This closes a hole pointed out by Thor Lancelot Simon on tech-kern ~3
years ago.
The problem was with running binaries from remote storage, where our
kernel (and Veriexec) has no control over any changes to files.
An attacker could, after the fingerprint has been verified and
program loaded to memory, inject malicious code into the backing
store on the remote storage, followed by a forced flush, causing
a page-in of the malicious data from backing store, bypassing
integrity checks.
Initial implementation by Brett Lymn.
already (one of its instances has been changed), and we have made no change
on any of the instances.
Previously, it stopped as soon as it detected the device had been seen.
While all the instances of the device at stake were eventually seen, the
same wasn't true for its children...
Fixes hpcmips's GENERIC.
deaddevitab.
- Record the position in the config file of device instances so it is
possible to tell if a device instance was declared before or after its
parent's removal.
E.g.:
child* at parent?
no parent
will have the child instance ignored as an explicit orphan, while
no parent
child* at parent?
will error out because now the child instance is a real orphan.
That let the POSTPONED_ORPHAN regression test pass.
- fix bus_space_read_1 -> bus_space_read_2 since revision 1.27 changed
the bit defines to assume 2 byte reads.
- Increment oerrors in case of collisions
- Clamp success counter to 100, instead of letting rotate freely.
does not). Rework the Makefile magic to have failing and succeeding tests.
POSTPONED_ORPHAN is an example of a configuration where the user starts
negating an instance, and then adding an instance of a child of the negated
one. The latter should be found as an erroneous orphan, as the parent was
negated beforewards.
syntax error in the file, yet we want to somehow gracefully go on in order
to print out all the errors in the file, which means we have to take
special care with those structures.
Reported by Simon Burge in private mail.
- Introduce xwarn() for delayed warnings
- Use xerror() and xwarn() in fixdevis() to notify about orphans
That way the correct file is printed when listing orphaned devices.
Reported by Juergen Hannken-Illjes in private mail.
In theory mbufs can have an infinite life time and could block the transmit
ring (as slots are released when the mbuf external storage is freed). To
avoid this, when we're processing the last slot of the ring copy the buffer
and release the slot immediatly.
