socsvn commit: r238947 - in soc2012/gpf/pefs_kmod: sbin/pefs sys/fs/pefs

gpf at FreeBSD.org gpf at FreeBSD.org
Wed Jul 4 12:41:59 UTC 2012 

Author: gpf
Date: Wed Jul  4 12:41:56 2012
New Revision: 238947
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=238947

Log:
  - comments!
  

Modified:
  soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c
  soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c
  soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_vfsops.c

Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c
==============================================================================
--- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c	Wed Jul  4 12:10:20 2012	(r238946)
+++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c	Wed Jul  4 12:41:56 2012	(r238947)
@@ -79,18 +79,21 @@
 RB_HEAD(hardlink_head, hardlink_counter);
 RB_PROTOTYPE(hardlink_head, hardlink_counter, hardlink_entries, pefs_rb_cmp);
 
-#define PEFS_CFH_SIZE 16
-#define PEFS_FH_SIZE 16
+#define PEFS_CFH_SIZE 16	/* on disk size of .pefs.checksum's unique file header */
+#define PEFS_FH_SIZE 16		/* on disk size of a single file header (also a bucket in cuckoo hashing) */
 
+/* this struct is used to check if all hardlinks for a given inode are supplied by the user */
 struct hardlink_counter {
-	ino_t inode;
-	uint32_t total_links;
-	uint32_t links_found;
-	struct hardlink_fh_head file_headers;
-	RB_ENTRY(hardlink_counter) hardlink_entries;
+	ino_t inode;	/* inode number for the file in question */
+	uint32_t total_links;	/* total hardlinks of the file */
+	uint32_t links_found;	/* how many links are found in user supplied list */
+	struct hardlink_fh_head file_headers;	/* file headers of the links we have found */
+	RB_ENTRY(hardlink_counter) hardlink_entries;	/* entry in hardlink RB tree */
 };
 
 /* XXXgpf: unions for on disk structs and move to a different header? */
+
+/* this is the unique file header of the .pefs.checksum file, found in the beginning of the file */
 struct checksum_file_header {
 	uint8_t version;
 	uint8_t reserved;
@@ -109,8 +112,8 @@
 struct file_header {
 	/* on disk information */
 	uint32_t nhashes;	/* the number of hashes for the file */
-	uint64_t file_id;	/* id is MAC tweak from filename (first 64 bits) */
 	uint32_t offset_to_checksums;	/* in file offset to start of checksums */
+	uint64_t file_id;	/* id is MAC tweak from filename (first 64 bits) */
 
 	/* in memory information */
 	char path[MAXPATHLEN + 1];	/* fullpath for this file */
@@ -120,8 +123,8 @@
 	int fd, pfd;	/* file descriptors for the file and its parent dir */
 	int found;		/* mark that this entry was found during "verify" action */
 	struct checksum_head checksums;		/* this file's checksums */
-	TAILQ_ENTRY(file_header) file_header_entries;
-	TAILQ_ENTRY(file_header) fh_hardlink_entries;
+	TAILQ_ENTRY(file_header) file_header_entries;	/* entry in global file header tail */
+	TAILQ_ENTRY(file_header) fh_hardlink_entries;	/* entry in hardlink counter */
 };
 
 struct bucket {
@@ -133,10 +136,10 @@
  * with his own hash function: pefs_hash1() & pefs_hash2()
  */
 struct cuckoo_hash_table {
-	struct bucket *buckets1;
-	struct bucket *buckets2;
+	struct bucket *buckets1;	/* table1 */
+	struct bucket *buckets2;	/* table2 */
 	uint32_t size; /* how many buckets in each table */
-	uint32_t nelements;
+	uint32_t nelements;	/* total number of elements <= size */
 };
 
 static int
@@ -637,6 +640,7 @@
 	size_t buf_len, enc_len;
 
 	if ((flags & PEFS_NOKEY) != 0 || (flags & PEFS_UNMOUNTED) != 0) {
+		/* in this case, we already have the encrypted filename */
 		enc = fhp->filename;
 		enc_len = strnlen(fhp->filename, sizeof(fhp->filename));
 		enc++;
@@ -826,6 +830,7 @@
 		return 0;
 }
 
+/* open a file and perform various semantic checks on it */
 static int
 pefs_open_semantic_checks(struct file_header *fhp, struct statfs *fsp, struct hardlink_head *hlc_headp, int flags)
 {
@@ -1644,12 +1649,12 @@
 	uint32_t i;
 	int error, cmp;
 
-	dprintf(("comparing hashes for file with fid: %llu\t%llu\n", fhp->file_id, indexfhp->file_id));
+	dprintf(("comparing hashes for file with fid: %llu\n", fhp->file_id));
 
 	error = 0;
 	if (fhp->nhashes != indexfhp->nhashes) {
-		pefs_warn("number of hashes differ between on disk file and stored values for file %s: %u vs %u",
-			fhp->path, fhp->nhashes, indexfhp->nhashes);
+		pefs_warn("number of hashes differ between on disk file and %s values for file %s: %u vs %u",
+			PEFS_FILE_CHECKSUM, fhp->path, fhp->nhashes, indexfhp->nhashes);
 		error = PEFS_ERR_CHECKSUM;
 	}
 
@@ -1659,8 +1664,8 @@
 	while (csp1 != NULL && csp2 != NULL) {
 		cmp = memcmp(csp1->hash, csp2->hash, hash_len);
 		if (cmp != 0) {
-			pefs_warn("checksum no: %u differs between on disk file and stored values for file %s",
-				i, fhp->path);
+			pefs_warn("checksum no: %u differs between on disk file and %s values for file %s",
+				i, PEFS_FILE_CHECKSUM, fhp->path);
 			error = PEFS_ERR_CHECKSUM;
 		}
 		csp1 = TAILQ_NEXT(csp1, checksum_entries);
@@ -1672,7 +1677,8 @@
 }
 
 /*
- * XXXgpf: [TODO] comments
+ * Traverse the entire filesystem and for every regular file or symbolic link, look it up in
+ * .pefs.checksum index and verify its checksums.
  */
 static int
 pefs_traverse_fs(struct cuckoo_hash_table *chtp, const EVP_MD *md, uint8_t hash_len, DIR *dirp,
@@ -1689,7 +1695,7 @@
 	while (dirp) {
 		sdp = readdir(dirp);
 		if (sdp != NULL) {
-			/* XXXgpf: Need to pay special attention to these files */
+			/* XXXgpf: [TODO] Need to pay special attention to these files */
 			if (strcmp(sdp->d_name, "..") == 0 || strcmp(sdp->d_name, ".") == 0 ||
 				strcmp(sdp->d_name, ".pefs.db") == 0 || strcmp(sdp->d_name, ".pefs.conf") == 0 ||
 				strcmp(sdp->d_name, ".pefs.checksum") == 0)
@@ -1817,8 +1823,8 @@
 		fhp = chtp->buckets1[i].fhp;
 		if (fhp != NULL)
 			if (fhp->found != 1) {
-				pefs_warn("file with file id %llu was not found in filesystem but exists in checksum file",
-					fhp->file_id);
+				pefs_warn("file with file id %llu was not found in filesystem but exists in %s",
+					fhp->file_id, PEFS_FILE_CHECKSUM);
 				error = PEFS_ERR_NOENT;
 			}
 	}
@@ -1827,8 +1833,8 @@
 		fhp = chtp->buckets2[i].fhp;
 		if (fhp != NULL)
 			if (fhp->found != 1) {
-				pefs_warn("file with file id %llu was not found in filesystem but exists in checksum file",
-					fhp->file_id);
+				pefs_warn("file with file id %llu was not found in filesystem but exists in %s",
+					fhp->file_id, PEFS_FILE_CHECKSUM);
 				error = PEFS_ERR_NOENT;
 			}
 	}
@@ -1837,7 +1843,11 @@
 }
 
 /*
- * XXXgpf: [TODO] comments
+ * Verify the contents of a .pefs.checksum file.
+ * A) .pefs.checksum is read into memory.
+ * B) The entire filesystem is traversed in order to check each and every file.
+ * C) warning messages are produces for hardlinks and symbolic links.
+ * D) check that every file in .pefs.checksum was actually found in filesystem.
  */
 int
 pefs_verify_checksum(int fdin, char *fsroot, int flags)

Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c
==============================================================================
--- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c	Wed Jul  4 12:10:20 2012	(r238946)
+++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c	Wed Jul  4 12:41:56 2012	(r238947)
@@ -1020,9 +1020,8 @@
  * .pefs.checksum is created under $PWD. path should be a directory,
  * outside of target pefs filesystem.
  *
- * When $command is run, filesystem should be already mounted with
- * pefs.
- *
+ * When $command is run, filesystem must be mounted with pefs, and 
+ * user must have supplied the key.
  */
 static int
 pefs_addchecksum(int argc, char *argv[])
@@ -1104,10 +1103,25 @@
  *
  * pefs verify [-u/-n] checksumpath filesystem
  *
- * $command ...
+ * $command verifies the contents of a .pefs.checksum file. It scans the
+ * entire filesystem and checks that every entry in .pefs.checksum is
+ * found in the filesystem with the same checksums.
+ *
+ * $command will try to produce the same warning messages as addchecksum
+ * concerning hardlinks and symbolic links.
+ *
+ * -n flag should be used if filesystem is mounted but key has not
+ * been provided yet.
+ *
+ * -u flag should be used if filesystem is unmounted.
+ *
+ * flags -u and -n are mutually exclusive.
  *
- * XXX [TODO] comments
+ * By default, pefs will assume that filesystem is mounted and user
+ * has provided key.
  *
+ * Verifying the integrity of the checksum file itself via a signature
+ * remains a major TODO.
  */
 static int
 pefs_verify(int argc, char *argv[])

Modified: soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_vfsops.c
==============================================================================
--- soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_vfsops.c	Wed Jul  4 12:10:20 2012	(r238946)
+++ soc2012/gpf/pefs_kmod/sys/fs/pefs/pefs_vfsops.c	Wed Jul  4 12:41:56 2012	(r238947)
@@ -196,6 +196,7 @@
 	}
 }
 
+/* XXXgpf: [TODO] move this to pefs_checksum.c */
 static int
 pefs_checksum_load(struct mount *mp)
 {

More information about the svn-soc-all mailing list