Re: One True Awk upgrade

2019-06-02 Thread Shawn Webb
planning on publishing a new binary update of 13-CURRENT for HardenedBSD users. Should I hold off until the dust settles? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID: 0xFF2E67A27

Re: FreeBSD and Coreboot

2019-05-27 Thread Shawn Webb
ystem and start execution) > Reach out to 3mdeb (feel free to CC me, if you'd like). See what they'd like help with. There's certainly a lot more work that could be done. Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:

Re: HEAD'S UP: fusefs sysctls going away

2019-03-21 Thread Shawn Webb
On Thu, Mar 21, 2019 at 09:55:15AM -0600, Alan Somers wrote: > On Thu, Mar 21, 2019 at 9:49 AM Shawn Webb wrote: > > > > Hey Alan, > > > > Thank you very much for your work in maintaining fusefs. I only use > > fusefs in very limited circumstances, so take what

Re: HEAD'S UP: fusefs sysctls going away

2019-03-21 Thread Shawn Webb
the security impacts of removing the toggle to disable mmap support for fusefs. Is there a per-fusefs replacement for mmap_enable? From a security perspective, it would be nice to keep the ability to disable mapping of files mounted on a fusefs. Thanks, -- Shawn Webb Cofounder and Security Engineer Har

Re: r344798: c++: error: linker command failed with exit code

2019-03-05 Thread Shawn Webb
ror: linker command failed with exit code 1 (use -v to see invocation) > *** [clang] Error code 1 > > make[4]: stopped in /usr/src/usr.bin/clang/clang > [...] > > I tried to rebuild world from a fresh /usr/src and /usr/obj but the host gets > always stuck at > the same error. Do

Re: 12-STABLE revision 344629: pid 26 (sh), jid 0, uid 0: exited on signal 11

2019-02-27 Thread Shawn Webb
01:00 init 1 - - /bin/sh on /etc/rc terminated > abnormally, going > to single user mode Enter root password, or ^D to go multi-user > Password: > > > Running > > FreeBSD 12.0-STABLE #36 r343871: Thu Feb 7 17:34:44 CET 2019 amd64 > > Doesn't show this phenomenon wi

Re: IPv6 RFC3041 temporary address broken?

2019-02-12 Thread Shawn Webb
On Tue, Feb 12, 2019 at 11:44:42AM -0200, Renato Botelho wrote: > On 12/02/19 11:03, Shawn Webb wrote: > > Hey all, > > > > I have net.inet6.ip6.use_tempaddr and net.inet6.ip6.prefer_tempaddr > > both set to 1. Yet, I'm not seeing temporary addresses created u

IPv6 RFC3041 temporary address broken?

2019-02-12 Thread Shawn Webb
from working in FreeBSD HEAD? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE

Re: ld-elf.so.1: /usr/local/lib/libglib-2.0.so.0: Undefined symbol "environ"

2018-12-26 Thread Shawn Webb
so.0: Undefined symbol "environ" > grahamperrin@momh167-gjp4-8570p:~ % pkg query '%o %v %R' iridium-browser > www/iridium 2018.5.67_6 FreeBSD > grahamperrin@momh167-gjp4-8570p:~ % > > Any ideas? I can confirm that I'm getting this, too, on my Pinebook running HardenedB

Re: The future of ZFS in FreeBSD

2018-12-19 Thread Shawn Webb
Thank you for your detailed and informative post. It really helps downstream consumers of FreeBSD. I'm curious what this means for OpenZFS. I was under the impression that OpenZFS was the upstream for all the ZFS implementations (sans Oracle). Thanks, -- Shawn Webb Cofounder and Security Engineer Harde

Re: HEADSUP: Something has gone south with -current

2018-12-07 Thread Shawn Webb
a > analysis > > make core dumps. > devd core dumps. > init core dumps. > cc core dumps. > c++ core dumps. > > Something seems to be broken. There have been (and still are) issues with the introduction of ifunc in libc (r339898). The symptoms you're describing sound a lot

RTLD busted in 13-CURRENT/amd64

2018-10-31 Thread Shawn Webb
Hey All, Looks like the RTLD is segfaulting apps for me in 13-CURRENT/amd64 both on bare metal and in bhyve. I don't have the time right now to bisect the commit. On a related note: I love ZFS boot environments. Thanks, FreeBSD, for making ZFS a first-class citizen. Thanks, -- Shawn Webb

Re: unknown -z value: common-page-size=4096

2018-09-28 Thread Shawn Webb
n something > with bfd)? I noticed the same issues. I reverted parts of recent work by upstream FreeBSD in HardenedBSD's Cross-DSO CFI branch since that branch uses clang/llvm/lld 7.0.0. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:

Re: jail exec.clean busted in 12?

2018-09-11 Thread Shawn Webb
/jail/loghost > > storm~;jexec 9 env | grep -i ssh > SSH_CLIENT=203.0.113.70 59076 22 > SSH_CONNECTION=203.0.113.70 59076 203.0.113.50 22 > SSH_TTY=/dev/pts/2 > SSH_AUTH_SOCK=/tmp/ssh-ZfvZOatcsu/agent.60492 > storm~; > > Any ideas? Hey Michael, It appears the ja

Re: ifnet use after free

2018-09-07 Thread Shawn Webb
On Fri, Aug 24, 2018 at 06:19:55PM -0400, Shawn Webb wrote: > Hey All, > > Somewhere in the last month or so, a use after free was introduced. I > don't have the time right now to bisect the commits and figure out > which commit introduced the breakage. Attached is the core.txt

Reviewer needed for D17067

2018-09-06 Thread Shawn Webb
FreeBSD recently introduced a new ELF auxiliary vector, AT_EHDRFLAGS. procstat(1) needs to be updated to reflect the new auxvec. Patch is up for review here: https://reviews.freebsd.org/D17067 Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:+1 443-546

redzone catching a buffer overflow in swapoff_one

2018-09-03 Thread Shawn Webb
/2f2449cc1cdfc19ae34b2317e792af489418a01a So my src tree is at this commit: https://github.com/HardenedBSD/hardenedBSD/commit/98f90fadab000b818a731be4650ac1a47144501c I've not yet studied the swap pager's code and plan to start learning it soon. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD

Re: What's this gregset_t gregs thing

2018-08-20 Thread Shawn Webb
c repo because I was doing some offensive research against GNU's RTLD way back in 2011-2012. The repo hasn't been updated since. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG

Re: zpool scrub. Wtf?

2018-08-12 Thread Shawn Webb
3 r337364: Mon Aug 6 07:01:42 +07 2018 amd64 I'm seeing the same issue. -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A

Re: Booting arm64 uefi broken

2018-07-28 Thread Shawn Webb
; > > > > Warner > > > > Fixed by r336837 > > > > Yea, I thought I'd pushed all my in-flight src/stand branches yesterday, > but I had one on a different machine that wasn't, and it was this one. > Sorry for the hassle, it had been ready to go for a coup

Re: Booting arm64 uefi broken

2018-07-28 Thread Shawn Webb
On Sat, Jul 28, 2018 at 08:34:31PM +0200, Emmanuel Vadot wrote: > On Sat, 28 Jul 2018 20:28:30 +0200 > Emmanuel Vadot wrote: > > > On Sat, 28 Jul 2018 13:17:45 -0400 > > Shawn Webb wrote: > > > > > It appears with the latest 12-CURRENT/arm64, booting is

Booting arm64 uefi broken

2018-07-28 Thread Shawn Webb
key for command prompt. Booting [/boot/kernel/kernel]... Using DTB provided by EFI at 0x801fe0. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is

Re: Tool Chain Migration: objdump users, please test llvm-objdump

2018-06-20 Thread Shawn Webb
On Wed, Jun 20, 2018 at 07:31:21PM -0400, Ed Maste wrote: > On 20 June 2018 at 18:25, Shawn Webb wrote: > > > > Would you like me to quantify the compilation breakages due to the > > full llvm toolchain switch? If so, I can do that after July 12th. > > Thanks Shaw

Re: Tool Chain Migration: objdump users, please test llvm-objdump

2018-06-20 Thread Shawn Webb
e due to a full llvm toolchain, but compile just fine. Would you like me to quantify the compilation breakages due to the full llvm toolchain switch? If so, I can do that after July 12th. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:

Weird conditional logic in lib/libpmc/Makefile

2018-06-02 Thread Shawn Webb
{JEVENTS} ${JEVENTS} ${EVENT_ARCH} ${.CURDIR}/pmu-events/arch libpmc_events.c SRCS+= libpmc_events.c .endif Why perform the conditionals for aarch64 and powerpc when it can't be those? "Am I missing something? I'm looping in Matt Macy, who was the last person to touch the file. Thanks, -

Re: snapshot of april 12th wont boot at all

2018-04-17 Thread Shawn Webb
auses issues in these cases. I would love to attempt to make an effort to debug it myself, but I would need some way to replicate the issue on my end. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.s

Re: snapshot of april 12th wont boot at all

2018-04-17 Thread Shawn Webb
0-CURRENT #3 5b8586c22aa(hardened/current/master): > Tue Apr 17 08:11:53 EDT 2018 HardenedBSD enables PTI regardless of underlying CPU by default. We've found that some older AMD CPUs have issues with PTI as currently implemented. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD

Re: snapshot of april 12th wont boot at all

2018-04-17 Thread Shawn Webb
gt; it (or download link) to developers (at FreeBSD.org) if needed though. What happens when you set vm.pmap.pti=0 at the loader prompt? -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: more fallout from removal of lint

2018-01-02 Thread Shawn Webb
c 30 12:37 /usr/bin/lint > -r-xr-xr-x 1 root wheel 4976 Dec 29 21:13 /usr/bin/true I had filed[1] a bug report about this a little over a month ago and FreeBSD was disinterested in even discussing it. HardenedBSD worked around the issue by disabling the build of lint in its 11-STABLE and 10-

Re: evdev broken

2017-12-29 Thread Shawn Webb
On Fri, Dec 29, 2017 at 02:36:34PM -0500, Shawn Webb wrote: > On Fri, Dec 29, 2017 at 08:33:15PM +0100, Michael Gmelin wrote: > > > > > > > On 29. Dec 2017, at 20:15, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: > > > > > > Hey All, > &

Re: evdev broken

2017-12-29 Thread Shawn Webb
On Fri, Dec 29, 2017 at 08:33:15PM +0100, Michael Gmelin wrote: > > > > On 29. Dec 2017, at 20:15, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: > > > > Hey All, > > > > It looks like evdev support in the kernel is broken. > > sys/dev/kbd

evdev broken

2017-12-29 Thread Shawn Webb
>>> ld: error: undefined symbol: evdev_scancode2key

Re: Replacing OpenSSL in base -- does it work?

2017-12-12 Thread Shawn Webb
; best approach, and best alternatives? Both HardenedBSD and TrueOS use LibreSSL in base. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: GPTZFSBOOT in Current r326622 has problems

2017-12-12 Thread Shawn Webb
amd64 memstick images. Booting in UEFI mode works, however. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: Booting UEFI ZFS is broken on arm64

2017-12-01 Thread Shawn Webb
On Fri, Dec 01, 2017 at 02:53:53PM -0700, Warner Losh wrote: > On Fri, Dec 1, 2017 at 2:49 PM, Shawn Webb <shawn.w...@hardenedbsd.org> > wrote: > > > On Wed, Nov 29, 2017 at 07:31:17PM -0700, Warner Losh wrote: > > > On Wed, Nov 29, 2017 at 5:54 PM, Warne

Re: Booting UEFI ZFS is broken on arm64

2017-12-01 Thread Shawn Webb
On Wed, Nov 29, 2017 at 07:31:17PM -0700, Warner Losh wrote: > On Wed, Nov 29, 2017 at 5:54 PM, Warner Losh <i...@bsdimp.com> wrote: > > > > > > > On Wed, Nov 29, 2017 at 5:43 PM, Shawn Webb <shawn.w...@hardenedbsd.org> > > wrote: > > > >&

Re: Booting UEFI ZFS is broken on arm64

2017-11-29 Thread Shawn Webb
On Wed, Nov 29, 2017 at 05:42:52PM -0700, Warner Losh wrote: > On Wed, Nov 29, 2017 at 5:34 PM, Shawn Webb <shawn.w...@hardenedbsd.org> > wrote: > > > On Wed, Nov 29, 2017 at 05:33:46PM -0700, Warner Losh wrote: > > > On Wed, Nov 29, 2017 at 5:21 PM, Shawn We

Re: Booting UEFI ZFS is broken on arm64

2017-11-29 Thread Shawn Webb
On Wed, Nov 29, 2017 at 05:33:46PM -0700, Warner Losh wrote: > On Wed, Nov 29, 2017 at 5:21 PM, Shawn Webb <shawn.w...@hardenedbsd.org> > wrote: > > > It appears that in the latest FreeBSD 12-CURRENT/arm64 snapshot, > > booting UEFI GPT ZFS on my OverDrive

Booting UEFI ZFS is broken on arm64

2017-11-29 Thread Shawn Webb
on in the fdt code. I hope to report back soon-ish, unless anyone else has any ideas as to what could be wrong. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc

Re: HEADS-UP: Merged llvm/clang 5.0.0 into -CURRENT (as of r321369)

2017-07-23 Thread Shawn Webb
On Sun, Jul 23, 2017 at 09:16:26PM -0400, Shawn Webb wrote: > On Sun, Jul 23, 2017 at 07:34:47PM -0400, Shawn Webb wrote: > > On Sun, Jul 23, 2017 at 04:13:18PM -0700, Mark Millard wrote: > > > Shawn Webb shawn.webb at hardenedbsd.org wrote on > > > Sat Jul 22 15:33:14

Re: HEADS-UP: Merged llvm/clang 5.0.0 into -CURRENT (as of r321369)

2017-07-23 Thread Shawn Webb
On Sun, Jul 23, 2017 at 07:34:47PM -0400, Shawn Webb wrote: > On Sun, Jul 23, 2017 at 04:13:18PM -0700, Mark Millard wrote: > > Shawn Webb shawn.webb at hardenedbsd.org wrote on > > Sat Jul 22 15:33:14 UTC 2017 : > > > > > I haven't nailed down whether it'

Re: HEADS-UP: Merged llvm/clang 5.0.0 into -CURRENT (as of r321369)

2017-07-23 Thread Shawn Webb
On Sun, Jul 23, 2017 at 04:13:18PM -0700, Mark Millard wrote: > Shawn Webb shawn.webb at hardenedbsd.org wrote on > Sat Jul 22 15:33:14 UTC 2017 : > > > I haven't nailed down whether it's SafeStack, CFI, or using lld as the > > default linker, but it looks like we in Ha

Re: HEADS-UP: Merged llvm/clang 5.0.0 into -CURRENT (as of r321369)

2017-07-22 Thread Shawn Webb
On Sat, Jul 22, 2017 at 01:32:17PM -0400, Shawn Webb wrote: > On Sat, Jul 22, 2017 at 11:33:08AM -0400, Shawn Webb wrote: > > On Sat, Jul 22, 2017 at 02:36:03PM +0200, Dimitry Andric wrote: > > > Hi, > > > > > > I have merged clang, llvm, lld, lldb, compi

Re: HEADS-UP: Merged llvm/clang 5.0.0 into -CURRENT (as of r321369)

2017-07-22 Thread Shawn Webb
On Sat, Jul 22, 2017 at 11:33:08AM -0400, Shawn Webb wrote: > On Sat, Jul 22, 2017 at 02:36:03PM +0200, Dimitry Andric wrote: > > Hi, > > > > I have merged clang, llvm, lld, lldb, compiler-rt and libc++ 5.0.0 > > (trunk r308421) into head. Universe builds went just fin

Re: HEADS-UP: Merged llvm/clang 5.0.0 into -CURRENT (as of r321369)

2017-07-22 Thread Shawn Webb
ld. Here's the logfile: http://jenkins.hardenedbsd.org:8180/jenkins/job/HardenedBSD-CURRENT-amd64/910/consoleText I'm working right now on figuring out what caused it. I'll report back when I know more. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A8465

Possible to set security.bsd.stack_guard_page to a negative value

2017-07-01 Thread Shawn Webb
Even though it'd be a stupid thing to do, the security.bsd.stack_guard_page sysctl node can be set to a negative integer value. This will cause all applications to crash with SIGABRT. -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key

Reproducible panic with MAP_GUARD and security.bsd.stack_guard_page > 1

2017-07-01 Thread Shawn Webb
When running my Stack Clash PoC on a vanilla FreeBSD 12-CURRENT/amd64 VM and security.bsd.stack_guard_page is > 1: https://goo.gl/photos/vZQY4B9jKJRLrNwP7 The PoC doesn't need to be run as root on vanilla FreeBSD with a default configuration. Thanks, -- Shawn Webb Cofounder and Secur

Re: ZFS ABD Panic

2017-06-27 Thread Shawn Webb
On Tue, Jun 27, 2017 at 10:25:16AM -0400, Shawn Webb wrote: > On Tue, Jun 27, 2017 at 05:22:39PM +0300, Andriy Gapon wrote: > > On 27/06/2017 17:16, Shawn Webb wrote: > > > On Tue, Jun 27, 2017 at 05:12:01PM +0300, Andriy Gapon wrote: > > >> On 26/0

Re: ZFS ABD Panic

2017-06-27 Thread Shawn Webb
On Tue, Jun 27, 2017 at 05:22:39PM +0300, Andriy Gapon wrote: > On 27/06/2017 17:16, Shawn Webb wrote: > > On Tue, Jun 27, 2017 at 05:12:01PM +0300, Andriy Gapon wrote: > >> On 26/06/2017 03:31, Shawn Webb wrote: > >>> This is on the latest HardenedBSD 1

Re: ZFS ABD Panic

2017-06-27 Thread Shawn Webb
On Tue, Jun 27, 2017 at 05:12:01PM +0300, Andriy Gapon wrote: > On 26/06/2017 03:31, Shawn Webb wrote: > > This is on the latest HardenedBSD 12-CURRENT on one of my servers: > > > > [141] panic: sleepq_add: td 0xf80008d20560 to sleep on wchan > > 0xf803b7d4e8

ZFS ABD Panic

2017-06-25 Thread Shawn Webb
0 0 0 mfid2ONLINE 0 0 0 mfid3ONLINE 0 0 0 errors: No known data errors Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89

Re: ino64 package fallout

2017-05-24 Thread Shawn Webb
le:///wrkdirs/usr/ports/lang/rust/work/rustc-1. > 17.0-src/src/bootstrap) > Finished dev [unoptimized] target(s) in 31.38 secs > Build completed unsuccessfully in 0:00:45 > gmake[1]: *** [Makefile:24: all] Error 245 > > > ... and lots more ports skipped because of the above. HardenedBSD, too, is seeing huge fallout with package building due to ino64. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: 64-bit inodes (ino64) Status Update and Call for Testing

2017-05-15 Thread Shawn Webb
On Mon, May 15, 2017 at 03:41:45PM -0400, Shawn Webb wrote: > On Thu, Apr 20, 2017 at 10:43:14PM +0300, Konstantin Belousov wrote: > > Inodes are data structures corresponding to objects in a file system, > > such as files and directories. FreeBSD has historically used 32

Re: 64-bit inodes (ino64) Status Update and Call for Testing

2017-05-15 Thread Shawn Webb
ensure that > options COMPAT_FREEBSD11 > is included into the config. Then build world and kernel in the > usual way, install kernel, reboot, install new world. Do not make > shortcuts in the update procedure. Hey Kostik, On my HardenedBSD system, world

Re: DTB provided by loader.efi from head -r317181 on pine64 smashed by zfs.ko ?

2017-05-09 Thread Shawn Webb
opensolaris.ko is not loader. > > Maybe DTB is smashed by zfs.ko > > Any idea ? I see the same symptom with root-on-ZFS with my SoftIron OverDrive 1000. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: Boot failure - svn up from this morning

2017-03-04 Thread Shawn Webb
R > >> 211746: > >> ... > >> Can you please try the patch to dump the memory map? > >> ... > > > > BTW, I understand it's really annoying to boot the host first... > > I'm really sorry for this. > > > > I suppose you're able to b

Re: gptzfsboot grew a lot after skein support was added; need knob to control bloat

2017-01-27 Thread Shawn Webb
On Fri, Jan 27, 2017 at 12:35:21PM -0500, Allan Jude wrote: > On 2017-01-27 12:33, Shawn Webb wrote: > > On Fri, Jan 27, 2017 at 12:30:17PM -0500, Allan Jude wrote: > >> On 2017-01-27 12:05, Warner Losh wrote: > >>> On Fri, Jan 27, 2017 at 12:34 AM, Toom

Re: gptzfsboot grew a lot after skein support was added; need knob to control bloat

2017-01-27 Thread Shawn Webb
that works for it, but the > other option is to use the ZFS bootcode area. > > ZFS it self, reserves something like 3.5 mb of space in the ZFS > partition, for boot code. This is how we boot ZFS on MBR. > > It should be possible to use this on GPT as well, we just don't. In the

Re: crash in iflib_fast_intr

2017-01-19 Thread Shawn Webb
On Wed, Jan 18, 2017 at 02:45:34PM -0500, Shawn Webb wrote: > On Wed, Jan 18, 2017 at 07:31:12AM -0700, Sean Bruno wrote: > > > > > > On 01/18/17 03:37, peter.b...@bsd4all.org wrote: > > > Hi, > > > > > > A kernel without option EARLY_AP_STARTUP c

Re: crash in iflib_fast_intr

2017-01-18 Thread Shawn Webb
> > Peter > > Thanks for the report. We're looking at this. > > This is with an igb(4) interface or em(4)? > > sean > I'm getting something similar with em(4): https://goo.gl/photos/MXiFXtatBYcWagJTA I'm at this commit in HardenedBSD: https://github.com/HardenedBSD

Re: r311568 makes freerdp very slow

2017-01-12 Thread Shawn Webb
ow it takes 5-10 seconds. After entering the password, another > 5-10 seconds until I am connected. > Once connected, there is a considerable lag. > > What could be the problem? I don't know what the problem is, but I am seeing the same symptom. Thanks, -- Shawn Webb Cofounder and Secur

Re: drm-next update and longer term plans

2016-12-01 Thread Shawn Webb
on the VESA driver with all its crappiness if it weren't for the efforts you and your team have put in. Since I make it a point to eat my own dogfood, it has been a pleasure running a HardenedBSD-flavored version of your drm-next-4.7 bits. I'm able to run HardenedBSD on my work-issued laptop ins

Re: taskqgroup_adjust kernel panic

2016-09-06 Thread Shawn Webb
On Mon, Sep 05, 2016 at 07:51:02PM -0400, Shawn Webb wrote: > On Mon, Sep 05, 2016 at 02:54:54PM -0700, Mark Johnston wrote: > > On Mon, Sep 05, 2016 at 01:55:38PM -0400, Shawn Webb wrote: > > > Hey all, > > > > > > I'm at revision 3872750 of the

Re: taskqgroup_adjust kernel panic

2016-09-05 Thread Shawn Webb
On Mon, Sep 05, 2016 at 02:54:54PM -0700, Mark Johnston wrote: > On Mon, Sep 05, 2016 at 01:55:38PM -0400, Shawn Webb wrote: > > Hey all, > > > > I'm at revision 3872750 of the hardened/current/drm-next-4.7 branch in > > the HardenedBSD/hardenedBSD-playground re

taskqgroup_adjust kernel panic

2016-09-05 Thread Shawn Webb
Here's a couple pictures of the panic I took: https://goo.gl/photos/P5kiwabPYjwQX7Kr8 https://goo.gl/photos/BWtvBnq7QLnwgRP28 Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F

Re: warning errors with buildworld with llvm39

2016-09-05 Thread Shawn Webb
On Mon, Sep 05, 2016 at 09:09:00AM +0200, Dimitry Andric wrote: > On 05 Sep 2016, at 03:31, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: > > > > On Tue, Aug 30, 2016 at 06:17:02PM -0700, Ngie Cooper wrote: > >> On Tue, Aug 30, 2016 at 5:54 PM, Matthew

Re: warning errors with buildworld with llvm39

2016-09-04 Thread Shawn Webb
r importing the projects/clang390-import branch into a local version of the drm-next-4.7 branch. The log is here: https://gist.github.com/lattera/e3a9900eff4e3f8425e0ee2242f5ee4b Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Ke

Re: NanoBSD install phase failing for releng/11

2016-08-22 Thread Shawn Webb
tree to a chroot directory. Here's the log (granted, -s was added to make): http://ix.io/1fN3 Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: security/openvpn build failure on 12-CURRENT/amd64

2016-08-01 Thread Shawn Webb
kernel and world matched and still had the very same build error. Here's the build log: http://pastebin.com/TEBih1Sx Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 524

security/openvpn build failure on 12-CURRENT/amd64

2016-08-01 Thread Shawn Webb
/data/head-amd64-default/p419204_s303419/logs/errors/openvpn-2.3.11.log Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: SafeStack in base

2016-07-27 Thread Shawn Webb
On Wed, Jul 27, 2016 at 05:11:12PM -0700, Conrad Meyer wrote: > On Wed, Jul 27, 2016 at 5:05 PM, Shawn Webb <shawn.w...@hardenedbsd.org> > wrote: > > On Wed, Jul 27, 2016 at 05:02:07PM -0700, Conrad Meyer wrote: > >> The problem appears to be an upstream limitation of

Re: SafeStack in base

2016-07-27 Thread Shawn Webb
On Wed, Jul 27, 2016 at 05:02:07PM -0700, Conrad Meyer wrote: > On Wed, Jul 27, 2016 at 3:55 PM, Shawn Webb <shawn.w...@hardenedbsd.org> > wrote: > > Hey All, > > > > I'm interested in getting SafeStack working in FreeBSD base. Below is a > > link to a simp

SafeStack in base

2016-07-27 Thread Shawn Webb
, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: CURRENT: bhyve and Kernel SamePage Mergin

2016-06-09 Thread Shawn Webb
rom the vendor, whereas ASLR can be. I like Capsicum, but integrating "ALL THE THINGS!" with it takes a lot of work. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658

Re: installworld woes

2016-05-28 Thread Shawn Webb
On May 28, 2016, at 8:29 PM, Alan Somers <asom...@freebsd.org> wrote: > > On Sat, May 28, 2016 at 6:26 PM, Shawn Webb <shawn.w...@hardenedbsd.org> > wrote: >> On May 28, 2016, at 8:23 PM, Alan Somers <asom...@freebsd.org> wrote: >>> >>> O

Re: installworld woes

2016-05-28 Thread Shawn Webb
On May 28, 2016, at 8:23 PM, Alan Somers <asom...@freebsd.org> wrote: > > On Sat, May 28, 2016 at 6:14 PM, Shawn Webb <shawn.w...@hardenedbsd.org> > wrote: >> I haven’t had the time to properly diagnose this one. But here’s a little >> installworld b

installworld woes

2016-05-28 Thread Shawn Webb
I’m my case, the chroot is at /builds/updater/chroot. Below is a link to the log of the error I’m getting. I’m using HardenedBSD’s source, the hardened/current/master branch. Link to log: http://pastebin.com/titmiNCW <http://pastebin.com/titmiNCW> Thanks, Shawn Webb Cofounder and Se

Re: Interesting error during installworld

2016-05-22 Thread Shawn Webb
HardenedBSD has it and it’s in /usr/bin. The only utilities that aren’t compiled by default in HardenedBSD are freebsd-update and portsnap. Thanks, Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E

Interesting error during installworld

2016-05-22 Thread Shawn Webb
|| echo __FreeBSD_cc_version; } | tail -n 1" returned non-zero status Thanks, Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: Message signed with OpenPGP using GPGMail

Re: riscv buildkernel error

2016-05-18 Thread Shawn Webb
> On May 17, 2016, at 4:47 PM, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: > > Hey All, > > I’m getting this error when doing a buildkernel for RISC-V on the latest HEAD: > > === Begin Log === > In file included from /usr/src/sys/riscv/riscv/genassym.c:44:0: &

riscv buildkernel error

2016-05-17 Thread Shawn Webb
Stop. make[2]: stopped in /usr/obj/riscv.riscv64/usr/src/sys/QEMU === End Log === I am using HardenedBSD’s source tree. Nothing has changed on HardenedBSD’s side in genassym.c. Thanks, Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key

MCA unrecoverable machine check exception on APU2

2016-05-01 Thread Shawn Webb
bug? Thanks, -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Netmap LOR

2016-04-25 Thread Shawn Webb
eb440a at vm_pager_get_pages+0x4a #7 0x80e98210 at vm_fault_hold+0x780 #8 0x80e97a48 at vm_fault+0x78 #9 0x81028745 at trap_pfault+0x115 #10 0x81027dd2 at trap+0x342 #11 0x81008981 at calltrap+0x8 Thanks, -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456E

Re: Booting FreeBSD on a RPI3

2016-04-08 Thread Shawn Webb
reebsd-current > >>> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" > > ___ > > freebsd-current@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-current >

Re: Build Breakage

2016-02-26 Thread Shawn Webb
On Fri, Feb 26, 2016 at 09:23:16AM -0500, Shawn Webb wrote: > Hey All, > > It looks like a recent commit to HEAD broke the `real-release` target in > /usr/src/release. I suspect it's the capserd-related commits, but I > haven't confirmed, yet. I'm going to spend some time tryi

Build Breakage

2016-02-26 Thread Shawn Webb
/jenkins/job/HardenedBSD-CURRENT-i915kms-amd64/47/console Thanks, -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: Haswell graphics (i915) still not in CURRENT

2016-02-24 Thread Shawn Webb
up-to-date with FreeBSD HEAD along with Jean-Sebastien's excellent work (and HardenedBSD's awesomeness on top of that). The code is here: https://github.com/HardenedBSD/hardenedBSD-playground/tree/hardened/experimental/master-i915 Latest builds are here: http://jenkins.hardenedbsd.org/builds/Hardened

Re: CVE-2015-7547: critical bug in libc

2016-02-17 Thread Shawn Webb
On Wed, Feb 17, 2016 at 04:07:25PM +0200, Daniel Kalchev wrote: > > > On 17.02.2016 ??., at 15:40, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: > > > > TL;DR: FreeBSD is not affected by CVE-2015-7547. > > > Unless you use Linux applications un

Re: CVE-2015-7547: critical bug in libc

2016-02-17 Thread Shawn Webb
eBSD's ports tree. TL;DR: FreeBSD is not affected by CVE-2015-7547. Thanks, -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: kernel panic by enabling net.inet.ip.random_id

2016-01-06 Thread Shawn Webb
with the VIMAGE work, something is preventing that. Thanks, Shawn On Tue, Jan 05, 2016 at 06:22:34PM -0800, Adrian Chadd wrote: > try list *(0x[address]) . > > That line is mtx_unlock(), which makes no sense (as mtx_lock succeeded fine.) > > > -a > > > On 5 January 2016 at

Re: kernel panic by enabling net.inet.ip.random_id

2016-01-06 Thread Shawn Webb
-a > > > On 6 January 2016 at 06:46, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: > > (kgdb) list *(0x80b5de9e) > > 0x80b5de9e is in ip_fillid (/usr/src/sys/netinet/ip_id.c:237). > > warning: Source file is more recent than executable. > >

Re: kernel panic by enabling net.inet.ip.random_id

2016-01-06 Thread Shawn Webb
Yup, calling ip_initid() in the SYSINIT works! Thanks for the help. Thanks, Shawn On Wed, Jan 06, 2016 at 01:24:53PM -0500, Shawn Webb wrote: > That's what gets toggled via the sysctl. I think I figured out that I > need to call ip_initid() in the SYSINIT. Compiling and testing now. >

kernel panic by enabling net.inet.ip.random_id

2016-01-05 Thread Shawn Webb
] Stopped at ip_fillid+0x8e: movzbl (%rax,%rcx,1),%esi === End Log === Thanks, -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: kernel panic by enabling net.inet.ip.random_id

2016-01-05 Thread Shawn Webb
anks, Shawn On Tue, Jan 05, 2016 at 06:06:41PM -0800, Adrian Chadd wrote: > looks like a null pointer deference. What's kgdb show at that IP? > > > -a > > > On 5 January 2016 at 17:57, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: > > Hey All, > > >

isofs kernel panic

2015-12-27 Thread Shawn Webb
by FreeBSD. Thanks, -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: Base Packaging in 11

2015-12-18 Thread Shawn Webb
33 <@bapt> lattera: lots of changes in pkg itself I asked if it'd make it for 11.0-RELEASE, but he didn't respond. I'm CC'ing him onto this email thread. Thanks, -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: fork_findpid() - Fatal trap 12: page fault while in kernel mode

2015-12-15 Thread Shawn Webb
this, too. We've observed this in HardenedBSD, especially when running Poudriere and Jenkins. I think Oliver Pinter might have a potential patch to fix this. I've CC'd him on this thread. Thanks, -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: CURRENT, X11 on i5-4200M Haswell and iGPU graphics HD4600: Status?

2015-12-15 Thread Shawn Webb
d installer images here: http://jenkins.hardenedbsd.org/builds/HardenedBSD-i915kms-amd64-LATEST/ Thanks, -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

buildkernel failure

2015-11-16 Thread Shawn Webb
/sys/bus.h:655:10: fatal error: 'device_if.h' file not found #include "device_if.h" ^ 1 error generated. mkdep: compile failed --- .depend --- *** [.depend] Error code 1 make[4]: stopped in /usr/src/sys/modules/tests/framework End Log Thanks, -- Shawn Webb HardenedBS

Re: pf NAT and VNET Jails

2015-11-10 Thread Shawn Webb
On Tue, Nov 10, 2015 at 01:45:21PM -0800, NGie Cooper wrote: > On Tue, Nov 10, 2015 at 1:28 PM, Kristof Provost <k...@freebsd.org> wrote: > > On 2015-11-09 21:47:01 (-0500), Shawn Webb <shawn.w...@hardenedbsd.org> > > wrote: > >> I found the problem: it seems

  1   2   >