bhyve reviewers group
Tue, Dec 11
LGTM! Thanks for the patch!
Mon, Dec 10
Mon, Dec 3
Nov 5 2018
Sep 6 2018
Sep 4 2018
I have tested it with FreeBSD HEAD as a guest running for couple days.
Aug 28 2018
This looks right to me now. I'll try to test it locally in the next day or so.
Minimize diff with suggestions by jhb.
Reflect changes requested by both kib and jhb.
You should only be replacing the existing MAP_ANON / PROT_NONE mmap() calls with MAP_GUARD instead. You shouldn't be adding new mmap() calls. The "real" thing is already being mmap()'d later. As @kib notes, it's good to use 'svn diff -x -U 99999' or the like to generate context when uploading to phabricator.
The only useful feature of the phabricator is to easily see context around the patch, which you successfully botched.
Missed a spot. Cover another mapping with MAP_GUARD.
Update the patch to use John Baldwin's suggestion on mapping the entire range first with MAP_GUARD.
Adding @kib since he added MAP_GUARD. I think you should instead MAP_GUARD the entire range first and then remap the middle. The middle is already remapped on line 518, so instead of adding new mmap()'s just for the guards, you should replace the mmap() on line 496 with this:
Aug 21 2018
Aug 1 2018
Jul 31 2018
Jul 30 2018
Put the allow.vmm documentation in the right place in the jail(8) manpage.
Address the superfluous conditional and add an entry into the jail(8) manpage.
One more thing to do: jail(8) should mention the flag. There's a section about module-specific flags where I think it would fit better than the main allow.* section.
Update the patch to take into account the new dynamic allow.* API.
Jul 20 2018
Jul 9 2018
Jul 6 2018
Jul 5 2018
I've added D16146, which makes a new allow.* bit easy:
In addition to the question of where to check the permissions, there's also the issue that the allow.vmm parameter shouldn't exist in a non-VMM system. This means the SYSCTL_JAIL_PARAM should be defined in vmm_dev.c or some other vmm-related file; that way, if VMM is loaded as a module, the parameter would be attached to that module.
Jul 4 2018
Might want to add @jamie as a reviewer.