Commit Graph

7521 Commits

Author SHA1 Message Date
Hans Petter Selasky
f3e7afe2d7 Implement kernel support for hardware rate limited sockets.
- Add RATELIMIT kernel configuration keyword which must be set to
enable the new functionality.

- Add support for hardware driven, Receive Side Scaling, RSS aware, rate
limited sendqueues and expose the functionality through the already
established SO_MAX_PACING_RATE setsockopt(). The API support rates in
the range from 1 to 4Gbytes/s which are suitable for regular TCP and
UDP streams. The setsockopt(2) manual page has been updated.

- Add rate limit function callback API to "struct ifnet" which supports
the following operations: if_snd_tag_alloc(), if_snd_tag_modify(),
if_snd_tag_query() and if_snd_tag_free().

- Add support to ifconfig to view, set and clear the IFCAP_TXRTLMT
flag, which tells if a network driver supports rate limiting or not.

- This patch also adds support for rate limiting through VLAN and LAGG
intermediate network devices.

- How rate limiting works:

1) The userspace application calls setsockopt() after accepting or
making a new connection to set the rate which is then stored in the
socket structure in the kernel. Later on when packets are transmitted
a check is made in the transmit path for rate changes. A rate change
implies a non-blocking ifp->if_snd_tag_alloc() call will be made to the
destination network interface, which then sets up a custom sendqueue
with the given rate limitation parameter. A "struct m_snd_tag" pointer is
returned which serves as a "snd_tag" hint in the m_pkthdr for the
subsequently transmitted mbufs.

2) When the network driver sees the "m->m_pkthdr.snd_tag" different
from NULL, it will move the packets into a designated rate limited sendqueue
given by the snd_tag pointer. It is up to the individual drivers how the rate
limited traffic will be rate limited.

3) Route changes are detected by the NIC drivers in the ifp->if_transmit()
routine when the ifnet pointer in the incoming snd_tag mismatches the
one of the network interface. The network adapter frees the mbuf and
returns EAGAIN which causes the ip_output() to release and clear the send
tag. Upon next ip_output() a new "snd_tag" will be tried allocated.

4) When the PCB is detached the custom sendqueue will be released by a
non-blocking ifp->if_snd_tag_free() call to the currently bound network
interface.

Reviewed by:		wblock (manpages), adrian, gallatin, scottl (network)
Differential Revision:	https://reviews.freebsd.org/D3687
Sponsored by:		Mellanox Technologies
MFC after:		3 months
2017-01-18 13:31:17 +00:00
Bryan Drewery
751df7696a Don't compute MPATH during install.
This saves time when building over NFS.  Nothing should be building during
this phase anyhow.

Sponsored by:	Dell EMC Isilon
2017-01-17 21:12:21 +00:00
Andriy Voskoboinyk
5a88d9fd3b Add sys/dev/rtwn/rtl8821a/usb/r21au_dfs.c into sys/conf/files
Reported by:	adrian
2017-01-17 00:48:02 +00:00
Michael Zhilin
662e30fca3 [gpioths] new driver for temperature/humidity sensor DHT11
This patch adds driver for temperature/humidity sensor connected via GPIO.
To compile it into kernel add "device gpioths". To activate driver, use
hints (.at and .pins) for gpiobus. As result it will provide temperature &
humidity values via sysctl.

DHT11 is cheap & popular temperature/humidity sensor used via GPIO on ARM
or MIPS devices like Raspberry Pi or Onion Omega.

Reviewed by:	adrian
Approved by:	adrian (mentor)
Differential Revision:	https://reviews.freebsd.org/D9185
2017-01-16 15:36:36 +00:00
Sean Bruno
245c5ebbce Purge surprise change to sys/conf/files for ixgbe(4).
Reported by:	imp
2017-01-12 17:18:25 +00:00
Sean Bruno
062a4b8c68 Deprecate kernel configuration option EM_MULTIQUEUE now that the em(4)
driver conforms to iflib.
2017-01-12 14:38:18 +00:00
Oleksandr Tymoshenko
e5d519fdbc [sdhci] Add ACPI platform support for SDHCI driver
- Create ACPI version of SDHCI attach/detach/accessors logic. Some
    platforms (e.g. BayTrail-based Minnowboard) expose SDHCI devices
    via ACPI, not PCI
- Add sdchi_acpi kernel module

Reviewed by:	ian, imp
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D9112
2017-01-11 01:53:54 +00:00
Andrew Turner
2647410d05 Add an ACPI attachment to the existing ahci_generic driver. This is used
in some arm64 hardware, for example the AMD Opteron A1100.

Reviewed by:	mav
Obtained from:	ABT Systems Ltd
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D8852
2017-01-10 10:56:33 +00:00
Sean Bruno
f2d6ace4a6 Migrate e1000 to the IFLIB framework:
- em(4) igb(4) and lem(4)
- deprecate the igb device from kernel configurations
- create a symbolic link in /boot/kernel from if_em.ko to if_igb.ko

Devices tested:
- 82574L
- I218-LM
- 82546GB
- 82579LM
- I350
- I217

Please report problems to freebsd-net@freebsd.org

Partial review from jhb and suggestions on how to *not* brick folks who
originally would have lost their igbX device.

Submitted by:	mmacy@nextbsd.org
MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	Limelight Networks and Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D8299
2017-01-10 03:23:22 +00:00
Sean Bruno
46aa753364 White space cleanup from an cut-n-paste.
Submitted by:	mmacy@nextbsd.org
2017-01-09 23:45:40 +00:00
Ian Lepore
78906a722f Add new helper routines for sdhci bridge drivers that use gpio pins for
card presence and write protect switch detection.

A bridge driver just needs to call the setup routine in its attach(), the
teardown in its detach(), and write a couple tiny glue functions to connect
the sdhci interface functions to the new helper functions.  This is not
extensively documented, but multiple examples will exist real soon.
2017-01-09 01:54:36 +00:00
Adrian Chadd
b092fd69a8 [net80211] include the prototype VHT code into the build.
Note: it isn't called anywhere yet!
2017-01-08 04:27:08 +00:00
Jung-uk Kim
284829482e Merge ACPICA 20161222. 2017-01-05 21:28:25 +00:00
Zbigniew Bodek
b3d8a7757b Include e6000sw driver in ARMADA38X configuration
e6000sw Marvell switch driver was added to files
and Armada38x kernel configuration file.

Submitted by:	Bartosz Szczepanek <bsz@semihalf.com>
Obtained from:	Semihalf
Sponsored by:	Stormshield
Differential revision: https://reviews.freebsd.org/D8178
2017-01-05 17:10:52 +00:00
Emmanuel Vadot
cf72965fbf Allwinner: Add A33 support
Add basic support for A33/R16 that is enough to boot a kernel.
This adds the platform code, padconf data and the new clocks strings.

MFC after:	2 weeks
2017-01-04 03:35:39 +00:00
Navdeep Parhar
c88fa71928 cxgbe(4): Update T4, T5 and T6 firmwares to 1.16.26.0. Changelog for
all public firmwares for all chips since the last release (1.15.37.0)
follows (it's a straight copy-paste from the Release Notes for the
12/30/2016 Unified Wire release on Chelsio's website).

T6 Firmware
++++++++++++

Version : 1.16.26.0
Date    : 12/28/2016

Fixes
-----

BASE:
- Max number of egress and control queues adjusted to accomodate
  co-processor mode queues.
- Fixed intermittent DDR3/4 ECC errors.
- Fixed a traffic stall when ETS BW is configured as 0%.
- Max number of ethctrl queue in VF set to 1.

ETH:
- Added a new config file option 'speed' under port section to set the
  port speed.  Use only when auto negotiation is off.
- FEC option removed from firmware config file. cxgbtool can be used to
  change the fec setting.
- CPL_TX_TNL_LSO cpl handling added in ETH_TX_PKT_VM handler. This fixes
  large tunnel tcp packet support for VxLAN.

Version : 1.16.22.0
Date    : 12/05/2016

Fixes
-----

BASE:
- fw_port_type updated in fw API to match kernel.org definitions.
- Saved power by disaling unused MAC lanes.
- Configures correct power bin.
- Enhanced DDR4 performance.
- Enabled interrupts.
- Fixed an issue where filter rule for 'unicast hash' is not working.

ETH:
- Disabled auto negotiation by default because most of 100G switches do
  not support AN as of today.
- Fixed flow control not getting disabled problem.
- Fixed an issue where port0 doesn't come up sometimes.
- Fixed 10G link not coming up issue.
- Fixed an issue with promiscuous mode when dcbx disabled.

OFLD:
- Fixed a connection stuck issue when abort is received during out of tx
  pages backpressure.

ENHANCEMENTS
------------

BASE:
- Added inline TLS mode support.

Version : 1.16.12.0
Date    : 11/11/2016

ENHANCEMENTS
------------

BASE:
- Added T6 support.
- Added T6 1G/10G/25G/40G/100G link speeds.
- Added T6 co-processor mode crypto support.
- Added facility to increase link AN+AEC timeout.

OFLD:
- Added support for all T5 offload protocols except FCoE.

iSCSI:
- iscsi completion moderation enabled.

=======================================================================

T5 Firmware
++++++++++++

Version : 1.16.26.0
Date    : 12/28/2016

FIXES
-----

BASE:
- Max number of ethctrl queue in VF set to 1.

Version : 1.16.22.0
Date    : 12/05/2016

FIXES
-----

BASE:
- Fixed an issue where filter rule for 'unicast hash' is not working.

ETH:
- Fixed an issue with promiscuous mode when dcbx disabled.

ENHANCEMENTS
------------

ETH:
- Added 40G-KR support.

Version : 1.16.12.0
Date    : 11/11/2016

FIXES
-----

BASE:
- Fixed multiple issues related with VFs FLR processing.
- Fixed channel assignment based on number of ports in adapter.
- Fixed a crash when VM having PF assigned as passthrough mode is
  rebooted.
- Handled 2nd HELLO command from the same PF without seeing BYE from the
  same PF and if that is the only PF.
- A warning is printed in firmware log if PCI-E cookie generation is
  enabled in serial initialization file.
- Fixed multiple issues related with Filtering.
- Enabled DSGL memory write for iscsi and rdma.
- Added new FW_PARAMS_CMD[DEV] options to retrieve Serial Configuration
  and VPD version numbers.
- Fixed an issue where LVDS output was not getting enabled using vpd.

DCBX:
- Fixed DCBX CEE Incorrect class to pririty mapping.
- Fixed incorrect interpretation of DCBX IEEE PFC.

ETH:
- Adjusted the link related delay timings according to the QSFP spec.
- Improved 40G link bringup time with few switches.

OFLD:
- Do not reserve qp/cq if rdma capability is not enabled.
- Fixed an issue where approx 1600+ TOE connections were causing a
  firmware fatal error.

FOiSCSI:
- Fixed an issue where unloading foiscsi driver causes mailbox timeout.

ENHANCEMENTS
------------

BASE:
- Added 10G KR/KX support.
- Added T540-BT adapter support.
- Added 4 new rss key modes for PFs and VFs.

OFLD:
- Added new WR FW_RI_FR_NSMR_TPTE_WR to improve fast MR write
  performance in RDMA.

Version : 1.16.5.0
Date    : 10/26/2016

FIXES
-----

BASE:
- Fixed multiple issues where FLR from multiple VFs can cause firmware
  crash.
- Fixed channel assignment based on number of ports in adapter.
- Fixed the HELLO command master force api to handle the 2nd HELLO
  correctly without getting BYE from the PF driver.
- Added facility to retrieve Serial configuration and VPD version. Two
  new FW_PARAMS_CMD[DEV] options added to retrieve these values.
- Fixed multiple issues where FLR from multiple VFs are not completing.
- Added new RSS hash secret key modes.
- Fixed an issue where LVDS output was not getting enabled using vpd.

DCBX:
- Fixed an issue where iscsi tlv is sent incorrectly to host (DCBX CEE).
- Fixed an issue where app priority values are not handled correctly
  in fw (DCBX IEEE).

ETH:
- Adjusts the link related delay timings according to the QSFP spec.
- Changed 2.5G mac speed bit to 25G mac speed bit in fw API.
- Improvement in 40G link bringup time with few switches.

OFLD:
- Do not reserve qp/cq if rdma capability is not enabled.
- Fixed an issue where approx 1600+ TOE connections were causing a
  firmware fatal error.
- Fixed DSGL memory write in T5. Now iwarp and iscsi can use DSGL to do
  memory write.
- Fixed multiple issues in hash filter mode where incorrect protocol
  mask was getting used and affecting hash filter functionality.
- New fastpath WR FW_RI_FR_NSMR_TPTE_WR (with fully populated TPTE) is
  added for small REG_MR operations.

FOiSCSI:
- Fixed an issue in foiscsi recovery path.
- Fixed an issue where foiscsi (in VM in PCIE passthrough mode) didn't
  come up after VM FLR.

ENHANCEMENTS
------------

ETH:
- Implemented 1G/10G KR/KX ability.
- Implemented T540-BT adapter support.

=======================================================================

T4 Firmware
+++++++++++

Version : 1.16.12.0
Date    : 11/11/2016

FIXES
-----

BASE:
- Fixed an issue where reading temperature sesors using ldst command
  causes mailbox timeout.
- Added new FW_PARAMS_CMD[DEV] options to retrieve Serial Configuration
  and VPD version numbers.

ETH:
- Fixed DCBX CEE Incorrect class to pririty mapping.

FOiSCSI:
- Fixed an issue where unloading foiscsi driver causes mailbox timeout.

MFC after:	3 days
Sponsored by:	Chelsio Communications
2017-01-03 22:05:07 +00:00
Alexander Kabaev
3abdc65497 Restore status quo: mips64 does not need subr_sfbuf.c
Reported by: br
2016-12-30 17:12:41 +00:00
Andrew Rybchenko
7367e67956 sfxge(4): remove obsolete Wake-On-LAN support
Wake-on-lan is not supported in production on any of our adapters, as
they don't have the required AUX power connector. (It's possible that
AUX power is supplied to some of our ALOM or mezz adapters, but if so
then we've never implemented or tested WoL support.)

Reviewed by:    gnn
Sponsored by:   Solarflare Communications, Inc.
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D8972
2016-12-30 12:06:55 +00:00
Alexander Kabaev
f369aff32d Support mips[*]hf variants in config files
Recognize new MACHINE_ARCH names now as we have added hardfloat support.
Switch JZ4780 to mipselhf and remove all uses of TARGET_ARCH in kernel
.mk files.

Reviewed by:	adrian
Differential Revision:	https://reviews.freebsd.org/D8989
2016-12-30 00:34:52 +00:00
Alexander Kabaev
d73b7a9cdd Use TARGET_ARCH instead of MACHINE_ARCH for MIPS kernel
MACHINE_ARCH is overwritten by config file and will not
contain -hf suffix, so uname -p reported by kernel will
be wrong.
2016-12-29 21:36:04 +00:00
Andrew Rybchenko
ecd9d64f0d sfxge(4): delete hunt_phy.c
Submitted by:   Mark Spender <mspender at solarflare.com>
Sponsored by:   Solarflare Communications, Inc.
MFC after:      2 days
2016-12-29 07:10:25 +00:00
John Baldwin
a74031a53f Note that the Chelsio T6 also supports 25Gbps.
To avoid overflowing 80 columns, condense the cxgbe description a bit.

Reviewed by:	np
2016-12-29 01:11:57 +00:00
John Baldwin
249579387f Mention T6 and 100GbE in description of cxgbe.
MFC after:	3 days
2016-12-28 18:42:43 +00:00
Oleksandr Tymoshenko
d786719d90 [intelspi] Add SPI driver for Intel BayTrail SoC
Add SPI mode (PIO-only) support for Intel Synchronous Serial Port that
can be found in several Intel's products starting from PXA family.
Most of implementations have slight differences in behavior and in
addresses for registers subset. This driver covers only BayTrail SoC
implementation for it's the only hardware I have to test it on.

Driver attaches to ACPI bus only and does not have PCI or FDT support
for now due to lack of hardware to test it on.

"intelspi" is the best name I've managed to come up with. Linux driver
name (spi-pxa2xx) does not make sense because current implementation
does not support actual PXA2xx SoCs. And as far as I know there is no
codename assigned to Intel SSP chip.

Reviewed by:	br, manu
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D8896
2016-12-27 22:37:24 +00:00
Oleksandr Tymoshenko
5c5bcb1d70 [ig4] Add ACPI platform support for ig4 driver
Add ACPI part for ig4 driver to make it work on Intel BayTrail SoC where
ig4 device is available only through ACPI

Reviewed by:	avg
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D8742
2016-12-26 22:13:43 +00:00
Michal Meloun
02fe53a49f Import drm_patform.c, an implementation of non-PCI based attachment
for graphics drivers.
It will be used in upcoming driver for Nvidia Tegra boards.

MFC after: 1 month
2016-12-26 14:28:23 +00:00
Ian Lepore
0a201eeac2 Use ${.OBJDIR} to refer to the kernel build object dir, instead of trying
to recreate it from ${MAKEOBJDIRPREFIX} and ${SRC_BASE} and ${KERNCONF},
the latter being especially problematic when KERNCONF is set to the names
of multiple kernel configs.
2016-12-22 21:11:42 +00:00
Kenneth D. Merry
08167db8d6 Turn on FC-Tape by default in the isp(4) driver.
FC-Tape provides additional link level error recovery, and is
highly recommended for tape devices.  It will only be turned on for
a given target if the target supports it.

Without this setting, we default to whatever FC-Tape setting is in
NVRAM on the card.

This can be overridden by setting the following loader tunable, for
example for isp0:

hint.isp.0.nofctape=1

sys/conf/options:
	Add a new kernel config option, ISP_FCTAPE_OFF, that
	defaults the FC-Tape configuration to off.

sys/dev/isp/isp_pci.c:
	If ISP_FCTAPE_OFF is defined, turn off FC-Tape.  Otherwise,
	turn it on if the card supports it.

share/man/man4/isp.4:
	Add a description of FC-Tape to the isp(4) man page.

	Add descriptions of the fctape and nofctape options, as well as the
	ISP_FCTAPE_OFF kernel configuration option.

	Add the ispfw module and kernel drivers to the suggested
	configurations at the top of the man page so that users are less
	likely to leave it out.  The driver works well with the included
	firmware, but may not work at all with whatever firmware the user
	has flashed on their card.

MFC after:	3 days
Sponsored by:	Spectra Logic
2016-12-20 21:17:07 +00:00
Ruslan Bukin
85debf7f6e Add xDMA -- the DMA abstraction layer, initial verison.
xDMA is a DMA framework designed to abstract the interaction
between device drivers and DMA engines.

Project wiki: https://wiki.freebsd.org/xdma

Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D8807
2016-12-20 18:02:07 +00:00
Sepherosa Ziehau
5c072c8e98 hyperv/ic: Rename cleaned up files.
MFC after:	1 week
Sponsored by:	Microsoft
Differential Revision:	https://reviews.freebsd.org/D8850
2016-12-20 09:46:14 +00:00
Sepherosa Ziehau
9ff086544d hyperv/ic: Rname cleaned up file.
MFC after:	1 week
Sponsored by:	Microsoft
Differential Revision:	https://reviews.freebsd.org/D8848
2016-12-20 07:14:24 +00:00
Jared McNeill
06785ff66a Split the DesignWare HDMI-specific code from imx6_hdmi.c into a separate
file and add a generic DT binding that takes advantage of the extres
framework for setting up clocks.

Reviewed by:		gonzo
Differential Revision:	https://reviews.freebsd.org/D8826
2016-12-20 01:34:29 +00:00
Landon J. Fuller
c283839dd4 bhnd(4): NVRAM serialization support.
This adds support for:

- Serializing an bhnd_nvram_plist (as exported from bhnd_nvram_store, etc) to
  an arbitrary NVRAM data format.
- Generating a serialized representation of the current NVRAM store's state
  suitable for writing back to flash, or re-encoding for upload to a
  FullMAC device.

Approved by:	adrian (mentor)
Differential Revision:	https://reviews.freebsd.org/D8762
2016-12-19 20:34:05 +00:00
Landon J. Fuller
19be09f31c bhnd(4): NVRAM device path support.
Implements bhnd_nvram_store support for parsing and operating over NVRAM
device paths, and device path aliases, as well as tracking per-path NVRAM
variable writes.

Approved by:	adrian (mentor)
Differential Revision:	https://reviews.freebsd.org/D8760
2016-12-19 20:28:27 +00:00
Landon J. Fuller
f76db8de03 bhnd(4): add support for wrapping arbitrary pointers in an NVRAM I/O
context.

Approved by:	adrian (mentor)
Differential Revision:	 https://reviews.freebsd.org/D8759
2016-12-19 20:26:10 +00:00
Landon J. Fuller
9be0790d19 bhnd(4): support direct conversion of bhnd_nvram_val
This adds support for bhnd_nvram_val_convert_init() and
bhnd_nvram_val_convert_new(), which may be used to perform value
format-aware encoding of an NVRAM value to a new target format/type.

This will be used to simplify converting to/from serialized
format-specific NVRAM value representations to common external
representations.

Approved by:	adrian (mentor)
Differential Revision:	https://reviews.freebsd.org/D8757
2016-12-19 20:20:33 +00:00
Landon J. Fuller
eb68614970 bhnd(4): Implement a new bhnd_nvram_plist and bhnd_nvram_prop API for
representing arbitrary Broadcom NVRAM key/value pairs.

This will be used to track pending changes in bhnd_nvram_store, and
provide support for exporting all or a device subpath for NVRAM (as
required by some fullmac wifi chipsets).

Approved by:	adrian (mentor)
Differential Revision:	https://reviews.freebsd.org/D8756
2016-12-19 20:11:48 +00:00
Ed Maste
7f582d6294 newvers.sh: consider as modified SVN mixed revision and other cases
The newvers -R option is intended to include build metadata (e.g. user,
host, time) if the build is from an unmodified VCS tree. For subversion
it considered a trailing 'M' as an indication of a modified tree, and
any other version string as modified.

Also include mixed revision checkouts (e.g. 123:126), switched (123S)
and partial (123P) working copies as modified: the revision number is
insufficient to uniquely determine which source was used for the build.

Reported by:	gjb
Reviewed by:	gjb
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D8853
2016-12-19 17:31:34 +00:00
Ed Maste
61ae7e24e2 newvers.sh: add -R option to include metadata only for unmodified src tree
Sponsored by:	The FreeBSD Foundation
2016-12-19 15:19:44 +00:00
Ed Maste
602f95d4c4 Add WITH_REPRODUCIBLE_BUILD src.conf(5) knob to disable kernel metadata
The kernel builds reproducibly, except for the time, date, user, and
hostname baked into the kernel (reported at startup and via the
kern.version sysctl for uname).  Add a build knob to disable the
inclusion of this metadata.

Reviewed by:	jhb
MFC after:	1 month
Relnotes:	Yes
Sponsored by:	Reproducible Builds World Summit 2, Berlin
Differential Revision:	https://reviews.freebsd.org/D8809
2016-12-15 21:26:58 +00:00
Ed Maste
e77cf5967a newvers.sh: correct typo in comment
Submitted by:	lidl
2016-12-15 15:14:02 +00:00
Ed Maste
7e9de36c3a newvers.sh: add option to eliminate kernel build metadata
Build metadata (username, hostname, etc.) prevents the FreeBSD kernel
from building reproducibly. Add an option to disable inclusion of that
metadata but retain the release information and SVN/git VCS details.
See https://reproducible-builds.org/ for additional background.

Reviewed by:	bapt
Obtained from:	NetBSD
MFC after:	1 month
Sponsored by:	Reproducible Builds World Summit 2, Berlin
Differential Revision:	https://reviews.freebsd.org/D4347
2016-12-15 12:57:03 +00:00
Ganbold Tsagaankhuu
a89938019a Switch Rockchip RK3188 SoC to use the platform code.
Reviewed by:	andrew, manu
Differential Revision:	https://reviews.freebsd.org/D8769
2016-12-13 11:43:46 +00:00
Andrey V. Elsukov
5a1842a24a Add ip6_tryforward() - a run to completion forwarding implementation
for IPv6.

It gets performance benefits from reduced number of checks. It doesn't
copy mbuf to be able send ICMPv6 error message, because it keeps mbuf
unchanged until the moment, when the route decision has been made.
It doesn't do IPsec checks, and when some IPsec security policies present,
ip6_input() uses normal slow path.

Reviewed by:	bz, gnn
Obtained from:	Yandex LLC
MFC after:	1 month
Sponsored by:	Yandex LLC
Differential Revision:	https://reviews.freebsd.org/D8527
2016-12-12 10:57:32 +00:00
Konrad Witaszczyk
480f31c214 Add support for encrypted kernel crash dumps.
Changes include modifications in kernel crash dump routines, dumpon(8) and
savecore(8). A new tool called decryptcore(8) was added.

A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump
configuration in the diocskerneldump_arg structure to the kernel.
The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for
backward ABI compatibility.

dumpon(8) generates an one-time random symmetric key and encrypts it using
an RSA public key in capability mode. Currently only AES-256-CBC is supported
but EKCD was designed to implement support for other algorithms in the future.
The public key is chosen using the -k flag. The dumpon rc(8) script can do this
automatically during startup using the dumppubkey rc.conf(5) variable.  Once the
keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O
control.

When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random
IV and sets up the key schedule for the specified algorithm. Each time the
kernel tries to write a crash dump to the dump device, the IV is replaced by
a SHA-256 hash of the previous value. This is intended to make a possible
differential cryptanalysis harder since it is possible to write multiple crash
dumps without reboot by repeating the following commands:
# sysctl debug.kdb.enter=1
db> call doadump(0)
db> continue
# savecore

A kernel dump key consists of an algorithm identifier, an IV and an encrypted
symmetric key. The kernel dump key size is included in a kernel dump header.
The size is an unsigned 32-bit integer and it is aligned to a block size.
The header structure has 512 bytes to match the block size so it was required to
make a panic string 4 bytes shorter to add a new field to the header structure.
If the kernel dump key size in the header is nonzero it is assumed that the
kernel dump key is placed after the first header on the dump device and the core
dump is encrypted.

Separate functions were implemented to write the kernel dump header and the
kernel dump key as they need to be unencrypted. The dump_write function encrypts
data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps
are not supported due to the way they are constructed which makes it impossible
to use the CBC mode for encryption. It should be also noted that textdumps don't
contain sensitive data by design as a user decides what information should be
dumped.

savecore(8) writes the kernel dump key to a key.# file if its size in the header
is nonzero. # is the number of the current core dump.

decryptcore(8) decrypts the core dump using a private RSA key and the kernel
dump key. This is performed by a child process in capability mode.
If the decryption was not successful the parent process removes a partially
decrypted core dump.

Description on how to encrypt crash dumps was added to the decryptcore(8),
dumpon(8), rc.conf(5) and savecore(8) manual pages.

EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU.
The feature still has to be tested on arm and arm64 as it wasn't possible to run
FreeBSD due to the problems with QEMU emulation and lack of hardware.

Designed by:	def, pjd
Reviewed by:	cem, oshogbo, pjd
Partial review:	delphij, emaste, jhb, kib
Approved by:	pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
Mark Johnston
7f68a896dc Add a COMPAT_FREEBSD11 kernel option.
Use it wherever COMPAT_FREEBSD10 is currently specified.

Reviewed by:	glebius, imp, jhb
Differential Revision:	https://reviews.freebsd.org/D8736
2016-12-09 18:54:12 +00:00
Andrew Turner
2b5014f6fe Add ACPI support to the PSCI driver. This checks the Fixed ACPI Description
Table to find if the hardware supports PSCI, and if so what method the
kernel should use to interact with it.

Obtained from:	ABT Systems Ltd
Sponsored by:	The FreeBSD Foundation
2016-12-07 14:24:53 +00:00
Navdeep Parhar
3cbaf64f2e cxgbe(4): Update firmwares from version 1.16.12.0 to 1.16.22.0.
Obtained from:	Chelsio Communications
MFC after:	3 days
Sponsored by:	Chelsio Communications
2016-12-06 12:43:07 +00:00
Sepherosa Ziehau
85e4ae1e13 hyperv/hn: Add HN_DEBUG kernel option.
If bufring is used for per-TX ring descs, don't update "available"
counter, which is only used to help debugging.

MFC after:	1 week
Sponsored by:	Microsoft
Differential Revision:	https://reviews.freebsd.org/D8674
2016-12-01 03:27:16 +00:00
Andrew Turner
2daeee1a33 Mark the Alpine ethernet driver as FDT only. It calls
alpine_serdes_resource_get which is defined in an FDT only file.

Obtained from:	ABT Systems Ltd
Sponsored by:	The FreeBSD Foundation
2016-11-30 10:17:03 +00:00