + handle FINGERPRINT_NOTEVAL
correctly.
- exec_script(): Don't pass 0 as flag when executing a script; use the
defined VERIEXEC_INDIRECT - which is 1. Makes indirect execution
enforcement work.
- Fix some printing formats and types..
Revision 1.14 / (download) - annotate - [select for diffs], Sun May 8 18:44:39 2005 UTC (7 years ago) by christos
Branch: MAIN
Changes since 1.13: +19 -19
lines
Diff to previous 1.13 (colored)
Panic strings should not end with \n.
Revision 1.8.4.1 / (download) - annotate - [select for diffs], Fri Apr 29 11:29:24 2005 UTC (7 years ago) by kent
Branch: kent-audio2
Changes since 1.8: +457 -265
lines
Diff to previous 1.8 (colored) next main 1.9 (colored)
sync with -current
Revision 1.13 / (download) - annotate - [select for diffs], Tue Apr 26 10:45:41 2005 UTC (7 years, 1 month ago) by blymn
Branch: MAIN
CVS Tags: kent-audio2-base
Changes since 1.12: +2 -3
lines
Diff to previous 1.12 (colored)
Don't adjust the size of the hash table on file removes, it breaks things.
Revision 1.12 / (download) - annotate - [select for diffs], Sun Apr 24 12:58:26 2005 UTC (7 years, 1 month ago) by blymn
Branch: MAIN
Changes since 1.11: +9 -3
lines
Diff to previous 1.11 (colored)
Fix possible bad memory reference, add panic on inconsistent state.
Revision 1.11 / (download) - annotate - [select for diffs], Sat Apr 23 09:10:47 2005 UTC (7 years, 1 month ago) by blymn
Branch: MAIN
Changes since 1.10: +3 -13
lines
Diff to previous 1.10 (colored)
Remove bogus DIAGNOSTIC check and panic.
Revision 1.10 / (download) - annotate - [select for diffs], Wed Apr 20 13:44:46 2005 UTC (7 years, 1 month ago) by blymn
Branch: MAIN
Changes since 1.9: +460 -263
lines
Diff to previous 1.9 (colored)
Rototill of the verified exec functionality.
* We now use hash tables instead of a list to store the in kernel
fingerprints.
* Fingerprint methods handling has been made more flexible, it is now
even simpler to add new methods.
* the loader no longer passes in magic numbers representing the
fingerprint method so veriexecctl is not longer kernel specific.
* fingerprint methods can be tailored out using options in the kernel
config file.
* more fingerprint methods added - rmd160, sha256/384/512
* veriexecctl can now report the fingerprint methods supported by the
running kernel.
* regularised the naming of some portions of veriexec.
Revision 1.8.6.1 / (download) - annotate - [select for diffs], Sat Mar 19 08:36:12 2005 UTC (7 years, 2 months ago) by yamt
Branch: yamt-km
Changes since 1.8: +13 -13
lines
Diff to previous 1.8 (colored) next main 1.9 (colored)
sync with head. xen and whitespace. xen part is not finished.
Revision 1.3.2.4 / (download) - annotate - [select for diffs], Fri Mar 4 16:51:59 2005 UTC (7 years, 2 months ago) by skrll
Branch: ktrace-lwp
Changes since 1.3.2.3: +13 -13
lines
Diff to previous 1.3.2.3 (colored)
Sync with HEAD. Hi Perry!
Revision 1.9 / (download) - annotate - [select for diffs], Sat Feb 26 21:34:55 2005 UTC (7 years, 2 months ago) by perry
Branch: MAIN
CVS Tags: yamt-km-base4,
yamt-km-base3,
netbsd-3-base
Branch point for: netbsd-3
Changes since 1.8: +13 -13
lines
Diff to previous 1.8 (colored)
nuke trailing whitespace
Revision 1.3.2.3 / (download) - annotate - [select for diffs], Tue Sep 21 13:35:11 2004 UTC (7 years, 8 months ago) by skrll
Branch: ktrace-lwp
Changes since 1.3.2.2: +2 -2
lines
Diff to previous 1.3.2.2 (colored)
Fix the sync with head I botched.
Revision 1.3.2.2 / (download) - annotate - [select for diffs], Sat Sep 18 14:53:03 2004 UTC (7 years, 8 months ago) by skrll
Branch: ktrace-lwp
Changes since 1.3.2.1: +4 -4
lines
Diff to previous 1.3.2.1 (colored)
Sync with HEAD.
Revision 1.8 / (download) - annotate - [select for diffs], Fri Sep 17 14:11:25 2004 UTC (7 years, 8 months ago) by skrll
Branch: MAIN
CVS Tags: yamt-km-base2,
yamt-km-base,
matt-timespec,
kent-audio1-beforemerge,
kent-audio1-base,
kent-audio1
Branch point for: yamt-km,
kent-audio2
Changes since 1.7: +4 -4
lines
Diff to previous 1.7 (colored)
There's no need to pass a proc value when using UIO_SYSSPACE with vn_rdwr(9) and uiomove(9). OK'd by Jason Thorpe
Revision 1.3.2.1 / (download) - annotate - [select for diffs], Tue Aug 3 10:52:54 2004 UTC (7 years, 9 months ago) by skrll
Branch: ktrace-lwp
Changes since 1.3: +9 -6
lines
Diff to previous 1.3 (colored)
Sync with HEAD
Revision 1.7 / (download) - annotate - [select for diffs], Tue Nov 18 13:13:03 2003 UTC (8 years, 6 months ago) by martin
Branch: MAIN
CVS Tags: netbsd-2-base,
netbsd-2-1-RELEASE,
netbsd-2-1-RC6,
netbsd-2-1-RC5,
netbsd-2-1-RC4,
netbsd-2-1-RC3,
netbsd-2-1-RC2,
netbsd-2-1-RC1,
netbsd-2-1,
netbsd-2-0-base,
netbsd-2-0-RELEASE,
netbsd-2-0-RC5,
netbsd-2-0-RC4,
netbsd-2-0-RC3,
netbsd-2-0-RC2,
netbsd-2-0-RC1,
netbsd-2-0-3-RELEASE,
netbsd-2-0-2-RELEASE,
netbsd-2-0-1-RELEASE,
netbsd-2-0,
netbsd-2
Changes since 1.6: +3 -3
lines
Diff to previous 1.6 (colored)
Remove spurious space accidently introduced in last.
Revision 1.6 / (download) - annotate - [select for diffs], Tue Nov 18 13:01:21 2003 UTC (8 years, 6 months ago) by martin
Branch: MAIN
Changes since 1.5: +6 -6
lines
Diff to previous 1.5 (colored)
Change K&R string literal continuation lines to ANSI C string concatenation. Fixes PR kern/23474.
Revision 1.5 / (download) - annotate - [select for diffs], Sat Nov 1 17:35:42 2003 UTC (8 years, 6 months ago) by jdolecek
Branch: MAIN
Changes since 1.4: +3 -3
lines
Diff to previous 1.4 (colored)
avoid stong words in comments
Revision 1.4 / (download) - annotate - [select for diffs], Mon Jul 14 14:59:02 2003 UTC (8 years, 10 months ago) by lukem
Branch: MAIN
Changes since 1.3: +4 -1
lines
Diff to previous 1.3 (colored)
add missing __KERNEL_RCSID()
Revision 1.3 / (download) - annotate - [select for diffs], Tue Apr 1 01:41:39 2003 UTC (9 years, 1 month ago) by thorpej
Branch: MAIN
Branch point for: ktrace-lwp
Changes since 1.2: +9 -9
lines
Diff to previous 1.2 (colored)
* Use PAGE_SIZE rather than NBPG. * Use malloc()/free(), rather than MALLOC()/FREE(), since the page size might not be a compile-time constant.
Revision 1.1.2.3 / (download) - annotate - [select for diffs], Wed Dec 11 06:43:07 2002 UTC (9 years, 5 months ago) by thorpej
Branch: nathanw_sa
CVS Tags: nathanw_sa_end
Changes since 1.1.2.2: +6 -23
lines
Diff to previous 1.1.2.2 (colored) next main 1.2 (colored)
Sync with HEAD.
Revision 1.2 / (download) - annotate - [select for diffs], Tue Nov 12 12:54:36 2002 UTC (9 years, 6 months ago) by blymn
Branch: MAIN
CVS Tags: nathanw_sa_before_merge,
nathanw_sa_base,
gmcgarry_ucred_base,
gmcgarry_ucred,
gmcgarry_ctxsw_base,
gmcgarry_ctxsw,
fvdl_fs64_base
Changes since 1.1: +6 -23
lines
Diff to previous 1.1 (colored)
* Don't keep evaluating fingerprint if there is no fingerprints for the device. Should help performance when no fingerprints are loaded. * Back down the securelevel, now securelevel of 2 will make lack of fingerprint or fingerprint mismatch a fatal error. Previously this was done at securelevel 3 or greater.
Revision 1.1.2.2 / (download) - annotate - [select for diffs], Mon Nov 11 22:13:55 2002 UTC (9 years, 6 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.1.2.1: +380 -0
lines
Diff to previous 1.1.2.1 (colored)
Catch up to -current
Revision 1.1.2.1, Tue Oct 29 12:31:23 2002 UTC (9 years, 6 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.1: +0 -380
lines
FILE REMOVED
file kern_verifiedexec.c was added on branch nathanw_sa on 2002-11-11 22:13:55 +0000
Revision 1.1 / (download) - annotate - [select for diffs], Tue Oct 29 12:31:23 2002 UTC (9 years, 6 months ago) by blymn
Branch: MAIN
Branch point for: nathanw_sa
Added support for fingerprinted executables aka verified exec