Compare commits
No commits in common. "84127c661676489a257172e9c2885f25c7e7e498" and "306d1da056c0c6467e37758a6d9f82880cd8dad0" have entirely different histories.
84127c6616
...
306d1da056
@ -1,50 +0,0 @@
|
||||
From 76d06390a9adf3ae70aaa87e9243c42d848975a4 Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Mon, 18 Sep 2023 20:19:05 +0800
|
||||
Subject: [PATCH] Add the owner of file operations
|
||||
|
||||
Fix the concurrent issues with removing module and
|
||||
accessing interfaces.
|
||||
---
|
||||
src/common/dim_entry.h | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/common/dim_entry.h b/src/common/dim_entry.h
|
||||
index 17e6420..acfc3a0 100644
|
||||
--- a/src/common/dim_entry.h
|
||||
+++ b/src/common/dim_entry.h
|
||||
@@ -49,6 +49,7 @@ static ssize_t sname##_trigger(struct file *file, \
|
||||
} \
|
||||
\
|
||||
static const struct file_operations sname##_ops = { \
|
||||
+ .owner = THIS_MODULE, \
|
||||
.write = sname##_trigger, \
|
||||
.llseek = generic_file_llseek, \
|
||||
}; \
|
||||
@@ -99,6 +100,7 @@ static int sname##_open(struct inode *inode, struct file *file) \
|
||||
} \
|
||||
\
|
||||
static const struct file_operations sname##_ops = { \
|
||||
+ .owner = THIS_MODULE, \
|
||||
.open = sname##_open, \
|
||||
.read = seq_read, \
|
||||
.llseek = seq_lseek, \
|
||||
@@ -129,6 +131,7 @@ static ssize_t sname##_read(struct file *file, \
|
||||
} \
|
||||
\
|
||||
static const struct file_operations sname##_ops = { \
|
||||
+ .owner = THIS_MODULE, \
|
||||
.read = sname##_read, \
|
||||
.llseek = generic_file_llseek, \
|
||||
}; \
|
||||
@@ -173,6 +176,7 @@ static ssize_t sname##_write(struct file *file, \
|
||||
} \
|
||||
\
|
||||
static const struct file_operations sname##_ops = { \
|
||||
+ .owner = THIS_MODULE, \
|
||||
.read = sname##_read, \
|
||||
.write = sname##_write, \
|
||||
.llseek = generic_file_llseek, \
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@ -1,183 +0,0 @@
|
||||
From 5c57ec04ec4208a968d490dfedd72319c8518e01 Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Thu, 14 Sep 2023 12:26:29 +0800
|
||||
Subject: [PATCH] Limit the max line number of policy and baseline parsing
|
||||
|
||||
1. Limit the max file line number to 10000, the excess lines
|
||||
will be ignored;
|
||||
2. Remove some unused macro definitions;
|
||||
3. Change some macro names.
|
||||
|
||||
Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
---
|
||||
doc/manual.md | 9 +++++----
|
||||
src/common/dim_utils.c | 10 ++++++++--
|
||||
src/core/dim_core_policy.c | 6 ++++++
|
||||
src/core/dim_core_policy.h | 2 +-
|
||||
src/core/dim_core_static_baseline.c | 16 +++++++++++-----
|
||||
src/core/dim_core_static_baseline.h | 22 +++++++---------------
|
||||
6 files changed, 38 insertions(+), 27 deletions(-)
|
||||
|
||||
diff --git a/doc/manual.md b/doc/manual.md
|
||||
index a8f94e4..1a20742 100644
|
||||
--- a/doc/manual.md
|
||||
+++ b/doc/manual.md
|
||||
@@ -52,10 +52,11 @@ DIM特性通过在程序运行时对内存中的关键数据(如代码段、
|
||||
|
||||
### 1.3 规格约束
|
||||
|
||||
-| 规格项 | 值 |
|
||||
-| ------------------------------------------------------------ | ---- |
|
||||
-| 文件大小上限(策略文件、静态基线文件、签名文件、证书文件) | 10MB |
|
||||
-| 同一个度量目标在一次动态基线后多次度量期间最多记录的篡改度量日志条数 | 10条 |
|
||||
+| 规格项 | 值 |
|
||||
+| ------------------------------------------------------------ | ------- |
|
||||
+| 文件大小上限(策略文件、静态基线文件、签名文件、证书文件) | 10MB |
|
||||
+| 文件行数上限(策略文件、静态基线文件) | 10000行 |
|
||||
+| 同一个度量目标在一次动态基线后多次度量期间最多记录的篡改度量日志条数 | 10条 |
|
||||
|
||||
### 1.4 架构说明
|
||||
|
||||
diff --git a/src/common/dim_utils.c b/src/common/dim_utils.c
|
||||
index 83ed967..75b58fc 100644
|
||||
--- a/src/common/dim_utils.c
|
||||
+++ b/src/common/dim_utils.c
|
||||
@@ -83,8 +83,14 @@ int dim_parse_line_buf(char *buf, loff_t len, int (*line_parser)(char *, int))
|
||||
ret = line_parser(line_buf, line_no);
|
||||
}
|
||||
|
||||
- if (ret < 0)
|
||||
+ if (ret < 0) {
|
||||
+ /*
|
||||
+ * if the parser returns -E2BIG, means the line number
|
||||
+ * is too large, the excess lines will be ignored.
|
||||
+ */
|
||||
+ ret = (ret == -E2BIG) ? 0 : ret;
|
||||
goto out;
|
||||
+ }
|
||||
|
||||
line_no++;
|
||||
}
|
||||
@@ -93,4 +99,4 @@ out:
|
||||
kfree(line_buf);
|
||||
|
||||
return ret;
|
||||
-}
|
||||
\ No newline at end of file
|
||||
+}
|
||||
diff --git a/src/core/dim_core_policy.c b/src/core/dim_core_policy.c
|
||||
index b501de4..a3fa369 100644
|
||||
--- a/src/core/dim_core_policy.c
|
||||
+++ b/src/core/dim_core_policy.c
|
||||
@@ -170,6 +170,12 @@ static int policy_parse_line(char* line, int line_no)
|
||||
int key = 0;
|
||||
const char *val = NULL;
|
||||
|
||||
+ if (line_no > DIM_POLICY_LINE_MAX) {
|
||||
+ dim_warn("more than %d policy items will be ignored\n",
|
||||
+ DIM_POLICY_LINE_MAX);
|
||||
+ return -E2BIG;
|
||||
+ }
|
||||
+
|
||||
if (strlen(line) == 0 || line[0] == '#')
|
||||
return 0; /* ignore blank line and comment */
|
||||
|
||||
diff --git a/src/core/dim_core_policy.h b/src/core/dim_core_policy.h
|
||||
index 0f0de91..48c6f41 100644
|
||||
--- a/src/core/dim_core_policy.h
|
||||
+++ b/src/core/dim_core_policy.h
|
||||
@@ -6,7 +6,7 @@
|
||||
#define __DIM_CORE_POLICY_H
|
||||
|
||||
#define DIM_POLICY_PATH "/etc/dim/policy"
|
||||
-#define DIM_MAX_POLICY_NUMBER 100000
|
||||
+#define DIM_POLICY_LINE_MAX 10000
|
||||
|
||||
/* policy key */
|
||||
#define DIM_POLICY_MEASURE "measure"
|
||||
diff --git a/src/core/dim_core_static_baseline.c b/src/core/dim_core_static_baseline.c
|
||||
index ebe6db8..f779da1 100644
|
||||
--- a/src/core/dim_core_static_baseline.c
|
||||
+++ b/src/core/dim_core_static_baseline.c
|
||||
@@ -57,16 +57,22 @@ static int parse_simple_baseline_line(char* line, int line_no)
|
||||
char *line_str = line;
|
||||
struct dim_digest digest = { 0 };
|
||||
|
||||
+ if (line_no > DIM_STATIC_BASELINE_LINE_MAX) {
|
||||
+ dim_warn("more than %d baseline items will be ignored\n",
|
||||
+ DIM_STATIC_BASELINE_LINE_MAX);
|
||||
+ return -E2BIG;
|
||||
+ }
|
||||
+
|
||||
if (strlen(line) == 0 || line[0] == '#')
|
||||
return 0; /* ignore blank line and comment */
|
||||
|
||||
- if (strlen(line) > DIM_BASELINE_MAX_LEN) {
|
||||
+ if (strlen(line) > DIM_STATIC_BASELINE_LEN_MAX) {
|
||||
dim_err("overlength item at line %d\n", line_no);
|
||||
return 0; /* ignore baseline parsing failed */
|
||||
}
|
||||
|
||||
if ((p = strsep(&line_str, " ")) == NULL ||
|
||||
- strcmp(p, DIM_BASELINE_PREFIX) != 0) {
|
||||
+ strcmp(p, DIM_STATIC_BASELINE_PREFIX) != 0) {
|
||||
dim_warn("invalid baseline prefix at line %d\n", line_no);
|
||||
return 0;
|
||||
}
|
||||
@@ -167,16 +173,16 @@ int dim_core_static_baseline_load(void)
|
||||
.path = &kpath,
|
||||
};
|
||||
|
||||
- ret = kern_path(DIM_BASELINE_ROOT, LOOKUP_DIRECTORY, &kpath);
|
||||
+ ret = kern_path(DIM_STATIC_BASELINE_ROOT, LOOKUP_DIRECTORY, &kpath);
|
||||
if (ret < 0) {
|
||||
dim_err("fail to get dim baseline root path: %d", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
- file = filp_open(DIM_BASELINE_ROOT, O_RDONLY | O_DIRECTORY, 0);
|
||||
+ file = filp_open(DIM_STATIC_BASELINE_ROOT, O_RDONLY | O_DIRECTORY, 0);
|
||||
if (IS_ERR(file)) {
|
||||
ret = PTR_ERR(file);
|
||||
- dim_err("fail to open %s: %d\n", DIM_BASELINE_ROOT, ret);
|
||||
+ dim_err("fail to open %s: %d\n", DIM_STATIC_BASELINE_ROOT, ret);
|
||||
path_put(&kpath);
|
||||
return ret;
|
||||
}
|
||||
diff --git a/src/core/dim_core_static_baseline.h b/src/core/dim_core_static_baseline.h
|
||||
index 0691934..bec37d6 100644
|
||||
--- a/src/core/dim_core_static_baseline.h
|
||||
+++ b/src/core/dim_core_static_baseline.h
|
||||
@@ -5,22 +5,14 @@
|
||||
#ifndef __DIM_CORE_STATIC_BASELINE_H
|
||||
#define __DIM_CORE_STATIC_BASELINE_H
|
||||
|
||||
-#define DIM_BASELINE_ROOT "/etc/dim/digest_list"
|
||||
-
|
||||
-/* key field in baseline json file */
|
||||
-#define KEY_PRODUCTS "products"
|
||||
-#define KEY_FILES "ccFiles"
|
||||
-#define KEY_FPATCHES "patches"
|
||||
-#define KEY_FILENAME "fileName"
|
||||
-#define KEY_FILETYPE "fileType"
|
||||
-#define KEY_PATCH_FILES "files"
|
||||
-#define KEY_SHA256 "sha256"
|
||||
-
|
||||
-#define DIM_BASELINE_PREFIX "dim"
|
||||
- /* dim KERNEL sha256:{digest} {PATH_MAX}\n*/
|
||||
- #define DIM_BASELINE_MAX_LEN (strlen(DIM_BASELINE_PREFIX) + 1 + \
|
||||
- NAME_MAX + 1 + NAME_MAX + 1 + PATH_MAX + 1 + 1)
|
||||
+#define DIM_STATIC_BASELINE_ROOT "/etc/dim/digest_list"
|
||||
+#define DIM_STATIC_BASELINE_LINE_MAX 10000
|
||||
|
||||
+#define DIM_STATIC_BASELINE_PREFIX "dim"
|
||||
+/* dim KERNEL sha256:{digest} {PATH_MAX}\n*/
|
||||
+#define DIM_STATIC_BASELINE_LEN_MAX (strlen(DIM_STATIC_BASELINE_PREFIX) + 1 + \
|
||||
+ NAME_MAX + 1 + NAME_MAX + 1 + \
|
||||
+ PATH_MAX + 1 + 1)
|
||||
|
||||
int dim_core_static_baseline_load(void);
|
||||
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,104 +0,0 @@
|
||||
From b401815cca8d7d8beddba4726ccafee047f05205 Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Thu, 14 Sep 2023 14:22:10 +0800
|
||||
Subject: [PATCH] Use jiffies64 interface to set measure interval
|
||||
|
||||
The max measure interval is designed to 1 year. So using
|
||||
msecs_to_jeffies may cause a overflow.
|
||||
|
||||
Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
---
|
||||
src/core/dim_core_measure.c | 39 ++++++++++++++++++++++++-------------
|
||||
src/core/dim_core_measure.h | 3 ++-
|
||||
2 files changed, 27 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/src/core/dim_core_measure.c b/src/core/dim_core_measure.c
|
||||
index e0042eb..59e2cf8 100644
|
||||
--- a/src/core/dim_core_measure.c
|
||||
+++ b/src/core/dim_core_measure.c
|
||||
@@ -36,7 +36,7 @@ bool tampered_action = false;
|
||||
|
||||
/* time (jiffies) to set */
|
||||
unsigned long measure_schedule_jiffies = 0;
|
||||
-static atomic_t measure_interval_jiffies = ATOMIC_INIT(0);
|
||||
+static unsigned long measure_interval_jiffies = 0;
|
||||
|
||||
struct dim_tpm dim_core_tpm = { 0 };
|
||||
struct dim_hash dim_core_hash = { 0 };
|
||||
@@ -52,27 +52,38 @@ long dim_core_interval_get(void)
|
||||
return p;
|
||||
}
|
||||
|
||||
-int dim_core_interval_set(unsigned int p)
|
||||
+unsigned long dim_core_interval_jiffies_get(void)
|
||||
{
|
||||
- unsigned long p_jiffies = 0;
|
||||
+ unsigned long p = 0;
|
||||
|
||||
- if (p > DIM_INTERVAL_MAX)
|
||||
- return -ERANGE;
|
||||
+ mutex_lock(&dim_core_interval_lock);
|
||||
+ p = measure_interval_jiffies;
|
||||
+ mutex_unlock(&dim_core_interval_lock);
|
||||
+ return p;
|
||||
+}
|
||||
+
|
||||
+int dim_core_interval_set(unsigned int min)
|
||||
+{
|
||||
+ unsigned long min_jiffies = 0;
|
||||
|
||||
- p_jiffies = msecs_to_jiffies(p * DIM_MINUTE_TO_MSEC);
|
||||
- if (p_jiffies == MAX_JIFFY_OFFSET)
|
||||
+ if (min > DIM_INTERVAL_MAX ||
|
||||
+ (unsigned long)min * DIM_MINUTE_TO_SEC > MAX_SEC_IN_JIFFIES)
|
||||
return -ERANGE;
|
||||
|
||||
+ min_jiffies = (min == 0) ? 0 :
|
||||
+ nsecs_to_jiffies64((unsigned long)min * DIM_MINUTE_TO_NSEC);
|
||||
+
|
||||
mutex_lock(&dim_core_interval_lock);
|
||||
- measure_interval = p;
|
||||
- atomic_set(&measure_interval_jiffies, p_jiffies);
|
||||
- if (p_jiffies == 0) {
|
||||
+ measure_interval = min;
|
||||
+ measure_interval_jiffies = min_jiffies;
|
||||
+ if (measure_interval == 0) {
|
||||
dim_info("cancel dim timed measure work");
|
||||
cancel_delayed_work_sync(&dim_measure_work);
|
||||
} else {
|
||||
- dim_info("modify dim measure interval to %u min (jittfies = %lu)",
|
||||
- p, p_jiffies);
|
||||
- mod_delayed_work(dim_work_queue, &dim_measure_work, p_jiffies);
|
||||
+ dim_info("modify dim measure interval to %u min "
|
||||
+ "(jittfies = 0x%lx)", min, min_jiffies);
|
||||
+ mod_delayed_work(dim_work_queue, &dim_measure_work,
|
||||
+ min_jiffies);
|
||||
}
|
||||
|
||||
mutex_unlock(&dim_core_interval_lock);
|
||||
@@ -154,7 +165,7 @@ static void dim_worker_work_cb(struct work_struct *work)
|
||||
unsigned long p;
|
||||
|
||||
do_measure();
|
||||
- p = atomic_read(&measure_interval_jiffies);
|
||||
+ p = dim_core_interval_jiffies_get();
|
||||
if (p != 0)
|
||||
queue_delayed_work(dim_work_queue, &dim_measure_work, p);
|
||||
}
|
||||
diff --git a/src/core/dim_core_measure.h b/src/core/dim_core_measure.h
|
||||
index c9f0647..c9abc4e 100644
|
||||
--- a/src/core/dim_core_measure.h
|
||||
+++ b/src/core/dim_core_measure.h
|
||||
@@ -9,7 +9,8 @@
|
||||
|
||||
/* max measure interval = 1 year */
|
||||
#define DIM_INTERVAL_MAX (365 * 24 * 60)
|
||||
-#define DIM_MINUTE_TO_MSEC (60 * 1000)
|
||||
+#define DIM_MINUTE_TO_SEC (60UL)
|
||||
+#define DIM_MINUTE_TO_NSEC (60UL * 1000 * 1000 * 1000)
|
||||
/* max number of kill tasks */
|
||||
#define DIM_KILL_TASKS_MAX (1024)
|
||||
/* limit of measure parameter */
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,91 +0,0 @@
|
||||
From 7bf8c057c27c72367bafb13c4a7e69883b6a7e29 Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Mon, 29 Apr 2024 23:45:39 +0800
|
||||
Subject: [PATCH 08/28] Adapter test cases
|
||||
|
||||
---
|
||||
test/test_interface/test_dim_core_modparam.sh | 13 ++-----------
|
||||
test/test_interface/test_dim_monitor_modparam.sh | 5 ++---
|
||||
2 files changed, 4 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/test/test_interface/test_dim_core_modparam.sh b/test/test_interface/test_dim_core_modparam.sh
|
||||
index 67cd815..d51fc36 100644
|
||||
--- a/test/test_interface/test_dim_core_modparam.sh
|
||||
+++ b/test/test_interface/test_dim_core_modparam.sh
|
||||
@@ -26,7 +26,6 @@ check_invalid_module_param()
|
||||
test_module_param_measure_hash()
|
||||
{
|
||||
check_valid_module_param measure_hash=sha256
|
||||
- check_valid_module_param measure_hash=sm3
|
||||
check_invalid_module_param measure_hash=md5
|
||||
check_invalid_module_param measure_hash=abc
|
||||
}
|
||||
@@ -37,7 +36,7 @@ test_module_param_measure_pcr()
|
||||
check_valid_module_param measure_pcr=1
|
||||
check_valid_module_param measure_pcr=11
|
||||
check_valid_module_param measure_pcr=127
|
||||
- check_invalid_module_param measure_pcr=128
|
||||
+ check_valid_module_param measure_pcr=128
|
||||
check_invalid_module_param measure_pcr=-1
|
||||
check_invalid_module_param measure_pcr=abc
|
||||
}
|
||||
@@ -66,13 +65,6 @@ test_module_param_measure_interval()
|
||||
dim_restore_baseline_and_policy
|
||||
}
|
||||
|
||||
-test_module_param_measure_action()
|
||||
-{
|
||||
- check_valid_module_param measure_action=0
|
||||
- check_valid_module_param measure_action=1
|
||||
- check_invalid_module_param measure_action=abc
|
||||
-}
|
||||
-
|
||||
test_module_param_signature()
|
||||
{
|
||||
check_valid_module_param signature=0
|
||||
@@ -96,7 +88,6 @@ case_list="
|
||||
test_module_param_measure_pcr \
|
||||
test_module_param_measure_schedule \
|
||||
test_module_param_measure_interval \
|
||||
- test_module_param_measure_action \
|
||||
test_module_param_signature \
|
||||
test_module_param_measure_log_capacity \
|
||||
"
|
||||
@@ -113,4 +104,4 @@ for case in $case_list; do
|
||||
fi
|
||||
done
|
||||
|
||||
-echo "===== End testing dim_core module parameters ====="
|
||||
\ No newline at end of file
|
||||
+echo "===== End testing dim_core module parameters ====="
|
||||
diff --git a/test/test_interface/test_dim_monitor_modparam.sh b/test/test_interface/test_dim_monitor_modparam.sh
|
||||
index 1aaedf1..5ee5e17 100644
|
||||
--- a/test/test_interface/test_dim_monitor_modparam.sh
|
||||
+++ b/test/test_interface/test_dim_monitor_modparam.sh
|
||||
@@ -30,7 +30,6 @@ check_invalid_module_param()
|
||||
test_module_param_measure_hash()
|
||||
{
|
||||
check_valid_module_param measure_hash=sha256
|
||||
- check_valid_module_param measure_hash=sm3
|
||||
check_invalid_module_param measure_hash=md5
|
||||
check_invalid_module_param measure_hash=abc
|
||||
}
|
||||
@@ -41,7 +40,7 @@ test_module_param_measure_pcr()
|
||||
check_valid_module_param measure_pcr=1
|
||||
check_valid_module_param measure_pcr=11
|
||||
check_valid_module_param measure_pcr=127
|
||||
- check_invalid_module_param measure_pcr=128
|
||||
+ check_valid_module_param measure_pcr=128
|
||||
check_invalid_module_param measure_pcr=-1
|
||||
check_invalid_module_param measure_pcr=abc
|
||||
}
|
||||
@@ -76,4 +75,4 @@ for case in $case_list; do
|
||||
fi
|
||||
done
|
||||
|
||||
-echo "===== End testing dim_monitor module parameters ====="
|
||||
\ No newline at end of file
|
||||
+echo "===== End testing dim_monitor module parameters ====="
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,45 +0,0 @@
|
||||
From 2ca49371b548b56d192f571866fb28c548746ad1 Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Mon, 19 Feb 2024 10:35:34 +0800
|
||||
Subject: [PATCH 20/26] Add memory debug in mem_pool
|
||||
|
||||
---
|
||||
src/core/dim_core_mem_pool.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/src/core/dim_core_mem_pool.c b/src/core/dim_core_mem_pool.c
|
||||
index 974033f..a9f0177 100644
|
||||
--- a/src/core/dim_core_mem_pool.c
|
||||
+++ b/src/core/dim_core_mem_pool.c
|
||||
@@ -4,6 +4,7 @@
|
||||
|
||||
#include <linux/mm.h>
|
||||
|
||||
+#include "dim_safe_func.h"
|
||||
#include "dim_utils.h"
|
||||
|
||||
#include "dim_core_mem_pool.h"
|
||||
@@ -108,6 +109,9 @@ void *dim_mem_pool_alloc(size_t size)
|
||||
if (data == NULL)
|
||||
return NULL;
|
||||
out:
|
||||
+ #ifdef DIM_DEBUG_MEMORY_LEAK
|
||||
+ dim_alloc_debug_inc();
|
||||
+ #endif
|
||||
data->size = mem_size;
|
||||
return data->data;
|
||||
}
|
||||
@@ -130,6 +134,10 @@ void dim_mem_pool_free(const void *data)
|
||||
}
|
||||
|
||||
gen_pool_free(dim_pool, (uintptr_t)mem, mem->size);
|
||||
+
|
||||
+ #ifdef DIM_DEBUG_MEMORY_LEAK
|
||||
+ dim_alloc_debug_dec();
|
||||
+ #endif
|
||||
}
|
||||
|
||||
void dim_mem_pool_walk_chunk(pool_chunk_visitor f, void *data)
|
||||
--
|
||||
2.33.0
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -1,41 +0,0 @@
|
||||
From db470817655f80d63592c6550bdaca875dd42120 Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Mon, 29 Apr 2024 23:10:50 +0800
|
||||
Subject: [PATCH 05/28] Add sm3 compile macro and set the algo name
|
||||
|
||||
---
|
||||
src/common/dim_hash.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/common/dim_hash.c b/src/common/dim_hash.c
|
||||
index 9f73320..3f6ecb7 100644
|
||||
--- a/src/common/dim_hash.c
|
||||
+++ b/src/common/dim_hash.c
|
||||
@@ -9,7 +9,9 @@
|
||||
|
||||
static const char *allow_hash[] = {
|
||||
"sha256",
|
||||
+#ifdef DIM_HASH_SUPPORT_SM3
|
||||
"sm3",
|
||||
+#endif
|
||||
};
|
||||
|
||||
int dim_hash_init(const char *algo_name, struct dim_hash *hash)
|
||||
@@ -30,6 +32,7 @@ int dim_hash_init(const char *algo_name, struct dim_hash *hash)
|
||||
hash->tfm = NULL;
|
||||
}
|
||||
|
||||
+ hash->name = algo_name;
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -63,4 +66,4 @@ int dim_hash_calculate(const void *data, unsigned int len,
|
||||
return ret;
|
||||
|
||||
return crypto_shash_final(shash, digest->data);
|
||||
-}
|
||||
\ No newline at end of file
|
||||
+}
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,58 +0,0 @@
|
||||
From f41760b3595c893ac0d3f0238401a2aae94224a7 Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Tue, 20 Feb 2024 10:58:12 +0800
|
||||
Subject: [PATCH 22/26] Add warpper for strncmp and strncpy
|
||||
|
||||
---
|
||||
src/common/dim_baseline.c | 2 +-
|
||||
src/common/dim_safe_func.h | 8 ++++++++
|
||||
src/core/policy/dim_core_policy_complex.c | 2 +-
|
||||
3 files changed, 10 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/common/dim_baseline.c b/src/common/dim_baseline.c
|
||||
index e79458d..3fae1f9 100644
|
||||
--- a/src/common/dim_baseline.c
|
||||
+++ b/src/common/dim_baseline.c
|
||||
@@ -106,7 +106,7 @@ int dim_baseline_add(struct dim_baseline_tree *root, const char *name,
|
||||
if (ret < 0)
|
||||
goto err;
|
||||
|
||||
- strncpy((char *)baseline->name, name, buf_len - 1);
|
||||
+ dim_strncpy((char *)baseline->name, name, buf_len - 1);
|
||||
((char *)baseline->name)[buf_len - 1] = '\0';
|
||||
|
||||
write_lock(&root->lock);
|
||||
diff --git a/src/common/dim_safe_func.h b/src/common/dim_safe_func.h
|
||||
index 3e97f4e..15c716c 100644
|
||||
--- a/src/common/dim_safe_func.h
|
||||
+++ b/src/common/dim_safe_func.h
|
||||
@@ -132,4 +132,12 @@ static inline int dim_strncmp(const char *cs, const char *ct, size_t count)
|
||||
return strncmp(cs, ct, count);
|
||||
}
|
||||
|
||||
+static inline char *dim_strncpy(char *dest, const char *src, size_t count)
|
||||
+{
|
||||
+ if (dest == NULL || src == NULL)
|
||||
+ return NULL;
|
||||
+
|
||||
+ return strncpy(dest, src, count);
|
||||
+}
|
||||
+
|
||||
#endif
|
||||
\ No newline at end of file
|
||||
diff --git a/src/core/policy/dim_core_policy_complex.c b/src/core/policy/dim_core_policy_complex.c
|
||||
index 18a9e58..8c02227 100644
|
||||
--- a/src/core/policy/dim_core_policy_complex.c
|
||||
+++ b/src/core/policy/dim_core_policy_complex.c
|
||||
@@ -63,7 +63,7 @@ static int policy_get_key(const char *s, const char **val)
|
||||
|
||||
for (; i < DIM_POLICY_KEY_LAST; i++) {
|
||||
len = strlen(dim_policy_key_str[i]);
|
||||
- if (strncmp(s, dim_policy_key_str[i], len) == 0) {
|
||||
+ if (dim_strncmp(s, dim_policy_key_str[i], len) == 0) {
|
||||
*val = s + len;
|
||||
return i;
|
||||
}
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,25 +0,0 @@
|
||||
From 09d308cc79011c1d83fb9ffe7741c7b023f07cbe Mon Sep 17 00:00:00 2001
|
||||
From: jinlun <jinlun@huawei.com>
|
||||
Date: Tue, 18 Jun 2024 09:28:08 +0800
|
||||
Subject: [PATCH 10/14] Change the permissions of the dim directory to 500
|
||||
|
||||
---
|
||||
src/common/dim_entry.h | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/common/dim_entry.h b/src/common/dim_entry.h
|
||||
index 1c557b8..bb023b6 100644
|
||||
--- a/src/common/dim_entry.h
|
||||
+++ b/src/common/dim_entry.h
|
||||
@@ -11,7 +11,7 @@
|
||||
|
||||
#include "dim_measure_log.h"
|
||||
|
||||
-#define DIM_ENTRY_DIR_MASK (S_IFDIR | S_IRWXU | S_IRUSR)
|
||||
+#define DIM_ENTRY_DIR_MASK (S_IFDIR | S_IXUSR | S_IRUSR)
|
||||
#define DIM_ENTRY_RW_MASK (S_IWUSR | S_IRUSR)
|
||||
#define DIM_ENTRY_W_MASK (S_IWUSR)
|
||||
#define DIM_ENTRY_R_MASK (S_IRUSR)
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,37 +0,0 @@
|
||||
From 134b666b9ea72c640a20c4a6f3eb87a9b301542a Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Tue, 20 Feb 2024 12:52:39 +0800
|
||||
Subject: [PATCH 25/26] Disable dfx testcase by default
|
||||
|
||||
---
|
||||
test/test_dfx/test_dim_core_dfx.sh | 9 +++++----
|
||||
1 file changed, 5 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/test/test_dfx/test_dim_core_dfx.sh b/test/test_dfx/test_dim_core_dfx.sh
|
||||
index 78deb33..f3f64f0 100644
|
||||
--- a/test/test_dfx/test_dim_core_dfx.sh
|
||||
+++ b/test/test_dfx/test_dim_core_dfx.sh
|
||||
@@ -28,9 +28,10 @@ test_rmmod_when_baseline() {
|
||||
done
|
||||
}
|
||||
|
||||
-case_list="
|
||||
- test_rmmod_when_baseline \
|
||||
- "
|
||||
+# The following testcases are disabled by default:
|
||||
+# test_rmmod_when_baseline
|
||||
+
|
||||
+case_list=""
|
||||
|
||||
echo "===== Start testing dim_core DFX ====="
|
||||
|
||||
@@ -45,4 +46,4 @@ for case in $case_list; do
|
||||
test_post
|
||||
done
|
||||
|
||||
-echo "===== End testing dim_core DFX ====="
|
||||
\ No newline at end of file
|
||||
+echo "===== End testing dim_core DFX ====="
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,34 +0,0 @@
|
||||
From 6617fb034f69009893c33c8dd6b4e1485b77800f Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Wed, 14 Feb 2024 13:21:27 +0800
|
||||
Subject: [PATCH 17/26] Dont queue measurement task when baseline failed
|
||||
|
||||
---
|
||||
src/core/dim_core_measure.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/core/dim_core_measure.c b/src/core/dim_core_measure.c
|
||||
index 4ccbd0c..ff134e5 100644
|
||||
--- a/src/core/dim_core_measure.c
|
||||
+++ b/src/core/dim_core_measure.c
|
||||
@@ -120,6 +120,10 @@ static void measure_work_cb(struct work_struct *work)
|
||||
static void baseline_work_cb(struct work_struct *work)
|
||||
{
|
||||
dim_measure_task_measure(DIM_BASELINE, &dim_core_handle);
|
||||
+ /* if baseline is failed, dont perform measurement */
|
||||
+ if (dim_measure_status_error(&dim_core_handle))
|
||||
+ return;
|
||||
+
|
||||
queue_delayed_measure_work();
|
||||
}
|
||||
|
||||
@@ -244,4 +248,4 @@ void dim_core_measure_destroy(void)
|
||||
dim_measure_destroy(&dim_core_handle);
|
||||
dim_core_policy_destroy();
|
||||
mutex_unlock(&dim_core_measure_lock);
|
||||
-}
|
||||
\ No newline at end of file
|
||||
+}
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,27 +0,0 @@
|
||||
From a8ce34c0c661683fe33ef79be2b5b6819d4adfde Mon Sep 17 00:00:00 2001
|
||||
From: jinlun <jinlun@huawei.com>
|
||||
Date: Mon, 17 Jun 2024 14:54:40 +0800
|
||||
Subject: [PATCH 02/14] Fix NULL pointer reference when kill child processes
|
||||
|
||||
---
|
||||
.../tasks/dim_core_measure_process/dim_core_measure_process.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c b/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
|
||||
index e5e262a..c1efa02 100644
|
||||
--- a/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
|
||||
+++ b/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
|
||||
@@ -89,8 +89,8 @@ static int kill_task_tree(struct task_struct *tsk)
|
||||
return -ENOMEM;
|
||||
|
||||
dim_core_kernel_symbol.walk_process_tree(tsk, store_task_tree, &ctx);
|
||||
- if (ctx.len != 0) {
|
||||
- for (i = ctx.len; i >= 0; i--) {
|
||||
+ if (ctx.len > 0) {
|
||||
+ for (i = ctx.len - 1; i >= 0; i--) {
|
||||
send_sig(SIGKILL, ctx.buf[i], 1);
|
||||
put_task_struct(ctx.buf[i]);
|
||||
}
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,39 +0,0 @@
|
||||
From 6c1a35ac10351a2b2d4d66899f5848c1201ca6fc Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Mon, 29 Apr 2024 21:55:45 +0800
|
||||
Subject: [PATCH 01/28] Fix calculating ELF memory address
|
||||
|
||||
---
|
||||
.../dim_core_measure_process_elf.c | 7 +++++--
|
||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c b/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c
|
||||
index 3821c7f..76d1560 100644
|
||||
--- a/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c
|
||||
+++ b/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c
|
||||
@@ -266,6 +266,7 @@ static int measure_elf_text(struct vm_area_struct *vma,
|
||||
int ret = 0;
|
||||
unsigned int i = 0;
|
||||
unsigned long addr = 0;
|
||||
+ unsigned long base = 0;
|
||||
struct elf_phdr *phdr = NULL;
|
||||
struct dim_digest digest = {
|
||||
.algo = ctx->m->hash.algo,
|
||||
@@ -276,10 +277,12 @@ static int measure_elf_text(struct vm_area_struct *vma,
|
||||
ret = crypto_shash_init(shash);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
-
|
||||
+
|
||||
+ base = vma->vm_start - phdrs_text[0].p_vaddr;
|
||||
+
|
||||
for (; i < phdrs_text_num; i++) {
|
||||
phdr = &phdrs_text[i];
|
||||
- addr = vma->vm_start + phdr->p_vaddr - vma->vm_pgoff * PAGE_SIZE;
|
||||
+ addr = base + phdr->p_vaddr;
|
||||
ret = dim_vm_hash_update_address(vma->vm_mm, addr,
|
||||
phdr->p_memsz, shash);
|
||||
if (ret < 0)
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,79 +0,0 @@
|
||||
From 89d0f0762a2241b518e55b45337c1874f74e2520 Mon Sep 17 00:00:00 2001
|
||||
From: jinlun <jinlun@huawei.com>
|
||||
Date: Mon, 17 Jun 2024 14:51:46 +0800
|
||||
Subject: [PATCH 01/14] Fix calculating ELF trampoline address
|
||||
|
||||
---
|
||||
.../dim_core_measure_process_elf.c | 14 ++++++++------
|
||||
1 file changed, 8 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c b/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c
|
||||
index 76d1560..12040e2 100644
|
||||
--- a/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c
|
||||
+++ b/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c
|
||||
@@ -233,6 +233,7 @@ static int get_elf_measure_area(struct file *elf_file,
|
||||
}
|
||||
|
||||
static int measure_elf_trampoline(struct vm_area_struct *vma,
|
||||
+ unsigned long base,
|
||||
struct elf_shdr *shdr_trampoline,
|
||||
struct task_measure_ctx *ctx)
|
||||
{
|
||||
@@ -243,7 +244,7 @@ static int measure_elf_trampoline(struct vm_area_struct *vma,
|
||||
.algo = ctx->m->hash.algo,
|
||||
};
|
||||
|
||||
- addr_trampoline = vma->vm_start + shdr_trampoline->sh_addr;
|
||||
+ addr_trampoline = base + shdr_trampoline->sh_addr;
|
||||
vma_trampoline = find_vma(vma->vm_mm, addr_trampoline);
|
||||
if (vma_trampoline == NULL || !vma_is_text(vma_trampoline) ||
|
||||
vma_trampoline->vm_start != addr_trampoline)
|
||||
@@ -259,6 +260,7 @@ static int measure_elf_trampoline(struct vm_area_struct *vma,
|
||||
}
|
||||
|
||||
static int measure_elf_text(struct vm_area_struct *vma,
|
||||
+ unsigned long base,
|
||||
struct elf_phdr *phdrs_text,
|
||||
unsigned int phdrs_text_num,
|
||||
struct task_measure_ctx *ctx)
|
||||
@@ -266,7 +268,6 @@ static int measure_elf_text(struct vm_area_struct *vma,
|
||||
int ret = 0;
|
||||
unsigned int i = 0;
|
||||
unsigned long addr = 0;
|
||||
- unsigned long base = 0;
|
||||
struct elf_phdr *phdr = NULL;
|
||||
struct dim_digest digest = {
|
||||
.algo = ctx->m->hash.algo,
|
||||
@@ -278,8 +279,6 @@ static int measure_elf_text(struct vm_area_struct *vma,
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
||||
- base = vma->vm_start - phdrs_text[0].p_vaddr;
|
||||
-
|
||||
for (; i < phdrs_text_num; i++) {
|
||||
phdr = &phdrs_text[i];
|
||||
addr = base + phdr->p_vaddr;
|
||||
@@ -322,7 +321,10 @@ int measure_process_module_text_elf(struct vm_area_struct *vma,
|
||||
return ret;
|
||||
}
|
||||
|
||||
- ret = measure_elf_text(vma, phdrs_text, phdrs_text_num, ctx);
|
||||
+ /* the vma is the first file-mapping text segment */
|
||||
+ base = vma->vm_start - phdrs_text[0].p_vaddr;
|
||||
+
|
||||
+ ret = measure_elf_text(vma, base, phdrs_text, phdrs_text_num, ctx);
|
||||
dim_kfree(phdrs_text);
|
||||
if (ret < 0) {
|
||||
dim_err("failed to measure elf text: %d\n", ret);
|
||||
@@ -330,7 +332,7 @@ int measure_process_module_text_elf(struct vm_area_struct *vma,
|
||||
}
|
||||
|
||||
if (shdr_trampoline_find) {
|
||||
- ret = measure_elf_trampoline(vma, &shdr_trampoline, ctx);
|
||||
+ ret = measure_elf_trampoline(vma, base, &shdr_trampoline, ctx);
|
||||
if (ret < 0) {
|
||||
dim_err("failed to measure elf trampoline: %d\n", ret);
|
||||
return ret;
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,25 +0,0 @@
|
||||
From f298f9aaef28f5846b746e1c9596ad9d8c85b155 Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Mon, 19 Feb 2024 10:01:41 +0800
|
||||
Subject: [PATCH 19/26] Fix potential integer overflow
|
||||
|
||||
---
|
||||
src/core/tasks/dim_core_measure_kernel.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/core/tasks/dim_core_measure_kernel.c b/src/core/tasks/dim_core_measure_kernel.c
|
||||
index d49095b..077f30a 100644
|
||||
--- a/src/core/tasks/dim_core_measure_kernel.c
|
||||
+++ b/src/core/tasks/dim_core_measure_kernel.c
|
||||
@@ -21,7 +21,7 @@
|
||||
|
||||
static int code_cmp(const void *a, const void *b)
|
||||
{
|
||||
- return *(unsigned long *)a - *(unsigned long *)b;
|
||||
+ return *(unsigned long *)a > *(unsigned long *)b ? 1 : 0;
|
||||
}
|
||||
|
||||
static int sort_jump_table(struct jump_entry *sjump,
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,25 +0,0 @@
|
||||
From 64e205655a1b8c885a1419116f1ddc724f07f844 Mon Sep 17 00:00:00 2001
|
||||
From: jinlun <jinlun@huawei.com>
|
||||
Date: Tue, 18 Jun 2024 09:34:57 +0800
|
||||
Subject: [PATCH 12/14] Fix print errors
|
||||
|
||||
---
|
||||
src/core/policy/dim_core_policy.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/core/policy/dim_core_policy.c b/src/core/policy/dim_core_policy.c
|
||||
index da734d3..adcdabe 100644
|
||||
--- a/src/core/policy/dim_core_policy.c
|
||||
+++ b/src/core/policy/dim_core_policy.c
|
||||
@@ -132,7 +132,7 @@ static int policy_check_add_module_text(struct dim_policy *policy)
|
||||
}
|
||||
|
||||
if (policy->path != NULL)
|
||||
- dim_warn("path is ignored for BPRM_TEXT policy\n");
|
||||
+ dim_warn("path is ignored for MODULE_TEXT policy\n");
|
||||
|
||||
if (policy->action != DIM_POLICY_ACTION_LOG)
|
||||
dim_warn("action is ignored for MODULE_TEXT policy\n");
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,37 +0,0 @@
|
||||
From ebcef654f8825e1db58a2d9bc62727ab9d4728a0 Mon Sep 17 00:00:00 2001
|
||||
From: jinlun <jinlun@huawei.com>
|
||||
Date: Mon, 17 Jun 2024 20:33:05 +0800
|
||||
Subject: [PATCH 08/14] Fix the issue that the memory allocation is too large.
|
||||
|
||||
---
|
||||
src/common/dim_utils.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/src/common/dim_utils.c b/src/common/dim_utils.c
|
||||
index 598e824..57ea3e9 100644
|
||||
--- a/src/common/dim_utils.c
|
||||
+++ b/src/common/dim_utils.c
|
||||
@@ -9,6 +9,8 @@
|
||||
#include "dim_safe_func.h"
|
||||
#include "dim_utils.h"
|
||||
|
||||
+#define DIM_MAX_LINE_BUF (8 * 1024)
|
||||
+
|
||||
int dim_get_absolute_path(const char *path, const char **result)
|
||||
{
|
||||
int ret = 0;
|
||||
@@ -83,6 +85,11 @@ int dim_parse_line_buf(char *buf, loff_t len, int (*line_parser)(char *, int, vo
|
||||
line = &buf[i + 1];
|
||||
} else {
|
||||
line_len = buf + i - line + 1;
|
||||
+ if (line_len + 1 > DIM_MAX_LINE_BUF) {
|
||||
+ dim_err("failed to alloc memory for line buff\n");
|
||||
+ return -ENOMEM;
|
||||
+ }
|
||||
+
|
||||
line_buf = dim_kzalloc_gfp(line_len + 1);
|
||||
if (line_buf == NULL)
|
||||
return -ENOMEM;
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,51 +0,0 @@
|
||||
From 3fe99160401896477f5a7c2747c9aceb15170fce Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Mon, 29 Apr 2024 23:45:00 +0800
|
||||
Subject: [PATCH 07/28] Fix the type of pcr
|
||||
|
||||
---
|
||||
src/common/dim_measure_log.c | 4 ++--
|
||||
src/common/dim_measure_log.h | 4 ++--
|
||||
2 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/common/dim_measure_log.c b/src/common/dim_measure_log.c
|
||||
index b84e635..4b3bd34 100644
|
||||
--- a/src/common/dim_measure_log.c
|
||||
+++ b/src/common/dim_measure_log.c
|
||||
@@ -272,9 +272,9 @@ int dim_measure_log_init_tree(struct dim_measure_log_tree *root,
|
||||
struct dim_hash *hash,
|
||||
struct dim_tpm *tpm,
|
||||
unsigned int cap,
|
||||
- char pcr)
|
||||
+ unsigned int pcr)
|
||||
{
|
||||
- if (root == NULL || hash == NULL || pcr < 0)
|
||||
+ if (root == NULL || hash == NULL)
|
||||
return -EINVAL;
|
||||
|
||||
rwlock_init(&root->lock);
|
||||
diff --git a/src/common/dim_measure_log.h b/src/common/dim_measure_log.h
|
||||
index 6ea2361..fcf53aa 100644
|
||||
--- a/src/common/dim_measure_log.h
|
||||
+++ b/src/common/dim_measure_log.h
|
||||
@@ -37,7 +37,7 @@ struct dim_measure_log_tree {
|
||||
struct list_head list_root; /* list root for printing logs in order */
|
||||
struct dim_hash *hash; /* algorithm for calculating log hash */
|
||||
struct dim_tpm *tpm;
|
||||
- char pcr;
|
||||
+ unsigned int pcr;
|
||||
rwlock_t lock;
|
||||
unsigned int count; /* number of log */
|
||||
unsigned int cap; /* capacity of log */
|
||||
@@ -93,7 +93,7 @@ static inline bool is_same_dim_measure_log(struct dim_measure_log *x,
|
||||
|
||||
int dim_measure_log_init_tree(struct dim_measure_log_tree *root,
|
||||
struct dim_hash *hash, struct dim_tpm *tpm,
|
||||
- unsigned int cap, char pcr);
|
||||
+ unsigned int cap, unsigned int pcr);
|
||||
void dim_measure_log_destroy_tree(struct dim_measure_log_tree *root);
|
||||
int dim_measure_log_add(struct dim_measure_log_tree *root,
|
||||
const char *name_str,
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,55 +0,0 @@
|
||||
From f96c809dc83d8d0f44e586ccc4441e80dfe135f4 Mon Sep 17 00:00:00 2001
|
||||
From: jinlun <jinlun@huawei.com>
|
||||
Date: Mon, 17 Jun 2024 19:59:15 +0800
|
||||
Subject: [PATCH 05/14] Maximun number of line in a modification policy
|
||||
|
||||
---
|
||||
src/core/policy/dim_core_policy.h | 2 +-
|
||||
src/core/policy/dim_core_policy_complex.c | 6 +++---
|
||||
2 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/core/policy/dim_core_policy.h b/src/core/policy/dim_core_policy.h
|
||||
index 7f2c756..3b38d13 100644
|
||||
--- a/src/core/policy/dim_core_policy.h
|
||||
+++ b/src/core/policy/dim_core_policy.h
|
||||
@@ -10,7 +10,7 @@
|
||||
/* the policy filepath */
|
||||
#define DIM_POLICY_PATH "/etc/dim/policy"
|
||||
/* max number of lines for parsing */
|
||||
-#define DIM_POLICY_LINE_MAX 10000
|
||||
+#define DIM_POLICY_LINE_MAX 100000
|
||||
|
||||
/* measurement object of policy */
|
||||
enum dim_policy_obj {
|
||||
diff --git a/src/core/policy/dim_core_policy_complex.c b/src/core/policy/dim_core_policy_complex.c
|
||||
index 8c02227..cba2dd7 100644
|
||||
--- a/src/core/policy/dim_core_policy_complex.c
|
||||
+++ b/src/core/policy/dim_core_policy_complex.c
|
||||
@@ -165,7 +165,7 @@ static int policy_parse_line(char* line, int line_no, void *data)
|
||||
ret = parse_line(line, policy);
|
||||
if (ret < 0) {
|
||||
policy_destroy(policy);
|
||||
- dim_err("fail to parse policy at line %d: %d\n", line_no, ret);
|
||||
+ dim_err("failed to parse policy at line %d: %d\n", line_no, ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -174,7 +174,7 @@ static int policy_parse_line(char* line, int line_no, void *data)
|
||||
policy_destroy(policy);
|
||||
/* ignore the repeat add */
|
||||
if (ret != -EEXIST)
|
||||
- dim_err("fail to add policy at line %d: %d\n", line_no, ret);
|
||||
+ dim_err("failed to add policy at line %d: %d\n", line_no, ret);
|
||||
return ret == -EEXIST ? 0 : ret;
|
||||
}
|
||||
|
||||
@@ -188,4 +188,4 @@ int policy_parse_complex_format(char *buf, size_t buf_len,
|
||||
return -EINVAL;
|
||||
|
||||
return dim_parse_line_buf(buf, buf_len, policy_parse_line, policy_add);
|
||||
-}
|
||||
\ No newline at end of file
|
||||
+}
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,209 +0,0 @@
|
||||
From fef290b506eb5aad0afab0183b577567d0d4d5ac Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Tue, 13 Feb 2024 21:33:21 +0800
|
||||
Subject: [PATCH 16/26] Optimize Makefile
|
||||
|
||||
1. Support to set the compile macro for different measure methods.
|
||||
2. Support the "make test" command
|
||||
---
|
||||
Makefile | 13 +++++++++++++
|
||||
src/Makefile | 40 ++++++++++++++++++++-------------------
|
||||
test/Makefile | 11 +++++++++++
|
||||
test/common.sh | 6 +++---
|
||||
test/test_dim_core.sh | 2 +-
|
||||
test/test_module/Makefile | 16 ++++++++--------
|
||||
6 files changed, 57 insertions(+), 31 deletions(-)
|
||||
create mode 100644 Makefile
|
||||
create mode 100644 test/Makefile
|
||||
|
||||
diff --git a/Makefile b/Makefile
|
||||
new file mode 100644
|
||||
index 0000000..4ac7c58
|
||||
--- /dev/null
|
||||
+++ b/Makefile
|
||||
@@ -0,0 +1,13 @@
|
||||
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
+
|
||||
+.PHONY: all test clean
|
||||
+
|
||||
+all:
|
||||
+ make -C src/
|
||||
+
|
||||
+test:
|
||||
+ make -C test/
|
||||
+
|
||||
+clean:
|
||||
+ make -C src/ clean
|
||||
+ make -C test/ clean
|
||||
\ No newline at end of file
|
||||
diff --git a/src/Makefile b/src/Makefile
|
||||
index af058d9..8f4dce8 100644
|
||||
--- a/src/Makefile
|
||||
+++ b/src/Makefile
|
||||
@@ -9,17 +9,21 @@ dim_core-objs += core/dim_core_mem_pool.o
|
||||
dim_core-objs += core/dim_core_measure.o
|
||||
dim_core-objs += core/dim_core_symbol.o
|
||||
dim_core-objs += core/dim_core_sig.o
|
||||
-dim_core-objs += core/static_baseline/dim_core_static_baseline.o
|
||||
-dim_core-objs += core/static_baseline/dim_core_static_baseline_complex.o
|
||||
+
|
||||
dim_core-objs += core/tasks/dim_core_measure_kernel.o
|
||||
dim_core-objs += core/tasks/dim_core_measure_module.o
|
||||
+dim_core-objs += core/tasks/dim_core_measure_process/dim_vm_hash.o
|
||||
+dim_core-objs += core/tasks/dim_core_measure_process/dim_core_measure_process.o
|
||||
+ifeq ($(DIM_CORE_MEASURE_PROCESS_ELF), y)
|
||||
dim_core-objs += core/tasks/dim_core_measure_process/dim_core_measure_process_elf.o
|
||||
+ccflags-y += -DDIM_CORE_MEASURE_PROCESS_ELF
|
||||
+else
|
||||
dim_core-objs += core/tasks/dim_core_measure_process/dim_core_measure_process_vma.o
|
||||
-dim_core-objs += core/tasks/dim_core_measure_process/dim_core_measure_process.o
|
||||
-dim_core-objs += core/tasks/dim_core_measure_process/dim_vm_hash.o
|
||||
+endif
|
||||
|
||||
dim_core-objs += core/policy/dim_core_policy.o
|
||||
dim_core-objs += core/policy/dim_core_policy_complex.o
|
||||
+
|
||||
dim_core-objs += core/static_baseline/dim_core_static_baseline.o
|
||||
dim_core-objs += core/static_baseline/dim_core_static_baseline_complex.o
|
||||
|
||||
@@ -40,6 +44,10 @@ dim_monitor-objs += monitor/dim_monitor_main.o
|
||||
dim_monitor-objs += monitor/dim_monitor_fs.o
|
||||
dim_monitor-objs += monitor/dim_monitor_measure.o
|
||||
dim_monitor-objs += monitor/dim_monitor_symbol.o
|
||||
+
|
||||
+dim_monitor-objs += monitor/measure_task/dim_monitor_measure_data.o
|
||||
+dim_monitor-objs += monitor/measure_task/dim_monitor_measure_text.o
|
||||
+
|
||||
dim_monitor-objs += common/dim_entry.o
|
||||
dim_monitor-objs += common/dim_hash.o
|
||||
dim_monitor-objs += common/dim_utils.o
|
||||
@@ -52,8 +60,6 @@ dim_monitor-objs += measure/dim_measure_baseline.o
|
||||
dim_monitor-objs += measure/dim_measure_task.o
|
||||
dim_monitor-objs += measure/dim_measure_utils.o
|
||||
dim_monitor-objs += measure/dim_measure_status.o
|
||||
-dim_monitor-objs += monitor/measure_task/dim_monitor_measure_data.o
|
||||
-dim_monitor-objs += monitor/measure_task/dim_monitor_measure_text.o
|
||||
|
||||
ccflags-y := -I$(src)/core
|
||||
ccflags-y += -I$(src)/core/static_baseline
|
||||
@@ -65,24 +71,20 @@ ccflags-y += -I$(src)/monitor/measure_task
|
||||
ccflags-y += -I$(src)/common
|
||||
ccflags-y += -I$(src)/measure
|
||||
|
||||
-EXTRA_CFLAGS += -Wall -Werror -D_FORTIFY_SOURCE=2 -O2 -fstack-protector-strong
|
||||
+ccflags-y += -Wall -Werror -D_FORTIFY_SOURCE=2 -O2 -fstack-protector-strong
|
||||
|
||||
KERNEL_SRC ?= /lib/modules/$(shell uname -r)/build
|
||||
PWD := $(shell pwd)
|
||||
|
||||
-.PHONY: install test clean
|
||||
+.PHONY: all modules modules_install clean
|
||||
|
||||
-all:
|
||||
- $(MAKE) -C $(KERNEL_SRC) M=$(PWD) modules KCPPFLAGS="${cflags-y}"
|
||||
+all: modules
|
||||
|
||||
-clean:
|
||||
- $(MAKE) -C $(KERNEL_SRC) M=$(PWD) clean
|
||||
+modules:
|
||||
+ $(MAKE) -C $(KERNEL_SRC) M=$(PWD) modules
|
||||
|
||||
-install:
|
||||
- rmmod -f dim_monitor || :
|
||||
- rmmod -f dim_core || :
|
||||
- insmod dim_core.ko
|
||||
- insmod dim_monitor.ko
|
||||
+modules_install:
|
||||
+ $(MAKE) -C $(KERNEL_SRC) M=$(PWD) modules_install
|
||||
|
||||
-test:
|
||||
- cd ../test && { sh test_dim_core.sh; sh test_dim_monitor.sh; }
|
||||
+clean:
|
||||
+ $(MAKE) -C $(KERNEL_SRC) M=$(PWD) clean
|
||||
diff --git a/test/Makefile b/test/Makefile
|
||||
new file mode 100644
|
||||
index 0000000..4a61307
|
||||
--- /dev/null
|
||||
+++ b/test/Makefile
|
||||
@@ -0,0 +1,11 @@
|
||||
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
+
|
||||
+.PHONY: test
|
||||
+
|
||||
+test:
|
||||
+ sh test_dim_core.sh
|
||||
+ sh test_dim_monitor.sh
|
||||
+
|
||||
+clean:
|
||||
+ rm -f log
|
||||
+ make -C test_module/ clean
|
||||
\ No newline at end of file
|
||||
diff --git a/test/common.sh b/test/common.sh
|
||||
index 3bd8ced..a16c564 100644
|
||||
--- a/test/common.sh
|
||||
+++ b/test/common.sh
|
||||
@@ -6,8 +6,8 @@ TEST_DEMO_DIR=/opt/dim/demo
|
||||
TEST_DEMO_BPRM=$TEST_DEMO_DIR/dim_test_demo
|
||||
|
||||
TEST_LOG=log
|
||||
-DIM_CORE_PATH=/root/dim/dim_core.ko
|
||||
-DIM_MONITOR_PATH=/root/dim/dim_monitor.ko
|
||||
+DIM_CORE_PATH=../src/dim_core.ko
|
||||
+DIM_MONITOR_PATH=../src/dim_monitor.ko
|
||||
|
||||
DIM_BASELINE_DIR_PATH=/etc/dim/digest_list
|
||||
DIM_POLICY_PATH=/etc/dim/policy
|
||||
@@ -144,7 +144,7 @@ DIM_BASELINE_DIR_ALL=("/usr/bin" "/usr/sbin" "/usr/lib64" "/usr/libexec" "/usr/l
|
||||
|
||||
dim_gen_baseline_all() {
|
||||
if [ $1 ]; then
|
||||
- digest_algorithm="-a sm3"
|
||||
+ digest_algorithm="-a$1"
|
||||
else
|
||||
digest_algorithm=""
|
||||
fi
|
||||
diff --git a/test/test_dim_core.sh b/test/test_dim_core.sh
|
||||
index 01fa2b9..8d707cc 100644
|
||||
--- a/test/test_dim_core.sh
|
||||
+++ b/test/test_dim_core.sh
|
||||
@@ -88,7 +88,7 @@ test_measure_all_text_normal() {
|
||||
}
|
||||
|
||||
test_measure_all_text_normal_sm3() {
|
||||
- dim_gen_baseline_all 1
|
||||
+ dim_gen_baseline_all sm3
|
||||
dim_gen_policy_all
|
||||
load_dim_modules "measure_hash=sm3"
|
||||
check_dim_core_log_normal
|
||||
diff --git a/test/test_module/Makefile b/test/test_module/Makefile
|
||||
index 4255525..240e73e 100644
|
||||
--- a/test/test_module/Makefile
|
||||
+++ b/test/test_module/Makefile
|
||||
@@ -2,15 +2,15 @@
|
||||
|
||||
obj-m := dim_test_module_demo.o
|
||||
|
||||
-KERNEL := $(DESTDIR)/lib/modules/$(shell uname -r)/build
|
||||
-CONFIG_MODULE_SIG=n
|
||||
-
|
||||
+KERNEL_SRC ?= /lib/modules/$(shell uname -r)/build
|
||||
PWD := $(shell pwd)
|
||||
|
||||
-modules :
|
||||
- $(MAKE) -C $(KERNEL) M=$(PWD) modules
|
||||
+.PHONY: all modules clean
|
||||
+
|
||||
+all: modules
|
||||
|
||||
-.PHONEY:clean
|
||||
+modules:
|
||||
+ $(MAKE) -C $(KERNEL_SRC) M=$(PWD) modules
|
||||
|
||||
-clean :
|
||||
- $(MAKE) -C $(KERNEL) SUBDIRS=$(PWD) clean
|
||||
+clean:
|
||||
+ $(MAKE) -C $(KERNEL_SRC) M=$(PWD) clean
|
||||
\ No newline at end of file
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,110 +0,0 @@
|
||||
From 8b7fea1bbb1796e710b9dea928de7e6e1715022f Mon Sep 17 00:00:00 2001
|
||||
From: jinlun <jinlun@huawei.com>
|
||||
Date: Mon, 17 Jun 2024 20:22:45 +0800
|
||||
Subject: [PATCH 06/14] Optimize task kill and log the static baseline when
|
||||
tampered
|
||||
|
||||
---
|
||||
.../dim_core_measure_process.c | 56 ++++---------------
|
||||
1 file changed, 12 insertions(+), 44 deletions(-)
|
||||
|
||||
diff --git a/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c b/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
|
||||
index c1efa02..2ea1980 100644
|
||||
--- a/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
|
||||
+++ b/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
|
||||
@@ -21,16 +21,6 @@
|
||||
#include "dim_core_measure_task.h"
|
||||
#include "dim_core_measure_process.h"
|
||||
|
||||
-/* max number of tasks to kill */
|
||||
-#define DIM_KILL_TASKS_MAX (1024)
|
||||
-
|
||||
-struct task_kill_ctx {
|
||||
- struct task_struct **buf;
|
||||
- int len;
|
||||
- int size;
|
||||
- int ret;
|
||||
-};
|
||||
-
|
||||
static struct vm_area_struct *next_module_text_vma(struct vm_area_struct *vma)
|
||||
{
|
||||
struct vm_area_struct *v = NULL;
|
||||
@@ -48,55 +38,33 @@ static struct vm_area_struct *next_module_text_vma(struct vm_area_struct *vma)
|
||||
return v;
|
||||
}
|
||||
|
||||
-static int store_task_tree(struct task_struct *p, void *data)
|
||||
+static int kill_task(struct task_struct *p, void * __always_unused data)
|
||||
{
|
||||
- unsigned int new_size = 0;
|
||||
- struct task_struct **tmp = NULL;
|
||||
- struct task_kill_ctx *ctx = (struct task_kill_ctx *)data;
|
||||
-
|
||||
- if (ctx->len == ctx->size) {
|
||||
- if (ctx->size >= DIM_KILL_TASKS_MAX)
|
||||
- return -ERANGE;
|
||||
-
|
||||
- /* realloc to size * 2 */
|
||||
- new_size = ctx->size << 1;
|
||||
- tmp = dim_krealloc_atom(ctx->buf,
|
||||
- new_size * sizeof(struct task_struct *));
|
||||
- if (tmp == NULL)
|
||||
- return -ENOMEM;
|
||||
-
|
||||
- ctx->buf = tmp;
|
||||
+ if (p == current) {
|
||||
+ /* dont kill the current process */
|
||||
+ dim_warn("don't kill the current process\n");
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
- ctx->buf[ctx->len++] = get_task_struct(p);
|
||||
+ send_sig(SIGKILL, p, 1);
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int kill_task_tree(struct task_struct *tsk)
|
||||
{
|
||||
- int i = 0;
|
||||
- const int def_size = 32;
|
||||
- struct task_kill_ctx ctx = { .size = def_size };
|
||||
-
|
||||
if (tsk->pid == 1) {
|
||||
/* dont kill the init process */
|
||||
dim_warn("the pid of tampered task is 1, don't kill it\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
- ctx.buf = dim_kzalloc_gfp(def_size * sizeof(struct task_struct *));
|
||||
- if (ctx.buf == NULL)
|
||||
- return -ENOMEM;
|
||||
-
|
||||
- dim_core_kernel_symbol.walk_process_tree(tsk, store_task_tree, &ctx);
|
||||
- if (ctx.len > 0) {
|
||||
- for (i = ctx.len - 1; i >= 0; i--) {
|
||||
- send_sig(SIGKILL, ctx.buf[i], 1);
|
||||
- put_task_struct(ctx.buf[i]);
|
||||
- }
|
||||
+ if (tsk == current) {
|
||||
+ /* dont kill the current process */
|
||||
+ dim_warn("don't kill the current process\n");
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
- dim_kfree(ctx.buf);
|
||||
+ dim_core_kernel_symbol.walk_process_tree(tsk, kill_task, NULL);
|
||||
send_sig(SIGKILL, tsk, 1);
|
||||
return 0;
|
||||
}
|
||||
@@ -140,7 +108,7 @@ static int check_process_digest(struct dim_digest *digest,
|
||||
return ret;
|
||||
}
|
||||
|
||||
- if (log_flag != LOG_TAMPERED ||
|
||||
+ if (log_flag != LOG_TAMPERED || ctx->mode != DIM_MEASURE ||
|
||||
dim_core_measure_action_get() == DIM_MEASURE_ACTION_DISABLE)
|
||||
return 0;
|
||||
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,747 +0,0 @@
|
||||
From cfa580aa836f8c7f93e28971827bc67fdc20c679 Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Mon, 19 Feb 2024 15:18:49 +0800
|
||||
Subject: [PATCH 21/26] Optimize test framework and add testcases
|
||||
|
||||
---
|
||||
test/Makefile | 16 ++-
|
||||
test/README.md | 23 ----
|
||||
test/common.sh | 47 ++++---
|
||||
test/test_dfx/Makefile | 11 ++
|
||||
test/test_dfx/test_dim_core_dfx.sh | 48 ++++++++
|
||||
test/test_dim_monitor.sh | 32 -----
|
||||
test/test_function/Makefile | 11 ++
|
||||
test/{ => test_function}/dim_test_demo.c | 2 +-
|
||||
.../dim_test_demo_tamper.c | 2 +-
|
||||
test/{ => test_function}/test_dim_core.sh | 34 +++--
|
||||
test/test_function/test_dim_monitor.sh | 47 +++++++
|
||||
test/{ => test_function}/test_module/Makefile | 2 +-
|
||||
.../test_module/dim_test_module_demo.c | 2 +-
|
||||
.../test_module/dim_test_module_demo_tamper.c | 2 +-
|
||||
test/test_interface/Makefile | 12 ++
|
||||
test/test_interface/test_dim_core_modparam.sh | 116 ++++++++++++++++++
|
||||
.../test_dim_monitor_modparam.sh | 79 ++++++++++++
|
||||
17 files changed, 393 insertions(+), 93 deletions(-)
|
||||
delete mode 100644 test/README.md
|
||||
create mode 100644 test/test_dfx/Makefile
|
||||
create mode 100644 test/test_dfx/test_dim_core_dfx.sh
|
||||
delete mode 100644 test/test_dim_monitor.sh
|
||||
create mode 100644 test/test_function/Makefile
|
||||
rename test/{ => test_function}/dim_test_demo.c (64%)
|
||||
rename test/{ => test_function}/dim_test_demo_tamper.c (68%)
|
||||
rename test/{ => test_function}/test_dim_core.sh (85%)
|
||||
create mode 100644 test/test_function/test_dim_monitor.sh
|
||||
rename test/{ => test_function}/test_module/Makefile (68%)
|
||||
rename test/{ => test_function}/test_module/dim_test_module_demo.c (80%)
|
||||
rename test/{ => test_function}/test_module/dim_test_module_demo_tamper.c (82%)
|
||||
create mode 100644 test/test_interface/Makefile
|
||||
create mode 100644 test/test_interface/test_dim_core_modparam.sh
|
||||
create mode 100644 test/test_interface/test_dim_monitor_modparam.sh
|
||||
|
||||
diff --git a/test/Makefile b/test/Makefile
|
||||
index 4a61307..435e818 100644
|
||||
--- a/test/Makefile
|
||||
+++ b/test/Makefile
|
||||
@@ -1,11 +1,15 @@
|
||||
-# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
|
||||
|
||||
-.PHONY: test
|
||||
+.PHONY: test clean
|
||||
+
|
||||
+all: test
|
||||
|
||||
test:
|
||||
- sh test_dim_core.sh
|
||||
- sh test_dim_monitor.sh
|
||||
+ make -C test_interface/ test
|
||||
+ make -C test_function/ test
|
||||
+ make -C test_dfx/ test
|
||||
|
||||
clean:
|
||||
- rm -f log
|
||||
- make -C test_module/ clean
|
||||
\ No newline at end of file
|
||||
+ make -C test_interface/ clean
|
||||
+ make -C test_function/ clean
|
||||
+ make -C test_dfx/ clean
|
||||
\ No newline at end of file
|
||||
diff --git a/test/README.md b/test/README.md
|
||||
deleted file mode 100644
|
||||
index b75f3e6..0000000
|
||||
--- a/test/README.md
|
||||
+++ /dev/null
|
||||
@@ -1,23 +0,0 @@
|
||||
-# DIM 测试文档
|
||||
-
|
||||
-## 1 前置条件
|
||||
-
|
||||
-**OS版本支持**:openEuler 23.09以上版本;
|
||||
-
|
||||
-**内核版本支持**:当前支持openEuler kernel 5.10/6.4版本;
|
||||
-
|
||||
-**注意**:DIM包含内核组件,相关步骤需要以管理员(root)权限运行。
|
||||
-
|
||||
-## 2 使用openEuler源进行安装
|
||||
-```
|
||||
-yum install dim dim_tools make gcc
|
||||
-```
|
||||
-
|
||||
-## 3 执行测试用例
|
||||
-```
|
||||
-cd dim/test/
|
||||
-sh test/test_dim_core.sh
|
||||
-sh test/test_monitor_core.sh
|
||||
-```
|
||||
-
|
||||
-**注意**:全量度量功能默认关闭,如有需要,请将用例添加到对应的case_list中
|
||||
\ No newline at end of file
|
||||
diff --git a/test/common.sh b/test/common.sh
|
||||
index a16c564..6772a35 100644
|
||||
--- a/test/common.sh
|
||||
+++ b/test/common.sh
|
||||
@@ -6,8 +6,8 @@ TEST_DEMO_DIR=/opt/dim/demo
|
||||
TEST_DEMO_BPRM=$TEST_DEMO_DIR/dim_test_demo
|
||||
|
||||
TEST_LOG=log
|
||||
-DIM_CORE_PATH=../src/dim_core.ko
|
||||
-DIM_MONITOR_PATH=../src/dim_monitor.ko
|
||||
+DIM_CORE_PATH=../../src/dim_core.ko
|
||||
+DIM_MONITOR_PATH=../../src/dim_monitor.ko
|
||||
|
||||
DIM_BASELINE_DIR_PATH=/etc/dim/digest_list
|
||||
DIM_POLICY_PATH=/etc/dim/policy
|
||||
@@ -23,6 +23,22 @@ DIM_TEST_MOD_DEMO_TAMPER_C=$TEST_MODULE_DIR/dim_test_module_demo_tamper.c
|
||||
|
||||
TEST_RESULT=0
|
||||
|
||||
+check_value_zero() {
|
||||
+ if [ $1 -ne 0 ]; then
|
||||
+ echo "failed to check value: $1 == 0, context: $2"
|
||||
+ TEST_RESULT=1
|
||||
+ return 1
|
||||
+ fi
|
||||
+}
|
||||
+
|
||||
+check_value_not_zero() {
|
||||
+ if [ $1 -eq 0 ]; then
|
||||
+ echo "failed to check value: $1 != 0, context: $2"
|
||||
+ TEST_RESULT=1
|
||||
+ return 1
|
||||
+ fi
|
||||
+}
|
||||
+
|
||||
dim_core_status() {
|
||||
cat /sys/kernel/security/dim/runtime_status
|
||||
}
|
||||
@@ -64,11 +80,11 @@ remove_dim_modules() {
|
||||
|
||||
load_dim_modules () {
|
||||
remove_dim_modules
|
||||
- load_dim_core_modules $1
|
||||
- load_dim_monitor_modules $2
|
||||
+ load_dim_core_module $1
|
||||
+ load_dim_monitor_module $2
|
||||
}
|
||||
|
||||
-load_dim_core_modules () {
|
||||
+load_dim_core_module () {
|
||||
# load dim_core module
|
||||
if [ ! $DIM_CORE_PATH ]; then
|
||||
modprobe dim_core $1
|
||||
@@ -78,11 +94,11 @@ load_dim_core_modules () {
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "fail to load dim_core!"
|
||||
- exit 1
|
||||
+ return 1
|
||||
fi
|
||||
}
|
||||
|
||||
-load_dim_monitor_modules () {
|
||||
+load_dim_monitor_module () {
|
||||
# load dim_monitor module
|
||||
if [ ! $DIM_MONITOR_PATH ]; then
|
||||
modprobe dim_monitor $1
|
||||
@@ -92,11 +108,15 @@ load_dim_monitor_modules () {
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "fail to load dim_monitor!"
|
||||
- exit 1
|
||||
+ return 1
|
||||
fi
|
||||
}
|
||||
|
||||
dim_backup_baseline_and_policy() {
|
||||
+ if [ -d $DIM_BASELINE_DIR_PATH.bak ]; then
|
||||
+ rm -rf $DIM_BASELINE_DIR_PATH.bak
|
||||
+ fi
|
||||
+
|
||||
if [ -d $DIM_BASELINE_DIR_PATH ]; then
|
||||
mv $DIM_BASELINE_DIR_PATH $DIM_BASELINE_DIR_PATH.bak
|
||||
fi
|
||||
@@ -376,15 +396,4 @@ run_dim_core_and_check_log() {
|
||||
fi
|
||||
}
|
||||
|
||||
-test_pre() {
|
||||
- mkdir -p $TEST_DEMO_DIR
|
||||
- gcc dim_test_demo.c -o $TEST_DEMO_DIR/dim_test_demo
|
||||
- dim_backup_baseline_and_policy
|
||||
- load_dim_modules
|
||||
-}
|
||||
-
|
||||
-test_post() {
|
||||
- remove_dim_modules
|
||||
- dim_restore_baseline_and_policy
|
||||
-}
|
||||
|
||||
diff --git a/test/test_dfx/Makefile b/test/test_dfx/Makefile
|
||||
new file mode 100644
|
||||
index 0000000..ed229ae
|
||||
--- /dev/null
|
||||
+++ b/test/test_dfx/Makefile
|
||||
@@ -0,0 +1,11 @@
|
||||
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
|
||||
+
|
||||
+.PHONY: test clean
|
||||
+
|
||||
+all: test
|
||||
+
|
||||
+test:
|
||||
+ sh test_dim_core_dfx.sh
|
||||
+
|
||||
+clean:
|
||||
+ rm -f log
|
||||
\ No newline at end of file
|
||||
diff --git a/test/test_dfx/test_dim_core_dfx.sh b/test/test_dfx/test_dim_core_dfx.sh
|
||||
new file mode 100644
|
||||
index 0000000..78deb33
|
||||
--- /dev/null
|
||||
+++ b/test/test_dfx/test_dim_core_dfx.sh
|
||||
@@ -0,0 +1,48 @@
|
||||
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
+#!/bin/bash
|
||||
+
|
||||
+. ../common.sh
|
||||
+
|
||||
+test_pre() {
|
||||
+ dim_backup_baseline_and_policy
|
||||
+ load_dim_core_module
|
||||
+ dim_gen_baseline_all
|
||||
+ dim_gen_policy_all
|
||||
+ TEST_RESULT=0
|
||||
+}
|
||||
+
|
||||
+test_post() {
|
||||
+ remove_dim_modules
|
||||
+ dim_restore_baseline_and_policy
|
||||
+}
|
||||
+
|
||||
+test_rmmod_when_baseline() {
|
||||
+ dim_core_baseline &
|
||||
+ # try to remove module when doing measurement
|
||||
+ for i in {1..1000}; do
|
||||
+ sleep 0.1
|
||||
+ rmmod dim_core &> /dev/null
|
||||
+ if [ $? -eq 0 ]; then
|
||||
+ break
|
||||
+ fi
|
||||
+ done
|
||||
+}
|
||||
+
|
||||
+case_list="
|
||||
+ test_rmmod_when_baseline \
|
||||
+ "
|
||||
+
|
||||
+echo "===== Start testing dim_core DFX ====="
|
||||
+
|
||||
+for case in $case_list; do
|
||||
+ test_pre
|
||||
+ $case
|
||||
+ if [ $TEST_RESULT -eq 0 ]; then
|
||||
+ echo "$case PASS"
|
||||
+ else
|
||||
+ echo "$case FAIL"
|
||||
+ fi
|
||||
+ test_post
|
||||
+done
|
||||
+
|
||||
+echo "===== End testing dim_core DFX ====="
|
||||
\ No newline at end of file
|
||||
diff --git a/test/test_dim_monitor.sh b/test/test_dim_monitor.sh
|
||||
deleted file mode 100644
|
||||
index b4a1ea8..0000000
|
||||
--- a/test/test_dim_monitor.sh
|
||||
+++ /dev/null
|
||||
@@ -1,32 +0,0 @@
|
||||
-# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
-#!/bin/bash
|
||||
-
|
||||
-. ./common.sh
|
||||
-
|
||||
-test_measure_monitor_normal() {
|
||||
- dim_gen_baseline_all
|
||||
- dim_gen_policy_all
|
||||
- check_dim_core_log_normal
|
||||
- check_dim_monitor_log_normal
|
||||
-}
|
||||
-
|
||||
-test_measure_monitor_tamper() {
|
||||
- test_measure_monitor_normal
|
||||
- check_dim_monitor_log_tampered
|
||||
-}
|
||||
-
|
||||
-# Full measurement. The test is disabled by default.
|
||||
-# case_list="test_measure_monitor_normal \
|
||||
-# test_measure_monitor_tamper"
|
||||
-case_list=""
|
||||
-
|
||||
-for case in $case_list; do
|
||||
- test_pre
|
||||
- $case
|
||||
- if [ $TEST_RESULT -eq 0 ]; then
|
||||
- echo "$case PASS"
|
||||
- else
|
||||
- echo "$case FAIL"
|
||||
- fi
|
||||
- test_post
|
||||
-done
|
||||
diff --git a/test/test_function/Makefile b/test/test_function/Makefile
|
||||
new file mode 100644
|
||||
index 0000000..2d792cd
|
||||
--- /dev/null
|
||||
+++ b/test/test_function/Makefile
|
||||
@@ -0,0 +1,11 @@
|
||||
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
|
||||
+
|
||||
+.PHONY: test clean
|
||||
+
|
||||
+test:
|
||||
+ sh test_dim_core.sh
|
||||
+ sh test_dim_monitor.sh
|
||||
+
|
||||
+clean:
|
||||
+ rm -f log
|
||||
+ make -C test_module/ clean
|
||||
\ No newline at end of file
|
||||
diff --git a/test/dim_test_demo.c b/test/test_function/dim_test_demo.c
|
||||
similarity index 64%
|
||||
rename from test/dim_test_demo.c
|
||||
rename to test/test_function/dim_test_demo.c
|
||||
index 113fc3d..5312d6d 100644
|
||||
--- a/test/dim_test_demo.c
|
||||
+++ b/test/test_function/dim_test_demo.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
- * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
diff --git a/test/dim_test_demo_tamper.c b/test/test_function/dim_test_demo_tamper.c
|
||||
similarity index 68%
|
||||
rename from test/dim_test_demo_tamper.c
|
||||
rename to test/test_function/dim_test_demo_tamper.c
|
||||
index 7f95775..40cae5d 100644
|
||||
--- a/test/dim_test_demo_tamper.c
|
||||
+++ b/test/test_function/dim_test_demo_tamper.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
- * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
diff --git a/test/test_dim_core.sh b/test/test_function/test_dim_core.sh
|
||||
similarity index 85%
|
||||
rename from test/test_dim_core.sh
|
||||
rename to test/test_function/test_dim_core.sh
|
||||
index 8d707cc..6ee5038 100644
|
||||
--- a/test/test_dim_core.sh
|
||||
+++ b/test/test_function/test_dim_core.sh
|
||||
@@ -1,7 +1,19 @@
|
||||
-# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
|
||||
#!/bin/bash
|
||||
|
||||
-. ./common.sh
|
||||
+. ../common.sh
|
||||
+
|
||||
+test_pre() {
|
||||
+ mkdir -p $TEST_DEMO_DIR
|
||||
+ gcc dim_test_demo.c -o $TEST_DEMO_DIR/dim_test_demo
|
||||
+ dim_backup_baseline_and_policy
|
||||
+ load_dim_modules
|
||||
+}
|
||||
+
|
||||
+test_post() {
|
||||
+ remove_dim_modules
|
||||
+ dim_restore_baseline_and_policy
|
||||
+}
|
||||
|
||||
test_measure_bprm_text_normal() {
|
||||
gen_dim_test_demo
|
||||
@@ -118,11 +130,13 @@ test_invalid_policy() {
|
||||
done &>> $TEST_LOG
|
||||
}
|
||||
|
||||
-# Full measurement. The test is disabled by default.
|
||||
-# test_measure_all_text_normal \
|
||||
-# test_measure_all_text_normal_sm3 \
|
||||
-# test_measure_all_text_normal_sign \
|
||||
-case_list="test_measure_bprm_text_normal \
|
||||
+# The following testcases are disabled by default:
|
||||
+# test_measure_all_text_normal
|
||||
+# test_measure_all_text_normal_sm3
|
||||
+# test_measure_all_text_normal_sign
|
||||
+
|
||||
+case_list="
|
||||
+ test_measure_bprm_text_normal \
|
||||
test_measure_bprm_text_no_baseline \
|
||||
test_measure_bprm_text_tamper_1 \
|
||||
test_measure_bprm_text_tamper_2 \
|
||||
@@ -130,7 +144,10 @@ case_list="test_measure_bprm_text_normal \
|
||||
test_measure_module_text_no_baseline \
|
||||
test_measure_module_text_tamper \
|
||||
test_measure_kernel_normal \
|
||||
- test_invalid_policy"
|
||||
+ test_invalid_policy \
|
||||
+ "
|
||||
+
|
||||
+echo "===== Start testing dim_core function ====="
|
||||
|
||||
for case in $case_list; do
|
||||
test_pre
|
||||
@@ -143,3 +160,4 @@ for case in $case_list; do
|
||||
test_post
|
||||
done
|
||||
|
||||
+echo "===== End testing dim_core function ====="
|
||||
\ No newline at end of file
|
||||
diff --git a/test/test_function/test_dim_monitor.sh b/test/test_function/test_dim_monitor.sh
|
||||
new file mode 100644
|
||||
index 0000000..2f9319b
|
||||
--- /dev/null
|
||||
+++ b/test/test_function/test_dim_monitor.sh
|
||||
@@ -0,0 +1,47 @@
|
||||
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
|
||||
+#!/bin/bash
|
||||
+
|
||||
+. ../common.sh
|
||||
+
|
||||
+test_pre() {
|
||||
+ dim_backup_baseline_and_policy
|
||||
+ load_dim_modules
|
||||
+}
|
||||
+
|
||||
+test_post() {
|
||||
+ remove_dim_modules
|
||||
+ dim_restore_baseline_and_policy
|
||||
+}
|
||||
+
|
||||
+test_measure_monitor_normal() {
|
||||
+ dim_gen_baseline_all
|
||||
+ dim_gen_policy_all
|
||||
+ check_dim_core_log_normal
|
||||
+ check_dim_monitor_log_normal
|
||||
+}
|
||||
+
|
||||
+test_measure_monitor_tamper() {
|
||||
+ test_measure_monitor_normal
|
||||
+ check_dim_monitor_log_tampered
|
||||
+}
|
||||
+
|
||||
+# The following testcases are disabled by default:
|
||||
+# test_measure_monitor_normal
|
||||
+# test_measure_monitor_tamper
|
||||
+
|
||||
+case_list=""
|
||||
+
|
||||
+echo "===== Start testing dim_monitor function ====="
|
||||
+
|
||||
+for case in $case_list; do
|
||||
+ test_pre
|
||||
+ $case
|
||||
+ if [ $TEST_RESULT -eq 0 ]; then
|
||||
+ echo "$case PASS"
|
||||
+ else
|
||||
+ echo "$case FAIL"
|
||||
+ fi
|
||||
+ test_post
|
||||
+done
|
||||
+
|
||||
+echo "===== End testing dim_monitor function ====="
|
||||
\ No newline at end of file
|
||||
diff --git a/test/test_module/Makefile b/test/test_function/test_module/Makefile
|
||||
similarity index 68%
|
||||
rename from test/test_module/Makefile
|
||||
rename to test/test_function/test_module/Makefile
|
||||
index 240e73e..e3e945b 100644
|
||||
--- a/test/test_module/Makefile
|
||||
+++ b/test/test_function/test_module/Makefile
|
||||
@@ -1,4 +1,4 @@
|
||||
-# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
|
||||
|
||||
obj-m := dim_test_module_demo.o
|
||||
|
||||
diff --git a/test/test_module/dim_test_module_demo.c b/test/test_function/test_module/dim_test_module_demo.c
|
||||
similarity index 80%
|
||||
rename from test/test_module/dim_test_module_demo.c
|
||||
rename to test/test_function/test_module/dim_test_module_demo.c
|
||||
index 3303365..f1a2ca7 100644
|
||||
--- a/test/test_module/dim_test_module_demo.c
|
||||
+++ b/test/test_function/test_module/dim_test_module_demo.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
- * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
|
||||
*/
|
||||
|
||||
#include <linux/module.h>
|
||||
diff --git a/test/test_module/dim_test_module_demo_tamper.c b/test/test_function/test_module/dim_test_module_demo_tamper.c
|
||||
similarity index 82%
|
||||
rename from test/test_module/dim_test_module_demo_tamper.c
|
||||
rename to test/test_function/test_module/dim_test_module_demo_tamper.c
|
||||
index c443d7b..25cb6f2 100644
|
||||
--- a/test/test_module/dim_test_module_demo_tamper.c
|
||||
+++ b/test/test_function/test_module/dim_test_module_demo_tamper.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
- * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
|
||||
*/
|
||||
|
||||
#include <linux/module.h>
|
||||
diff --git a/test/test_interface/Makefile b/test/test_interface/Makefile
|
||||
new file mode 100644
|
||||
index 0000000..0c41839
|
||||
--- /dev/null
|
||||
+++ b/test/test_interface/Makefile
|
||||
@@ -0,0 +1,12 @@
|
||||
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
|
||||
+
|
||||
+.PHONY: test clean
|
||||
+
|
||||
+all: test
|
||||
+
|
||||
+test:
|
||||
+ sh test_dim_core_modparam.sh
|
||||
+ sh test_dim_monitor_modparam.sh
|
||||
+
|
||||
+clean:
|
||||
+ rm -f log
|
||||
\ No newline at end of file
|
||||
diff --git a/test/test_interface/test_dim_core_modparam.sh b/test/test_interface/test_dim_core_modparam.sh
|
||||
new file mode 100644
|
||||
index 0000000..67cd815
|
||||
--- /dev/null
|
||||
+++ b/test/test_interface/test_dim_core_modparam.sh
|
||||
@@ -0,0 +1,116 @@
|
||||
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
|
||||
+#!/bin/bash
|
||||
+
|
||||
+. ../common.sh
|
||||
+
|
||||
+test_pre() {
|
||||
+ TEST_RESULT=0
|
||||
+}
|
||||
+
|
||||
+check_valid_module_param()
|
||||
+{
|
||||
+ remove_dim_modules
|
||||
+ load_dim_core_module $1 &> /dev/null
|
||||
+ check_value_zero $? $1
|
||||
+ remove_dim_modules
|
||||
+}
|
||||
+
|
||||
+check_invalid_module_param()
|
||||
+{
|
||||
+ remove_dim_modules
|
||||
+ load_dim_core_module $1 &> /dev/null
|
||||
+ check_value_not_zero $? $1
|
||||
+ remove_dim_modules
|
||||
+}
|
||||
+
|
||||
+test_module_param_measure_hash()
|
||||
+{
|
||||
+ check_valid_module_param measure_hash=sha256
|
||||
+ check_valid_module_param measure_hash=sm3
|
||||
+ check_invalid_module_param measure_hash=md5
|
||||
+ check_invalid_module_param measure_hash=abc
|
||||
+}
|
||||
+
|
||||
+test_module_param_measure_pcr()
|
||||
+{
|
||||
+ check_valid_module_param measure_pcr=0
|
||||
+ check_valid_module_param measure_pcr=1
|
||||
+ check_valid_module_param measure_pcr=11
|
||||
+ check_valid_module_param measure_pcr=127
|
||||
+ check_invalid_module_param measure_pcr=128
|
||||
+ check_invalid_module_param measure_pcr=-1
|
||||
+ check_invalid_module_param measure_pcr=abc
|
||||
+}
|
||||
+
|
||||
+test_module_param_measure_schedule()
|
||||
+{
|
||||
+ check_valid_module_param measure_schedule=0
|
||||
+ check_valid_module_param measure_schedule=50
|
||||
+ check_valid_module_param measure_schedule=1000
|
||||
+ check_invalid_module_param measure_schedule=-1
|
||||
+ check_invalid_module_param measure_schedule=abc
|
||||
+ check_invalid_module_param measure_schedule=1001
|
||||
+}
|
||||
+
|
||||
+test_module_param_measure_interval()
|
||||
+{
|
||||
+ dim_backup_baseline_and_policy
|
||||
+ dim_gen_policy_bprm_path /usr/bin/bash
|
||||
+ dim_gen_baseline_file /usr/bin/bash test.hash
|
||||
+ check_valid_module_param measure_interval=0
|
||||
+ check_valid_module_param measure_interval=1000
|
||||
+ check_valid_module_param measure_interval=525600
|
||||
+ check_invalid_module_param measure_interval=-1
|
||||
+ check_invalid_module_param measure_interval=abc
|
||||
+ # check_invalid_module_param measure_interval=525601
|
||||
+ dim_restore_baseline_and_policy
|
||||
+}
|
||||
+
|
||||
+test_module_param_measure_action()
|
||||
+{
|
||||
+ check_valid_module_param measure_action=0
|
||||
+ check_valid_module_param measure_action=1
|
||||
+ check_invalid_module_param measure_action=abc
|
||||
+}
|
||||
+
|
||||
+test_module_param_signature()
|
||||
+{
|
||||
+ check_valid_module_param signature=0
|
||||
+ check_valid_module_param signature=1
|
||||
+ check_invalid_module_param signature=abc
|
||||
+}
|
||||
+
|
||||
+test_module_param_measure_log_capacity()
|
||||
+{
|
||||
+ check_valid_module_param measure_log_capacity=100
|
||||
+ check_valid_module_param measure_log_capacity=10000
|
||||
+ check_valid_module_param measure_log_capacity=4294967295
|
||||
+ check_invalid_module_param measure_log_capacity=99
|
||||
+ check_invalid_module_param measure_log_capacity=0
|
||||
+ check_invalid_module_param measure_log_capacity=4294967296
|
||||
+ check_invalid_module_param measure_log_capacity=abc
|
||||
+}
|
||||
+
|
||||
+case_list="
|
||||
+ test_module_param_measure_hash \
|
||||
+ test_module_param_measure_pcr \
|
||||
+ test_module_param_measure_schedule \
|
||||
+ test_module_param_measure_interval \
|
||||
+ test_module_param_measure_action \
|
||||
+ test_module_param_signature \
|
||||
+ test_module_param_measure_log_capacity \
|
||||
+ "
|
||||
+
|
||||
+echo "===== Start testing dim_core module parameters ====="
|
||||
+
|
||||
+for case in $case_list; do
|
||||
+ test_pre
|
||||
+ $case
|
||||
+ if [ $TEST_RESULT -eq 0 ]; then
|
||||
+ echo "$case PASS"
|
||||
+ else
|
||||
+ echo "$case FAIL"
|
||||
+ fi
|
||||
+done
|
||||
+
|
||||
+echo "===== End testing dim_core module parameters ====="
|
||||
\ No newline at end of file
|
||||
diff --git a/test/test_interface/test_dim_monitor_modparam.sh b/test/test_interface/test_dim_monitor_modparam.sh
|
||||
new file mode 100644
|
||||
index 0000000..1aaedf1
|
||||
--- /dev/null
|
||||
+++ b/test/test_interface/test_dim_monitor_modparam.sh
|
||||
@@ -0,0 +1,79 @@
|
||||
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2024. All rights reserved.
|
||||
+#!/bin/bash
|
||||
+
|
||||
+. ../common.sh
|
||||
+
|
||||
+test_pre() {
|
||||
+ remove_dim_modules
|
||||
+ load_dim_core_module
|
||||
+ TEST_RESULT=0
|
||||
+}
|
||||
+
|
||||
+test_post() {
|
||||
+ remove_dim_modules
|
||||
+}
|
||||
+
|
||||
+check_valid_module_param()
|
||||
+{
|
||||
+ load_dim_monitor_module $1 &> /dev/null
|
||||
+ check_value_zero $? $1
|
||||
+ rmmod dim_monitor &> /dev/null
|
||||
+}
|
||||
+
|
||||
+check_invalid_module_param()
|
||||
+{
|
||||
+ load_dim_monitor_module $1 &> /dev/null
|
||||
+ check_value_not_zero $? $1
|
||||
+ rmmod dim_monitor &> /dev/null
|
||||
+}
|
||||
+
|
||||
+test_module_param_measure_hash()
|
||||
+{
|
||||
+ check_valid_module_param measure_hash=sha256
|
||||
+ check_valid_module_param measure_hash=sm3
|
||||
+ check_invalid_module_param measure_hash=md5
|
||||
+ check_invalid_module_param measure_hash=abc
|
||||
+}
|
||||
+
|
||||
+test_module_param_measure_pcr()
|
||||
+{
|
||||
+ check_valid_module_param measure_pcr=0
|
||||
+ check_valid_module_param measure_pcr=1
|
||||
+ check_valid_module_param measure_pcr=11
|
||||
+ check_valid_module_param measure_pcr=127
|
||||
+ check_invalid_module_param measure_pcr=128
|
||||
+ check_invalid_module_param measure_pcr=-1
|
||||
+ check_invalid_module_param measure_pcr=abc
|
||||
+}
|
||||
+
|
||||
+test_module_param_measure_log_capacity()
|
||||
+{
|
||||
+ check_valid_module_param measure_log_capacity=100
|
||||
+ check_valid_module_param measure_log_capacity=10000
|
||||
+ check_valid_module_param measure_log_capacity=4294967295
|
||||
+ check_invalid_module_param measure_log_capacity=99
|
||||
+ check_invalid_module_param measure_log_capacity=0
|
||||
+ check_invalid_module_param measure_log_capacity=4294967296
|
||||
+ check_invalid_module_param measure_log_capacity=abc
|
||||
+}
|
||||
+
|
||||
+
|
||||
+case_list="
|
||||
+ test_module_param_measure_hash \
|
||||
+ test_module_param_measure_pcr \
|
||||
+ test_module_param_measure_log_capacity \
|
||||
+ "
|
||||
+
|
||||
+echo "===== Start testing dim_monitor module parameters ====="
|
||||
+
|
||||
+for case in $case_list; do
|
||||
+ test_pre
|
||||
+ $case
|
||||
+ if [ $TEST_RESULT -eq 0 ]; then
|
||||
+ echo "$case PASS"
|
||||
+ else
|
||||
+ echo "$case FAIL"
|
||||
+ fi
|
||||
+done
|
||||
+
|
||||
+echo "===== End testing dim_monitor module parameters ====="
|
||||
\ No newline at end of file
|
||||
--
|
||||
2.33.0
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -1,404 +0,0 @@
|
||||
From c31d3b93f68151bf82196500b6f664e6ce8e1373 Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Tue, 13 Feb 2024 16:44:40 +0800
|
||||
Subject: [PATCH 14/26] Refactor the dim_core static baseline implement
|
||||
|
||||
Refactor the static baseline code and separate baseline text parsing
|
||||
and baseline management to make it easier to extend other file format.
|
||||
---
|
||||
src/Makefile | 4 +-
|
||||
src/core/dim_core_measure.c | 2 +-
|
||||
src/core/dim_core_static_baseline.h | 21 ----
|
||||
.../dim_core_static_baseline.c | 98 +++----------------
|
||||
.../dim_core_static_baseline.h | 42 ++++++++
|
||||
.../dim_core_static_baseline_complex.c | 89 +++++++++++++++++
|
||||
6 files changed, 151 insertions(+), 105 deletions(-)
|
||||
delete mode 100644 src/core/dim_core_static_baseline.h
|
||||
rename src/core/{ => static_baseline}/dim_core_static_baseline.c (52%)
|
||||
create mode 100644 src/core/static_baseline/dim_core_static_baseline.h
|
||||
create mode 100644 src/core/static_baseline/dim_core_static_baseline_complex.c
|
||||
|
||||
diff --git a/src/Makefile b/src/Makefile
|
||||
index a17ce5b..8f94052 100644
|
||||
--- a/src/Makefile
|
||||
+++ b/src/Makefile
|
||||
@@ -6,13 +6,14 @@ obj-m += dim_monitor.o
|
||||
dim_core-objs += core/dim_core_main.o
|
||||
dim_core-objs += core/dim_core_fs.o
|
||||
dim_core-objs += core/dim_core_mem_pool.o
|
||||
-dim_core-objs += core/dim_core_static_baseline.o
|
||||
dim_core-objs += core/dim_core_measure.o
|
||||
dim_core-objs += core/dim_core_symbol.o
|
||||
dim_core-objs += core/dim_core_sig.o
|
||||
dim_core-objs += core/measure_task/dim_core_measure_kernel.o
|
||||
dim_core-objs += core/measure_task/dim_core_measure_module.o
|
||||
dim_core-objs += core/measure_task/dim_core_measure_task.o
|
||||
+dim_core-objs += core/static_baseline/dim_core_static_baseline.o
|
||||
+dim_core-objs += core/static_baseline/dim_core_static_baseline_complex.o
|
||||
dim_core-objs += core/policy/dim_core_policy.o
|
||||
dim_core-objs += core/policy/dim_core_policy_complex.o
|
||||
dim_core-objs += common/dim_entry.o
|
||||
@@ -48,6 +49,7 @@ dim_monitor-objs += monitor/measure_task/dim_monitor_measure_data.o
|
||||
dim_monitor-objs += monitor/measure_task/dim_monitor_measure_text.o
|
||||
|
||||
ccflags-y := -I$(src)/core
|
||||
+ccflags-y += -I$(src)/core/static_baseline
|
||||
ccflags-y += -I$(src)/core/measure_task
|
||||
ccflags-y += -I$(src)/core/policy
|
||||
ccflags-y += -I$(src)/monitor
|
||||
diff --git a/src/core/dim_core_measure.c b/src/core/dim_core_measure.c
|
||||
index 3f1d6e4..4ccbd0c 100644
|
||||
--- a/src/core/dim_core_measure.c
|
||||
+++ b/src/core/dim_core_measure.c
|
||||
@@ -86,7 +86,7 @@ static int baseline_prepare(struct dim_measure *m)
|
||||
dim_baseline_destroy_tree(&m->dynamic_baseline);
|
||||
|
||||
/* 3. reload dim baseline */
|
||||
- ret = dim_core_static_baseline_load();
|
||||
+ ret = dim_core_static_baseline_load(m);
|
||||
if (ret < 0) {
|
||||
dim_err("failed to load dim static baseline: %d\n", ret);
|
||||
dim_core_policy_destroy();
|
||||
diff --git a/src/core/dim_core_static_baseline.h b/src/core/dim_core_static_baseline.h
|
||||
deleted file mode 100644
|
||||
index af4d1f9..0000000
|
||||
--- a/src/core/dim_core_static_baseline.h
|
||||
+++ /dev/null
|
||||
@@ -1,21 +0,0 @@
|
||||
-/*
|
||||
- * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
- */
|
||||
-
|
||||
-#ifndef __DIM_CORE_STATIC_BASELINE_H
|
||||
-#define __DIM_CORE_STATIC_BASELINE_H
|
||||
-
|
||||
-#include "dim_measure.h"
|
||||
-
|
||||
-#define DIM_STATIC_BASELINE_ROOT "/etc/dim/digest_list"
|
||||
-#define DIM_STATIC_BASELINE_LINE_MAX 10000
|
||||
-
|
||||
-#define DIM_STATIC_BASELINE_PREFIX "dim"
|
||||
-/* dim KERNEL sha256:{digest} {PATH_MAX}\n*/
|
||||
-#define DIM_STATIC_BASELINE_LEN_MAX (strlen(DIM_STATIC_BASELINE_PREFIX) + 1 + \
|
||||
- NAME_MAX + 1 + NAME_MAX + 1 + \
|
||||
- PATH_MAX + 1 + 1)
|
||||
-
|
||||
-int dim_core_static_baseline_load(void);
|
||||
-
|
||||
-#endif
|
||||
diff --git a/src/core/dim_core_static_baseline.c b/src/core/static_baseline/dim_core_static_baseline.c
|
||||
similarity index 52%
|
||||
rename from src/core/dim_core_static_baseline.c
|
||||
rename to src/core/static_baseline/dim_core_static_baseline.c
|
||||
index 1a87cfd..49810f3 100644
|
||||
--- a/src/core/dim_core_static_baseline.c
|
||||
+++ b/src/core/static_baseline/dim_core_static_baseline.c
|
||||
@@ -2,12 +2,8 @@
|
||||
* Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
*/
|
||||
|
||||
-#include <linux/fs.h>
|
||||
-#include <linux/err.h>
|
||||
-#include <linux/errno.h>
|
||||
#include <linux/slab.h>
|
||||
#include <linux/uaccess.h>
|
||||
-#include <linux/limits.h>
|
||||
#include <linux/vmalloc.h>
|
||||
#include <linux/utsname.h>
|
||||
#include <linux/namei.h>
|
||||
@@ -15,14 +11,13 @@
|
||||
|
||||
#include "dim_utils.h"
|
||||
#include "dim_hash.h"
|
||||
-#include "dim_baseline.h"
|
||||
|
||||
#include "dim_core_sig.h"
|
||||
#include "dim_core_policy.h"
|
||||
#include "dim_core_measure.h"
|
||||
#include "dim_core_static_baseline.h"
|
||||
|
||||
-static bool match_policy(const char *name, int type)
|
||||
+static bool baseline_match_policy(const char *name, int type)
|
||||
{
|
||||
const char *kr = init_uts_ns.name.release;
|
||||
unsigned int kr_len = strlen(kr);
|
||||
@@ -47,81 +42,13 @@ static bool match_policy(const char *name, int type)
|
||||
DIM_POLICY_KEY_NAME, mod_name);
|
||||
}
|
||||
|
||||
-static int parse_simple_baseline_line(char* line, int line_no, void *data)
|
||||
+static int baseline_check_add(const char *name, int type,
|
||||
+ struct dim_digest *digest,
|
||||
+ struct dim_measure *m)
|
||||
{
|
||||
- int ret = 0;
|
||||
- int type = 0;
|
||||
- size_t len = 0;
|
||||
- char *p = NULL;
|
||||
- char *line_str = line;
|
||||
- struct dim_digest digest = { 0 };
|
||||
-
|
||||
- if (line_no > DIM_STATIC_BASELINE_LINE_MAX) {
|
||||
- dim_warn("more than %d baseline items will be ignored\n",
|
||||
- DIM_STATIC_BASELINE_LINE_MAX);
|
||||
- return -E2BIG;
|
||||
- }
|
||||
-
|
||||
- if (strlen(line) == 0 || line[0] == '#')
|
||||
- return 0; /* ignore blank line and comment */
|
||||
-
|
||||
- if (strlen(line) > DIM_STATIC_BASELINE_LEN_MAX) {
|
||||
- dim_err("overlength item at line %d\n", line_no);
|
||||
- return 0; /* ignore baseline parsing failed */
|
||||
- }
|
||||
-
|
||||
- if ((p = strsep(&line_str, " ")) == NULL ||
|
||||
- strcmp(p, DIM_STATIC_BASELINE_PREFIX) != 0) {
|
||||
- dim_warn("invalid baseline prefix at line %d\n", line_no);
|
||||
- return 0;
|
||||
- }
|
||||
-
|
||||
- if ((p = strsep(&line_str, " ")) == NULL ||
|
||||
- (type = dim_baseline_get_type(p)) == DIM_BASELINE_LAST) {
|
||||
- dim_warn("invalid baseline type at line %d\n", line_no);
|
||||
- return 0;
|
||||
- }
|
||||
-
|
||||
- if ((p = strsep(&line_str, ":")) == NULL ||
|
||||
- (digest.algo = dim_hash_algo(p)) == HASH_ALGO__LAST) {
|
||||
- dim_warn("invalid baseline algo at line %d\n", line_no);
|
||||
- return 0;
|
||||
- }
|
||||
-
|
||||
- if ((p = strsep(&line_str, " ")) == NULL ||
|
||||
- strlen(p) != (dim_digest_size(digest.algo) << 1) ||
|
||||
- hex2bin(digest.data, p, dim_digest_size(digest.algo)) < 0) {
|
||||
- dim_warn("invalid baseline digest at line %d\n", line_no);
|
||||
- return 0;
|
||||
- }
|
||||
-
|
||||
- if (line_str == NULL) {
|
||||
- dim_warn("no baseline name at line %d\n", line_no);
|
||||
- return 0;
|
||||
- }
|
||||
-
|
||||
- len = strlen(line_str);
|
||||
- if (len == 0 || len > PATH_MAX) {
|
||||
- dim_warn("invalid baseline name at line %d\n", line_no);
|
||||
- return 0;
|
||||
- }
|
||||
-
|
||||
- if (!match_policy(line_str, type))
|
||||
- return 0;
|
||||
-
|
||||
- ret = dim_measure_static_baseline_add(&dim_core_handle, line_str,
|
||||
- type, &digest);
|
||||
- if (ret < 0)
|
||||
- dim_warn("failed to add static baseline at line %d: %d\n",
|
||||
- line_no, ret);
|
||||
- return 0;
|
||||
+ return dim_measure_static_baseline_add(m, name, type, digest);
|
||||
}
|
||||
|
||||
-struct readdir_ctx {
|
||||
- struct dir_context ctx;
|
||||
- struct path *path;
|
||||
-};
|
||||
-
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0)
|
||||
static int
|
||||
#else
|
||||
@@ -134,11 +61,12 @@ static_baseline_load(struct dir_context *__ctx,
|
||||
unsigned long long ino,
|
||||
unsigned d_type)
|
||||
{
|
||||
- struct readdir_ctx *ctx = container_of(__ctx, typeof(*ctx), ctx);
|
||||
+ struct baseline_parse_ctx *ctx = container_of(__ctx, typeof(*ctx), ctx);
|
||||
int ret;
|
||||
void *buf = NULL;
|
||||
unsigned long buf_len = 0;
|
||||
|
||||
+ /* baseline file must end with '.hash' */
|
||||
if (d_type != DT_REG || (!dim_string_end_with(name, ".hash")))
|
||||
goto out; /* ignore invalid files */
|
||||
|
||||
@@ -149,7 +77,7 @@ static_baseline_load(struct dir_context *__ctx,
|
||||
}
|
||||
|
||||
buf_len = ret;
|
||||
- ret = dim_parse_line_buf(buf, buf_len, parse_simple_baseline_line, NULL);
|
||||
+ ret = dim_baseline_parse(buf, buf_len, ctx);
|
||||
if (ret < 0)
|
||||
dim_err("failed to parse baseline file %s: %d\n", name, ret);
|
||||
out:
|
||||
@@ -163,16 +91,22 @@ out:
|
||||
#endif
|
||||
}
|
||||
|
||||
-int dim_core_static_baseline_load(void)
|
||||
+int dim_core_static_baseline_load(struct dim_measure *m)
|
||||
{
|
||||
int ret = 0;
|
||||
struct path kpath;
|
||||
struct file *file = NULL;
|
||||
- struct readdir_ctx buf = {
|
||||
+ struct baseline_parse_ctx buf = {
|
||||
.ctx.actor = static_baseline_load,
|
||||
.path = &kpath,
|
||||
+ .m = m,
|
||||
+ .add = baseline_check_add,
|
||||
+ .match = baseline_match_policy,
|
||||
};
|
||||
|
||||
+ if (m == NULL)
|
||||
+ return -EINVAL;
|
||||
+
|
||||
ret = kern_path(DIM_STATIC_BASELINE_ROOT, LOOKUP_DIRECTORY, &kpath);
|
||||
if (ret < 0) {
|
||||
dim_err("failed to get dim baseline root path: %d", ret);
|
||||
diff --git a/src/core/static_baseline/dim_core_static_baseline.h b/src/core/static_baseline/dim_core_static_baseline.h
|
||||
new file mode 100644
|
||||
index 0000000..988b02d
|
||||
--- /dev/null
|
||||
+++ b/src/core/static_baseline/dim_core_static_baseline.h
|
||||
@@ -0,0 +1,42 @@
|
||||
+/*
|
||||
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
+ */
|
||||
+
|
||||
+#ifndef __DIM_CORE_STATIC_BASELINE_H
|
||||
+#define __DIM_CORE_STATIC_BASELINE_H
|
||||
+
|
||||
+#include <linux/fs.h>
|
||||
+
|
||||
+#include "dim_measure.h"
|
||||
+
|
||||
+/* directory to store the static baseline files */
|
||||
+#define DIM_STATIC_BASELINE_ROOT "/etc/dim/digest_list"
|
||||
+
|
||||
+/* callback function to check if a baseline is matched the policy */
|
||||
+typedef bool (*baseline_match_func)(const char *name, int type);
|
||||
+
|
||||
+/* callback function to add baseline to measurement handle */
|
||||
+typedef int (*baseline_add_func)(const char *name, int type,
|
||||
+ struct dim_digest *digest,
|
||||
+ struct dim_measure *m);
|
||||
+
|
||||
+/* the context used in directory walking and file parsing */
|
||||
+struct baseline_parse_ctx {
|
||||
+ /* context for directory walking */
|
||||
+ struct dir_context ctx;
|
||||
+ /* current directory path */
|
||||
+ struct path *path;
|
||||
+ struct dim_measure *m;
|
||||
+ baseline_match_func match;
|
||||
+ baseline_add_func add;
|
||||
+};
|
||||
+
|
||||
+/* function implemented to parse the static baseline file in complex format */
|
||||
+int baseline_parse_complex_format(char *buf, size_t buf_len,
|
||||
+ struct baseline_parse_ctx *ctx);
|
||||
+#define dim_baseline_parse baseline_parse_complex_format
|
||||
+
|
||||
+/* build or rebuild the static baseline into the measurement handle */
|
||||
+int dim_core_static_baseline_load(struct dim_measure *m);
|
||||
+
|
||||
+#endif
|
||||
diff --git a/src/core/static_baseline/dim_core_static_baseline_complex.c b/src/core/static_baseline/dim_core_static_baseline_complex.c
|
||||
new file mode 100644
|
||||
index 0000000..685118f
|
||||
--- /dev/null
|
||||
+++ b/src/core/static_baseline/dim_core_static_baseline_complex.c
|
||||
@@ -0,0 +1,89 @@
|
||||
+/*
|
||||
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
+ */
|
||||
+
|
||||
+#include "dim_utils.h"
|
||||
+#include "dim_core_static_baseline.h"
|
||||
+
|
||||
+#define DIM_STATIC_BASELINE_LINE_MAX 10000
|
||||
+
|
||||
+#define DIM_STATIC_BASELINE_PREFIX "dim"
|
||||
+/* dim KERNEL sha256:{digest} {PATH_MAX}\n*/
|
||||
+#define DIM_STATIC_BASELINE_LEN_MAX (strlen(DIM_STATIC_BASELINE_PREFIX) + 1 + \
|
||||
+ NAME_MAX + 1 + NAME_MAX + 1 + \
|
||||
+ PATH_MAX + 1 + 1)
|
||||
+
|
||||
+static int parse_line(char* line, int line_no, void *data)
|
||||
+{
|
||||
+ int type = 0;
|
||||
+ size_t len = 0;
|
||||
+ char *p = NULL;
|
||||
+ char *line_str = line;
|
||||
+ struct dim_digest digest = { 0 };
|
||||
+ struct baseline_parse_ctx *ctx = data;
|
||||
+
|
||||
+ if (line_no > DIM_STATIC_BASELINE_LINE_MAX) {
|
||||
+ dim_warn("more than %d baseline items will be ignored\n",
|
||||
+ DIM_STATIC_BASELINE_LINE_MAX);
|
||||
+ return -E2BIG;
|
||||
+ }
|
||||
+
|
||||
+ if (strlen(line) == 0 || line[0] == '#')
|
||||
+ return 0; /* ignore blank line and comment */
|
||||
+
|
||||
+ if (strlen(line) > DIM_STATIC_BASELINE_LEN_MAX) {
|
||||
+ dim_err("overlength item at line %d\n", line_no);
|
||||
+ return 0; /* ignore baseline parsing failed */
|
||||
+ }
|
||||
+
|
||||
+ if ((p = strsep(&line_str, " ")) == NULL ||
|
||||
+ strcmp(p, DIM_STATIC_BASELINE_PREFIX) != 0) {
|
||||
+ dim_warn("invalid baseline prefix at line %d\n", line_no);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ if ((p = strsep(&line_str, " ")) == NULL ||
|
||||
+ (type = dim_baseline_get_type(p)) == DIM_BASELINE_LAST) {
|
||||
+ dim_warn("invalid baseline type at line %d\n", line_no);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ if ((p = strsep(&line_str, ":")) == NULL ||
|
||||
+ (digest.algo = dim_hash_algo(p)) == HASH_ALGO__LAST) {
|
||||
+ dim_warn("invalid baseline algo at line %d\n", line_no);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ if ((p = strsep(&line_str, " ")) == NULL ||
|
||||
+ strlen(p) != (dim_digest_size(digest.algo) << 1) ||
|
||||
+ hex2bin(digest.data, p, dim_digest_size(digest.algo)) < 0) {
|
||||
+ dim_warn("invalid baseline digest at line %d\n", line_no);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ if (line_str == NULL) {
|
||||
+ dim_warn("no baseline name at line %d\n", line_no);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ len = strlen(line_str);
|
||||
+ if (len == 0 || len > PATH_MAX) {
|
||||
+ dim_warn("invalid baseline name at line %d\n", line_no);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ if (!ctx->match(line_str, type))
|
||||
+ return 0;
|
||||
+
|
||||
+ return ctx->add(line_str, type, &digest, ctx->m);
|
||||
+}
|
||||
+
|
||||
+int baseline_parse_complex_format(char *buf, size_t buf_len,
|
||||
+ struct baseline_parse_ctx *ctx)
|
||||
+{
|
||||
+ if (buf == NULL || buf_len == 0 || ctx == NULL || ctx->m == NULL ||
|
||||
+ ctx->match == NULL || ctx->add == NULL)
|
||||
+ return -EINVAL;
|
||||
+
|
||||
+ return dim_parse_line_buf(buf, buf_len, parse_line, ctx);
|
||||
+}
|
||||
--
|
||||
2.33.0
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -1,40 +0,0 @@
|
||||
From 79ad6482e5156c864973ca9e9f7f1a0e68290aa8 Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Tue, 30 Apr 2024 00:42:43 +0800
|
||||
Subject: [PATCH 09/28] Remove unused symbol in dim_core
|
||||
|
||||
---
|
||||
src/core/dim_core_symbol.c | 14 +++-----------
|
||||
1 file changed, 3 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/src/core/dim_core_symbol.c b/src/core/dim_core_symbol.c
|
||||
index eeb9240..38c9f02 100644
|
||||
--- a/src/core/dim_core_symbol.c
|
||||
+++ b/src/core/dim_core_symbol.c
|
||||
@@ -45,20 +45,12 @@ int dim_core_kallsyms_init(void)
|
||||
k->find_get_task_by_vpid = (DIM_FIND_GET_TASK_BY_VPID)
|
||||
dim_kallsyms_lookup_name("find_get_task_by_vpid");
|
||||
#endif
|
||||
-#ifndef JUMP_LABEL_NOP_SIZE
|
||||
- k->arch_jump_entry_size = (DIM_ARCH_JUMP_ENTRY_SIZE)
|
||||
- dim_kallsyms_lookup_name("arch_jump_entry_size");
|
||||
-#endif
|
||||
|
||||
return (k->stext == NULL || k->etext == NULL ||
|
||||
-#ifndef JUMP_LABEL_NOP_SIZE
|
||||
- k->arch_jump_entry_size == NULL ||
|
||||
-#endif
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 4, 0)
|
||||
k->find_module == NULL || k->find_get_task_by_vpid == NULL ||
|
||||
#endif
|
||||
- k->start_jump_table == NULL || k->stop_jump_table == NULL ||
|
||||
- k->jump_label_lock == NULL || k->jump_label_lock == NULL ||
|
||||
- k->walk_process_tree == NULL) ? -ENOENT : 0;
|
||||
+ k->start_jump_table == NULL || k->stop_jump_table == NULL ||
|
||||
+ k->jump_label_lock == NULL || k->jump_label_lock == NULL ||
|
||||
+ k->walk_process_tree == NULL) ? -ENOENT : 0;
|
||||
}
|
||||
-
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,29 +0,0 @@
|
||||
From 388653ae7f32fe19af71405f5d08d0f7cde7b2ba Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Tue, 20 Feb 2024 12:50:23 +0800
|
||||
Subject: [PATCH 24/26] Set dim_core_keyring to NULL when initialize failed
|
||||
|
||||
---
|
||||
src/core/dim_core_sig.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/core/dim_core_sig.c b/src/core/dim_core_sig.c
|
||||
index f142050..07e11d8 100644
|
||||
--- a/src/core/dim_core_sig.c
|
||||
+++ b/src/core/dim_core_sig.c
|
||||
@@ -182,8 +182,11 @@ int dim_core_sig_init(void)
|
||||
ret = 0;
|
||||
err:
|
||||
dim_vfree(data);
|
||||
- if (ret < 0)
|
||||
+ if (ret < 0) {
|
||||
key_put(dim_core_keyring);
|
||||
+ dim_core_keyring = NULL;
|
||||
+ }
|
||||
+
|
||||
return ret;
|
||||
}
|
||||
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,193 +0,0 @@
|
||||
From 76f757dd080abd646128ec39d8752ca1ab746355 Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Fri, 8 Mar 2024 18:45:36 +0800
|
||||
Subject: [PATCH 26/26] Support init function for measure tasks
|
||||
|
||||
---
|
||||
src/core/dim_core_measure.c | 4 ++-
|
||||
src/core/tasks/dim_core_measure_kernel.c | 2 ++
|
||||
src/core/tasks/dim_core_measure_module.c | 2 ++
|
||||
src/measure/dim_measure.c | 1 +
|
||||
src/measure/dim_measure.h | 4 +++
|
||||
src/measure/dim_measure_task.c | 32 ++++++++++++++++++-
|
||||
src/monitor/dim_monitor_measure.c | 4 ++-
|
||||
.../measure_task/dim_monitor_measure_data.c | 2 ++
|
||||
.../measure_task/dim_monitor_measure_text.c | 2 ++
|
||||
9 files changed, 50 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/core/dim_core_measure.c b/src/core/dim_core_measure.c
|
||||
index ff134e5..f5b378c 100644
|
||||
--- a/src/core/dim_core_measure.c
|
||||
+++ b/src/core/dim_core_measure.c
|
||||
@@ -18,7 +18,9 @@ static struct dim_measure_task *dim_core_tasks[] = {
|
||||
};
|
||||
|
||||
/* the global measurement handle */
|
||||
-struct dim_measure dim_core_handle = { 0 };
|
||||
+struct dim_measure dim_core_handle = {
|
||||
+ .task_list = LIST_HEAD_INIT(dim_core_handle.task_list),
|
||||
+};
|
||||
|
||||
/* lock to prevent trigger multiple measurement */
|
||||
DEFINE_MUTEX(dim_core_measure_lock);
|
||||
diff --git a/src/core/tasks/dim_core_measure_kernel.c b/src/core/tasks/dim_core_measure_kernel.c
|
||||
index dbf0dfe..fa04ae4 100644
|
||||
--- a/src/core/tasks/dim_core_measure_kernel.c
|
||||
+++ b/src/core/tasks/dim_core_measure_kernel.c
|
||||
@@ -165,5 +165,7 @@ static int kernel_text_measure(int mode, struct dim_measure *m)
|
||||
|
||||
struct dim_measure_task dim_core_measure_task_kernel_text = {
|
||||
.name = "dim_core_measure_task_kernel_text",
|
||||
+ .init = NULL,
|
||||
+ .destroy = NULL,
|
||||
.measure = kernel_text_measure,
|
||||
};
|
||||
diff --git a/src/core/tasks/dim_core_measure_module.c b/src/core/tasks/dim_core_measure_module.c
|
||||
index aa3e2f3..feb6624 100644
|
||||
--- a/src/core/tasks/dim_core_measure_module.c
|
||||
+++ b/src/core/tasks/dim_core_measure_module.c
|
||||
@@ -108,5 +108,7 @@ static int module_text_measure(int mode, struct dim_measure *m)
|
||||
|
||||
struct dim_measure_task dim_core_measure_task_module_text = {
|
||||
.name = "dim_core_measure_task_module_text",
|
||||
+ .init = NULL,
|
||||
+ .destroy = NULL,
|
||||
.measure = module_text_measure,
|
||||
};
|
||||
diff --git a/src/measure/dim_measure.c b/src/measure/dim_measure.c
|
||||
index 06e9bb5..dd35cb8 100644
|
||||
--- a/src/measure/dim_measure.c
|
||||
+++ b/src/measure/dim_measure.c
|
||||
@@ -91,6 +91,7 @@ void dim_measure_destroy(struct dim_measure *m)
|
||||
return;
|
||||
|
||||
mutex_lock(&m->measure_lock);
|
||||
+ dim_measure_tasks_unregister_all(m);
|
||||
dim_measure_log_destroy_tree(&m->log);
|
||||
dim_baseline_destroy_tree(&m->static_baseline);
|
||||
dim_baseline_destroy_tree(&m->dynamic_baseline);
|
||||
diff --git a/src/measure/dim_measure.h b/src/measure/dim_measure.h
|
||||
index d2ca326..d73fbaf 100644
|
||||
--- a/src/measure/dim_measure.h
|
||||
+++ b/src/measure/dim_measure.h
|
||||
@@ -78,6 +78,9 @@ struct dim_measure_task {
|
||||
struct list_head node;
|
||||
/* task name for log printing */
|
||||
const char *name;
|
||||
+ /* init and destroy functions */
|
||||
+ int (*init)(void);
|
||||
+ void (*destroy)(void);
|
||||
/* measure function */
|
||||
int (*measure)(int mode, struct dim_measure *m);
|
||||
};
|
||||
@@ -105,6 +108,7 @@ int dim_measure_dynamic_baseline_search(struct dim_measure *m,
|
||||
int dim_measure_tasks_register(struct dim_measure *m,
|
||||
struct dim_measure_task **tasks,
|
||||
unsigned int num);
|
||||
+void dim_measure_tasks_unregister_all(struct dim_measure *m);
|
||||
void dim_measure_task_measure(int mode, struct dim_measure *m);
|
||||
|
||||
/* functions for dim measurement status */
|
||||
diff --git a/src/measure/dim_measure_task.c b/src/measure/dim_measure_task.c
|
||||
index ed97388..adfc57d 100644
|
||||
--- a/src/measure/dim_measure_task.c
|
||||
+++ b/src/measure/dim_measure_task.c
|
||||
@@ -62,13 +62,29 @@ void dim_measure_task_measure(int mode, struct dim_measure *m)
|
||||
|
||||
static int task_register(struct dim_measure *m, struct dim_measure_task *t)
|
||||
{
|
||||
+ int ret = 0;
|
||||
+
|
||||
if (t == NULL || t->name == NULL || t->measure == NULL)
|
||||
return -EINVAL;
|
||||
|
||||
+ if (t->init != NULL) {
|
||||
+ ret = t->init();
|
||||
+ if (ret < 0)
|
||||
+ return ret;
|
||||
+ }
|
||||
+
|
||||
list_add_tail(&t->node, &m->task_list);
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static void task_unregister(struct dim_measure_task *t)
|
||||
+{
|
||||
+ if (t->destroy != NULL)
|
||||
+ t->destroy();
|
||||
+
|
||||
+ list_del(&t->node);
|
||||
+}
|
||||
+
|
||||
int dim_measure_tasks_register(struct dim_measure *m,
|
||||
struct dim_measure_task **tasks,
|
||||
unsigned int num)
|
||||
@@ -81,11 +97,25 @@ int dim_measure_tasks_register(struct dim_measure *m,
|
||||
|
||||
for (; i < num; i++) {
|
||||
ret = task_register(m, tasks[i]);
|
||||
- if (ret < 0)
|
||||
+ if (ret < 0) {
|
||||
+ dim_measure_tasks_unregister_all(m);
|
||||
return ret;
|
||||
+ }
|
||||
|
||||
dim_info("register measure task: %s\n", tasks[i]->name);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
+
|
||||
+void dim_measure_tasks_unregister_all(struct dim_measure *m)
|
||||
+{
|
||||
+ struct dim_measure_task *pos = NULL;
|
||||
+ struct dim_measure_task *n = NULL;
|
||||
+
|
||||
+ if (m == NULL)
|
||||
+ return;
|
||||
+
|
||||
+ list_for_each_entry_safe(pos, n, &m->task_list, node)
|
||||
+ task_unregister(pos);
|
||||
+}
|
||||
diff --git a/src/monitor/dim_monitor_measure.c b/src/monitor/dim_monitor_measure.c
|
||||
index f21ed0e..748d5f9 100644
|
||||
--- a/src/monitor/dim_monitor_measure.c
|
||||
+++ b/src/monitor/dim_monitor_measure.c
|
||||
@@ -21,7 +21,9 @@ static struct dim_measure_task *dim_core_tasks[] = {
|
||||
};
|
||||
|
||||
/* the global measurement handle */
|
||||
-struct dim_measure dim_monitor_handle = { 0 };
|
||||
+struct dim_measure dim_monitor_handle = {
|
||||
+ .task_list = LIST_HEAD_INIT(dim_monitor_handle.task_list),
|
||||
+};
|
||||
|
||||
/* lock to prevent trigger multiple measurement */
|
||||
DEFINE_MUTEX(dim_monitor_measure_lock);
|
||||
diff --git a/src/monitor/measure_task/dim_monitor_measure_data.c b/src/monitor/measure_task/dim_monitor_measure_data.c
|
||||
index 5762dc1..029840c 100644
|
||||
--- a/src/monitor/measure_task/dim_monitor_measure_data.c
|
||||
+++ b/src/monitor/measure_task/dim_monitor_measure_data.c
|
||||
@@ -52,5 +52,7 @@ static int module_text_measure(int mode, struct dim_measure *m)
|
||||
|
||||
struct dim_measure_task dim_monitor_measure_data = {
|
||||
.name = "dim_monitor_measure_data",
|
||||
+ .init = NULL,
|
||||
+ .destroy = NULL,
|
||||
.measure = module_text_measure,
|
||||
};
|
||||
diff --git a/src/monitor/measure_task/dim_monitor_measure_text.c b/src/monitor/measure_task/dim_monitor_measure_text.c
|
||||
index de6c77d..fc7dbf7 100644
|
||||
--- a/src/monitor/measure_task/dim_monitor_measure_text.c
|
||||
+++ b/src/monitor/measure_task/dim_monitor_measure_text.c
|
||||
@@ -60,5 +60,7 @@ static int module_text_measure(int mode, struct dim_measure *m)
|
||||
|
||||
struct dim_measure_task dim_monitor_measure_text = {
|
||||
.name = "dim_monitor_measure_text",
|
||||
+ .init = NULL,
|
||||
+ .destroy = NULL,
|
||||
.measure = module_text_measure,
|
||||
};
|
||||
--
|
||||
2.33.0
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -1,43 +0,0 @@
|
||||
From 3c7a97428e8605ddcd12f7928f590d6f89d664f8 Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Sun, 5 May 2024 11:43:10 +0800
|
||||
Subject: [PATCH 06/28] Try to add the absolute path of process in static
|
||||
baseline
|
||||
|
||||
Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
---
|
||||
.../static_baseline/dim_core_static_baseline.c | 18 +++++++++++++++++-
|
||||
1 file changed, 17 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/core/static_baseline/dim_core_static_baseline.c b/src/core/static_baseline/dim_core_static_baseline.c
|
||||
index e33c67c..ff05690 100644
|
||||
--- a/src/core/static_baseline/dim_core_static_baseline.c
|
||||
+++ b/src/core/static_baseline/dim_core_static_baseline.c
|
||||
@@ -46,7 +46,23 @@ static int baseline_check_add(const char *name, int type,
|
||||
struct dim_digest *digest,
|
||||
struct dim_measure *m)
|
||||
{
|
||||
- return dim_measure_static_baseline_add(m, name, type, digest);
|
||||
+ int ret = 0;
|
||||
+ const char *real_path = NULL;
|
||||
+
|
||||
+ if (type == DIM_BASELINE_KERNEL)
|
||||
+ return dim_measure_static_baseline_add(m, name, type, digest);
|
||||
+
|
||||
+ /* for process, try to add the absolute path */
|
||||
+ ret = dim_get_absolute_path(name, &real_path);
|
||||
+ if (ret < 0) {
|
||||
+ dim_warn("failed to get absolute path of %s in static baeline: %d\n",
|
||||
+ name, ret);
|
||||
+ return dim_measure_static_baseline_add(m, name, type, digest);
|
||||
+ }
|
||||
+
|
||||
+ ret = dim_measure_static_baseline_add(m, real_path, type, digest);
|
||||
+ dim_kfree(real_path);
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0)
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,71 +0,0 @@
|
||||
From fc44808dc01e95de501db0e2ca9ad84bb4815948 Mon Sep 17 00:00:00 2001
|
||||
From: jinlun <jinlun@huawei.com>
|
||||
Date: Tue, 18 Jun 2024 09:32:10 +0800
|
||||
Subject: [PATCH 11/14] Unified log printing format
|
||||
|
||||
---
|
||||
src/core/policy/dim_core_policy.c | 16 ++++++++--------
|
||||
1 file changed, 8 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/src/core/policy/dim_core_policy.c b/src/core/policy/dim_core_policy.c
|
||||
index f10a256..da734d3 100644
|
||||
--- a/src/core/policy/dim_core_policy.c
|
||||
+++ b/src/core/policy/dim_core_policy.c
|
||||
@@ -70,17 +70,17 @@ static int policy_check_add_bprm_text(struct dim_policy *policy)
|
||||
|
||||
/* check the policy is valid */
|
||||
if (policy->path == NULL) {
|
||||
- pr_err("path must be set for BPRM_TEXT policy\n");
|
||||
+ dim_err("path must be set for BPRM_TEXT policy\n");
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (strlen(policy->path) + 1 > PATH_MAX) {
|
||||
- pr_err("path must be shorter than %d\n", PATH_MAX);
|
||||
+ dim_err("path must be shorter than %d\n", PATH_MAX);
|
||||
return -ENAMETOOLONG;
|
||||
}
|
||||
|
||||
if (policy->name != NULL)
|
||||
- pr_warn("name is ignored for BPRM_TEXT policy\n");
|
||||
+ dim_warn("name is ignored for BPRM_TEXT policy\n");
|
||||
|
||||
/* firstly, add the current node */
|
||||
ret = dim_policy_rb_add(&policy_root, policy, NULL);
|
||||
@@ -122,20 +122,20 @@ static int policy_check_add_bprm_text(struct dim_policy *policy)
|
||||
static int policy_check_add_module_text(struct dim_policy *policy)
|
||||
{
|
||||
if (policy->name == NULL) {
|
||||
- pr_err("name must be set for MODULE_TEXT policy\n");
|
||||
+ dim_err("name must be set for MODULE_TEXT policy\n");
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (strlen(policy->name) + 1 > NAME_MAX) {
|
||||
- pr_err("name must be shorter than %d\n", NAME_MAX);
|
||||
+ dim_err("name must be shorter than %d\n", NAME_MAX);
|
||||
return -ENAMETOOLONG;
|
||||
}
|
||||
|
||||
if (policy->path != NULL)
|
||||
- pr_warn("path is ignored for BPRM_TEXT policy\n");
|
||||
+ dim_warn("path is ignored for BPRM_TEXT policy\n");
|
||||
|
||||
if (policy->action != DIM_POLICY_ACTION_LOG)
|
||||
- pr_warn("action is ignored for MODULE_TEXT policy\n");
|
||||
+ dim_warn("action is ignored for MODULE_TEXT policy\n");
|
||||
|
||||
return dim_policy_rb_add(&policy_root, policy, NULL);
|
||||
}
|
||||
@@ -144,7 +144,7 @@ static int policy_check_add_kernel_text(struct dim_policy *policy)
|
||||
{
|
||||
if (policy->name != NULL || policy->path != NULL ||
|
||||
policy->action != DIM_POLICY_ACTION_LOG)
|
||||
- pr_warn("all parameters are ignored for KERNEL_TEXT policy\n");
|
||||
+ dim_warn("all parameters are ignored for KERNEL_TEXT policy\n");
|
||||
|
||||
return dim_policy_rb_add(&policy_root, policy, NULL);
|
||||
}
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,25 +0,0 @@
|
||||
From b135b54b3d973d8bd63193be377d8ef6b1bb0ea5 Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Tue, 20 Feb 2024 12:49:42 +0800
|
||||
Subject: [PATCH 23/26] Use warpper dim_vzalloc to avoid false warning
|
||||
|
||||
---
|
||||
src/core/tasks/dim_core_measure_kernel.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/core/tasks/dim_core_measure_kernel.c b/src/core/tasks/dim_core_measure_kernel.c
|
||||
index 077f30a..dbf0dfe 100644
|
||||
--- a/src/core/tasks/dim_core_measure_kernel.c
|
||||
+++ b/src/core/tasks/dim_core_measure_kernel.c
|
||||
@@ -31,7 +31,7 @@ static int sort_jump_table(struct jump_entry *sjump,
|
||||
unsigned int i;
|
||||
unsigned long *buf = NULL;
|
||||
|
||||
- buf = vzalloc(sizeof(unsigned long) * jump_counts);
|
||||
+ buf = dim_vzalloc(sizeof(unsigned long) * jump_counts);
|
||||
if (buf == NULL)
|
||||
return -ENOMEM;
|
||||
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,32 +0,0 @@
|
||||
From 03facf95debc7d34e64b69a1da8200ada1f0a75a Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Thu, 9 May 2024 15:47:18 +0800
|
||||
Subject: [PATCH 13/28] add missing line break in log printing
|
||||
|
||||
---
|
||||
src/core/dim_core_measure.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/core/dim_core_measure.c b/src/core/dim_core_measure.c
|
||||
index 2ccd1a1..caf767c 100644
|
||||
--- a/src/core/dim_core_measure.c
|
||||
+++ b/src/core/dim_core_measure.c
|
||||
@@ -73,13 +73,13 @@ int dim_core_interval_set(unsigned int min)
|
||||
|
||||
atomic_set(&measure_interval, min);
|
||||
if (min == 0) {
|
||||
- dim_info("cancel dim timed measure work");
|
||||
+ dim_info("cancel dim timed measure work\n");
|
||||
cancel_delayed_work_sync(&dim_measure_work);
|
||||
} else {
|
||||
jiffies = nsecs_to_jiffies64((unsigned long)min *
|
||||
DIM_MINUTE_TO_NSEC);
|
||||
dim_info("modify dim measure interval to %u min "
|
||||
- "(jittfies = 0x%lx)", min, jiffies);
|
||||
+ "(jittfies = 0x%lx)\n", min, jiffies);
|
||||
mod_delayed_work(dim_work_queue, &dim_measure_work, jiffies);
|
||||
}
|
||||
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,71 +0,0 @@
|
||||
From 363b0761d007fa20e165f385a085a2fcf6fc11a0 Mon Sep 17 00:00:00 2001
|
||||
From: jinlun <jinlun@huawei.com>
|
||||
Date: Tue, 18 Jun 2024 09:45:47 +0800
|
||||
Subject: [PATCH 13/14] add parameter check
|
||||
|
||||
---
|
||||
src/common/dim_measure_log.c | 3 +++
|
||||
src/core/tasks/dim_core_measure_kernel.c | 6 +++---
|
||||
src/core/tasks/dim_core_measure_module.c | 6 ++++--
|
||||
3 files changed, 10 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/common/dim_measure_log.c b/src/common/dim_measure_log.c
|
||||
index 4b3bd34..59654a5 100644
|
||||
--- a/src/common/dim_measure_log.c
|
||||
+++ b/src/common/dim_measure_log.c
|
||||
@@ -33,6 +33,9 @@ static int cal_measure_log_digest(const char *name,
|
||||
int digest_size = dim_digest_size(info->digest.algo);
|
||||
SHASH_DESC_ON_STACK(shash, hash->tfm);
|
||||
|
||||
+ if (algo_name == NULL)
|
||||
+ return -EINVAL;
|
||||
+
|
||||
shash->tfm = hash->tfm;
|
||||
ret = crypto_shash_init(shash);
|
||||
if (ret < 0)
|
||||
diff --git a/src/core/tasks/dim_core_measure_kernel.c b/src/core/tasks/dim_core_measure_kernel.c
|
||||
index fa04ae4..bb7fd74 100644
|
||||
--- a/src/core/tasks/dim_core_measure_kernel.c
|
||||
+++ b/src/core/tasks/dim_core_measure_kernel.c
|
||||
@@ -139,13 +139,13 @@ static int kernel_text_measure(int mode, struct dim_measure *m)
|
||||
{
|
||||
int ret = 0;
|
||||
const char *kr = init_uts_ns.name.release;
|
||||
- struct dim_digest digest = {
|
||||
- .algo = m->hash.algo,
|
||||
- };
|
||||
+ struct dim_digest digest = {0};
|
||||
|
||||
if (m == NULL)
|
||||
return -EINVAL;
|
||||
|
||||
+ digest.algo = m->hash.algo;
|
||||
+
|
||||
if (!dim_core_policy_match(DIM_POLICY_OBJ_KERNEL_TEXT,
|
||||
DIM_POLICY_KEY_NAME, kr))
|
||||
return 0;
|
||||
diff --git a/src/core/tasks/dim_core_measure_module.c b/src/core/tasks/dim_core_measure_module.c
|
||||
index feb6624..613e0e5 100644
|
||||
--- a/src/core/tasks/dim_core_measure_module.c
|
||||
+++ b/src/core/tasks/dim_core_measure_module.c
|
||||
@@ -64,13 +64,15 @@ static int measure_module(struct dim_policy *policy, void *data)
|
||||
{
|
||||
int ret = 0;
|
||||
struct module_text_measure_ctx *ctx = data;
|
||||
- const char *mod_name = policy->name;
|
||||
+ const char *mod_name = NULL;
|
||||
struct dim_digest digest = { 0 };
|
||||
|
||||
if (policy == NULL || policy->obj != DIM_POLICY_OBJ_MODULE_TEXT ||
|
||||
- mod_name == NULL)
|
||||
+ policy->name == NULL)
|
||||
return 0;
|
||||
|
||||
+ mod_name = policy->name;
|
||||
+
|
||||
/* if module is not inserted in baseline_init stage, ignore it */
|
||||
if (ctx->mode == DIM_MEASURE &&
|
||||
dim_measure_dynamic_baseline_search(ctx->m, mod_name,
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,65 +0,0 @@
|
||||
From 59720657cc90aad769fa6a7bef2175f12dae72ef Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Mon, 29 Apr 2024 23:02:27 +0800
|
||||
Subject: [PATCH 04/28] add two interfaces for baseline operations
|
||||
|
||||
---
|
||||
src/measure/dim_measure.h | 7 +++++++
|
||||
src/measure/dim_measure_baseline.c | 20 ++++++++++++++++++++
|
||||
2 files changed, 27 insertions(+)
|
||||
|
||||
diff --git a/src/measure/dim_measure.h b/src/measure/dim_measure.h
|
||||
index d73fbaf..f5140f0 100644
|
||||
--- a/src/measure/dim_measure.h
|
||||
+++ b/src/measure/dim_measure.h
|
||||
@@ -101,9 +101,16 @@ int dim_measure_process_dynamic_result(struct dim_measure *m, int mode,
|
||||
int dim_measure_static_baseline_add(struct dim_measure *m,
|
||||
const char *name, int type,
|
||||
struct dim_digest *digest);
|
||||
+int dim_measure_dynamic_baseline_add(struct dim_measure *m,
|
||||
+ const char *name, int type,
|
||||
+ struct dim_digest *digest);
|
||||
+int dim_measure_static_baseline_search(struct dim_measure *m,
|
||||
+ const char *name, int type,
|
||||
+ struct dim_digest *digest);
|
||||
int dim_measure_dynamic_baseline_search(struct dim_measure *m,
|
||||
const char *name, int type,
|
||||
struct dim_digest *digest);
|
||||
+
|
||||
/* functions for dim measurement task */
|
||||
int dim_measure_tasks_register(struct dim_measure *m,
|
||||
struct dim_measure_task **tasks,
|
||||
diff --git a/src/measure/dim_measure_baseline.c b/src/measure/dim_measure_baseline.c
|
||||
index c62d6be..b73b639 100644
|
||||
--- a/src/measure/dim_measure_baseline.c
|
||||
+++ b/src/measure/dim_measure_baseline.c
|
||||
@@ -224,6 +224,26 @@ int dim_measure_static_baseline_add(struct dim_measure *m,
|
||||
return static_baseline_add(m, name, type, digest);
|
||||
}
|
||||
|
||||
+int dim_measure_dynamic_baseline_add(struct dim_measure *m,
|
||||
+ const char *name, int type,
|
||||
+ struct dim_digest *digest)
|
||||
+{
|
||||
+ if (m == NULL)
|
||||
+ return -EINVAL;
|
||||
+
|
||||
+ return dynamic_baseline_add(m, name, type, digest);
|
||||
+}
|
||||
+
|
||||
+int dim_measure_static_baseline_search(struct dim_measure *m,
|
||||
+ const char *name, int type,
|
||||
+ struct dim_digest *digest)
|
||||
+{
|
||||
+ if (m == NULL)
|
||||
+ return -EINVAL;
|
||||
+
|
||||
+ return static_baseline_search(m, name, type, digest);
|
||||
+}
|
||||
+
|
||||
int dim_measure_dynamic_baseline_search(struct dim_measure *m,
|
||||
const char *name, int type,
|
||||
struct dim_digest *digest)
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,758 +0,0 @@
|
||||
From 25fde75cbadc10af97e6684a52e72d516b974de5 Mon Sep 17 00:00:00 2001
|
||||
From: jinlun <jinlun@huawei.com>
|
||||
Date: Mon, 6 Nov 2023 20:29:16 +0800
|
||||
Subject: [PATCH 04/26] dim: add test code
|
||||
|
||||
---
|
||||
test/README.md | 23 ++
|
||||
test/common.sh | 390 ++++++++++++++++++
|
||||
test/dim_test_demo.c | 12 +
|
||||
test/dim_test_demo_tamper.c | 13 +
|
||||
test/test_dim_core.sh | 145 +++++++
|
||||
test/test_dim_monitor.sh | 32 ++
|
||||
test/test_module/Makefile | 16 +
|
||||
test/test_module/dim_test_module_demo.c | 20 +
|
||||
.../test_module/dim_test_module_demo_tamper.c | 23 ++
|
||||
9 files changed, 674 insertions(+)
|
||||
create mode 100644 test/README.md
|
||||
create mode 100644 test/common.sh
|
||||
create mode 100644 test/dim_test_demo.c
|
||||
create mode 100644 test/dim_test_demo_tamper.c
|
||||
create mode 100644 test/test_dim_core.sh
|
||||
create mode 100644 test/test_dim_monitor.sh
|
||||
create mode 100644 test/test_module/Makefile
|
||||
create mode 100644 test/test_module/dim_test_module_demo.c
|
||||
create mode 100644 test/test_module/dim_test_module_demo_tamper.c
|
||||
|
||||
diff --git a/test/README.md b/test/README.md
|
||||
new file mode 100644
|
||||
index 0000000..b75f3e6
|
||||
--- /dev/null
|
||||
+++ b/test/README.md
|
||||
@@ -0,0 +1,23 @@
|
||||
+# DIM 测试文档
|
||||
+
|
||||
+## 1 前置条件
|
||||
+
|
||||
+**OS版本支持**:openEuler 23.09以上版本;
|
||||
+
|
||||
+**内核版本支持**:当前支持openEuler kernel 5.10/6.4版本;
|
||||
+
|
||||
+**注意**:DIM包含内核组件,相关步骤需要以管理员(root)权限运行。
|
||||
+
|
||||
+## 2 使用openEuler源进行安装
|
||||
+```
|
||||
+yum install dim dim_tools make gcc
|
||||
+```
|
||||
+
|
||||
+## 3 执行测试用例
|
||||
+```
|
||||
+cd dim/test/
|
||||
+sh test/test_dim_core.sh
|
||||
+sh test/test_monitor_core.sh
|
||||
+```
|
||||
+
|
||||
+**注意**:全量度量功能默认关闭,如有需要,请将用例添加到对应的case_list中
|
||||
\ No newline at end of file
|
||||
diff --git a/test/common.sh b/test/common.sh
|
||||
new file mode 100644
|
||||
index 0000000..3bd8ced
|
||||
--- /dev/null
|
||||
+++ b/test/common.sh
|
||||
@@ -0,0 +1,390 @@
|
||||
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
+#!/bin/bash
|
||||
+
|
||||
+TEST_ROOT=/opt/dim
|
||||
+TEST_DEMO_DIR=/opt/dim/demo
|
||||
+TEST_DEMO_BPRM=$TEST_DEMO_DIR/dim_test_demo
|
||||
+
|
||||
+TEST_LOG=log
|
||||
+DIM_CORE_PATH=/root/dim/dim_core.ko
|
||||
+DIM_MONITOR_PATH=/root/dim/dim_monitor.ko
|
||||
+
|
||||
+DIM_BASELINE_DIR_PATH=/etc/dim/digest_list
|
||||
+DIM_POLICY_PATH=/etc/dim/policy
|
||||
+
|
||||
+DIM_KERNEL_NAME="/boot/vmlinuz-*.$(arch)"
|
||||
+
|
||||
+TEST_MODULE_DIR=test_module
|
||||
+DIM_MOD_NAME=dim_test_module_demo
|
||||
+DIM_TEST_MOD_DEMO=$TEST_MODULE_DIR/dim_test_module_demo.ko
|
||||
+
|
||||
+DIM_TEST_MOD_DEMO_C=$TEST_MODULE_DIR/dim_test_module_demo.c
|
||||
+DIM_TEST_MOD_DEMO_TAMPER_C=$TEST_MODULE_DIR/dim_test_module_demo_tamper.c
|
||||
+
|
||||
+TEST_RESULT=0
|
||||
+
|
||||
+dim_core_status() {
|
||||
+ cat /sys/kernel/security/dim/runtime_status
|
||||
+}
|
||||
+
|
||||
+dim_core_baseline() {
|
||||
+ echo 1 > /sys/kernel/security/dim/baseline_init
|
||||
+}
|
||||
+
|
||||
+dim_core_measure() {
|
||||
+ echo 1 > /sys/kernel/security/dim/measure
|
||||
+}
|
||||
+
|
||||
+dim_core_measure_log() {
|
||||
+ cat /sys/kernel/security/dim/ascii_runtime_measurements
|
||||
+}
|
||||
+
|
||||
+dim_monitor_baseline() {
|
||||
+ echo 1 > /sys/kernel/security/dim/monitor_baseline
|
||||
+}
|
||||
+
|
||||
+dim_monitor_measure() {
|
||||
+ echo 1 > /sys/kernel/security/dim/monitor_run
|
||||
+}
|
||||
+
|
||||
+dim_monitor_measure_log() {
|
||||
+ cat /sys/kernel/security/dim/monitor_ascii_runtime_measurements
|
||||
+}
|
||||
+
|
||||
+remove_dim_modules() {
|
||||
+ # clean loaded modules
|
||||
+ rmmod -f dim_monitor &> /dev/null
|
||||
+ rmmod -f dim_core &> /dev/null
|
||||
+ lsmod | grep -E 'dim_core|dim_monitor' &> /dev/null
|
||||
+ if [ $? -eq 0 ]; then
|
||||
+ echo "fail to remove dim modules!" >> $TEST_LOG
|
||||
+ exit 1
|
||||
+ fi
|
||||
+}
|
||||
+
|
||||
+load_dim_modules () {
|
||||
+ remove_dim_modules
|
||||
+ load_dim_core_modules $1
|
||||
+ load_dim_monitor_modules $2
|
||||
+}
|
||||
+
|
||||
+load_dim_core_modules () {
|
||||
+ # load dim_core module
|
||||
+ if [ ! $DIM_CORE_PATH ]; then
|
||||
+ modprobe dim_core $1
|
||||
+ else
|
||||
+ insmod $DIM_CORE_PATH $1
|
||||
+ fi
|
||||
+
|
||||
+ if [ $? -ne 0 ]; then
|
||||
+ echo "fail to load dim_core!"
|
||||
+ exit 1
|
||||
+ fi
|
||||
+}
|
||||
+
|
||||
+load_dim_monitor_modules () {
|
||||
+ # load dim_monitor module
|
||||
+ if [ ! $DIM_MONITOR_PATH ]; then
|
||||
+ modprobe dim_monitor $1
|
||||
+ else
|
||||
+ insmod $DIM_MONITOR_PATH $1
|
||||
+ fi
|
||||
+
|
||||
+ if [ $? -ne 0 ]; then
|
||||
+ echo "fail to load dim_monitor!"
|
||||
+ exit 1
|
||||
+ fi
|
||||
+}
|
||||
+
|
||||
+dim_backup_baseline_and_policy() {
|
||||
+ if [ -d $DIM_BASELINE_DIR_PATH ]; then
|
||||
+ mv $DIM_BASELINE_DIR_PATH $DIM_BASELINE_DIR_PATH.bak
|
||||
+ fi
|
||||
+
|
||||
+ if [ -f $DIM_POLICY_PATH ]; then
|
||||
+ mv $DIM_POLICY_PATH $DIM_POLICY_PATH.bak
|
||||
+ fi
|
||||
+}
|
||||
+
|
||||
+dim_restore_baseline_and_policy() {
|
||||
+ if [ -d $DIM_BASELINE_DIR_PATH.bak ]; then
|
||||
+ rm -rf $DIM_BASELINE_DIR_PATH
|
||||
+ mv $DIM_BASELINE_DIR_PATH.bak $DIM_BASELINE_DIR_PATH
|
||||
+ fi
|
||||
+
|
||||
+ if [ -f $DIM_POLICY_PATH.bak ]; then
|
||||
+ mv -f $DIM_POLICY_PATH.bak $DIM_POLICY_PATH
|
||||
+ fi
|
||||
+}
|
||||
+
|
||||
+dim_gen_baseline_file() {
|
||||
+ mkdir -p $DIM_BASELINE_DIR_PATH
|
||||
+ if [ -z $2 ]; then
|
||||
+ dim_gen_baseline $1
|
||||
+ else
|
||||
+ dim_gen_baseline $1 -o "$DIM_BASELINE_DIR_PATH/$2"
|
||||
+ fi
|
||||
+}
|
||||
+
|
||||
+dim_gen_baseline_dir() {
|
||||
+ mkdir -p $DIM_BASELINE_DIR_PATH
|
||||
+ dim_gen_baseline -r $1 -o $DIM_BASELINE_DIR_PATH/$2
|
||||
+}
|
||||
+
|
||||
+dim_gen_baseline_kerenl() {
|
||||
+ mkdir -p $DIM_BASELINE_DIR_PATH
|
||||
+ if [ -z $1 ]; then
|
||||
+ dim_gen_baseline -k "$(uname -r)" $DIM_KERNEL_NAME
|
||||
+ else
|
||||
+ dim_gen_baseline -k "$(uname -r)" -o $DIM_BASELINE_DIR_PATH/$1 $DIM_KERNEL_NAME
|
||||
+ fi
|
||||
+}
|
||||
+
|
||||
+DIM_BASELINE_DIR_ALL=("/usr/bin" "/usr/sbin" "/usr/lib64" "/usr/libexec" "/usr/lib")
|
||||
+
|
||||
+dim_gen_baseline_all() {
|
||||
+ if [ $1 ]; then
|
||||
+ digest_algorithm="-a sm3"
|
||||
+ else
|
||||
+ digest_algorithm=""
|
||||
+ fi
|
||||
+
|
||||
+ mkdir -p /etc/dim/digest_list
|
||||
+ for baseline_file in "${DIM_BASELINE_DIR_ALL[@]}"; do
|
||||
+ dim_gen_baseline $digest_algorithm -r $baseline_file -o "$DIM_BASELINE_DIR_PATH/${baseline_file##*/}.hash"
|
||||
+ done
|
||||
+ dim_gen_baseline $digest_algorithm -k "$(uname -r)" -o $DIM_BASELINE_DIR_PATH/kernel.hash $DIM_KERNEL_NAME
|
||||
+}
|
||||
+
|
||||
+
|
||||
+dim_gen_policy_bprm_path() {
|
||||
+ echo "measure obj=BPRM_TEXT path=$1" >> $DIM_POLICY_PATH
|
||||
+}
|
||||
+
|
||||
+dim_gen_policy_module_name() {
|
||||
+ echo "measure obj=MODULE_TEXT name=$1" >> $DIM_POLICY_PATH
|
||||
+}
|
||||
+
|
||||
+dim_gen_policy_kernel() {
|
||||
+ echo "measure obj=KERNEL_TEXT" >> $DIM_POLICY_PATH
|
||||
+}
|
||||
+
|
||||
+dim_gen_policy_all() {
|
||||
+ rm -f $DIM_POLICY_PATH
|
||||
+ cat $DIM_BASELINE_DIR_PATH/* | awk '{print $4}' | while read line; do
|
||||
+ if [[ "$line" == /* ]]; then
|
||||
+ echo "measure obj=BPRM_TEXT path=$line" >> $DIM_POLICY_PATH
|
||||
+ continue
|
||||
+ fi
|
||||
+ if [ "$line" == "$(uname -r)" ]; then
|
||||
+ echo "measure obj=KERNEL_TEXT" >> $DIM_POLICY_PATH
|
||||
+ continue
|
||||
+ fi
|
||||
+ if [ "$line" != "$(uname -r)" ]; then
|
||||
+ echo "measure obj=MODULE_TEXT name=$(basename $line)" >> $DIM_POLICY_PATH
|
||||
+ fi
|
||||
+ done
|
||||
+ sed -i '/dim_core/d' $DIM_POLICY_PATH
|
||||
+ sed -i '/dim_monitor/d' $DIM_POLICY_PATH
|
||||
+}
|
||||
+
|
||||
+dim_gen_cert() {
|
||||
+ mkdir -p $TEST_ROOT/cert/
|
||||
+ openssl genrsa -out $TEST_ROOT/cert/dim.key 4096 &>> $TEST_LOG
|
||||
+ openssl req -new -sha256 -key $TEST_ROOT/cert/dim.key -out $TEST_ROOT/cert/dim.csr -subj "/C=AA/ST=BB/O=CC/OU=DD/CN=DIM" &>> $TEST_LOG
|
||||
+ openssl x509 -req -days 3650 -signkey $TEST_ROOT/cert/dim.key -in $TEST_ROOT/cert/dim.csr -out $TEST_ROOT/cert/dim.crt &>> $TEST_LOG
|
||||
+ openssl x509 -in $TEST_ROOT/cert/dim.crt -out $TEST_ROOT/cert/dim.der -outform DER &>> $TEST_LOG
|
||||
+ mkdir -p /etc/keys
|
||||
+ cp $TEST_ROOT/cert/dim.der /etc/keys/x509_dim.der
|
||||
+}
|
||||
+
|
||||
+dim_gen_signature() {
|
||||
+ openssl dgst -sha256 -out $DIM_POLICY_PATH.sig -sign $TEST_ROOT/cert/dim.key $DIM_POLICY_PATH
|
||||
+ for file in $(ls $DIM_BASELINE_DIR_PATH | grep .hash); do
|
||||
+ openssl dgst -sha256 -out $DIM_BASELINE_DIR_PATH/$file.sig -sign $TEST_ROOT/cert/dim.key $DIM_BASELINE_DIR_PATH/$file
|
||||
+ done
|
||||
+}
|
||||
+
|
||||
+dim_baseline_to_measure_log() {
|
||||
+ name="$(echo "$1" | awk '{print $4}')"
|
||||
+ if [[ $name == $(uname -r)/* ]]; then
|
||||
+ name="$(basename $name)"
|
||||
+ fi
|
||||
+
|
||||
+ echo "$(echo "$1" | awk '{print $3}') $name"
|
||||
+}
|
||||
+
|
||||
+tamper_dim_test_demo() {
|
||||
+ gcc dim_test_demo_tamper.c -o $TEST_DEMO_DIR/dim_test_demo
|
||||
+}
|
||||
+
|
||||
+tamper_dim_test_mod_demo() {
|
||||
+ rm -f $TEST_MODULE_DIR/$DIM_MOD_NAME.o
|
||||
+ mv $DIM_TEST_MOD_DEMO_C $DIM_TEST_MOD_DEMO_C.bak
|
||||
+ mv $DIM_TEST_MOD_DEMO_TAMPER_C $DIM_TEST_MOD_DEMO_C
|
||||
+ cd $TEST_MODULE_DIR
|
||||
+ make > /dev/null
|
||||
+ cd ..
|
||||
+}
|
||||
+
|
||||
+tamper_dim_test_mod_demo_end() {
|
||||
+ rm -f $TEST_MODULE_DIR/$DIM_MOD_NAME.o
|
||||
+ mv $DIM_TEST_MOD_DEMO_C $DIM_TEST_MOD_DEMO_TAMPER_C
|
||||
+ mv $DIM_TEST_MOD_DEMO_C.bak $DIM_TEST_MOD_DEMO_C
|
||||
+}
|
||||
+
|
||||
+gen_dim_test_demo() {
|
||||
+ gcc dim_test_demo.c -o $TEST_DEMO_BPRM
|
||||
+ dim_gen_baseline_file $TEST_DEMO_BPRM test.hash
|
||||
+ dim_gen_policy_bprm_path $TEST_DEMO_BPRM
|
||||
+}
|
||||
+
|
||||
+gen_dim_test_mod_demo() {
|
||||
+ rm -f $TEST_MODULE_DIR/$DIM_MOD_NAME.o
|
||||
+ cd $TEST_MODULE_DIR
|
||||
+ make > /dev/null
|
||||
+ cd ..
|
||||
+ dim_gen_baseline_file $DIM_TEST_MOD_DEMO test.hash
|
||||
+ dim_gen_policy_module_name $DIM_MOD_NAME
|
||||
+}
|
||||
+
|
||||
+measure_log_tampered() {
|
||||
+ if [ $2 ]; then
|
||||
+ echo "$1 \[tampered\]"
|
||||
+ else
|
||||
+ baseline="$(dim_gen_baseline_file $1)"
|
||||
+ echo "$(dim_baseline_to_measure_log "$baseline") \[tampered\]"
|
||||
+ fi
|
||||
+}
|
||||
+
|
||||
+measure_log_static() {
|
||||
+ if [ $2 ]; then
|
||||
+ baseline="$(dim_gen_baseline_kerenl)"
|
||||
+ echo "$(dim_baseline_to_measure_log "$baseline") \[static baseline\]"
|
||||
+ else
|
||||
+ baseline="$(dim_gen_baseline_file $1)"
|
||||
+ echo "$(dim_baseline_to_measure_log "$baseline") \[static baseline\]"
|
||||
+ fi
|
||||
+}
|
||||
+
|
||||
+measure_log_no_static() {
|
||||
+ if [ $2 ]; then
|
||||
+ echo "$1 \[no static baseline\]"
|
||||
+ else
|
||||
+ baseline="$(dim_gen_baseline_file $1)"
|
||||
+ echo "$(dim_baseline_to_measure_log "$baseline") \[no static baseline\]"
|
||||
+ fi
|
||||
+}
|
||||
+
|
||||
+check_dim_measure_log_match() {
|
||||
+ if [ "$2" == "dim_monitor_measure_log" ]; then
|
||||
+ dim_monitor_measure_log | grep "$1" &> /dev/null
|
||||
+ else
|
||||
+ dim_core_measure_log | grep "$1" &> /dev/null
|
||||
+ fi
|
||||
+
|
||||
+ if [ $? -ne 0 ]; then
|
||||
+ echo "check fail:" >> $TEST_LOG
|
||||
+ echo " get measure log: $($2)" >> $TEST_LOG
|
||||
+ echo " want measure log: $1" >> $TEST_LOG
|
||||
+ TEST_RESULT=1
|
||||
+ return 1
|
||||
+ fi
|
||||
+
|
||||
+ echo "check ok: measure log has $1" >> $TEST_LOG
|
||||
+}
|
||||
+
|
||||
+check_dim_measure_log_length() {
|
||||
+ if [ $($2 | wc -l) -ne $1 ]; then
|
||||
+ echo "check fail: measure log length is not $1" >> $TEST_LOG
|
||||
+ TEST_RESULT=1
|
||||
+ return 1
|
||||
+ fi
|
||||
+
|
||||
+ echo "check ok: measure log length is $1" >> $TEST_LOG
|
||||
+}
|
||||
+
|
||||
+check_dim_measure_log_not_contain() {
|
||||
+ if [ "$2" == "dim_monitor_measure_log" ]; then
|
||||
+ dim_monitor_measure_log | grep "$1" &> /dev/null
|
||||
+ else
|
||||
+ dim_core_measure_log | grep "$1" &> /dev/null
|
||||
+ fi
|
||||
+ if [ $? -eq 0 ]; then
|
||||
+ echo "check fail"
|
||||
+ TEST_RESULT=1
|
||||
+ return 1
|
||||
+ fi
|
||||
+
|
||||
+ echo "check ok: measure log hasn't $1" >> $TEST_LOG
|
||||
+}
|
||||
+
|
||||
+check_dim_core_log_normal() {
|
||||
+ dim_core_baseline
|
||||
+ check_dim_measure_log_not_contain "\[no static baseline\]" "dim_core_measure_log"
|
||||
+ check_dim_measure_log_not_contain "\[tampered\]" "dim_core_measure_log"
|
||||
+ dim_core_measure
|
||||
+ check_dim_measure_log_not_contain "\[no static baseline\]" "dim_core_measure_log"
|
||||
+ check_dim_measure_log_not_contain "\[tampered\]" "dim_core_measure_log"
|
||||
+}
|
||||
+
|
||||
+check_dim_monitor_log_normal() {
|
||||
+ dim_monitor_baseline
|
||||
+ check_dim_measure_log_length 2 "dim_monitor_measure_log"
|
||||
+ check_dim_measure_log_not_contain "\[tampered\]" "dim_monitor_measure_log"
|
||||
+ dim_monitor_measure
|
||||
+ check_dim_measure_log_length 2 "dim_monitor_measure_log"
|
||||
+ check_dim_measure_log_not_contain "\[tampered\]" "dim_monitor_measure_log"
|
||||
+}
|
||||
+
|
||||
+check_dim_monitor_log_tampered() {
|
||||
+ dim_core_baseline
|
||||
+ dim_monitor_measure
|
||||
+ check_dim_measure_log_length 3 "dim_monitor_measure_log"
|
||||
+ check_dim_measure_log_match "dim_core.data \[tampered\]" "dim_monitor_measure_log"
|
||||
+}
|
||||
+
|
||||
+run_dim_core_baseline_and_check_log() {
|
||||
+ dim_core_baseline
|
||||
+ check_dim_measure_log_length "$2" "dim_core_measure_log"
|
||||
+ check_dim_measure_log_match "$1" "dim_core_measure_log"
|
||||
+}
|
||||
+
|
||||
+run_dim_core_measure_and_check_log() {
|
||||
+ dim_core_measure
|
||||
+ check_dim_measure_log_length "$2" "dim_core_measure_log"
|
||||
+ check_dim_measure_log_match "$1" "dim_core_measure_log"
|
||||
+}
|
||||
+
|
||||
+run_dim_core_and_check_log() {
|
||||
+ if [ "$1" = "baseline" ]; then
|
||||
+ run_dim_core_baseline_and_check_log "$2" "$3"
|
||||
+ if [ $4 ]; then
|
||||
+ kill $4
|
||||
+ fi
|
||||
+ elif [ "$1" = "measure" ]; then
|
||||
+ run_dim_core_measure_and_check_log "$2" "$3"
|
||||
+ if [ $4 ]; then
|
||||
+ kill $4
|
||||
+ fi
|
||||
+ else
|
||||
+ run_dim_core_baseline_and_check_log "$1" "$2"
|
||||
+ run_dim_core_measure_and_check_log "$3" "$4"
|
||||
+ if [ $5 ]; then
|
||||
+ kill $5
|
||||
+ fi
|
||||
+ fi
|
||||
+}
|
||||
+
|
||||
+test_pre() {
|
||||
+ mkdir -p $TEST_DEMO_DIR
|
||||
+ gcc dim_test_demo.c -o $TEST_DEMO_DIR/dim_test_demo
|
||||
+ dim_backup_baseline_and_policy
|
||||
+ load_dim_modules
|
||||
+}
|
||||
+
|
||||
+test_post() {
|
||||
+ remove_dim_modules
|
||||
+ dim_restore_baseline_and_policy
|
||||
+}
|
||||
+
|
||||
diff --git a/test/dim_test_demo.c b/test/dim_test_demo.c
|
||||
new file mode 100644
|
||||
index 0000000..113fc3d
|
||||
--- /dev/null
|
||||
+++ b/test/dim_test_demo.c
|
||||
@@ -0,0 +1,12 @@
|
||||
+/*
|
||||
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
+ */
|
||||
+
|
||||
+#include <stdio.h>
|
||||
+
|
||||
+int main()
|
||||
+{
|
||||
+ printf("dim_test_demo\n");
|
||||
+ while (1);
|
||||
+ return 0;
|
||||
+}
|
||||
diff --git a/test/dim_test_demo_tamper.c b/test/dim_test_demo_tamper.c
|
||||
new file mode 100644
|
||||
index 0000000..7f95775
|
||||
--- /dev/null
|
||||
+++ b/test/dim_test_demo_tamper.c
|
||||
@@ -0,0 +1,13 @@
|
||||
+/*
|
||||
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
+ */
|
||||
+
|
||||
+#include <stdio.h>
|
||||
+
|
||||
+int main()
|
||||
+{
|
||||
+ printf("dim_test_demo");
|
||||
+ printf("_tamper\n");
|
||||
+ while (1);
|
||||
+ return 0;
|
||||
+}
|
||||
diff --git a/test/test_dim_core.sh b/test/test_dim_core.sh
|
||||
new file mode 100644
|
||||
index 0000000..01fa2b9
|
||||
--- /dev/null
|
||||
+++ b/test/test_dim_core.sh
|
||||
@@ -0,0 +1,145 @@
|
||||
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
+#!/bin/bash
|
||||
+
|
||||
+. ./common.sh
|
||||
+
|
||||
+test_measure_bprm_text_normal() {
|
||||
+ gen_dim_test_demo
|
||||
+ $TEST_DEMO_DIR/dim_test_demo > /dev/null & pid=$!
|
||||
+ # test
|
||||
+ run_dim_core_and_check_log "$(measure_log_static $TEST_DEMO_BPRM)" 1 "$(measure_log_static $TEST_DEMO_BPRM)" 1 $pid
|
||||
+}
|
||||
+
|
||||
+test_measure_bprm_text_no_baseline() {
|
||||
+ gen_dim_test_demo
|
||||
+ $TEST_DEMO_DIR/dim_test_demo > /dev/null & pid=$!
|
||||
+ # remove baseline
|
||||
+ rm -f $DIM_BASELINE_DIR_PATH/test.hash
|
||||
+ # test
|
||||
+ run_dim_core_and_check_log "$(measure_log_no_static $TEST_DEMO_BPRM)" 1 "$(measure_log_no_static $TEST_DEMO_BPRM)" 1 $pid
|
||||
+}
|
||||
+
|
||||
+test_measure_bprm_text_tamper_1() {
|
||||
+ # prepare
|
||||
+ gen_dim_test_demo
|
||||
+ tamper_dim_test_demo
|
||||
+ $TEST_DEMO_DIR/dim_test_demo > /dev/null & pid=$!
|
||||
+ # test
|
||||
+ run_dim_core_and_check_log "$(measure_log_tampered $TEST_DEMO_BPRM)" 1 "$(measure_log_tampered $TEST_DEMO_BPRM)" 1 $pid
|
||||
+}
|
||||
+
|
||||
+test_measure_bprm_text_tamper_2() {
|
||||
+ # prepare
|
||||
+ gen_dim_test_demo
|
||||
+ $TEST_DEMO_DIR/dim_test_demo > /dev/null & pid=$!
|
||||
+ # test baseline
|
||||
+ run_dim_core_and_check_log baseline "$(measure_log_static $TEST_DEMO_BPRM)" 1 $pid
|
||||
+ # tamper dim_test_demo
|
||||
+ tamper_dim_test_demo
|
||||
+ $TEST_DEMO_DIR/dim_test_demo > /dev/null & pid=$!
|
||||
+ # test measure
|
||||
+ run_dim_core_and_check_log measure "$(measure_log_tampered $TEST_DEMO_BPRM)" 2 $pid
|
||||
+
|
||||
+ kill $pid
|
||||
+}
|
||||
+
|
||||
+test_measure_kernel_normal() {
|
||||
+ dim_gen_policy_kernel
|
||||
+ dim_gen_baseline_kerenl test.hash
|
||||
+
|
||||
+ run_dim_core_and_check_log "$(measure_log_static $DIM_KERNEL_NAME "kernel")" 1 "$(measure_log_static $DIM_KERNEL_NAME "kernel")" 1
|
||||
+}
|
||||
+
|
||||
+test_measure_module_text_normal() {
|
||||
+ gen_dim_test_mod_demo
|
||||
+ insmod $DIM_TEST_MOD_DEMO
|
||||
+ run_dim_core_and_check_log "$(measure_log_static $DIM_TEST_MOD_DEMO)" 1 "$(measure_log_static $DIM_TEST_MOD_DEMO)" 1
|
||||
+ rmmod $DIM_TEST_MOD_DEMO
|
||||
+}
|
||||
+
|
||||
+test_measure_module_text_no_baseline() {
|
||||
+ gen_dim_test_mod_demo
|
||||
+ insmod $DIM_TEST_MOD_DEMO
|
||||
+
|
||||
+ # remove baseline
|
||||
+ rm -f $DIM_BASELINE_DIR_PATH/test.hash
|
||||
+
|
||||
+ run_dim_core_and_check_log "$(measure_log_no_static $DIM_MOD_NAME "mod_no_static")" 1 "$(measure_log_no_static $DIM_MOD_NAME "mod_no_static")" 1
|
||||
+ rmmod $DIM_TEST_MOD_DEMO
|
||||
+}
|
||||
+
|
||||
+test_measure_module_text_tamper() {
|
||||
+ gen_dim_test_mod_demo
|
||||
+ insmod $DIM_TEST_MOD_DEMO
|
||||
+
|
||||
+ run_dim_core_and_check_log baseline "$(measure_log_static $DIM_TEST_MOD_DEMO)" 1
|
||||
+ rmmod $DIM_TEST_MOD_DEMO
|
||||
+ tamper_dim_test_mod_demo
|
||||
+ insmod $DIM_TEST_MOD_DEMO
|
||||
+ run_dim_core_and_check_log measure "$(measure_log_tampered $DIM_MOD_NAME "module_tampered")" 2
|
||||
+ rmmod $DIM_TEST_MOD_DEMO
|
||||
+ tamper_dim_test_mod_demo_end
|
||||
+}
|
||||
+
|
||||
+test_measure_all_text_normal() {
|
||||
+ dim_gen_baseline_all
|
||||
+ dim_gen_policy_all
|
||||
+ check_dim_core_log_normal
|
||||
+}
|
||||
+
|
||||
+test_measure_all_text_normal_sm3() {
|
||||
+ dim_gen_baseline_all 1
|
||||
+ dim_gen_policy_all
|
||||
+ load_dim_modules "measure_hash=sm3"
|
||||
+ check_dim_core_log_normal
|
||||
+}
|
||||
+
|
||||
+test_measure_all_text_normal_sign() {
|
||||
+ dim_gen_baseline_all
|
||||
+ dim_gen_policy_all
|
||||
+ dim_gen_cert
|
||||
+ dim_gen_signature
|
||||
+ load_dim_modules "signature=on"
|
||||
+ check_dim_core_log_normal
|
||||
+}
|
||||
+
|
||||
+POLICY_INVALID="measure1 obj=BPRM_TEXT path=/opt/dim/demo/dim_test_demo\n\
|
||||
+measure obj1=BPRM_TEXT path=/opt/dim/demo/dim_test_demo\n\
|
||||
+measure obj=BPRM_TEXT1 path=/opt/dim/demo/dim_test_demo\n\
|
||||
+measure obj=BPRM_TEXT name=/opt/dim/demo/dim_test_demo\n\
|
||||
+measure obj=MODULE_TEXT path=$(head -c 4096 < /dev/zero | tr '\0' '\141')\n"
|
||||
+
|
||||
+test_invalid_policy() {
|
||||
+ IFS=$'\n'
|
||||
+ for policy in $(echo -e $POLICY_INVALID); do
|
||||
+ echo "$policy" > $DIM_POLICY_PATH
|
||||
+ dim_core_baseline
|
||||
+ dim_core_status
|
||||
+ done &>> $TEST_LOG
|
||||
+}
|
||||
+
|
||||
+# Full measurement. The test is disabled by default.
|
||||
+# test_measure_all_text_normal \
|
||||
+# test_measure_all_text_normal_sm3 \
|
||||
+# test_measure_all_text_normal_sign \
|
||||
+case_list="test_measure_bprm_text_normal \
|
||||
+ test_measure_bprm_text_no_baseline \
|
||||
+ test_measure_bprm_text_tamper_1 \
|
||||
+ test_measure_bprm_text_tamper_2 \
|
||||
+ test_measure_module_text_normal \
|
||||
+ test_measure_module_text_no_baseline \
|
||||
+ test_measure_module_text_tamper \
|
||||
+ test_measure_kernel_normal \
|
||||
+ test_invalid_policy"
|
||||
+
|
||||
+for case in $case_list; do
|
||||
+ test_pre
|
||||
+ $case
|
||||
+ if [ $TEST_RESULT -eq 0 ]; then
|
||||
+ echo "$case PASS"
|
||||
+ else
|
||||
+ echo "$case FAIL"
|
||||
+ fi
|
||||
+ test_post
|
||||
+done
|
||||
+
|
||||
diff --git a/test/test_dim_monitor.sh b/test/test_dim_monitor.sh
|
||||
new file mode 100644
|
||||
index 0000000..b4a1ea8
|
||||
--- /dev/null
|
||||
+++ b/test/test_dim_monitor.sh
|
||||
@@ -0,0 +1,32 @@
|
||||
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
+#!/bin/bash
|
||||
+
|
||||
+. ./common.sh
|
||||
+
|
||||
+test_measure_monitor_normal() {
|
||||
+ dim_gen_baseline_all
|
||||
+ dim_gen_policy_all
|
||||
+ check_dim_core_log_normal
|
||||
+ check_dim_monitor_log_normal
|
||||
+}
|
||||
+
|
||||
+test_measure_monitor_tamper() {
|
||||
+ test_measure_monitor_normal
|
||||
+ check_dim_monitor_log_tampered
|
||||
+}
|
||||
+
|
||||
+# Full measurement. The test is disabled by default.
|
||||
+# case_list="test_measure_monitor_normal \
|
||||
+# test_measure_monitor_tamper"
|
||||
+case_list=""
|
||||
+
|
||||
+for case in $case_list; do
|
||||
+ test_pre
|
||||
+ $case
|
||||
+ if [ $TEST_RESULT -eq 0 ]; then
|
||||
+ echo "$case PASS"
|
||||
+ else
|
||||
+ echo "$case FAIL"
|
||||
+ fi
|
||||
+ test_post
|
||||
+done
|
||||
diff --git a/test/test_module/Makefile b/test/test_module/Makefile
|
||||
new file mode 100644
|
||||
index 0000000..4255525
|
||||
--- /dev/null
|
||||
+++ b/test/test_module/Makefile
|
||||
@@ -0,0 +1,16 @@
|
||||
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
+
|
||||
+obj-m := dim_test_module_demo.o
|
||||
+
|
||||
+KERNEL := $(DESTDIR)/lib/modules/$(shell uname -r)/build
|
||||
+CONFIG_MODULE_SIG=n
|
||||
+
|
||||
+PWD := $(shell pwd)
|
||||
+
|
||||
+modules :
|
||||
+ $(MAKE) -C $(KERNEL) M=$(PWD) modules
|
||||
+
|
||||
+.PHONEY:clean
|
||||
+
|
||||
+clean :
|
||||
+ $(MAKE) -C $(KERNEL) SUBDIRS=$(PWD) clean
|
||||
diff --git a/test/test_module/dim_test_module_demo.c b/test/test_module/dim_test_module_demo.c
|
||||
new file mode 100644
|
||||
index 0000000..3303365
|
||||
--- /dev/null
|
||||
+++ b/test/test_module/dim_test_module_demo.c
|
||||
@@ -0,0 +1,20 @@
|
||||
+/*
|
||||
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
+ */
|
||||
+
|
||||
+#include <linux/module.h>
|
||||
+
|
||||
+static int test_mod_init(void)
|
||||
+{
|
||||
+ pr_info("init!\n");
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static void test_mod_exit(void)
|
||||
+{
|
||||
+ pr_info("exit!\n");
|
||||
+}
|
||||
+
|
||||
+module_init(test_mod_init);
|
||||
+module_exit(test_mod_exit);
|
||||
+MODULE_LICENSE("");
|
||||
diff --git a/test/test_module/dim_test_module_demo_tamper.c b/test/test_module/dim_test_module_demo_tamper.c
|
||||
new file mode 100644
|
||||
index 0000000..c443d7b
|
||||
--- /dev/null
|
||||
+++ b/test/test_module/dim_test_module_demo_tamper.c
|
||||
@@ -0,0 +1,23 @@
|
||||
+/*
|
||||
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
|
||||
+ */
|
||||
+
|
||||
+#include <linux/module.h>
|
||||
+
|
||||
+static int test_mod_init(void)
|
||||
+{
|
||||
+ int i = 0;
|
||||
+ i += 1;
|
||||
+ pr_info("%d\n", i);
|
||||
+ pr_info("init!\n");
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static void test_mod_exit(void)
|
||||
+{
|
||||
+ pr_info("exit!\n");
|
||||
+}
|
||||
+
|
||||
+module_init(test_mod_init);
|
||||
+module_exit(test_mod_exit);
|
||||
+MODULE_LICENSE("");
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,29 +0,0 @@
|
||||
From b515dc62636113d06ac524476da7c30fa3fd42b0 Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Thu, 9 May 2024 15:16:28 +0800
|
||||
Subject: [PATCH 10/28] dont kill the init process
|
||||
|
||||
---
|
||||
.../dim_core_measure_process/dim_core_measure_process.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c b/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
|
||||
index 643b661..e5e262a 100644
|
||||
--- a/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
|
||||
+++ b/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
|
||||
@@ -78,6 +78,12 @@ static int kill_task_tree(struct task_struct *tsk)
|
||||
const int def_size = 32;
|
||||
struct task_kill_ctx ctx = { .size = def_size };
|
||||
|
||||
+ if (tsk->pid == 1) {
|
||||
+ /* dont kill the init process */
|
||||
+ dim_warn("the pid of tampered task is 1, don't kill it\n");
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
ctx.buf = dim_kzalloc_gfp(def_size * sizeof(struct task_struct *));
|
||||
if (ctx.buf == NULL)
|
||||
return -ENOMEM;
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,45 +0,0 @@
|
||||
From 6f0a9e9a1ce574b5b2d28fbf986bf551d38b3832 Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Thu, 9 May 2024 15:56:17 +0800
|
||||
Subject: [PATCH 14/28] dont warp strncpy
|
||||
|
||||
---
|
||||
src/common/dim_baseline.c | 2 +-
|
||||
src/common/dim_safe_func.h | 10 +---------
|
||||
2 files changed, 2 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/src/common/dim_baseline.c b/src/common/dim_baseline.c
|
||||
index 3272ded..17c58dd 100644
|
||||
--- a/src/common/dim_baseline.c
|
||||
+++ b/src/common/dim_baseline.c
|
||||
@@ -106,7 +106,7 @@ int dim_baseline_add(struct dim_baseline_tree *root, const char *name,
|
||||
if (ret < 0)
|
||||
goto err;
|
||||
|
||||
- dim_strncpy((char *)baseline->name, name, buf_len - 1);
|
||||
+ strncpy((char *)baseline->name, name, buf_len - 1);
|
||||
((char *)baseline->name)[buf_len - 1] = '\0';
|
||||
|
||||
write_lock(&root->lock);
|
||||
diff --git a/src/common/dim_safe_func.h b/src/common/dim_safe_func.h
|
||||
index 15c716c..8cba7b2 100644
|
||||
--- a/src/common/dim_safe_func.h
|
||||
+++ b/src/common/dim_safe_func.h
|
||||
@@ -132,12 +132,4 @@ static inline int dim_strncmp(const char *cs, const char *ct, size_t count)
|
||||
return strncmp(cs, ct, count);
|
||||
}
|
||||
|
||||
-static inline char *dim_strncpy(char *dest, const char *src, size_t count)
|
||||
-{
|
||||
- if (dest == NULL || src == NULL)
|
||||
- return NULL;
|
||||
-
|
||||
- return strncpy(dest, src, count);
|
||||
-}
|
||||
-
|
||||
-#endif
|
||||
\ No newline at end of file
|
||||
+#endif
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,28 +0,0 @@
|
||||
From b43b4c3301ffd1ca27a0826db09465a3d90f5169 Mon Sep 17 00:00:00 2001
|
||||
From: jinlun <jinlun@huawei.com>
|
||||
Date: Mon, 29 Jan 2024 10:17:24 +0800
|
||||
Subject: [PATCH 10/26] fix build error in kernel-6.6
|
||||
|
||||
---
|
||||
src/core/dim_core_measure_task.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/core/dim_core_measure_task.c b/src/core/dim_core_measure_task.c
|
||||
index 0d9b995..6ab60d1 100644
|
||||
--- a/src/core/dim_core_measure_task.c
|
||||
+++ b/src/core/dim_core_measure_task.c
|
||||
@@ -223,7 +223,11 @@ static int update_vma_digest(struct vm_area_struct *vma_start,
|
||||
return -ENOMEM;
|
||||
|
||||
ret_pages = get_user_pages_remote(vma_start->vm_mm, addr_start, nr_pages,
|
||||
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(6,4,0)
|
||||
0, pages, NULL, NULL);
|
||||
+#else
|
||||
+ 0, pages, NULL);
|
||||
+#endif
|
||||
if (ret_pages < 0) {
|
||||
dim_err("failed to get vma pages: %ld\n", ret_pages);
|
||||
vfree(pages);
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,25 +0,0 @@
|
||||
From 0140b4eb57f2c434fed5357944bacb76a66c92ea Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Fri, 9 Feb 2024 19:39:40 +0800
|
||||
Subject: [PATCH 11/26] fix build error
|
||||
|
||||
---
|
||||
src/common/dim_baseline.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/common/dim_baseline.c b/src/common/dim_baseline.c
|
||||
index 4733705..09a2780 100644
|
||||
--- a/src/common/dim_baseline.c
|
||||
+++ b/src/common/dim_baseline.c
|
||||
@@ -105,7 +105,7 @@ int dim_baseline_add(struct dim_baseline_tree *root, const char *name,
|
||||
goto err;
|
||||
|
||||
strncpy((char *)baseline->name, name, buf_len - 1);
|
||||
- baseline->name[buf_len - 1] = '\0';
|
||||
+ ((char *)baseline->name)[buf_len - 1] = '\0';
|
||||
|
||||
write_lock(&root->lock);
|
||||
ret = dim_baseline_rb_add(&root->rb_root, baseline, NULL);
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,42 +0,0 @@
|
||||
From b313cae9712a5c13ad9617c39019693072372499 Mon Sep 17 00:00:00 2001
|
||||
From: jinlun <jinlun@huawei.com>
|
||||
Date: Mon, 17 Jun 2024 14:58:16 +0800
|
||||
Subject: [PATCH 03/14] fix double free in tpm
|
||||
|
||||
---
|
||||
src/common/dim_tpm.c | 4 +++-
|
||||
src/measure/dim_measure.c | 4 +++-
|
||||
2 files changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/common/dim_tpm.c b/src/common/dim_tpm.c
|
||||
index 6d3c255..35f3fac 100644
|
||||
--- a/src/common/dim_tpm.c
|
||||
+++ b/src/common/dim_tpm.c
|
||||
@@ -74,4 +74,6 @@ void dim_tpm_destroy(struct dim_tpm *tpm)
|
||||
|
||||
put_device(&tpm->chip->dev);
|
||||
dim_kfree(tpm->digests);
|
||||
-}
|
||||
\ No newline at end of file
|
||||
+ tpm->chip = NULL;
|
||||
+ tpm->digests = NULL;
|
||||
+}
|
||||
diff --git a/src/measure/dim_measure.c b/src/measure/dim_measure.c
|
||||
index dd35cb8..c40be0e 100644
|
||||
--- a/src/measure/dim_measure.c
|
||||
+++ b/src/measure/dim_measure.c
|
||||
@@ -44,8 +44,10 @@ int dim_measure_init(struct dim_measure *m, struct dim_measure_cfg *cfg)
|
||||
/* 2. init TPM, dont break if init fail */
|
||||
if (cfg->pcr > 0) {
|
||||
ret = dim_tpm_init(&m->tpm, HASH_ALGO_SHA256);
|
||||
- if (ret < 0)
|
||||
+ if (ret < 0) {
|
||||
+ cfg->pcr = 0;
|
||||
dim_warn("failed to init tpm chip: %d\n", ret);
|
||||
+ }
|
||||
} else {
|
||||
memset(&m->tpm, 0, sizeof(struct dim_tpm));
|
||||
}
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,30 +0,0 @@
|
||||
From 19a59c415c0360df06ccd540e1c9e847926f7fe4 Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Mon, 29 Apr 2024 22:41:47 +0800
|
||||
Subject: [PATCH 03/28] fix incorrect indent
|
||||
|
||||
---
|
||||
src/measure/dim_measure_status.c | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/measure/dim_measure_status.c b/src/measure/dim_measure_status.c
|
||||
index 28cfb43..e57e611 100644
|
||||
--- a/src/measure/dim_measure_status.c
|
||||
+++ b/src/measure/dim_measure_status.c
|
||||
@@ -18,10 +18,10 @@ const char *dim_measure_status_print(struct dim_measure *m)
|
||||
{
|
||||
int status = 0;
|
||||
|
||||
- if (m == NULL)
|
||||
- return status_name[MEASURE_STATUS_LAST];
|
||||
+ if (m == NULL)
|
||||
+ return status_name[MEASURE_STATUS_LAST];
|
||||
|
||||
- status = atomic_read(&m->status);
|
||||
+ status = atomic_read(&m->status);
|
||||
if (status < 0 || status >= MEASURE_STATUS_LAST)
|
||||
status = MEASURE_STATUS_LAST;
|
||||
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,67 +0,0 @@
|
||||
From 3c3197390d14cc94e3e0117969ab8c70d0976dd0 Mon Sep 17 00:00:00 2001
|
||||
From: jinlun <jinlun@huawei.com>
|
||||
Date: Mon, 17 Jun 2024 20:28:35 +0800
|
||||
Subject: [PATCH 07/14] fix resource clear in concurrent scenarios
|
||||
|
||||
---
|
||||
src/common/dim_entry.c | 13 ++++++++++++-
|
||||
src/core/dim_core_main.c | 2 +-
|
||||
2 files changed, 13 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/common/dim_entry.c b/src/common/dim_entry.c
|
||||
index a8dcae7..f2454ce 100644
|
||||
--- a/src/common/dim_entry.c
|
||||
+++ b/src/common/dim_entry.c
|
||||
@@ -4,9 +4,12 @@
|
||||
|
||||
#include <linux/err.h>
|
||||
#include <linux/security.h>
|
||||
+#include <linux/delay.h>
|
||||
|
||||
#include "dim_entry.h"
|
||||
|
||||
+#define WAIT_TIME_MAX 1000
|
||||
+
|
||||
int dim_entry_create(struct dim_entry *entry, struct dentry *parent)
|
||||
{
|
||||
int ret = 0;
|
||||
@@ -27,7 +30,15 @@ int dim_entry_create(struct dim_entry *entry, struct dentry *parent)
|
||||
|
||||
void dim_entry_remove(struct dim_entry *entry)
|
||||
{
|
||||
+ int time_ms = 0;
|
||||
+
|
||||
if (entry != NULL && entry->dentry != NULL) {
|
||||
+ while (d_is_dir(entry->dentry) &&
|
||||
+ !simple_empty(entry->dentry) &&
|
||||
+ time_ms < WAIT_TIME_MAX) {
|
||||
+ time_ms++;
|
||||
+ msleep(1);
|
||||
+ }
|
||||
securityfs_remove(entry->dentry);
|
||||
entry->dentry = NULL;
|
||||
}
|
||||
@@ -60,4 +71,4 @@ void dim_entry_remove_list(struct dim_entry **list, unsigned int len)
|
||||
|
||||
for (i = 0; i < len; i++)
|
||||
dim_entry_remove(list[i]);
|
||||
-}
|
||||
\ No newline at end of file
|
||||
+}
|
||||
diff --git a/src/core/dim_core_main.c b/src/core/dim_core_main.c
|
||||
index de18d66..d4cc870 100644
|
||||
--- a/src/core/dim_core_main.c
|
||||
+++ b/src/core/dim_core_main.c
|
||||
@@ -91,8 +91,8 @@ err:
|
||||
|
||||
static void __exit dim_core_exit(void)
|
||||
{
|
||||
- dim_core_measure_destroy();
|
||||
dim_core_destroy_fs();
|
||||
+ dim_core_measure_destroy();
|
||||
dim_mem_pool_destroy();
|
||||
|
||||
if (signature)
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,39 +0,0 @@
|
||||
From 1ca2bccf3608fafc95c32714127e8ff9c1fefbc4 Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Thu, 16 Nov 2023 15:03:47 +0800
|
||||
Subject: [PATCH 05/26] fix the magic number
|
||||
|
||||
---
|
||||
src/core/dim_core_measure.h | 2 ++
|
||||
src/core/dim_core_measure_kernel.c | 2 +-
|
||||
2 files changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/core/dim_core_measure.h b/src/core/dim_core_measure.h
|
||||
index c9abc4e..a379cf6 100644
|
||||
--- a/src/core/dim_core_measure.h
|
||||
+++ b/src/core/dim_core_measure.h
|
||||
@@ -17,6 +17,8 @@
|
||||
#define MEASURE_LOG_CAP_MAX (UINT_MAX)
|
||||
#define MEASURE_LOG_CAP_MIN (100)
|
||||
#define MEASURE_SCHEDULE_MAX (1000)
|
||||
+/* max size of x86 */
|
||||
+#define DIM_JUMP_LABEL_NOP_SIZE_MAX 5
|
||||
|
||||
struct vm_text_area {
|
||||
struct mm_struct *mm;
|
||||
diff --git a/src/core/dim_core_measure_kernel.c b/src/core/dim_core_measure_kernel.c
|
||||
index faaf59c..135899d 100644
|
||||
--- a/src/core/dim_core_measure_kernel.c
|
||||
+++ b/src/core/dim_core_measure_kernel.c
|
||||
@@ -78,7 +78,7 @@ static int do_calc_kernel_digest(uintptr_t saddr,
|
||||
#ifdef JUMP_LABEL_NOP_SIZE
|
||||
cur_addr = jump_code + JUMP_LABEL_NOP_SIZE;
|
||||
#else
|
||||
- cur_addr = jump_code + 5; // TODO
|
||||
+ cur_addr = jump_code + DIM_JUMP_LABEL_NOP_SIZE_MAX;
|
||||
#endif
|
||||
}
|
||||
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,113 +0,0 @@
|
||||
From 478e0745ff6e37c03aa98f0883a18f7749d0afb2 Mon Sep 17 00:00:00 2001
|
||||
From: jinlun <jinlun@huawei.com>
|
||||
Date: Mon, 17 Jun 2024 19:28:54 +0800
|
||||
Subject: [PATCH 04/14] fix trampoline
|
||||
|
||||
---
|
||||
src/common/dim_baseline.h | 2 ++
|
||||
.../dim_core_measure_process_elf.c | 33 +++++++++++++++++--
|
||||
2 files changed, 32 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/common/dim_baseline.h b/src/common/dim_baseline.h
|
||||
index 345b348..4292259 100644
|
||||
--- a/src/common/dim_baseline.h
|
||||
+++ b/src/common/dim_baseline.h
|
||||
@@ -15,6 +15,7 @@ enum dim_baseline_type {
|
||||
DIM_BASELINE_USER, /* baseline of user process */
|
||||
DIM_BASELINE_KERNEL, /* baseline of kernel or kernel modules */
|
||||
DIM_BASELINE_DATA,
|
||||
+ DIM_BASELINE_TRAMPOLINE,
|
||||
DIM_BASELINE_LAST,
|
||||
};
|
||||
|
||||
@@ -22,6 +23,7 @@ static const char *const dim_baseline_name[DIM_BASELINE_LAST] = {
|
||||
[DIM_BASELINE_USER] = "USER",
|
||||
[DIM_BASELINE_KERNEL] = "KERNEL",
|
||||
[DIM_BASELINE_DATA] = "DATA",
|
||||
+ [DIM_BASELINE_TRAMPOLINE] = "TRAMPOLINE",
|
||||
};
|
||||
|
||||
struct dim_baseline_tree {
|
||||
diff --git a/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c b/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c
|
||||
index 12040e2..df8d773 100644
|
||||
--- a/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c
|
||||
+++ b/src/core/tasks/dim_core_measure_process/dim_core_measure_process_elf.c
|
||||
@@ -222,7 +222,10 @@ static int get_elf_measure_area(struct file *elf_file,
|
||||
return ret;
|
||||
}
|
||||
|
||||
- // TODO
|
||||
+ /* check if it is no need to measure trampoline */
|
||||
+ if (shdr_trampoline == NULL)
|
||||
+ return 0;
|
||||
+
|
||||
ret = get_elf_section(elf_file, &ehdr, TRAMPOLINE_SECTION_NAME, shdr_trampoline);
|
||||
if (ret == 0)
|
||||
*shdr_trampoline_find = true;
|
||||
@@ -256,6 +259,14 @@ static int measure_elf_trampoline(struct vm_area_struct *vma,
|
||||
return ret;
|
||||
}
|
||||
|
||||
+ /* for baseline mode, add an extra dynamic baseline of trampoline */
|
||||
+ if (ctx->mode == DIM_BASELINE) {
|
||||
+ ret = dim_measure_dynamic_baseline_add(ctx->m, ctx->path,
|
||||
+ DIM_BASELINE_TRAMPOLINE, &digest);
|
||||
+ if (ret < 0)
|
||||
+ pr_warn("failed to add trampoline dynamic baseline\n");
|
||||
+ }
|
||||
+
|
||||
return ctx->check(&digest, ctx);
|
||||
}
|
||||
|
||||
@@ -295,6 +306,18 @@ static int measure_elf_text(struct vm_area_struct *vma,
|
||||
return ctx->check(&digest, ctx);
|
||||
}
|
||||
|
||||
+static bool trampoline_baseline_exist(struct task_measure_ctx *ctx)
|
||||
+{
|
||||
+ struct dim_digest digest = { 0 };
|
||||
+
|
||||
+ /* measure trampoline only the baseline is set */
|
||||
+ return ctx->mode == DIM_BASELINE ?
|
||||
+ (dim_measure_static_baseline_search(ctx->m, ctx->path,
|
||||
+ DIM_BASELINE_TRAMPOLINE, &digest) == 0) :
|
||||
+ (dim_measure_dynamic_baseline_search(ctx->m, ctx->path,
|
||||
+ DIM_BASELINE_TRAMPOLINE, &digest) == 0);
|
||||
+}
|
||||
+
|
||||
int measure_process_module_text_elf(struct vm_area_struct *vma,
|
||||
struct task_measure_ctx *ctx)
|
||||
{
|
||||
@@ -304,6 +327,7 @@ int measure_process_module_text_elf(struct vm_area_struct *vma,
|
||||
unsigned int phdrs_text_num = 0;
|
||||
struct elf_shdr shdr_trampoline = { 0 };
|
||||
bool shdr_trampoline_find = false;
|
||||
+ bool trampoline_baseline_existed = false;
|
||||
|
||||
if (vma == NULL || !vma_is_file_text(vma) || ctx == NULL
|
||||
|| ctx->m == NULL || ctx->check == NULL)
|
||||
@@ -314,8 +338,11 @@ int measure_process_module_text_elf(struct vm_area_struct *vma,
|
||||
return -ENOEXEC;
|
||||
}
|
||||
|
||||
+ trampoline_baseline_existed = trampoline_baseline_exist(ctx);
|
||||
+
|
||||
ret = get_elf_measure_area(elf_file, &phdrs_text, &phdrs_text_num,
|
||||
- &shdr_trampoline, &shdr_trampoline_find);
|
||||
+ trampoline_baseline_existed ? &shdr_trampoline : NULL,
|
||||
+ &shdr_trampoline_find);
|
||||
if (ret < 0) {
|
||||
dim_err("failed to get elf measure area from vma\n");
|
||||
return ret;
|
||||
@@ -331,7 +358,7 @@ int measure_process_module_text_elf(struct vm_area_struct *vma,
|
||||
return ret;
|
||||
}
|
||||
|
||||
- if (shdr_trampoline_find) {
|
||||
+ if (shdr_trampoline_find && trampoline_baseline_existed) {
|
||||
ret = measure_elf_trampoline(vma, base, &shdr_trampoline, ctx);
|
||||
if (ret < 0) {
|
||||
dim_err("failed to measure elf trampoline: %d\n", ret);
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,26 +0,0 @@
|
||||
From e5ad2b5264d67694eba932c247d78011da4fd308 Mon Sep 17 00:00:00 2001
|
||||
From: jinlun <jinlun@huawei.com>
|
||||
Date: Tue, 18 Jun 2024 09:25:44 +0800
|
||||
Subject: [PATCH 09/14] ignore return value if the measure log is limited
|
||||
|
||||
---
|
||||
src/measure/dim_measure_baseline.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/measure/dim_measure_baseline.c b/src/measure/dim_measure_baseline.c
|
||||
index b73b639..185a06e 100644
|
||||
--- a/src/measure/dim_measure_baseline.c
|
||||
+++ b/src/measure/dim_measure_baseline.c
|
||||
@@ -93,7 +93,8 @@ static int measure_log_add(struct dim_measure *m, const char *name,
|
||||
int ret = dim_measure_log_add(&m->log, name, digest, flag);
|
||||
if (ret < 0 && ret != -EEXIST) {
|
||||
dim_err("failed to add measure log of %s: %d\n", name, ret);
|
||||
- return ret;
|
||||
+ /* the measure log of this object has been limited */
|
||||
+ return ret == -ENOSPC ? 0 : ret;
|
||||
}
|
||||
|
||||
return 0;
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,28 +0,0 @@
|
||||
From 849a1ffebc606304e8a47aaa1dac9001873ffff9 Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Thu, 9 May 2024 15:31:46 +0800
|
||||
Subject: [PATCH 11/28] set dim_work_queue to NULL after fail branch
|
||||
|
||||
---
|
||||
src/core/dim_core_measure.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/core/dim_core_measure.c b/src/core/dim_core_measure.c
|
||||
index 6b8cd49..2ccd1a1 100644
|
||||
--- a/src/core/dim_core_measure.c
|
||||
+++ b/src/core/dim_core_measure.c
|
||||
@@ -247,8 +247,10 @@ int dim_core_measure_init(struct dim_measure_cfg *cfg, unsigned int interval)
|
||||
return 0;
|
||||
err:
|
||||
dim_measure_destroy(&dim_core_handle);
|
||||
- if (dim_work_queue != NULL)
|
||||
+ if (dim_work_queue != NULL) {
|
||||
destroy_workqueue(dim_work_queue);
|
||||
+ dim_work_queue = NULL;
|
||||
+ }
|
||||
|
||||
return ret;
|
||||
}
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,567 +0,0 @@
|
||||
From 1b6ab8135e1b2f4f5d0f4ce559f46bc8d71022b6 Mon Sep 17 00:00:00 2001
|
||||
From: xuyongliang_01 <xuyongliang_yewu@cmss.chinamobile.com>
|
||||
Date: Wed, 6 Dec 2023 09:55:20 +0800
|
||||
Subject: [PATCH 07/26] some word
|
||||
|
||||
---
|
||||
src/core/dim_core_baseline.c | 8 ++++----
|
||||
src/core/dim_core_fs.c | 2 +-
|
||||
src/core/dim_core_main.c | 10 +++++-----
|
||||
src/core/dim_core_measure.c | 24 ++++++++++++------------
|
||||
src/core/dim_core_measure_common.c | 2 +-
|
||||
src/core/dim_core_measure_kernel.c | 8 ++++----
|
||||
src/core/dim_core_measure_task.c | 20 ++++++++++----------
|
||||
src/core/dim_core_mem_pool.c | 12 ++++++------
|
||||
src/core/dim_core_policy.c | 10 +++++-----
|
||||
src/core/dim_core_sig.c | 10 +++++-----
|
||||
src/core/dim_core_static_baseline.c | 10 +++++-----
|
||||
src/core/dim_core_symbol.c | 2 +-
|
||||
12 files changed, 59 insertions(+), 59 deletions(-)
|
||||
|
||||
diff --git a/src/core/dim_core_baseline.c b/src/core/dim_core_baseline.c
|
||||
index a0f4832..27a8114 100644
|
||||
--- a/src/core/dim_core_baseline.c
|
||||
+++ b/src/core/dim_core_baseline.c
|
||||
@@ -35,7 +35,7 @@ int dim_core_add_static_baseline(const char *name, int type,
|
||||
{
|
||||
int ret = dim_baseline_add(&static_baseline, name, type, digest);
|
||||
if (ret < 0 && ret != -EEXIST) {
|
||||
- dim_err("fail to add static baseline of %s\n", name);
|
||||
+ dim_err("failed to add static baseline of %s\n", name);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -47,7 +47,7 @@ int dim_core_add_dynamic_baseline(const char *name, int type,
|
||||
{
|
||||
int ret = dim_baseline_add(&dynamic_baseline, name, type, digest);
|
||||
if (ret < 0 && ret != -EEXIST) {
|
||||
- dim_err("fail to add dynamic baseline of %s\n", name);
|
||||
+ dim_err("failed to add dynamic baseline of %s\n", name);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -93,7 +93,7 @@ int dim_core_baseline_init(void)
|
||||
dim_kfree,
|
||||
&static_baseline);
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to initialize static baseline root: %d\n", ret);
|
||||
+ dim_err("failed to initialize static baseline root: %d\n", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -101,7 +101,7 @@ int dim_core_baseline_init(void)
|
||||
dim_mem_pool_free,
|
||||
&dynamic_baseline);
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to initialize dynamic baseline root: %d\n", ret);
|
||||
+ dim_err("failed to initialize dynamic baseline root: %d\n", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
diff --git a/src/core/dim_core_fs.c b/src/core/dim_core_fs.c
|
||||
index d5e39ba..e050a19 100644
|
||||
--- a/src/core/dim_core_fs.c
|
||||
+++ b/src/core/dim_core_fs.c
|
||||
@@ -105,7 +105,7 @@ int dim_core_create_fs(void)
|
||||
|
||||
ret = dim_entry_create(&dim_core_dir, NULL);
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to create dim dir entry: %d\n", ret);
|
||||
+ dim_err("failed to create dim dir entry: %d\n", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
diff --git a/src/core/dim_core_main.c b/src/core/dim_core_main.c
|
||||
index edd86cc..6de0c2a 100644
|
||||
--- a/src/core/dim_core_main.c
|
||||
+++ b/src/core/dim_core_main.c
|
||||
@@ -38,20 +38,20 @@ static int __init dim_core_init(void)
|
||||
|
||||
ret = dim_core_kallsyms_init();
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to initialize dim kernel symbol: %d\n", ret);
|
||||
+ dim_err("failed to initialize dim kernel symbol: %d\n", ret);
|
||||
goto err;
|
||||
}
|
||||
|
||||
ret = dim_mem_pool_init();
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to initialize dim memory pool: %d\n", ret);
|
||||
+ dim_err("failed to initialize dim memory pool: %d\n", ret);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (signature) {
|
||||
ret = dim_core_sig_init();
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to initialize dim signature: %d\n", ret);
|
||||
+ dim_err("failed to initialize dim signature: %d\n", ret);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
@@ -59,13 +59,13 @@ static int __init dim_core_init(void)
|
||||
ret = dim_core_measure_init(measure_hash == NULL ?
|
||||
DIM_CORE_HASH_DEFAULT : measure_hash);
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to initialize dim measurement: %d\n", ret);
|
||||
+ dim_err("failed to initialize dim measurement: %d\n", ret);
|
||||
goto err;
|
||||
}
|
||||
|
||||
ret = dim_core_create_fs();
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to create dim fs entry: %d\n", ret);
|
||||
+ dim_err("failed to create dim fs entry: %d\n", ret);
|
||||
goto err;
|
||||
}
|
||||
|
||||
diff --git a/src/core/dim_core_measure.c b/src/core/dim_core_measure.c
|
||||
index 59e2cf8..ed4a464 100644
|
||||
--- a/src/core/dim_core_measure.c
|
||||
+++ b/src/core/dim_core_measure.c
|
||||
@@ -125,15 +125,15 @@ static void do_measure(void)
|
||||
|
||||
ret = dim_core_measure_task(bi);
|
||||
if (ret < 0)
|
||||
- dim_err("fail to measure user process: %d\n", ret);
|
||||
+ dim_err("failed to measure user process: %d\n", ret);
|
||||
|
||||
ret = dim_core_measure_module(bi);
|
||||
if (ret < 0)
|
||||
- dim_err("fail to measure kernel modules: %d\n", ret);
|
||||
+ dim_err("failed to measure kernel modules: %d\n", ret);
|
||||
|
||||
ret = dim_core_measure_kernel(bi);
|
||||
if (ret < 0)
|
||||
- dim_err("fail to measure kernel: %d\n", ret);
|
||||
+ dim_err("failed to measure kernel: %d\n", ret);
|
||||
|
||||
mutex_unlock(&dim_core_baseline_lock);
|
||||
}
|
||||
@@ -144,14 +144,14 @@ static int do_baseline(void)
|
||||
|
||||
ret = dim_core_policy_load();
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to load dim core policy: %d\n", ret);
|
||||
+ dim_err("failed to load dim core policy: %d\n", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
dim_core_baseline_destroy();
|
||||
ret = dim_core_static_baseline_load();
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to load dim static baseline: %d\n", ret);
|
||||
+ dim_err("failed to load dim static baseline: %d\n", ret);
|
||||
dim_core_policy_destroy();
|
||||
return ret;
|
||||
}
|
||||
@@ -232,7 +232,7 @@ int dim_core_measure_init(const char *alg_name)
|
||||
/* 2. init measure hash algorithm */
|
||||
ret = dim_hash_init(alg_name, &dim_core_hash);
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to initialize hash algorithm: %d\n", ret);
|
||||
+ dim_err("failed to initialize hash algorithm: %d\n", ret);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -240,20 +240,20 @@ int dim_core_measure_init(const char *alg_name)
|
||||
if (measure_pcr > 0) {
|
||||
ret = dim_tpm_init(&dim_core_tpm, HASH_ALGO_SHA256);
|
||||
if (ret < 0)
|
||||
- dim_warn("fail to initialize tpm chip: %d\n", ret);
|
||||
+ dim_warn("failed to initialize tpm chip: %d\n", ret);
|
||||
}
|
||||
|
||||
/* 4. init measurement status */
|
||||
ret = dim_core_status_init();
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to initialize dim status: %d\n", ret);
|
||||
+ dim_err("failed to initialize dim status: %d\n", ret);
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* 5. init baseline data (static and dynamic) */
|
||||
ret = dim_core_baseline_init();
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to initialize dim baseline: %d\n", ret);
|
||||
+ dim_err("failed to initialize dim baseline: %d\n", ret);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -262,7 +262,7 @@ int dim_core_measure_init(const char *alg_name)
|
||||
&dim_core_hash, &dim_core_tpm,
|
||||
measure_log_capacity, measure_pcr);
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to initialize measure log root: %d\n", ret);
|
||||
+ dim_err("failed to initialize measure log root: %d\n", ret);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -271,7 +271,7 @@ int dim_core_measure_init(const char *alg_name)
|
||||
dim_work_queue = create_singlethread_workqueue("dim_core");
|
||||
if (dim_work_queue == NULL) {
|
||||
ret = -ENOMEM;
|
||||
- dim_err("fail to create dim work queue: %d\n", ret);
|
||||
+ dim_err("failed to create dim work queue: %d\n", ret);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -279,7 +279,7 @@ int dim_core_measure_init(const char *alg_name)
|
||||
if (measure_interval) {
|
||||
ret = dim_core_measure(1);
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to do baseline init: %d\n", ret);
|
||||
+ dim_err("failed to do baseline init: %d\n", ret);
|
||||
goto err;
|
||||
}
|
||||
|
||||
diff --git a/src/core/dim_core_measure_common.c b/src/core/dim_core_measure_common.c
|
||||
index 4e4c0f4..406ed3f 100644
|
||||
--- a/src/core/dim_core_measure_common.c
|
||||
+++ b/src/core/dim_core_measure_common.c
|
||||
@@ -15,7 +15,7 @@ int dim_core_add_measure_log(const char *name, struct dim_digest *digest, int fl
|
||||
{
|
||||
int ret = dim_measure_log_add(&dim_core_log, name, digest, flag);
|
||||
if (ret < 0 && ret != -EEXIST) {
|
||||
- dim_err("fail to add measure log of %s: %d\n", name, ret);
|
||||
+ dim_err("failed to add measure log of %s: %d\n", name, ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
diff --git a/src/core/dim_core_measure_kernel.c b/src/core/dim_core_measure_kernel.c
|
||||
index 135899d..3724501 100644
|
||||
--- a/src/core/dim_core_measure_kernel.c
|
||||
+++ b/src/core/dim_core_measure_kernel.c
|
||||
@@ -111,7 +111,7 @@ static int calc_kernel_digest(struct dim_digest *digest)
|
||||
sizeof(struct jump_entry);
|
||||
ret = sort_jump_table(sjump, jcode_cnt, &jcode_sort);
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to sort kernel jump table: %d\n", ret);
|
||||
+ dim_err("failed to sort kernel jump table: %d\n", ret);
|
||||
return ret;
|
||||
}
|
||||
} else {
|
||||
@@ -121,7 +121,7 @@ static int calc_kernel_digest(struct dim_digest *digest)
|
||||
|
||||
ret = do_calc_kernel_digest(stext, etext, jcode_sort, jcode_cnt, digest);
|
||||
if (ret < 0)
|
||||
- dim_err("fail to calculate kernel digest: %d\n", ret);
|
||||
+ dim_err("failed to calculate kernel digest: %d\n", ret);
|
||||
|
||||
vfree(jcode_sort);
|
||||
return ret;
|
||||
@@ -139,13 +139,13 @@ int dim_core_measure_kernel(int baseline_init)
|
||||
|
||||
ret = calc_kernel_digest(&digest);
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to calculate kernel digest: %d\n", ret);
|
||||
+ dim_err("failed to calculate kernel digest: %d\n", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = dim_core_check_kernel_digest(baseline_init, kr, &digest);
|
||||
if (ret < 0)
|
||||
- dim_err("fail to check kernel digest: %d\n", ret);
|
||||
+ dim_err("failed to check kernel digest: %d\n", ret);
|
||||
|
||||
return ret;
|
||||
}
|
||||
diff --git a/src/core/dim_core_measure_task.c b/src/core/dim_core_measure_task.c
|
||||
index f9c53f0..0d9b995 100644
|
||||
--- a/src/core/dim_core_measure_task.c
|
||||
+++ b/src/core/dim_core_measure_task.c
|
||||
@@ -192,7 +192,7 @@ static bool vm_file_match_policy(struct file *vm_file,
|
||||
/* get the module path string */
|
||||
ctx->path = d_path(&vm_file->f_path, ctx->path_buf, PATH_MAX);
|
||||
if (IS_ERR(ctx->path)) {
|
||||
- dim_warn("fail to get path of vma: %ld\n", PTR_ERR(ctx->path));
|
||||
+ dim_warn("failed to get path of vma: %ld\n", PTR_ERR(ctx->path));
|
||||
ctx->path = NULL;
|
||||
return false;
|
||||
}
|
||||
@@ -225,7 +225,7 @@ static int update_vma_digest(struct vm_area_struct *vma_start,
|
||||
ret_pages = get_user_pages_remote(vma_start->vm_mm, addr_start, nr_pages,
|
||||
0, pages, NULL, NULL);
|
||||
if (ret_pages < 0) {
|
||||
- dim_err("fail to get vma pages: %ld\n", ret_pages);
|
||||
+ dim_err("failed to get vma pages: %ld\n", ret_pages);
|
||||
vfree(pages);
|
||||
return ret_pages;
|
||||
}
|
||||
@@ -233,7 +233,7 @@ static int update_vma_digest(struct vm_area_struct *vma_start,
|
||||
for (i = 0; i < ret_pages; i++) {
|
||||
page_ptr = kmap(pages[i]);
|
||||
if (page_ptr == NULL) {
|
||||
- dim_err("fail to kmap page\n");
|
||||
+ dim_err("failed to kmap page\n");
|
||||
put_page(pages[i]);
|
||||
continue;
|
||||
}
|
||||
@@ -257,7 +257,7 @@ static int check_user_digest(struct dim_digest *digest,
|
||||
ret = dim_core_check_user_digest(ctx->baseline, ctx->path,
|
||||
digest, &log_flag);
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to check user digest: %d\n", ret);
|
||||
+ dim_err("failed to check user digest: %d\n", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -315,7 +315,7 @@ static int measure_task_module_anon_text(struct vm_area_struct *vma,
|
||||
|
||||
ret = measure_anon_text_vma(v, ctx);
|
||||
if (ret < 0)
|
||||
- dim_err("fail to measure anon text vma: %d\n", ret);
|
||||
+ dim_err("failed to measure anon text vma: %d\n", ret);
|
||||
}
|
||||
|
||||
return 0;
|
||||
@@ -367,11 +367,11 @@ static void measure_task_module(struct vm_area_struct *vma,
|
||||
|
||||
ret = measure_task_module_file_text(vma, ctx);
|
||||
if (ret < 0)
|
||||
- dim_err("fail to measure module file text: %d", ret);
|
||||
+ dim_err("failed to measure module file text: %d", ret);
|
||||
#ifdef DIM_CORE_MEASURE_ANON_TEXT
|
||||
ret = measure_task_module_anon_text(vma, ctx);
|
||||
if (ret < 0)
|
||||
- dim_err("fail to measure module anon text: %d", ret);
|
||||
+ dim_err("failed to measure module anon text: %d", ret);
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -425,7 +425,7 @@ out:
|
||||
if (ctx->task_kill) {
|
||||
ret = kill_task_tree(task);
|
||||
if (ret < 0)
|
||||
- dim_err("fail to kill tampered task, pid = %d: %d\n",
|
||||
+ dim_err("failed to kill tampered task, pid = %d: %d\n",
|
||||
task->pid, ret);
|
||||
}
|
||||
|
||||
@@ -446,7 +446,7 @@ static int store_task_pids(pid_t **pid_buf, unsigned int *pid_cnt)
|
||||
/* maximum processing of PID_MAX_DEFAULT * 2 pids */
|
||||
buf = vmalloc(max_cnt);
|
||||
if (buf == NULL) {
|
||||
- dim_err("fail to allocate memory for pid buffer\n");
|
||||
+ dim_err("failed to allocate memory for pid buffer\n");
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
@@ -494,7 +494,7 @@ static int walk_tasks(task_measurer f, struct task_measure_ctx *ctx)
|
||||
ret = f(task, ctx);
|
||||
put_task_struct(task);
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to measure task, pid = %d: %d", pid_buf[i], ret);
|
||||
+ dim_err("failed to measure task, pid = %d: %d", pid_buf[i], ret);
|
||||
if (ret == -EINTR)
|
||||
break;
|
||||
}
|
||||
diff --git a/src/core/dim_core_mem_pool.c b/src/core/dim_core_mem_pool.c
|
||||
index 5688eaf..a16b7bb 100644
|
||||
--- a/src/core/dim_core_mem_pool.c
|
||||
+++ b/src/core/dim_core_mem_pool.c
|
||||
@@ -18,7 +18,7 @@ static int dim_mem_pool_expand(unsigned int order)
|
||||
|
||||
pages = alloc_pages(GFP_KERNEL | __GFP_ZERO, order);
|
||||
if (pages == NULL) {
|
||||
- dim_err("fail to allocate pages for memory pool\n");
|
||||
+ dim_err("failed to allocate pages for memory pool\n");
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
@@ -27,7 +27,7 @@ static int dim_mem_pool_expand(unsigned int order)
|
||||
|
||||
ret = gen_pool_add(dim_pool, pages_addr, size, -1);
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to add pages to memory pool: %d\n", ret);
|
||||
+ dim_err("failed to add pages to memory pool: %d\n", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -41,7 +41,7 @@ int dim_mem_pool_init(void)
|
||||
|
||||
dim_pool = gen_pool_create(DIM_MIN_ALLOC_ORDER, -1);
|
||||
if (dim_pool == NULL) {
|
||||
- dim_err("fail to generate memory pool\n");
|
||||
+ dim_err("failed to generate memory pool\n");
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
@@ -72,7 +72,7 @@ void dim_mem_pool_destroy(void)
|
||||
return;
|
||||
|
||||
if (gen_pool_avail(dim_pool) != gen_pool_size(dim_pool)) {
|
||||
- dim_err("dim_mem_pool_destroy fail, memory leak detected\n");
|
||||
+ dim_err("dim_mem_pool_destroy failed, memory leak detected\n");
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -96,10 +96,10 @@ void *dim_mem_pool_alloc(size_t size)
|
||||
if (data != NULL)
|
||||
goto out;
|
||||
|
||||
- dim_devel("gen_pool_alloc fail, try dim_mem_pool_expand\n");
|
||||
+ dim_devel("gen_pool_alloc failed, try dim_mem_pool_expand\n");
|
||||
ret = dim_mem_pool_expand(DIM_EXPEND_ALLOC_PAGE_ORDER);
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to expand memory pool: %d\n", ret);
|
||||
+ dim_err("failed to expand memory pool: %d\n", ret);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
diff --git a/src/core/dim_core_policy.c b/src/core/dim_core_policy.c
|
||||
index a3fa369..0e7fbf3 100644
|
||||
--- a/src/core/dim_core_policy.c
|
||||
+++ b/src/core/dim_core_policy.c
|
||||
@@ -118,7 +118,7 @@ static int policy_add_path(const char *path, int action)
|
||||
|
||||
apath = dim_absolute_path(path, path_buf, PATH_MAX);
|
||||
if (IS_ERR(apath)) {
|
||||
- dim_warn("fail to get absolute path of %s in policy: %ld\n",
|
||||
+ dim_warn("failed to get absolute path of %s in policy: %ld\n",
|
||||
path, PTR_ERR(apath));
|
||||
kfree(path_buf);
|
||||
return 0;
|
||||
@@ -200,7 +200,7 @@ static int policy_parse_line(char* line, int line_no)
|
||||
if (obj == DIM_POLICY_OBJ_KERNEL_TEXT) {
|
||||
ret = policy_add_kernel(action);
|
||||
if (ret < 0)
|
||||
- dim_err("fail to add measure policy line %d: %d\n",
|
||||
+ dim_err("failed to add measure policy line %d: %d\n",
|
||||
line_no, ret);
|
||||
return ret;
|
||||
}
|
||||
@@ -221,7 +221,7 @@ static int policy_parse_line(char* line, int line_no)
|
||||
policy_add_path(val, action) :
|
||||
policy_add_module(val, action);
|
||||
if (ret < 0)
|
||||
- dim_err("fail to add measure policy line %d: %d\n",
|
||||
+ dim_err("failed to add measure policy line %d: %d\n",
|
||||
line_no, ret);
|
||||
return ret;
|
||||
}
|
||||
@@ -237,14 +237,14 @@ int dim_core_policy_load(void)
|
||||
|
||||
ret = dim_read_verify_file(NULL, DIM_POLICY_PATH, &buf);
|
||||
if (ret < 0 || buf == NULL) {
|
||||
- dim_err("fail to read policy file: %d\n", ret);
|
||||
+ dim_err("failed to read policy file: %d\n", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
buf_len = ret;
|
||||
ret = dim_parse_line_buf(buf, buf_len, policy_parse_line);
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to parse policy: %d\n", ret);
|
||||
+ dim_err("failed to parse policy: %d\n", ret);
|
||||
dim_core_policy_destroy();
|
||||
}
|
||||
|
||||
diff --git a/src/core/dim_core_sig.c b/src/core/dim_core_sig.c
|
||||
index 18f6008..aae323c 100644
|
||||
--- a/src/core/dim_core_sig.c
|
||||
+++ b/src/core/dim_core_sig.c
|
||||
@@ -141,7 +141,7 @@ int dim_core_sig_init(void)
|
||||
KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
|
||||
if (IS_ERR(dim_core_keyring)) {
|
||||
ret = PTR_ERR(dim_core_keyring);
|
||||
- dim_err("fail to allocate DIM keyring: %ld\n", ret);
|
||||
+ dim_err("failed to allocate DIM keyring: %ld\n", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -149,7 +149,7 @@ int dim_core_sig_init(void)
|
||||
DIM_CORE_MAX_FILE_SIZE, NULL,
|
||||
READING_X509_CERTIFICATE);
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to read DIM cert file: %ld\n", ret);
|
||||
+ dim_err("failed to read DIM cert file: %ld\n", ret);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -158,13 +158,13 @@ int dim_core_sig_init(void)
|
||||
DIM_CORE_KEY_PERM, KEY_ALLOC_NOT_IN_QUOTA);
|
||||
if (IS_ERR(key)) {
|
||||
ret = PTR_ERR(key);
|
||||
- dim_err("fail to load DIM cert: %ld\n", ret);
|
||||
+ dim_err("failed to load DIM cert: %ld\n", ret);
|
||||
goto err;
|
||||
}
|
||||
|
||||
ret = dim_hash_init("sha256", &dim_core_sig_hash);
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to init dim signature hash: %ld\n", ret);
|
||||
+ dim_err("failed to init dim signature hash: %ld\n", ret);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -186,4 +186,4 @@ void dim_core_sig_destroy(void)
|
||||
key_put(dim_core_keyring);
|
||||
|
||||
dim_hash_destroy(&dim_core_sig_hash);
|
||||
-}
|
||||
\ No newline at end of file
|
||||
+}
|
||||
diff --git a/src/core/dim_core_static_baseline.c b/src/core/dim_core_static_baseline.c
|
||||
index f779da1..0d99f7b 100644
|
||||
--- a/src/core/dim_core_static_baseline.c
|
||||
+++ b/src/core/dim_core_static_baseline.c
|
||||
@@ -112,7 +112,7 @@ static int parse_simple_baseline_line(char* line, int line_no)
|
||||
|
||||
ret = dim_core_add_static_baseline(line_str, type, &digest);
|
||||
if (ret < 0)
|
||||
- dim_warn("fail to add static baseline at line %d: %d\n",
|
||||
+ dim_warn("failed to add static baseline at line %d: %d\n",
|
||||
line_no, ret);
|
||||
return 0;
|
||||
}
|
||||
@@ -144,14 +144,14 @@ static_baseline_load(struct dir_context *__ctx,
|
||||
|
||||
ret = dim_read_verify_file(ctx->path, name, &buf);
|
||||
if (ret < 0 || buf == NULL) {
|
||||
- dim_err("fail to read and verify %s: %d\n", name, ret);
|
||||
+ dim_err("failed to read and verify %s: %d\n", name, ret);
|
||||
goto out;
|
||||
}
|
||||
|
||||
buf_len = ret;
|
||||
ret = dim_parse_line_buf(buf, buf_len, parse_simple_baseline_line);
|
||||
if (ret < 0)
|
||||
- dim_err("fail to parse baseline file %s: %d\n", name, ret);
|
||||
+ dim_err("failed to parse baseline file %s: %d\n", name, ret);
|
||||
out:
|
||||
if (buf != NULL)
|
||||
vfree(buf);
|
||||
@@ -175,14 +175,14 @@ int dim_core_static_baseline_load(void)
|
||||
|
||||
ret = kern_path(DIM_STATIC_BASELINE_ROOT, LOOKUP_DIRECTORY, &kpath);
|
||||
if (ret < 0) {
|
||||
- dim_err("fail to get dim baseline root path: %d", ret);
|
||||
+ dim_err("failed to get dim baseline root path: %d", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
file = filp_open(DIM_STATIC_BASELINE_ROOT, O_RDONLY | O_DIRECTORY, 0);
|
||||
if (IS_ERR(file)) {
|
||||
ret = PTR_ERR(file);
|
||||
- dim_err("fail to open %s: %d\n", DIM_STATIC_BASELINE_ROOT, ret);
|
||||
+ dim_err("failed to open %s: %d\n", DIM_STATIC_BASELINE_ROOT, ret);
|
||||
path_put(&kpath);
|
||||
return ret;
|
||||
}
|
||||
diff --git a/src/core/dim_core_symbol.c b/src/core/dim_core_symbol.c
|
||||
index 128e595..3da3df2 100644
|
||||
--- a/src/core/dim_core_symbol.c
|
||||
+++ b/src/core/dim_core_symbol.c
|
||||
@@ -23,7 +23,7 @@ int dim_core_kallsyms_init(void)
|
||||
|
||||
dim_kallsyms_lookup_name = dim_get_symbol_lookup_func();
|
||||
if (dim_kallsyms_lookup_name == NULL) {
|
||||
- dim_err("fail to get symbol_lookup_func\n");
|
||||
+ dim_err("failed to get symbol_lookup_func\n");
|
||||
return -EINVAL;
|
||||
}
|
||||
k->stext = (char *)dim_kallsyms_lookup_name("_stext");
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,31 +0,0 @@
|
||||
From ee0e50754cb5bf5943d4f16508725b3f65931f24 Mon Sep 17 00:00:00 2001
|
||||
From: lixiang_yewu <lixiang_yewu@cmss.chinamobile.com>
|
||||
Date: Tue, 2 Jan 2024 02:27:55 +0000
|
||||
Subject: [PATCH 09/26] update src/common/dim_baseline.c.
|
||||
|
||||
Signed-off-by: lixiang_yewu <lixiang_yewu@cmss.chinamobile.com>
|
||||
|
||||
update src/common/dim_baseline.c.
|
||||
|
||||
Signed-off-by: lixiang_yewu <lixiang_yewu@cmss.chinamobile.com>
|
||||
---
|
||||
src/common/dim_baseline.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/common/dim_baseline.c b/src/common/dim_baseline.c
|
||||
index 6369d7b..4733705 100644
|
||||
--- a/src/common/dim_baseline.c
|
||||
+++ b/src/common/dim_baseline.c
|
||||
@@ -104,7 +104,8 @@ int dim_baseline_add(struct dim_baseline_tree *root, const char *name,
|
||||
if (ret < 0)
|
||||
goto err;
|
||||
|
||||
- strcpy((char *)baseline->name, name);
|
||||
+ strncpy((char *)baseline->name, name, buf_len - 1);
|
||||
+ baseline->name[buf_len - 1] = '\0';
|
||||
|
||||
write_lock(&root->lock);
|
||||
ret = dim_baseline_rb_add(&root->rb_root, baseline, NULL);
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -1,141 +0,0 @@
|
||||
From 1be543b4082c7cf516d11408abf35d1b3ec67254 Mon Sep 17 00:00:00 2001
|
||||
From: Huaxin Lu <luhuaxin1@huawei.com>
|
||||
Date: Mon, 29 Apr 2024 22:27:49 +0800
|
||||
Subject: [PATCH 02/28] use fs interface to set measure action
|
||||
|
||||
---
|
||||
src/core/dim_core_fs.c | 11 +++++++++++
|
||||
src/core/dim_core_main.c | 4 ----
|
||||
src/core/dim_core_measure.c | 17 +++++++++++++++++
|
||||
src/core/dim_core_measure.h | 9 ++++++++-
|
||||
.../dim_core_measure_process.c | 3 ++-
|
||||
5 files changed, 38 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/core/dim_core_fs.c b/src/core/dim_core_fs.c
|
||||
index 4d6bdd4..4a82e53 100644
|
||||
--- a/src/core/dim_core_fs.c
|
||||
+++ b/src/core/dim_core_fs.c
|
||||
@@ -53,6 +53,16 @@ dim_string_print_entry(dim_status, runtime_status, dim_core_status_print);
|
||||
dim_uint_rw_entry(dim_interval, interval, dim_core_interval_get,
|
||||
dim_core_interval_set);
|
||||
|
||||
+/*
|
||||
+ * measure action set and read interface
|
||||
+ * dim_entry struct: dim_tampered_action_entry
|
||||
+ * file entry name: tampered_action
|
||||
+ * read function: dim_core_measure_action_get
|
||||
+ * write function: dim_core_measure_action_set
|
||||
+ */
|
||||
+dim_uint_rw_entry(dim_tampered_action, tampered_action,
|
||||
+ dim_core_measure_action_get, dim_core_measure_action_set);
|
||||
+
|
||||
/*
|
||||
* dim directory
|
||||
*/
|
||||
@@ -69,6 +79,7 @@ static struct dim_entry *dim_core_files[] = {
|
||||
&dim_measure_log_entry,
|
||||
&dim_status_entry,
|
||||
&dim_interval_entry,
|
||||
+ &dim_tampered_action_entry,
|
||||
};
|
||||
|
||||
void dim_core_destroy_fs(void)
|
||||
diff --git a/src/core/dim_core_main.c b/src/core/dim_core_main.c
|
||||
index c62fa09..de18d66 100644
|
||||
--- a/src/core/dim_core_main.c
|
||||
+++ b/src/core/dim_core_main.c
|
||||
@@ -33,15 +33,11 @@ MODULE_PARM_DESC(measure_pcr, "TPM PCR index to extend measure log");
|
||||
|
||||
/* special measurement configuration for dim_core */
|
||||
static unsigned int measure_interval = 0;
|
||||
-bool dim_core_measure_action_enabled = 0;
|
||||
static bool signature = false;
|
||||
|
||||
module_param(measure_interval, uint, 0);
|
||||
MODULE_PARM_DESC(measure_interval, "Interval time (min) for automatic measurement");
|
||||
|
||||
-module_param_named(measure_action, dim_core_measure_action_enabled, bool, 0);
|
||||
-MODULE_PARM_DESC(signature, "Enable actions when tampering detected");
|
||||
-
|
||||
module_param(signature, bool, 0);
|
||||
MODULE_PARM_DESC(signature, "Require signature for policy and static baseline");
|
||||
|
||||
diff --git a/src/core/dim_core_measure.c b/src/core/dim_core_measure.c
|
||||
index f5b378c..6b8cd49 100644
|
||||
--- a/src/core/dim_core_measure.c
|
||||
+++ b/src/core/dim_core_measure.c
|
||||
@@ -32,6 +32,7 @@ static struct work_struct dim_baseline_work;
|
||||
|
||||
/* special measurement parameters for dim_core */
|
||||
static atomic_t measure_interval = ATOMIC_INIT(0);
|
||||
+static atomic_t measure_action = ATOMIC_INIT(0);
|
||||
|
||||
/* interface to print measure status string */
|
||||
const char *dim_core_status_print(void)
|
||||
@@ -39,6 +40,22 @@ const char *dim_core_status_print(void)
|
||||
return dim_measure_status_print(&dim_core_handle);
|
||||
}
|
||||
|
||||
+/* interface to get tampered action */
|
||||
+long dim_core_measure_action_get(void)
|
||||
+{
|
||||
+ return atomic_read(&measure_action);
|
||||
+}
|
||||
+
|
||||
+/* interface to set measure action */
|
||||
+int dim_core_measure_action_set(unsigned int act)
|
||||
+{
|
||||
+ if (act >= DIM_MEASURE_ACTION_MAX)
|
||||
+ return -ERANGE;
|
||||
+
|
||||
+ atomic_set(&measure_action, act);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
/* interface to get measure interval */
|
||||
long dim_core_interval_get(void)
|
||||
{
|
||||
diff --git a/src/core/dim_core_measure.h b/src/core/dim_core_measure.h
|
||||
index 3522ba0..a91d0b3 100644
|
||||
--- a/src/core/dim_core_measure.h
|
||||
+++ b/src/core/dim_core_measure.h
|
||||
@@ -16,7 +16,12 @@
|
||||
#define DIM_MINUTE_TO_SEC (60UL)
|
||||
#define DIM_MINUTE_TO_NSEC (60UL * 1000 * 1000 * 1000)
|
||||
|
||||
-extern bool dim_core_measure_action_enabled;
|
||||
+enum dim_measure_action {
|
||||
+ DIM_MEASURE_ACTION_DISABLE,
|
||||
+ DIM_MEASURE_ACTION_ENABLE,
|
||||
+ DIM_MEASURE_ACTION_MAX,
|
||||
+};
|
||||
+
|
||||
extern struct dim_measure dim_core_handle;
|
||||
|
||||
/* global init and destroy */
|
||||
@@ -25,6 +30,8 @@ void dim_core_measure_destroy(void);
|
||||
|
||||
/* control function for measurement parameters */
|
||||
const char *dim_core_status_print(void);
|
||||
+long dim_core_measure_action_get(void);
|
||||
+int dim_core_measure_action_set(unsigned int act);
|
||||
long dim_core_interval_get(void);
|
||||
int dim_core_interval_set(unsigned int p);
|
||||
long dim_core_tampered_action_get(void);
|
||||
diff --git a/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c b/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
|
||||
index 8522085..643b661 100644
|
||||
--- a/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
|
||||
+++ b/src/core/tasks/dim_core_measure_process/dim_core_measure_process.c
|
||||
@@ -134,7 +134,8 @@ static int check_process_digest(struct dim_digest *digest,
|
||||
return ret;
|
||||
}
|
||||
|
||||
- if (log_flag != LOG_TAMPERED || !dim_core_measure_action_enabled)
|
||||
+ if (log_flag != LOG_TAMPERED ||
|
||||
+ dim_core_measure_action_get() == DIM_MEASURE_ACTION_DISABLE)
|
||||
return 0;
|
||||
|
||||
/* now the process is tampered, check if action need to be taken */
|
||||
--
|
||||
2.33.0
|
||||
|
||||
78
dim.spec
78
dim.spec
@ -4,73 +4,22 @@
|
||||
Name : dim
|
||||
Summary : Dynamic Integrity Measurement
|
||||
Version : 1.0.2
|
||||
Release : 8
|
||||
Release : 1
|
||||
License : GPL-2.0
|
||||
Source0 : %{name}-v%{version}.tar.gz
|
||||
BuildRequires: kernel-devel kernel-headers
|
||||
Requires : kernel
|
||||
|
||||
Patch0001: Limit-the-max-line-number-of-policy-and-baseline-par.patch
|
||||
Patch0002: Use-jiffies64-interface-to-set-measure-interval.patch
|
||||
Patch0003: Add-the-owner-of-file-operations.patch
|
||||
Patch0004: backport-dim-add-test-code.patch
|
||||
Patch0005: backport-fix-the-magic-number.patch
|
||||
Patch0006: backport-some-word.patch
|
||||
Patch0007: backport-update-src-common-dim_baseline.c.patch
|
||||
Patch0008: backport-fix-build-error-in-kernel-6.6.patch
|
||||
Patch0009: backport-fix-build-error.patch
|
||||
Patch0010: backport-Refactor-the-measurement-code.patch
|
||||
Patch0011: backport-Refactor-dim_core-policy-and-support-the-action-poli.patch
|
||||
Patch0012: backport-Refactor-the-dim_core-static-baseline-implement.patch
|
||||
Patch0013: backport-Support-user-process-measurement-by-ELF-parsing.patch
|
||||
Patch0014: backport-Optimize-Makefile.patch
|
||||
Patch0015: backport-Dont-queue-measurement-task-when-baseline-failed.patch
|
||||
Patch0016: backport-Add-safe-wapper-for-some-memory-and-string-functions.patch
|
||||
Patch0017: backport-Fix-potential-integer-overflow.patch
|
||||
Patch0018: backport-Add-memory-debug-in-mem_pool.patch
|
||||
Patch0019: backport-Optimize-test-framework-and-add-testcases.patch
|
||||
Patch0020: backport-Add-warpper-for-strncmp-and-strncpy.patch
|
||||
Patch0021: backport-Use-warpper-dim_vzalloc-to-avoid-false-warning.patch
|
||||
Patch0022: backport-Set-dim_core_keyring-to-NULL-when-initialize-failed.patch
|
||||
Patch0023: backport-Disable-dfx-testcase-by-default.patch
|
||||
Patch0024: backport-Support-init-function-for-measure-tasks.patch
|
||||
Patch0025: backport-Fix-calculating-ELF-memory-address.patch
|
||||
Patch0026: backport-use-fs-interface-to-set-measure-action.patch
|
||||
Patch0027: backport-fix-incorrect-indent.patch
|
||||
Patch0028: backport-add-two-interfaces-for-baseline-operations.patch
|
||||
Patch0029: backport-Add-sm3-compile-macro-and-set-the-algo-name.patch
|
||||
Patch0030: backport-Try-to-add-the-absolute-path-of-process-in-static-ba.patch
|
||||
Patch0031: backport-Fix-the-type-of-pcr.patch
|
||||
Patch0032: backport-Adapter-test-cases.patch
|
||||
Patch0033: backport-Remove-unused-symbol-in-dim_core.patch
|
||||
Patch0034: backport-dont-kill-the-init-process.patch
|
||||
Patch0035: backport-set-dim_work_queue-to-NULL-after-fail-branch.patch
|
||||
Patch0037: backport-add-missing-line-break-in-log-printing.patch
|
||||
Patch0038: backport-dont-warp-strncpy.patch
|
||||
Patch0039: backport-Fix-calculating-ELF-trampoline-address.patch
|
||||
Patch0040: backport-Fix-NULL-pointer-reference-when-kill-child-processes.patch
|
||||
Patch0041: backport-fix-double-free-in-tpm.patch
|
||||
Patch0042: backport-fix-trampoline.patch
|
||||
Patch0043: backport-Maximun-number-of-line-in-a-modification-policy.patch
|
||||
Patch0044: backport-Optimize-task-kill-and-log-the-static-baseline-when-.patch
|
||||
Patch0045: backport-fix-resource-clear-in-concurrent-scenarios.patch
|
||||
Patch0046: backport-Fix-the-issue-that-the-memory-allocation-is-too-larg.patch
|
||||
Patch0047: backport-ignore-return-value-if-the-measure-log-is-limited.patch
|
||||
Patch0048: backport-Change-the-permissions-of-the-dim-directory-to-500.patch
|
||||
Patch0049: backport-Unified-log-printing-format.patch
|
||||
Patch0050: backport-Fix-print-errors.patch
|
||||
Patch0051: backport-add-parameter-check.patch
|
||||
|
||||
%description
|
||||
Dynamic Integrity Measurement
|
||||
|
||||
%prep
|
||||
%autosetup -n %{name}-v%{version} -p1
|
||||
%setup -n %{name}-v%{version}
|
||||
|
||||
%build
|
||||
cd src
|
||||
sed -i 's#/lib/modules/$(shell uname -r)/build#/lib/modules/%{kernel_version}/build#' Makefile
|
||||
make EXTRA_CFLAGS+=-DDIM_HASH_SUPPORT_SM3
|
||||
make
|
||||
|
||||
%install
|
||||
mkdir -p $RPM_BUILD_ROOT/lib/modules/%{kernel_version}/extra/dim
|
||||
@ -98,26 +47,5 @@ rm -rf %{buildroot}
|
||||
%attr(0400,root,root) /lib/modules/%{kernel_version}/extra/dim/dim_monitor.ko
|
||||
|
||||
%changelog
|
||||
* Mon Aug 19 2024 gengqihu <gengqihu2@h-partners.com> 1.0.2-8
|
||||
- Enabled DIM_HASH_SUPPORT_SM3
|
||||
|
||||
* Mon Aug 19 2024 gengqihu <gengqihu2@h-partners.com> 1.0.2-7
|
||||
- fix some bugs
|
||||
|
||||
* Tue Apr 16 2024 jinlun <jinlun@huawei.com> 1.0.2-6
|
||||
- backport some patches
|
||||
|
||||
* Fri Jan 26 2024 jinlun <jinlun@huawei.com> 1.0.2-5
|
||||
- The compilation error asused by the kernel upgrade is rectified.
|
||||
|
||||
* Mon Sep 18 2023 jinlun <jinlun@huawei.com> 1.0.2-4
|
||||
- Fix the concurrent issues with removing module and accessing interfaces.
|
||||
|
||||
* Fri Sep 15 2023 luhuaxin <luhuaxin1@huawei.com> 1.0.2-3
|
||||
- Use jiffies64 interface to set measure interval
|
||||
|
||||
* Thu Sep 14 2023 luhuaxin <luhuaxin1@huawei.com> 1.0.2-2
|
||||
- Limit the max line number of policy and baseline parsing
|
||||
|
||||
* Mon Sep 4 2023 jinlun <jinlun@huawei.com> 1.0.2-1
|
||||
- Init package
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user