From 88640c0e8b6f503426cce9ea1337098c241d3801 Mon Sep 17 00:00:00 2001 From: Kirk McKusick Date: Thu, 17 Jan 2019 06:35:45 +0000 Subject: [PATCH] Create new EINTEGRITY error with message "Integrity check failed". An integrity check such as a check-hash or a cross-correlation failed. The integrity error falls between EINVAL that identifies errors in parameters to a system call and EIO that identifies errors with the underlying storage media. EINTEGRITY is typically raised by intermediate kernel layers such as a filesystem or an in-kernel GEOM subsystem when they detect inconsistencies. Uses include allowing the mount(8) command to return a different exit value to automate the running of fsck(8) during a system boot. These changes make no use of the new error, they just add it. Later commits will be made for the use of the new error number and it will be added to additional manual pages as appropriate. Reviewed by: gnn, dim, brueffer, imp Discussed with: kib, cem, emaste, ed, jilles Differential Revision: https://reviews.freebsd.org/D18765 --- cddl/lib/libdtrace/errno.d | 5 +- contrib/libc++/include/__errc | 2 + contrib/libc++/include/errno.h | 57 ++++++++++++++----- .../tests/gettext/po/pig_latin/strerror.po | 4 ++ contrib/libxo/tests/gettext/strerror.pot | 4 ++ contrib/openbsm/libbsm/bsm_errno.c | 7 +++ contrib/openbsm/sys/bsm/audit_errno.h | 1 + lib/libc/gen/errlst.c | 2 +- lib/libc/nls/C.msg | 2 + lib/libc/sys/intro.2 | 14 +++++ stand/liblua/lerrno.c | 1 + sys/bsm/audit_errno.h | 1 + sys/compat/cloudabi/cloudabi_errno.c | 1 + sys/compat/linux/linux_errno.inc | 3 +- sys/security/audit/bsm_errno.c | 7 +++ sys/sys/errno.h | 3 +- 16 files changed, 95 insertions(+), 19 deletions(-) diff --git a/cddl/lib/libdtrace/errno.d b/cddl/lib/libdtrace/errno.d index 373657b5beb4..a4ca746d9356 100644 --- a/cddl/lib/libdtrace/errno.d +++ b/cddl/lib/libdtrace/errno.d @@ -225,7 +225,9 @@ inline int ENOTRECOVERABLE = 95; #pragma D binding "1.13" ENOTRECOVERABLE inline int EOWNERDEAD = 96; #pragma D binding "1.13" EOWNERDEAD -inline int ELAST = 96; +inline int EINTEGRITY = 96; +#pragma D binding "1.13" EINTEGRITY +inline int ELAST = 97; #pragma D binding "1.0" ELAST inline int ERESTART = -1; #pragma D binding "1.0" ERESTART @@ -340,6 +342,7 @@ inline string strerror[int errno] = errno == ECAPMODE ? "Not permitted in capability mode" : errno == ENOTRECOVERABLE ? "State not recoverable" : errno == EOWNERDEAD ? "Previous owner died" : + errno == EINTEGRITY ? "Integrity check failed" : errno == ERESTART ? "restart syscall" : errno == EJUSTRETURN ? "don't modify regs, just return" : errno == ENOIOCTL ? "ioctl not handled by this layer" : diff --git a/contrib/libc++/include/__errc b/contrib/libc++/include/__errc index d0f00b7f0be0..06edc8cd458b 100644 --- a/contrib/libc++/include/__errc +++ b/contrib/libc++/include/__errc @@ -46,6 +46,7 @@ enum class errc identifier_removed, // EIDRM illegal_byte_sequence, // EILSEQ inappropriate_io_control_operation, // ENOTTY + integrity_check_failed, // EINTEGRITY interrupted, // EINTR invalid_argument, // EINVAL invalid_seek, // ESPIPE @@ -143,6 +144,7 @@ _LIBCPP_DECLARE_STRONG_ENUM(errc) identifier_removed = EIDRM, illegal_byte_sequence = EILSEQ, inappropriate_io_control_operation = ENOTTY, + integrity_check_failed = EINTEGRITY, interrupted = EINTR, invalid_argument = EINVAL, invalid_seek = ESPIPE, diff --git a/contrib/libc++/include/errno.h b/contrib/libc++/include/errno.h index ee6429110cc1..c8fd9dceca2b 100644 --- a/contrib/libc++/include/errno.h +++ b/contrib/libc++/include/errno.h @@ -33,49 +33,72 @@ #ifdef __cplusplus -#if !defined(EOWNERDEAD) || !defined(ENOTRECOVERABLE) +#if !defined(EOWNERDEAD) || !defined(ENOTRECOVERABLE) || !defined(EINTEGRITY) #ifdef ELAST static const int __elast1 = ELAST+1; static const int __elast2 = ELAST+2; +static const int __elast2 = ELAST+3; #else static const int __elast1 = 104; static const int __elast2 = 105; +static const int __elast2 = 106; #endif -#ifdef ENOTRECOVERABLE - -#define EOWNERDEAD __elast1 +#if !defined(EOWNERDEAD) && !defined(ENOTRECOVERABLE) && !defined(EINTEGRITY) +#define ENOTRECOVERABLE __elast1 +#define EOWNERDEAD __elast2 +#define EINTEGRITY __elast3 +#ifdef ELAST +#undef ELAST +#define ELAST EINTEGRITY +#elif !defined(EOWNERDEAD) && !defined(ENOTRECOVERABLE) && defined(EINTEGRITY) +#define ENOTRECOVERABLE __elast1 +#define EOWNERDEAD __elast2 #ifdef ELAST #undef ELAST #define ELAST EOWNERDEAD -#endif -#elif defined(EOWNERDEAD) +#elif !defined(EOWNERDEAD) && defined(ENOTRECOVERABLE) && !defined(EINTEGRITY) +#define EOWNERDEAD __elast1 +#define EINTEGRITY __elast2 +#ifdef ELAST +#undef ELAST +#define ELAST EINTEGRITY +#elif !defined(EOWNERDEAD) && defined(ENOTRECOVERABLE) && defined(EINTEGRITY) +#define EOWNERDEAD __elast1 +#ifdef ELAST +#undef ELAST +#define ELAST EOWNERDEAD + +#elif defined(EOWNERDEAD) && !defined(ENOTRECOVERABLE) && !defined(EINTEGRITY) +#define ENOTRECOVERABLE __elast1 +#define EINTEGRITY __elast2 +#ifdef ELAST +#undef ELAST +#define ELAST EINTEGRITY + +#elif defined(EOWNERDEAD) && !defined(ENOTRECOVERABLE) && defined(EINTEGRITY) #define ENOTRECOVERABLE __elast1 #ifdef ELAST #undef ELAST #define ELAST ENOTRECOVERABLE -#endif -#else // defined(EOWNERDEAD) - -#define EOWNERDEAD __elast1 -#define ENOTRECOVERABLE __elast2 +#elif defined(EOWNERDEAD) && defined(ENOTRECOVERABLE) && !defined(EINTEGRITY) +#define EINTEGRITY __elast1 #ifdef ELAST #undef ELAST -#define ELAST ENOTRECOVERABLE -#endif +#define ELAST EINTEGRITY -#endif // defined(EOWNERDEAD) +#endif // !defined(OWNERDEAD) && !defined(NOTRECOVERABLE) && !defined(INTEGRITY) -#endif // !defined(EOWNERDEAD) || !defined(ENOTRECOVERABLE) +#endif // !defined(OWNERDEAD) || !defined(NOTRECOVERABLE) || !defined(INTEGRITY) // supply errno values likely to be missing, particularly on Windows @@ -393,6 +416,10 @@ static const int __elast2 = 105; #define EMLINK 9979 #endif +#ifndef EINTEGRITY +#define EINTEGRITY 9980 +#endif + #endif // __cplusplus #endif // _LIBCPP_ERRNO_H diff --git a/contrib/libxo/tests/gettext/po/pig_latin/strerror.po b/contrib/libxo/tests/gettext/po/pig_latin/strerror.po index 9b62dd71245d..9b3dcfbdfdee 100644 --- a/contrib/libxo/tests/gettext/po/pig_latin/strerror.po +++ b/contrib/libxo/tests/gettext/po/pig_latin/strerror.po @@ -457,3 +457,7 @@ msgstr "Atestay otnay ecoverableray" # 96 - EOWNERDEAD msgid "Previous owner died" msgstr "Eviouspray ownerway iedday" + +# 97 - EINTEGRITY +msgid "Integrity check failed" +msgstr "integrityyay eckchay ailedfay" diff --git a/contrib/libxo/tests/gettext/strerror.pot b/contrib/libxo/tests/gettext/strerror.pot index 475162d5413d..63da80d14325 100644 --- a/contrib/libxo/tests/gettext/strerror.pot +++ b/contrib/libxo/tests/gettext/strerror.pot @@ -466,3 +466,7 @@ msgstr "" # 96 - EOWNERDEAD msgid "Previous owner died" msgstr "" + +# 97 - EINTEGRITY +msgid "Integrity check failed" +msgstr "" diff --git a/contrib/openbsm/libbsm/bsm_errno.c b/contrib/openbsm/libbsm/bsm_errno.c index b4b22f3e845e..b60c2e847f48 100644 --- a/contrib/openbsm/libbsm/bsm_errno.c +++ b/contrib/openbsm/libbsm/bsm_errno.c @@ -239,6 +239,13 @@ static const struct bsm_errno bsm_errnos[] = { ERRNO_NO_LOCAL_MAPPING, #endif ES("Process died with the lock") }, + { BSM_ERRNO_EINTEGRITY, +#ifdef EINTEGRITY + EINTEGRITY, +#else + ERRNO_NO_LOCAL_MAPPING, +#endif + ES("Integrity check failed") }, { BSM_ERRNO_ENOTRECOVERABLE, #ifdef ENOTRECOVERABLE ENOTRECOVERABLE, diff --git a/contrib/openbsm/sys/bsm/audit_errno.h b/contrib/openbsm/sys/bsm/audit_errno.h index 1c467eedc58c..fc64726bbb23 100644 --- a/contrib/openbsm/sys/bsm/audit_errno.h +++ b/contrib/openbsm/sys/bsm/audit_errno.h @@ -204,6 +204,7 @@ #define BSM_ERRNO_EKEYREJECTED 222 /* Linux-specific. */ #define BSM_ERRNO_ENOTCAPABLE 223 /* FreeBSD-specific. */ #define BSM_ERRNO_ECAPMODE 224 /* FreeBSD-specific. */ +#define BSM_ERRNO_EINTEGRITY 225 /* FreeBSD-specific. */ /* * In the event that OpenBSM doesn't have a file representation of a local diff --git a/lib/libc/gen/errlst.c b/lib/libc/gen/errlst.c index 648cbd422fe6..bc673e8c9c66 100644 --- a/lib/libc/gen/errlst.c +++ b/lib/libc/gen/errlst.c @@ -158,12 +158,12 @@ const char *const sys_errlist[] = { "Not permitted in capability mode", /* 94 - ECAPMODE */ "State not recoverable", /* 95 - ENOTRECOVERABLE */ "Previous owner died", /* 96 - EOWNERDEAD */ + "Integrity check failed", /* 97 - EINTEGRITY */ /* * Reserved space in sys_errlist, take the next slot for a next error code. * Reserve prevents the array size from changing for some time. */ - __uprefix, /* 97 */ __uprefix, /* 98 */ __uprefix, /* 99 */ __uprefix, /* 100 */ diff --git a/lib/libc/nls/C.msg b/lib/libc/nls/C.msg index d08c5719225e..4004011d260f 100644 --- a/lib/libc/nls/C.msg +++ b/lib/libc/nls/C.msg @@ -197,6 +197,8 @@ $ ENOTRECOVERABLE 95 State not recoverable $ EOWNERDEAD 96 Previous owner died +$ EINTEGRITY +97 Integrity check failed $ $ strsignal() support catalog $ diff --git a/lib/libc/sys/intro.2 b/lib/libc/sys/intro.2 index 7ed6b351714d..7ae16728c4a9 100644 --- a/lib/libc/sys/intro.2 +++ b/lib/libc/sys/intro.2 @@ -472,6 +472,20 @@ The system call or operation is not permitted for capability mode processes. The state protected by a robust mutex is not recoverable. .It Er 96 EOWNERDEAD Em "Previous owner died" . The owner of a robust mutex terminated while holding the mutex lock. +.It Er 97 EINTEGRITY Em "Integrity check failed" . +An integrity check such as a check-hash or a cross-correlation failed. +The integrity error falls between +.Er EINVAL +that identifies errors in parameters to a system call and +.Er EIO +that identifies errors with the underlying storage media. +It is typically raised by intermediate kernel layers such as a +filesystem or an in-kernel GEOM subsystem when they detect inconsistencies. +Uses include allowing the +.Xr mount 8 +command to return a different exit value to automate the running of +.Xr fsck 8 +during a system boot. .El .Sh DEFINITIONS .Bl -tag -width Ds diff --git a/stand/liblua/lerrno.c b/stand/liblua/lerrno.c index efa73aed5007..defa3c73baad 100644 --- a/stand/liblua/lerrno.c +++ b/stand/liblua/lerrno.c @@ -146,6 +146,7 @@ static const struct err_name_number { ENTRY(ECAPMODE), ENTRY(ENOTRECOVERABLE), ENTRY(EOWNERDEAD), + ENTRY(EINTEGRITY), ENTRY(ELAST), ENTRY(ERESTART), ENTRY(EJUSTRETURN), diff --git a/sys/bsm/audit_errno.h b/sys/bsm/audit_errno.h index 81cfc3548e8e..9342dcd6f962 100644 --- a/sys/bsm/audit_errno.h +++ b/sys/bsm/audit_errno.h @@ -208,6 +208,7 @@ #define BSM_ERRNO_EKEYREJECTED 222 /* Linux-specific. */ #define BSM_ERRNO_ENOTCAPABLE 223 /* FreeBSD-specific. */ #define BSM_ERRNO_ECAPMODE 224 /* FreeBSD-specific. */ +#define BSM_ERRNO_EINTEGRITY 225 /* FreeBSD-specific. */ /* * In the event that OpenBSM doesn't have a file representation of a local diff --git a/sys/compat/cloudabi/cloudabi_errno.c b/sys/compat/cloudabi/cloudabi_errno.c index 38520b9c262c..10304bad4af5 100644 --- a/sys/compat/cloudabi/cloudabi_errno.c +++ b/sys/compat/cloudabi/cloudabi_errno.c @@ -63,6 +63,7 @@ cloudabi_convert_errno(int error) [EIDRM] = CLOUDABI_EIDRM, [EILSEQ] = CLOUDABI_EILSEQ, [EINPROGRESS] = CLOUDABI_EINPROGRESS, + [EINTEGRITY] = CLOUDABI_EINVAL, [EINTR] = CLOUDABI_EINTR, [EINVAL] = CLOUDABI_EINVAL, [EIO] = CLOUDABI_EIO, diff --git a/sys/compat/linux/linux_errno.inc b/sys/compat/linux/linux_errno.inc index 4f9a6dae2e76..c2d4877e6f56 100644 --- a/sys/compat/linux/linux_errno.inc +++ b/sys/compat/linux/linux_errno.inc @@ -142,7 +142,8 @@ const int linux_errtbl[ELAST + 1] = { -1, /* ECAPMODE -> EPERM */ -131, /* ENOTRECOVERABLE */ -130, /* EOWNERDEAD */ + -22, /* EINTEGRITY -> EINVAL */ }; -_Static_assert(ELAST == 96, +_Static_assert(ELAST == 97, "missing errno entries in linux_errtbl"); diff --git a/sys/security/audit/bsm_errno.c b/sys/security/audit/bsm_errno.c index fc069a7568f8..4e952870f672 100644 --- a/sys/security/audit/bsm_errno.c +++ b/sys/security/audit/bsm_errno.c @@ -243,6 +243,13 @@ static const struct bsm_errno bsm_errnos[] = { ERRNO_NO_LOCAL_MAPPING, #endif ES("Process died with the lock") }, + { BSM_ERRNO_EINTEGRITY, +#ifdef EINTEGRITY + EINTEGRITY, +#else + ERRNO_NO_LOCAL_MAPPING, +#endif + ES("Integrity check failed") }, { BSM_ERRNO_ENOTRECOVERABLE, #ifdef ENOTRECOVERABLE ENOTRECOVERABLE, diff --git a/sys/sys/errno.h b/sys/sys/errno.h index ad140ab14778..6994c0612f79 100644 --- a/sys/sys/errno.h +++ b/sys/sys/errno.h @@ -180,10 +180,11 @@ __END_DECLS #define ECAPMODE 94 /* Not permitted in capability mode */ #define ENOTRECOVERABLE 95 /* State not recoverable */ #define EOWNERDEAD 96 /* Previous owner died */ +#define EINTEGRITY 97 /* Integrity check failed */ #endif /* _POSIX_SOURCE */ #ifndef _POSIX_SOURCE -#define ELAST 96 /* Must be equal largest errno */ +#define ELAST 97 /* Must be equal largest errno */ #endif /* _POSIX_SOURCE */ #if defined(_KERNEL) || defined(_WANT_KERNEL_ERRNO)