From owner-freebsd-arch@freebsd.org Fri Jul 6 20:09:08 2018 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BFE4010271EF for ; Fri, 6 Jul 2018 20:09:08 +0000 (UTC) (envelope-from hackagadget@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 54B8894D2C for ; Fri, 6 Jul 2018 20:09:08 +0000 (UTC) (envelope-from hackagadget@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 154C910271EA; Fri, 6 Jul 2018 20:09:08 +0000 (UTC) Delivered-To: arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E1E2010271E9 for ; Fri, 6 Jul 2018 20:09:07 +0000 (UTC) (envelope-from hackagadget@gmail.com) Received: from mail-oi0-x229.google.com (mail-oi0-x229.google.com [IPv6:2607:f8b0:4003:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 52F5894D29; Fri, 6 Jul 2018 20:09:07 +0000 (UTC) (envelope-from hackagadget@gmail.com) Received: by mail-oi0-x229.google.com with SMTP id c6-v6so25646488oiy.0; Fri, 06 Jul 2018 13:09:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=h5foM1hFVBerepDRdY4dt/lPtKdstmpl5jCbksE5AF0=; b=Vm0xpzQE8RKBnOzDFwQj7y7vhE7i0oUNVy0Q2wSYAUTSr6CPhlikQb9602+ZrzLx2+ 06CU6BP3QlsSWBDOxPJhpH+Cxahl0918DvP2RdM4TxwIQxzCd1u/479bIx43gT0hU4Qp aCT3uonosTq6dw2VUsjanBUdCB29t4ACtBmLXFXlZUK+xh8cG0KXj28PUy5kUX5fHCQD 1/RKoExZBpz2eL7jZJaRJ5u/etndA6t/aTvJIkLVfDBmsvWMeTrnYrV+gyf/wif2EH+Z +Re9v4DiSGDyh2h2oK+51mCx1SWFryt6HFXTDoEG/syhjB8dGHV3zdCdHWDPNrtURlFQ te4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=h5foM1hFVBerepDRdY4dt/lPtKdstmpl5jCbksE5AF0=; b=N4KpY1NNB1HsN1nGbeeCef4OuOYxfQAVH/OjLbpBLl1VNutlXVjPTFvUuTakaKCxeh UDXd/YkGRQHxEC1AHjQ45t1BLJIPSGitxNwQo2978HQDQNza7kFas7oCUP3hTRk5v6bs hbJN9pNe+tZu11y726e+ob8UV4Nm74f0mH4m3Y4dYSD8VYRjxRXz8VkfJ5ts5ukIfd0j unlgD00V2nVZqDOlwDslNqFH9oCJGQ5+MZqS/BFvdzxWrEQ7qVrAxdOK8Oa3jQHXn9x5 vMqLjhHl9G0V46x3JPXoMWyhzN+rnWIrR7g78ecJnDfwisugZT2fy9MgQSxwC8XTVjCi qjPA== X-Gm-Message-State: APt69E1r6fisnOE1bZQ0ib/2Kr70S//V9gUyme7XLp+QHd/XHidsAvku UstPc3kdu23ndw8tKp1P4Da4sWbGoaBslLYjEUEBAI5B X-Google-Smtp-Source: AAOMgpcpU4xAQH59WWpB2QVanhmyl2vJkBIBrvK7vufz7qARjApfnzy6T8y8lxGQIoCJwDlIP74IJ6lmaDqMn9XgnWo= X-Received: by 2002:aca:c287:: with SMTP id s129-v6mr13342003oif.3.1530907746358; Fri, 06 Jul 2018 13:09:06 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a9d:b0e:0:0:0:0:0 with HTTP; Fri, 6 Jul 2018 13:09:05 -0700 (PDT) In-Reply-To: References: From: Stephen Kiernan Date: Fri, 6 Jul 2018 16:09:05 -0400 Message-ID: Subject: Re: Veriexec To: cem@freebsd.org Cc: "freebsd-arch@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2018 20:09:09 -0000 On Thu, Jul 5, 2018 at 2:06 PM, Conrad Meyer wrote: > On Thu, Jul 5, 2018 at 10:48 AM, Stephen J. Kiernan > wrote: > > On Tue, Jul 3, 2018 at 7:09 PM, Conrad Meyer wrote: > >> > >> Hi, > >> > >> It's been two weeks since this went in broken. What's the status? > >> Has any progress been made on fixing the glaring issues? > > > > The backout commits for the veriexecctl bits (r335681) and the hooks > > into the build to compile the kernel modules (r335682) happened on > > 26 Jun 2018. > > I'm familiar with these commits, but was asking more about the topic > you glanced on below. (Additionally, I don't really like the use of > "revert" (as used in the commit message) or "backout" (here) to > describe the kernel changes. The bad code is still present, but > disabled by default.) > What would you prefer? It helps to provide an alternative if you wish to see someone potentially use it in the future. You simply stated you didn't like the use without providing an alternative. Note that the commit message for r335682 says "Partial revert of r335399 and r335400 " which is exactly what it is. It wasn't a full revert of the commits, it was only partially reverting them. > There's work in progress on fixing the issues with the meta-data store > > and its use. > > Ok. Can you elaborate on that progress? Is it happening in public? > Is there any kind of (loose) schedule in mind? > My goal was to have something by the beginning of next week, but work and life got too busy to be able to make much headway. Work has been around clocks in VMs, specifically with FreeBSD running under KVM. I'm resurrecting brianv's https://reviews.freebsd.org/D1435 review, with modifications, and have been in discussions with him since last week. As for the veriexec changes, I will be posting them as they are available to the following branch on GitHub: https://github.com/hackagadget/freebsd/tree/hackagadget/veriexec (Note this branch is currently out of date.) So right now my tentative schedule is to have first cut available for people to look at around 23 Jul 2018. Also, I want to put up a design overview on my website once I get all the maintenance done this weekend. -Steve