From nobody Fri Jun 09 14:50:13 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Qd3sL1C9Wz4cJZ3; Fri, 9 Jun 2023 14:50:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Qd3sL0mlNz3DW9; Fri, 9 Jun 2023 14:50:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1686322214; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=kUrOu9LXqBmwNP8y55tHB1/IsiF4kZcakO+CjOtgOjQ=; b=NPT0yxwweGQhV5j5+OBe53kqFiAFKeJ5dOk+zuVJxar3MP0263GDttDehNyWUsgTFiNGPM uGHNwTcPnK2gT86Fgwu3QLm3m0z34H1D2fW3HcjSlUDIfx307NQlDvPIYYIYeESd/87b+X qdum1Fish3mZa5i2Ti5Lx1IXKklR/yBTpkbN1y04hGoihAyWgMds6RmkOKDMNy0YhTRjyN ByHYBpev6cOS0Z44859OxdnDSgZ2lqey8STg2X/R26eiXT3ujGhbuDv/sf+xYKtK/YF4Dt 1Pxh4+y+ksaTD4qupC3ntuVHE0k+zBGmz7dA7AH711zrnB9VOHMP1LLcSh3zPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1686322214; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=kUrOu9LXqBmwNP8y55tHB1/IsiF4kZcakO+CjOtgOjQ=; b=Q5tyNi3iCoLhPx0plfp/LymKytDDH3ImF5086rRnMcyqGRdzuvaoHlBD49CNmbcU5z5ind U6F9FfJqNxz1udTP4tUts5/2uf3vlHDZR/dpCd9mqVQEF0TIGmbtJVvHPxQ9wi438Zx+pr axyiKQGs5ASH2XovxKl3BD+d8Cy+6PNu5eI+wQaXvNKg/mvB8C6ihi22WaPJl+1M5bCBD3 EN/4efufW46xgfJECznt7OFgBBQgpBnOOs0k0N1Olq1RI7GNq30zi1aobbOJIxbsu0cjTF kayujNlZl0ZMDK+myINWakXm/ZgyhrNr3MnONtHxKAcLb6VZCwSzEjIEBJckJA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1686322214; a=rsa-sha256; cv=none; b=EGm1oHCQBz69hAaUJ4HUKwePBkwr+dIBz7JYD4y3JzOne4LAjFUyTGBFrdVOpzZpSeal76 m6vlfBABwZgIASLuq9nUsA9fTmGKVng76GLVrUuzBWejnDsMUK+6jzZthVa7wsNGfi4k6J hl5kFIJIbx/8juw24je0254hVa1KbpFAvtTH+85vgXhoFWHaPAbNAX5M1y3ZXn1IiJVvgd uxlrMKApzKp3AeyGPhBjmyGttpKJC1nGTQuu7SFqQkzyafp5yHvd/pID3SncYn9MoQtpij BEpv4P5uX65tBTKWge+ftoVHV76awlYpf38M3upQ8xTCZ0fJ0Fqoutm1c2B17A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Qd3sK6xR4zfZL; Fri, 9 Jun 2023 14:50:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 359EoDrI066845; Fri, 9 Jun 2023 14:50:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 359EoDrf066842; Fri, 9 Jun 2023 14:50:13 GMT (envelope-from git) Date: Fri, 9 Jun 2023 14:50:13 GMT Message-Id: <202306091450.359EoDrf066842@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: "Stephen J. Kiernan" Subject: git: 7bb4d1302cf7 - main - veriexec: Do not save error from file info in fingerprint status List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: stevek X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 7bb4d1302cf76bf84a76232532a3b7d4d28554bf Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by stevek: URL: https://cgit.FreeBSD.org/src/commit/?id=7bb4d1302cf76bf84a76232532a3b7d4d28554bf commit 7bb4d1302cf76bf84a76232532a3b7d4d28554bf Author: Stephen J. Kiernan AuthorDate: 2023-06-09 14:38:07 +0000 Commit: Stephen J. Kiernan CommitDate: 2023-06-09 14:49:59 +0000 veriexec: Do not save error from file info in fingerprint status We do not want or need to propagate the error from fetching file info when determining the file status. It could cause open(2) and similar calls to fail when trying to access devices. Obtained from: Juniper Networks, Inc. --- sys/security/mac_veriexec/veriexec_metadata.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/security/mac_veriexec/veriexec_metadata.c b/sys/security/mac_veriexec/veriexec_metadata.c index 4ff635335e9f..4e25b1672575 100644 --- a/sys/security/mac_veriexec/veriexec_metadata.c +++ b/sys/security/mac_veriexec/veriexec_metadata.c @@ -516,9 +516,9 @@ mac_veriexec_metadata_fetch_fingerprint_status(struct vnode *vp, status = mac_veriexec_get_fingerprint_status(vp); if (status == FINGERPRINT_INVALID || status == FINGERPRINT_NODEV) { found_dev = 0; - error = mac_veriexec_metadata_get_file_info(vap->va_fsid, - vap->va_fileid, vap->va_gen, &found_dev, &ip, check_files); - if (error != 0) { + if (mac_veriexec_metadata_get_file_info(vap->va_fsid, + vap->va_fileid, vap->va_gen, &found_dev, &ip, + check_files) != 0) { status = (found_dev) ? FINGERPRINT_NOENTRY : FINGERPRINT_NODEV; VERIEXEC_DEBUG(3,