stevek (Stephen J. Kiernan)
Principal Engineer, Core OS/Kernel group, Juniper Networks, Inc.

Projects

User does not belong to any projects.

User Details

User Since
Jun 13 2015, 3:41 PM (136 w, 10 h)

Recent Activity

Tue, Jan 9

stevek added inline comments to D8575: Verified execution (veriexec) fingerprint loader.
Tue, Jan 9, 9:09 PM
stevek added inline comments to D8575: Verified execution (veriexec) fingerprint loader.
Tue, Jan 9, 9:06 PM
stevek added inline comments to D8575: Verified execution (veriexec) fingerprint loader.
Tue, Jan 9, 9:02 PM
stevek added a comment to D8554: Verified execution (veriexec) as a MAC module..
In D8554#289494, @jtl wrote:

I think one of the few weaknesses I see is the way the hash result is cached.

Have you considered mitigations, such as:

  • not caching hash results for remote volumes (e.g. NFS)?
Tue, Jan 9, 8:54 PM
stevek added a comment to D8554: Verified execution (veriexec) as a MAC module..
In D8554#289476, @jtl wrote:

It seems like this could use a man page to describe the mechanism. There are some subtleties that are not immediately obvious, such as the way that shared libraries are protected. In addition, the O_VERIFY flag should probably be documented in the open() man page with a pointer to the verified exec man page.

Tue, Jan 9, 8:50 PM
stevek accepted D13814: Fix backwards MD_VERIFY logic for md devices.

looks good.

Tue, Jan 9, 8:42 PM

Dec 6 2017

stevek committed rS326636: The function make_relative_prefix_1 does not properly free locally.
The function make_relative_prefix_1 does not properly free locally
Dec 6 2017, 9:18 PM
stevek closed D9691: Fix a memory leak in libiberty.
Dec 6 2017, 9:18 PM
stevek committed rS326635: The function fwscanf() return value is wrong when encountering an early.
The function fwscanf() return value is wrong when encountering an early
Dec 6 2017, 9:12 PM
stevek closed D13288: fwscanf returns EOF instead of ZERO in the event of matching failure.
Dec 6 2017, 9:12 PM
stevek added a comment to D9691: Fix a memory leak in libiberty.

@stevek will you commit (with style fix)?

Dec 6 2017, 8:51 PM

Dec 1 2017

stevek added a comment to D13288: fwscanf returns EOF instead of ZERO in the event of matching failure.
In D13288#277164, @jhb wrote:

My only other thought is it would be nice to add a test case for this.

Dec 1 2017, 7:32 PM

Nov 30 2017

stevek added a comment to D13287: Allow using libkvm on kernel modules.
In D13287#277145, @imp wrote:

looks good to me. IIRC, this isn't true for every architecture, but there's no reason I know of to disallow it there.

Nov 30 2017, 8:39 PM

Nov 28 2017

stevek added a comment to D9637: Fix a memory leak with the variable logfname.

Fine with me as well.

Nov 28 2017, 9:42 PM
stevek created D13288: fwscanf returns EOF instead of ZERO in the event of matching failure.
Nov 28 2017, 9:27 PM
stevek created D13287: Allow using libkvm on kernel modules.
Nov 28 2017, 9:19 PM

Oct 28 2017

stevek added a comment to D12808: Don't set a harvest_mask by default..

The proposed patch would effectively disable all entropy gathering sources by default. Thus, systems would boot up without any entropy, save the cached entropy from last reboot. On freshly installed systems, there is no cached entropy. The state of the entropy subsystem would be subpar.

Oct 28 2017, 6:44 PM

Oct 26 2017

stevek abandoned D11765: Fall back to md(4) in rc.initdiskless if tmpfs(5) is not available.

D12301 takes care of things better.

Oct 26 2017, 6:37 PM

Sep 23 2017

stevek added inline comments to D12301: Enhance mdmfs(8) to work with tmpfs(5).
Sep 23 2017, 7:06 PM

Sep 13 2017

stevek added inline comments to D12301: Enhance mdmfs(8) to work with tmpfs(5).
Sep 13 2017, 7:35 PM

Sep 9 2017

stevek accepted D12291: Add AT_HWCAP flags for VFP settings for FreeBSD/arm..

Makes sense. HWCAP_ARM_* values look sane.

Sep 9 2017, 6:11 PM
stevek removed a reviewer for D10161: Continuation of D9903.: stevek.
Sep 9 2017, 3:21 PM
stevek added a reviewer for D12293: Add a NT_ARM_VFP ELF core note to hold VFP registers for each thread.: stevek.
Sep 9 2017, 3:16 PM
stevek added a reviewer for D12294: Add ptrace operations to fetch and store VFP registers.: stevek.
Sep 9 2017, 3:16 PM
stevek added a reviewer for D12291: Add AT_HWCAP flags for VFP settings for FreeBSD/arm.: stevek.
Sep 9 2017, 3:15 PM
stevek added inline comments to D12291: Add AT_HWCAP flags for VFP settings for FreeBSD/arm..
Sep 9 2017, 3:15 PM
stevek accepted D12292: Only mess with VFP state on the CPU for curthread for get/set_vfpcontext..

Looks good.

Sep 9 2017, 3:04 PM
stevek added a reviewer for D12292: Only mess with VFP state on the CPU for curthread for get/set_vfpcontext.: stevek.
Sep 9 2017, 3:03 PM
stevek added a comment to D12290: Add AT_HWCAP and AT_EHDRFLAGS on all platforms..

One common typo: "CPU featire flags" should be "CPU feature flags".

Sep 9 2017, 2:44 PM

Jul 28 2017

stevek added inline comments to D11765: Fall back to md(4) in rc.initdiskless if tmpfs(5) is not available.
Jul 28 2017, 5:13 PM
stevek updated the diff for D11765: Fall back to md(4) in rc.initdiskless if tmpfs(5) is not available.

Edited comment for load_tmpfs

Jul 28 2017, 3:43 AM
stevek updated the summary of D11765: Fall back to md(4) in rc.initdiskless if tmpfs(5) is not available.
Jul 28 2017, 3:41 AM
stevek created D11765: Fall back to md(4) in rc.initdiskless if tmpfs(5) is not available.
Jul 28 2017, 3:40 AM

Jun 15 2017

stevek closed D11106: Use tmpfs in rc.initdiskless by committing rS319987: Replace md(4) usage in diskless(8) script rc.initdiskless with tmpfs(5)..
Jun 15 2017, 8:06 PM
stevek committed rS319987: Replace md(4) usage in diskless(8) script rc.initdiskless with tmpfs(5)..
Replace md(4) usage in diskless(8) script rc.initdiskless with tmpfs(5).
Jun 15 2017, 8:06 PM

Jun 13 2017

stevek committed rS319903: The variable nargv is allocated but never freed, so free it when the it.
The variable nargv is allocated but never freed, so free it when the it
Jun 13 2017, 3:50 PM
stevek closed D9652: fix memory leak in 'finger' by committing rS319903: The variable nargv is allocated but never freed, so free it when the it.
Jun 13 2017, 3:50 PM
stevek added a reviewer for D11106: Use tmpfs in rc.initdiskless: brooks.
Jun 13 2017, 3:34 PM

Jun 9 2017

stevek created D11106: Use tmpfs in rc.initdiskless.
Jun 9 2017, 1:06 AM

Jun 6 2017

stevek committed rS319639: When the input parameter node is NULL, memory is allocated to it..
When the input parameter node is NULL, memory is allocated to it.
Jun 6 2017, 10:18 PM
stevek closed D9878: Fix a memory leak in bluetooth/hccontrol by committing rS319639: When the input parameter node is NULL, memory is allocated to it..
Jun 6 2017, 10:18 PM
stevek committed rS319638: Before returning because of an memory allocation error, free the memory.
Before returning because of an memory allocation error, free the memory
Jun 6 2017, 9:51 PM
stevek closed D9852: Fix a memory leak in ppp by committing rS319638: Before returning because of an memory allocation error, free the memory.
Jun 6 2017, 9:51 PM
stevek committed rS319636: The memory assigned to the local variable 'copy' needs to be freed..
The memory assigned to the local variable 'copy' needs to be freed.
Jun 6 2017, 9:40 PM
stevek closed D9663: Fix a memory leak with add_mapping by committing rS319636: The memory assigned to the local variable 'copy' needs to be freed..
Jun 6 2017, 9:40 PM

Jun 2 2017

stevek committed rS319508: Fix a memory leak with last.
Fix a memory leak with last
Jun 2 2017, 8:25 PM
stevek closed D9850: Fix 'last' memory leak by committing rS319508: Fix a memory leak with last.
Jun 2 2017, 8:25 PM

Jun 1 2017

stevek committed rS319453: Fix memory leak in edithost.
Fix memory leak in edithost
Jun 1 2017, 7:21 PM
stevek closed D9689: Fix a memory leak in telnetd by committing rS319453: Fix memory leak in edithost.
Jun 1 2017, 7:21 PM
stevek committed rS319443: When sysctlbyname fails, free buf before returning..
When sysctlbyname fails, free buf before returning.
Jun 1 2017, 4:45 PM
stevek closed D9867: Fix a memory leak in libutil by committing rS319443: When sysctlbyname fails, free buf before returning..
Jun 1 2017, 4:45 PM

May 31 2017

stevek closed D9899: Fix memory leaks in dhclient by committing rS319361: parse.c parse_string.
May 31 2017, 9:31 PM
stevek committed rS319361: parse.c parse_string.
parse.c parse_string
May 31 2017, 9:31 PM
stevek added inline comments to D9691: Fix a memory leak in libiberty.
May 31 2017, 9:26 PM
stevek committed rS319358: Add MD_VERIFY option to enable O_VERIFY in open for vnode type..
Add MD_VERIFY option to enable O_VERIFY in open for vnode type.
May 31 2017, 9:18 PM

May 25 2017

stevek committed rS318893: MFC r318314.
MFC r318314
May 25 2017, 6:55 PM

May 15 2017

stevek added inline comments to D10701: Make ld-elf.so.1 directly executable.
May 15 2017, 7:34 PM
stevek committed rS318314: Add information to open(2) man page about the O_VERIFY flag..
Add information to open(2) man page about the O_VERIFY flag.
May 15 2017, 7:32 PM
stevek added inline comments to D10701: Make ld-elf.so.1 directly executable.
May 15 2017, 5:11 PM

Apr 19 2017

stevek accepted D10321: unifdef -D__FreeBSD__ to remove the OpenBSD support..

Looks good.

Apr 19 2017, 3:10 PM

Mar 2 2017

stevek accepted D9852: Fix a memory leak in ppp.

Looks reasonable to me.

Mar 2 2017, 10:39 PM

Feb 28 2017

stevek added inline comments to D9433: Add 64-bit support for PowerPC Book-E.
Feb 28 2017, 4:36 PM

Feb 13 2017

stevek committed rS313703: Fix typo where opening brace was needed..
Fix typo where opening brace was needed.
Feb 13 2017, 6:52 PM
stevek committed rS313701: For MD_PRELOAD type md(4) devices, if there is a file name in the preloaded.
For MD_PRELOAD type md(4) devices, if there is a file name in the preloaded
Feb 13 2017, 5:44 PM
stevek closed D9529: Output file name from "preload" type md(4) device by committing rS313701: For MD_PRELOAD type md(4) devices, if there is a file name in the preloaded.
Feb 13 2017, 5:44 PM
stevek added inline comments to D9529: Output file name from "preload" type md(4) device.
Feb 13 2017, 5:41 PM

Feb 10 2017

stevek retitled D9529: Output file name from "preload" type md(4) device from to Output file name from "preload" type md(4) device.
Feb 10 2017, 5:22 PM
stevek added inline comments to D9433: Add 64-bit support for PowerPC Book-E.
Feb 10 2017, 5:19 PM

Jan 31 2017

stevek added a comment to D9246: hwpmc module log with full path.

There's also the problem that this will still have issues when dealing with re-root and/or chroot environments.

Jan 31 2017, 7:58 PM
stevek committed rS313019: Add the folowing set accessor functions for recently-added members of ifnet.
Add the folowing set accessor functions for recently-added members of ifnet
Jan 31 2017, 4:12 PM
stevek closed D8544: Add accessor functions for the if_hw_tsomax* members of ifnet structure. by committing rS313019: Add the folowing set accessor functions for recently-added members of ifnet.
Jan 31 2017, 4:12 PM

Nov 20 2016

stevek added inline comments to D8575: Verified execution (veriexec) fingerprint loader.
Nov 20 2016, 10:39 PM

Nov 18 2016

stevek retitled D8575: Verified execution (veriexec) fingerprint loader from to Verified execution (veriexec) fingerprint loader.
Nov 18 2016, 4:50 PM
stevek added a dependent revision for D8561: Verified execution (veriexec) device interface to MAC/veriexec: D8575: Verified execution (veriexec) fingerprint loader.
Nov 18 2016, 4:50 PM
stevek updated D8554: Verified execution (veriexec) as a MAC module..
Nov 18 2016, 4:38 PM
stevek added a dependent revision for D8554: Verified execution (veriexec) as a MAC module.: D8561: Verified execution (veriexec) device interface to MAC/veriexec.
Nov 18 2016, 4:38 PM
stevek updated D8561: Verified execution (veriexec) device interface to MAC/veriexec.
Nov 18 2016, 4:38 PM
stevek updated D8562: Verified execution (veriexec) library interface to MAC/veriexec per-policy syscall.
Nov 18 2016, 4:38 PM
stevek added a dependent revision for D8554: Verified execution (veriexec) as a MAC module.: D8562: Verified execution (veriexec) library interface to MAC/veriexec per-policy syscall.
Nov 18 2016, 4:38 PM
stevek retitled D8562: Verified execution (veriexec) library interface to MAC/veriexec per-policy syscall from to Verified execution (veriexec) library interface to MAC/veriexec per-policy syscall.
Nov 18 2016, 4:07 AM
stevek updated D8554: Verified execution (veriexec) as a MAC module..
Nov 18 2016, 4:00 AM
stevek updated D8561: Verified execution (veriexec) device interface to MAC/veriexec.
Nov 18 2016, 3:55 AM
stevek updated D8561: Verified execution (veriexec) device interface to MAC/veriexec.
Nov 18 2016, 3:55 AM
stevek updated D8561: Verified execution (veriexec) device interface to MAC/veriexec.
Nov 18 2016, 3:55 AM
stevek updated D8561: Verified execution (veriexec) device interface to MAC/veriexec.
Nov 18 2016, 3:54 AM
stevek retitled D8561: Verified execution (veriexec) device interface to MAC/veriexec from to Verified execution (veriexec) device interface to MAC/veriexec.
Nov 18 2016, 3:53 AM
stevek updated the diff for D8554: Verified execution (veriexec) as a MAC module..

Remove KLD_ON_SECURELEVEL, as it is not necessary.

Nov 18 2016, 3:23 AM
stevek updated the diff for D8554: Verified execution (veriexec) as a MAC module..

Remove unnecessary copyright in the mac_veriexec module Makefile.

Nov 18 2016, 3:08 AM

Nov 17 2016

stevek updated D8554: Verified execution (veriexec) as a MAC module..
Nov 17 2016, 10:46 PM
stevek updated D8554: Verified execution (veriexec) as a MAC module..
Nov 17 2016, 10:41 PM
stevek updated D8554: Verified execution (veriexec) as a MAC module..
Nov 17 2016, 10:35 PM
stevek updated D8554: Verified execution (veriexec) as a MAC module..
Nov 17 2016, 10:34 PM
stevek updated subscribers of D8554: Verified execution (veriexec) as a MAC module..
Nov 17 2016, 10:34 PM
stevek retitled D8554: Verified execution (veriexec) as a MAC module. from to Verified execution (veriexec) as a MAC module..
Nov 17 2016, 10:33 PM

Nov 16 2016

stevek retitled D8544: Add accessor functions for the if_hw_tsomax* members of ifnet structure. from to Add accessor functions for the if_hw_tsomax* members of ifnet structure..
Nov 16 2016, 9:51 PM

Nov 11 2016

stevek committed rS308535: Add support for LOADER_RC setting in the pkgfs manifest (defaults to.
Add support for LOADER_RC setting in the pkgfs manifest (defaults to
Nov 11 2016, 5:41 PM
stevek committed rS308534: The file_loadraw function grew an argument, update install function.
The file_loadraw function grew an argument, update install function
Nov 11 2016, 4:59 PM
stevek closed D8494: Add Forth script capability and fix compilation of loader install command by committing rS308534: The file_loadraw function grew an argument, update install function.
Nov 11 2016, 4:59 PM
stevek added a comment to D8494: Add Forth script capability and fix compilation of loader install command.
In D8494#176547, @imp wrote:

I'm afraid I wasn't clear because it wasn't either of those things.

I'm thinking you should separate this change into two changes. One that's the file_loadraw() change. And a second one that's the rest of this diff. The code itself is fine. Sorry for the confusion.

Nov 11 2016, 4:37 PM
stevek added a comment to D8494: Add Forth script capability and fix compilation of loader install command.
In D8494#176527, @imp wrote:

Looks good to me, but maybe you'd do the file_loadraw() one first...

Nov 11 2016, 1:51 AM