2006-07-16 23:37:55 +04:00
|
|
|
/* $NetBSD: kern_fileassoc.c,v 1.3 2006/07/16 19:37:55 elad Exp $ */
|
okay, since there was no way to divide this to two commits, here it goes..
introduce fileassoc(9), a kernel interface for associating meta-data with
files using in-kernel memory. this is very similar to what we had in
veriexec till now, only abstracted so it can be used more easily by more
consumers.
this also prompted the redesign of the interface, making it work on vnodes
and mounts and not directly on devices and inodes. internally, we still
use file-id but that's gonna change soon... the interface will remain
consistent.
as a result, veriexec went under some heavy changes to conform to the new
interface. since we no longer use device numbers to identify file-systems,
the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now
kern.veriexec.tableN.* where 'N' is NOT the device number but rather a
way to distinguish several mounts.
also worth noting is the plugging of unmount/delete operations
wrt/fileassoc and veriexec.
tons of input from yamt@, wrstuden@, martin@, and christos@.
2006-07-14 22:41:40 +04:00
|
|
|
|
|
|
|
/*-
|
|
|
|
* Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
|
|
* must display the following acknowledgement:
|
|
|
|
* This product includes software developed by Elad Efrat.
|
|
|
|
* 4. The name of the author may not be used to endorse or promote products
|
|
|
|
* derived from this software without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <sys/param.h>
|
|
|
|
#include <sys/mount.h>
|
|
|
|
#include <sys/queue.h>
|
|
|
|
#include <sys/malloc.h>
|
|
|
|
#include <sys/vnode.h>
|
|
|
|
#include <sys/namei.h>
|
|
|
|
#include <sys/exec.h>
|
|
|
|
#include <sys/proc.h>
|
|
|
|
#include <sys/inttypes.h>
|
|
|
|
#include <sys/errno.h>
|
|
|
|
#include <sys/fileassoc.h>
|
2006-07-16 23:37:55 +04:00
|
|
|
#include <sys/hash.h>
|
okay, since there was no way to divide this to two commits, here it goes..
introduce fileassoc(9), a kernel interface for associating meta-data with
files using in-kernel memory. this is very similar to what we had in
veriexec till now, only abstracted so it can be used more easily by more
consumers.
this also prompted the redesign of the interface, making it work on vnodes
and mounts and not directly on devices and inodes. internally, we still
use file-id but that's gonna change soon... the interface will remain
consistent.
as a result, veriexec went under some heavy changes to conform to the new
interface. since we no longer use device numbers to identify file-systems,
the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now
kern.veriexec.tableN.* where 'N' is NOT the device number but rather a
way to distinguish several mounts.
also worth noting is the plugging of unmount/delete operations
wrt/fileassoc and veriexec.
tons of input from yamt@, wrstuden@, martin@, and christos@.
2006-07-14 22:41:40 +04:00
|
|
|
|
|
|
|
struct fileassoc_hook fileassoc_hooks[FILEASSOC_NHOOKS];
|
|
|
|
int fileassoc_nhooks;
|
|
|
|
|
2006-07-16 23:37:55 +04:00
|
|
|
/*
|
|
|
|
* Hook entry.
|
|
|
|
* Includes the hook name for identification and private hook clear callback.
|
|
|
|
*/
|
|
|
|
struct fileassoc_hook {
|
|
|
|
const char *hook_name; /* Hook name. */
|
|
|
|
fileassoc_cleanup_cb_t hook_cleanup_cb; /* Hook clear callback. */
|
|
|
|
};
|
|
|
|
|
|
|
|
/* An entry in the per-device hash table. */
|
|
|
|
struct fileassoc_hash_entry {
|
|
|
|
ino_t fileid; /* File id. */
|
|
|
|
void *hooks[FILEASSOC_NHOOKS]; /* Hooks. */
|
|
|
|
LIST_ENTRY(fileassoc_hash_entry) entries; /* List pointer. */
|
|
|
|
};
|
|
|
|
|
|
|
|
LIST_HEAD(fileassoc_hashhead, fileassoc_hash_entry);
|
|
|
|
|
|
|
|
struct fileassoc_table {
|
|
|
|
struct fileassoc_hashhead *hash_tbl;
|
|
|
|
size_t hash_size; /* Number of slots. */
|
|
|
|
struct mount *tbl_mntpt;
|
|
|
|
u_long hash_mask;
|
|
|
|
void *tables[FILEASSOC_NHOOKS];
|
|
|
|
LIST_ENTRY(fileassoc_table) hash_list; /* List pointer. */
|
|
|
|
};
|
okay, since there was no way to divide this to two commits, here it goes..
introduce fileassoc(9), a kernel interface for associating meta-data with
files using in-kernel memory. this is very similar to what we had in
veriexec till now, only abstracted so it can be used more easily by more
consumers.
this also prompted the redesign of the interface, making it work on vnodes
and mounts and not directly on devices and inodes. internally, we still
use file-id but that's gonna change soon... the interface will remain
consistent.
as a result, veriexec went under some heavy changes to conform to the new
interface. since we no longer use device numbers to identify file-systems,
the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now
kern.veriexec.tableN.* where 'N' is NOT the device number but rather a
way to distinguish several mounts.
also worth noting is the plugging of unmount/delete operations
wrt/fileassoc and veriexec.
tons of input from yamt@, wrstuden@, martin@, and christos@.
2006-07-14 22:41:40 +04:00
|
|
|
|
|
|
|
/* Global list of hash tables, one per device. */
|
|
|
|
LIST_HEAD(, fileassoc_table) fileassoc_tables;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Hashing function: Takes a number modulus the mask to give back
|
|
|
|
* an index into the hash table.
|
|
|
|
*/
|
|
|
|
#define FILEASSOC_HASH(tbl, fileid) \
|
|
|
|
(hash32_buf(&(fileid), sizeof((fileid)), HASH32_BUF_INIT) \
|
|
|
|
& ((tbl)->hash_mask))
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Initialize the fileassoc subsystem.
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
fileassoc_init(void)
|
|
|
|
{
|
|
|
|
memset(fileassoc_hooks, 0, sizeof(fileassoc_hooks));
|
|
|
|
fileassoc_nhooks = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Register a new hook.
|
|
|
|
*/
|
|
|
|
fileassoc_t
|
|
|
|
fileassoc_register(const char *name, fileassoc_cleanup_cb_t cleanup_cb)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
if (fileassoc_nhooks >= FILEASSOC_NHOOKS)
|
|
|
|
return (-1);
|
|
|
|
|
|
|
|
for (i = 0; i < FILEASSOC_NHOOKS; i++)
|
|
|
|
if (fileassoc_hooks[i].hook_name == NULL)
|
|
|
|
break;
|
|
|
|
|
|
|
|
fileassoc_hooks[i].hook_name = name;
|
|
|
|
fileassoc_hooks[i].hook_cleanup_cb = cleanup_cb;
|
|
|
|
|
|
|
|
fileassoc_nhooks++;
|
|
|
|
|
|
|
|
return (i);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Deregister a hook.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
fileassoc_deregister(fileassoc_t id)
|
|
|
|
{
|
|
|
|
if (id < 0 || id >= FILEASSOC_NHOOKS)
|
|
|
|
return (EINVAL);
|
|
|
|
|
|
|
|
fileassoc_hooks[id].hook_name = NULL;
|
|
|
|
fileassoc_hooks[id].hook_cleanup_cb = NULL;
|
|
|
|
|
|
|
|
fileassoc_nhooks--;
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get the hash table for the specified device.
|
|
|
|
*/
|
2006-07-16 23:37:55 +04:00
|
|
|
static struct fileassoc_table *
|
okay, since there was no way to divide this to two commits, here it goes..
introduce fileassoc(9), a kernel interface for associating meta-data with
files using in-kernel memory. this is very similar to what we had in
veriexec till now, only abstracted so it can be used more easily by more
consumers.
this also prompted the redesign of the interface, making it work on vnodes
and mounts and not directly on devices and inodes. internally, we still
use file-id but that's gonna change soon... the interface will remain
consistent.
as a result, veriexec went under some heavy changes to conform to the new
interface. since we no longer use device numbers to identify file-systems,
the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now
kern.veriexec.tableN.* where 'N' is NOT the device number but rather a
way to distinguish several mounts.
also worth noting is the plugging of unmount/delete operations
wrt/fileassoc and veriexec.
tons of input from yamt@, wrstuden@, martin@, and christos@.
2006-07-14 22:41:40 +04:00
|
|
|
fileassoc_table_lookup(struct mount *mp)
|
|
|
|
{
|
|
|
|
struct fileassoc_table *tbl;
|
|
|
|
|
|
|
|
LIST_FOREACH(tbl, &fileassoc_tables, hash_list) {
|
|
|
|
if (tbl->tbl_mntpt == mp)
|
|
|
|
return (tbl);
|
|
|
|
}
|
|
|
|
|
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Perform a lookup on a hash table.
|
|
|
|
*/
|
2006-07-16 23:37:55 +04:00
|
|
|
static struct fileassoc_hash_entry *
|
okay, since there was no way to divide this to two commits, here it goes..
introduce fileassoc(9), a kernel interface for associating meta-data with
files using in-kernel memory. this is very similar to what we had in
veriexec till now, only abstracted so it can be used more easily by more
consumers.
this also prompted the redesign of the interface, making it work on vnodes
and mounts and not directly on devices and inodes. internally, we still
use file-id but that's gonna change soon... the interface will remain
consistent.
as a result, veriexec went under some heavy changes to conform to the new
interface. since we no longer use device numbers to identify file-systems,
the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now
kern.veriexec.tableN.* where 'N' is NOT the device number but rather a
way to distinguish several mounts.
also worth noting is the plugging of unmount/delete operations
wrt/fileassoc and veriexec.
tons of input from yamt@, wrstuden@, martin@, and christos@.
2006-07-14 22:41:40 +04:00
|
|
|
fileassoc_file_lookup(struct vnode *vp)
|
|
|
|
{
|
|
|
|
struct fileassoc_table *tbl;
|
|
|
|
struct fileassoc_hashhead *tble;
|
|
|
|
struct fileassoc_hash_entry *e;
|
|
|
|
struct vattr va;
|
|
|
|
size_t indx;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
error = VOP_GETATTR(vp, &va, curlwp->l_proc->p_cred, curlwp);
|
|
|
|
if (error)
|
|
|
|
return (NULL);
|
|
|
|
|
|
|
|
tbl = fileassoc_table_lookup(vp->v_mount);
|
|
|
|
if (tbl == NULL)
|
|
|
|
return (NULL);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* XXX: We should NOT rely on fileid here!
|
|
|
|
*/
|
|
|
|
indx = FILEASSOC_HASH(tbl, va.va_fileid);
|
|
|
|
tble = &(tbl->hash_tbl[indx & ((tbl)->hash_mask)]);
|
|
|
|
|
|
|
|
LIST_FOREACH(e, tble, entries) {
|
|
|
|
if ((e != NULL) && (e->fileid == va.va_fileid))
|
|
|
|
return (e);
|
|
|
|
}
|
|
|
|
|
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Return hook data associated with a vnode.
|
|
|
|
*/
|
|
|
|
void *
|
|
|
|
fileassoc_lookup(struct vnode *vp, fileassoc_t id)
|
|
|
|
{
|
|
|
|
struct fileassoc_hash_entry *mhe;
|
|
|
|
|
|
|
|
mhe = fileassoc_file_lookup(vp);
|
|
|
|
if (mhe == NULL)
|
|
|
|
return (NULL);
|
|
|
|
|
|
|
|
return (mhe->hooks[id]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Create a new fileassoc table.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
fileassoc_table_add(struct mount *mp, size_t size)
|
|
|
|
{
|
|
|
|
struct fileassoc_table *tbl;
|
|
|
|
|
|
|
|
/* Check for existing table for device. */
|
|
|
|
if (fileassoc_table_lookup(mp) != NULL)
|
|
|
|
return (EEXIST);
|
|
|
|
|
|
|
|
/* Allocate and initialize a Veriexec hash table. */
|
|
|
|
tbl = malloc(sizeof(*tbl), M_TEMP, M_WAITOK | M_ZERO);
|
|
|
|
tbl->hash_size = size;
|
|
|
|
tbl->tbl_mntpt = mp;
|
|
|
|
tbl->hash_tbl = hashinit(size, HASH_LIST, M_TEMP,
|
|
|
|
M_WAITOK | M_ZERO, &tbl->hash_mask);
|
|
|
|
|
|
|
|
LIST_INSERT_HEAD(&fileassoc_tables, tbl, hash_list);
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Delete a table.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
fileassoc_table_delete(struct mount *mp)
|
|
|
|
{
|
|
|
|
struct fileassoc_table *tbl;
|
|
|
|
struct fileassoc_hashhead *hh;
|
|
|
|
u_long i;
|
|
|
|
int j;
|
|
|
|
|
|
|
|
tbl = fileassoc_table_lookup(mp);
|
|
|
|
if (tbl == NULL)
|
|
|
|
return (EEXIST);
|
|
|
|
|
|
|
|
/* Remove all entries from the table and lists */
|
|
|
|
hh = tbl->hash_tbl;
|
|
|
|
for (i = 0; i < tbl->hash_size; i++) {
|
|
|
|
struct fileassoc_hash_entry *mhe;
|
|
|
|
|
|
|
|
while (LIST_FIRST(&hh[i]) != NULL) {
|
|
|
|
mhe = LIST_FIRST(&hh[i]);
|
|
|
|
LIST_REMOVE(mhe, entries);
|
|
|
|
|
|
|
|
for (j = 0; j < fileassoc_nhooks; j++)
|
|
|
|
if (fileassoc_hooks[j].hook_cleanup_cb != NULL)
|
2006-07-15 20:42:12 +04:00
|
|
|
(fileassoc_hooks[j].hook_cleanup_cb)
|
|
|
|
(mhe->hooks[j],
|
|
|
|
FILEASSOC_CLEANUP_FILE);
|
okay, since there was no way to divide this to two commits, here it goes..
introduce fileassoc(9), a kernel interface for associating meta-data with
files using in-kernel memory. this is very similar to what we had in
veriexec till now, only abstracted so it can be used more easily by more
consumers.
this also prompted the redesign of the interface, making it work on vnodes
and mounts and not directly on devices and inodes. internally, we still
use file-id but that's gonna change soon... the interface will remain
consistent.
as a result, veriexec went under some heavy changes to conform to the new
interface. since we no longer use device numbers to identify file-systems,
the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now
kern.veriexec.tableN.* where 'N' is NOT the device number but rather a
way to distinguish several mounts.
also worth noting is the plugging of unmount/delete operations
wrt/fileassoc and veriexec.
tons of input from yamt@, wrstuden@, martin@, and christos@.
2006-07-14 22:41:40 +04:00
|
|
|
|
|
|
|
free(mhe, M_TEMP);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
for (j = 0; j < fileassoc_nhooks; j++)
|
|
|
|
if (fileassoc_hooks[j].hook_cleanup_cb != NULL)
|
2006-07-15 20:42:12 +04:00
|
|
|
(fileassoc_hooks[j].hook_cleanup_cb)(tbl->tables[j],
|
|
|
|
FILEASSOC_CLEANUP_TABLE);
|
okay, since there was no way to divide this to two commits, here it goes..
introduce fileassoc(9), a kernel interface for associating meta-data with
files using in-kernel memory. this is very similar to what we had in
veriexec till now, only abstracted so it can be used more easily by more
consumers.
this also prompted the redesign of the interface, making it work on vnodes
and mounts and not directly on devices and inodes. internally, we still
use file-id but that's gonna change soon... the interface will remain
consistent.
as a result, veriexec went under some heavy changes to conform to the new
interface. since we no longer use device numbers to identify file-systems,
the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now
kern.veriexec.tableN.* where 'N' is NOT the device number but rather a
way to distinguish several mounts.
also worth noting is the plugging of unmount/delete operations
wrt/fileassoc and veriexec.
tons of input from yamt@, wrstuden@, martin@, and christos@.
2006-07-14 22:41:40 +04:00
|
|
|
|
|
|
|
/* Remove hash table and sysctl node */
|
|
|
|
hashdone(tbl->hash_tbl, M_TEMP);
|
|
|
|
LIST_REMOVE(tbl, hash_list);
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Clear a table for a given hook.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
fileassoc_table_clear(struct mount *mp, fileassoc_t id)
|
|
|
|
{
|
|
|
|
struct fileassoc_table *tbl;
|
|
|
|
struct fileassoc_hashhead *hh;
|
|
|
|
fileassoc_cleanup_cb_t cleanup_cb;
|
|
|
|
u_long i;
|
|
|
|
|
|
|
|
tbl = fileassoc_table_lookup(mp);
|
|
|
|
if (tbl == NULL)
|
|
|
|
return (EEXIST);
|
|
|
|
|
|
|
|
cleanup_cb = fileassoc_hooks[id].hook_cleanup_cb;
|
|
|
|
|
|
|
|
hh = tbl->hash_tbl;
|
|
|
|
for (i = 0; i < tbl->hash_size; i++) {
|
|
|
|
struct fileassoc_hash_entry *mhe;
|
|
|
|
|
|
|
|
LIST_FOREACH(mhe, &hh[i], entries) {
|
|
|
|
if ((mhe->hooks[id] != NULL) && cleanup_cb != NULL)
|
2006-07-15 20:42:12 +04:00
|
|
|
cleanup_cb(mhe->hooks[id],
|
|
|
|
FILEASSOC_CLEANUP_FILE);
|
okay, since there was no way to divide this to two commits, here it goes..
introduce fileassoc(9), a kernel interface for associating meta-data with
files using in-kernel memory. this is very similar to what we had in
veriexec till now, only abstracted so it can be used more easily by more
consumers.
this also prompted the redesign of the interface, making it work on vnodes
and mounts and not directly on devices and inodes. internally, we still
use file-id but that's gonna change soon... the interface will remain
consistent.
as a result, veriexec went under some heavy changes to conform to the new
interface. since we no longer use device numbers to identify file-systems,
the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now
kern.veriexec.tableN.* where 'N' is NOT the device number but rather a
way to distinguish several mounts.
also worth noting is the plugging of unmount/delete operations
wrt/fileassoc and veriexec.
tons of input from yamt@, wrstuden@, martin@, and christos@.
2006-07-14 22:41:40 +04:00
|
|
|
|
|
|
|
mhe->hooks[id] = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if ((tbl->tables[id] != NULL) && cleanup_cb != NULL)
|
|
|
|
cleanup_cb(tbl->tables[id], FILEASSOC_CLEANUP_TABLE);
|
|
|
|
|
|
|
|
tbl->tables[id] = NULL;
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Add hook-specific data on a fileassoc table.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
fileassoc_tabledata_add(struct mount *mp, fileassoc_t id, void *data)
|
|
|
|
{
|
|
|
|
struct fileassoc_table *tbl;
|
|
|
|
|
|
|
|
tbl = fileassoc_table_lookup(mp);
|
|
|
|
if (tbl == NULL)
|
|
|
|
return (EFAULT);
|
|
|
|
|
|
|
|
tbl->tables[id] = data;
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Clear hook-specific data on a fileassoc table.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
fileassoc_tabledata_clear(struct mount *mp, fileassoc_t id)
|
|
|
|
{
|
|
|
|
struct fileassoc_table *tbl;
|
|
|
|
|
|
|
|
tbl = fileassoc_table_lookup(mp);
|
|
|
|
if (tbl == NULL)
|
|
|
|
return (EFAULT);
|
|
|
|
|
|
|
|
tbl->tables[id] = NULL;
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Retrieve hook-specific data from a fileassoc table.
|
|
|
|
*/
|
|
|
|
void *
|
|
|
|
fileassoc_tabledata_lookup(struct mount *mp, fileassoc_t id)
|
|
|
|
{
|
|
|
|
struct fileassoc_table *tbl;
|
|
|
|
|
|
|
|
tbl = fileassoc_table_lookup(mp);
|
|
|
|
if (tbl == NULL)
|
|
|
|
return (NULL);
|
|
|
|
|
|
|
|
return (tbl->tables[id]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Add a file entry to a table.
|
|
|
|
*/
|
2006-07-16 23:37:55 +04:00
|
|
|
static struct fileassoc_hash_entry *
|
okay, since there was no way to divide this to two commits, here it goes..
introduce fileassoc(9), a kernel interface for associating meta-data with
files using in-kernel memory. this is very similar to what we had in
veriexec till now, only abstracted so it can be used more easily by more
consumers.
this also prompted the redesign of the interface, making it work on vnodes
and mounts and not directly on devices and inodes. internally, we still
use file-id but that's gonna change soon... the interface will remain
consistent.
as a result, veriexec went under some heavy changes to conform to the new
interface. since we no longer use device numbers to identify file-systems,
the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now
kern.veriexec.tableN.* where 'N' is NOT the device number but rather a
way to distinguish several mounts.
also worth noting is the plugging of unmount/delete operations
wrt/fileassoc and veriexec.
tons of input from yamt@, wrstuden@, martin@, and christos@.
2006-07-14 22:41:40 +04:00
|
|
|
fileassoc_file_add(struct vnode *vp)
|
|
|
|
{
|
|
|
|
struct fileassoc_table *tbl;
|
|
|
|
struct fileassoc_hashhead *vhh;
|
|
|
|
struct fileassoc_hash_entry *e;
|
|
|
|
struct vattr va;
|
|
|
|
size_t indx;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
error = VOP_GETATTR(vp, &va, curlwp->l_proc->p_cred, curlwp);
|
|
|
|
if (error)
|
|
|
|
return (NULL);
|
|
|
|
|
|
|
|
e = fileassoc_file_lookup(vp);
|
|
|
|
if (e != NULL)
|
|
|
|
return (e);
|
|
|
|
|
|
|
|
tbl = fileassoc_table_lookup(vp->v_mount);
|
|
|
|
if (tbl == NULL)
|
|
|
|
return (NULL);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* XXX: We should NOT rely on fileid here!
|
|
|
|
*/
|
|
|
|
indx = FILEASSOC_HASH(tbl, va.va_fileid);
|
|
|
|
vhh = &(tbl->hash_tbl[indx & ((tbl)->hash_mask)]);
|
|
|
|
|
|
|
|
e = malloc(sizeof(*e), M_TEMP, M_WAITOK | M_ZERO);
|
|
|
|
e->fileid = va.va_fileid;
|
|
|
|
LIST_INSERT_HEAD(vhh, e, entries);
|
|
|
|
|
|
|
|
return (e);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Delete a file entry from a table.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
fileassoc_file_delete(struct vnode *vp)
|
|
|
|
{
|
|
|
|
struct fileassoc_hash_entry *mhe;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
mhe = fileassoc_file_lookup(vp);
|
|
|
|
if (mhe == NULL)
|
|
|
|
return (ENOENT);
|
|
|
|
|
|
|
|
LIST_REMOVE(mhe, entries);
|
|
|
|
|
|
|
|
for (i = 0; i < fileassoc_nhooks; i++)
|
|
|
|
if (fileassoc_hooks[i].hook_cleanup_cb != NULL)
|
|
|
|
(fileassoc_hooks[i].hook_cleanup_cb)(mhe->hooks[i],
|
|
|
|
FILEASSOC_CLEANUP_FILE);
|
|
|
|
|
|
|
|
free(mhe, M_TEMP);
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Add a hook to a vnode.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
fileassoc_add(struct vnode *vp, fileassoc_t id, void *data)
|
|
|
|
{
|
|
|
|
struct fileassoc_hash_entry *e;
|
|
|
|
|
|
|
|
e = fileassoc_file_lookup(vp);
|
|
|
|
if (e == NULL) {
|
|
|
|
e = fileassoc_file_add(vp);
|
|
|
|
if (e == NULL)
|
|
|
|
return (ENOTDIR);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (e->hooks[id] != NULL)
|
|
|
|
return (EEXIST);
|
|
|
|
|
|
|
|
e->hooks[id] = data;
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Clear a hook from a vnode.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
fileassoc_clear(struct vnode *vp, fileassoc_t id)
|
|
|
|
{
|
|
|
|
struct fileassoc_hash_entry *mhe;
|
|
|
|
fileassoc_cleanup_cb_t cleanup_cb;
|
|
|
|
|
|
|
|
mhe = fileassoc_file_lookup(vp);
|
|
|
|
if (mhe == NULL)
|
|
|
|
return (ENOENT);
|
|
|
|
|
|
|
|
cleanup_cb = fileassoc_hooks[id].hook_cleanup_cb;
|
|
|
|
if ((mhe->hooks[id] != NULL) && cleanup_cb != NULL)
|
|
|
|
cleanup_cb(mhe->hooks[id], FILEASSOC_CLEANUP_FILE);
|
|
|
|
|
|
|
|
mhe->hooks[id] = NULL;
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
}
|