Page MenuHomeFreeBSD

kd (Kornel Dulęba)
User

Projects

User does not belong to any projects.

User Details

User Since
Nov 19 2018, 1:41 PM (194 w, 4 d)

Recent Activity

Sat, Jul 30

kd added a comment to D35998: TPM: do not set device description if probe fails.

Would you like me to commit it?

Sat, Jul 30, 9:50 AM
kd accepted D35998: TPM: do not set device description if probe fails.

LGTM

Sat, Jul 30, 9:47 AM

Wed, Jul 27

kd committed rG863871d369f8: ipsec: Improve validation of PMTU (authored by kd).
ipsec: Improve validation of PMTU
Wed, Jul 27, 2:15 PM
kd closed D35871: icmp6: Improve validation of PMTU.
Wed, Jul 27, 2:15 PM
kd committed rG82042465c3b5: icmp6: Improve validation of PMTU (authored by kd).
icmp6: Improve validation of PMTU
Wed, Jul 27, 2:15 PM
kd closed D35872: ipsec: Improve validation of PMTU.
Wed, Jul 27, 2:15 PM
kd added a comment to D35871: icmp6: Improve validation of PMTU.

So in Linux icmpv6 logic the PTB message is processed in two steps:

Wed, Jul 27, 10:22 AM

Mon, Jul 25

kd added a comment to D35871: icmp6: Improve validation of PMTU.

Hmm, ok I see.
So if I understand correctly you propose to remove the PMTU handling in icmpv6, and parse it only in the protocol layer?
I suppose that it will reduce the attack surface.
Also the RFC9260 you linked says that we SHOULD, and not MUST process PMTUD.
So I suppose that in some cases it's ok to ignore this packet.

Mon, Jul 25, 8:49 AM

Thu, Jul 21

kd added a comment to D35871: icmp6: Improve validation of PMTU.

I think such a packet should never be used to change the host cache. For SCTP over UDP or TCP over UDP, we do the same validation as done for SCTP or TCP. In case an application is running on top of UDP, the application must validate that the reflected packet is OK before changing the host cache. Right now, this is not possible. But one could, for connected UDP socket, provide the encapsulated packet using MSG_NOTIFICATION, let the application do its verification and if that is successful allow a socket option to put the data into the host cache. Willing to work on that...

Thu, Jul 21, 8:41 PM
kd added a comment to D35871: icmp6: Improve validation of PMTU.

But when the protocol inside is TCP / SCTP, a validation would be possible. Especially when the hostcache of a protocol other than IP is being modified. The returned PTB ICMP message is supposed to hold as much of the offending packet's header as possible.

At least with stateful protocols, this could also dramatically reduce the attack surface of spoofed PTB error messages, not?

Thu, Jul 21, 7:04 PM
kd added a comment to D35871: icmp6: Improve validation of PMTU.

In other words in IPv4 PMTU information is used in transport layer, e.g. TCP uses it to lower MSS.
In IPv6 world the ip6_output needs to know PMTU in order to fragment the packet.

Thu, Jul 21, 6:47 PM
kd added a comment to D35871: icmp6: Improve validation of PMTU.

For IPv6, some input validation is done by the ICMP layer. However, then the TCP host cache is updated without any further validation by the transport layer and finally the processing is delegated to the transport layer. So an attacker does not have to guess the transport layer information to reduce the PMTU, since the ICMPv6 performs the action even if the transport layer detects the attack and does not perform the action (again).

So why is the modification of the TCP hostcache performed by the ICMPv6 stack at all? In my view, this just allows attacks...

Thu, Jul 21, 6:43 PM
kd added a comment to D35871: icmp6: Improve validation of PMTU.

Would it be difficult to add a regression test case for this using scapy and utilities in tests/sys/netinet6?

Thu, Jul 21, 2:10 PM
kd requested review of D35872: ipsec: Improve validation of PMTU.
Thu, Jul 21, 7:24 AM
kd requested review of D35871: icmp6: Improve validation of PMTU.
Thu, Jul 21, 7:23 AM
kd abandoned D32728: vscphy: Fill in new mii_maxspeed field.

Committed in 89fb4802f9a64a1eba6475c3e467e614b69052a4

Thu, Jul 21, 7:07 AM
kd abandoned D33187: qoriq_therm: Fix sensor detection.

Fixed in D35759.

Thu, Jul 21, 7:05 AM

Tue, Jul 19

kd committed rGfec5791f9846: Revert "bsdinstall: add knob to set ASLR sysctls" (authored by mw).
Revert "bsdinstall: add knob to set ASLR sysctls"
Tue, Jul 19, 9:59 AM
kd added a reverting change for rG020f4112559e: bsdinstall: add knob to set ASLR sysctls: rGfec5791f9846: Revert "bsdinstall: add knob to set ASLR sysctls".
Tue, Jul 19, 9:59 AM
kd committed rG0f39272b883a: stand/uboot: setup archsw before probing devices (authored by aja_semihalf.com).
stand/uboot: setup archsw before probing devices
Tue, Jul 19, 9:59 AM
kd committed rG10192e77cfac: Enable ASLR by default for 64-bit executables (authored by mw).
Enable ASLR by default for 64-bit executables
Tue, Jul 19, 9:59 AM
kd committed rG0627a69cd8ed: e6000sw: Fix direct register write logic (authored by kd).
e6000sw: Fix direct register write logic
Tue, Jul 19, 9:58 AM
kd committed rGf470bff421ff: lockstat: Fix construction of comparision predicates (authored by kd).
lockstat: Fix construction of comparision predicates
Tue, Jul 19, 9:58 AM
kd committed rG94c272b4c6cc: igc: Change default duplex setting (authored by kd).
igc: Change default duplex setting
Tue, Jul 19, 9:58 AM
kd added a reverting change for D28418: bsdinstall: add knob to set ASLR sysctls: rGfec5791f9846: Revert "bsdinstall: add knob to set ASLR sysctls".
Tue, Jul 19, 9:58 AM

Mon, Jul 18

kd committed rG939f0b6323e0: Implement shared page address randomization (authored by kd).
Implement shared page address randomization
Mon, Jul 18, 2:30 PM
kd committed rG361971fbca5f: Rework how shared page related data is stored (authored by kd).
Rework how shared page related data is stored
Mon, Jul 18, 2:30 PM
kd committed rGf6ac79fb12f3: Introduce the PROC_SIGCODE() macro (authored by kd).
Introduce the PROC_SIGCODE() macro
Mon, Jul 18, 2:30 PM
kd closed D35349: [RFC] Shared page address randomization.
Mon, Jul 18, 2:30 PM
kd closed D35393: Rework how shared page related data is stored.
Mon, Jul 18, 2:30 PM
kd closed D35392: Introduce the PROC_SIGCODE() macro.
Mon, Jul 18, 2:30 PM

Jul 11 2022

kd updated the diff for D35349: [RFC] Shared page address randomization.

Use vm_map_fixed to map shared page when no address randomization is applied.

Jul 11 2022, 11:16 AM

Jul 4 2022

kd closed D35672: e6000sw: Fix register write logic.
Jul 4 2022, 2:26 PM
kd committed rG665482590757: e6000sw: Fix direct register write logic (authored by kd).
e6000sw: Fix direct register write logic
Jul 4 2022, 2:26 PM
kd closed D35690: lockstat: Fix construction of comparision predicates.
Jul 4 2022, 2:26 PM
kd committed rG9dbacce2d48a: lockstat: Fix construction of comparision predicates (authored by kd).
lockstat: Fix construction of comparision predicates
Jul 4 2022, 2:26 PM

Jul 1 2022

kd requested review of D35690: lockstat: Fix construction of comparision predicates.
Jul 1 2022, 1:10 PM
kd committed rGab453714fc90: Add myself(kd) as src commiter and mw/emaste as my co-mentors (authored by kd).
Add myself(kd) as src commiter and mw/emaste as my co-mentors
Jul 1 2022, 6:16 AM
kd committed rG3b8d04f845b4: igc: Change default duplex setting (authored by kd).
igc: Change default duplex setting
Jul 1 2022, 6:16 AM
kd closed D35673: igc: Change default duplex setting.
Jul 1 2022, 6:15 AM
kd closed D35658: Add myself(kd) as src commiter and mw/emaste as my co-mentors.
Jul 1 2022, 6:15 AM

Jun 30 2022

kd requested review of D35673: igc: Change default duplex setting.
Jun 30 2022, 11:07 AM
kd requested review of D35672: e6000sw: Fix register write logic.
Jun 30 2022, 10:47 AM

Jun 29 2022

kd requested review of D35658: Add myself(kd) as src commiter and mw/emaste as my co-mentors.
Jun 29 2022, 2:50 PM
pi renamed kd from mindal_semihalf.com to kd.
Jun 29 2022, 2:40 PM
kd closed D35657: Add entries for Kornel Dulęba(kd).
Jun 29 2022, 2:32 PM
kd committed R9:0f5f4ced0dab: Add entries for Kornel Dulęba(kd@) (authored by kd).
Add entries for Kornel Dulęba(kd@)
Jun 29 2022, 2:32 PM
kd requested review of D35657: Add entries for Kornel Dulęba(kd).
Jun 29 2022, 2:20 PM

Jun 21 2022

kd added inline comments to D35349: [RFC] Shared page address randomization.
Jun 21 2022, 3:00 PM
kd updated the diff for D35349: [RFC] Shared page address randomization.

Use vm_map_fixed to allocate the guard page.

Jun 21 2022, 2:59 PM

Jun 15 2022

kd added inline comments to D35349: [RFC] Shared page address randomization.
Jun 15 2022, 10:31 AM
kd updated the diff for D35349: [RFC] Shared page address randomization.
  • Pass the shared page size in kinfo_vm_layout and use that information in kern_copyin test.
  • Map the guard page at the top of UVA, instead of mapping it at the usual location of the shared page.
Jun 15 2022, 10:30 AM

Jun 13 2022

kd updated the diff for D35349: [RFC] Shared page address randomization.

Pass the shared page address in kinfo_vm_layout struct and use it in kern_copyin test.

Jun 13 2022, 7:24 AM

Jun 10 2022

kd updated the diff for D35349: [RFC] Shared page address randomization.

Check if the shared page address is randomized in kern_copyin test.

Jun 10 2022, 12:19 PM

Jun 8 2022

kd added a comment to D35349: [RFC] Shared page address randomization.
In D35349#803460, @kib wrote:

Why? As discussed earlier, if the shared page is randomized and the guard is mapped at the top of the UVA, map(MAP_FIXED) something at this location.

Jun 8 2022, 6:45 AM

Jun 7 2022

kd added a comment to D35349: [RFC] Shared page address randomization.
In D35349#803266, @kib wrote:

I still think that the guard at location of fixed shp is required.

Jun 7 2022, 3:39 PM
kd updated the diff for D35349: [RFC] Shared page address randomization.
  • If the address randomization is applied map a guard page to the usual location of the shared page.
  • Remove kern_copyin test. It doesn't work with the guard page at the top of user address space.
Jun 7 2022, 3:38 PM
kd added a comment to D35392: Introduce the PROC_SIGCODE() macro.

@mindal_semihalf.com do you have these changes in a git repo somewhere? I can merge them as they're reviewed/approved.

Jun 7 2022, 2:52 PM

Jun 6 2022

kd added inline comments to D35349: [RFC] Shared page address randomization.
Jun 6 2022, 9:04 AM
kd updated the diff for D35349: [RFC] Shared page address randomization.
  • Move shared page ASLR flag from vmspace to image_params.
Jun 6 2022, 9:02 AM
kd updated the diff for D35393: Rework how shared page related data is stored.
  • Rename vm_sp_base to vm_shp_base
  • Introduce the PROC_HAS_SHP macro
  • Don't mention a.out in a comment.
Jun 6 2022, 9:00 AM

Jun 3 2022

kd updated the diff for D35349: [RFC] Shared page address randomization.

Add an error message if mapping shared page fails

Jun 3 2022, 11:07 AM
kd updated the diff for D35393: Rework how shared page related data is stored.

Copy offsets unconditionally in exec_sysvec_init_secondary (as suggested by kib in D35349).

Jun 3 2022, 11:05 AM
kd added inline comments to D35349: [RFC] Shared page address randomization.
Jun 3 2022, 10:04 AM
kd added inline comments to D35349: [RFC] Shared page address randomization.
Jun 3 2022, 9:52 AM
kd added a comment to D35349: [RFC] Shared page address randomization.
In D35349#802348, @kib wrote:

For commit, I still believe that the split of the patch into two parts, one where you switch code to use base + offsets, and another where the actual randomization occurs, is the best. Could you, please, split the reviews?

Jun 3 2022, 9:44 AM
kd updated the diff for D35349: [RFC] Shared page address randomization.

Split the review into three parts.

Jun 3 2022, 9:42 AM
kd requested review of D35393: Rework how shared page related data is stored.
Jun 3 2022, 9:42 AM
kd requested review of D35392: Introduce the PROC_SIGCODE() macro.
Jun 3 2022, 9:42 AM

Jun 2 2022

kd added a comment to D35349: [RFC] Shared page address randomization.

I took a look at the linuxulator again and actually I don't think this patch will cause an issue there.
All ASLR related features, including this one are only activated if SV_ASLR flag is set in sysentvec.
None of the linuxulator sysentvecs have this flag set, so we should be fine here.
On a side note this means that the linuxulator binaries are not using ASLR at all.

Jun 2 2022, 12:23 PM
kd updated the diff for D35349: [RFC] Shared page address randomization.
  • Replace PAGE_SIZE with sysconf(_SC_PAGESIZE).
  • Store offsets to various shared page segments, instead of their base addresses.
  • Store the shared page base address in struct vmspace, instead its offset to the default location.
Jun 2 2022, 12:19 PM

Jun 1 2022

kd added a comment to D35349: [RFC] Shared page address randomization.
In D35349#802006, @kib wrote:

Well, with some accuracy and care it is possible. At least, all variables should be static or hidden (and I do not think that non-local vars can exists in vdso at all, at least while the page is mapped rx). So the first step is to build with -fPIC and then mangle code enough to ensure that no relocations are produced. But this is still quite fragile and depends on the compiler use that it is not intended to.

My belief is that the only reliable option is to write it in asm, to have tight-controlled code.

Jun 1 2022, 3:58 PM
kd added a comment to D35349: [RFC] Shared page address randomization.
In D35349#802004, @mindal_semihalf.com wrote:
In D35349#801990, @kib wrote:
In D35349#801982, @mindal_semihalf.com wrote:

Sorry for the radio silence. I discovered that this patch, in its current form breaks Linuxulator VDSO clock routines.
Basically the problem is that the Linux VDSO glue code needs to read vdso_timekeep, that is stored in the shared page.
I have to figure out a fix for this first, before proceeding with this.
Once I have something I'll either open up a new phabricator revision, or update this one.

It is probably between too hard to impossible, due to linux vdso written in C. It requires PIC code, and it is almost always requires GOT and performing relocations before the code can work.

IMO it is enough to exclude linux ABI from shared page randomization.

That's what we noticed when HardenedBSD implemented VDSO randomization as well. The way the linuxulator's VDSO is implemented is not too friendly towards ASLR.

Ok, I'll go with that.
I guess that the best way to do this is to add an opt-in flag to sysentvec.

Jun 1 2022, 3:31 PM
kd added a comment to D35349: [RFC] Shared page address randomization.
In D35349#801990, @kib wrote:
In D35349#801982, @mindal_semihalf.com wrote:

Sorry for the radio silence. I discovered that this patch, in its current form breaks Linuxulator VDSO clock routines.
Basically the problem is that the Linux VDSO glue code needs to read vdso_timekeep, that is stored in the shared page.
I have to figure out a fix for this first, before proceeding with this.
Once I have something I'll either open up a new phabricator revision, or update this one.

It is probably between too hard to impossible, due to linux vdso written in C. It requires PIC code, and it is almost always requires GOT and performing relocations before the code can work.

IMO it is enough to exclude linux ABI from shared page randomization.

That's what we noticed when HardenedBSD implemented VDSO randomization as well. The way the linuxulator's VDSO is implemented is not too friendly towards ASLR.

Jun 1 2022, 3:30 PM
kd added a comment to D35349: [RFC] Shared page address randomization.

Sorry for the radio silence. I discovered that this patch, in its current form breaks Linuxulator VDSO clock routines.
Basically the problem is that the Linux VDSO glue code needs to read vdso_timekeep, that is stored in the shared page.
I have to figure out a fix for this first, before proceeding with this.
Once I have something I'll either open up a new phabricator revision, or update this one.

Jun 1 2022, 10:38 AM

May 30 2022

kd requested review of D35349: [RFC] Shared page address randomization.
May 30 2022, 12:46 PM

May 17 2022

kd closed D35132: makefs(8): Fix calculation of file sizes.

Committed in ecdc04d006.

May 17 2022, 7:58 AM

May 16 2022

kd updated the diff for D35132: makefs(8): Fix calculation of file sizes.

Cast both sides of comparison to size_t.

May 16 2022, 9:36 AM

May 5 2022

kd requested review of D35132: makefs(8): Fix calculation of file sizes.
May 5 2022, 12:49 PM
kd requested review of D35131: makefs(8): Fix calculation of metadata segmets sizes.
May 5 2022, 12:49 PM

Apr 27 2022

kd requested review of D35076: Add USB ID and quirks for Huawei E3372.
Apr 27 2022, 12:57 PM
kd requested review of D35075: usb: Respect NO_INQUIRY quirk during device enumeration.
Apr 27 2022, 12:57 PM

Apr 20 2022

kd added a comment to D34907: dmar: Disable PMR in driver attach routine.
In D34907#792891, @kib wrote:

About the point that PMR only makes sense to disable globally, I am also not sure. For instance, if PMR was set up for something that can be externally plugged, it might be good idea to keep it enabled still.

Apr 20 2022, 10:28 AM
kd added a comment to D34907: dmar: Disable PMR in driver attach routine.
In D34907#792838, @kib wrote:

As a second though, this control is global. Do you want it to be per-DMAR unit, in fact? [I am fine with this refine to be done later]

Apr 20 2022, 6:37 AM

Apr 19 2022

kd updated the diff for D34907: dmar: Disable PMR in driver attach routine.

Hide the early disabling behind a hw.dmar.pmr.disable tunable. (Off by default.)
Leave the other places that call dmar_disable_protected_regions untouched.
Check the PMR state before disabling it. Without this a timeout is observed when we try to disable it the second time.

Apr 19 2022, 7:20 AM

Apr 14 2022

kd requested review of D34907: dmar: Disable PMR in driver attach routine.
Apr 14 2022, 11:45 AM

Mar 31 2022

kd accepted D34256: Make miibus.ko module on par with using 'device miibus' in kernel config.

@mindal_semihalf.com are you happy with the changes?

Mar 31 2022, 8:25 AM

Feb 22 2022

kd added a comment to D34031: bus_if: Add a default implementation of get_property.

Hmm, I just did a simple test by adding a call to kdb_backtrace to ofw_bus_default_get_node and removing ofw_pci.c from the build.
The device in backtrace is attached to a standard pci bus that doesn't know anything about ofw:

Feb 22 2022, 2:35 PM
kd added a comment to D34031: bus_if: Add a default implementation of get_property.

Yes, I mean we end up in kobj_error_method. And that's a very real scenario. In newbus, the default method is only applied for the given class and its subclasses. *Not for all classes*

This means that all controllers (not derived from ofwbus), pci or other buses not derived from ofw/simplebus are subject to this error.

Feb 22 2022, 11:01 AM
kd added a comment to D34031: bus_if: Add a default implementation of get_property.

This only applies to buses derived from simple/ofwbus, not to others (e.g. pci). For other device objects, the ofw_bus_get_node() function returns ENXIO (which may be a valid node ID). However, calling a class function on an object that is not derived from the given class should be considered an error.

Feb 22 2022, 9:51 AM

Feb 21 2022

kd added a comment to D33926: This change allows the veriexec binary to (optionally) load its CA store from a verified tarball..
In D33926#776749, @sjg wrote:

Actually, what does the kernel do with the manifest? or the hash of the manifest?

Once root is mounted, mac_veriexec verifies the manifest hash, and parses the manifest. Each file listed in the manifest gets resolved into a vnode and is added to mac_veriexec with its corresponding hash and flags ; the vnode can then later be verified when accessed. When the system is ready, mac_veriexec is already in "loaded active enforced" state. Without this mac_veriexec would not know of any file, so no program would be allowed to run, not even veriexec(8).

Currently mac_veriexec does not know anything about manifest parsing - that is the job of sbin/veriexec

I think it would be less disruption to the existing model for the loader to provide a hash of the manifest - that gets fed to mac_veriexec in the same manner that veriexec does.
Then set the state to loaded,active and then veriexec can use O_VERIFY to open that manifest and feed its content to mac_veriexec

OR you could just do all that via a kernel module loaded by loader, that effectively makes calls to initialize mac_veriexec - that would minimize the impact to existing usage, since anyone who doesn't want this need not load that module.

Feb 21 2022, 8:53 AM

Feb 18 2022

kd added a comment to D34031: bus_if: Add a default implementation of get_property.
In D34031#776851, @mmel wrote:

I don't think that's right. We can't expect that all indirect descendants of simplebus were instantiated by simplebus. Typically all enumerable buses (e.g. pci or multifunction devices represented by single FDT node) are not derived from simplebus. You cannot use ofw_bus_get_node(child) on those.
IMHO we can have a single generic implementation of <foo>_get_property for a given bus , but it should be explicitly defined in the device_methods structure for all appropriate drives.

Feb 18 2022, 2:31 PM
kd added inline comments to D33457: Expand device_get_property API.
Feb 18 2022, 10:38 AM

Feb 17 2022

kd added a comment to D33457: Expand device_get_property API.

@bz ping

Feb 17 2022, 7:47 AM

Feb 15 2022

kd added a comment to D34027: sdhci_fsl_fdt: Fix tuning code.
In D34027#775552, @mmel wrote:

Yes, I've applied all the patches. The problem is that the HS SD card (i.e. without debugging) also doesn't work and I don't know why.

Feb 15 2022, 9:20 AM

Feb 14 2022

kd added a comment to D34027: sdhci_fsl_fdt: Fix tuning code.
In D34027#775532, @mmel wrote:

Due to problems with the D32706 I can't verify this on Honeycomb, plus I've never been able to have a working HW tuning. The current state is that this whole series of patches leaves Honeycomb with a non-functioning SD and eMMC. I currently have almost no free time to hack this problem, so everything is taking forever, sorry :(

In other words, HW tuning on the LX2160 is still not working, but this failure may be caused by any of previous patch from this series.

Feb 14 2022, 12:27 PM
kd added a comment to D34256: Make miibus.ko module on par with using 'device miibus' in kernel config.

I think it might be better to keep the file sorted the way it was before this change.
This will make this patch much easier to read.

Feb 14 2022, 12:12 PM

Feb 10 2022

kd added a comment to D33457: Expand device_get_property API.
In D33457#774705, @bz wrote:

I keep meaning to give it a try for my local application; after all I think I triggered this? I cannot even remember. If you have a few more days I'll try hard; otherwise please don't wait for me.

Feb 10 2022, 6:45 PM
kd added a comment to D33457: Expand device_get_property API.

@andrew Do you have any more thoughts on this?

Feb 10 2022, 4:06 PM

Jan 31 2022

kd updated the diff for D33457: Expand device_get_property API.

Rebase on D34031

Jan 31 2022, 3:09 PM