Profile

Cover photo
David Herrmann
318,358 views
AboutPostsPhotosVideos

Stream

David Herrmann

Shared publicly  - 
 
If you invent something new, one of the hardest parts is to convey your concept. In the case of kdbus, I meet a lot of people who don't have a clue what it actually does. On the other hand, most people seem to be pretty familiar with AF_UNIX. Hence, I went ahead and tried to describe the very fundamental concept of kdbus, by "speaking" AF_UNIX.

I hope this makes people re-evaluate their position, if they read some premature judgement about kdbus on news media or forums. I don't believe kdbus is something radically new, nor is it a huge code-base. I much rather believe we just picked the parts of existing features we needed, and formed a fresh new interface that should serve DBus' needs for the years to come.
64
34
Djalal Harouni's profile photoPeter Senna Tschudin's profile photoDaniel Sandman's profile photoHoang Tran's profile photo
2 comments
 
From what I understand of kdbus, naming it something with dbus in it was actually a mistake. The DBus design and implementation carries a lot of baggage that is irrelevant to the new subsystem. Maybe just kbus would have been better; maybe something like mpxio [reminiscent chuckle]. Anyhow, too late now I guess.
Add a comment...

David Herrmann

Shared publicly  - 
 
"I � Unicode."
36
2
Ismael Castiñeira Álvarez's profile photoDaniel Mack's profile photoFlorian Echtler's profile photoMax Berger's profile photo
2 comments
 
Die Unicode Selbsthilfegruppe trifft sich heute im Gr¶nen Saal
 ·  Translate
Add a comment...

David Herrmann

Shared publicly  - 
 
 
Please help us defend our trademark from Groupon and support GNOME!  

"GNOME" the trademark has been a familiar name for the past 17 years in the Free and Open Source Software community. The GNOME project has been a staple desktop for GNU/Linux and BSD desktops. It was the default desktop for Sun Microsystems workstation class machines, continues to be the default desktop for the Red Hat Enterprise Linux and SUSE Linux Enterprise Server distributions, and it is the default desktop of Fedora and Debian. SUSE Linux Enterprise Point of Service solution for the retail industry is based on GNOME. GNOME technology can be found in TVs, tablets, phones, consumer devices, and in common software everywhere.

Recently Groupon announced a product with the same product name as GNOME. Groupon’s product is a tablet based point of sale “operating system for merchants to run their entire operation." The GNOME community was shocked that Groupon would use our mark for a product so closely related to the GNOME desktop and technology. It was almost inconceivable to us that Groupon, with over $2.5 billion in annual revenue, a full legal team and a huge engineering staff would not have heard of the GNOME project, found our trademark registration using a casual search, or even found our website, but we nevertheless got in touch with them and asked them to pick another name. Not only did Groupon refuse, but it has now filed even more trademark applications (the full list of applications they filed is available on our groupon page linked). To use the GNOME name for a proprietary software product that is antithetical to the fundamental ideas of the GNOME community, the free software community and the GNU project is outrageous. Please help us fight this huge company as they try to trade on our goodwill and hard earned reputation.

We want to show that our brand matters and that you care. Of the 28 trademark applications Groupon filed, we have to file formal proceedings to oppose 10 of them by December 3, 2014. Help us raise the funds to fight back and most of all call public attention to this terrible behavior by Groupon. Help us make sure that when people hear about GNOME software they learn about freedom and not proprietary software. Our counsel has advised us that we will need $80,000 to oppose the registration of the first set of 10 applications. If we are able to defend the mark without spending this amount, we will use the remaining funds to bolster and improve GNOME. Please help us raise the money to protect GNOME's trademark and strengthen Free Software!

Please donate here:
http://www.gnome.org/groupon/
"GNOME" the trademark has been a familiar name for the past 17 years in the Free and Open Source Software community. The GNOME project has been a staple desktop for GNU/Linux and BSD desktops. It was the default desktop for Sun Microsystems workstation class machines, continues to be the default ...
2
Add a comment...

David Herrmann

Shared publicly  - 
 
A big thanks to BSD for introducing the safe strlcpy as replacement for strncpy. There's no unexpected behavior anymo-- wait, no.. oh god! strlcpy requires the source to be 0 terminated, even if its longer than the target size. Why? Of course, so the return-value can be the length of the string that was tried to be written, instead of the real written length.

Not the first time I see kernel-patches replacing the good old:
strncpy(kernel, from_user, len - 1) + kernel[len] = 0
with:
strlcpy(kernel, from_user, len)

This so not works well...
15
11
Jürgen Hanker's profile photoWilliam Dauchy's profile photoAntonio Bonanno's profile photogeorge oloo's profile photo
2 comments
 
The danger with strclpy() is that you could read from unmapped memory and cause an oops.  I have never heard of this happening in real life because memory is so full of NUL characters.

The one example I have seen where someone complained about strlcpy() was where in a place where it was totally safe.  He wouldn't give up even when I explained to him why strclpy() was safe in that context.

I would be interested to see a real bug even if it couldn't be triggered.
Add a comment...

David Herrmann

Shared publicly  - 
 
Before sending v3 of the memfd+sealing patches, I wrote a short overview. We're close to getting this merged upstream, so it was time to get something we can refer people to:

http://dvdhrm.wordpress.com/2014/06/10/memfd_create2/
23
11
Conrad Meyer's profile photoFernando Apesteguía's profile photoBrandon Philips's profile photogeorge oloo's profile photo
21 comments
 
Just noticed its upstream, good work!
Add a comment...

David Herrmann

Shared publicly  - 
 
Linux Virtual-Memory gem: If your device-driver supports mmap(PROT_WRITE), you can never revoke access to those pages (no, not even unmap_mapping_range())!

How so, you ask? The villain is called get_user_pages() (GUP): For example, Direct-IO pins underlying pages until the write is finished. So if you use the memory-mapped pages as receive buffer to a direct-IO operation on some other object, the kernel pins your mapped pages and reads data into them asynchronously. Even if you munmap() that area, the kernel keeps these pages pinned for the ongoing operation. FUSE (or any network-based IO) can delay such operations for an indefinite period. Therefore, the actual write to the page can occur at any time.

Why should I care? It breaks nearly any feature that makes objects read-only during runtime or moves data between pages without freezing page->_count. This includes:
 * remounting a FS read-only
 * revoking access to a file
 * setting S_IMMUTABLE
 * DRM/TTM swapper
 * mandatory POSIX locks
 * file sealing
 * VESA/VGA hw handover (or other fbdev handovers)

I think I could extend this list indefinitely. The only protection I found so far is VM_IO, which prevents GUP (or, obviously, VM_PFNMAP).

Btw., there's no intention to fix this generically. If you want to forcibly deny write access to a page, there's nothing left but migrate it and let old I/O phase out on the old page (or set VM_IO!).
I'm still hoping for some magic solution to this.. spent far too much time digging into mm/
19
16
Hong Chen's profile photoJian-Jhong Ding (JJ)'s profile photoChekkizhar N's profile photoPatrick McFarland's profile photo
6 comments
 
...and this is the reason you don't want non-root users mounting network filesystems or playing with fuse.
Add a comment...

David Herrmann

Shared publicly  - 
 
So for quite some time, if I switch from X11 to fbcon, I get a graphical animation that "moves" the fbcon content into the screen from the right / left border depending where I switch to. The animation is a bit clumsy and if you look closely, you notice it takes exactly 4 frames, and each frame moves the content by exactly 25% to the left / right. It never bothered me that it wasn't really smooth (I mean, it's the same people that wrote motif, right?), I just imagined some gfx-developer looking at the result and being satisfied. Which in turn made me happy.

That changed radically today, after I tried asking the DRI developers where that code is implemented. Turns out, no-one was aware of that animation and it's very likely a bug in the SNA code of the intel DDX.

Long story short: I wish I could screw up in my code and it would produce a fancy feature. All I get is angry users.. sigh
53
1
Rob Clark's profile photoAlex B's profile photoDaniel Stone's profile photo
2 comments
Alex B
 
I once faced a similar bug in racing game for J2EE. Tester said that if he press 2,8 and 9, car will jump. Funny thing that Y coor of car was fixed and never changed. Appears that device was too slow to process user input and draw new piece of the road. And without proper synchronization it caused visual effect of jumping car.
Add a comment...

David Herrmann

Shared publicly  - 
 
That feeling when you audit your own code and you're really not sure whether you wanna look behind that tree.
26
1
Drew Fustini (pdp7)'s profile photo
Add a comment...

David Herrmann

Shared publicly  - 
 
memfd is merged, thanks to all involved! But lets not get nostalgic, but continue straight to the next task: revoke()
28
6
Brandon Philips's profile photoJohannes Löthberg's profile photoKrzysztof Wilczynski's profile photogeorge oloo's profile photo
3 comments
 
I think for device drivers at least, this revoke stuff needs a better way to handle mmap, in particular mmap of MMIO space.
Add a comment...

David Herrmann

Shared publicly  - 
 
 
Most impressive keynote of the week, by a large margin.
20
5
Boris Kaul's profile photoMarkus Lobedann's profile photo
Add a comment...

David Herrmann

Shared publicly  - 
 
Cool! I didn't know there was a VT-ioctl to clear the... wait, no, WHAT?

Yes, switching between VTs is how 'security' is implemented on linux. Oh, and please don't break this precious feature by fixing scrollback buffers like this: https://lkml.org/lkml/2014/5/30/664
Man Page or Keyword Search: Man. All Sections, 1 - General Commands, 2 - System Calls, 3 - Subroutines, 4 - Special Files, 5 - File Formats, 6 - Games, 7 - Macros and Conventions, 8 - Maintenance Commands, 9 - Kernel Interface, n - New Commands. Debian 6.0 squeeze, Debian 7.0 wheezy ...
17
2
Lennart Poettering's profile photoDavid Herrmann's profile photoH. Peter Anvin's profile photogeorge oloo's profile photo
4 comments
 
+Lennart Poettering CSI-J is "erase in display / ED", that's only for on-screen buffers, not scrollback. xterm supports an extension to clear saved lines (ED 3), but I doubt that the kernel supports it. (EDIT: oh, it's indeed supported since 2.6.something)
Add a comment...

David Herrmann

Shared publicly  - 
 
 
Mars Panorama - NASA’s Curiosity Mars Rover selfie: Martian night
(Digital Art Compilation)
12
1
Артур Файзуллин's profile photoAditya Rachakonda's profile photo
 
perfect selfy! :)
Add a comment...
People
Basic Information
Gender
Male
Work
Occupation
Student