![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / kern
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.2.6.3, Wed Apr 8 14:08:52 2020 UTC (4 years ago) by martin
Branch: phil-wifi
Changes since 1.2.6.2: +2 -2
lines
FILE REMOVED
Merge changes from current as of 20200406
Revision 1.2.10.1, Sat Feb 29 20:21:03 2020 UTC (4 years, 1 month ago) by ad
Branch: ad-namecache
Changes since 1.2: +2 -2
lines
FILE REMOVED
Sync with head.
Revision 1.3, Sat Feb 8 07:07:07 2020 UTC (4 years, 2 months ago) by maxv
Branch: MAIN
CVS Tags: thorpej-futex-base,
phil-wifi-20200421,
phil-wifi-20200411,
phil-wifi-20200406,
cjep_sun2x-base,
cjep_sun2x,
cjep_staticlib_x-base1,
cjep_staticlib_x-base,
cjep_staticlib_x,
bouyer-xenpvh-base2,
bouyer-xenpvh-base1,
bouyer-xenpvh-base,
bouyer-xenpvh,
bouyer-sunxi-drm-base,
bouyer-sunxi-drm,
ad-namecache-base3,
HEAD
Changes since 1.2: +2 -2
lines
FILE REMOVED
Retire KLEAK. KLEAK was a nice feature and served its purpose; it allowed us to detect dozens of info leaks on the kernel->userland boundary, and thanks to it we tackled a good part of the infoleak problem 1.5 years ago. Nowadays however, we have kMSan, which can detect uninitialized memory in the kernel. kMSan supersedes KLEAK: it can detect what KLEAK was able to detect, but in addition, (1) it operates in all of the kernel and not just the kernel->userland boundary, (2) it requires no user interaction, and (3) it is deterministic and not statistical. That makes kMSan the feature of choice to detect info leaks nowadays; people interested in detecting info leaks should boot a kMSan kernel and just wait for the magic to happen. KLEAK was a good ride, and a fun project, but now is time for it to go. Discussed with several people, including Thomas Barabosch.
Revision 1.2.6.2 / (download) - annotate - [select for diffs], Mon Jun 10 22:09:03 2019 UTC (4 years, 10 months ago) by christos
Branch: phil-wifi
Changes since 1.2.6.1: +446 -0
lines
Diff to previous 1.2.6.1 (unified) to branchpoint 1.2 (unified)
Sync with HEAD
Revision 1.2.2.2 / (download) - annotate - [select for diffs], Wed Dec 26 14:02:04 2018 UTC (5 years, 3 months ago) by pgoyette
Branch: pgoyette-compat
CVS Tags: pgoyette-compat-merge-20190127
Changes since 1.2.2.1: +446 -0
lines
Diff to previous 1.2.2.1 (unified) to branchpoint 1.2 (unified) next main 1.3 (unified)
Sync with HEAD, resolve a few conflicts
Revision 1.2.6.1, Mon Dec 10 07:24:49 2018 UTC (5 years, 4 months ago) by christos
Branch: phil-wifi
Changes since 1.2: +0 -446
lines
FILE REMOVED
file subr_kleak.c was added on branch phil-wifi on 2019-06-10 22:09:03 +0000
Revision 1.2.2.1, Mon Dec 10 07:24:49 2018 UTC (5 years, 4 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.2: +0 -446
lines
FILE REMOVED
file subr_kleak.c was added on branch pgoyette-compat on 2018-12-26 14:02:04 +0000
Revision 1.2 / (download) - annotate - [select for diffs], Mon Dec 10 07:24:49 2018 UTC (5 years, 4 months ago) by maxv
Branch: MAIN
CVS Tags: phil-wifi-20191119,
phil-wifi-20190609,
pgoyette-compat-20190127,
pgoyette-compat-20190118,
pgoyette-compat-1226,
netbsd-9-base,
netbsd-9-3-RELEASE,
netbsd-9-2-RELEASE,
netbsd-9-1-RELEASE,
netbsd-9-0-RELEASE,
netbsd-9-0-RC2,
netbsd-9-0-RC1,
netbsd-9,
isaki-audio2-base,
isaki-audio2,
ad-namecache-base2,
ad-namecache-base1,
ad-namecache-base
Branch point for: phil-wifi,
pgoyette-compat,
ad-namecache
Changes since 1.1: +13 -7
lines
Diff to previous 1.1 (unified)
Improve error handling, doesn't matter a lot, but still.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Dec 2 21:00:13 2018 UTC (5 years, 4 months ago) by maxv
Branch: MAIN
Introduce KLEAK, a new feature that can detect kernel information leaks. It works by tainting memory sources with marker values, letting the data travel through the kernel, and scanning the kernel<->user frontier for these marker values. Combined with compiler instrumentation and rotation of the markers, it is able to yield relevant results with little effort. We taint the pools and the stack, and scan copyout/copyoutstr. KLEAK is supported on amd64 only for now, but it is not complicated to add more architectures (just a matter of having the address of .text, and a stack unwinder). A userland tool is provided, that allows to execute a command in rounds and monitor the leaks generated all the while. KLEAK already detected directly 12 kernel info leaks, and prompted changes that in total fixed 25+ leaks. Based on an idea developed jointly with Thomas Barabosch (of Fraunhofer FKIE).