MKSANITIZER - bug detector software integration with the NetBSD userland
I've finished the integration of sanitizers with the distribution build framework. A bootable and installable distribution is now available, verified with Address Sanitizer, with Undefined Behavior Sanitizer, or with both concurrently. A few dozen bugs were detected and the majority of them addressed.
LLVM sanitizers are compiler features that help find common software bugs. The following sanitizers are available:
- TSan: Finds threading bugs,
- MSan: Finds uninitialized memory read,
- ASan: Finds invalid address usage bugs,
- UBSan: Finds unspecified code semantics in runtime.
The new MKSANITIZER option supports full coverage of the NetBSD code base with these sanitizers, which helps reduce bugs and serve high security demands.[Read More] [1 comment]
GSoC 2018 Reports: Kernel Undefined Behavior Sanitizer, Part 1
Prepared by Harry Pantazis(IRC:luserx0, Mail:luserx0 AT gmail DOT com) as part of GSoC 2018.
For GSoC '18, I'm working on the Kernel Undefined Behavior Sanitizer (KUBSAN) project for the integration of Undefined Behavior regression testing on the amd64 kernel. This article summarizes what has been done up to this point (Phase 1 Evaluation), future goals and a brief introduction to Undefined Behavior.[Read More] [0 comments]
GSoC 2018 Reports: Kernel Address Sanitizer, Part 1
Prepared by Siddharth Muralee (@Tr3x__) as part of GSoC 2018.
It's been a fun couple of weeks since I started working on the Kernel Address Sanitizer (KASan) project with NetBSD. I have learned a lot during this period. It's been pretty amazing. This is a report on the work I have done prior to the first evaluation period.[Read More] [0 comments]
GSoC 2018 Reports: Integrate libFuzzer with the Basesystem, Part 1
Prepared by Yang Zheng (tomsun.0.7 AT Gmail DOT com) as part of GSoC 2018
During the Google
Summer of Code 2018, I'm working on the project
of integrating
libFuzzer
for the userland
applications. The libFuzzer
is a fuzzing engine
based on the coverage information provided by
the SanitizerCoverage
in LLVM. It can repeatedly generate mutations of input data and test
them until it finds the potential bugs. In this post, I'm going to
share what I have done in the first month of this summer.[Read More]
[0 comments]
=?iso-8859-8-i?Q? Handling non-UTF-8 Hebrew email
I like to use CLI email clients (mutt). This by itself is not unusual, but I happen to do this while speaking a language written right-to-left, Hebrew.
Decent bidi support in CLI tools is rare, so my impression is that very few people do this.[Read More] [1 comment]
Coverage of signal routines in the kernel in the context of ptrace(2)
During the past month I have been working on coverage of various corner cases in the signal subsystem in the kernel. I have also spent some time on improvements in the land of sanitizers. As a mentor I was able to, thanks to the fulltime focus on NetBSD work, actively help three Google Summer of Code students. Not every question would be answered by myself without code reading but at least I am available for active collaboration, especially when it's to improve code that I have already authored, like sanitizers. At the end of the month we have managed to catch two uninitialized memory reads in the top(1) utility, using the Memory Sanitizer feature and rebuilt part of the basesystem (i.e. library dependencies: libterminfo, libkvm, libutil) with dedicated sanitization flags. [Read More] [0 comments]
Network Security Audit
Security audit of NetBSD's network stack
[Read More] [6 comments]
An annotated look at a NetBSD Pinebook's startup
Pinebook is an affordable 64-bit ARM notebook. Today we're going to take a look at the kernel output at startup and talk about what hardware support is available.
[Read More] [2 comments]MATE 1.20 on NetBSD arm64 (Pinebook), thanks @YouriMouton ! pic.twitter.com/VYHDzQY1gb
— Jared McNeill (@jmcwhatever) May 20, 2018
Getting my new laptop to work
I've recently been gifted a fancy laptop - a Dell XPS 15 9550.
I want to run NetBSD on it and have it run well, and I've set aside time to achieve this.
These are some of the lessons I learned from porting code to support my SD card reader and wireless card.
Forking fixes in the context of debuggers
For the past month I've been mostly working on improving the kernel code in the ptrace(2) API. Additionally, I've prepared support for reading NetBSD/aarch64 core(5) files. [Read More] [0 comments]
Announcing Google Summer of Code 2018 projects
We are very happy to announce The NetBSD Foundation Google Summer of Code 2018 projects:
- Harsh Khatore - Modern cryptographic algorithms to netpgp, netpgpverify
- Nizar Benshaqi - SQL Database for ATF tests results with online query and statistics page
- Marwa Desouky - Tickless Kernel with high-resolution timers
- Harry Pantazis - Kernel Undefined Behavior SANitizer
- Does025 - Porting FreeBSD Atheros driver to NetBSD
- Saad Mahmood - Machine-independent EFI bootloader
- Yang Zheng - Integrate libFuzzer With the Basesystem
- Keivan Motavalli - configuration files versioning in pkgsrc
- R3x - Implementing Kernel Address Sanitizer (KASan) in the NetBSD kernel
NetBSD 8.0 Release Candidate 1
The NetBSD Project is pleased to announce NetBSD 8.0 RC 1, the first release candidate for the upcoming NetBSD 8.0 release.
25 years and a few days after the first official NetBSD release (NetBSD 0.8 on April 19, 1993) we are now quickly approaching the first final release from the netbsd-8 branch that has been in the work for more most of a year now.
The official RC1 announcement list these major changes compared to older releases:
- USB stack rework, USB3 support added
- In-kernel audio mixer
- Reproducible builds
- PaX MPROTECT (W^X) memory protection enforced by default on some architectures with fine-grained memory protection and suitable ELF formats: i386, amd64, evbarm, landisk, pmax
- PaX ASLR enabled by default on:
i386, amd64, evbarm, landisk, pmax, sparc64 - MKPIE (position independent executables) by default for userland on: i386, amd64, arm, m68k, mips, sh3, sparc64
- added can(4), a socket layer for CAN busses
- added ipsecif(4) for route-based VPNs
- made part of the network stack MP-safe NET_MPSAFE kernel option is required to try
- WAPBL stability and performance improvements
Specific to i386 and amd64 CPUs:
- Meltdown mitigation: SVS (separate virtual address spaces)
- Spectre mitigation (support in gcc, used by default for kernels)
- SMAP support
- (U)EFI bootloader
Various new drivers:
- nvme(4) for modern solid state disks
- iwm(4), a driver for Intel Wireless devices (AC7260, AC7265, AC3160...)
- ixg(4): X540, X550 and newer device support.
- ixv(4): Intel 10G Ethernet virtual function driver.
- bta2dpd - new Bluetooth Advanced Audio Distribution Profile daemon
Many evbarm kernels now use FDT (flat device tree) information (loadable at boot time from an external file) for device configuration, the number of kernels has decreased but the numer of boards has vastly increased.
Lots of updates to 3rd party software included:
- GCC 5.5 with support for Address Sanitizer and Undefined Behavior Sanitizer
- GDB 7.12
- GNU binutils 2.27
- Clang/LLVM 3.8.1
- OpenSSH 7.6
- OpenSSL 1.0.2k
- mdocml 1.14.1
- acpica 20170303
- ntp 4.2.8p11-o
- dhcpcd 7.0.3
- Lua 5.3.4
The NetBSD developers and the release engineering team have spent a lot of effort to make sure NetBSD 8.0 will be a superb release, but we have not yet fixed most of the accompanying documentation. So the included release notes and install documents will be updated before the final release, and also the above list of major items may lack important things.
Get NetBSD 8.0 RC1 from our CDN (provided by fastly) or one of the ftp mirrors.
Complete source and binaries for NetBSD are available for download at many sites around the world. A list of download sites providing FTP, AnonCVS, and other services may be found at http://www.NetBSD.org/mirrors/.
Please test RC1, so we can make the final release the best one ever so far. We are looking forward to your feedback. Please send-pr any bugs or mail us at releng at NetBSD.org for more general comments.
[0 comments]