Page MenuHomeFreeBSD

delphij (Xin Li)
User

Projects (8)

User Details

User Since
May 14 2014, 3:53 AM (257 w, 3 d)

Recent Activity

Thu, Apr 18

delphij accepted D19944: random(4): Restore availability tradeoff prior to r346250.
Thu, Apr 18, 7:15 PM
delphij added inline comments to D19944: random(4): Restore availability tradeoff prior to r346250.
Thu, Apr 18, 5:22 PM
delphij accepted D19944: random(4): Restore availability tradeoff prior to r346250.

(I'm not against with the overall plan, but see my comments about use of hash function inline).

Thu, Apr 18, 5:04 PM

Wed, Apr 17

delphij added inline comments to D19928: random(4): More thoroughly attempt to ensure seeding during priming.
Wed, Apr 17, 11:29 PM
delphij added inline comments to D19944: random(4): Restore availability tradeoff prior to r346250.
Wed, Apr 17, 11:19 PM

Tue, Apr 16

delphij requested changes to D19928: random(4): More thoroughly attempt to ensure seeding during priming.
Tue, Apr 16, 8:37 PM
delphij accepted D19927: stack_protector: Add tunable to bypass random cookies.

For a stopgap fix I think it's fine. Note that it's probably better to derive stack_chk_guard from SHA512 of something that we change often (e.g. FreeBSD_version) concatenate with something that potentially varies, like getcyclecount(), for the fallback guard data: these are not secure random numbers, but would make it harder for an attacker to develop more generic smashing attack.

Tue, Apr 16, 6:34 PM
delphij accepted D19926: random(4): Add is_random_seeded(9) KPI.
Tue, Apr 16, 4:36 PM

Mon, Apr 15

delphij added a comment to D19918: sys: Remove DEV_RANDOM device option.

I'm in favor of this change; please consider this as an explicit "accepted" if nobody objects in a week.

Mon, Apr 15, 10:16 PM
delphij accepted D19744: random(4): Block read_random(9) on initial seeding.

The code changes looks good to me -- and thanks for working on this!

Mon, Apr 15, 7:09 AM
delphij committed rS346220: Don't cast result from malloc()..
Don't cast result from malloc().
Mon, Apr 15, 6:33 AM

Fri, Apr 12

delphij accepted D19713: tpm: Prevent session hijack..

I don't really know the internals of this driver (ideally this should be done by someone who is familiar with it), but are we sure that the write method is always called before a read? Also, if the discard callout is fired, should the owner tid be reset (because the contents is now discarded)?

If the write method hasn't been called before a read then there will be nothing in the buffer and the read will fail - as pending_data_length equals 0.
Essentially the way it works is that write is used to do the entire communication with TPM and read just copies the response to userspace.
As for the discard callout, since it also clears the buffer read would fail either way and tid is not checked in write, as it is used only to restrict access to buffer contents which is empty when a write is performed.

Fri, Apr 12, 3:49 PM
delphij committed rS346147: MFC r345647:.
MFC r345647:
Fri, Apr 12, 2:27 AM
delphij committed rS346146: MFC r345647:.
MFC r345647:
Fri, Apr 12, 2:24 AM

Thu, Apr 11

delphij added a comment to D19713: tpm: Prevent session hijack..

I don't really know the internals of this driver (ideally this should be done by someone who is familiar with it), but are we sure that the write method is always called before a read? Also, if the discard callout is fired, should the owner tid be reset (because the contents is now discarded)?

Thu, Apr 11, 7:03 PM
delphij added inline comments to D19744: random(4): Block read_random(9) on initial seeding.
Thu, Apr 11, 8:02 AM

Sat, Apr 6

delphij requested changes to D19744: random(4): Block read_random(9) on initial seeding.

Noticed a few minor issues, please see comment inline. Overall I think the change is good.

Sat, Apr 6, 7:36 PM
delphij committed rS345976: Write string constant differently to improve readability..
Write string constant differently to improve readability.
Sat, Apr 6, 3:42 AM
delphij closed D19829: Write string constant differently to improve readability..
Sat, Apr 6, 3:42 AM

Fri, Apr 5

delphij created D19829: Write string constant differently to improve readability..
Fri, Apr 5, 6:45 AM
delphij committed rS345901: Fix build..
Fix build.
Fri, Apr 5, 2:37 AM
delphij committed rS345900: Implement checking of `.' and `..' entries of subdirectory..
Implement checking of `.' and `..' entries of subdirectory.
Fri, Apr 5, 2:21 AM
delphij closed D19824: Implement checking of `.' and `..' entries of subdirectory..
Fri, Apr 5, 2:21 AM

Thu, Apr 4

delphij committed rS345897: Restore lfcl when LOSTDIR's chain was corrupted and overwritten.
Restore lfcl when LOSTDIR's chain was corrupted and overwritten
Thu, Apr 4, 11:34 PM
delphij created D19824: Implement checking of `.' and `..' entries of subdirectory..
Thu, Apr 4, 11:31 PM
delphij committed rS345894: Restore the ability of checking and fixing next free.
Restore the ability of checking and fixing next free
Thu, Apr 4, 11:16 PM

Wed, Apr 3

delphij accepted D19760: Replace read_random(9) with more appropriate arc4rand(9) KPIs.
Wed, Apr 3, 7:46 AM
delphij accepted D19712: tpm: Add a cv_wait to the harvesting function..
Wed, Apr 3, 7:40 AM
delphij committed rS345839: Assert that q can't be NULL. 'empty' is always non-NULL when DIREMPTY.
Assert that q can't be NULL. 'empty' is always non-NULL when DIREMPTY
Wed, Apr 3, 7:09 AM

Sun, Mar 31

delphij accepted D19742: random(4): Attempt to persist entropy promptly.

LGTM, thanks!

Sun, Mar 31, 4:44 AM

Fri, Mar 29

delphij requested changes to D19742: random(4): Attempt to persist entropy promptly.

The shutdown script change LGTM, but I insist that libexec/save-entropy/save-entropy.sh line 83 should be removed as explained in previous comment.

Fri, Mar 29, 10:50 PM
delphij added a comment to D19742: random(4): Attempt to persist entropy promptly.
In D19742#423456, @cem wrote:

I think a 'fsync saved-entropy.1 .' should be sufficient.

We don't really care if the renames were not persistent until the new entropy is saved,

Sure, if that is the power-fail/crash behavior of un-fsynced renames. But I don't believe that model is accurate. There is no requirement that the underlying filesystem order the dirent writes in a way that matches this observable behavior; the only requirement is that it is persisted by fsync.

FS&K §9.6.2 is clear, "All updates to the seed file must be atomic" and goes into more detail in §9.6.5.

Fri, Mar 29, 10:38 PM
delphij added a reviewer for D19744: random(4): Block read_random(9) on initial seeding: O3: Kernel Random Numbers Generator.

I think you should separate most of the read_random() -> arc4random_buf() change out because in most cases the code should use the latter exclusively, especially places where the return value of read_random() were not tested because it would be a strict improvement to the status quo.

Fri, Mar 29, 7:47 AM
delphij added a comment to D19742: random(4): Attempt to persist entropy promptly.

I think a 'fsync saved-entropy.1 .' should be sufficient.

Fri, Mar 29, 7:32 AM

Thu, Mar 28

delphij committed rS345647: Distinguish between lseek errors and read errores..
Distinguish between lseek errors and read errores.
Thu, Mar 28, 6:20 PM
delphij added a comment to D19706: Kernel code to upgrade to use the latest contrib/zlib..

I need to understand better kernel malloc/free as they take 1 extra argument compare to stdlib.h.

Thu, Mar 28, 5:43 AM

Wed, Mar 27

delphij updated subscribers of D19706: Kernel code to upgrade to use the latest contrib/zlib..

Hi, first of all, kudos for taking on this! The change looks mostly Ok to me except a few minor issues commented inline.

Wed, Mar 27, 6:23 PM

Sat, Mar 23

delphij added a comment to D19686: Update message displaying during `zpool upgrade`.

Why is the partition index changed from 1 to 2? (The change looks otherwise fine to me).

Sat, Mar 23, 7:04 AM

Fri, Mar 22

delphij accepted D19682: Make it possible to update TMPFS mount point from read-only to read-write and vice versa..
Fri, Mar 22, 8:03 PM
delphij accepted D19620: Add an option to use TPM as entropy source.

Thanks! LGTM (note that discard_buffer_callout should probably also be drained, but it's unrelated to this change).

Fri, Mar 22, 4:48 PM

Thu, Mar 21

delphij requested changes to D19620: Add an option to use TPM as entropy source.

I have noticed a few minor issues and have commented inline.

Thu, Mar 21, 7:31 PM

Mar 7 2019

delphij accepted D19475: Fortuna: Add Chacha20 as an alternative stream cipher.

(Note that randomdev_getkey() have similar issue and should be fixed too, feel free to fix it prior to commit)

Mar 7 2019, 11:20 PM
delphij added a comment to D19475: Fortuna: Add Chacha20 as an alternative stream cipher.

Looks good to me in principle and I like the fact that fortuna.c no longer cares about the keystream context internals.

Mar 7 2019, 9:31 PM

Mar 1 2019

delphij accepted D19409: fortuna: Deduplicate kernel vs user includes.
Mar 1 2019, 10:09 PM
delphij accepted D19411: Fortuna: push CTR-mode loop down into randomdev hash.h interface.
Mar 1 2019, 7:03 PM

Feb 25 2019

delphij abandoned D18920: Allow mmap operations for CAPH_READ and CAPH_WRITE..

Abandoned in favor of D19216.

Feb 25 2019, 3:07 AM
delphij added a comment to D19216: Fix the case where stdin is closed, second attempt..

Sorry, this looks good to me & thanks!

Feb 25 2019, 3:07 AM
delphij accepted D19216: Fix the case where stdin is closed, second attempt..
Feb 25 2019, 3:07 AM

Feb 19 2019

delphij accepted D18944: freebsd-update: Clarify unclear help text.
Feb 19 2019, 5:30 PM

Feb 13 2019

delphij added a comment to D19184: Set process title during zfs send.

Ah I didn't realized that we haven't upstreamed it & thanks for forward-porting it for so many years...

Feb 13 2019, 9:56 PM

Feb 7 2019

delphij accepted D18785: Fix quotas for UFS after r339008.
Feb 7 2019, 9:37 PM

Feb 5 2019

delphij committed rS343765: MFC r342813: Remove unneeded headers..
MFC r342813: Remove unneeded headers.
Feb 5 2019, 8:05 AM

Jan 29 2019

delphij committed rS343545: MFC r343038: Use TD_IS_IDLETHREAD instead of unrolled version..
MFC r343038: Use TD_IS_IDLETHREAD instead of unrolled version.
Jan 29 2019, 7:48 AM
delphij committed rS343544: MFC r343038: Use TD_IS_IDLETHREAD instead of unrolled version..
MFC r343038: Use TD_IS_IDLETHREAD instead of unrolled version.
Jan 29 2019, 7:48 AM

Jan 28 2019

delphij added a comment to D18920: Allow mmap operations for CAPH_READ and CAPH_WRITE..

Is this some common pattern?

Jan 28 2019, 1:32 AM

Jan 27 2019

delphij added a reviewer for D18920: Allow mmap operations for CAPH_READ and CAPH_WRITE.: capsicum.
Jan 27 2019, 7:26 AM

Jan 24 2019

delphij accepted D18913: freebsd-update: open $PAGER only if necessary.

One last change request -- could you please use ${PAGER} instead of $PAGER while there? The change looks otherwise fine to me.

Jan 24 2019, 5:51 AM
delphij accepted D18916: Clarify unsupported architecture upgrade message.

LGTM & Thanks for your work!

Jan 24 2019, 5:50 AM

Jan 22 2019

delphij added a comment to D18859: Print fatal errors/warnings to STDERR and add -q (quiet) option.

Note that most IDS_run output shouldn't be considered as "informational", especially checksum differences: these should not be suppressed because they suggest there are real issues.

Where are the checksum diffs? I don't think they are currently suppressed but maybe I missed it.

Jan 22 2019, 5:29 AM
delphij requested changes to D18913: freebsd-update: open $PAGER only if necessary.

I like this change in principle, but I think you could simplify the code a little bit (see my comments in line).

Jan 22 2019, 5:26 AM
delphij requested changes to D18916: Clarify unsupported architecture upgrade message.

I really don't like this approach because it would bar us from retrofit publishing freebsd-update bits (and would create problems for users who have their own freebsd-update instance running). I think it's more appropriate to make fetch_key to provide more meaningful output instead of "Fetching public key from ... failed".

Jan 22 2019, 5:10 AM
delphij created D18920: Allow mmap operations for CAPH_READ and CAPH_WRITE..
Jan 22 2019, 4:49 AM
delphij committed rS343300: MFC r342856: Added support for the SIOCGI2C ioctl..
MFC r342856: Added support for the SIOCGI2C ioctl.
Jan 22 2019, 4:21 AM
delphij committed rS343299: MFC r342856: Added support for the SIOCGI2C ioctl..
MFC r342856: Added support for the SIOCGI2C ioctl.
Jan 22 2019, 4:20 AM

Jan 21 2019

delphij committed rS343251: MFC r342845,342846: Port NetBSD improvements:.
MFC r342845,342846: Port NetBSD improvements:
Jan 21 2019, 6:52 AM
delphij committed rS343250: MFC r342845,342846: Port NetBSD improvements:.
MFC r342845,342846: Port NetBSD improvements:
Jan 21 2019, 6:14 AM

Jan 18 2019

delphij accepted D18881: Allow upgrade from -BETA and -RC releases.

LGTM in principal (except the style issue raised by @emaste which is minor and I think he would take care of it when committing).

Jan 18 2019, 6:08 PM
delphij added inline comments to D18825: Verify the system can perform install/rollback.
Jan 18 2019, 5:58 PM
delphij added a comment to D18859: Print fatal errors/warnings to STDERR and add -q (quiet) option.

It may be because it is hard to follow but warnings/errors are redirected to the stderr

Jan 18 2019, 5:51 PM
delphij accepted D18849: Use BASEDIR when checking for src component.

LGTM, thanks!

Jan 18 2019, 5:28 PM
delphij requested changes to D18849: Use BASEDIR when checking for src component.
Jan 18 2019, 1:05 AM
delphij added inline comments to D18825: Verify the system can perform install/rollback.
Jan 18 2019, 1:04 AM
delphij requested changes to D18825: Verify the system can perform install/rollback.

I think this is not complete. For example, /usr may be a symlink to somewhere else, and freebsd-update needs to have write access there (this applies to /boot, /var, etc. too).

Jan 18 2019, 12:59 AM
delphij requested changes to D18859: Print fatal errors/warnings to STDERR and add -q (quiet) option.

I like the idea in general, but I think there were some implementation issues:

Jan 18 2019, 12:41 AM

Jan 15 2019

delphij committed rS343040: MFC r342640: Ensure buffer is nul-terminated..
MFC r342640: Ensure buffer is nul-terminated.
Jan 15 2019, 6:52 AM
delphij committed rS343039: MFC r342640: Ensure buffer is nul-terminated..
MFC r342640: Ensure buffer is nul-terminated.
Jan 15 2019, 6:51 AM
delphij committed rS343038: Use TD_IS_IDLETHREAD instead of unrolled version..
Use TD_IS_IDLETHREAD instead of unrolled version.
Jan 15 2019, 6:44 AM

Jan 13 2019

delphij committed rS342997: MFC r342614, r342633.
MFC r342614, r342633
Jan 13 2019, 8:50 AM
delphij committed rS342996: MFC r342614, r342633.
MFC r342614, r342633
Jan 13 2019, 8:46 AM

Jan 9 2019

delphij committed rP489757: MFH: r489756.
MFH: r489756
Jan 9 2019, 8:14 AM
delphij committed rP489756: Update to 2018-04-22b..
Update to 2018-04-22b.
Jan 9 2019, 8:13 AM
delphij added a comment to D18786: Disable FTS3, FTS4, and RTREE in bundled and private sqlite3.

LGTM now, thanks!

Jan 9 2019, 6:26 AM
delphij accepted D18786: Disable FTS3, FTS4, and RTREE in bundled and private sqlite3.
Jan 9 2019, 6:25 AM
delphij committed rS342876: Enable use of Capsicum sandbox when there is only one.
Enable use of Capsicum sandbox when there is only one
Jan 9 2019, 5:31 AM

Jan 8 2019

delphij requested changes to D18786: Disable FTS3, FTS4, and RTREE in bundled and private sqlite3.

I'd like to request that the change be either extended to disable RTREE (my preference; we don't use rtree in base either), or reduced to build with FTS4 (to match upstream; arguably FTS5 should be also enabled if that's the approach taken) for consistency.

Jan 8 2019, 9:42 PM
delphij committed rS342856: Added support for the SIOCGI2C ioctl..
Added support for the SIOCGI2C ioctl.
Jan 8 2019, 5:41 AM

Jan 7 2019

delphij committed rS342846: Correct documentation year..
Correct documentation year.
Jan 7 2019, 8:29 AM
delphij committed rS342845: Port NetBSD improvements:.
Port NetBSD improvements:
Jan 7 2019, 8:27 AM
delphij committed rS342844: MFC r340359:.
MFC r340359:
Jan 7 2019, 7:12 AM

Jan 6 2019

delphij committed rS342814: Remove unneeded assert.h (there is no assertion in this file)..
Remove unneeded assert.h (there is no assertion in this file).
Jan 6 2019, 8:42 PM
delphij committed rS342813: Remove unneeded headers..
Remove unneeded headers.
Jan 6 2019, 8:39 PM
delphij committed rP489523: Update to 1.8..
Update to 1.8.
Jan 6 2019, 7:28 PM

Jan 4 2019

delphij added a comment to D18536: Add bounds checking to the tws(4) passthrough ioctl handler..

LGTM (the unlocked use of sc->ioctl_data_mem looks worrisome to me, but the proposed change won't worsen the situation). Do you have a chance to test this on real hardware? (@jpaetzel do you know someone who may be able to help with that?).

My last 9750 died a while ago. I'll ping Austin @ ix to see if he can rig up a system for us to test with.

Ping?

I haven't been deemed worthy of a reply, so I guess that's a no.

Jan 4 2019, 6:57 PM

Jan 1 2019

delphij committed rS342665: MFC r342661: Happy New Year 2019!.
MFC r342661: Happy New Year 2019!
Jan 1 2019, 12:48 AM
delphij committed rS342664: MFC r333391 (imp): Remove 'All Rights Reserved' from the collection copyright.
MFC r333391 (imp): Remove 'All Rights Reserved' from the collection copyright
Jan 1 2019, 12:43 AM
delphij committed rS342663: MFC r342661: Happy New Year 2019!.
MFC r342661: Happy New Year 2019!
Jan 1 2019, 12:35 AM
delphij committed rS342661: Happy New Year 2019!.
Happy New Year 2019!
Jan 1 2019, 12:25 AM

Dec 31 2018

delphij committed rP488846: Update to 1.10..
Update to 1.10.
Dec 31 2018, 11:13 PM
delphij committed rP488845: Update to 1.7..
Update to 1.7.
Dec 31 2018, 11:09 PM
delphij committed rP488844: Update to 1.44..
Update to 1.44.
Dec 31 2018, 11:03 PM