- User Since
- Nov 19 2018, 1:41 PM (194 w, 4 d)
Sat, Jul 30
Would you like me to commit it?
Wed, Jul 27
So in Linux icmpv6 logic the PTB message is processed in two steps:
Mon, Jul 25
Hmm, ok I see.
So if I understand correctly you propose to remove the PMTU handling in icmpv6, and parse it only in the protocol layer?
I suppose that it will reduce the attack surface.
Also the RFC9260 you linked says that we SHOULD, and not MUST process PMTUD.
So I suppose that in some cases it's ok to ignore this packet.
Thu, Jul 21
In other words in IPv4 PMTU information is used in transport layer, e.g. TCP uses it to lower MSS.
In IPv6 world the ip6_output needs to know PMTU in order to fragment the packet.
Committed in 89fb4802f9a64a1eba6475c3e467e614b69052a4
Tue, Jul 19
Mon, Jul 18
Jul 11 2022
Use vm_map_fixed to map shared page when no address randomization is applied.
Jul 4 2022
Jul 1 2022
Jun 30 2022
Jun 29 2022
Jun 21 2022
Use vm_map_fixed to allocate the guard page.
Jun 15 2022
- Pass the shared page size in kinfo_vm_layout and use that information in kern_copyin test.
- Map the guard page at the top of UVA, instead of mapping it at the usual location of the shared page.
Jun 13 2022
Pass the shared page address in kinfo_vm_layout struct and use it in kern_copyin test.
Jun 10 2022
Check if the shared page address is randomized in kern_copyin test.
Jun 8 2022
Jun 7 2022
- If the address randomization is applied map a guard page to the usual location of the shared page.
- Remove kern_copyin test. It doesn't work with the guard page at the top of user address space.
Jun 6 2022
- Move shared page ASLR flag from vmspace to image_params.
- Rename vm_sp_base to vm_shp_base
- Introduce the PROC_HAS_SHP macro
- Don't mention a.out in a comment.
Jun 3 2022
Add an error message if mapping shared page fails
Copy offsets unconditionally in exec_sysvec_init_secondary (as suggested by kib in D35349).
Split the review into three parts.
Jun 2 2022
I took a look at the linuxulator again and actually I don't think this patch will cause an issue there.
All ASLR related features, including this one are only activated if SV_ASLR flag is set in sysentvec.
None of the linuxulator sysentvecs have this flag set, so we should be fine here.
On a side note this means that the linuxulator binaries are not using ASLR at all.
- Replace PAGE_SIZE with sysconf(_SC_PAGESIZE).
- Store offsets to various shared page segments, instead of their base addresses.
- Store the shared page base address in struct vmspace, instead its offset to the default location.
Jun 1 2022
Sorry for the radio silence. I discovered that this patch, in its current form breaks Linuxulator VDSO clock routines.
Basically the problem is that the Linux VDSO glue code needs to read vdso_timekeep, that is stored in the shared page.
I have to figure out a fix for this first, before proceeding with this.
Once I have something I'll either open up a new phabricator revision, or update this one.
May 30 2022
May 17 2022
Committed in ecdc04d006.
May 16 2022
Cast both sides of comparison to size_t.
May 5 2022
Apr 27 2022
Apr 20 2022
Apr 19 2022
Hide the early disabling behind a hw.dmar.pmr.disable tunable. (Off by default.)
Leave the other places that call dmar_disable_protected_regions untouched.
Check the PMR state before disabling it. Without this a timeout is observed when we try to disable it the second time.
Apr 14 2022
Mar 31 2022
Feb 22 2022
Hmm, I just did a simple test by adding a call to kdb_backtrace to ofw_bus_default_get_node and removing ofw_pci.c from the build.
The device in backtrace is attached to a standard pci bus that doesn't know anything about ofw:
Yes, I mean we end up in kobj_error_method. And that's a very real scenario. In newbus, the default method is only applied for the given class and its subclasses. *Not for all classes*
This means that all controllers (not derived from ofwbus), pci or other buses not derived from ofw/simplebus are subject to this error.
This only applies to buses derived from simple/ofwbus, not to others (e.g. pci). For other device objects, the ofw_bus_get_node() function returns ENXIO (which may be a valid node ID). However, calling a class function on an object that is not derived from the given class should be considered an error.
Feb 21 2022
Feb 18 2022
Feb 17 2022
Feb 15 2022
Feb 14 2022
I think it might be better to keep the file sorted the way it was before this change.
This will make this patch much easier to read.
Feb 10 2022
@andrew Do you have any more thoughts on this?