Page MenuHomeFreeBSD

stevek (Stephen J. Kiernan)
Principal Engineer, Core OS/Kernel group, Juniper Networks, Inc.

Projects

User does not belong to any projects.

User Details

User Since
Jun 13 2015, 3:41 PM (213 w, 4 d)

Recent Activity

Yesterday

D20909: loader: ignore some variable settings if input unverified is now accepted and ready to land.

If additional things are found necessary to be added to the list (or handled otherwise), they can be added after the fact. But this gets the ball rolling and is definitely needed.

Wed, Jul 17, 7:47 PM

Wed, Jun 26

D20700: libsecureboot: allow OpenPGP support to be dormant is now accepted and ready to land.
Wed, Jun 26, 8:26 PM

May 24 2019

stevek accepted D20387: ficl pfopen: verify file.
May 24 2019, 5:58 PM

May 23 2019

stevek added inline comments to D20387: ficl pfopen: verify file.
May 23 2019, 9:27 PM

May 21 2019

stevek committed rS348051: The older detection methods (smbios.bios.vendor and smbios.system.product).
The older detection methods (smbios.bios.vendor and smbios.system.product)
May 21 2019, 1:30 PM
stevek closed D20305: Set a specific value in vm_guest for older detection methods.
May 21 2019, 1:30 PM

May 19 2019

stevek updated the diff for D20305: Set a specific value in vm_guest for older detection methods.

Take care of review comments.
Also change the conditional in print_hypervisor_info() to explicitly check
for NUL character instead of treating a character as a boolean.

May 19 2019, 4:10 PM
stevek added inline comments to D20305: Set a specific value in vm_guest for older detection methods.
May 19 2019, 3:20 PM
stevek committed rS347972: Add missing setting of hv_base to the leaf that we used..
Add missing setting of hv_base to the leaf that we used.
May 19 2019, 3:07 PM
stevek abandoned D20298: Allow building veriexec utility without bearssl support.

After discussion with sjg, we do not want to support veriexec without signing

May 19 2019, 2:27 PM

May 18 2019

stevek created D20305: Set a specific value in vm_guest for older detection methods.
May 18 2019, 6:14 PM
stevek abandoned D9661: Fix a memory leak with fw_check_device_ready.

Abandon, since this has already been addressed.

May 18 2019, 5:51 PM
stevek commandeered D9661: Fix a memory leak with fw_check_device_ready.

I will update and commit with the requested changes.

May 18 2019, 5:46 PM

May 17 2019

stevek accepted D20297: libsecureboot: allow control of when pseudo pcr is updated.
May 17 2019, 7:57 PM
stevek created D20298: Allow building veriexec utility without bearssl support.
May 17 2019, 7:51 PM
stevek committed rS347942: Add a new ioctl for the larger params struct that includes the label..
Add a new ioctl for the larger params struct that includes the label.
May 17 2019, 7:27 PM
stevek closed D20295: Support for setting labels via veriexec.
May 17 2019, 7:27 PM
stevek updated the summary of D20295: Support for setting labels via veriexec.
May 17 2019, 6:57 PM
stevek updated the diff for D20295: Support for setting labels via veriexec.

Return the size of the allocated space for the label, even if we copied in a smaller label.

May 17 2019, 6:56 PM
stevek created D20295: Support for setting labels via veriexec.
May 17 2019, 6:39 PM
stevek committed rS347941: Add command to get version of the ioctl interface for the veriexec device..
Add command to get version of the ioctl interface for the veriexec device.
May 17 2019, 6:26 PM
stevek committed rS347938: Obtain a shared lock instead of exclusive in the MAC/veriexec.
Obtain a shared lock instead of exclusive in the MAC/veriexec
May 17 2019, 6:13 PM
stevek committed rS347936: sysctls which should be restricted when securelevel is raised should also.
sysctls which should be restricted when securelevel is raised should also
May 17 2019, 6:10 PM
stevek committed rS347935: Fix format strings for some debug messages that could have arguments that.
Fix format strings for some debug messages that could have arguments that
May 17 2019, 6:06 PM
stevek committed rS347934: Protect commands that are considered dangerous with checks for kmem write.
Protect commands that are considered dangerous with checks for kmem write
May 17 2019, 6:02 PM
stevek committed rS347933: Ensure we have obtained a lock on the process before calling.
Ensure we have obtained a lock on the process before calling
May 17 2019, 5:50 PM
stevek abandoned D20294: Ensure we have obtained process lock where necessary..
May 17 2019, 5:47 PM
stevek created D20294: Ensure we have obtained process lock where necessary..
May 17 2019, 5:46 PM
stevek committed rS347932: Instead of individual conditional statements to look for each hypervisor.
Instead of individual conditional statements to look for each hypervisor
May 17 2019, 5:21 PM
stevek closed D16305: Table driven hypervisor detection and addition of VirtualBox..
May 17 2019, 5:21 PM

May 16 2019

stevek added a comment to D16306: paravirt: Add KVM clock timecounter support.

any update on this?

May 16 2019, 1:53 AM

May 9 2019

stevek accepted D20208: libsecureboot: make it easier to customize trust anchors.
May 9 2019, 5:18 PM

Oct 20 2018

stevek updated the diff for D6814: Add libfdt user space library.

Added fdt_addresses.c and fdt_overlay.c

Oct 20 2018, 7:16 PM
stevek updated the diff for D6814: Add libfdt user space library.

Build libfdt as static library only
Update to latest head libnames.mk changes.

Oct 20 2018, 7:03 PM

Oct 19 2018

stevek updated the diff for D16306: paravirt: Add KVM clock timecounter support.

Removed kvm_clock_tsc_freq, per comments, as it is currently not needed.

Oct 19 2018, 11:54 PM
stevek updated the diff for D16305: Table driven hypervisor detection and addition of VirtualBox..

Addressed review comments - added additional comments and save the first
hypervisor we found so we have some information even if we cannot find an
exact match.

Oct 19 2018, 11:00 PM

Sep 11 2018

stevek added a comment to D6814: Add libfdt user space library.
In D6814#362680, @ian wrote:

This should be attached to the build, and used by the GNU dtc.

I'm wondering should libfdt be conditionally built and, if so, should it be based on MK_FDT and MK_GPL_DTC (since the dtc build will be using it after the suggested changes)?

I think it should be conditional on MK_FDT, but not on MK_GPL_DTC, because the library itself is BSD-licensed.

Sep 11 2018, 4:47 PM

Jul 31 2018

stevek added inline comments to D16305: Table driven hypervisor detection and addition of VirtualBox..
Jul 31 2018, 8:39 PM

Jul 25 2018

stevek updated the diff for D16305: Table driven hypervisor detection and addition of VirtualBox..

Fixed bhyve detection string, as pointed out by bryanv

Jul 25 2018, 6:09 PM

Jul 19 2018

stevek updated the diff for D16305: Table driven hypervisor detection and addition of VirtualBox..

Removed duplicate comment and replaced it with a more appropriate one
that explains if CPUID2_HV is set, we are running in a hypervisor environment.

Jul 19 2018, 8:50 PM

Jul 17 2018

stevek added a comment to D1435: paravirt: Add KVM clock timecounter support.

The change in this review depends on some hypervisor detection changes that I don't think make sense anymore. @stevek has done the work to refactor this change on to HEAD that I hope he's able to submit soon.

Jul 17 2018, 7:46 PM
stevek updated the summary of D16306: paravirt: Add KVM clock timecounter support.
Jul 17 2018, 7:40 PM
stevek created D16306: paravirt: Add KVM clock timecounter support.
Jul 17 2018, 7:39 PM
stevek created D16305: Table driven hypervisor detection and addition of VirtualBox..
Jul 17 2018, 7:32 PM

Jul 14 2018

stevek committed rS336289: Add mpo_vnode_check_setmode MAC method to MAC/veriexec..
Add mpo_vnode_check_setmode MAC method to MAC/veriexec.
Jul 14 2018, 5:21 PM
stevek committed rS336287: Add config(8) options that can be used to enable building MAC/veriexec.
Add config(8) options that can be used to enable building MAC/veriexec
Jul 14 2018, 5:18 PM
stevek committed rS336286: Fix a typo which could cause a build breakage when building with MAC/veriexec.
Fix a typo which could cause a build breakage when building with MAC/veriexec
Jul 14 2018, 5:15 PM
stevek committed rS336284: Remove RIPEMD-160 fingerprint modules for veriexec, since it has very.
Remove RIPEMD-160 fingerprint modules for veriexec, since it has very
Jul 14 2018, 4:59 PM

Jul 11 2018

stevek created P189 Get FILES_CPU_FUNC from SFILES.
Jul 11 2018, 8:55 PM

Jun 28 2018

stevek created P187 VMware GuestRPC.
Jun 28 2018, 2:31 PM

Jun 26 2018

stevek committed rS335682: Partial revert of r335399 and r335400:.
Partial revert of r335399 and r335400:
Jun 26 2018, 11:28 PM
stevek committed rS335681: Revert r335402.
Revert r335402
Jun 26 2018, 11:20 PM

Jun 20 2018

stevek committed rS335430: Fix build breakage in veriexec for 32-bit architectures..
Fix build breakage in veriexec for 32-bit architectures.
Jun 20 2018, 6:54 AM
stevek committed rS335402: This application (veriexecctl) handles reading a fingerprints file.
This application (veriexecctl) handles reading a fingerprints file
Jun 20 2018, 1:09 AM
stevek closed D8575: Verified execution (veriexec) fingerprint loader.
Jun 20 2018, 1:09 AM
stevek committed rS335401: This library allows for user space applications to check file descriptors.
This library allows for user space applications to check file descriptors
Jun 20 2018, 12:55 AM
stevek closed D8562: Verified execution (veriexec) library interface to MAC/veriexec per-policy syscall.
Jun 20 2018, 12:55 AM
stevek committed rS335400: Device for user space to interface with MAC/veriexec..
Device for user space to interface with MAC/veriexec.
Jun 20 2018, 12:48 AM
stevek closed D8561: Verified execution (veriexec) device interface to MAC/veriexec.
Jun 20 2018, 12:48 AM
stevek committed rS335399: MAC/veriexec implements a verified execution environment using the MAC.
MAC/veriexec implements a verified execution environment using the MAC
Jun 20 2018, 12:41 AM
stevek closed D8554: Verified execution (veriexec) as a MAC module..
Jun 20 2018, 12:41 AM

Jan 28 2018

stevek added a comment to D14064: Change the installer default to not install ports.

Maybe as a separate change, but is it time to stop shipping lib32 by default as well?

Jan 28 2018, 8:06 PM

Jan 9 2018

stevek added inline comments to D8575: Verified execution (veriexec) fingerprint loader.
Jan 9 2018, 9:09 PM
stevek added inline comments to D8575: Verified execution (veriexec) fingerprint loader.
Jan 9 2018, 9:06 PM
stevek added inline comments to D8575: Verified execution (veriexec) fingerprint loader.
Jan 9 2018, 9:02 PM
stevek added a comment to D8554: Verified execution (veriexec) as a MAC module..
In D8554#289494, @jtl wrote:

I think one of the few weaknesses I see is the way the hash result is cached.
Have you considered mitigations, such as:

  • not caching hash results for remote volumes (e.g. NFS)?
Jan 9 2018, 8:54 PM
stevek added a comment to D8554: Verified execution (veriexec) as a MAC module..
In D8554#289476, @jtl wrote:

It seems like this could use a man page to describe the mechanism. There are some subtleties that are not immediately obvious, such as the way that shared libraries are protected. In addition, the O_VERIFY flag should probably be documented in the open() man page with a pointer to the verified exec man page.

Jan 9 2018, 8:50 PM
stevek accepted D13814: Fix backwards MD_VERIFY logic for md devices.

looks good.

Jan 9 2018, 8:42 PM

Dec 6 2017

stevek committed rS326636: The function make_relative_prefix_1 does not properly free locally.
The function make_relative_prefix_1 does not properly free locally
Dec 6 2017, 9:18 PM
stevek closed D9691: Fix a memory leak in libiberty.
Dec 6 2017, 9:18 PM
stevek committed rS326635: The function fwscanf() return value is wrong when encountering an early.
The function fwscanf() return value is wrong when encountering an early
Dec 6 2017, 9:12 PM
stevek closed D13288: fwscanf returns EOF instead of ZERO in the event of matching failure.
Dec 6 2017, 9:12 PM
stevek added a comment to D9691: Fix a memory leak in libiberty.

@stevek will you commit (with style fix)?

Dec 6 2017, 8:51 PM

Dec 1 2017

stevek added a comment to D13288: fwscanf returns EOF instead of ZERO in the event of matching failure.
In D13288#277164, @jhb wrote:

My only other thought is it would be nice to add a test case for this.

Dec 1 2017, 7:32 PM

Nov 30 2017

stevek added a comment to D13287: Allow using libkvm on kernel modules.
In D13287#277145, @imp wrote:

looks good to me. IIRC, this isn't true for every architecture, but there's no reason I know of to disallow it there.

Nov 30 2017, 8:39 PM

Nov 28 2017

stevek added a comment to D9637: Fix a memory leak with the variable logfname.

Fine with me as well.

Nov 28 2017, 9:42 PM
stevek created D13288: fwscanf returns EOF instead of ZERO in the event of matching failure.
Nov 28 2017, 9:27 PM
stevek created D13287: Allow using libkvm on kernel modules.
Nov 28 2017, 9:19 PM

Oct 28 2017

stevek added a comment to D12808: Don't set a harvest_mask by default..

The proposed patch would effectively disable all entropy gathering sources by default. Thus, systems would boot up without any entropy, save the cached entropy from last reboot. On freshly installed systems, there is no cached entropy. The state of the entropy subsystem would be subpar.

Oct 28 2017, 6:44 PM

Oct 26 2017

stevek abandoned D11765: Fall back to md(4) in rc.initdiskless if tmpfs(5) is not available.

D12301 takes care of things better.

Oct 26 2017, 6:37 PM

Sep 23 2017

stevek added inline comments to D12301: Enhance mdmfs(8) to work with tmpfs(5).
Sep 23 2017, 7:06 PM

Sep 13 2017

stevek added inline comments to D12301: Enhance mdmfs(8) to work with tmpfs(5).
Sep 13 2017, 7:35 PM

Sep 9 2017

stevek accepted D12291: Add AT_HWCAP flags for VFP settings for FreeBSD/arm..

Makes sense. HWCAP_ARM_* values look sane.

Sep 9 2017, 6:11 PM
stevek removed a reviewer for D10161: Continuation of D9903.: stevek.
Sep 9 2017, 3:21 PM
stevek added a reviewer for D12293: Add a NT_ARM_VFP ELF core note to hold VFP registers for each thread.: stevek.
Sep 9 2017, 3:16 PM
stevek added a reviewer for D12294: Add ptrace operations to fetch and store VFP registers.: stevek.
Sep 9 2017, 3:16 PM
stevek added a reviewer for D12291: Add AT_HWCAP flags for VFP settings for FreeBSD/arm.: stevek.
Sep 9 2017, 3:15 PM
stevek added inline comments to D12291: Add AT_HWCAP flags for VFP settings for FreeBSD/arm..
Sep 9 2017, 3:15 PM
stevek accepted D12292: Only mess with VFP state on the CPU for curthread for get/set_vfpcontext..

Looks good.

Sep 9 2017, 3:04 PM
stevek added a reviewer for D12292: Only mess with VFP state on the CPU for curthread for get/set_vfpcontext.: stevek.
Sep 9 2017, 3:03 PM
stevek added a comment to D12290: Add AT_HWCAP and AT_EHDRFLAGS on all platforms..

One common typo: "CPU featire flags" should be "CPU feature flags".

Sep 9 2017, 2:44 PM

Jul 28 2017

stevek added inline comments to D11765: Fall back to md(4) in rc.initdiskless if tmpfs(5) is not available.
Jul 28 2017, 5:13 PM
stevek updated the diff for D11765: Fall back to md(4) in rc.initdiskless if tmpfs(5) is not available.

Edited comment for load_tmpfs

Jul 28 2017, 3:43 AM
stevek updated the summary of D11765: Fall back to md(4) in rc.initdiskless if tmpfs(5) is not available.
Jul 28 2017, 3:41 AM
stevek created D11765: Fall back to md(4) in rc.initdiskless if tmpfs(5) is not available.
Jul 28 2017, 3:40 AM

Jun 15 2017

stevek closed D11106: Use tmpfs in rc.initdiskless by committing rS319987: Replace md(4) usage in diskless(8) script rc.initdiskless with tmpfs(5)..
Jun 15 2017, 8:06 PM
stevek committed rS319987: Replace md(4) usage in diskless(8) script rc.initdiskless with tmpfs(5)..
Replace md(4) usage in diskless(8) script rc.initdiskless with tmpfs(5).
Jun 15 2017, 8:06 PM

Jun 13 2017

stevek committed rS319903: The variable nargv is allocated but never freed, so free it when the it.
The variable nargv is allocated but never freed, so free it when the it
Jun 13 2017, 3:50 PM
stevek closed D9652: fix memory leak in 'finger' by committing rS319903: The variable nargv is allocated but never freed, so free it when the it.
Jun 13 2017, 3:50 PM
stevek added a reviewer for D11106: Use tmpfs in rc.initdiskless: brooks.
Jun 13 2017, 3:34 PM