Affliction has quit [Quit: Read error: Connection reset by beer]
Affliction has joined #osdev
scaleww has joined #osdev
GeDaMo has joined #osdev
junon has joined #osdev
<junon>
did QEMU change how `log int` works in recent versions? It used to output all the registers and the error codes, etc. and now it just tells me the exception number without anything. The docs say "output in short format" but there doesn't seem to be a way to get a 'long format' from it.
obrien has quit [Remote host closed the connection]
goliath has joined #osdev
scaleww has quit [Quit: Leaving]
<nikolar>
KERNAL
Arthuria has joined #osdev
someguy has joined #osdev
theyneversleep has joined #osdev
Arthuria has quit [Ping timeout: 276 seconds]
Arthuria has joined #osdev
Arthuria has quit [Read error: Connection reset by peer]
Arthuria has joined #osdev
someguy has quit [Read error: Connection reset by peer]
Arthuria has quit [Killed (NickServ (GHOST command used by Guest684531))]
Arthuria has joined #osdev
Arthuria has quit [Killed (NickServ (GHOST command used by Guest684531))]
Arthuria has joined #osdev
Arthuria has quit [Read error: Connection reset by peer]
Arthuria has joined #osdev
Arthuria has quit [Killed (NickServ (GHOST command used by Guest684531))]
Arthuria has joined #osdev
heat_ has joined #osdev
heat has quit [Read error: Connection reset by peer]
Arthuria has quit [Ping timeout: 252 seconds]
heat_ is now known as heat
<heat>
kernal
<nikolar>
Indeed
masoudd has quit [Ping timeout: 260 seconds]
the_oz has quit [Quit: Leaving]
the_oz has joined #osdev
xvmt has quit [Remote host closed the connection]
the_oz has quit [Client Quit]
the_oz has joined #osdev
Maja has quit [Remote host closed the connection]
xvmt has joined #osdev
Maja has joined #osdev
someguy has joined #osdev
<Ermine>
krnl
the_oz has quit [Quit: Leaving]
the_oz has joined #osdev
xenos1984 has quit [Ping timeout: 272 seconds]
xenos1984 has joined #osdev
remexre has quit [Ping timeout: 246 seconds]
xenos1984 has quit [Ping timeout: 248 seconds]
remexre has joined #osdev
xenos1984 has joined #osdev
vdamewood has joined #osdev
<geist>
yawn
<geist>
good morning folks
<gog>
meowdy
* vdamewood
gives gog a fishy.
* gog
chomp fishy
<vdamewood>
And real life pulls me away from IRC. *grumble*
vdamewood has quit [Quit: Life beckons]
remexre has quit [Ping timeout: 248 seconds]
remexre has joined #osdev
netbsduser has joined #osdev
* Ermine
gives gog a piece of cheese
remexre has quit [Ping timeout: 248 seconds]
masoudd has joined #osdev
eddof13 has joined #osdev
GeDaMo has quit [Quit: 0wt 0f v0w3ls.]
<heat>
i tried bindgen on one of my headers
<heat>
pretty impressive, seems to work well
hwpplayer1 has joined #osdev
theyneversleep has quit [Remote host closed the connection]
<nikolar>
So you're doing rust now
<heat>
no, i was reading about bindgen and tried it out
eddof13 has quit [Quit: eddof13]
<heat>
and surprisingly it seems to work. it's a little scary how much of the base header set is brought in by one header though :)
<heat>
fwiw they say OH YOU ALMOST 100% NEED TO ALLOWLIST BECAUSE C++ IS HARD but my C++ is so simple that it Just Works
mubluekoor has quit [Quit: mubluekoor]
<nikolar>
Lol sure
mubluekoor has joined #osdev
<heat>
every time i look at linux kernel rust i get super fucking scared though
<heat>
they're doing camelcase type names :(
<heat>
clearly all of those people need a dose of reality but no one doing productive work is willing to do it
<nikolar>
Kek
<nikolar>
Camel case though, ew
masoudd has quit [Ping timeout: 248 seconds]
netbsduser has quit [Ping timeout: 255 seconds]
<mjg>
what's bindgen
<mjg>
some c++ damage control?
<gog>
not much what's bindgen with you
<mjg>
oh i walked into it :(
<heat>
bindgen is rust's automagical bindings generator
<mjg>
shieet
<mjg>
you gotta love when merely booting the linux kernel produces a splat
<mjg>
in their defense it is a dev version, but even that's kek
<mjg>
liek at least get to multiuser before things error out
<mjg>
heat: oy remember that fuck from intel who wanted to speed up by few ms with questionable kmem cache changes
<mjg>
for $reasons i just had a look at dmesg and it's nothing but loller
<mjg>
fucken' raid6 benchmarking avx
<mjg>
i don't even use raid6
<heat>
i don't actually
<Ermine>
does linux even have a distinction between single- and multiuser in kernel
<heat>
no
<heat>
UNIX kernels in general barely understand what a user even is
<mjg>
8(
<mjg>
a user is a pest with non-0 uid
<mjg>
next questoin
<Ermine>
oh, so i understand this correctly
<Ermine>
(elegant part of unix imo)
<heat>
it's aight but you end up having per-user state anyway
<heat>
for per-user limits and quotas and shizzle
<Ermine>
in-kernel those are in terms of uids, and everything else is left to userspace
FreeFull has quit []
xenos1984 has quit [Read error: Connection reset by peer]
xenos1984 has joined #osdev
<geist>
classic unices, ora t least BSD, had the whole boot into single user mode, which really isnt much more than just start a shell for root
<geist>
but it also has the whole kernel permissino level thing
<geist>
and i forget precisely what it controls, but you start at 0 with more permissions, and raise it to 1 or 2
<geist>
i think the BSDs still have that
<mjg>
it's still there
<mjg>
but numerous features and bugs got added which defeat the supposed protection
<geist>
it's one of those things that gets raised during boot and cant be lowered
<mjg>
"securelevel"
<mjg>
for example some level prevents loading kernel modules 'n shit
<mjg>
so you may think the kernel is locked down
<geist>
ah yeah and things like writing to raw devices
<mjg>
but i found some dumbfuck problems allow you to LOWER the securelevel
<geist>
oh? that seems surprising. how so?
<mjg>
there is carelessly written root-only code
<mjg>
still accessible at higher secfurelevels
<geist>
buty i thought the kernel only allows raising it
<mjg>
there is an arbitrary write of 4 bytes in there
<mjg>
so you do some massaging and overwrite securelevel back to -1
<geist>
ah, but that's a bug, if you have that none of it mattesr
<geist>
but that's not the same thing as having it
<mjg>
23:50 < mjg> but numerous features and bugs got added which defeat the supposed protection
<geist>
okay. but pouint is you cant lower the securelevel unless there's a bug
netbsduser has joined #osdev
<mjg>
one can make an argument that the core idea is sound
<heat>
make it ro after locking it down
<mjg>
my point is that the thing is still very permissible to root
<geist>
right thats my point, because as soon as you have a bug almost everything goes out the window, but that doesn't mean you shouldn't design the feature
<heat>
you DUMBASSES
<geist>
oh speaking of patch your windows box!
<mjg>
and the shit which should not be accessible still is
* geist
sends a specially crafted ipv6 packet to you
<mjg>
oh?
<mjg>
a remote dos?
<heat>
ipv6 bug found for like every windows
* mjg
is ootl
<mjg>
well it's a good thing ipv6 did not take off :d
<geist>
oh it's a good one. it's a CVE that basically has a buffer overrun (presumably) in the windows kernel *before* any firewall rules
<geist>
just raw ipv6 packet processing
<mjg>
:d
<geist>
yah but it's on by default, so you can presumably send something on a local netowkr using fe80::
<mjg>
lol that's a RCE?
<heat>
do you know the classic UAF exploitation method in linux?
<heat>
you get the UAF and then just wait for the slab page to be reused as a page table :v
<mjg>
geist: you mean from a js in the browser?
<geist>
CVE-2024-38063
<mjg>
lol so apparently the firewall does not help either
<geist>
unclear precisely how it works, but since it says it's pre-firewall filtering, rpesumably it's in the kernel at the low level packet processing
<mjg>
cause the bug is prior to that
<geist>
yah
<mjg>
lmao
<geist>
and even if you dont have an ipv6 internet connection it still has local v6 for your lan, so you could presumably still use that
<geist>
thoughi dunno if it is like 'you send exactly one malformed packet' or if it's some careful sequence where you get a socket open or something
<geist>
or it's a storm of packets that eventually triggers an integer wrap or something
<mjg>
well if you can just have malicious js generate appropriate traffic you are turbo fucked as is
<zid>
it says overflow, and it says cve
<zid>
so it's very mystery
<zid>
err rce*
<zid>
maybe you can fill up some arp table or something
<geist>
yah prsumably the details are not to be spread
<geist>
one of the summaries says you can get access to the logged in user, which is odd if it's a truly kernel sploit
<zid>
I ran the .msu to do the patch but I haven't rebooted yet to actually apply it, let's race, powercut vs getting hacked
<geist>
unless there's some amount of user side processing of the net stack, or it's not in the core stack, but some service that's sitting on the side looking at every packet that it sploits
<zid>
or maybe it's like, arp poisoning, and that defeats some other security mech, which is what they leveraged
<geist>
yah
* mjg
is waiting for blaster 2.0
<geist>
though v6 doesn't do arp per se, iirc, but it has something kinda similar (and more complicated, thus maybe easier to sploit)
<zid>
like, making gethostbyname() then explode, might be a thing
* geist
nods
<zid>
so the first user program to do that, pops them a shell
<mjg>
there will be people claiming this is yet another argument to nto deploy ipv6
<geist>
i was a bit more alarmed than most since i actually do haev real ipv6 here at my house
<heat>
v6 does ndp
<geist>
FWIW looking at my router stats it gets a pretty solid 50% of traffic over v6
<heat>
i'm gonna say it:
<zid>
yea I am globally routed ipv6
<heat>
this wouldn't happen in RUST
<zid>
I only have it turned on for irc though
* geist
smacks heat about
<zid>
it's actually off in my browser, because it tends to be unreliableish
<mjg>
i fully expect it to happen in a real rust network stack
<mjg>
because i expect it to use unsafe { }
<zid>
ipv4 I am natted so actually way more secure
<zid>
ipv6 everything is just hanging out there
<geist>
can test it out on the fuchsia net stack! (written in rust)
<heat>
isn't it written in go? the real used stack that is
<geist>
that's net stack 2, it got rewritten, net stack 3
<mjg>
net stack in go?
<geist>
we switched to it pretty much fully in the last year or so
<mjg>
wtf?
<geist>
ns2 was derived from an existing net stack in go as part of oh what was that project
<geist>
been around for a while
<heat>
gvisor
someguy has quit [Ping timeout: 255 seconds]
<geist>
yah gvisor, which is also written in go
<heat>
RIIG
<geist>
iirc it's pretty performant and decent, *but* it's tuned for server style stuff
<geist>
and really doesn't scale 'down' very well
<geist>
but i really dont know much more than that
<heat>
arent the GC pauses a killer?
<geist>
no idea, honestly
<geist>
i'd think so, but lots of big stuff is written in go, so must be reasonable solutions for that
<geist>
maybe it's fairly easy to write go code that doesn't result in a lot of garbage
<geist>
(or hard, and hard to work with that code in the long run)
<mjg>
there is tons of stuff in node.js people put up with for years
<mjg>
until one day it got rust'ed
<mjg>
just sayin'
<geist>
yep
<mjg>
just because someone is using it, does not mean it performs in anything close to a reasonable standard
<nortti>
aiui go garbage collector optimizes for minimum pauses at the cost of throughput
<mjg>
that is pragmatic
<mjg>
lower tail end latency is the default goal
<geist>
i think early on we wrote a lot of fuchsia in go, but it quickly turned out to not be a great idea if you want to run on < server
<mjg>
:)
<geist>
or really writing large system services in GCed languages is a generally Bad Idea
<geist>
in any sort of resource constrained system
<geist>
though of course you can do it, and maybe it works okay if it's generally One Big Service
<heat>
nah bro im oracle pilled im rewriting onyx for sparc with java
<geist>
but as soon as you have a pile of them all GCing at different times it gets really hard to grok the memory usage globally
<geist>
spppppaaarc
<gog>
sparc sparc sparc sparc
<mjg>
GC is a known loller
<mjg>
so much time was spent trying to damage control the beast