Details
Diff Detail
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
Lots to add still, including hw mitigations
machdep.mitigations.rngds.state: Not applicable machdep.mitigations.rngds.enable: 1 machdep.mitigations.flush_rsb_ctxsw: 1 machdep.mitigations.taa.state: TSX not present machdep.mitigations.taa.enable: 0 machdep.mitigations.mds.disable: 0 machdep.mitigations.mds.state: inactive machdep.mitigations.ssb.disable: 0 machdep.mitigations.ssb.active: 0 machdep.mitigations.ibrs.disable: 1 machdep.mitigations.ibrs.active: 0
PROT_MAX
compile-time options (PIE, RELRO, BIND_NOW)
SMEP/SMAP/PAN/PXN
Here is a diff below containing a whole new part on hardware mitigations, with a general introduction and a specific section for Zenbleed.
Please tell me if you find it too detailed or not at the right level of language.
I'm attaching the diff here since I can't update this differential revision. I could create another one if you prefer. I'm unsure which collaborative workflow is best for large edits from multiple people.
Thanks.
{F67700098}
Phab is just showing {F67700098} not the diff you attached.
In any case you're right, phab is not great for collaborative editing. I can either incorporate your text if you want to just mail it or paste it in a comment and add a Co-authored-by: tag, or we can commit an interim version of this page (without connecting it to the build at first) and iterate on it in the tree.
Ah, sorry about that. I had had the same issue yesterday when viewing the page while not being logged, but after logging I could see the name of the file and a download button, so I assumed it would be OK when you're logged. But since you commented (logged), something else is probably going on.
In any case you're right, phab is not great for collaborative editing. I can either incorporate your text if you want to just mail it or paste it in a comment and add a Co-authored-by: tag, or we can commit an interim version of this page (without connecting it to the build at first) and iterate on it in the tree.
Sending it to you by mail for now (only the plain mitigations.7, which is a drop-in replacement). Iterating in the tree would be OK as well (once I can actually do that).
share/man/man7/mitigations.7 | ||
---|---|---|
98 | New sentence new line | |
106 | It sounds too positive to me. | |
120 | Perhaps explain what is different between PIE and 'older' binaries WRT ASLR. | |
146 | Note that ASLR mode change for process become effective on address space change, ie. on execve(2). | |
163 | NSNL | |
165 | May be explain that typical victim are JIT-like programs, and that under w^x mode they need to be modified to write executable data, then change the page mode with mprotect(2). | |
195 | Missed explanation? | |
209 | ||
213 | Needs to explain that ABI is broken. | |
217 | What does this title do there? | |
245 | Sometimes sw mitigations depends on hw capabilities presented by microcode updates. | |
312 | NSNL | |
343 | .Xr cpucontrol 8 |
share/man/man7/mitigations.7 | ||
---|---|---|
106 | I can just delete the 2nd sentence. |
share/man/man7/mitigations.7 | ||
---|---|---|
106 | You might state s/defense/claims to improve protection/ or similar. |