Date: Fri, 6 Jul 2018 16:09:05 -0400 From: Stephen Kiernan <hackagadget@gmail.com> To: cem@freebsd.org Cc: "freebsd-arch@freebsd.org" <arch@freebsd.org> Subject: Re: Veriexec Message-ID: <CAEm%2B2uVwmM6y5sx9u_MoED%2BWJT_hAs3j-LReWdXQKKcBrO3tfw@mail.gmail.com> In-Reply-To: <CAG6CVpV7Cf1DTx0aMoWaisHbrF-J6SbiFuJoJ%2Bj6dKjbEPMQ9A@mail.gmail.com> References: <CAG6CVpW3xL5pmiU91WgzXKram7ogMYNzBF3a-ggaXjkD3fMbWw@mail.gmail.com> <CAEm%2B2uWJTyF1QyYraGxNS3TpJNPyT0hMnsVAXj%2BUSayH%2BJi4nA@mail.gmail.com> <CAG6CVpV7Cf1DTx0aMoWaisHbrF-J6SbiFuJoJ%2Bj6dKjbEPMQ9A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 5, 2018 at 2:06 PM, Conrad Meyer <cem@freebsd.org> wrote: > On Thu, Jul 5, 2018 at 10:48 AM, Stephen J. Kiernan <stevek@freebsd.org> > wrote: > > On Tue, Jul 3, 2018 at 7:09 PM, Conrad Meyer <cem@freebsd.org> wrote: > >> > >> Hi, > >> > >> It's been two weeks since this went in broken. What's the status? > >> Has any progress been made on fixing the glaring issues? > > > > The backout commits for the veriexecctl bits (r335681) and the hooks > > into the build to compile the kernel modules (r335682) happened on > > 26 Jun 2018. > > I'm familiar with these commits, but was asking more about the topic > you glanced on below. (Additionally, I don't really like the use of > "revert" (as used in the commit message) or "backout" (here) to > describe the kernel changes. The bad code is still present, but > disabled by default.) > What would you prefer? It helps to provide an alternative if you wish to see someone potentially use it in the future. You simply stated you didn't like the use without providing an alternative. Note that the commit message for r335682 says "Partial revert of r335399 <https://svnweb.freebsd.org/base?view=revision&revision=335399>; and r335400 <https://svnweb.freebsd.org/base?view=revision&revision=335400>" which is exactly what it is. It wasn't a full revert of the commits, it was only partially reverting them. > There's work in progress on fixing the issues with the meta-data store > > and its use. > > Ok. Can you elaborate on that progress? Is it happening in public? > Is there any kind of (loose) schedule in mind? > My goal was to have something by the beginning of next week, but work and life got too busy to be able to make much headway. Work has been around clocks in VMs, specifically with FreeBSD running under KVM. I'm resurrecting brianv's https://reviews.freebsd.org/D1435 review, with modifications, and have been in discussions with him since last week. As for the veriexec changes, I will be posting them as they are available to the following branch on GitHub: https://github.com/hackagadget/freebsd/tree/hackagadget/veriexec (Note this branch is currently out of date.) So right now my tentative schedule is to have first cut available for people to look at around 23 Jul 2018. Also, I want to put up a design overview on my website once I get all the maintenance done this weekend. -Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEm%2B2uVwmM6y5sx9u_MoED%2BWJT_hAs3j-LReWdXQKKcBrO3tfw>