- User Since
- Feb 11 2021, 9:59 PM (66 w, 4 d)
Mar 1 2022
haven't tested the patch though (would take me a couple of days), but looks good!
Feb 27 2022
hi @peterj, thanks for taking a look. feel free to commit (i dont have permissions).
Feb 25 2022
Feb 18 2022
thanks for your suggestions!
i was away for a few days but will update this patch soon.
Jan 30 2022
Jan 28 2022
fwiw, the email app in iphone ios 15.2.1 no longer line-breaks pre-formatted text. but the app ui goes all wonky.
thanks for the explanation
Jan 26 2022
I think this is a good idea. But I'm not in a position to test this right now. I've also never noticed any cancelations. Does your ggatec get a lot of signals?
Jan 9 2022
Jan 8 2022
thanks for looking at the patch!
Jan 3 2022
Missed the else cuddle
Wrap a few long lines.
Wrap a few long lines.
Jan 2 2022
MAXPHYS no more, instead use sysctl kern.maxphys
Dec 28 2021
hi @lwhsu, any more thoughts here?
hi @asomers, this patch good to go?
Nov 12 2021
add cmdline option to switch html-pre on and off
Nov 6 2021
Nov 3 2021
hm... prob need a default ggated_enable=NO somewher.
as is, this is quite spammy:
Nov 3 01:21:46 host root: /etc/rc: WARNING: $ggated_enable is not set properly - see rc.conf(5).
Oct 31 2021
add makefile entry
Oct 30 2021
Need to trim the trailing newline
Oct 27 2021
btw an alternative place for this would be in mail(1), in particular for periodic emails. But to be honest, cron's code was much easier to read...
Oct 24 2021
Oct 23 2021
add flush support
Sep 19 2021
Sep 12 2021
Sep 4 2021
Handle oversized write buffer coming from zfs
Sep 3 2021
Sep 1 2021
Aug 30 2021
Try to avoid out-of-bounds reads that can happen with other str*cpy functions.
My preferred fix would be to make all string buffers in https://github.com/freebsd/freebsd-src/blob/main/sys/geom/gate/g_gate.h#L118 NAME_MAX+1 and enforce the last byte to be the null terminator.
But that'd be a ioctl interface change and an ABI change? Frowned upon?
Also this mainly affects hastd, which I cannot test at the moment.
follow up in https://reviews.freebsd.org/D31722
Aug 29 2021
Aug 27 2021
Add test for ggatec to check handling of non-read/write request (e.g. trim).
Aug 25 2021
there's a rebase in https://github.com/bruelltuete/freebsd-src/commit/999394f2930d341b422a5421ff931dfb024eefc7, if that's easy to use (as a patch).
i dont actually know how to commit anything to src, never done that before.
do you commit via phabricator, like click a button here in the ui somewhere? does the patch in this review need to be updated?
the security patch has landed. do we still want the tests?
Aug 4 2021
Thanks for review and comments, everyone!
Aug 1 2021
I'm still on 12-stable with all my machines, and will not be able to upgrade for a few more months...
Yeah lots of stuff broken here. We can fix it all in a later patch. For now I really want to plug that remote code execution hole.
Jul 29 2021
change size check and fix typo
Jul 28 2021
Jul 27 2021
Maybe found another problem, this time with the ggate kernel module. I'm pretty unsure about some details, esp around ioctl, but here goes:
I think it's possible to craft ioctl with ggate to exfiltrate kernel memory.
While I have your attention here, can someone assign the bug reports linked in the description to firstname.lastname@example.org? Right now they are dangling assigned to nobody.
What do we want the test to verify? That the fixed version only supports reads and writes? That feels a bit limiting because adding bio_delete or bio_flush support looks pretty straight forward.
Re testing, it's easy to repro if you can generate a request that is not read or write. I don't know of a reliable way to do that. At the moment zpool-create does that... but only if the right sysctls are set?
And looking at https://github.com/freebsd/freebsd-src/blob/main/tests/sys/geom/class/gate/ggate_test.sh, I'm not sure what to make of that, it's not obvious whats going on with the tests...
Fix still relevant to current: https://github.com/freebsd/freebsd-src/blob/main/sbin/ggate/ggatec/ggatec.c
Apr 1 2021
I'm still working on this but it's really slow going rn, got very little time.
Mar 16 2021
Feb 22 2021
I think i've wrapped my head around dmap & friends... it makes things more complicated.
Will have to demote dmap mappings. If i try to encrypt user-mode pages first, i'll need to demote the dmap pages down from 1gb into 4k and set the c-bit for the small pages.
Same for trying to encrypt all pages. Will still have to demote dmap pages because of dma and the existing kernel text and preloaded module pages.
Feb 15 2021
hi kib, thanks for taking a look!
i'll try to figure out the dmap bits, thanks for the pointer.