| History log of /src/sys/kern/kern_veriexec.c |
| Revision | | Date | Author | Comments |
| 1.27 |
| 09-Apr-2023 |
riastradh | kern: KASSERT(A && B) -> KASSERT(A); KASSERT(B)
|
| 1.26 |
| 11-Jun-2020 |
thorpej | Oops, missed a couple.
|
| 1.25 |
| 11-Jun-2020 |
thorpej | Update for proplib(3) API changes.
|
| 1.24 |
| 08-Jun-2020 |
thorpej | Update for proplib(3) API changes.
|
| 1.23 |
| 21-Feb-2020 |
joerg | Explicitly cast pointers to uintptr_t before casting to enums. They are
not necessarily the same size. Don't cast pointers to bool, check for
NULL instead.
|
| 1.22 |
| 16-Oct-2019 |
christos | branches: 1.22.2;
Add and use __FPTRCAST, requested by uwe@
|
| 1.21 |
| 16-Oct-2019 |
christos | Add void * function pointer casts. There are different ways to "fix" those
warnings:
1. this one: add a void * cast (which I think is the least intrusive)
2. add pragmas to elide the warning
3. add intermediate inline conversion functions
4. change the called function prototypes, adding unused arguments and
converting some of the pointer arguments to void *.
5. make the functions varyadic (which defeats the purpose of checking)
6. pass command line flags to elide the warning
I did try 3 and 4 and I was not pleased with the result (sys_ptrace_common.c)
(3) added too much code and defines, and (4) made the regular use clumsy.
|
| 1.20 |
| 28-Apr-2019 |
alnsn | Document that veriexec_file_add() also expects keep-filename and eval-on-load.
|
| 1.19 |
| 04-Feb-2019 |
mrg | use __builtin_unreachable() after calls that panic or switch context
|
| 1.18 |
| 07-Nov-2017 |
christos | branches: 1.18.2; 1.18.6;
Add two utility functions to help use kmem with strings: kmem_strdupsize,
kmem_strfree.
|
| 1.17 |
| 13-Sep-2017 |
sevan | Remove support for VERIFIED_EXEC_FP_RMD160, VERIFIED_EXEC_FP_SHA1, and VERIFIED_EXEC_FP_MD5 options.
These algorithms are either broken or on their way to being broken.
Discussed on tech-security
http://mail-index.netbsd.org/tech-security/2017/08/21/msg000936.html
ok riastradh
|
| 1.16 |
| 31-Aug-2017 |
pgoyette | When adding a new veriexec_file_entry, if an entry already exists with
all the same values (except for the filename) just ignore it. Otherwise
report the duplicate-entry error.
This allows the user to create a signature file with veriexegen(8) and
not worry about duplicate entries (due to hard-linked files) which will
otherwise cause /etc/rc.d/veriexec to report an error.
Fixes PR kern/52512
XXX Pull-up for -8
|
| 1.15 |
| 29-Aug-2017 |
pgoyette | Revert previous changes. They are wrong. The intended clean-up
is already being handled by the call to veriexec_file_free() in
the "out:" path.
|
| 1.14 |
| 29-Aug-2017 |
pgoyette | One more resource to release - the filename, if we kept it.
|
| 1.13 |
| 29-Aug-2017 |
pgoyette | Release any allocated resources if we take the error paths.
As posted on tech-kern and discussed on IRC.
|
| 1.12 |
| 12-Apr-2017 |
hannken | branches: 1.12.4;
Switch veriexec_dump() and veriexec_flush() to mountlist iterator.
|
| 1.11 |
| 04-Aug-2015 |
maxv | branches: 1.11.2; 1.11.4;
Remove uvm_extern.h and exec.h (unused).
|
| 1.10 |
| 04-Aug-2015 |
maxv | Small changes:
- remove the per-page stuff. It has been disabled for 10 years, and it is
not implemented properly.
- typo in comment
- use KASSERT
|
| 1.9 |
| 24-Jul-2015 |
maxv | Unused inits (harmless).
Found by Brainy.
|
| 1.8 |
| 27-Apr-2015 |
riastradh | branches: 1.8.2;
KASSERT x then y, not (x && y).
|
| 1.7 |
| 27-Apr-2015 |
maxv | Remove FreeBSD.
ok elad@
|
| 1.6 |
| 26-Apr-2015 |
maxv | If we already have an entry for the file being loaded, return EEXIST, don't
silently skip it.
|
| 1.5 |
| 25-Apr-2015 |
maxv | Make veriexec_renamechk() more readable. Also add a KASSERT on vte_count.
No real functional change
|
| 1.4 |
| 25-Apr-2015 |
maxv | Instead of duplicating code, add veriexec_fp_status(). Also reorder a
useless goto.
|
| 1.3 |
| 25-Apr-2015 |
maxv | Don't mix veriexec lock and file lock in veriexec_file_verify().
Now:
- 'veriexec_op_lock' needs to be held when calling veriexec_file_verify()
- the 'file_lock_state' argument indicates if the file is locked
- add some KASSERTs
|
| 1.2 |
| 25-Apr-2015 |
maxv | KNF
|
| 1.1 |
| 13-Feb-2015 |
maxv | branches: 1.1.2;
Rename kern_verifiedexec.c to kern_veriexec.c. "Veriexec" is the name of
the subsystem, not "Verifiedexec".
The revisions of kern_verifiedexec.c are now in Attic/.
No change between kern_verifiedexec.c and kern_veriexec.c.
Also, update the man page accordingly.
Okayed by christos@ and blymn@ some months ago.
|
| 1.1.2.5 |
| 28-Aug-2017 |
skrll | Sync with HEAD
|
| 1.1.2.4 |
| 22-Sep-2015 |
skrll | Sync with HEAD
|
| 1.1.2.3 |
| 06-Jun-2015 |
skrll | Sync with HEAD
|
| 1.1.2.2 |
| 06-Apr-2015 |
skrll | Sync with HEAD
|
| 1.1.2.1 |
| 13-Feb-2015 |
skrll | file kern_veriexec.c was added on branch nick-nhusb on 2015-04-06 15:18:20 +0000
|
| 1.8.2.2 |
| 19-May-2015 |
snj | Pull up following revision(s) (requested by maxv in ticket #764):
sbin/veriexecctl/veriexecctl.c: revision 1.38
share/man/man9/veriexec.9: revision 1.10
sys/conf/files: revision 1.1128
sys/dev/verified_exec.c: revisions 1.70, 1.71
sys/kern/kern_veriexec.c: revisions 1.1-1.8
sys/kern/kern_verifiedexec.c: delete
Rename kern_verifiedexec.c to kern_veriexec.c. "Veriexec" is the name of
the subsystem, not "Verifiedexec".
The revisions of kern_verifiedexec.c are now in Attic/.
No change between kern_verifiedexec.c and kern_veriexec.c.
Also, update the man page accordingly.
Okayed by christos@ and blymn@ some months ago.
--
KNF
--
Don't mix veriexec lock and file lock in veriexec_file_verify().
Now:
- 'veriexec_op_lock' needs to be held when calling veriexec_file_verify()
- the 'file_lock_state' argument indicates if the file is locked
- add some KASSERTs
--
Instead of duplicating code, add veriexec_fp_status(). Also reorder a
useless goto.
--
Make veriexec_renamechk() more readable. Also add a KASSERT on vte_count.
No real functional change
--
If we already have an entry for the file being loaded, return EEXIST, don't
silently skip it.
--
Remove FreeBSD.
ok elad@
--
KASSERT x then y, not (x && y).
--
KNF
--
Not to add even more confusion in an already overcomplicated subsystem,
remove the FreeBSD code. This code is likely to be outdated, and Veriexec
is in all cases not available on FreeBSD.
--
Be a bit more verbose if the kernel rejects a file
|
| 1.8.2.1 |
| 27-Apr-2015 |
snj | file kern_veriexec.c was added on branch netbsd-7 on 2015-05-19 04:42:32 +0000
|
| 1.11.4.1 |
| 21-Apr-2017 |
bouyer | Sync with HEAD
|
| 1.11.2.1 |
| 26-Apr-2017 |
pgoyette | Sync with HEAD
|
| 1.12.4.1 |
| 31-Aug-2017 |
martin | Pull up following revision(s) (requested by pgoyette in ticket #251):
sys/kern/kern_veriexec.c: revision 1.16
When adding a new veriexec_file_entry, if an entry already exists with
all the same values (except for the filename) just ignore it. Otherwise
report the duplicate-entry error.
This allows the user to create a signature file with veriexegen(8) and
not worry about duplicate entries (due to hard-linked files) which will
otherwise cause /etc/rc.d/veriexec to report an error.
Fixes PR kern/52512
XXX Pull-up for -8
|
| 1.18.6.3 |
| 13-Apr-2020 |
martin | Mostly merge changes from HEAD upto 20200411
|
| 1.18.6.2 |
| 08-Apr-2020 |
martin | Merge changes from current as of 20200406
|
| 1.18.6.1 |
| 10-Jun-2019 |
christos | Sync with HEAD
|
| 1.18.2.2 |
| 03-Dec-2017 |
jdolecek | update from HEAD
|
| 1.18.2.1 |
| 07-Nov-2017 |
jdolecek | file kern_veriexec.c was added on branch tls-maxphys on 2017-12-03 11:38:45 +0000
|
| 1.22.2.1 |
| 29-Feb-2020 |
ad | Sync with head.
|
