Commit Graph

253747 Commits

Author SHA1 Message Date
Tycho Nightingale
42360f5c5b eliminate possible race in parallel TLB shootdown IPI
On the target side TLB shootdown IPI handler, prevent the compiler
from performing a forward store optimization which may mask a
subsequent update to the scoreboard by the initiator.

Reported by:	Max Laier, Anton Rang
Discussed with:	kib
Sponsored by:	Dell EMC Isilon
2020-10-13 18:28:48 +00:00
John Baldwin
47e2650ea4 Add support to the KTLS OCF module for AES-CBC MTE ciphersuites.
This is a simplistic approach which encrypts each TLS record in two
separate passes: one to generate the MAC and a second to encrypt.
This supports TLS 1.0 connections with implicit IVs as well as TLS
1.1+ with explicit IVs.

Reviewed by:	gallatin
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D26730
2020-10-13 18:04:19 +00:00
Robert Wing
915dcdb7ac ctl.conf(5): fix LUN size in UCL format example.
Remove quotes around size in the LUN section and change the suffix to 'GB'. The
UCL format does recognize 'G' on its own, which uses a base 10 multiplier where
'GB' uses a 2 power multiplier.

Document the difference between valid suffixes when using ctl.conf(5) in the
general syntax form or in UCL format.

Reviewed by:    kevans, mav
Approved by:    kevans (mentor)
Differential Revision: https://reviews.freebsd.org/D26716
2020-10-13 18:00:23 +00:00
John Baldwin
c2a8fd6f05 Permit sending empty fragments for TLS 1.0.
Due to a weakness in the TLS 1.0 protocol, OpenSSL will periodically
send empty TLS records ("empty fragments").  These TLS records have no
payload (and thus a page count of zero).  m_uiotombuf_nomap() was
returning NULL instead of an empty mbuf, and a few places needed to be
updated to treat an empty TLS record as having a page count of "1" as
0 means "no work to do" (e.g. nothing to encrypt, or nothing to mark
ready via sbready()).

Reviewed by:	gallatin
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D26729
2020-10-13 17:30:34 +00:00
John Baldwin
1775215f88 Add support for FPU_KERN_NOCTX.
This mirrors the implementation on amd64.

Reviewed by:	kib
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D26754
2020-10-13 17:27:37 +00:00
John Baldwin
4ef6ea38fc Add a <machine/fpu.h> for i386 that includes <machine/npx.h>.
arm64 has a similar wrapper.  This permits defining <machine/fpu.h> as
the standard header for fpu_kern_*.

Reviewed by:	kib
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D26753
2020-10-13 17:26:12 +00:00
Brooks Davis
155e586513 libgssapi: modernize static string array use
Use designated initializers to document positions in the arrays rather
than requiring counting. Use nitems() rather than rolling it by hand to
count elements.

Also, passify a Clang 12 warning about suspcious string concatenation
within an array initializer by adding parentheses.

Reviewed by:	emaste
MFC after:	1 week
Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D26592
2020-10-13 17:14:30 +00:00
Andrew Turner
b9aa4537b2 Use adrp in the arm64 efi loader
On startup the arm64 efi loaders need to know PC-relative addresses.
Previously we used the adr instruction to find this address, however this
instruction is limited to +/- 1MiB.

Switch to adrp to find the 4k page the address is within and an add to
set the bottom 12 bits. This lets us address +/- 4GiB which should be
large enough for now.

Reported by:	imp
MFC after:	2 weeks
Sponsored by:	Innovate UK
2020-10-13 16:51:05 +00:00
Hans Petter Selasky
d524c46fb8 Implement more RCU list functions in the LinuxKPI.
This also fixes a bug in the existing list_add_rcu() where the
prev->prev pointer was updated to the new element instead of
next->prev. Currently this function is not widely used.

MFC after:		1 week
Sponsored by:		Mellanox Technologies // NVIDIA Networking
2020-10-13 16:19:21 +00:00
Scott Long
4bc604dcda Bring the request_descriptor union into harmony internally. No
functional change.
2020-10-13 14:10:49 +00:00
Kristof Provost
52b83a0618 pf: do not remove kifs that are referenced by rules
Even if a kif doesn't have an ifp or if_group pointer we still can't delete it
if it's referenced by a rule. In other words: we must check rulerefs as well.

While we're here also teach pfi_kif_unref() not to remove kifs with flags.

Reported-by: syzbot+b31d1d7e12c5d4d42f28@syzkaller.appspotmail.com
MFC after:   2 weeks
2020-10-13 11:04:00 +00:00
Andrew Turner
ed50d40834 Bump __FreeBSD_version for the fix to arm64 write-only mappings
Sponsored by:	Innovate UK
2020-10-13 10:31:12 +00:00
Andrew Turner
f56a08c810 Fix write only mappings on arm64
When trapping on a wrote access to a buffer the kernel has mapped as write
only we should only pass the VM_PROT_WRITE flag. Previously the call to
vm_fault_trap as the VM_PROT_READ flag was unexpected.

Reported by:	manu
Sponsored by:	Innovate UK
2020-10-13 10:26:15 +00:00
Alex Richardson
2cef3afd7b Stop using -O instead of -O2 for MIPS
Until clang 11 that was equivalent to -O2, but clang changed it to -O1 so
generated MIPS code will now be unnecessarily slow. It also removes a weird
special case from sys.mk.
This is similar to the D26471 change for debug kernels and should not change
anything since everything was previously building MIPS code at -O2 until the
clang 11 update.

Reviewed By:	trasz
Differential Revision: https://reviews.freebsd.org/D26749
2020-10-13 08:14:33 +00:00
Warner Losh
085e62eb4f Document /boot/config as well as /boot.config
Add a note about /boot/config being an alternative location for this
information. Correct description of -P.
2020-10-13 05:39:43 +00:00
Warner Losh
aed4e355bd devmatch: First appeared in 12.0
Document that devmatch first appeared in FreeBSD 12.0. Also can't -> can not. But
it doesn't help the sentence much.

MFC After: 3 days
2020-10-13 05:32:00 +00:00
Warner Losh
eb93b08fe0 Document the rather suprising behavior with ' inside action rules.
To prevent issues with odd shell characters appearing in, a surprising
shell feature is used. Document it and a workaround for it.

Differential Revision: https://reviews.freebsd.org/D26723
2020-10-13 05:19:00 +00:00
Warner Losh
e694696956 Force __BMI__ experimental instructions off.
The OpenZFS code that uses the BMI instructions is broken. Forcibly
disable them to prevent their use. When enabled, the build breaks.
This fixes the build when compiled for a core with BMI instructions.
This is the same fix committed in r364777, for the same issue.

Submitted by: Jung-uk Kim
2020-10-13 04:37:57 +00:00
Warner Losh
df13933e33 Add back org.freebsd:zstd_compress to features_for_read
This list is the of features that are allowed on the whole pool,
not the list of features that are implemented.
2020-10-13 03:49:12 +00:00
Warner Losh
9257c69b1c Turn off zstd on aarch64
loader support for zstd and zfs doesn't work for aarch64. Disable it
to unbreak the build.
2020-10-13 02:36:16 +00:00
Warner Losh
2fec3ae896 Add zstd support to the boot loader.
Add support to the _STANDALONE environment enough bits of the kernel
that we can compile it. We still have a small zstd_shim.c since there
were 3 items that were a bit hard to nail down and may be cleaned up
in the future. These go hand in hand with a number of commits to
sys/sys in the past weeks, should this need be MFCd.

Discussed with: mmacy (in review and on IRC/Slack)
Reviewed by: freqlabs (on openzfs repo)
Differential Revision: https://reviews.freebsd.org/D26218
2020-10-12 22:19:07 +00:00
Warner Losh
e59db46854 newbus: use ssize_t to match sb's len and size, fix ordering of space check
Both s_len and s_size are ssize_t, so their differece is also more
properly a ssize_t not a size_t. Also, assert that len is <= size when
we enter. This should always be the case. Ensure that we have that one
byte that we write to the end of the buffer before we do so, though
the error should already be set on the buffer if not, and the only
times we supply 'partial' buffers they should be plenty large.

Reviewed by: cem, jhb (prior version, I did cem's suggestion)
Differential Revsion: https://reviews.freebsd.org/D26752
2020-10-12 22:07:44 +00:00
Dimitry Andric
f91b0c1c18 Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp
release/11.x llvmorg-11.0.0-0-g176249bd673 (aka 11.0.0 release).

MFC after:	4 weeks
X-MFC-With:	r364284
2020-10-12 21:35:29 +00:00
Dimitry Andric
30078f4966 Vendor import of llvm-project branch release/11.x
llvmorg-11.0.0-0-g176249bd673 (aka 11.0.0 release).
2020-10-12 21:31:12 +00:00
Ian Lepore
c88da3b94d Bug fixes for the ads111x driver... make configurable gain and sample rate
hints work on per-channel basis as documented, rather than chip-wide.  Also,
when configured via hints, return BUS_PROBE_NOWILDCARD on successful hints
match, so that the hints don't bogusly match other types of i2c chips.
2020-10-12 18:02:51 +00:00
Kristof Provost
e6f9af16bc pf tests: Test that 'set skip on <group>' works on new group members
There's a know issue where new group members don't get the 'set skip on'
applied until the rules are re-loaded.

Do this by setting rules that block all traffic, but skip members of the
'epair' group. If we can communicate over the epair interface we know the set
skip rule took effect, even if the rule was set before the interface was
created.

MFC after:	2 weeks
2020-10-12 12:41:10 +00:00
Kristof Provost
c9449e4fb8 pf: create a kif for flags
If userspace tries to set flags (e.g. 'set skip on <ifspec>') and <ifspec>
doesn't exist we should create a kif so that we apply the flags when the
<ifspec> does turn up.

Otherwise we'd end up in surprising situations where the rules say the
interface should be skipped, but it's not until the rules get re-applied.

Reviewed by:	Lutz Donnerhacke <lutz_donnerhacke.de>
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D26742
2020-10-12 12:39:37 +00:00
Alex Richardson
253e820a4d Link efi programs with -pie rather than -shared
This was causing build failures in CheriBSD where we were passing -pie
already by default.

Reviewed By:	andrew
Differential Revision: https://reviews.freebsd.org/D24787
2020-10-12 11:27:08 +00:00
Alex Richardson
cf084e9e92 Enable SUBDIR_PARELLEL in lib/libclang_rt
I noticed that this part of the build was taking much longer than
expected. Turns out it's due to not running the subdirs in parallel.
Reduces `make all` inside lib/libclang_rt time from 63s to 20s with -j32.

Reviewed By:	dim
Differential Revision: https://reviews.freebsd.org/D26623
2020-10-12 10:42:33 +00:00
Alex Richardson
e5ccad508b Fix build with -DBOOTSTRAP_ALL_TOOLS
sbin/sysctl can no longer be bootstrapped on FreeBSD 12 after r366465,
so create a symlink to the host tool instead of trying to build it.
2020-10-12 10:42:28 +00:00
Alex Richardson
5ce117c698 Fix buildworld on Linux/macOS after nvi update
This re-applies r365941 which was lost in the nvi update.
2020-10-12 10:42:24 +00:00
Alex Richardson
c3d67d6cf0 Don't use install(1) for the library symlinks in the build directory
It appears this was changed from ln to use install in rS245752. I noticed
this because my buildenv was setting INSTALL=install -U -M //METALOG
and then these links fail to be created with the following error:
install: open //METALOG: Permission denied

Reviewed By:	brooks
Differential Revision: https://reviews.freebsd.org/D26618
2020-10-12 10:42:19 +00:00
Alex Richardson
c2ca066705 Fix building on Linux/macOS after r366622
We have to bootstrap arc4random.c, so guard the FenestrasX code to avoid
using it on Linux/macOS.

Reviewed By:	cem
Differential Revision: https://reviews.freebsd.org/D26738
2020-10-12 10:42:14 +00:00
Toomas Soome
c50f409c15 loader: edd_device_path_v3 is too small
The EDD v3[1], see table 13, page 33, does define device path as double
qword, that is, 16 bytes, we have only qword.

Also remove edd_device_path_v4 and edd_params_v4 because those are not used,
and there is no size difference in v3 versus v4.

[1] http://www.t13.org/documents/UploadedDocuments/docs2004/d1572r3-EDD3.pdf

MFC after:	2 weeks
2020-10-12 09:34:50 +00:00
Warner Losh
af928ad562 systm.h: forward declare ucred for _STANDALONE too
There's a number of types we forward declare for the kernel. We need
struct ucred for the ZSTD ZFS integration, so go ahead and forward
declare it here too.
2020-10-12 05:56:29 +00:00
Emmanuel Vadot
7113afc84c 10Gigabit Ethernet driver for AMD SoC
This patch has the driver for 10Gigabit Ethernet controller in AMD
SoC. This driver is written compatible to the Iflib framework. The
existing driver is for the old version of hardware. The submitted
driver here is for the recent versions of the hardware where the Ethernet
controller is PCI-E based.

Submitted by:	Rajesh Kumar <rajesh1.kumar@amd.com>
MFC after:	1 month
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D25793
2020-10-11 16:01:16 +00:00
Alexey Dokuchaev
53098f0e28 The nextboot(8) manual page currently says that the loader(8) would delete
the /boot/nextboot.conf file or its contents which is 1) not the most user-
friendly way of working with custom configurations, and 2) simply not true
for both Forth and Lua implementations: they would not delete it, but just
change the setting to "NO", that is, disable it.

While at it, add one missing serial (Oxford) comma and fix some bogus line
wraps along the way.

Approved by:	bcr (manpages)
Differential Revision:	https://reviews.freebsd.org/D25971
2020-10-11 10:40:11 +00:00
Bjoern A. Zeeb
506512b170 ip_mroute: fix the viftable export sysctl
It seems that in r354857 I got more than one thing wrong.
Convert the SYSCTL_OPAQUE to a SYSCTL_PROC to properly export the these
days allocated and not longer static per-vnet viftable array.
This fixes a problem with netstat -g which would show bogus information
for the IPv4 Virtual Interface Table.

PR:		246626
Reported by:	Ozkan KIRIK (ozkan.kirik gmail.com)
MFC after:	3 days
2020-10-11 00:01:00 +00:00
Conrad Meyer
f8e8a06d23 random(4) FenestrasX: Push root seed version to arc4random(3)
Push the root seed version to userspace through the VDSO page, if
the RANDOM_FENESTRASX algorithm is enabled.  Otherwise, there is no
functional change.  The mechanism can be disabled with
debug.fxrng_vdso_enable=0.

arc4random(3) obtains a pointer to the root seed version published by
the kernel in the shared page at allocation time.  Like arc4random(9),
it maintains its own per-process copy of the seed version corresponding
to the root seed version at the time it last rekeyed.  On read requests,
the process seed version is compared with the version published in the
shared page; if they do not match, arc4random(3) reseeds from the
kernel before providing generated output.

This change does not implement the FenestrasX concept of PCPU userspace
generators seeded from a per-process base generator.  That change is
left for future discussion/work.

Reviewed by:	kib (previous version)
Approved by:	csprng (me -- only touching FXRNG here)
Differential Revision:	https://reviews.freebsd.org/D22839
2020-10-10 21:52:00 +00:00
Conrad Meyer
10b1a17594 arc4random(9): Integrate with RANDOM_FENESTRASX push-reseed
There is no functional change for the existing Fortuna random(4)
implementation, which remains the default in GENERIC.

In the FenestrasX model, when the root CSPRNG is reseeded from pools due to
an (infrequent) timer, child CSPRNGs can cheaply detect this condition and
reseed.  To do so, they just need to track an additional 64-bit value in the
associated state, and compare it against the root seed version (generation)
on random reads.

This revision integrates arc4random(9) into that model without substantially
changing the design or implementation of arc4random(9).  The motivation is
that arc4random(9) is immediately reseeded when the backing random(4)
implementation has additional entropy.  This is arguably most important
during boot, when fenestrasX is reseeding at 1, 3, 9, 27, etc., second
intervals.  Today, arc4random(9) has a hardcoded 300 second reseed window.
Without this mechanism, if arc4random(9) gets weak entropy during initial
seed (and arc4random(9) is used early in boot, so this is quite possible),
it may continue to emit poorly seeded output for 5 minutes.  The FenestrasX
push-reseed scheme corrects consumers, like arc4random(9), as soon as
possible.

Reviewed by:	markm
Approved by:	csprng (markm)
Differential Revision:	https://reviews.freebsd.org/D22838
2020-10-10 21:48:06 +00:00
Conrad Meyer
a3c41f8bfb Add "Fenestras X" alternative /dev/random implementation
Fortuna remains the default; no functional change to GENERIC.

Big picture:
- Scalable entropy generation with per-CPU, buffered local generators.
- "Push" system for reseeding child generators when root PRNG is
  reseeded.  (Design can be extended to arc4random(9) and userspace
  generators.)
- Similar entropy pooling system to Fortuna, but starts with a single
  pool to quickly bootstrap as much entropy as possible early on.
- Reseeding from pooled entropy based on time schedule.  The time
  interval starts small and grows exponentially until reaching a cap.
  Again, the goal is to have the RNG state depend on as much entropy as
  possible quickly, but still periodically incorporate new entropy for
  the same reasons as Fortuna.

Notable design choices in this implementation that differ from those
specified in the whitepaper:
- Blake2B instead of SHA-2 512 for entropy pooling
- Chacha20 instead of AES-CTR DRBG
- Initial seeding.  We support more platforms and not all of them use
  loader(8).  So we have to grab the initial entropy sources in kernel
  mode instead, as much as possible.  Fortuna didn't have any mechanism
  for this aside from the special case of loader-provided previous-boot
  entropy, so most of these sources remain TODO after this commit.

Reviewed by:	markm
Approved by:	csprng (markm)
Differential Revision:	https://reviews.freebsd.org/D22837
2020-10-10 21:45:59 +00:00
Gordon Bergling
7f78912159 pnfsdsfile(8): Remove dublicate word 'the'
MFC after:	1 week
2020-10-10 14:38:01 +00:00
Gordon Bergling
2911dc6cea cxgbetool(8): Remove dublicate word 'whether'
MFC after:	1 week
2020-10-10 14:36:16 +00:00
Gordon Bergling
5be4c726f0 man5: Fix a few typos spotted by igor
- fstab(5): conjuction -> conjunction
- mount.conf(5): repeated 'the'
- periodic.conf(5): Partion ->  Partition

MFC after:	1 week
2020-10-10 14:20:07 +00:00
Gordon Bergling
05c207e9e0 ls(1): Use \& as an escape character for the ',' option
Reported by:	karels@, xtouqh at hotmail dot com
MFC after:	1 day
2020-10-10 13:39:13 +00:00
Gordon Bergling
4c3191b2d1 cpuset(1): Fix a typo
- 'at at' -> 'at a'

MFC after:	1 week
2020-10-10 13:01:04 +00:00
Gordon Bergling
2090cb10b3 sigevent(3): Fix a typo
- asychronous -> asynchronous

MFC after:	1 week
2020-10-10 12:06:39 +00:00
Gordon Bergling
15a478b3e8 dtrace_audit(4): Fix a typo
- asynchonously -> asynchronously

MFC after:	1 week
2020-10-10 12:05:54 +00:00
Emmanuel Vadot
e63faa9ba8 arm: Check dtb version against the one we're expecting to find
Reviewed by:	imp, emaste, mmel
Differential Revision:	https://reviews.freebsd.org/D26725
2020-10-10 07:20:59 +00:00
Emmanuel Vadot
4a63c1c1ed Brand our DTS with the Linux version it was imported from
DTS must be synced with the kernel, add a freebsd,dts-version string in
the root node of each DTS that we compile so we can later in the kernel
check that it contain a correct value.

Reviewed by:	imp, mmel
Differential Revision:	https://reviews.freebsd.org/D26724
2020-10-10 07:18:51 +00:00