diff --git a/backport-Optimized-directory-suffix-matching.patch b/backport-Optimized-directory-suffix-matching.patch new file mode 100644 index 0000000000000000000000000000000000000000..73771f5ba70b9f96f420bbb34b37ca0870e465b5 --- /dev/null +++ b/backport-Optimized-directory-suffix-matching.patch @@ -0,0 +1,92 @@ +From 3af4724225de2eef2df28d29e74182236c97d4ca Mon Sep 17 00:00:00 2001 +From: jinlun +Date: Sat, 19 Oct 2024 15:32:59 +0800 +Subject: [PATCH 1/2] Optimized directory suffix matching + +Fix an issue where file names were not +matched correctly when iterating over a +directory in the XFS file system +--- + src/common/dim_utils.c | 15 --------------- + src/common/dim_utils.h | 3 +-- + .../static_baseline/dim_core_static_baseline.c | 11 ++++++++--- + 3 files changed, 9 insertions(+), 20 deletions(-) + +diff --git a/src/common/dim_utils.c b/src/common/dim_utils.c +index 57ea3e9..6746d88 100644 +--- a/src/common/dim_utils.c ++++ b/src/common/dim_utils.c +@@ -48,21 +48,6 @@ out: + return ret; + } + +-bool dim_string_end_with(const char *str, const char *ext) +-{ +- int name_len, ext_len; +- +- if (str == NULL || ext == NULL) +- return false; +- +- name_len = strlen(str); +- ext_len = strlen(ext); +- if (name_len < ext_len) +- return false; +- +- return dim_strcmp(str + name_len - ext_len, ext) == 0; +-} +- + int dim_parse_line_buf(char *buf, loff_t len, int (*line_parser)(char *, int, void *), void *data) + { + int ret = 0; +diff --git a/src/common/dim_utils.h b/src/common/dim_utils.h +index 8c7d855..db43546 100644 +--- a/src/common/dim_utils.h ++++ b/src/common/dim_utils.h +@@ -18,7 +18,6 @@ + #define dim_devel(fmt, ...) + + int dim_get_absolute_path(const char *path, const char **result); +-bool dim_string_end_with(const char *str, const char *ext); + int dim_parse_line_buf(char *buf, loff_t len, int (*line_parser)(char *, int, void *), void *data); + +-#endif +\ No newline at end of file ++#endif +diff --git a/src/core/static_baseline/dim_core_static_baseline.c b/src/core/static_baseline/dim_core_static_baseline.c +index 4fb6e51..7ae5171 100644 +--- a/src/core/static_baseline/dim_core_static_baseline.c ++++ b/src/core/static_baseline/dim_core_static_baseline.c +@@ -17,6 +17,9 @@ + #include "dim_core_measure.h" + #include "dim_core_static_baseline.h" + ++#define BASELINE_FILE_SUFFIX ".hash" ++#define BASELINE_FILE_SUFFIX_LEN 5 ++ + static bool baseline_match_policy(const char *name, int type) + { + const char *kr = init_uts_ns.name.release; +@@ -86,15 +89,17 @@ baseline_fill_dir(struct dir_context *__ctx, + struct name_entry *entry = NULL; + + /* baseline file must end with '.hash' */ +- if (d_type != DT_REG || strlen(name) >= NAME_MAX || +- (!dim_string_end_with(name, ".hash"))) ++ if (d_type != DT_REG || name_len >= NAME_MAX || ++ name_len <= BASELINE_FILE_SUFFIX_LEN || ++ strncmp(name + name_len - BASELINE_FILE_SUFFIX_LEN, ++ BASELINE_FILE_SUFFIX, BASELINE_FILE_SUFFIX_LEN)) + goto out; /* ignore invalid files */ + + entry = dim_kzalloc_gfp(sizeof(struct name_entry)); + if (entry == NULL) + goto out; + +- strcpy(entry->name, name); ++ strncpy(entry->name, name, name_len); + list_add( &entry->list, &ctx->name_list); + out: + #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 4, 0) +-- +2.33.0 + diff --git a/backport-Resolved-the-problem-that-the-jump_label_lock-isrepe.patch b/backport-Resolved-the-problem-that-the-jump_label_lock-isrepe.patch new file mode 100644 index 0000000000000000000000000000000000000000..621a03321f5c6658ff650e362171f0bf338d0428 --- /dev/null +++ b/backport-Resolved-the-problem-that-the-jump_label_lock-isrepe.patch @@ -0,0 +1,25 @@ +From f102decbd82da0fa4c11af6f4eb249b2b34c952f Mon Sep 17 00:00:00 2001 +From: jinlun +Date: Fri, 29 Nov 2024 10:14:27 +0800 +Subject: [PATCH 2/2] Resolved the problem that the jump_label_lock + isrepeatedly but the jump_label_unlock does not determine + +--- + src/core/dim_core_symbol.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/dim_core_symbol.c b/src/core/dim_core_symbol.c +index 38c9f02..97bb5fe 100644 +--- a/src/core/dim_core_symbol.c ++++ b/src/core/dim_core_symbol.c +@@ -51,6 +51,6 @@ int dim_core_kallsyms_init(void) + k->find_module == NULL || k->find_get_task_by_vpid == NULL || + #endif + k->start_jump_table == NULL || k->stop_jump_table == NULL || +- k->jump_label_lock == NULL || k->jump_label_lock == NULL || ++ k->jump_label_lock == NULL || k->jump_label_unlock == NULL || + k->walk_process_tree == NULL) ? -ENOENT : 0; + } +-- +2.33.0 + diff --git a/dim.spec b/dim.spec index 0ebb97d3cba0eabb5ec33bf7b5dfc689d97394ea..088db9ed73f2053ce6d79d4ddc93b07217642ff3 100644 --- a/dim.spec +++ b/dim.spec @@ -1,10 +1,28 @@ %global debug_package %{nil} %define kernel_version %(ver=`rpm -qa|grep kernel-devel`;echo ${ver#*kernel-devel-}) +# Redefining __spec_install_post, Causes the kernel +# module to be signed at the end of the install phase +%if 0%{?openEuler_sign_rsa} +%global __modsign_install_post \ +module_path="$RPM_BUILD_ROOT/lib/modules/%{kernel_version}/extra/dim" \ +sh /usr/lib/rpm/brp-ebs-sign --module $module_path/dim_core.ko ||: \ +mv $module_path/dim_core.ko.sig $module_path/dim_core.ko ||: \ +sh /usr/lib/rpm/brp-ebs-sign --module $module_path/dim_monitor.ko ||: \ +mv $module_path/dim_monitor.ko.sig $module_path/dim_monitor.ko ||: \ +%{nil} + +%global __tmp_spec_install_post %{__spec_install_post} +%global __spec_install_post \ +%{__tmp_spec_install_post} \ +%{__modsign_install_post} \ +%{nil} +%endif + Name : dim Summary : Dynamic Integrity Measurement Version : 1.0.2 -Release : 9 +Release : 10 License : GPL-2.0 Source0 : %{name}-v%{version}.tar.gz BuildRequires: kernel-devel kernel-headers @@ -61,6 +79,8 @@ Patch0049: backport-Unified-log-printing-format.patch Patch0050: backport-Fix-print-errors.patch Patch0051: backport-add-parameter-check.patch Patch0052: backport-Fix-deadlock-issue-in-directory-iterating.patch +Patch0053: backport-Optimized-directory-suffix-matching.patch +Patch0054: backport-Resolved-the-problem-that-the-jump_label_lock-isrepe.patch %description Dynamic Integrity Measurement @@ -99,6 +119,9 @@ rm -rf %{buildroot} %attr(0400,root,root) /lib/modules/%{kernel_version}/extra/dim/dim_monitor.ko %changelog +* Wed Feb 5 2025 steven.ygui 1.0.2-10 +- add signature and backport some patches + * Wed Aug 28 2024 jinlun 1.0.2-9 - Fix deadlock issue in directory iterating