Re: /dev/ksyms permissions

2018-01-21 Thread Christos Zoulas
In article , Maxime Villard wrote: >Le 18/01/2018 à 13:43, Tom Ivar Helbekkmo a écrit : >> Maxime Villard writes: >> >>> Well, looking at the code, it seems to me that _kvm_open() should be >>> changed to

Re: Attempt to fix nfs client

2018-01-21 Thread Christos Zoulas
In article <20180120144510.ga61...@atom.tmux.org>, Tobias Ulmer wrote: >TLDR: nfs_reqq crrptin, see diff below. > >I've been trying to track down the source of NFS client hangs and >crashes over the last weeks, in order to get back to the things I really >wanted to do... > >No

BUFQ_READPRIO & BUFQ_PRIOCSCAN

2018-01-21 Thread Sevan Janiyan
Hello, I was wondering what the status of the BUFQ_READPRIO & BUFQ_PRIOCSCAN kernel options are. The comment on all but the i386/amd64 kernel configs are that it is experimental, whereas on i386/amd64, BUFQ_PRIOCSCAN is enabled by default. Does the comment need updating (I'm happy to do it) or is

Re: amd64: kernel aslr support

2018-01-21 Thread Maxime Villard
Le 17/01/2018 à 21:48, Thomas Klausner a écrit : On Wed, Jan 17, 2018 at 08:01:19AM +0100, Maxime Villard wrote: Why does GENERIC_KASLR disable KDTRACE_HOOKS? Is this necessary, or are KDTRACE_HOOKS lowering the security somehow? In fact, it's because KDTRACE_HOOKS wants to parse one CTF

Current state of SVS and Meltdown

2018-01-21 Thread Maxime Villard
I committed this morning the last part needed to completely mitigate Meltdown on NetBSD-amd64. As I said in the commit message, we still need to change a few things for KASLR - there is some address leakage, we need to hide one instruction -, but otherwise the implementation should be perfectly

Re: /dev/ksyms permissions

2018-01-21 Thread Maxime Villard
Le 18/01/2018 à 13:43, Tom Ivar Helbekkmo a écrit : Maxime Villard writes: Well, looking at the code, it seems to me that _kvm_open() should be changed to keep /dev/ksyms open, the same way it keeps /dev/kmem open. Agreed. This works fine for me, with and without

Re: /dev/ksyms permissions

2018-01-21 Thread Tom Ivar Helbekkmo
Maxime Villard writes: >> Agreed. This works fine for me, with and without /dev/ksyms present: >> >> Index: lib/libkvm/kvm.c >> [...] > > So, I guess I can commit it? I've been running with that modification (and /dev/ksyms mode 440 and group kmem) on all my systems since