Page MenuHomeFreeBSD

Provide the list of knobs related to mitigations.
ClosedPublic

Authored by kib on Jul 27 2019, 4:12 PM.

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

kib created this revision.Jul 27 2019, 4:12 PM
juan.molina_club.fr added inline comments.
share/man/man7/security.7
1035 ↗(On Diff #60196)

s/Layour/Layout

greg_unrelenting.technology added inline comments.
share/man/man7/security.7
1043 ↗(On Diff #60196)

s/32/64

kib marked 2 inline comments as done.Jul 28 2019, 9:33 PM
emaste added inline comments.Jul 30 2019, 4:50 PM
share/man/man7/security.7
4 ↗(On Diff #60196)

Parts of this documentation were written

950 ↗(On Diff #60196)

Maybe .Fx provides?

957 ↗(On Diff #60196)

of <remove the> processes owned by a different uid

1043 ↗(On Diff #60196)

And we should probably write "Position Independent Executable (PIE)"
(Correct pluralization is left as an exercise)

kib updated this revision to Diff 60304.Jul 30 2019, 7:28 PM
kib marked 4 inline comments as done.

More edits.

kib updated this revision to Diff 60338.Jul 31 2019, 8:30 PM

stack gap

bjk added a subscriber: bjk.Jul 31 2019, 8:51 PM
bjk added inline comments.
share/man/man7/security.7
961 ↗(On Diff #60338)

"sysctl's" is a possessive here; since there's only one sysctl in question the apostrophe should go before the final 's'.

969 ↗(On Diff #60338)

Maybe "only allows unprivileged users to send"?

985 ↗(On Diff #60338)

"so-called" is hyphenated.
I'd consider wrapping Meltdown in .Dq as well, but that's less clear.

987 ↗(On Diff #60338)

"By default, the system detects whether the CPU needs the workaround".

1002 ↗(On Diff #60338)

spurious space here.

1007 ↗(On Diff #60338)

Maybe, "which report errors other than"

1022 ↗(On Diff #60338)

I think the grammar is better as "on NMI; this provides"

1042 ↗(On Diff #60338)

"a non-zero value"

1043 ↗(On Diff #60338)

"the end of the aux vector"

1045 ↗(On Diff #60338)

comma both before and after "i.e.".

kib marked 9 inline comments as done.Jul 31 2019, 9:28 PM
kib added inline comments.
share/man/man7/security.7
961 ↗(On Diff #60338)

No, kern.proc is the node under which real sysctls are located, like kern.proc.all etc.

969 ↗(On Diff #60338)

It sounds strange that way, for me at least. I reformulated it differently.

kib updated this revision to Diff 60342.Jul 31 2019, 9:29 PM
kib marked an inline comment as done.

bjk notes

This revision was not accepted when it landed; it landed in state Needs Review.Aug 6 2019, 5:06 PM
This revision was automatically updated to reflect the committed changes.