♟ olce

Status/2025Q3/group-changes.adoc: Add report

Status/2025Q3/drm-drivers-slowdowns_fixes.adoc: Add report

Status/2025Q3/mac_do.adoc: Improve report

vm_domainset: Ensure round-robin works properly

sys/rpc: UNIX auth: Do not log on bogus AUTH_SYS messages

sys/rpc: UNIX auth: Fix OOB reads on too short message

sys/rpc: UNIX auth: Style: Remove unnecessary headers, minor changes

sys/rpc: UNIX auth: Support XDR_FREE

sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (2/2)

sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (1/2)

sys/rpc: Define AUTH_SYS_MAX_{GROUPS,HOSTNAME}

sys/rpc: UNIX auth: Fix OOB accesses, notably writes on decode

sys/rpc: UNIX auth: Rename 'ngroups' => 'supp_ngroups' for clarity

(With same remark as Alan.)

For the changes in unionfs_lock(), there is indeed a window after the interlock drop and before lock acquire and drop where the "root" reference unionfs holds (through unionfs_node; the one that allows to call vholdnz() above) could be dropped (it's the same window described in the big comment about checking the proper target vnode (lower or upper) was locked).

This change is an improvement without drawbacks, so should be committed.

We have indeed several problems with VOP_OPEN()/VOP_CLOSE(), e.g., they are not always called in pairs, and even if they are the passed td may not match between an open and close. These interfaces need serious revision, in particular determining which exact info the filesystems would like to use and if there are better ways to obtain them.

sys/rpc: UNIX auth: Do not log on bogus AUTH_SYS messages

sys/rpc: UNIX auth: Fix OOB reads on too short message

sys/rpc: UNIX auth: Support XDR_FREE

sys/rpc: UNIX auth: Style: Remove unnecessary headers, minor changes

sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (2/2)

sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (1/2)

sys/rpc: Define AUTH_SYS_MAX_{GROUPS,HOSTNAME}

sys/rpc: UNIX auth: Fix OOB accesses, notably writes on decode

sys/rpc: UNIX auth: Rename 'ngroups' => 'supp_ngroups' for clarity

Please don't forget to exclude the changes in sys/netinet/ip_carp.c as they are completely unrelated.

In D52960#1212126, @rmacklem wrote:

Looks ok to me. I'll leave min vs MIN up to you.

vfs cache: Add vn_fullpath_jail(), factor out common code

nfsuserd: Fix OOB access on membership of too many groups, take 2

nfsuserd: Fix OOB access on membership of too many groups

initgroups.3: Clarify that ENOMEM is a possible value for 'errno'

getgrouplist.3: Insist on the value returned in 'ngroups'; Minor changes

share/man/man9: Fix compilation

mdo(1): Add support and shortcuts for fully specifying users and groups

MAC/do: Check executable path from the current jail's root

vn_fullpath.9: Add missing links for described functions

tools/regression/priv: Don't call setgroups() with the effective GID

mac_do.4: Mention "from" part's GID can also match supplementary groups

getgroups.2: Clarify, mention ascending order, add SECURITY CONSIDERATIONS

stress2: Fix removal of supplementary groups

group.5: Add a reference to setcred(2)

setgroups.2: Add SECURITY CONSIDERATIONS, rework

initgroups.3: Revamp, mention FreeBSD 15's change in behavior

getgrouplist.3: Rework, use more appropriate terminology

initgroups(3): Fix return value on allocation failure

linux: getsockopt(): Simplify exporting groups a bit

linux: setgroups16(): Pre-extend the groups array

linux: setgroups(): Avoid allocation under the process lock

cr_canseeothergids(): Make the logic easier to grasp

libc: compat.h: Remove a superfluous blank line at end

jail.2: Mention EPERM is returned on open directories

sys: NOTES, GENERIC*: Re-order 'wlan_tkip'

getgroups.2: Simplifications; Be clearer on programs to be modified

Seems good (disclaimer: I only did manual code analysis, but didn't test).

nfsuserd: Fix OOB access on membership of too many groups, take 2

nfsuserd: Fix OOB access on membership of too many groups

initgroups.3: Clarify that ENOMEM is a possible value for 'errno'

getgrouplist.3: Insist on the value returned in 'ngroups'; Minor changes

nfsuserd: Fix OOB access on membership of too many groups, take 2

initgroups.3: Clarify that ENOMEM is a possible value for 'errno'

nfsuserd: Fix OOB access on membership of too many groups

getgrouplist.3: Insist on the value returned in 'ngroups'; Minor changes

Update after discussion and fixing the last use of vm_domainset_iter_page_init() with an object not write-locked in D52982.

uma_core: Rely on domainset iterator to wait on M_WAITOK

Indeed, that is the only problem in UMA.

Please add Reported by: olce at commit, thanks!

It seems good indeed that not all man pages related to libraries go into separate packages, as some are targeted at administrators.

Superseded by the series starting at D52960 (through D52964).

In D52263#1194974, @rmacklem wrote:

In D52263#1194959, @olce wrote:

So, what do you think of:

To support the protocol, we accept up to 17 groups (1 + 16), but no more (extensions are not supported).

But we discard the 17th one, as we don't have room to store it.

This is in fact what the inline decode version is already doing.

It would be nice if all 17 groups ends up in the real cred structure,
but I now recall looking at this long ago and leaving it, since I
was not willing to revise xucred.

It might be worth looking at what else uses xucred to see if adding
a separate cr_gid field for the additional gid is feasible without
too much churn. (xucred was just defined when ucred was being
changed to handle more groups)

olce (Olivier Certner)
User

Projects

User Details

Recent Activity
View All

Sun, Oct 19

Fri, Oct 17

Thu, Oct 16

Wed, Oct 15

Tue, Oct 14

Mon, Oct 13

Fri, Oct 10

Thu, Oct 9

Wed, Oct 8

Tue, Oct 7

olce (Olivier Certner)User

Projects

User Details

Recent ActivityView All

Sun, Oct 19

Fri, Oct 17

Thu, Oct 16

Wed, Oct 15

Tue, Oct 14

Mon, Oct 13

Fri, Oct 10

Thu, Oct 9

Wed, Oct 8

Tue, Oct 7

olce (Olivier Certner)
User

Recent Activity
View All