Page MenuHomeFreeBSD

olce (Olivier Certner)
User

Projects

User Details

User Since
Feb 26 2021, 3:47 PM (241 w, 5 d)

Recent Activity

Yesterday

olce accepted D53107: unionfs: avoid vdrop()ing a locked but doomed vnode.

For the changes in unionfs_lock(), there is indeed a window after the interlock drop and before lock acquire and drop where the "root" reference unionfs holds (through unionfs_node; the one that allows to call vholdnz() above) could be dropped (it's the same window described in the big comment about checking the proper target vnode (lower or upper) was locked).

Wed, Oct 15, 2:42 PM

Tue, Oct 14

olce added inline comments to D53079: unionfs: fix NULL deref on closing an fd passed through SCM_RIGHTS.
Tue, Oct 14, 4:54 PM
olce accepted D53079: unionfs: fix NULL deref on closing an fd passed through SCM_RIGHTS.

This change is an improvement without drawbacks, so should be committed.

Tue, Oct 14, 4:50 PM
olce added a comment to D52625: fusefs: fix a kernel panic regarding SCM_RIGHTS.

We have indeed several problems with VOP_OPEN()/VOP_CLOSE(), e.g., they are not always called in pairs, and even if they are the passed td may not match between an open and close. These interfaces need serious revision, in particular determining which exact info the filesystems would like to use and if there are better ways to obtain them.

Tue, Oct 14, 4:42 PM
olce added inline comments to D49618: ps.1: '-A' and '-a': Note change in behavior.
Tue, Oct 14, 3:31 PM
olce added inline comments to D49618: ps.1: '-A' and '-a': Note change in behavior.
Tue, Oct 14, 2:44 PM
olce committed rG2110ae0ef9d6: sys/rpc: UNIX auth: Do not log on bogus AUTH_SYS messages (authored by olce).
sys/rpc: UNIX auth: Do not log on bogus AUTH_SYS messages
Tue, Oct 14, 12:57 PM
olce committed rGd4cc791f3b2e: sys/rpc: UNIX auth: Fix OOB reads on too short message (authored by olce).
sys/rpc: UNIX auth: Fix OOB reads on too short message
Tue, Oct 14, 12:23 PM
olce committed rG4ae70c3ea498: sys/rpc: UNIX auth: Support XDR_FREE (authored by olce).
sys/rpc: UNIX auth: Support XDR_FREE
Tue, Oct 14, 12:23 PM
olce committed rGa4105a5d4e17: sys/rpc: UNIX auth: Style: Remove unnecessary headers, minor changes (authored by olce).
sys/rpc: UNIX auth: Style: Remove unnecessary headers, minor changes
Tue, Oct 14, 12:23 PM
olce committed rGe665c0f6f7a6: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (2/2) (authored by olce).
sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (2/2)
Tue, Oct 14, 12:23 PM
olce committed rGb119ef0f6a81: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (1/2) (authored by olce).
sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (1/2)
Tue, Oct 14, 12:23 PM
olce committed rGf7c4f800cc0b: sys/rpc: Define AUTH_SYS_MAX_{GROUPS,HOSTNAME} (authored by olce).
sys/rpc: Define AUTH_SYS_MAX_{GROUPS,HOSTNAME}
Tue, Oct 14, 12:23 PM
olce closed D52964: sys/rpc: UNIX auth: Fix OOB reads on too short message.
Tue, Oct 14, 12:23 PM
olce committed rG47e9c81d4f13: sys/rpc: UNIX auth: Fix OOB accesses, notably writes on decode (authored by olce).
sys/rpc: UNIX auth: Fix OOB accesses, notably writes on decode
Tue, Oct 14, 12:23 PM
olce committed rGbda3b61512b2: sys/rpc: UNIX auth: Rename 'ngroups' => 'supp_ngroups' for clarity (authored by olce).
sys/rpc: UNIX auth: Rename 'ngroups' => 'supp_ngroups' for clarity
Tue, Oct 14, 12:23 PM
olce closed D52962: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (1/2).
Tue, Oct 14, 12:23 PM
olce closed D52963: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (2/2).
Tue, Oct 14, 12:23 PM
olce closed D52961: sys/rpc: Define AUTH_SYS_MAX_{GROUPS,HOSTNAME}.
Tue, Oct 14, 12:23 PM
olce closed D52960: sys/rpc: UNIX auth: Fix OOB accesses, notably writes on decode.
Tue, Oct 14, 12:23 PM

Mon, Oct 13

olce added inline comments to D53062: imgact: Mark brandinfo and note structures as const.
Mon, Oct 13, 4:33 PM
olce accepted D53062: imgact: Mark brandinfo and note structures as const.

Please don't forget to exclude the changes in sys/netinet/ip_carp.c as they are completely unrelated.

Mon, Oct 13, 3:37 PM
olce added inline comments to D52964: sys/rpc: UNIX auth: Fix OOB reads on too short message.
Mon, Oct 13, 1:16 PM
olce added inline comments to D52962: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (1/2).
Mon, Oct 13, 1:13 PM
olce added a comment to D52960: sys/rpc: UNIX auth: Fix OOB accesses, notably writes on decode.

Looks ok to me. I'll leave min vs MIN up to you.

Mon, Oct 13, 1:01 PM

Fri, Oct 10

olce committed rG2b5cc1e0e095: vfs cache: Add vn_fullpath_jail(), factor out common code (authored by olce).
vfs cache: Add vn_fullpath_jail(), factor out common code
Fri, Oct 10, 5:22 PM
olce committed rG4b7c2a0193dd: nfsuserd: Fix OOB access on membership of too many groups, take 2 (authored by olce).
nfsuserd: Fix OOB access on membership of too many groups, take 2
Fri, Oct 10, 5:17 PM
olce committed rG5fe22e3d09bd: nfsuserd: Fix OOB access on membership of too many groups (authored by olce).
nfsuserd: Fix OOB access on membership of too many groups
Fri, Oct 10, 5:17 PM
olce committed rG25624850a77b: initgroups.3: Clarify that ENOMEM is a possible value for 'errno' (authored by olce).
initgroups.3: Clarify that ENOMEM is a possible value for 'errno'
Fri, Oct 10, 5:17 PM
olce committed rGdbfdd93a188b: getgrouplist.3: Insist on the value returned in 'ngroups'; Minor changes (authored by olce).
getgrouplist.3: Insist on the value returned in 'ngroups'; Minor changes
Fri, Oct 10, 5:17 PM
olce committed rG5fa6b203e186: share/man/man9: Fix compilation (authored by olce).
share/man/man9: Fix compilation
Fri, Oct 10, 5:17 PM
olce committed rG58f55afb301b: mdo(1): Add support and shortcuts for fully specifying users and groups (authored by olce).
mdo(1): Add support and shortcuts for fully specifying users and groups
Fri, Oct 10, 5:17 PM
olce committed rGb025aa9f5abc: MAC/do: Check executable path from the current jail's root (authored by olce).
MAC/do: Check executable path from the current jail's root
Fri, Oct 10, 5:17 PM
olce committed rGb0f448f3e321: vn_fullpath.9: Add missing links for described functions (authored by olce).
vn_fullpath.9: Add missing links for described functions
Fri, Oct 10, 5:17 PM
olce committed rG3638aba1ceb9: tools/regression/priv: Don't call setgroups() with the effective GID (authored by olce).
tools/regression/priv: Don't call setgroups() with the effective GID
Fri, Oct 10, 5:17 PM
olce committed rG995d37ecd3b6: mac_do.4: Mention "from" part's GID can also match supplementary groups (authored by olce).
mac_do.4: Mention "from" part's GID can also match supplementary groups
Fri, Oct 10, 5:17 PM
olce committed rG67cf21e16faf: getgroups.2: Clarify, mention ascending order, add SECURITY CONSIDERATIONS (authored by olce).
getgroups.2: Clarify, mention ascending order, add SECURITY CONSIDERATIONS
Fri, Oct 10, 5:17 PM
olce committed rG92155298945f: stress2: Fix removal of supplementary groups (authored by olce).
stress2: Fix removal of supplementary groups
Fri, Oct 10, 5:17 PM
olce committed rGac18468f3c4a: group.5: Add a reference to setcred(2) (authored by olce).
group.5: Add a reference to setcred(2)
Fri, Oct 10, 5:17 PM
olce committed rG7d5b7157e919: setgroups.2: Add SECURITY CONSIDERATIONS, rework (authored by olce).
setgroups.2: Add SECURITY CONSIDERATIONS, rework
Fri, Oct 10, 5:17 PM
olce committed rG06e0e31f8698: initgroups.3: Revamp, mention FreeBSD 15's change in behavior (authored by olce).
initgroups.3: Revamp, mention FreeBSD 15's change in behavior
Fri, Oct 10, 5:17 PM
olce committed rG587263cb1ddb: getgrouplist.3: Rework, use more appropriate terminology (authored by olce).
getgrouplist.3: Rework, use more appropriate terminology
Fri, Oct 10, 5:17 PM
olce committed rGfaa9bcee1540: initgroups(3): Fix return value on allocation failure (authored by olce).
initgroups(3): Fix return value on allocation failure
Fri, Oct 10, 5:17 PM
olce committed rG1086299d7abf: linux: getsockopt(): Simplify exporting groups a bit (authored by olce).
linux: getsockopt(): Simplify exporting groups a bit
Fri, Oct 10, 5:17 PM
olce committed rG22006b452522: linux: setgroups16(): Pre-extend the groups array (authored by olce).
linux: setgroups16(): Pre-extend the groups array
Fri, Oct 10, 5:17 PM
olce committed rG216460b80674: linux: setgroups(): Avoid allocation under the process lock (authored by olce).
linux: setgroups(): Avoid allocation under the process lock
Fri, Oct 10, 5:17 PM
olce committed rG560c1bb21fe2: cr_canseeothergids(): Make the logic easier to grasp (authored by olce).
cr_canseeothergids(): Make the logic easier to grasp
Fri, Oct 10, 5:17 PM
olce committed rG563771ecdd0c: libc: compat.h: Remove a superfluous blank line at end (authored by olce).
libc: compat.h: Remove a superfluous blank line at end
Fri, Oct 10, 5:17 PM
olce committed rG6e888a22743f: jail.2: Mention EPERM is returned on open directories (authored by olce).
jail.2: Mention EPERM is returned on open directories
Fri, Oct 10, 5:17 PM
olce committed rG47acc6846564: sys: NOTES, GENERIC*: Re-order 'wlan_tkip' (authored by olce).
sys: NOTES, GENERIC*: Re-order 'wlan_tkip'
Fri, Oct 10, 5:16 PM
olce committed rG59f602e2f229: getgroups.2: Simplifications; Be clearer on programs to be modified (authored by olce).
getgroups.2: Simplifications; Be clearer on programs to be modified
Fri, Oct 10, 5:04 PM
olce committed rGc363dcbe75b2: getgroups.2: Simplifications; Be clearer on programs to be modified (authored by olce).
getgroups.2: Simplifications; Be clearer on programs to be modified
Fri, Oct 10, 3:58 PM
olce accepted D52832: packages: Install development manpages in the -dev package.

Seems good (disclaimer: I only did manual code analysis, but didn't test).

Fri, Oct 10, 2:07 PM
olce added inline comments to D52832: packages: Install development manpages in the -dev package.
Fri, Oct 10, 1:18 PM
olce added inline comments to D52832: packages: Install development manpages in the -dev package.
Fri, Oct 10, 10:24 AM

Thu, Oct 9

olce committed rG94f08f6a84e3: nfsuserd: Fix OOB access on membership of too many groups, take 2 (authored by olce).
nfsuserd: Fix OOB access on membership of too many groups, take 2
Thu, Oct 9, 8:42 PM
olce committed rGef40e02a8d78: nfsuserd: Fix OOB access on membership of too many groups (authored by olce).
nfsuserd: Fix OOB access on membership of too many groups
Thu, Oct 9, 8:42 PM
olce committed rGbaf1210fa2e5: initgroups.3: Clarify that ENOMEM is a possible value for 'errno' (authored by olce).
initgroups.3: Clarify that ENOMEM is a possible value for 'errno'
Thu, Oct 9, 8:42 PM
olce committed rG23494c4987b4: getgrouplist.3: Insist on the value returned in 'ngroups'; Minor changes (authored by olce).
getgrouplist.3: Insist on the value returned in 'ngroups'; Minor changes
Thu, Oct 9, 8:41 PM
olce committed rG75eb6846269b: nfsuserd: Fix OOB access on membership of too many groups, take 2 (authored by olce).
nfsuserd: Fix OOB access on membership of too many groups, take 2
Thu, Oct 9, 5:08 PM
olce committed rGc36a44e1cdab: initgroups.3: Clarify that ENOMEM is a possible value for 'errno' (authored by olce).
initgroups.3: Clarify that ENOMEM is a possible value for 'errno'
Thu, Oct 9, 2:13 PM
olce committed rGbb339adfb2a2: nfsuserd: Fix OOB access on membership of too many groups (authored by olce).
nfsuserd: Fix OOB access on membership of too many groups
Thu, Oct 9, 11:35 AM
olce committed rGf5544556754e: getgrouplist.3: Insist on the value returned in 'ngroups'; Minor changes (authored by olce).
getgrouplist.3: Insist on the value returned in 'ngroups'; Minor changes
Thu, Oct 9, 11:35 AM

Wed, Oct 8

olce updated the diff for D52733: vm_domainset: Ensure round-robin works properly.

Update after discussion and fixing the last use of vm_domainset_iter_page_init() with an object not write-locked in D52982.

Wed, Oct 8, 9:17 PM
olce committed rG781802df7a2b: uma_core: Rely on domainset iterator to wait on M_WAITOK (authored by olce).
uma_core: Rely on domainset iterator to wait on M_WAITOK
Wed, Oct 8, 5:02 PM
olce closed D52441: uma_core: Rely on domainset iterator to wait on M_WAITOK.
Wed, Oct 8, 5:02 PM
olce added inline comments to D52441: uma_core: Rely on domainset iterator to wait on M_WAITOK.
Wed, Oct 8, 4:43 PM
olce added a comment to D52733: vm_domainset: Ensure round-robin works properly.

Indeed, that is the only problem in UMA.

Wed, Oct 8, 4:33 PM
olce accepted D52982: kstack: Fix iterator usage in vm_thread_stack_create().

Please add Reported by: olce at commit, thanks!

Wed, Oct 8, 4:29 PM
olce added a comment to D52832: packages: Install development manpages in the -dev package.

It seems good indeed that not all man pages related to libraries go into separate packages, as some are targeted at administrators.

Wed, Oct 8, 1:23 PM

Tue, Oct 7

olce abandoned D52263: krpc: UNIX auth: Prevent DoS, fix various OOB accesses.

Superseded by the series starting at D52960 (through D52964).

Tue, Oct 7, 5:26 PM
olce added a reviewer for D52964: sys/rpc: UNIX auth: Fix OOB reads on too short message: dfr.
Tue, Oct 7, 5:24 PM
olce added a reviewer for D52962: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (1/2): dfr.
Tue, Oct 7, 5:24 PM
olce added a reviewer for D52963: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (2/2): dfr.
Tue, Oct 7, 5:24 PM
olce added a reviewer for D52961: sys/rpc: Define AUTH_SYS_MAX_{GROUPS,HOSTNAME}: dfr.
Tue, Oct 7, 5:24 PM
olce added a reviewer for D52960: sys/rpc: UNIX auth: Fix OOB accesses, notably writes on decode: dfr.
Tue, Oct 7, 5:24 PM
olce added a comment to D52263: krpc: UNIX auth: Prevent DoS, fix various OOB accesses.

So, what do you think of:

  1. To support the protocol, we accept up to 17 groups (1 + 16), but no more (extensions are not supported).
  2. But we discard the 17th one, as we don't have room to store it.

This is in fact what the inline decode version is already doing.

It would be nice if all 17 groups ends up in the real cred structure,
but I now recall looking at this long ago and leaving it, since I
was not willing to revise xucred.

It might be worth looking at what else uses xucred to see if adding
a separate cr_gid field for the additional gid is feasible without
too much churn. (xucred was just defined when ucred was being
changed to handle more groups)

Tue, Oct 7, 5:22 PM
olce requested review of D52964: sys/rpc: UNIX auth: Fix OOB reads on too short message.
Tue, Oct 7, 5:14 PM
olce requested review of D52963: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (2/2).
Tue, Oct 7, 5:14 PM
olce requested review of D52962: sys/rpc: UNIX auth: Use AUTH_SYS_MAX_{GROUPS,HOSTNAME} as limits (1/2).
Tue, Oct 7, 5:14 PM
olce requested review of D52961: sys/rpc: Define AUTH_SYS_MAX_{GROUPS,HOSTNAME}.
Tue, Oct 7, 5:14 PM
olce requested review of D52960: sys/rpc: UNIX auth: Fix OOB accesses, notably writes on decode.
Tue, Oct 7, 5:14 PM
olce committed rGd3bfcd66409b: libsa: smbios: Detect less-than-64-bit platforms via __SIZEOF_SIZE_T__ (authored by olce).
libsa: smbios: Detect less-than-64-bit platforms via __SIZEOF_SIZE_T__
Tue, Oct 7, 8:15 AM
olce closed D49318: libsa: smbios: Detect less-than-64-bit platforms via __SIZEOF_SIZE_T__.
Tue, Oct 7, 8:15 AM

Mon, Oct 6

olce committed rGc8141e273a3e: nullfs: Fix some style after recent changes (authored by olce).
nullfs: Fix some style after recent changes
Mon, Oct 6, 3:23 PM
olce committed rG09f925b57aeb: nullfs: Slightly reduce contention by reducing concurrent sections (authored by olce).
nullfs: Slightly reduce contention by reducing concurrent sections
Mon, Oct 6, 3:23 PM
olce closed D52935: nullfs: Apply comments from D38761 (style fixes, small improvements).
Mon, Oct 6, 3:23 PM
olce added inline comments to D52935: nullfs: Apply comments from D38761 (style fixes, small improvements).
Mon, Oct 6, 3:19 PM
olce requested review of D52935: nullfs: Apply comments from D38761 (style fixes, small improvements).
Mon, Oct 6, 2:50 PM
olce updated the diff for D52885: (draft) style.9: Encourage style changes when doing significant modifications.
  • Amend in the direction of feedbacks.
  • Move the whole block of text at the send of the section (but still before the recent C++ section).
Mon, Oct 6, 9:41 AM

Fri, Oct 3

olce accepted D52819: nullfs: smr-protected hash lookup and locking.

Looks good (but please see suggested changes). I've not tested the patch though.

Fri, Oct 3, 7:37 PM
olce committed rG9d0b660e6949: jemalloc: Fix activating debug on WITHOUT_MALLOC_PRODUCTION (authored by olce).
jemalloc: Fix activating debug on WITHOUT_MALLOC_PRODUCTION
Fri, Oct 3, 4:28 PM
olce closed D52850: jemalloc: Fix activating debug on WITHOUT_MALLOC_PRODUCTION.
Fri, Oct 3, 4:28 PM
olce added a comment to D52850: jemalloc: Fix activating debug on WITHOUT_MALLOC_PRODUCTION.

I guess that should be removed too?

Fri, Oct 3, 1:12 PM
olce added a watcher for srcmgr: olce.
Fri, Oct 3, 12:10 PM
olce removed a watcher for srcmgr: olce.
Fri, Oct 3, 12:10 PM
olce requested review of D52885: (draft) style.9: Encourage style changes when doing significant modifications.
Fri, Oct 3, 12:09 PM
olce updated the summary of D52850: jemalloc: Fix activating debug on WITHOUT_MALLOC_PRODUCTION.
Fri, Oct 3, 9:39 AM

Thu, Oct 2

olce committed rG6fcfb244e3d3: namei.9: Remove duplicate WANTPARENT description (authored by olce).
namei.9: Remove duplicate WANTPARENT description
Thu, Oct 2, 5:27 PM
olce committed rG4ffcb1a4a99c: mdo(1): Add support and shortcuts for fully specifying users and groups (authored by olce).
mdo(1): Add support and shortcuts for fully specifying users and groups
Thu, Oct 2, 5:27 PM