Page MenuHomeFreeBSD

theraven (David Chisnall)
User

Projects

User Details

User Since
Jun 4 2014, 10:37 AM (593 w, 11 h)

Recent Activity

Fri, Sep 19

theraven added a comment to D51471: release: Add 2 image layers for almost all base.txz packages excluding toolchain, and one with toolchain.

This passed beyond the point where I could add any meaningful feedback a while ago, but I wanted to just chime in briefly to thank everyone who worked on it. I'm really looking forward to playing with these images!

Fri, Sep 19, 4:30 PM

Jul 23 2025

theraven added a comment to D51471: release: Add 2 image layers for almost all base.txz packages excluding toolchain, and one with toolchain.

This split looks good to me. I'd also be happy if these were just pushed to public container registries, rather than to mirrors.

Jul 23 2025, 11:52 AM
theraven added a comment to D51471: release: Add 2 image layers for almost all base.txz packages excluding toolchain, and one with toolchain.

Thanks. It would also be nice to have an intermediate layer that is all of this except the toolchain, since the toolchain is very large but not needed for a lot of these use cases.

Jul 23 2025, 9:55 AM

May 26 2025

theraven added a comment to D50485: glob: Add blocks support.

LGTM, assuming I understand the memory management correctly. I would be happier if something zeroed the gl_errblk field at the end of the call, because otherwise it is a dangling pointer. I don't *think* there's any code path that can reach it, but it's good practice to ensure that any pointer is either to a valid object or null.

May 26 2025, 11:53 AM

May 23 2025

theraven added a comment to D50485: glob: Add blocks support.

This is also missing an update to the man page. The HISTORY bit should mention that glob_b first appeared in OS X 10.6.

May 23 2025, 3:45 PM
theraven added a comment to D50485: glob: Add blocks support.

I'm not quite sure what this is doing, but it isn't following the pattern that the rest of libc uses. We have DECLARE_BLOCK to declare a block type in a compiler-agnostic way and then CALL_BLOCK to call it. You don't need most of the #ifdef __BLOCKS__ bits at all, they're all handled by the abstraction layer.

May 23 2025, 3:44 PM

Apr 30 2025

theraven added a comment to D50089: Don't define NULL to nullptr in C++11 mode.

This probably needs an exp run, I don’t know how many ports depend on this behaviour.

Apr 30 2025, 5:05 PM

Apr 29 2025

theraven added inline comments to D50068: fts: Fix GCC compile error.
Apr 29 2025, 4:05 PM

Apr 19 2025

theraven accepted D49877: fts: Add blocks support..

LGTM.

Apr 19 2025, 5:48 PM

Apr 18 2025

theraven added inline comments to D49877: fts: Add blocks support..
Apr 18 2025, 6:14 PM
theraven added inline comments to D49877: fts: Add blocks support..
Apr 18 2025, 4:49 PM

Jul 19 2024

theraven added inline comments to D45993: Add qemufwcfg driver and FUSE filesystem..
Jul 19 2024, 11:15 AM
theraven updated the diff for D45993: Add qemufwcfg driver and FUSE filesystem..

Address some more review comments.

Jul 19 2024, 11:15 AM
theraven updated the diff for D45993: Add qemufwcfg driver and FUSE filesystem..

Provide an option to disable caching.

Jul 19 2024, 11:07 AM
theraven added inline comments to D45993: Add qemufwcfg driver and FUSE filesystem..
Jul 19 2024, 8:47 AM

Jul 18 2024

theraven updated the diff for D45993: Add qemufwcfg driver and FUSE filesystem..

Fix some review comments, remove a stale comment.

Jul 18 2024, 12:31 PM
theraven added inline comments to D45993: Add qemufwcfg driver and FUSE filesystem..
Jul 18 2024, 9:55 AM
theraven added a comment to D45993: Add qemufwcfg driver and FUSE filesystem..

Thanks @asomers, I now understand FUSE slightly more, and that let me delete around 5% of the userspace code.

Jul 18 2024, 9:46 AM
theraven updated the diff for D45993: Add qemufwcfg driver and FUSE filesystem..

Address asomers' review.

Jul 18 2024, 9:44 AM

Jul 17 2024

theraven added inline comments to D45993: Add qemufwcfg driver and FUSE filesystem..
Jul 17 2024, 3:54 PM
theraven updated the diff for D45993: Add qemufwcfg driver and FUSE filesystem..

Add a default BMAP. The kernel's FUSE seems to require it.

Jul 17 2024, 3:10 PM
theraven added inline comments to D45993: Add qemufwcfg driver and FUSE filesystem..
Jul 17 2024, 2:31 PM
theraven updated the diff for D45993: Add qemufwcfg driver and FUSE filesystem..

Fix more review comments.

Jul 17 2024, 2:28 PM
theraven updated the diff for D45993: Add qemufwcfg driver and FUSE filesystem..

min -> qmin

Jul 17 2024, 2:01 PM
theraven added inline comments to D45993: Add qemufwcfg driver and FUSE filesystem..
Jul 17 2024, 1:57 PM
theraven updated the diff for D45993: Add qemufwcfg driver and FUSE filesystem..

Address some review comments.

Jul 17 2024, 1:57 PM
theraven requested review of D45993: Add qemufwcfg driver and FUSE filesystem..
Jul 17 2024, 12:40 PM

Jul 15 2024

theraven added a comment to D45912: `make installworld' should display the install time.

And, indeed, reverting this commit locally fixes it. Please can it be reverted and re-landed after testing with make packages?

Jul 15 2024, 1:37 PM
theraven added a comment to D45912: `make installworld' should display the install time.

A report on the pkg-base list suggests that this broke make packages. I am seeing the same breakage, which indeed does look like it's dying in the place modified by this commit:

Jul 15 2024, 1:34 PM

Jun 13 2024

theraven added a comment to D45569: bsdinstall: skip tzsetup UTC question.
In D45569#1039675, @brd wrote:

If 95% (or 99% or whatever) of our users don't need this, is it worth imposing this somewhat confusing question on the rest?

Jun 13 2024, 8:09 AM

Jun 12 2024

theraven added a comment to D45569: bsdinstall: skip tzsetup UTC question.

Why not change the text of the question to ‘are you dual booting Windows on this computer?’

Jun 12 2024, 4:56 PM

May 17 2024

theraven accepted D45233: libcxxrt: allow build with gcc13 and --no-undefined-version.
May 17 2024, 7:32 PM

May 1 2024

theraven added a comment to D40676: ktrace: Record detailed ECAPMODE violations.

After this change, ktrace output is littered with 'CAP system call not allowed: $SYSCALL' on systems w/o capsicum enabled

May 1 2024, 4:10 PM · capsicum

Apr 5 2024

theraven added a comment to D32360: Add membarrier(2).

It looks as if this landed without a man page?

Apr 5 2024, 10:00 AM

Mar 2 2024

theraven accepted D44189: libc: actually build bsearch_b.

Oops!

Mar 2 2024, 7:30 AM

Mar 1 2024

theraven added inline comments to D44168: lib/msun: Fix tgammal(3) on IEEE 128-bit platforms.
Mar 1 2024, 4:32 PM

Nov 2 2023

theraven accepted D42438: dtc: Sync with upstream commit 23387dd.
Nov 2 2023, 7:57 AM

Oct 6 2023

theraven added a comment to D40676: ktrace: Record detailed ECAPMODE violations.

I created this patch to make the Capsicumization experience less intimidating for inexperienced developers. Both David and Mariusz may not be the target audience for this change

Oct 6 2023, 7:04 AM · capsicum

Oct 4 2023

theraven added a comment to D40676: ktrace: Record detailed ECAPMODE violations.

It's doable in principle, but in practice dtrace's inability to resolve backtraces in the face of fork/exec makes it mostly unusable

Oct 4 2023, 3:44 PM · capsicum

Sep 29 2023

theraven added a comment to D40676: ktrace: Record detailed ECAPMODE violations.

Are these events exposed to DTrace? When sandboxing, the thing I really want is a stack trace in userspace at the point where the violation happened. If so, it would be great to include a script that logged them. Ideally with an option of an explicit start marker so you can put in a fake cap_enter and be told what you still need to fix.

Sep 29 2023, 6:55 AM · capsicum

Sep 28 2023

theraven added a comment to D40676: ktrace: Record detailed ECAPMODE violations.

To summarize the patch very briefly, this lets you ktrace an application that does not run in capability mode, and ktrace will log all events which would have triggered a Capsicum violation.

Sep 28 2023, 4:54 PM · capsicum

Sep 27 2023

theraven added a comment to D41967: copy_file_range: fix capabilities premissions.

Capsicum-related syscall changes from 2014 on, for reference:

Sep 27 2023, 8:21 AM

Sep 26 2023

theraven added inline comments to D41936: libc: Rewrite quick_exit() and at_quick_exit() using C11 atomics..
Sep 26 2023, 8:21 PM

Sep 25 2023

theraven accepted D41967: copy_file_range: fix capabilities premissions.
Sep 25 2023, 4:21 PM
theraven added a comment to D41967: copy_file_range: fix capabilities premissions.

This looks like it fixes the capsicum bits. I believe we're still missing correct auditing events. In kern_{read,write}*, these are handled in dofile{read,write} but, since copy_file_range bypasses these calls, they need to be added explicitly.

Sep 25 2023, 11:12 AM
theraven added a comment to D41967: copy_file_range: fix capabilities premissions.

Ensure that copy_file_range(2), like pread(2)/pwrite(2), requires the CAP_SEEK capability due to its offset argument.
This alignment prevents unauthorized file offset manipulations by processes.

Sep 25 2023, 9:32 AM

Sep 23 2023

theraven added inline comments to D41936: libc: Rewrite quick_exit() and at_quick_exit() using C11 atomics..
Sep 23 2023, 12:52 PM

Sep 22 2023

theraven added inline comments to D41936: libc: Rewrite quick_exit() and at_quick_exit() using C11 atomics..
Sep 22 2023, 4:56 PM
theraven added a comment to D41936: libc: Rewrite quick_exit() and at_quick_exit() using C11 atomics..

One way out would be to atomic_swap the head to NULL.

Sep 22 2023, 4:54 PM
theraven added inline comments to D41936: libc: Rewrite quick_exit() and at_quick_exit() using C11 atomics..
Sep 22 2023, 2:24 PM
theraven added a comment to D41936: libc: Rewrite quick_exit() and at_quick_exit() using C11 atomics..

Is there a reason to write new code that uses atomics and not use C11 atomics? We’ve had support for them for several releases now and it makes code much harder for new developers to understand if it uses nonstandard features for things that are part of the standard.

Sep 22 2023, 2:17 PM

Aug 23 2023

theraven added a comment to D32360: Add membarrier(2).

It looks as if this landed without a man page?

Aug 23 2023, 7:48 AM

Aug 17 2023

theraven accepted D41482: dtc: Sync with upstream commit 26a0fe5.

LGTM.

Aug 17 2023, 8:21 AM

Aug 10 2023

theraven accepted D41265: Fix mountd's SIGHUP handler to set a variable of the correct type.
Aug 10 2023, 9:18 AM

Jun 26 2023

theraven added a comment to D38336: bhyve: add helper for adding fwcfg files.

Thanks. You can enable fwcfg by -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd,fwcfg=qemu. You can also add additional item with the -f option. It has the same syntax like the -fwcfg option of qemu (https://www.qemu.org/docs/master/specs/fw_cfg.html#externally-provided-items).

Jun 26 2023, 7:42 AM

Jun 25 2023

theraven added a comment to D38336: bhyve: add helper for adding fwcfg files.

Thanks. I've implemented a NetBSD-compatible kernel interface and tested it with the NetBSD FUSE filesystem:

Jun 25 2023, 5:14 PM

Jun 13 2023

theraven added a comment to D38336: bhyve: add helper for adding fwcfg files.

Yes, exactly. It looks as if NetBSD has such a driver (https://man.netbsd.org/qemufwcfg.4), along with a FUSE FS the shared files into the filesystem. If anyone is working on such a thing for FreeBSD, it would be helpful, otherwise I will have a go next time I have some spare time.

Jun 13 2023, 2:30 PM
theraven added a comment to D38336: bhyve: add helper for adding fwcfg files.

Do you have plans to add the guest part of this device? Currently, Podman uses this mechanism to pass configuration information (specifically, accounts to create and ssh keys) to VMs that it creates to run containers. It would be possible to add an alternative mechanism for FreeBSD (though it’s not clear what that mechanism should be) but if there’s an existing device to grab this config and provide it to userspace that someone is working on then that would be much easier to use.

Jun 13 2023, 9:05 AM

Mar 22 2023

theraven accepted D39196: amd64: reduce header pollution in _stdint.h.

This looks fine to me. Assuming I'm reading the code correctly, this change is only for targets where int64_t is long, so there should be no change in any C++ / ObjC name mangling as a result of this. It's a bit curious that we explicitly define it as a fixed-width type for 32-bit targets but long for 64-bit prior to this change, did I do that?

Mar 22 2023, 9:31 AM

Feb 9 2023

theraven abandoned D30635: Pass the syscall number to capsicum permission-denied signals.

12 is getting close to EOL, 14 is close to release, so it's too late for a back-port to 12 to matter to me.

Feb 9 2023, 12:34 PM

Feb 8 2023

theraven added a comment to D33248: Optionally deliver SIGCAP on capsicum violations..

I've rebased this, addressed reviewer comments (except the one that wants me to change some whitespace in a way that I don't fully understand), and tested it again with the Verona process-sandbox code.

Feb 8 2023, 4:49 PM
theraven updated the diff for D33248: Optionally deliver SIGCAP on capsicum violations..
  • Address some reviewer comments.
Feb 8 2023, 11:56 AM
theraven accepted D38408: xlocale: garbage collect references to strtoq_l/strtouq_l.

LGTM. I thought we had those functions, but I've never seen any code in the wild using them, so if we don't then we should get rid of any reference to them.

Feb 8 2023, 11:52 AM

Aug 17 2022

theraven added a comment to D32505: Add rseq(2).

The goal is to have tcmalloc natively working with full capacity and without further patching.

Aug 17 2022, 10:02 AM

Aug 16 2022

theraven added a comment to D32505: Add rseq(2).

I would still like to see a design document and some design review before this is added. This feature in Linux has been quite controversial. I can see a case for copying a Linux feature that is widely used, or for adding a feature in the Linuxulator that is needed by certain workloads, but this doesn't seem to meet either of those requirements (not widely used, not being added to the Linux ABI layer here, only as a native syscall).

Aug 16 2022, 8:34 AM

Jul 15 2022

theraven accepted D35815: Remove unnecessary const and volatile qualifiers from __fp_type_select().

Fantastic, thanks!

Jul 15 2022, 8:01 AM

Jul 14 2022

theraven added a comment to D35815: Remove unnecessary const and volatile qualifiers from __fp_type_select().

This is because the controlling expression always undergoes lvalue
conversion first, dropping any cv-qualifiers

Jul 14 2022, 9:57 PM

Apr 1 2022

theraven added inline comments to D33248: Optionally deliver SIGCAP on capsicum violations..
Apr 1 2022, 2:14 PM
theraven added a comment to D33248: Optionally deliver SIGCAP on capsicum violations..
In D33248#764167, @kib wrote:

Don't you want to have core dumped for unhandled SIGCAP?

Apr 1 2022, 12:20 PM

Mar 9 2022

theraven accepted D34488: Remove compat hacks from libcxxrt's _Unwind_Exception.

Ah, sorry, I thought these were additional changes. Looking more carefully, these all seem to be things that we've done upstream already.

Mar 9 2022, 9:56 AM
theraven added a comment to D34488: Remove compat hacks from libcxxrt's _Unwind_Exception.

Please can you raise a PR upstream that adds a macro to select between the two ABIs, so that we're not carrying a diff in the FreeBSD version?

Mar 9 2022, 7:45 AM

Jan 7 2022

theraven added a comment to D33248: Optionally deliver SIGCAP on capsicum violations..

Are there any other blockers to committing this? @markj, please can you approve if not?

Jan 7 2022, 1:08 PM

Dec 19 2021

theraven added a comment to D32505: Add rseq(2).

It's still not clear what the purpose of this is. It's not added to the Linux ABI. If we're adding a new FreeBSD syscall, there should be some design review or at least motivating use cases. Linux' rseq is mostly useless (far less useful than a lightweight userspace interrupt delivery mechanism or a resume-from-context-switch handler) and is *only* vaguely useful on Linux in combination with the fact that Linux has a lightweight get-CPU system call implemented in the VDSO that is cheaper than a CPUID (which is a serialising instruction and generally costs more than the saving of most of the win from doing per-CPU instead of per-thread things).

Dec 19 2021, 11:36 AM

Dec 7 2021

theraven updated the diff for D33248: Optionally deliver SIGCAP on capsicum violations..
  • Fix comma splice.
Dec 7 2021, 10:39 AM

Dec 6 2021

theraven added a comment to D33248: Optionally deliver SIGCAP on capsicum violations..

FWIW, I tried the tests for your process_sandbox (with this patch applied of course) and one test consistently fails:

markj@biggie> ./test-onebitsem-child
Dec 6 2021, 5:11 PM
theraven updated the diff for D33248: Optionally deliver SIGCAP on capsicum violations..
  • Address code review comments.
Dec 6 2021, 5:11 PM

Dec 3 2021

theraven added inline comments to D33248: Optionally deliver SIGCAP on capsicum violations..
Dec 3 2021, 4:10 PM
theraven updated the diff for D33248: Optionally deliver SIGCAP on capsicum violations..
  • Fix copy-and-paste fail.
Dec 3 2021, 4:09 PM
theraven requested review of D33248: Optionally deliver SIGCAP on capsicum violations..
Dec 3 2021, 3:14 PM

Oct 18 2021

theraven added a comment to D32505: Add rseq(2).

Again, this is clearly outside the design space of rseq.

Oct 18 2021, 8:05 AM

Oct 16 2021

theraven added a comment to D32505: Add rseq(2).
In D32505#733678, @kib wrote:

Lets limit the discussion to rseq(2) and not to some future hypothetical design needed for CheriBSD (which is not FreeBSD).

Oct 16 2021, 5:10 PM
theraven added a comment to D32505: Add rseq(2).
In D32505#733659, @kib wrote:
  • For allocator hardening, we'd like to ensure that signals delivered while executing in the allocator don't expose internal allocator state, so we'd like a mechanism somewhat closer to Windows structured exception handling that allows signals to be redirected based on a specific IP range.

Why should this be done in kernel? More, I believe that Windows does not do it in kernel either. Last time I looked (I admit it was very long time ago) they have a single upcall from kernel to userspace for all that stuff. It is usermode duty to interpret signal source + find the corresponding entry in the exceptions ranges table and do the unwind.

More, I think that there is a strong reason why kernel should not do that. You probably need to distinguish between sync and async signals, and further classify them based on si_code before even taking the look at the unwinding, so that only the events you are prepared for, like GC barriers or whatever you know about, started your specific actions. Kernel should not know about all that details.

Oct 16 2021, 1:18 PM
theraven added a comment to D32505: Add rseq(2).

@brooks, can you take a look at this from a CheriABI perspective? The current version uses the Linux convention of assuming that uint64_t is a sensible type for memory addresses. We probably can't do that in CheriABI because it would allow you to register a jump address that would make other code jump to your handler (or, conversely, it may prevent you from setting a range in some situations where there's a PCC change in between the rseq setup and the destination).

Oct 16 2021, 11:46 AM

Oct 12 2021

theraven added inline comments to D32360: Add membarrier(2).
Oct 12 2021, 9:20 AM

Oct 11 2021

theraven added a comment to D32360: Add membarrier(2).

Thanks for doing this, it will make porting our work to FreeBSD easier. There are some missing man pages (both for the new pmap interfaces and for the syscall).

Oct 11 2021, 5:24 PM

Jul 17 2021

theraven abandoned D31133: Add a pdvfork system call..

Abandoning: This is probably not the right approach and @jhb is working on something similar so I'll wait for his version.

Jul 17 2021, 4:05 PM

Jul 16 2021

theraven committed rGcf98bc28d39d: Pass the syscall number to capsicum permission-denied signals (authored by theraven).
Pass the syscall number to capsicum permission-denied signals
Jul 16 2021, 5:08 PM

Jul 10 2021

theraven committed rGd2b558281aad: Revert "Pass the syscall number to capsicum permission-denied signals" (authored by theraven).
Revert "Pass the syscall number to capsicum permission-denied signals"
Jul 10 2021, 7:27 PM
theraven added a reverting change for rG3a522ba1bc85: Pass the syscall number to capsicum permission-denied signals: rGd2b558281aad: Revert "Pass the syscall number to capsicum permission-denied signals".
Jul 10 2021, 7:27 PM
theraven added a reverting change for D29185: Pass the syscall number to capsicum permission-denied signals: rGd2b558281aad: Revert "Pass the syscall number to capsicum permission-denied signals".
Jul 10 2021, 7:26 PM
theraven added a comment to D31133: Add a pdvfork system call..

@brooks, this should also be useful for combining CHERI coprocesses with Capsicum (coprocesses are currently created with vfork + coexecve).

Jul 10 2021, 4:27 PM
theraven requested review of D31133: Add a pdvfork system call..
Jul 10 2021, 4:25 PM
theraven committed rG3a522ba1bc85: Pass the syscall number to capsicum permission-denied signals (authored by theraven).
Pass the syscall number to capsicum permission-denied signals
Jul 10 2021, 4:20 PM
theraven closed D29185: Pass the syscall number to capsicum permission-denied signals.
Jul 10 2021, 4:20 PM

Jun 25 2021

theraven updated the diff for D30635: Pass the syscall number to capsicum permission-denied signals.
  • Propagate the field on fork.
Jun 25 2021, 1:32 PM
theraven updated the diff for D30635: Pass the syscall number to capsicum permission-denied signals.
  • Add missing siginfo(3) documentation.
  • Propagate the field on fork.
Jun 25 2021, 11:46 AM
theraven updated the diff for D29185: Pass the syscall number to capsicum permission-denied signals.
  • Add missing siginfo(3) documentation.
Jun 25 2021, 10:35 AM

Jun 4 2021

theraven added a comment to D29185: Pass the syscall number to capsicum permission-denied signals.

Let's try option 2 and see if it works :-)

Jun 4 2021, 3:55 PM
theraven added a comment to D29185: Pass the syscall number to capsicum permission-denied signals.

I've never used git send-mail, how does it interact with Phabricator? If I do a rebase / squash to produce a single commit, is that sufficient? You should be able to then arc patch and git push.

Jun 4 2021, 3:40 PM
theraven added a comment to D29185: Pass the syscall number to capsicum permission-denied signals.

Thanks. Please can you commit if you're happy with it?

Jun 4 2021, 1:11 PM