CVS commit: src/sys/kern

Thu, 31 Aug 2017 01:47:52 -0700 

Module Name:    src
Committed By:   pgoyette
Date:           Thu Aug 31 08:47:19 UTC 2017

Modified Files:
        src/sys/kern: kern_veriexec.c

Log Message:
When adding a new veriexec_file_entry, if an entry already exists with
all the same values (except for the filename) just ignore it.  Otherwise
report the duplicate-entry error.

This allows the user to create a signature file with veriexegen(8) and
not worry about duplicate entries (due to hard-linked files) which will
otherwise cause /etc/rc.d/veriexec to report an error.

Fixes PR kern/52512

XXX Pull-up for -8


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 src/sys/kern/kern_veriexec.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/kern/kern_veriexec.c
diff -u src/sys/kern/kern_veriexec.c:1.15 src/sys/kern/kern_veriexec.c:1.16
--- src/sys/kern/kern_veriexec.c:1.15	Tue Aug 29 12:48:50 2017
+++ src/sys/kern/kern_veriexec.c	Thu Aug 31 08:47:19 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_veriexec.c,v 1.15 2017/08/29 12:48:50 pgoyette Exp $	*/
+/*	$NetBSD: kern_veriexec.c,v 1.16 2017/08/31 08:47:19 pgoyette Exp $	*/
 
 /*-
  * Copyright (c) 2005, 2006 Elad Efrat <e...@netbsd.org>
@@ -29,7 +29,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_veriexec.c,v 1.15 2017/08/29 12:48:50 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_veriexec.c,v 1.16 2017/08/31 08:47:19 pgoyette Exp $");
 
 #include "opt_veriexec.h"
 
@@ -1050,9 +1050,11 @@ veriexec_file_add(struct lwp *l, prop_di
 {
 	struct veriexec_table_entry *vte;
 	struct veriexec_file_entry *vfe = NULL;
+	struct veriexec_file_entry *ovfe;
 	struct vnode *vp;
 	const char *file, *fp_type;
 	int error;
+	bool ignore_dup = false;
 
 	if (!prop_dictionary_get_cstring_nocopy(dict, "file", &file))
 		return (EINVAL);
@@ -1096,12 +1098,6 @@ veriexec_file_add(struct lwp *l, prop_di
 
 	rw_enter(&veriexec_op_lock, RW_WRITER);
 
-	if (veriexec_get(vp)) {
-		/* We already have an entry for this file. */
-		error = EEXIST;
-		goto unlock_out;
-	}
-
 	/* Continue entry initialization. */
 	if (prop_dictionary_get_uint8(dict, "entry-type", &vfe->type) == FALSE)
 		vfe->type = 0;
@@ -1140,6 +1136,22 @@ veriexec_file_add(struct lwp *l, prop_di
 		vfe->status = status;
 	}
 
+	/*
+	 * If we already have an entry for this file, and it matches
+	 * the new entry exactly (except for the filename, which may
+	 * hard-linked!), we just ignore the new entry.  If the new
+	 * entry differs, report the error.
+	 */
+	if ((ovfe = veriexec_get(vp)) != NULL) {
+		error = EEXIST;
+		if (vfe->type == ovfe->type &&
+		    vfe->status == ovfe->status &&
+		    vfe->ops == ovfe->ops &&
+		    memcmp(vfe->fp, ovfe->fp, vfe->ops->hash_len) == 0)
+			ignore_dup = true;
+		goto unlock_out;
+	}
+
 	vte = veriexec_table_lookup(vp->v_mount);
 	if (vte == NULL)
 		vte = veriexec_table_add(l, vp->v_mount);
@@ -1163,6 +1175,9 @@ veriexec_file_add(struct lwp *l, prop_di
 	if (error)
 		veriexec_file_free(vfe);
 
+	if (ignore_dup && error == EEXIST)
+		error = 0;
+
 	return (error);
 }

Reply via email to