Re: svn commit: r334199 - head/usr.sbin/bhyve

> > > > except in buggy code. Using assert for handling is poor practice. > > > > > > > > > > > > > > > > Again, in this case we are using it all over the place and we must > > > > replace > > > > > it. Also we should document it in somewhere perhaps in the assert(3) > > > > > otherwise myself and others will keep using it. If you use find, not > > only > > > > > myself is using it to check strdup! So what is the suggestion to > > handle > > > > > assert(3)? Deprecated it? > > > > > > > > Code that uses assert() in place of error handling is wrong and should > > > > be fixed. assert(condition) means that condition must never happen > > > > and if it does a bug has occurred (or the programmers assumptions are > > > > wrong). In this case failure would not be due to a bug, but do to > > > > resource exhaustion which is expected to be handled. > > > > > > > > > > I agree with you! We have plenty of place that use strdup(3) without > > check > > > the errno ENOMEN return; so do you think would be better bypass a errno > > > ENOMEN without check it and have a crash, or better abort(3) using > > > assert(3) in case we have no memory available to allocated the memory > > for a > > > copy of a string? > > > > The correct code here would be one of: > > > > str = strdup(opt); > > if (str == NULL) > > goto out; > > > > No, it is not the correct code! If we go out and free(str) we have nothing > to free, because we even didn't allocated memory for str. Hey Marcelo, I've authored this commit, which fixes the issues Brooks brought up (and with which I agree): https://github.com/HardenedBSD/hardenedBSD/commit/9c05b8def2c33e3889430cc2f54be0402a257366 Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r334199 - head/usr.sbin/bhyve

find and fix more of these cases. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE sig

Re: svn commit: r334216 - head/usr.sbin/bhyve

_parse(const char *opt) > > goto out; > > } > > free(str); > > + str = NULL; > > > > /* > > * Range check 1 <= n <= UINT16_MAX all values > > @@ -253,7 +255,8 @@ topology_parse(const char *opt) &g

Re: svn commit: r334719 - in head: cddl/lib/libdtrace lib/libc/sys sys/kern sys/netinet sys/netinet6 sys/sys

per must specify a random value as a cookie. Applications who want to share the port, then, must also specify the cookie (perhaps via another socket option?). What are your thoughts? I'm CC'ing Johannes to get his thoughts as well. Thanks, -- Shawn Webb Cofoun

Re: svn commit: r326857 - in head: . share/mk stand/i386/zfsboot

this revision, will my system now fail to boot? Or, will it only fail to boot if I update the bootloader? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r327614 - head/usr.bin/morse

19 > Reviewed by:kevans > > [snip] > > +void > +fdecode(FILE *stream) Hey Eitan, This broke the arm64 build: https://jenkins.hardenedbsd.org/jenkins/job/HardenedBSD-CURRENT-arm64/159/console Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ifi

Re: svn commit: r327614 - head/usr.bin/morse

On Sat, Jan 06, 2018 at 08:33:07AM -0500, Shawn Webb wrote: > On Sat, Jan 06, 2018 at 07:02:24AM +, Eitan Adler wrote: > > Author: eadler > > Date: Sat Jan 6 07:02:24 2018 > > New Revision: 327614 > > URL: https://svnweb.freebsd.org/changeset/base/327614

Re: svn commit: r318736 - in head: cddl/lib/libzfs contrib/compiler-rt/lib/sanitizer_common contrib/openbsm/libbsm include lib/libarchive lib/libc/gen lib/libc/include lib/libc/sys lib/libkvm lib/libm

erential revision: https://reviews.freebsd.org/D10439 > > Modified: > head/contrib/openbsm/libbsm/bsm_wrappers.c Hey Kostik, Did the OpenBSM changes ever make it upstream to the OpenBSM project? I'm looking through the commits of the OpenBSM project and it looks like they n

Re: svn commit: r318313 - head/libexec/rtld-elf

with Integriforce in HardenedBSD). Since even the rtld is checked, an attacker can now bypass the application whitelisting scheme by running: /libexec/ld-elf.so.1 /path/to/previously/disallowed/executable Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r319796 - in head/lib/clang: libclang liblldb libllvm

liblldb. > > MFC after: 3 days > This commit breaks buildworld when WITH_LLD_IS_LD, WITH_SYSTEM_COMPILER, WITH_SHARED_TOOLCHAIN are set. Reverting this commit fixes the build. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE

Re: svn commit: r319971 - in head: contrib/jemalloc contrib/jemalloc/doc contrib/jemalloc/include/jemalloc contrib/jemalloc/include/jemalloc/internal contrib/jemalloc/src include lib/libc/stdlib/jemal

nd failed with exit code 1 (use -v to see invocation) --- libc.so.7.full --- *** [libc.so.7.full] Error code 1 make[4]: stopped in /scratch/fbsd/lib/libc Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD E

Re: svn commit: r320430 - head/sys/vm

> Modified: > head/sys/vm/vm_map.c > head/sys/vm/vm_map.h > head/sys/vm/vm_mmap.c Hey Kostik, This commit breaks both xorg and shutting down/rebooting. Reverting this commit makes my laptop happy again. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key

Re: svn commit: r320430 - head/sys/vm

On Wed, Jun 28, 2017 at 06:32:38PM -0400, Shawn Webb wrote: > On Wed, Jun 28, 2017 at 04:02:37AM +, Konstantin Belousov wrote: > > Author: kib > > Date: Wed Jun 28 04:02:36 2017 > > New Revision: 320430 > > URL: https://svnweb.freebsd.org/changeset/base/320430 &g

Re: svn commit: r320430 - head/sys/vm

On Thu, Jun 29, 2017 at 09:23:33AM -0400, Shawn Webb wrote: > On Wed, Jun 28, 2017 at 06:32:38PM -0400, Shawn Webb wrote: > > On Wed, Jun 28, 2017 at 04:02:37AM +, Konstantin Belousov wrote: > > > Author: kib > > > Date: Wed Jun 28 04:02:36 2017 > > > N

Re: svn commit: r307394 - in head: share/man/man4 sys/conf sys/dev/netmap sys/modules/netmap sys/net tools/tools/netmap

NET_SET(TD_TO_VNET(rd)); ^ /usr/src/sys/dev/netmap/netmap_freebsd.c:1410:25: error: use of undeclared identifier 'rd' /usr/src/sys/dev/netmap/netmap_freebsd.c:1410:25: error: use of undeclared identifier 'rd' /usr/src/sys/dev/netmap/netmap_freeb

Re: svn commit: r307394 - in head: share/man/man4 sys/conf sys/dev/netmap sys/modules/netmap sys/net tools/tools/netmap

On Wed, Oct 19, 2016 at 12:23:24PM -0400, Shawn Webb wrote: > On Sun, Oct 16, 2016 at 02:13:32PM +, Luigi Rizzo wrote: > > Author: luigi > > Date: Sun Oct 16 14:13:32 2016 > > New Revision: 307394 > > URL: https://svnweb.freebsd.org/changeset/base/307394 > >

Re: svn commit: r307861 - in head: contrib/libarchive contrib/libarchive/cat/test contrib/libarchive/cpio/test contrib/libarchive/libarchive contrib/libarchive/libarchive/test contrib/libarchive/tar/t

doing this upgrade! Any plans to MFC? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r307861 - in head: contrib/libarchive contrib/libarchive/cat/test contrib/libarchive/cpio/test contrib/libarchive/libarchive contrib/libarchive/libarchive/test contrib/libarchive/tar/t

s, > mm > > > On 25.10.2016 17:16, Shawn Webb wrote: > > On Mon, Oct 24, 2016 at 02:08:06PM +, Martin Matuska wrote: > >> Author: mm > >> Date: Mon Oct 24 14:08:05 2016 > >> New Revision: 307861 > >> URL: https://svnweb.freebsd.org/changeset

Re: svn commit: r309639 - head/lib/libc/net

; > + } else { > + if (rem < 2) > + break; > + *out++ = hexlist[i]; > + rem++; rem++ is incorrect. It should be rem--. HardenedBSD has a fix here: https://github.com/HardenedBSD/hardenedBSD/commit/fb823297fbced336b6beeeb624e2dc65b67aa0eb > + } > } > *out = 0; > return (obuf); Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r353456 - head/usr.sbin/pciconf

ill not be MFC'd. > > Reviewed by:jhb, emaste, gtetlow > Approved by: jhb, emaste, gtetlow Relnotes: ? RELNOTES: ? UPDATING: ? -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt..

Re: svn commit: r353937 - in head/share: man/man5 mk

namically, just like > almost all other executables on FreeBSD. > > Maybe at some point they can even become PIE executables by default! :) They have been on HardenedBSD for a few years now. :) Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal:

Re: svn commit: r351423 - in head: . sbin/ping6 sbin/ping6/tests

e binary and backwards compat is maintained, at least until spray paints the neon pink bike shed. (Note: I am in no way saying this discussion is a bike shed. I'm _only_ making a joke as a nod to the idiomatic expression.) Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-

Re: svn commit: r351423 - in head: . sbin/ping6 sbin/ping6/tests

On Sun, Aug 25, 2019 at 08:50:11PM -0700, Conrad Meyer wrote: > On Sun, Aug 25, 2019 at 6:47 PM Shawn Webb wrote: > > I wonder if something like this could be done: > > Something like it could be; I suggested so two hours ago. > > > Somewhere in ping(8): > > boo

Re: svn commit: r351522 - in head: sbin/ifconfig share/man/man4 sys/conf sys/kern sys/modules sys/modules/ktls_ocf sys/net sys/netinet sys/netinet/tcp_stacks sys/netinet6 sys/opencrypto sys/sys tools/

ready, so the FreeBSD > patches are fairly small). Hey John, Thanks a lot for working to get this in! I'm curious if there's any desire to help LibreSSL adopt same/similar patches as OpenSSL. Doing so would help LibreSSL on FreeBSD maintain feature parity with OpenSSL. I respect your

Re: svn commit: r351729 - in head: lib/libc/gen lib/libc/sys sys/compat/freebsd32 sys/kern sys/sys

propagated to newvers */ > +#define __FreeBSD_version 1300045/* Master, propagated to newvers */ To an outsider, it seems that __FreeBSD_version tends to be bumped in a separate commit. Am I remembering that right? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD

Re: svn commit: r351729 - in head: lib/libc/gen lib/libc/sys sys/compat/freebsd32 sys/kern sys/sys

On Tue, Sep 03, 2019 at 11:45:23AM +, Brooks Davis wrote: > On Tue, Sep 03, 2019 at 07:35:05AM -0400, Shawn Webb wrote: > > Hey Mateusz, > > > > On Tue, Sep 03, 2019 at 04:16:31AM +, Mateusz Guzik wrote: > > > Author: mjg > > > Date: Tue Sep 3 0

Re: svn commit: r345982 - in head: include lib/libc/sys sys/cddl/compat/opensolaris/sys sys/compat/cloudabi sys/compat/freebsd32 sys/compat/linux sys/kern sys/sys sys/ufs/ffs

No worries. Thanks for the correction! -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 On Sun

Re: svn commit: r345982 - in head: include lib/libc/sys sys/cddl/compat/opensolaris/sys sys/compat/cloudabi sys/compat/freebsd32 sys/compat/linux sys/kern sys/sys sys/ufs/ffs

ws.freebsd.org/D14567 Hey Mariusz, Is __FreeBSD_version supposed to be bumped after adding new syscalls? I can't remember off-hand. Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID:

Re: svn commit: r346023 - head/usr.bin/strings

On Mon, Apr 08, 2019 at 03:35:48AM +, Mariusz Zaborski wrote: > Author: oshogbo > Date: Mon Apr 8 03:35:47 2019 > New Revision: 346023 > URL: https://svnweb.freebsd.org/changeset/base/346023 > > Log: > strings: disable Casper support while building native-xtools

Re: svn commit: r346263 - head/contrib/tcpdump

andbox && (ndo->ndo_nflag || capdns != NULL)); > #else Is there any documentation anywhere telling users that Capsicum support will be disabled under certain circumstances? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XM

Re: svn commit: r351729 - in head: lib/libc/gen lib/libc/sys sys/compat/freebsd32 sys/kern sys/sys

On Tue, Sep 03, 2019 at 07:47:40AM -0400, Shawn Webb wrote: > On Tue, Sep 03, 2019 at 11:45:23AM +, Brooks Davis wrote: > > On Tue, Sep 03, 2019 at 07:35:05AM -0400, Shawn Webb wrote: > > > Hey Mateusz, > > > > > > On Tue, Sep 03, 2019 at 04:16:31AM +,

Re: svn commit: r351729 - in head: lib/libc/gen lib/libc/sys sys/compat/freebsd32 sys/kern sys/sys

On Tue, Sep 03, 2019 at 09:32:27AM -0500, Justin Hibbits wrote: > On Tue, 3 Sep 2019 10:20:35 -0400 > Shawn Webb wrote: > > > On Tue, Sep 03, 2019 at 07:47:40AM -0400, Shawn Webb wrote: > > > On Tue, Sep 03, 2019 at 11:45:23AM +, Brooks Davis wrote: > > >

Re: svn commit: r348504 - in head: lib/clang/libllvm tools/build/mk usr.bin/clang

bolUnknown.cpp > SRCS_EXT+= DebugInfo/PDB/PDBSymbolUsingNamespace.cpp > SRCS_EXT+= DebugInfo/PDB/UDTLayout.cpp > -SRCS_EXT+= DebugInfo/Symbolize/DIPrinter.cpp > +SRCS_MIW+= DebugInfo/Symbolize/DIPrinter.cpp > SRCS_MIW+= DebugInfo/Symbolize/SymbolizableObjectFile.cpp

Re: svn commit: r348611 - in head/sys: conf kern

es > Event: Waterloo Hackathon 2019 > Differential Revision: https://reviews.freebsd.org/D20326 Does this impact reproducible builds at all? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt..

Re: svn commit: r348802 - head/sys/amd64/amd64

compatible with some future features. Hey Kostik, Great work! I'm curious what those future features could be. Can you elaborate a little more? :) Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:l

Re: svn commit: r348843 - head/sys/vm

m_size_t) round_page(size);/* hi end */ > + /* Check for rounding up to zero. */ > + if (round_page(size) < size) > + return (EINVAL); The mmap(2) manpage says that len==0 results in EINVAL, so the manpage needs updating. I'm curious what "there are times&qu

Re: svn commit: r348843 - head/sys/vm

Sounds good! I think the manpage still might still need a change to match the current behavior, or perhaps matching something similar to that vm_mmap.c comment. But that comment brings another question: what's the definition of "old binaries"? a.out? Thanks, -- Shawn Webb Cofou

Re: svn commit: r348843 - head/sys/vm

On Tue, Jun 11, 2019 at 01:33:23AM +1000, Bruce Evans wrote: > On Mon, 10 Jun 2019, Shawn Webb wrote: > > > On Mon, Jun 10, 2019 at 03:07:11AM +, Doug Moore wrote: > > > ... > > > Log: > > > There are times when a len==0 parameter to mmap is okay.

Re: svn commit: r349176 - head/sys/dev/random

l Revision: https://reviews.freebsd.org/D20686 Hey Conrad, Thanks for fixing this issue! Any plans to MFC? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID: 0xFF2E67A277F

Re: svn commit: r349176 - head/sys/dev/random

On Tue, Jun 18, 2019 at 12:46:44PM -0700, Cy Schubert wrote: > In message <20190618185512.e2nbzwbtvxz2azge@mutt-hbsd>, Shawn Webb > writes: > > > > --mmc352mzirnzscxj > > Content-Type: text/plain; charset=us-ascii > > Content-Disposition: inline > > C

Re: svn commit: r349243 - head/sys/cam

+1 for M_ZERO. -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 On Thu, Jun 20, 2019 at 04:59

Re: svn commit: r349343 - in head: stand/common stand/efi/loader sys/kern sys/sys

the kernel. I wonder if there'd be any advantage to wrapping these macros in #ifdef and providing the plumbing such that users could overwrite these defaults in their kernel configuration files. I'm just thinking out loud. Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBS

Re: svn commit: r349890 - head/contrib/telnet/telnet

f the variables in the code block above this one. > + cp = (char *)malloc(sizeof(char)*buflen); Lack of NULL check here leads to > + snprintf((char *)cp, buflen, "%s%s", hbuf, cp2); potential NULL pointer deref here. Thanks, -- Shawn Webb Cofounder / Security Engineer Harden

Re: svn commit: r349890 - head/contrib/telnet/telnet

On Wed, Jul 10, 2019 at 03:19:44PM -0500, Justin Hibbits wrote: > On Wed, 10 Jul 2019 15:55:48 -0400 > Shawn Webb wrote: > > > On Wed, Jul 10, 2019 at 05:42:04PM +, Philip Paeps wrote: > > > Author: philip > > > Date: Wed Jul 10 17:42:04 2019 > >

Re: svn commit: r349890 - head/contrib/telnet/telnet

On Wed, Jul 10, 2019 at 04:22:18PM -0400, Shawn Webb wrote: > On Wed, Jul 10, 2019 at 03:19:44PM -0500, Justin Hibbits wrote: > > On Wed, 10 Jul 2019 15:55:48 -0400 > > Shawn Webb wrote: > > > > > On Wed, Jul 10, 2019 at 05:42:04PM +, Philip Paeps wrote: >

Re: svn commit: r349890 - head/contrib/telnet/telnet

On Wed, Jul 10, 2019 at 04:40:25PM -0600, Warner Losh wrote: > On Wed, Jul 10, 2019 at 4:29 PM Shawn Webb > wrote: > > > On Wed, Jul 10, 2019 at 04:22:18PM -0400, Shawn Webb wrote: > > > On Wed, Jul 10, 2019 at 03:19:44PM -0500, Justin Hibbits wrote: > > > >

Re: svn commit: r349896 - head/contrib/telnet/telnet

96 > > > > Log: > > telnet: fix minor style violation > > > > While here also fix a very unlikely NULL pointer dereference. > > > > Submitted by: Shawn Webb > > > > Modified: > &

Re: svn commit: r349896 - head/contrib/telnet/telnet

riginal author(s), may be grateful later as they make changes. Thus, even if this particular potential NULL pointer dereference isn't exploitable in any meaningful way, adherence to defensive programming practices will help both now and later. One thing I love about FreeBSD is how it str

Re: svn commit: r350049 - head/contrib/amd/amd

od catch and thanks for the great work! -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 signature.asc Description: PGP signature

Re: svn commit: r350049 - head/contrib/amd/amd

On Tue, Jul 16, 2019 at 01:41:06PM -0700, John Baldwin wrote: > On 7/16/19 12:44 PM, Shawn Webb wrote: > > On Tue, Jul 16, 2019 at 04:03:08PM +, Brooks Davis wrote: > >> Author: brooks > >> Date: Tue Jul 16 16:03:08 2019 > >> New Revision: 350049 > >&

Re: svn commit: r350315 - in head/sys: kern sys

len = SSIZE_MAX; > + > + /* Get the file structures for the file descriptors. */ > + error = fget_read(td, infd, &cap_read_rights, &infp); > + if (error != 0) > + goto out; > + error = fget_write(td, outfd, &cap_write_rights, &outfp

Re: svn commit: r350315 - in head/sys: kern sys

On Thu, Jul 25, 2019 at 11:48:39AM -0500, Kyle Evans wrote: > On Thu, Jul 25, 2019 at 11:46 AM Shawn Webb > wrote: > > > > Hey Rick, > > > > On Thu, Jul 25, 2019 at 05:46:17AM +, Rick Macklem wrote: > > > Author: rmacklem > > > Date: Thu

Re: svn commit: r350420 - in head: include lib/libc/stdio

s() which takes a directory descriptor and > returns a descriptor for a tempfile relative to that directory. Unlike > the other mktemp functions, mkostempsat() can be used in capability > mode. Out of curiosity, is __FreeBSD_version typically bumped when a new public symbol is added to libc

Re: svn commit: r362769 - in head/sys: amd64/linux amd64/linux32 arm64/linux compat/linux i386/linux

head/sys/arm64/linux/linux_dummy.c > head/sys/compat/linux/linux.c > head/sys/compat/linux/linux.h > head/sys/compat/linux/linux_file.c > head/sys/compat/linux/linux_file.h > head/sys/i386/linux/linux_dummy.c Should __FreeBSD_version be bumped? Thanks, -- Shawn Web

Re: svn commit: r362769 - in head/sys: amd64/linux amd64/linux32 arm64/linux compat/linux i386/linux

On Mon, Jun 29, 2020 at 12:42:49PM -0500, Kyle Evans wrote: > On Mon, Jun 29, 2020 at 10:27 AM Shawn Webb > wrote: > > > > Hey Kyle, > > > > On Mon, Jun 29, 2020 at 03:09:14AM +, Kyle Evans wrote: > > > Author: kevans > > > Date: Mon Jun 29 03

Re: svn commit: r363842 - head/sys/compat/linuxkpi/common/include/linux

_rel(). See, for example, the > >> comment at the top of sys/amd64/include/atomic.h. > > > > Ah yes, thanks. I probably got lost looking for the linux implem but > > that does make sense, I'll fix that probably tomorow. > > > > Thanks. > > > >&

Re: svn commit: r364310 - in head/sys: kern vm

by: markj > > Differential Revision:https://reviews.freebsd.org/D26027 > > I think that there is going to be a lot of fallout from this. > Will you handle it? > A warning from WITNESS is one thing, a panic is another. Hint: There may also be fallout

Re: svn commit: r364402 - head/sys/kern

> + sbuf_printf(&sb, "%02x", cp[i]); > + sbuf_printf(&sb, " owner=%u flags=\"", sfp->f_owner); > + for (fp = optnames; fp->o_opt != 0; fp++) { > + if ((mp->mnt_flag & fp->o_opt) != 0) { > +

Re: svn commit: r364402 - head/sys/kern

On Wed, Aug 19, 2020 at 11:44:42AM -0600, Warner Losh wrote: > On Wed, Aug 19, 2020 at 11:26 AM Shawn Webb > wrote: > > > On Wed, Aug 19, 2020 at 05:10:05PM +, Warner Losh wrote: > > > Author: imp > > > Date: Wed Aug 19 17:10:04 2020 > >

Re: svn commit: r364402 - head/sys/kern

On Wed, Aug 19, 2020 at 11:51:10AM -0600, Warner Losh wrote: > On Wed, Aug 19, 2020 at 11:48 AM Shawn Webb > wrote: > > > On Wed, Aug 19, 2020 at 11:44:42AM -0600, Warner Losh wrote: > > > On Wed, Aug 19, 2020 at 11:26 AM Shawn Webb > > > wrote: > > >

Re: svn commit: r364482 - head/lib/libc++

CS+= random.cpp > +SRCS+= random_shuffle.cpp > SRCS+= regex.cpp > SRCS+= shared_mutex.cpp > SRCS+= stdexcept.cpp There's also these files: https://github.com/HardenedBSD/hardenedBSD/commit/9410e679cc7888311f6efaf251f8d9a311c5b

Re: svn commit: r364482 - head/lib/libc++

On Sat, Aug 22, 2020 at 04:17:33PM +0200, Dimitry Andric wrote: > On 22 Aug 2020, at 16:07, Shawn Webb wrote: > > > > On Sat, Aug 22, 2020 at 12:05:11PM +, Dimitry Andric wrote: > >> Author: dim > >> Date: Sat Aug 22 12:05:11 2020 > >

Re: svn commit: r367114 - head/sys/netinet6

Reported by:Maxime Villard > Reviewed by:markj > MFC after: 3 days Does this need a CVE? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2

Re: svn commit: r367304 - in head: share/man/man5 share/mk tools/build/options usr.bin usr.bin/clang usr.bin/clang/llvm-cxxfilt

n: is there any guidance as to what FreeBSD considers "too large of a component" for a toolchain component (or any other various components, like src.git/stand)? I ask mostly out of curiousity. Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E

Re: svn commit: r367577 - in head: share/mk sys/conf tools/build/options

inder performance on more complex applications (like when applied to clang/lld). A build of base without init all zero applied to clang/lld would take around 1.5 hours on my system. A build with it applied to clang/lld took around four hours, if my memory serves correctly. I would probably advise again

Re: svn commit: r367651 - head/usr.sbin/bhyve

13 19:47:16 2020 > (r367651) > @@ -51,6 +51,9 @@ __FBSDID("$FreeBSD$"); > > #define SMBIOS_BASE 0xF1000 > > +#define FIRMWARE_VERSION "13.0" > +#define FIRMWARE_RELEASE_DATE "11/10/2020" Style nit: shouldn't th

Re: svn commit: r367692 - head/sys/sys

Available groups */ > gid_t cr_smallgroups[XU_NGROUPS]; /* storage for small groups */ Hey Mateusz, Since this changes KBI, does __FreeBSD_version need bumping? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprin

Re: svn commit: r367692 - head/sys/sys

Are there any kernel modules (in base, in ports, or out-of-both-trees) that access struct ucred? On Sat, Nov 14, 2020 at 09:51:47PM +0100, Mateusz Guzik wrote: > I don't think so, it does not change any APIs > > On 11/14/20, Shawn Webb wrote: > > On Sat, Nov 14, 2020

Re: svn commit: r368141 - in head/sys/arm: allwinner annapurna/alpine arm freescale/imx include mv versatile

V_ABI_FREEBSD | SV_ILP32 | SV_ASLR, This causes SV_ASLR to be set twice. Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 https://git-01.md.hardenedbsd.org/

Re: svn commit: r368163 - in head: sbin/ifconfig sys/dev/if_wg sys/dev/if_wg/include sys/dev/if_wg/include/crypto sys/dev/if_wg/include/sys sys/dev/if_wg/include/zinc sys/dev/if_wg/module sys/dev/if_w

the OpenBSD implementation by > Matt Dunwoodie > > Reviewed by:gre...@freebsd.org > MFC after: 1 month > Sponsored by: Rubicon LLC, (Netgate) > Differential Revision: https://reviews.freebsd.org/D26137 RELNOTES: yes? Thanks, -- Shawn W

Re: svn commit: r368820 - head

> > > > "svn-src-head-unsubscr...@freebsd.org" > > > > > > > > Is this message of yours also the last message concerning the source > > > > changes? Since then > > > > you published this message, no further logs ran into list >

Re: svn commit: r360068 - in head/sys: kern net sys

give this fall back something > > like: > > > >printf("%s: unable to create fixed mac address; using random > > mac address", if_name(ifp)); > > > > This will only be printed in rare circumstances. But in that case will > > provid

Re: svn commit: r359950 - head/usr.sbin/bhyve

l/rpool/bhyve/hbsd-cross-dso-cfi-01/disk-01 \ -l com1,/dev/nmdm-hbsd-cross-dso-cfi-01-A \ -s 31:0,ahci-cd,/ISO/HardenedBSD/12-stable_amd64/2020-04-19_disc1.iso \ hbsd-cdcfi-01 Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA

Re: svn commit: r359950 - head/usr.sbin/bhyve

This is the full output from bhyve: fbuf frame buffer base: 0x69191a0 [sz 16777216] bhyve: bootrom_alloc: vm_mmap_mapseg: No space left on device bhyve: vmgenc_init: bootrom_alloc Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA GPG

Re: svn commit: r359950 - head/usr.sbin/bhyve

On Mon, Apr 20, 2020 at 02:32:23AM +0300, Yuri Pankov wrote: > Shawn Webb wrote: > > This is the full output from bhyve: > > > > fbuf frame buffer base: 0x69191a0 [sz 16777216] > > bhyve: bootrom_alloc: vm_mmap_mapseg: No space left on device > > bhyve:

Re: svn commit: r359950 - head/usr.sbin/bhyve

Thanks, Conrad! I'll test out the change tomorrow after the HardenedBSD auto-sync scripts run tonight. I'll report back tomorrow. Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9

Re: svn commit: r361275 - in head/sys: conf dev/hyperv/hvsock dev/hyperv/include dev/hyperv/vmbus modules/hyperv modules/hyperv/hvsock sys

reebsd.org/D24061 Hey Wei Hu, Would it be good to bump __FreeBSD_version after a change like this? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 https://git-01.m

Re: svn commit: r361790 - head/sbin/ifconfig

fconfig/ifconfig.8 Thu Jun 4 14:15:39 2020 > (r361789) > +++ head/sbin/ifconfig/ifconfig.8 Thu Jun 4 14:44:44 2020 > (r361790) Hey Eugene, Does the manpage need a date bump? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID:

Re: svn commit: r361790 - head/sbin/ifconfig

On Sat, Jun 06, 2020 at 03:20:57AM +0700, Eugene Grosbein wrote: > 05.06.2020 4:45, Shawn Webb wrote: > > >> Modified: head/sbin/ifconfig/ifconfig.8 > >> == > >> --- head/sbin/ifconfig/ifc

Re: svn commit: r361870 - in head/sys/geom: . label

On Sat, Jun 06, 2020 at 02:19:16PM +, Conrad Meyer wrote: > Author: cem > Date: Sat Jun 6 14:19:16 2020 > New Revision: 361870 > URL: https://svnweb.freebsd.org/changeset/base/361870 > > Log: > Revert r361838 Why? -- Shawn Webb Cofounder / Security Engineer Ha

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

r: 2 months Hey Mark, Do you still plan to MFC this? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r325693 - in head: . share/mk sys/boot sys/boot/geli sys/boot/i386/gptboot sys/boot/i386/gptzfsboot sys/boot/i386/libi386 sys/boot/i386/loader sys/boot/i386/zfsboot sys/boot/i386/zfslo

update test script to build without GELI on x86. > > Sponsored by: Netflix > > Added: > head/tools/build/options/WITHOUT_LOADER_GEIL (contents, props changed) Should this be tools/build/options/WITHOUT_LOADER_GELI instead? Thanks, -- Shawn Webb Cofounder and Security Enginee

Re: svn commit: r326110 - head/sys/kern

p; RW_LOCK_READ)) > + return (true); > + return (false); > +} This bit of the patch breaks buildkernel. You left a consumer of RW_CAN_READ on line 554: MPASS(!RW_CAN_READ(td, v)); Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r326107 - in head/sys: kern sys

head/sys/sys/sx.h This breaks ZFS: https://gist.github.com/lattera/93faa9c47ccc985ebda039ab31641c2c Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r326109 - in head/sys: conf dev/bhnd dev/bhnd/cores/chipc mips/conf modules/bhnd

#x27;=', > ',', ';', 'asm' or '__attribute__' before 'ofw_bus_gen_get_type' > In file included from > /home/wma/ppc64-freebsd/sys/dev/bhnd/cores/chipc/chipc_gpio.c:48: > /home/wma/ppc64-freebsd/sys/dev/gpio/gpiobusvar.h:115: error: field > 

Re: svn commit: r359949 - head/usr.sbin/bhyve

> Reviewed by:grehan (earlier version) > Differential Revision: https://reviews.freebsd.org/D24422 Hey Conrad, Is there any way you'd have a change of heart and support MFC'ing? I'm sure many people, including myself, would be ever so grateful not to have

Re: svn commit: r335690 - head/sys/kern

t;> - for (i = 0; path[i]; i++) > >> - if (!(isalpha(path[i]) || isdigit(path[i])) && > >> - path[i] != '/' && path[i] != '.' && > >> - path[i] != '-'

Re: svn commit: r336289 - head/sys/security/mac_veriexec

.mpo_vnode_check_open = mac_veriexec_vnode_check_open, > + .mpo_vnode_check_setmode = mac_veriexec_vnode_check_setmode, > .mpo_vnode_copy_label = mac_veriexec_copy_label, > .mpo_vnode_destroy_label = mac_veriexec_vnode_destroy_label, > .mpo_vnode_init_label = mac_veriexec_vn

Re: svn commit: r336203 - in head: contrib/wpa contrib/wpa/hostapd contrib/wpa/hs20/client contrib/wpa/patches contrib/wpa/src/ap contrib/wpa/src/common contrib/wpa/src/crypto contrib/wpa/src/drivers

rom ideal > >>> > > since the > >>> > > new PTK would depend on a new nonce only from the supplicant. > >>> > > > >>> > > Fix this by generating a new ANonce when moving to the PTKSTART > >>> > > state > &

Re: svn commit: r336744 - in head: sbin/pfctl/tests/files share/mk

${.CURDIR}/pf.include > -FILES+= ${.CURDIR}/pf.ok > +FILES!= echo ${.CURDIR}/pf.in ${.CURDIR}/pf????.include > ${.CURDIR}/pf.ok Should this use ${ECHO} instead of echo? Thanks, -- Shawn Webb Cofounder and Security Engineer Harde

Re: svn commit: r336744 - in head: sbin/pfctl/tests/files share/mk

On Thu, Jul 26, 2018 at 11:11:05AM -0600, Brad Davis wrote: > On Thu, Jul 26, 2018, at 11:09 AM, Shawn Webb wrote: > > On Thu, Jul 26, 2018 at 05:05:34PM +, Brad Davis wrote: > > > Author: brd > > > Date: Thu Jul 26 17:05:33 2018 > > > New Revision: 336744 &

Re: svn commit: r336919 - head/sys/dev/efidev

LE_INT_FETCH("efi.rt_disabled", &rt_disabled); Would it be a good idea to document this tunable in loader(8)? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID:

Re: svn commit: r345982 - in head: include lib/libc/sys sys/cddl/compat/opensolaris/sys sys/compat/cloudabi sys/compat/freebsd32 sys/compat/linux sys/kern sys/sys sys/ufs/ffs

ws.freebsd.org/D14567 Hey Mariusz, Is __FreeBSD_version supposed to be bumped after adding new syscalls? I can't remember off-hand. Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID:

Re: svn commit: r345982 - in head: include lib/libc/sys sys/cddl/compat/opensolaris/sys sys/compat/cloudabi sys/compat/freebsd32 sys/compat/linux sys/kern sys/sys sys/ufs/ffs

No worries. Thanks for the correction! -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 On Sun

Re: svn commit: r346023 - head/usr.bin/strings

On Mon, Apr 08, 2019 at 03:35:48AM +, Mariusz Zaborski wrote: > Author: oshogbo > Date: Mon Apr 8 03:35:47 2019 > New Revision: 346023 > URL: https://svnweb.freebsd.org/changeset/base/346023 > > Log: > strings: disable Casper support while building native-xtools

Re: svn commit: r346263 - head/contrib/tcpdump

andbox && (ndo->ndo_nflag || capdns != NULL)); > #else Is there any documentation anywhere telling users that Capsicum support will be disabled under certain circumstances? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XM

Re: svn commit: r315331 - in head/libexec/rtld-elf: . aarch64 amd64 arm i386 mips powerpc powerpc64 riscv sparc64

t; Same feature exists on Linux and Solaris. > > Sponsored by: The FreeBSD Foundation > MFC after: 2 weeks Hey Kostik, I'm curious what the use case is for this. When would someone use LD_BIND_NOT? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Ke

Re: svn commit: r316585 - in head/sys/boot: efi/boot1 efi/loader i386/common i386/loader i386/zfsboot zfs

.org/D10203 This breaks bhyve userboot: # sh /usr/share/examples/bhyve/vmrun.sh -c 8 -m 16g -t tap4 -C /dev/nmdm-laptop-dev-03-A -d /dev/zvol/enctank/bhyve/laptop-dev-03/disk-01 laptop-dev-03 /boot/userboot.so: Undefined symbol "ldi_get_size" Thanks, -- Shawn Webb Cofounder and Secur

Re: svn commit: r338494 - head/sys/cam/ctl

> Somehow this was working even after PTI in, at least on amd64, and got > broken by something only very recently. Is anyone investigating why the direct access still worked? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-

Re: svn commit: r338494 - head/sys/cam/ctl

On Thu, Sep 06, 2018 at 08:24:32AM -0700, John Baldwin wrote: > On 9/6/18 7:54 AM, Shawn Webb wrote: > > On Thu, Sep 06, 2018 at 02:03:10PM +, Alexander Motin wrote: > >> Author: mav > >> Date: Thu Sep 6 14:03:10 2018 > >> New Revision: 338494 > >&

  1   2   >