backport some patches

2024-11-29 11:10:29 +08:00 · 2024-11-29 11:10:29 +08:00 · c0ec6b0426
commit c0ec6b0426
parent 50f9d5375c
4 changed files with 265 additions and 1 deletions
--- a/backport-Fix-deadlock-issue-in-directory-iterating.patch
+++ b/backport-Fix-deadlock-issue-in-directory-iterating.patch
@ -0,0 +1,141 @@
+From 790c5a47844ec464083984771a6128a84420c4a8 Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Mon, 26 Aug 2024 09:49:45 +0800
+Subject: [PATCH] Fix deadlock issue in directory iterating
+
+---
+ .../dim_core_static_baseline.c                | 70 ++++++++++++-------
+ .../dim_core_static_baseline.h                |  4 +-
+ 2 files changed, 46 insertions(+), 28 deletions(-)
+
+diff --git a/src/core/static_baseline/dim_core_static_baseline.c b/src/core/static_baseline/dim_core_static_baseline.c
+index ff05690..4fb6e51 100644
+--- a/src/core/static_baseline/dim_core_static_baseline.c
+++ b/src/core/static_baseline/dim_core_static_baseline.c
+@@ -65,41 +65,38 @@ static int baseline_check_add(const char *name, int type,
+ 	return ret;
+ }
+ 
+struct name_entry {
+	char name[NAME_MAX];
+	struct list_head list;
+};
+
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0)
+ static int
+ #else
+ static bool
+ #endif
+-static_baseline_load(struct dir_context *__ctx,
+-		     const char *name,
+-		     int name_len,
+-		     loff_t offset,
+-		     unsigned long long ino,
+-		     unsigned d_type)
+baseline_fill_dir(struct dir_context *__ctx,
+		  const char *name,
+		  int name_len,
+		  loff_t offset,
+		  unsigned long long ino,
+		  unsigned d_type)
+ {
+ 	struct baseline_parse_ctx *ctx = container_of(__ctx, typeof(*ctx), ctx);
+-	int ret;
+-	void *buf = NULL;
+-	unsigned long buf_len = 0;
+	struct name_entry *entry = NULL;
+ 
+ 	/* baseline file must end with '.hash' */
+-	if (d_type != DT_REG || (!dim_string_end_with(name, ".hash")))
+	if (d_type != DT_REG || strlen(name) >= NAME_MAX ||
+	    (!dim_string_end_with(name, ".hash")))
+ 		goto out; /* ignore invalid files */
+ 
+-	ret = dim_read_verify_file(ctx->path, name, &buf);
+-	if (ret < 0 || buf == NULL) {
+-		dim_err("failed to read and verify %s: %d\n", name, ret);
+	entry = dim_kzalloc_gfp(sizeof(struct name_entry));
+	if (entry == NULL)
+ 		goto out;
+-	}
+ 
+-	buf_len = ret;
+-	ret = dim_baseline_parse(buf, buf_len, ctx);
+-	if (ret < 0)
+-		dim_err("failed to parse baseline file %s: %d\n", name, ret);
+	strcpy(entry->name, name);
+	list_add( &entry->list, &ctx->name_list);
+ out:
+-	if (buf != NULL)
+-		dim_vfree(buf);
+-
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0)
+ 	return 0; /* ignore fail */
+ #else
+@@ -112,12 +109,16 @@ int dim_core_static_baseline_load(struct dim_measure *m)
+ 	int ret = 0;
+ 	struct path kpath;
+ 	struct file *file = NULL;
+-	struct baseline_parse_ctx buf = {
+-		.ctx.actor = static_baseline_load,
+-		.path = &kpath,
+	struct name_entry *entry = NULL;
+	struct name_entry *tmp = NULL;
+	void *buf = NULL;
+	unsigned long buf_len = 0;
+	struct baseline_parse_ctx ctx = {
+ 		.m = m,
+		.ctx.actor = baseline_fill_dir,
+ 		.add = baseline_check_add,
+ 		.match = baseline_match_policy,
+		.name_list = LIST_HEAD_INIT(ctx.name_list)
+ 	};
+ 
+ 	if (m == NULL)
+@@ -137,9 +138,26 @@ int dim_core_static_baseline_load(struct dim_measure *m)
+ 		return ret;
+ 	}
+ 
+-	(void)iterate_dir(file, &buf.ctx);
+	(void)iterate_dir(file, &ctx.ctx);
+	filp_close(file, NULL);
+
+	list_for_each_entry_safe(entry, tmp, &ctx.name_list, list) {
+		ret = dim_read_verify_file(&kpath, entry->name, &buf);
+		if (ret < 0 || buf == NULL) {
+			dim_err("failed to read and verify %s: %d\n", entry->name, ret);
+			dim_kfree(entry);
+			continue;
+		}
+
+		buf_len = ret;
+		ret = dim_baseline_parse(buf, buf_len, &ctx);
+		if (ret < 0)
+			dim_err("failed to parse baseline file %s: %d\n", entry->name, ret);
+
+		dim_vfree(buf);
+		dim_kfree(entry);
+	}
+ 
+ 	path_put(&kpath);
+-	filp_close(file, NULL);
+ 	return 0;
+ }
+diff --git a/src/core/static_baseline/dim_core_static_baseline.h b/src/core/static_baseline/dim_core_static_baseline.h
+index 988b02d..e0d1df9 100644
+--- a/src/core/static_baseline/dim_core_static_baseline.h
+++ b/src/core/static_baseline/dim_core_static_baseline.h
+@@ -24,8 +24,8 @@ typedef int (*baseline_add_func)(const char *name, int type,
+ struct baseline_parse_ctx {
+ 	/* context for directory walking */
+ 	struct dir_context ctx;
+-	/* current directory path */
+-	struct path *path;
+	/* entry to store the filenames in directory */
+	struct list_head name_list;
+ 	struct dim_measure *m;
+ 	baseline_match_func match;
+ 	baseline_add_func add;
+-- 
+2.33.0
+
--- a/backport-Optimized-directory-suffix-matching.patch
+++ b/backport-Optimized-directory-suffix-matching.patch
@ -0,0 +1,92 @@
+From 3af4724225de2eef2df28d29e74182236c97d4ca Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Sat, 19 Oct 2024 15:32:59 +0800
+Subject: [PATCH 1/2] Optimized directory suffix matching
+
+Fix an issue where file names were not
+matched correctly when iterating over a
+directory in the XFS file system
+---
+ src/common/dim_utils.c                            | 15 ---------------
+ src/common/dim_utils.h                            |  3 +--
+ .../static_baseline/dim_core_static_baseline.c    | 11 ++++++++---
+ 3 files changed, 9 insertions(+), 20 deletions(-)
+
+diff --git a/src/common/dim_utils.c b/src/common/dim_utils.c
+index 57ea3e9..6746d88 100644
+--- a/src/common/dim_utils.c
+++ b/src/common/dim_utils.c
+@@ -48,21 +48,6 @@ out:
+ 	return ret;	
+ }
+ 
+-bool dim_string_end_with(const char *str, const char *ext)
+-{
+-	int name_len, ext_len;
+-
+-	if (str == NULL || ext == NULL)
+-		return false;
+-
+-	name_len = strlen(str);
+-	ext_len = strlen(ext);
+-	if (name_len < ext_len)
+-		return false;
+-
+-	return dim_strcmp(str + name_len - ext_len, ext) == 0;
+-}
+-
+ int dim_parse_line_buf(char *buf, loff_t len, int (*line_parser)(char *, int, void *), void *data)
+ {
+ 	int ret = 0;
+diff --git a/src/common/dim_utils.h b/src/common/dim_utils.h
+index 8c7d855..db43546 100644
+--- a/src/common/dim_utils.h
+++ b/src/common/dim_utils.h
+@@ -18,7 +18,6 @@
+ #define dim_devel(fmt, ...)
+ 
+ int dim_get_absolute_path(const char *path, const char **result);
+-bool dim_string_end_with(const char *str, const char *ext);
+ int dim_parse_line_buf(char *buf, loff_t len, int (*line_parser)(char *, int, void *), void *data);
+ 
+-#endif
+\ No newline at end of file
+#endif
+diff --git a/src/core/static_baseline/dim_core_static_baseline.c b/src/core/static_baseline/dim_core_static_baseline.c
+index 4fb6e51..7ae5171 100644
+--- a/src/core/static_baseline/dim_core_static_baseline.c
+++ b/src/core/static_baseline/dim_core_static_baseline.c
+@@ -17,6 +17,9 @@
+ #include "dim_core_measure.h"
+ #include "dim_core_static_baseline.h"
+ 
+#define BASELINE_FILE_SUFFIX ".hash"
+#define BASELINE_FILE_SUFFIX_LEN 5
+
+ static bool baseline_match_policy(const char *name, int type)
+ {
+ 	const char *kr = init_uts_ns.name.release;
+@@ -86,15 +89,17 @@ baseline_fill_dir(struct dir_context *__ctx,
+ 	struct name_entry *entry = NULL;
+ 
+ 	/* baseline file must end with '.hash' */
+-	if (d_type != DT_REG || strlen(name) >= NAME_MAX ||
+-	    (!dim_string_end_with(name, ".hash")))
+	if (d_type != DT_REG || name_len >= NAME_MAX ||
+	    name_len <= BASELINE_FILE_SUFFIX_LEN ||
+	    strncmp(name + name_len - BASELINE_FILE_SUFFIX_LEN,
+	    BASELINE_FILE_SUFFIX, BASELINE_FILE_SUFFIX_LEN))
+ 		goto out; /* ignore invalid files */
+ 
+ 	entry = dim_kzalloc_gfp(sizeof(struct name_entry));
+ 	if (entry == NULL)
+ 		goto out;
+ 
+-	strcpy(entry->name, name);
+	strncpy(entry->name, name, name_len);
+ 	list_add( &entry->list, &ctx->name_list);
+ out:
+ #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0)
+-- 
+2.33.0
+
--- a/backport-Resolved-the-problem-that-the-jump_label_lock-isrepe.patch
+++ b/backport-Resolved-the-problem-that-the-jump_label_lock-isrepe.patch
@ -0,0 +1,25 @@
+From f102decbd82da0fa4c11af6f4eb249b2b34c952f Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Fri, 29 Nov 2024 10:14:27 +0800
+Subject: [PATCH 2/2] Resolved the problem that the jump_label_lock
+ isrepeatedly but the jump_label_unlock does not determine
+
+---
+ src/core/dim_core_symbol.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/dim_core_symbol.c b/src/core/dim_core_symbol.c
+index 38c9f02..97bb5fe 100644
+--- a/src/core/dim_core_symbol.c
+++ b/src/core/dim_core_symbol.c
+@@ -51,6 +51,6 @@ int dim_core_kallsyms_init(void)
+ 		k->find_module == NULL || k->find_get_task_by_vpid == NULL ||
+ #endif
+ 		k->start_jump_table == NULL || k->stop_jump_table == NULL ||
+-		k->jump_label_lock == NULL || k->jump_label_lock == NULL ||
+		k->jump_label_lock == NULL || k->jump_label_unlock == NULL ||
+ 		k->walk_process_tree == NULL) ? -ENOENT : 0;
+ }
+-- 
+2.33.0
+
--- a/dim.spec
+++ b/dim.spec
@ -22,7 +22,7 @@ mv $module_path/dim_monitor.ko.sig $module_path/dim_monitor.ko ||: \
 Name         :  dim
 Summary      :  Dynamic Integrity Measurement
 Version      :  1.0.2
-Release      :  9
+Release      :  10
 License      :  GPL-2.0
 Source0      :  %{name}-v%{version}.tar.gz
 BuildRequires:  kernel-devel kernel-headers
@ -78,6 +78,9 @@ Patch0048:      backport-Change-the-permissions-of-the-dim-directory-to-500.patc
 Patch0049:      backport-Unified-log-printing-format.patch
 Patch0050:      backport-Fix-print-errors.patch
 Patch0051:      backport-add-parameter-check.patch
+Patch0052:      backport-Fix-deadlock-issue-in-directory-iterating.patch
+Patch0053:      backport-Optimized-directory-suffix-matching.patch
+Patch0054:      backport-Resolved-the-problem-that-the-jump_label_lock-isrepe.patch

 %description
 Dynamic Integrity Measurement
@ -116,6 +119,9 @@ rm -rf %{buildroot}
 %attr(0400,root,root) /lib/modules/%{kernel_version}/extra/dim/dim_monitor.ko

 %changelog
+* Fri Nov 29 2024 jinlun <jinlun@huawei.com> 1.0.2-10
+- backport some patches
+
 * Wed Nov 13 2024 jinlun <jinlun@huawei.com> 1.0.2-9
 - add signature for dim