- User Since
- Jul 23 2014, 7:10 PM (315 w, 2 d)
Jan 21 2019
From glancing at this patch, there's a few code security-related issues that need to be worked out.
Jan 7 2019
Jan 4 2019
Dec 15 2018
Nov 27 2018
Nov 25 2018
Note that I'm not a committer, so I can't commit the patch. ;)
Nov 24 2018
Update jail.8 manage to document allow.unprivileged_proc_debug
Implement Jamie Gritton's suggestions. Use the priv_check API for checking the underlying debug privilege. Make brief that which is verbose.
Nov 23 2018
Nov 17 2018
Sep 7 2018
Sep 4 2018
Aug 28 2018
Minimize diff with suggestions by jhb.
Reflect changes requested by both kib and jhb.
Missed a spot. Cover another mapping with MAP_GUARD.
Update the patch to use John Baldwin's suggestion on mapping the entire range first with MAP_GUARD.
Aug 21 2018
Jul 30 2018
Put the allow.vmm documentation in the right place in the jail(8) manpage.
Address the superfluous conditional and add an entry into the jail(8) manpage.
Update the patch to take into account the new dynamic allow.* API.
Jul 19 2018
Jul 6 2018
Jul 5 2018
Jul 4 2018
Jun 29 2018
Rebase on FreeBSD's source code.
Whoops. I just realized this version of the patch is based off of HardenedBSD's src tree. I'll update it soon based on FreeBSD's.
May 7 2018
Closing this review since the issue has been addressed with a different commit.
May 6 2018
It has been quite a few years since I originally wrote this code. This might be able to carve out some time these next two weeks to refactor it. There are parts of this patch that feel a bit awkward and could likely be improved upon.
Friendly ping. :)
Mar 12 2018
Mar 1 2018
Use G_ELI_VERSION from g_eli.h as the module version.
Jan 31 2018
I'm curious: why disable IBPB for userland?
Jan 13 2018
Got a panic, potentially related to bhyve. I've posted the core txt here: https://gist.github.com/f9933cd2397217d6acb83fb1ec1f41e7
This comment brought to you by my HardenedBSD laptop running with your PTI patch and the retpoline patch from llvm. I'm happy to report that everything is working fine, albeit with a noticeable lag in some cases. I have multiple bhyve VMs running in parallel, including Win10. Thank you for fixing that! I did have to rebuild the nvidia-driver port, but that's to be expected. It's probably safe to assume that a good portion of third-party kernel modules will need to be rebuilt.
Jan 11 2018
The OverDrive 1000 booted fine. I don't have any arm64 PoC for Spectre or Meltdown that works on FreeBSD right now.
Jan 10 2018
My FreeBSD bhyve VM with the patch applied can boot with vm.pmap.pti set to 0. However, even with it set to 0, I get weird runtime errors. Like this when running make -sj6 buildkernel:
Jan 9 2018
Attempting to run with vm.pmap.pti=0 set results in this kernel panic in early boot: https://photos.app.goo.gl/bm29U8ChZDAmnF0B3
I generated an installer image (memstick.img) with the latest PTI patch to test a fresh installation of vanilla FreeBSD with the PTI patch applied. Extracting the distsets failed.
I've now reproduced the issues on vanilla FreeBSD:
Jan 8 2018
With the patch applied and actively running on my system, I get "interesting" virtual memory behaviors. Like when running make buildkernel:
Applications randomly won't start, as well. Only one boot out of five did sshd start successfully.
Note that I don't currently have a FreeBSD system as all my systems run HardenedBSD, so the line numbers in the kernel panic backtrace below are with HardenedBSD 12-CURRENT/amd64 with this patch applied to commit 38fc2d5ddfadacba64a8d55932596a3008c8403f in hardened/current/master.
Oct 28 2017
Due to the follow-up conversation with badfilemagic, my last comment should be retracted as well.
The proposed patch would effectively disable all entropy gathering sources by default. Thus, systems would boot up without any entropy, save the cached entropy from last reboot. On freshly installed systems, there is no cached entropy. The state of the entropy subsystem would be subpar.
Aug 28 2017
Aug 1 2017
Jul 21 2017
Jun 8 2017
D10447, the patch this depends upon, needs to be updated to latest HEAD. I'd love to help test this patch out.
It looks like this patch doesn't apply cleanly to latest HEAD. Can this patch be updated to reflect the latest HEAD?
Apr 13 2017
Update to address Allan's comments.
Apr 12 2017
Mar 23 2017
Mar 19 2017
I can do a pkg exp-run with this patch on HardenedBSD's infrastructure tomorrow if desired.
Feb 8 2017
Patch tested successfully. Other than the typo @lifanov noted, the patch looks good to me.
I'll test this patch sometime within the next 24-72 hours. As it stands, the logic looks completely fine to me. Thanks for working on this!
Dec 10 2016
Dec 9 2016
I've added the current revision of this patch to a feature branch in HardenedBSD. I'll test it out over the weekend.
Nov 28 2016
Patch tested successfully on my end.
Oct 20 2016
My comments are from simply glancing at the review, not a full review nor tested.
Oct 4 2016
Oct 3 2016
Should the various macros, variables, and enums reflect ASR instead of ASLR?
Jul 27 2016
Found a few potential things just glancing at this.
Jun 8 2016
Is there any objection to this getting committed? This may help with the RPI3 work we're doing at BSDCan right now.