- User Since
- Oct 29 2015, 5:25 PM (397 w, 1 d)
Thu, Jun 1
Wed, May 31
Sat, May 27
For what its worth...
May 9 2023
Apr 17 2023
Incorporate two suggestions from @jhb.
Apr 10 2023
Apr 7 2023
Mar 31 2023
Updated the diff to upgrade the delay field from u_short to u_int in struct lock_delay_arg. Due to alignment requirements, this probably won't actually change the size or in-memory layout of the structure at all.
Mar 4 2023
Mar 3 2023
Mar 2 2023
Dec 15 2022
By the way, I should clarify that I am not opposed to this change; rather, my previous comment was merely intended to help explain what I view as the implications of the change and advocate that we make sure there is sufficiently broad agreement to proceed.
The rationale for the present state is found here.
Sep 28 2022
Functionally committed in D36716
Sep 26 2022
Sep 23 2022
Fix the man page description of the vm.enforce_wxorx sysctl/tunable to indicate that a value of 2 both denies mappings and sends a signal.
Addressed review feedback.
Sep 21 2022
Added a section to the security(7) man page in an attempt to clarify the controls which will be available if this change is merged.
Sep 16 2022
Made changes based on review:
- Switch from syslog to uprintf() for reporting ELF W^X failure.
- Separate W^X logging and enforcement.
- Change test for which processes to signal. (Now, system processes, processes which are still starting, and kernel threads are exempt.)
- Switch from using SIGSEGV to SIGTRAP with a descriptive code.
Sep 15 2022
Changes suggested in the review:
- Added entry to UPDATING.
- Updated security(7) man page.
Sep 9 2022
Sep 22 2021
Jun 17 2021
May 20 2021
Apr 12 2021
Apr 1 2021
Thanks for doing this! It looks like a very positive change, and I'm sure there was a lot of effort put into finding the right way to clean up the code.
Thanks for doing this so quickly!
Mar 31 2021
FWIW, I disagree with this change. I think we should instead use atomic operations here.
Mar 12 2021
This is the change I am planning to commit once the regression tests finish running.
Mar 11 2021
Jan 14 2021
Dec 4 2020
This does not fix the regression I am experiencing in my test setup. I am testing with a machine which uses a LAGG interface to communicate with the outside world. Shutting this interface down still makes my SSH sessions hang.
Dec 3 2020
I just saw the discussion on the committers mailing list. First, it shows that @cy already has a proposed fix. Secondly, it shows that this is a larger issue (for example, netboot), which probably needs a different solution.
Nov 20 2020
Nov 17 2020
Updating the diff to include context.
While here, update the code in ctf_add_generic() to encode empty type names with index 0. This fixes the analogous case for type names.
Nov 16 2020
Nov 14 2020
Nov 13 2020
Nov 11 2020
Nov 10 2020
Nov 6 2020
Nov 5 2020
In general, this looks good. I have a small nit in that it seems like it would be worth considering whether it would be better to add the flag to the socket itself somehow so it could be synchronized by the socket lock. On the offchance someone did a socket operation which caused a wakeup while the TCP code was running, it seems possible that this might avoid a spurious wakeup. However, given the code in the src tree, I find it hard to reason through how this could occur.
Nov 4 2020
Apr 23 2020
Apr 20 2020
With the change I made to keep the current behavior for everything except swap (which is fairly well tested), are there additional concerns?
Apr 18 2020
Apr 17 2020
I was able to replicate it locally using llvm's c++ 9.0.1 and defining _WANT_SOCKET prior to including the header file:
Can you provide some more information on the exact error you saw? I'm 99.9% sure we successfully compiled these sources with LLVM 9.