Page MenuHomeFreeBSD

olce (Olivier Certner)
User

Projects

User Details

User Since
Feb 26 2021, 3:47 PM (241 w, 1 d)

Recent Activity

Fri, Oct 10

olce committed rG2b5cc1e0e095: vfs cache: Add vn_fullpath_jail(), factor out common code (authored by olce).
vfs cache: Add vn_fullpath_jail(), factor out common code
Fri, Oct 10, 5:22 PM
olce committed rG4b7c2a0193dd: nfsuserd: Fix OOB access on membership of too many groups, take 2 (authored by olce).
nfsuserd: Fix OOB access on membership of too many groups, take 2
Fri, Oct 10, 5:17 PM
olce committed rG5fe22e3d09bd: nfsuserd: Fix OOB access on membership of too many groups (authored by olce).
nfsuserd: Fix OOB access on membership of too many groups
Fri, Oct 10, 5:17 PM
olce committed rG25624850a77b: initgroups.3: Clarify that ENOMEM is a possible value for 'errno' (authored by olce).
initgroups.3: Clarify that ENOMEM is a possible value for 'errno'
Fri, Oct 10, 5:17 PM
olce committed rGdbfdd93a188b: getgrouplist.3: Insist on the value returned in 'ngroups'; Minor changes (authored by olce).
getgrouplist.3: Insist on the value returned in 'ngroups'; Minor changes
Fri, Oct 10, 5:17 PM
olce committed rG5fa6b203e186: share/man/man9: Fix compilation (authored by olce).
share/man/man9: Fix compilation
Fri, Oct 10, 5:17 PM
olce committed rG58f55afb301b: mdo(1): Add support and shortcuts for fully specifying users and groups (authored by olce).
mdo(1): Add support and shortcuts for fully specifying users and groups
Fri, Oct 10, 5:17 PM
olce committed rGb025aa9f5abc: MAC/do: Check executable path from the current jail's root (authored by olce).
MAC/do: Check executable path from the current jail's root
Fri, Oct 10, 5:17 PM
olce committed rGb0f448f3e321: vn_fullpath.9: Add missing links for described functions (authored by olce).
vn_fullpath.9: Add missing links for described functions
Fri, Oct 10, 5:17 PM
olce committed rG3638aba1ceb9: tools/regression/priv: Don't call setgroups() with the effective GID (authored by olce).
tools/regression/priv: Don't call setgroups() with the effective GID
Fri, Oct 10, 5:17 PM
olce committed rG995d37ecd3b6: mac_do.4: Mention "from" part's GID can also match supplementary groups (authored by olce).
mac_do.4: Mention "from" part's GID can also match supplementary groups
Fri, Oct 10, 5:17 PM
olce committed rG67cf21e16faf: getgroups.2: Clarify, mention ascending order, add SECURITY CONSIDERATIONS (authored by olce).
getgroups.2: Clarify, mention ascending order, add SECURITY CONSIDERATIONS
Fri, Oct 10, 5:17 PM
olce committed rG92155298945f: stress2: Fix removal of supplementary groups (authored by olce).
stress2: Fix removal of supplementary groups
Fri, Oct 10, 5:17 PM
olce committed rGac18468f3c4a: group.5: Add a reference to setcred(2) (authored by olce).
group.5: Add a reference to setcred(2)
Fri, Oct 10, 5:17 PM
olce committed rG7d5b7157e919: setgroups.2: Add SECURITY CONSIDERATIONS, rework (authored by olce).
setgroups.2: Add SECURITY CONSIDERATIONS, rework
Fri, Oct 10, 5:17 PM
olce committed rG06e0e31f8698: initgroups.3: Revamp, mention FreeBSD 15's change in behavior (authored by olce).
initgroups.3: Revamp, mention FreeBSD 15's change in behavior
Fri, Oct 10, 5:17 PM
olce committed rG587263cb1ddb: getgrouplist.3: Rework, use more appropriate terminology (authored by olce).
getgrouplist.3: Rework, use more appropriate terminology
Fri, Oct 10, 5:17 PM
olce committed rGfaa9bcee1540: initgroups(3): Fix return value on allocation failure (authored by olce).
initgroups(3): Fix return value on allocation failure
Fri, Oct 10, 5:17 PM
olce committed rG1086299d7abf: linux: getsockopt(): Simplify exporting groups a bit (authored by olce).
linux: getsockopt(): Simplify exporting groups a bit
Fri, Oct 10, 5:17 PM
olce committed rG22006b452522: linux: setgroups16(): Pre-extend the groups array (authored by olce).
linux: setgroups16(): Pre-extend the groups array
Fri, Oct 10, 5:17 PM
olce committed rG216460b80674: linux: setgroups(): Avoid allocation under the process lock (authored by olce).
linux: setgroups(): Avoid allocation under the process lock
Fri, Oct 10, 5:17 PM
olce committed rG560c1bb21fe2: cr_canseeothergids(): Make the logic easier to grasp (authored by olce).
cr_canseeothergids(): Make the logic easier to grasp
Fri, Oct 10, 5:17 PM
olce committed rG563771ecdd0c: libc: compat.h: Remove a superfluous blank line at end (authored by olce).
libc: compat.h: Remove a superfluous blank line at end
Fri, Oct 10, 5:17 PM
olce committed rG6e888a22743f: jail.2: Mention EPERM is returned on open directories (authored by olce).
jail.2: Mention EPERM is returned on open directories
Fri, Oct 10, 5:17 PM
olce committed rG47acc6846564: sys: NOTES, GENERIC*: Re-order 'wlan_tkip' (authored by olce).
sys: NOTES, GENERIC*: Re-order 'wlan_tkip'
Fri, Oct 10, 5:16 PM
olce committed rG59f602e2f229: getgroups.2: Simplifications; Be clearer on programs to be modified (authored by olce).
getgroups.2: Simplifications; Be clearer on programs to be modified
Fri, Oct 10, 5:04 PM
olce committed rGc363dcbe75b2: getgroups.2: Simplifications; Be clearer on programs to be modified (authored by olce).
getgroups.2: Simplifications; Be clearer on programs to be modified
Fri, Oct 10, 3:58 PM
olce accepted D52832: packages: Install development manpages in the -dev package.

Seems good (disclaimer: I only did manual code analysis, but didn't test).

Fri, Oct 10, 2:07 PM
olce added inline comments to D52832: packages: Install development manpages in the -dev package.
Fri, Oct 10, 1:18 PM
olce added inline comments to D52832: packages: Install development manpages in the -dev package.
Fri, Oct 10, 10:24 AM

Thu, Oct 9

olce committed rG94f08f6a84e3: nfsuserd: Fix OOB access on membership of too many groups, take 2 (authored by olce).
nfsuserd: Fix OOB access on membership of too many groups, take 2
Thu, Oct 9, 8:42 PM
olce committed rGef40e02a8d78: nfsuserd: Fix OOB access on membership of too many groups (authored by olce).
nfsuserd: Fix OOB access on membership of too many groups
Thu, Oct 9, 8:42 PM
olce committed rGbaf1210fa2e5: initgroups.3: Clarify that ENOMEM is a possible value for 'errno' (authored by olce).
initgroups.3: Clarify that ENOMEM is a possible value for 'errno'
Thu, Oct 9, 8:42 PM
olce committed rG23494c4987b4: getgrouplist.3: Insist on the value returned in 'ngroups'; Minor changes (authored by olce).
getgrouplist.3: Insist on the value returned in 'ngroups'; Minor changes
Thu, Oct 9, 8:41 PM
olce committed rG75eb6846269b: nfsuserd: Fix OOB access on membership of too many groups, take 2 (authored by olce).
nfsuserd: Fix OOB access on membership of too many groups, take 2
Thu, Oct 9, 5:08 PM
olce committed rGc36a44e1cdab: initgroups.3: Clarify that ENOMEM is a possible value for 'errno' (authored by olce).
initgroups.3: Clarify that ENOMEM is a possible value for 'errno'
Thu, Oct 9, 2:13 PM
olce committed rGbb339adfb2a2: nfsuserd: Fix OOB access on membership of too many groups (authored by olce).
nfsuserd: Fix OOB access on membership of too many groups
Thu, Oct 9, 11:35 AM
olce committed rGf5544556754e: getgrouplist.3: Insist on the value returned in 'ngroups'; Minor changes (authored by olce).
getgrouplist.3: Insist on the value returned in 'ngroups'; Minor changes
Thu, Oct 9, 11:35 AM

Wed, Oct 8

olce updated the diff for D52733: vm_domainset: Ensure round-robin works properly.

Update after discussion and fixing the last use of vm_domainset_iter_page_init() with an object not write-locked in D52982.

Wed, Oct 8, 9:17 PM
olce committed rG781802df7a2b: uma_core: Rely on domainset iterator to wait on M_WAITOK (authored by olce).
uma_core: Rely on domainset iterator to wait on M_WAITOK
Wed, Oct 8, 5:02 PM
olce closed D52441: uma_core: Rely on domainset iterator to wait on M_WAITOK.
Wed, Oct 8, 5:02 PM
olce added inline comments to D52441: uma_core: Rely on domainset iterator to wait on M_WAITOK.
Wed, Oct 8, 4:43 PM
olce added a comment to D52733: vm_domainset: Ensure round-robin works properly.

Indeed, that is the only problem in UMA.

Wed, Oct 8, 4:33 PM
olce accepted D52982: kstack: Fix iterator usage in vm_thread_stack_create().

Please add Reported by: olce at commit, thanks!

Wed, Oct 8, 4:29 PM
olce added a comment to D52832: packages: Install development manpages in the -dev package.

It seems good indeed that not all man pages related to libraries go into separate packages, as some are targeted at administrators.

Wed, Oct 8, 1:23 PM

Tue, Oct 7

olce abandoned D52263: krpc: UNIX auth: Prevent DoS, fix various OOB accesses.

Superseded by the series starting at D52960 (through D52964).

Tue, Oct 7, 5:26 PM
olce added a reviewer for D52964: sys/rpc: UNIX auth: Fix OOB reads on too short message: dfr.
Tue, Oct 7, 5:24 PM
olce added a reviewer for D52962: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (1/2): dfr.
Tue, Oct 7, 5:24 PM
olce added a reviewer for D52963: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (2/2): dfr.
Tue, Oct 7, 5:24 PM
olce added a reviewer for D52961: sys/rpc: Define AUTH_SYS_MAX_{GROUPS,HOSTNAME}: dfr.
Tue, Oct 7, 5:24 PM
olce added a reviewer for D52960: sys/rpc: UNIX auth: Fix OOB accesses, notably writes on decode: dfr.
Tue, Oct 7, 5:24 PM
olce added a comment to D52263: krpc: UNIX auth: Prevent DoS, fix various OOB accesses.

So, what do you think of:

  1. To support the protocol, we accept up to 17 groups (1 + 16), but no more (extensions are not supported).
  2. But we discard the 17th one, as we don't have room to store it.

This is in fact what the inline decode version is already doing.

It would be nice if all 17 groups ends up in the real cred structure,
but I now recall looking at this long ago and leaving it, since I
was not willing to revise xucred.

It might be worth looking at what else uses xucred to see if adding
a separate cr_gid field for the additional gid is feasible without
too much churn. (xucred was just defined when ucred was being
changed to handle more groups)

Tue, Oct 7, 5:22 PM
olce requested review of D52964: sys/rpc: UNIX auth: Fix OOB reads on too short message.
Tue, Oct 7, 5:14 PM
olce requested review of D52963: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (2/2).
Tue, Oct 7, 5:14 PM
olce requested review of D52962: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (1/2).
Tue, Oct 7, 5:14 PM
olce requested review of D52961: sys/rpc: Define AUTH_SYS_MAX_{GROUPS,HOSTNAME}.
Tue, Oct 7, 5:14 PM
olce requested review of D52960: sys/rpc: UNIX auth: Fix OOB accesses, notably writes on decode.
Tue, Oct 7, 5:14 PM
olce committed rGd3bfcd66409b: libsa: smbios: Detect less-than-64-bit platforms via __SIZEOF_SIZE_T__ (authored by olce).
libsa: smbios: Detect less-than-64-bit platforms via __SIZEOF_SIZE_T__
Tue, Oct 7, 8:15 AM
olce closed D49318: libsa: smbios: Detect less-than-64-bit platforms via __SIZEOF_SIZE_T__.
Tue, Oct 7, 8:15 AM

Mon, Oct 6

olce committed rGc8141e273a3e: nullfs: Fix some style after recent changes (authored by olce).
nullfs: Fix some style after recent changes
Mon, Oct 6, 3:23 PM
olce committed rG09f925b57aeb: nullfs: Slightly reduce contention by reducing concurrent sections (authored by olce).
nullfs: Slightly reduce contention by reducing concurrent sections
Mon, Oct 6, 3:23 PM
olce closed D52935: nullfs: Apply comments from D38761 (style fixes, small improvements).
Mon, Oct 6, 3:23 PM
olce added inline comments to D52935: nullfs: Apply comments from D38761 (style fixes, small improvements).
Mon, Oct 6, 3:19 PM
olce requested review of D52935: nullfs: Apply comments from D38761 (style fixes, small improvements).
Mon, Oct 6, 2:50 PM
olce updated the diff for D52885: (draft) style.9: Encourage style changes when doing significant modifications.
  • Amend in the direction of feedbacks.
  • Move the whole block of text at the send of the section (but still before the recent C++ section).
Mon, Oct 6, 9:41 AM

Fri, Oct 3

olce accepted D52819: nullfs: smr-protected hash lookup and locking.

Looks good (but please see suggested changes). I've not tested the patch though.

Fri, Oct 3, 7:37 PM
olce committed rG9d0b660e6949: jemalloc: Fix activating debug on WITHOUT_MALLOC_PRODUCTION (authored by olce).
jemalloc: Fix activating debug on WITHOUT_MALLOC_PRODUCTION
Fri, Oct 3, 4:28 PM
olce closed D52850: jemalloc: Fix activating debug on WITHOUT_MALLOC_PRODUCTION.
Fri, Oct 3, 4:28 PM
olce added a comment to D52850: jemalloc: Fix activating debug on WITHOUT_MALLOC_PRODUCTION.

I guess that should be removed too?

Fri, Oct 3, 1:12 PM
olce added a watcher for srcmgr: olce.
Fri, Oct 3, 12:10 PM
olce removed a watcher for srcmgr: olce.
Fri, Oct 3, 12:10 PM
olce requested review of D52885: (draft) style.9: Encourage style changes when doing significant modifications.
Fri, Oct 3, 12:09 PM
olce updated the summary of D52850: jemalloc: Fix activating debug on WITHOUT_MALLOC_PRODUCTION.
Fri, Oct 3, 9:39 AM

Thu, Oct 2

olce committed rG6fcfb244e3d3: namei.9: Remove duplicate WANTPARENT description (authored by olce).
namei.9: Remove duplicate WANTPARENT description
Thu, Oct 2, 5:27 PM
olce committed rG4ffcb1a4a99c: mdo(1): Add support and shortcuts for fully specifying users and groups (authored by olce).
mdo(1): Add support and shortcuts for fully specifying users and groups
Thu, Oct 2, 5:27 PM
olce committed rG51a336aca7d9: vn_fullpath.9: Add missing links for described functions (authored by olce).
vn_fullpath.9: Add missing links for described functions
Thu, Oct 2, 5:26 PM
olce committed rG89958992b618: MAC/do: Check executable path from the current jail's root (authored by olce).
MAC/do: Check executable path from the current jail's root
Thu, Oct 2, 5:26 PM
olce committed rG09ae06b1b224: vfs cache: Add vn_fullpath_jail(), factor out common code (authored by olce).
vfs cache: Add vn_fullpath_jail(), factor out common code
Thu, Oct 2, 5:26 PM
olce committed rG907fbfd7e4b6: mac_do.4: Mention "from" part's GID can also match supplementary groups (authored by olce).
mac_do.4: Mention "from" part's GID can also match supplementary groups
Thu, Oct 2, 5:26 PM
olce added inline comments to D52860: sdhci.4: Improve HARDWARE.
Thu, Oct 2, 3:48 PM
olce requested review of D52850: jemalloc: Fix activating debug on WITHOUT_MALLOC_PRODUCTION.
Thu, Oct 2, 10:29 AM
olce abandoned D52685: (draft) libc: Use __sym_compat() to fix references to compatibility system calls.

Fixed in D52687.

Thu, Oct 2, 10:25 AM
olce accepted D51889: rc: Teach netwait to wait for DAD.

Please also add the acronym in the manual page as suggested in an inline comment.

Thu, Oct 2, 8:56 AM
olce added a comment to D51889: rc: Teach netwait to wait for DAD.

More bugs.

Thu, Oct 2, 7:29 AM

Tue, Sep 30

olce committed rGf45608124286: namei.9: Remove duplicate WANTPARENT description (authored by olce).
namei.9: Remove duplicate WANTPARENT description
Tue, Sep 30, 5:25 PM

Mon, Sep 29

olce committed rGc87a9f51a0de: share/man/man9: Fix compilation (authored by olce).
share/man/man9: Fix compilation
Mon, Sep 29, 6:59 PM
olce committed rG3ca1e69028ac: mdo(1): Add support and shortcuts for fully specifying users and groups (authored by olce).
mdo(1): Add support and shortcuts for fully specifying users and groups
Mon, Sep 29, 6:20 PM
olce closed D52613: mdo(1): Add support and shortcuts for fully specifying users and groups.
Mon, Sep 29, 6:20 PM
olce committed rG05e5de00b9ea: vn_fullpath.9: Add missing links for described functions (authored by olce).
vn_fullpath.9: Add missing links for described functions
Mon, Sep 29, 5:50 PM
olce committed rGc5a813c9f486: vfs cache: Add vn_fullpath_jail(), factor out common code (authored by olce).
vfs cache: Add vn_fullpath_jail(), factor out common code
Mon, Sep 29, 5:38 PM
olce committed rG9f269a0a771a: MAC/do: Check executable path from the current jail's root (authored by olce).
MAC/do: Check executable path from the current jail's root
Mon, Sep 29, 5:38 PM
olce closed D52757: vfs cache: Add vn_fullpath_jail(), factor out common code.
Mon, Sep 29, 5:38 PM
olce closed D52758: MAC/do: Check executable path from the current jail's root.
Mon, Sep 29, 5:38 PM
olce added a comment to D52757: vfs cache: Add vn_fullpath_jail(), factor out common code.
In D52757#1205782, @kib wrote:

There are more global vn_fullpath_XXX() functions, would be worth to enumerate all of them in the manpage.

Mon, Sep 29, 10:34 AM
olce added a comment to D52757: vfs cache: Add vn_fullpath_jail(), factor out common code.
In D52757#1205724, @mjg wrote:

This compiles to an indirect function call?

Mon, Sep 29, 10:31 AM

Sun, Sep 28

olce updated the diff for D52757: vfs cache: Add vn_fullpath_jail(), factor out common code.
  • Add vn_fullpath_jail() to vn_fullpath(9) and slightly tweak the latter
Sun, Sep 28, 4:41 PM
olce added a comment to D52757: vfs cache: Add vn_fullpath_jail(), factor out common code.

I've just discovered the vn_fullpath(9) manual page, which I should update with vn_fullpath_jail().

Sun, Sep 28, 2:36 PM
olce committed rGc1d5fc4e0cfc: mac_do.4: Mention "from" part's GID can also match supplementary groups (authored by olce).
mac_do.4: Mention "from" part's GID can also match supplementary groups
Sun, Sep 28, 2:03 PM

Sat, Sep 27

olce updated the summary of D52757: vfs cache: Add vn_fullpath_jail(), factor out common code.
Sat, Sep 27, 12:31 PM
olce updated the summary of D52758: MAC/do: Check executable path from the current jail's root.
Sat, Sep 27, 12:31 PM