Commit Graph

58932 Commits

Author SHA1 Message Date
Pawel Jakub Dawidek
cd80523efc Fix usage of HMAC algorithms via /dev/crypto. 2006-05-22 16:24:11 +00:00
Pawel Jakub Dawidek
411da41e91 Fix HMACs handling with uio's by not using crp_mac for storing calculated
HMAC. crp_mac is going to be removed.
2006-05-22 16:18:21 +00:00
Yoshihiro Takahashi
097f448416 - Fix the busname in the DRIVER_MODULE.
- Skip PnP devices as some wedge when trying to probe them as C-NET(98)S.

This fix makes le(4) actually work with the C-NET(98)S.

Reviewed by:	marius
Tested by:	Watanabe Kazuhiro < CQG00620 at nifty dot ne dot jp >
2006-05-22 13:43:36 +00:00
Pawel Jakub Dawidek
e6cb03f155 Protect the sc_needwakeup field with the sc_freeqlock mutex. 2006-05-22 10:11:18 +00:00
Pawel Jakub Dawidek
3a865c827a Improve the code responsible for waking up the crypto_proc thread.
Checking if the queues are empty is not enough for the crypto_proc thread
(it is enough for the crypto_ret_thread), because drivers can be marked
as blocked. In a situation where we have operations related to different
crypto drivers in the queue, it is possible that one driver is marked as
blocked. In this case, the queue will not be empty and we won't wakeup
the crypto_proc thread to execute operations for the others drivers.

Simply setting a global variable to 1 when we goes to sleep and setting
it back to 0 when we wake up is sufficient. The variable is protected
with the queue lock.
2006-05-22 10:05:23 +00:00
Pawel Jakub Dawidek
9c12ca29d6 Don't wakeup the crypto_ret_proc thread if it is running already.
Before the change if the thread was working on symmetric operation, we
would send unnecessary wakeup after adding asymmetric operation (when
asym queue was empty) and vice versa.
2006-05-22 09:58:34 +00:00
Pawel Jakub Dawidek
04d8f36a4f Don't set cc_kqblocked twice and don't increment cryptostats.cs_kblocks
twice if we call crypto_kinvoke() from crypto_proc thread.
This change also removes unprotected access to cc_kqblocked field
(CRYPTO_Q_LOCK() should be used for protection).
2006-05-22 09:37:28 +00:00
Pawel Jakub Dawidek
3aaf7145c5 Document how we synchronize access to the fields in the cryptocap
structure.
2006-05-22 07:49:42 +00:00
Pawel Jakub Dawidek
bda0abc627 We must synchronize access to cc_qblocked, because there could be a race
where crypto_invoke() returns ERESTART and before we set cc_qblocked to 1,
crypto_unblock() is called and sets it to 0. This way we mark device as
blocked forever.

Fix it by not setting cc_qblocked in the fast path and by protecting
crypto_invoke() in the crypto_proc thread with CRYPTO_Q_LOCK().
This won't slow things down, because there is no contention - we have
only one crypto thread. Actually it can be slightly faster, because we
save two atomic ops per crypto request.
The fast code path remains lock-less.
2006-05-22 07:48:45 +00:00
Matt Jacob
d4a6993a58 Add missing case for RQSTYPE_CTIO3- neede for 64 bit target mode. 2006-05-22 07:07:30 +00:00
Matt Jacob
099348678f Remove bzero/bcopy vestiges
Be cognizant as to whether we're running 2KLogin f/w in target mode and
do the appropriate loopid load based upon that.

Do a first cut (seems to work, at least for amd64) at 64 bit target
mode for fibre channel cards. We could probably also do it for SPI
cards, but that's not supported right now.
2006-05-22 06:51:48 +00:00
Matt Jacob
29f7667573 Remove bzero/bcopy vestiges.
Be cognizant as to whether we're running 2KLogin f/w in target mode and
do the appropriate loopid load based upon that.
2006-05-22 06:49:49 +00:00
Matt Jacob
8f725bae42 remove bzero/bcopy vestiges 2006-05-22 06:48:40 +00:00
Matt Jacob
4f43135c60 add TGT_ANY define 2006-05-22 06:47:42 +00:00
Matt Jacob
f1c6617ad4 Fix longstanding bug where exec throttle is 16 bits- not 8. 2006-05-22 06:47:20 +00:00
Robert Watson
4f538c7480 When allocating a bucket to hold a free'd item in UMA fails, don't
report this as an allocation failure for the item type.  The failure
will be separately recorded with the bucket type.  This my eliminate
high mbuf allocation failure counts under some circumstances, which
can be alarming in appearance, but not actually a problem in
practice.

MFC after:	2 weeks
Reported by:	ps, Peter J. Blok <pblok at bsd4all dot org>,
		OxY <oxy at field dot hu>,
		Gabor MICSKO <gmicskoa at szintezis dot hu>
2006-05-21 23:25:32 +00:00
Maxim Konovalov
5d1d31b4b3 o Fix a comment: ufs2_dinode.di_blocks counts blocks not bytes actually held. 2006-05-21 21:55:29 +00:00
Maxim Konovalov
b6893ab299 o Fix a comment: directory whiteout type is DT_WHT not DT_W. 2006-05-21 21:28:34 +00:00
Maxim Konovalov
d45e4f9945 o In udp|rip_disconnect() acquire a socket lock before the socket
state modification.  To prevent races do that while holding inpcb
lock.

Reviewed by:	rwatson
2006-05-21 19:28:46 +00:00
Maxim Konovalov
635354c446 o Add missed error check: in ip_ctloutput() sooptcopyin() returns a
result but we never examine it.

Reviewed by:	rwatson
MFC after:	2 weeks
2006-05-21 17:52:08 +00:00
David Xu
f705bbe8b1 Don't allow non-root user to set a scheduler policy, otherwise this could
be a local DOS.

Submitted by: Diane Bruce at db at db.net
2006-05-21 00:40:38 +00:00
Max Laier
7a569b90b5 ALTQ-ify nve(4).
Submitted by:	Chris Dionissopoulos
Tested by:	Chris Dionissopoulos
MFC after:	4 weeks
2006-05-20 21:08:09 +00:00
Pawel Jakub Dawidek
95708c5fe3 Prevent disappearing SAD entries by implementing MPsafe refcounting.
"Why didn't he use SECASVAR_LOCK()/SECASVAR_UNLOCK() macros to
 synchronize access to the secasvar structure's fields?" one may ask.
There were two reasons:
1. refcount(9) is faster then mutex(9) synchronization (one atomic
   operation instead of two).
2. Those macros are not used now at all, so at some point we may decide
   to remove them entirely.

OK'ed by:	gnn
MFC after:	2 weeks
2006-05-20 15:35:36 +00:00
Bjoern A. Zeeb
93e4f81d9f In IN6_IS_ADDR_V4MAPPED case instead of returning directly set error and
goto out so that locks will be dropped.

Reviewed by: rwatson, gnn
2006-05-20 13:26:08 +00:00
Maxim Sobolev
aa1807d5d6 Move clock_lock prototype into <machine/clock.h>, where it is more
appropriate.

Discussed with:	jhb
2006-05-19 18:53:50 +00:00
Olivier Houchard
d3e6e0e6f6 We have an implementation of generic_bs_rr_1, so use it, as some drivers use
it.

Submitted by:	kevlo
2006-05-19 11:27:02 +00:00
David Xu
f6c040a2c5 Style fixes.
Submitted by: Diane Bruce < db at db dot net >
2006-05-19 06:37:24 +00:00
Pyun YongHyeon
41cfbdeb51 If the PHY has 1000BASE-T capability, check to see if a 1000BASE-T speed
was negotiated.

Obtained from:  NetBSD
2006-05-19 03:51:42 +00:00
Olivier Houchard
c166cceecc Comment out SYSCTL_OMIT_DESCR until it's committed. 2006-05-19 00:11:21 +00:00
Mohan Srinivasan
f1cdf89911 Changes to make the NFS client MP safe.
Thanks to Kris Kennaway for testing and sending lots of bugs my way.
2006-05-19 00:04:24 +00:00
Doug Ambrisko
741367d5a5 Add in a bunch of things to the mfi driver:
- Linux ioctl support, with the other Linux changes MegaCli
	will run if you mount linprocfs & linsysfs then set
	sysctl compat.linux.osrelease=2.6.12 or similar.  This works
	on i386.  It should work on amd64 but not well tested yet.
	StoreLib may or may not work.  Remember to kldload mfi_linux.
      - Add in AEN (Async Event Notification) support so we can
	get messages from the firmware when something happens.
	Not all messages are in defined in event detail.  Use
	event_log to try to figure out what happened.
      - Try to implement something like SIGIO for StoreLib.  Since
	mrmonitor doesn't work right I can't fully test it.  StoreLib
	works best with the rh9 base.  In theory mrmonitor isn't
	needed due to native driver support of AEN :-)
Now we can configure and monitor the RAID better.

Submitted by:	IronPort Systems.
2006-05-18 23:30:48 +00:00
John Baldwin
f00d84860a - When setting up a packet for transmit, if we the tx ring is over half
full, kick the binary blob to force it to complete any pending tx
  completions.
- In the watchdog routine, only reset the chip if the blob doesn't complete
  any pending tx completions rather than requiring it to complete all of
  the pending tx completions.

Submitted by:	Nathan Whitehorn <nathanw@uchicago.edu>
MFC after:	2 weeks
2006-05-18 23:19:44 +00:00
Olivier Houchard
ac895519de Implement sa11x0_bs_unmap.
Submitted by:	kevlo
2006-05-18 22:03:47 +00:00
Olivier Houchard
b012edd4ed Make this compile (UART_IPEND_* => SER_INT_*). 2006-05-18 22:02:33 +00:00
Bruce M Simpson
8d7d85149e Initialize the new members of struct ip_moptions as
a defensive programming measure.

Note that whilst these members are not used by the ip_output()
path, we are passing an instance of struct ip_moptions here
which is declared on the stack (which could be considered a
bad thing).

ip_output() does not consume struct ip_moptions, but in case it
does in future, declare an in_multi vector on the stack too to
behave more like ip_findmoptions() does.
2006-05-18 19:51:08 +00:00
David Xu
7b8d821268 Move flag TDF_UMTXQ into structure umtxq, this eliminates the requirement
of scheduler lock in some umtx code.
2006-05-18 08:43:46 +00:00
Pawel Jakub Dawidek
c3c820369e Silent Coverity Prevent report by asserting that cap != NULL.
Coverity ID:	1414
2006-05-18 06:28:39 +00:00
Marius Strobl
136eda1dc3 - Add C-bus and ISA front-ends for le(4) so it can actually replace
lnc(4) on PC98 and i386. The ISA front-end supports the same non-PNP
  network cards as lnc(4) did and additionally a couple of PNP ones.
  Like lnc(4), the C-bus front-end of le(4) only supports C-NET(98)S
  and is untested due to lack of such hardware, but given that's it's
  based on the respective lnc(4) and not too different from the ISA
  front-end it should be highly likely to work.
- Remove the descriptions of le(4), which where converted from lnc(4),
  from sys/i386/conf/NOTES and sys/pc98/conf/NOTES as there's a common
  one in sys/conf/NOTES.
2006-05-17 21:25:23 +00:00
Marius Strobl
8df071afd9 Add le(4). I could actually only test it on alpha, i386 and sparc64 but
given that this includes the more problematic platforms I see no reason
why it shouldn't also work on amd64 and ia64.
2006-05-17 20:45:45 +00:00
Marius Strobl
dcaf1a3834 - As only the PCI front-end of le(4) is common to all platforms move its
entry to the PCI NICs section so it's in the same spot in all GENERIC
  config files.
- Add a note to the description of pcn(4) informing that is has precedence
  over le(4).
2006-05-17 20:44:01 +00:00
Pawel Jakub Dawidek
af65c53afd Honor cri_mlen value.
Reviewed by:	sam
Tested on:	hifn(4), ubsec(4)
Compile-tested:	safe(4)
2006-05-17 18:34:26 +00:00
Pawel Jakub Dawidek
80e35494cc - The authsize field from auth_hash structure was removed.
- Define that we want to receive only 96 bits of HMAC.
- Names of the structues have no longer _96 suffix.

Reviewed by:	sam
2006-05-17 18:30:28 +00:00
Pawel Jakub Dawidek
f6c4bc3b91 - Fix a very old bug in HMAC/SHA{384,512}. When HMAC is using SHA384
or SHA512, the blocksize is 128 bytes, not 64 bytes as anywhere else.
  The bug also exists in NetBSD, OpenBSD and various other independed
  implementations I look at.
- We cannot decide which hash function to use for HMAC based on the key
  length, because any HMAC function can use any key length.
  To fix it split CRYPTO_SHA2_HMAC into three algorithm:
  CRYPTO_SHA2_256_HMAC, CRYPTO_SHA2_384_HMAC and CRYPTO_SHA2_512_HMAC.
  Those names are consistent with OpenBSD's naming.
- Remove authsize field from auth_hash structure.
- Allow consumer to define size of hash he wants to receive.
  This allows to use HMAC not only for IPsec, where 96 bits MAC is requested.
  The size of requested MAC is defined at newsession time in the cri_mlen
  field - when 0, entire MAC will be returned.
- Add swcr_authprepare() function which prepares authentication key.
- Allow to provide key for every authentication operation, not only at
  newsession time by honoring CRD_F_KEY_EXPLICIT flag.
- Make giving key at newsession time optional - don't try to operate on it
  if its NULL.
- Extend COPYBACK()/COPYDATA() macros to handle CRYPTO_BUF_CONTIG buffer
  type as well.
- Accept CRYPTO_BUF_IOV buffer type in swcr_authcompute() as we have
  cuio_apply() now.
- 16 bits for key length (SW_klen) is more than enough.

Reviewed by:	sam
2006-05-17 18:24:17 +00:00
Pawel Jakub Dawidek
4acae0ac29 - Make opencrypto more SMP friendly by dropping the queue lock around
crypto_invoke(). This allows to serve multiple crypto requests in
  parallel and not bached requests are served lock-less.
  Drivers should not depend on the queue lock beeing held around
  crypto_invoke() and if they do, that's an error in the driver - it
  should do its own synchronization.
- Don't forget to wakeup the crypto thread when new requests is
  queued and only if both symmetric and asymmetric queues are empty.
- Symmetric requests use sessions and there is no way driver can
  disappear when there is an active session, so we don't need to check
  this, but assert this. This is also safe to not use the driver lock
  in this case.
- Assymetric requests don't use sessions, so don't check the driver
  in crypto_kinvoke().
- Protect assymetric operation with the driver lock, because if there
  is no symmetric session, driver can disappear.
- Don't send assymetric request to the driver if it is marked as
  blocked.
- Add an XXX comment, because I don't think migration to another driver
  is safe when there are pending requests using freed session.
- Remove 'hint' argument from crypto_kinvoke(), as it serves no purpose.
- Don't hold the driver lock around kprocess method call, instead use
  cc_koperations to track number of in-progress requests.
- Cleanup register/unregister code a bit.
- Other small simplifications and cleanups.

Reviewed by:	sam
2006-05-17 18:12:44 +00:00
Pawel Jakub Dawidek
645df8d06e Remove cri_rnd. It is not used.
Reviewed by:	sam
2006-05-17 18:04:51 +00:00
Pawel Jakub Dawidek
613894d047 If kern.cryptodevallowsoft is TRUE allow also for symmetric software crypto
in kernel. Useful for testing.

Reviewed by:	sam
2006-05-17 18:01:51 +00:00
Pawel Jakub Dawidek
b5161eb7b5 Forgot about adding cuio_apply() here.
Reviewed by:	sam
2006-05-17 17:58:05 +00:00
Pawel Jakub Dawidek
8f91d4abe9 - Implement cuio_apply(), an equivalent to m_apply(9).
- Implement CUIO_SKIP() macro which is only responsible for skipping the given
  number of bytes from iovec list. This allows to avoid duplicating the same
  code in three functions.

Reviewed by:	sam
2006-05-17 17:56:00 +00:00
Maksim Yevmenkin
7a9adfdd85 Do not call knlist_destroy() in tapclose(). Instead call it when device is
actually destroyed. Also move call to knlist_init() into tapcreate(). This
should fix panic described in kern/95357.

PR:			kern/95357
No response from:	freebsd-current@
MFC after:		3 days
2006-05-17 17:05:02 +00:00
Poul-Henning Kamp
f6ce2a64f7 Send the pcvt(4) driver off to retirement. 2006-05-17 09:33:15 +00:00