Page MenuHomeFreeBSD
Feed Advanced Search

Sat, Sep 12

shivank added a comment to D26243: Add audit(4) support to NFS(v3).

Isn't audit_nfsarg_vnode1 the problem? You already know the path when you call AUDIT_ARG_UPATH1_VP, right?

Sat, Sep 12, 7:43 AM · security, GSoC Students, Audit

Fri, Sep 11

shivank added a comment to D26243: Add audit(4) support to NFS(v3).
In D26243#587132, @mjg wrote:

Audit support for regular lookup starts with AUDIT_ARG_UPATH1_VP/AUDIT_ARG_UPATH2_VP without any vnodes locked. Later on visited vnodes get added with AUDIT_ARG_VNODE1/AUDIT_ARG_VNODE2 which only performs VOP_GETATTR (i.e. does *NOT* resolve any paths). Your code should follow the same scheme.

As you can see path resolving routines can take vnode locks on their own (modulo the smr case). This means they can't be called with locked vnodes to begin with, as otherwise you risk violating global lock ordering and consequently deadlocking the kernel.

The VOP_ISLOCKED routine is not entirely legal to call if you don't hold the lock. The name is perhaps misleading, but it can only reliably tell you that you have an exclusive lock or that *SOMEONE* has a shared lock (and it may be you). Or to put it differently, if you don't have the vnode locked but someone else has it shared locked, you will get non-0 and that's how you get the panic. Regardless of this problem, adding the call reduces performance and most notably suggests a bug on its own.

So the question is why are you calling here with any vnodes locked.

Fri, Sep 11, 11:10 AM · security, GSoC Students, Audit
shivank added a reviewer for D26243: Add audit(4) support to NFS(v3): mjg.
Fri, Sep 11, 4:45 AM · security, GSoC Students, Audit

Thu, Sep 10

shivank updated subscribers of D26243: Add audit(4) support to NFS(v3).

I feel vfs_cache.c changes for making vn_fullpath_global work for optionally locked vnode are causing the trouble. Though I'm not sure what's the problem. I request Mateusz Guzik, @mjg to have a look at my vfs_cache.c changes. I would be grateful for your time.

Thu, Sep 10, 3:05 PM · security, GSoC Students, Audit

Mon, Sep 7

shivank updated the diff for D26243: Add audit(4) support to NFS(v3).
  • merge vn_fullpath_any and vn_vptocnp with their locked counterpart to work for optionally locked vnodes.
Mon, Sep 7, 10:52 AM · security, GSoC Students, Audit

Mon, Aug 31

shivank abandoned D25869: Add audit(4) support to NFS(v3).

I created a new review - D26243. Sorry for the trouble.

Mon, Aug 31, 5:06 AM · security, GSoC Students, Audit
shivank added a comment to D26243: Add audit(4) support to NFS(v3).

It was earlier being reviewed on D25869. But due to change of base revision, It was showing changes which were not mine. So, I created a new review here.

Mon, Aug 31, 5:03 AM · security, GSoC Students, Audit
shivank requested review of D26243: Add audit(4) support to NFS(v3).
Mon, Aug 31, 4:57 AM · security, GSoC Students, Audit

Sun, Aug 30

shivank added a comment to D25869: Add audit(4) support to NFS(v3).

It looks like your most recent change rebased the base revision. That makes it very hard to see which changes are from you and which aren't. Could you please either un-rebase it or, if that's not possible, open a new review?

Sun, Aug 30, 5:42 PM · security, GSoC Students, Audit

Aug 28 2020

shivank added a comment to D25869: Add audit(4) support to NFS(v3).
  • updated sys/kern/vfs_cache.c to reduce code duplication with vn_fullpath_dir
  • some trivial changes
Aug 28 2020, 4:18 PM · security, GSoC Students, Audit
shivank updated the diff for D25869: Add audit(4) support to NFS(v3).
Aug 28 2020, 4:04 PM · security, GSoC Students, Audit

Aug 20 2020

shivank added a comment to D25869: Add audit(4) support to NFS(v3).

Regarding code duplication in vn_fullpath_dir_locked:
I modified vn_fullpath_dir(and removed vn_fullpath_dir_locked) for optionally locked vnode here in git commit: https://github.com/shivankgarg98/freebsd/commit/418c1c2a6de9989fe7a541f6111ee2c3f2786c7b
It works fine NFSv4=3 case but somehow breaks nfsrvd_open to result in an error.{and hence can't open/create a regular file from client}.
Using two completely separate functions reduces the scope of error. Also prevent any mutation to the current code path for not locked vnodes, while allowing it to work for locked vnodes.

Aug 20 2020, 8:34 PM · security, GSoC Students, Audit
shivank updated the diff for D25869: Add audit(4) support to NFS(v3).

follow-up on suggested changes.

Aug 20 2020, 7:21 PM · security, GSoC Students, Audit

Aug 4 2020

shivank updated the diff for D25869: Add audit(4) support to NFS(v3).

removing unlocking/relocking implementation for vnode for auditing path, instead, define separate functions in vfs_cache.c for locked vnode as argument.

Aug 4 2020, 6:09 PM · security, GSoC Students, Audit

Jul 30 2020

shivank updated the diff for D25869: Add audit(4) support to NFS(v3).
Jul 30 2020, 7:17 PM · security, GSoC Students, Audit
shivank added a comment to D25869: Add audit(4) support to NFS(v3).

Thanks for all suggestions. I have incorporated them into my code. There is just a directory vnode unlocking/relocking issue not done yet.

Jul 30 2020, 7:08 PM · security, GSoC Students, Audit

Jul 29 2020

shivank added inline comments to D25869: Add audit(4) support to NFS(v3).
Jul 29 2020, 6:38 PM · security, GSoC Students, Audit
shivank updated the diff for D25869: Add audit(4) support to NFS(v3).

follow up on changes suggested by asomers@

Jul 29 2020, 6:35 PM · security, GSoC Students, Audit

Jul 28 2020

shivank requested review of D25869: Add audit(4) support to NFS(v3).
Jul 28 2020, 8:25 PM · security, GSoC Students, Audit

Jun 16 2020

shivank updated the diff for D25263: NFS remove vfs_statfs and vnode_mount macro.
Jun 16 2020, 5:44 AM

Jun 15 2020

shivank added a comment to D25263: NFS remove vfs_statfs and vnode_mount macro.

Please re-review it,
I updated the diff after removing the vnode_mount macro as suggested by Rick.

Jun 15 2020, 9:35 PM
shivank updated the diff for D25263: NFS remove vfs_statfs and vnode_mount macro.
Jun 15 2020, 9:29 PM

Jun 14 2020

shivank requested review of D25263: NFS remove vfs_statfs and vnode_mount macro.
Jun 14 2020, 4:14 AM

Aug 9 2019

shivank updated the diff for D20967: new MAC policy module - mac_ipacl.
Aug 9 2019, 6:54 PM · GSoC Students, GSoC Admins
shivank added a comment to D20967: new MAC policy module - mac_ipacl.
  • correct the IP addresses which were not in the documentation range
Aug 9 2019, 5:42 PM · GSoC Students, GSoC Admins

Aug 6 2019

shivank added a comment to D20967: new MAC policy module - mac_ipacl.
  • add ipacl entry in tests Makefile
  • fix minor issues in mac_ipacl.4
Aug 6 2019, 4:26 PM · GSoC Students, GSoC Admins

Aug 3 2019

shivank updated the diff for D20967: new MAC policy module - mac_ipacl.
Aug 3 2019, 9:43 AM · GSoC Students, GSoC Admins
shivank added a comment to D20967: new MAC policy module - mac_ipacl.
  • make tests more structured with atf
  • update man page mac_ipacl.4
Aug 3 2019, 9:29 AM · GSoC Students, GSoC Admins

Jul 31 2019

shivank added a comment to D20967: new MAC policy module - mac_ipacl.

fix errors shown by mandoc -Tlint for mac_ipacl.4
fix the license and copyrights

Jul 31 2019, 7:17 PM · GSoC Students, GSoC Admins
shivank added a comment to D20967: new MAC policy module - mac_ipacl.

Hi, @0mp thanks for the suggestion :).

Jul 31 2019, 6:54 PM · GSoC Students, GSoC Admins

Jul 28 2019

shivank added a comment to D20967: new MAC policy module - mac_ipacl.
  • move man page to its right place
Jul 28 2019, 7:01 PM · GSoC Students, GSoC Admins

Jul 25 2019

shivank added inline comments to D20967: new MAC policy module - mac_ipacl.
Jul 25 2019, 1:56 PM · GSoC Students, GSoC Admins
shivank added a comment to D20967: new MAC policy module - mac_ipacl.
  • Correct the license file for mac_ipacl.c and mac_ipacl.4
  • fix Kyua for test shell scripts
  • fix errors in mac_ipacl.4 man page
Jul 25 2019, 1:52 PM · GSoC Students, GSoC Admins

Jul 22 2019

shivank added a comment to D20967: new MAC policy module - mac_ipacl.

I have a few doubts:

  • I'm not clear about the license, should the TrustedBSD be included? if yes, then how? Also, I have copied the sysctl_rules from mac_portacl, Is it infringing any copyright as of now? I've read BSD license is very open, can I mention the mac_portacl?
  • should #ifdef INET/INET6 be put in mac_policy.h and mac_framework.h?
  • after adding INET/INET6 in mac_ipacl, kyua stopped working for test scripts. It gives errors as "ip4_test:main -> broken: Received signal 6 [0.033s] ip6_test:main -> broken: Received signal 6 [0.032s]" As scripts they are testing fine.
Jul 22 2019, 1:14 PM · GSoC Students, GSoC Admins
Herald added a reviewer for D20967: new MAC policy module - mac_ipacl: manpages.

fix style issues
fix copyright issue

Jul 22 2019, 12:54 PM · GSoC Students, GSoC Admins
shivank added a comment to D20967: new MAC policy module - mac_ipacl.

add #ifdef INET and #ifdef in INET6
fix indentation and style issues
add mac_ipacl entry in kernel conf and modules Makefile

Jul 22 2019, 7:41 AM · GSoC Students, GSoC Admins

Jul 19 2019

shivank added a comment to D20967: new MAC policy module - mac_ipacl.

Add copyright and license.
Add a man page for mac_ipacl

Jul 19 2019, 6:49 PM · GSoC Students, GSoC Admins
shivank added a comment to D20967: new MAC policy module - mac_ipacl.

indentation and style changes,
moved subnet check code from rules_check to parser,

Jul 19 2019, 7:52 AM · GSoC Students, GSoC Admins
shivank added inline comments to D20967: new MAC policy module - mac_ipacl.
Jul 19 2019, 7:23 AM · GSoC Students, GSoC Admins

Jul 16 2019

shivank updated the diff for D20967: new MAC policy module - mac_ipacl.
Jul 16 2019, 10:09 AM · GSoC Students, GSoC Admins
shivank added a comment to D20967: new MAC policy module - mac_ipacl.

correct the diff file

Jul 16 2019, 9:57 AM · GSoC Students, GSoC Admins
shivank created D20967: new MAC policy module - mac_ipacl.
Jul 16 2019, 9:49 AM · GSoC Students, GSoC Admins
shivank abandoned D20966: <<add mac_ipacl mdoule>>.
Jul 16 2019, 7:37 AM
shivank created D20966: <<add mac_ipacl mdoule>>.
Jul 16 2019, 7:32 AM