Commit Graph

4879 Commits

Author SHA1 Message Date
Warner Losh
33176cdc87 The practice of creating symbolic links is somewhat fragile. Always
make copies instead.

There's too many times that we can't run the new binaries with old
libraries. Making the links when things are known to be 'safe' is a
nice optimization, but a copy of all the binaries is only 30MB, so
saving the copies at the cost of increased support when new symbols
are added and used as part of the bootstrap seems to be unwise.

There may be additional optimizations possible here, especially for
!FreeBSD hosts. However, that's beyond the scope of the problem I'm
trying to fix with make failing mid-way through an installworld across
change r363679. This optimization there caused us to run a new binary
with an old library once a new make was installed due to the symbolic
link. One could just copy make, but then other binaries fail as well,
so rather than play whack-a-mole, I opted to take us back to the old
way.  Before r340157 or so we did copies (thogh of a lot fewer
artifacts), and we didn't have issues like this.

Reviewed by: arichards@
Differential Revision: https://reviews.freebsd.org/D25967
2020-08-07 16:26:56 +00:00
Mark Johnston
36cc9d5ca5 Fix the smrstress build after r358400.
Reported by:	pho
2020-08-05 17:26:20 +00:00
John-Mark Gurney
bbbefa33c9 add script to help figure out what man pages need MLINKS updated... 2020-07-16 23:05:18 +00:00
Alex Richardson
ea6c594cbc Fix BUILD_WITH_STRICT_TMPPATH builds
We need dd in $PATH for some of the MK_BOOT code and some tests also use it.

Obtained from:	CheriBSD
2020-07-15 12:08:06 +00:00
Dimitry Andric
62cfcf62f6 Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp
llvmorg-10.0.1-rc2-0-g77d76b71d7d.

Also add a few more llvm utilities under WITH_CLANG_EXTRAS:

* llvm-dwp, a utility for merging DWARF 5 Split DWARF .dwo files into
  .dwp (DWARF package files)
* llvm-size, a size(1) replacement
* llvm-strings, a strings(1) replacement

MFC after:	3 weeks
2020-06-28 07:43:43 +00:00
Dimitry Andric
136bdd990b Follow-up to r362679, add more entries to OptionalObsoleteFiles.inc
MFC after:	3 days
X-MFC-With:	r362679
2020-06-27 12:00:08 +00:00
Dimitry Andric
bd74205d6a Regenerate ReStructuredText based manpages for llvm-project tools:
* bugpoint.1
* clang.1
* llc.1
* lldb.1
* lli.1
* llvm-ar.1
* llvm-as.1
* llvm-bcanalyzer.1
* llvm-cov.1
* llvm-diff.1
* llvm-dis.1
* llvm-dwarfdump.1
* llvm-extract.1
* llvm-link.1
* llvm-mca.1
* llvm-nm.1
* llvm-pdbutil.1
* llvm-profdata.1
* llvm-symbolizer.1
* llvm-tblgen.1
* opt.1

Add newly generated manpages for:

* llvm-addr2line.1 (this is an alias of llvm-symbolizer)
* llvm-cxxfilt.1
* llvm-objcopy.1
* llvm-ranlib.1 (this is an alias of llvm-ar)

Note that llvm-objdump.1 is an exception, as upstream has both a plain
.1 file, and a .rst variant. These will have to be reconciled upstream
first.

MFC after:	3 days
2020-06-27 11:56:49 +00:00
Conrad Meyer
0a9ab9f549 Add WITH_CLANG_FORMAT option
clang-format is enabled conditional on either WITH_CLANG_EXTRAS or
WITH_CLANG_FORMAT.  Some sources in libclang are build conditional on
either rule, and obviously the clang-format binary itself depends on the
rule.

clang-format could still use a manual page.

Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D25427
2020-06-24 17:03:42 +00:00
Ryan Moeller
94a8266684 flua: add ucl library
libucl comes with a Lua library binding.  Build it into flua.

This lets us parse/generate config files in the various formats supported by
libucl with flua.  For example, the following script will detect the format of
an object written to stdin as one of UCL config, JSON, or YAML and write it to
stdout as pretty-printed JSON:

local ucl = require('ucl')
local parser = ucl.parser()
parser:parse_string(io.read('*a'))
local obj = parser:get_object()
print(ucl.to_format(obj, 'json'))

Reviewed by:	kevans, pstef
Approved by:	mmacy (mentor)
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D25009
2020-06-22 03:14:43 +00:00
Toomas Soome
e7fd9688ea Move font related data structured to sys/font.c and update vtfontcvt
Prepare support to be able to handle font data in loader, consolidate
data structures to sys/font.h and update vtfontcvt.

vtfontcvt update is about to output set of glyphs in form of C source,
the implementation does allow to output compressed or uncompressed font
bitmaps.

Reviewed by:	bcr
Differential Revision:	https://reviews.freebsd.org/D24189
2020-06-14 06:58:58 +00:00
Adrian Chadd
26a6f76a31 [wlanstats] Add the per-node amsdu hardware decap'ed receive stats.
This is useful for tracking hardware provided AMSDU frames to see
when we're (a) seeing them, and (b) seeing the split between
intermediary and final frames.

Tested:

* QCA9880 (athp) - AP mode
2020-06-12 06:10:27 +00:00
Ed Maste
74e8d41e0a Retire BINUTILS and BINUTILS_BOOTSTRAP options
As of r361857 all BINUTILS options are disabled by default - ports
have been changed to depend on binutils if they require GNU as, and
all base system assembly files have been switched to use Clang's
integrated assembler.

Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
2020-06-07 00:07:21 +00:00
Ed Maste
0ec3e40ea5 Update SYSTEM_LINKER descriptions wrt BINUTILS
GNU ld hasn't been built with the BINUTILS option for some time.
2020-06-06 21:07:50 +00:00
Ed Maste
af689d1b59 Add deprecation notice to WITH_BINUTILS option description 2020-05-30 16:13:21 +00:00
Eric Joyner
71d104536b ice(4): Introduce new driver for Intel E800 Ethernet controllers
The ice(4) driver is the driver for the Intel E8xx series Ethernet
controllers; currently with codenames Columbiaville and
Columbia Park.

These new controllers support 100G speeds, as well as introducing
more queues, better virtualization support, and more offload
capabilities. Future work will enable virtual functions (like
in ixl(4)) and the other functionality outlined above.

For full functionality, the kernel should be compiled with
"device ice_ddp" like in the amd64 NOTES file, and/or
ice_ddp_load="YES" should be added to /boot/loader.conf so that
the DDP package file included in this commit can be downloaded
to the adapter. Otherwise, the adapter will fall back to a single
queue mode with limited functionality.

A man page for this driver will be forthcoming.

MFC after:	1 month
Relnotes:	yes
Sponsored by:	Intel Corporation
Differential Revision:	https://reviews.freebsd.org/D21959
2020-05-26 23:35:10 +00:00
John Baldwin
7d50aff082 Expand coverage of different buffer sizes.
- When -z is used, include small buffers from 1 to 32 bytes to test
  stream ciphers.  Note that while AES-XTS claims to support a block
  size of 1 in OpenSSL, it does require a minimum of 1 block of cipher
  text as it is not a stream cipher but depends on CTS to pad out the
  final partial block.

- Permit multiple AAD sizes to be set via multiple -A options, or via
  -z.  When -z is set, use small buffers from 0 to 32 bytes followed
  by powers of 2 up to 256.  When multiple sizes are specified, the
  ETA and AEAD algorithms perform the full matrix of AAD sizes by
  payload sizes.

- Only warn on unchanged ciphertext instead of erroring.  The
  currently generated plaintext and key for a couple of AES-CTR tests
  with a buffer size of 1 results in ciphertext that matches the
  plaintext.

Reviewed by:	cem
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D25006
2020-05-25 23:04:18 +00:00
Conrad Meyer
852c303b61 copystr(9): Move to deprecate (attempt #2)
This reapplies logical r360944 and r360946 (reverting r360955), with fixed
copystr() stand-in replacement macro.  Eventually the goal is to convert
consumers and kill the macro, but for a first step it helps if the macro is
correct.

Prior commit message:

Unlike the other copy*() functions, it does not serve to copy from one
address space to another or protect against potential faults.  It's just
an older incarnation of the now-more-common strlcpy().

Add a coccinelle script to tools/ which can be used to mechanically
convert existing instances where replacement with strlcpy is trivial.
In the two cases which matched, fuse_vfsops.c and union_vfsops.c, the
code was further refactored manually to simplify.

Replace the declaration of copystr() in systm.h with a small macro
wrapper around strlcpy (with correction from brooks@ -- thanks).

Remove N redundant MI implementations of copystr.  For MIPS, this
entailed inlining the assembler copystr into the only consumer,
copyinstr, and making the latter a leaf function.

Reviewed by:		jhb (earlier version)
Discussed with:		brooks (thanks!)
Differential Revision:	https://reviews.freebsd.org/D24672
2020-05-25 16:40:48 +00:00
Dimitry Andric
d65cd7a57b Merge llvm, clang, compiler-rt, libc++, libunwind, lld, lldb and openmp
llvmorg-10.0.1-rc1-0-gf79cd71e145 (aka 10.0.1 rc1).

MFC after:	3 weeks
2020-05-23 10:32:18 +00:00
Ed Maste
e578c8c3b5 Update GNU_DIFF knob descriptions
After r317209 the WITH_/WITHOUT_GNU_DIFF knob controls only diff3;
diff is always BSD diff.

MFC after:	1 week
2020-05-20 17:20:48 +00:00
Adrian Chadd
8d3361e9e5 [ath] Flip athratestats to use two columns for now.
Yeah I have too many rates on the screen now...
2020-05-16 18:49:37 +00:00
Adrian Chadd
e2d18daeac [ath] ok ok, fix the indenting now that I have 5 column packet sizes.
Now things line up nicely again.  There's a lot of them, and I don't have a long
enough screen right now, but they at least line up right.
2020-05-16 06:09:24 +00:00
Ed Maste
65a1d63665 libalias: retire cuseeme support
The CU-SeeMe videoconferencing client and associated protocol is at this
point a historical artifact; there is no need to retain support for this
protocol today.

Reviewed by:	philip, markj, allanjude
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D24790
2020-05-16 02:29:10 +00:00
John Baldwin
4d48b0cf29 Don't remove ubsec(4) manual page for WITHOUT_USB=yes.
In head this manpage has been removed entirely, but ubsec(4) is a PCI
device and not a USB device.

MFC after:	1 week
2020-05-15 22:56:59 +00:00
John Baldwin
713d00e7b6 Remove Doxyfile for sys/dev/ubsec since it has been removed. 2020-05-15 22:55:49 +00:00
John Baldwin
f13fe6f8e9 Remove the ubsecstats tool since ubsec(4) has been removed.
Reported by:	markj
2020-05-15 22:55:28 +00:00
Adrian Chadd
3347e196e2 [ath] Extend the colours to 4, not 2.
There's 8 bins in the upcoming changeset to ath/ath_rate, so I need
more colours.  Yeah, I know.
2020-05-14 05:01:18 +00:00
Adrian Chadd
7072a50124 [ath] Prepare for .. more sample rate control entries
This is in preparation for me bumping how many size buckets are used
for ath_rate_sample statistics.

* Bump buffer size to 64k
* Don't waste 4 lines per bucket size, condense it to two
* Alternate colours; my logic made everything after the first two just
  be black.  Oops.
2020-05-13 16:36:42 +00:00
Conrad Meyer
051fc58cb3 Revert r360944 and r360946 until reported issues can be resolved
Reported by:	cy
2020-05-12 04:34:26 +00:00
Adrian Chadd
041e0fa670 [ar9300] Fix up this tool after test compiling it with LLVM. Le oops. 2020-05-12 01:40:48 +00:00
Adrian Chadd
a5d2db6e74 [ar9300] Update the ar9300 eeprom dump utility to include target power and CTL.
This lets me easily see what the EEPROM target power and regulatory
compliance table limits are.

(Yeah, should've done this in 2013..)
2020-05-12 01:36:48 +00:00
Conrad Meyer
580744621f copystr(9): Move to deprecate [2/2]
Unlike the other copy*() functions, it does not serve to copy from one
address space to another or protect against potential faults.  It's just
an older incarnation of the now-more-common strlcpy().

Add a coccinelle script to tools/ which can be used to mechanically
convert existing instances where replacement with strlcpy is trivial.
In the two cases which matched, fuse_vfsops.c and union_vfsops.c, the
code was further refactored manually to simplify.

Replace the declaration of copystr() in systm.h with a small macro
wrapper around strlcpy.

Remove N redundant MI implementations of copystr.  For MIPS, this
entailed inlining the assembler copystr into the only consumer,
copyinstr, and making the latter a leaf function.

Reviewed by:	jhb
Differential Revision:	https://reviews.freebsd.org/D24672
2020-05-11 22:57:21 +00:00
Ed Maste
060a805b2f Add pkgbase METALOG parse/check tool
`metalog.lua` is a script that reads METALOG file created by pkgbase
(make packages) and generates reports about the installed system
and issues.

This was developed as part of Yang's W2020 University of Waterloo co-
operative education term with the FreeBSD Foundation.  kevans provided
some initial review; we will iterate on it in the tree.

Submitted by:	Yang Wang <2333@outlook.jp>
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D24563
2020-05-10 16:11:19 +00:00
Ed Maste
f8519228d1 OptionalObsoleteFiles.inc: remove objdump
objdump is removed unconditionally in ObsoleteFiles.inc
2020-05-07 18:24:32 +00:00
Ed Maste
8b18f85887 update WITH_/WITHOUT_BINUTILS descriptions for objdump removal 2020-05-06 18:39:55 +00:00
John Baldwin
483d953a86 Initial support for bhyve save and restore.
Save and restore (also known as suspend and resume) permits a snapshot
to be taken of a guest's state that can later be resumed.  In the
current implementation, bhyve(8) creates a UNIX domain socket that is
used by bhyvectl(8) to send a request to save a snapshot (and
optionally exit after the snapshot has been taken).  A snapshot
currently consists of two files: the first holds a copy of guest RAM,
and the second file holds other guest state such as vCPU register
values and device model state.

To resume a guest, bhyve(8) must be started with a matching pair of
command line arguments to instantiate the same set of device models as
well as a pointer to the saved snapshot.

While the current implementation is useful for several uses cases, it
has a few limitations.  The file format for saving the guest state is
tied to the ABI of internal bhyve structures and is not
self-describing (in that it does not communicate the set of device
models present in the system).  In addition, the state saved for some
device models closely matches the internal data structures which might
prove a challenge for compatibility of snapshot files across a range
of bhyve versions.  The file format also does not currently support
versioning of individual chunks of state.  As a result, the current
file format is not a fixed binary format and future revisions to save
and restore will break binary compatiblity of snapshot files.  The
goal is to move to a more flexible format that adds versioning,
etc. and at that point to commit to providing a reasonable level of
compatibility.  As a result, the current implementation is not enabled
by default.  It can be enabled via the WITH_BHYVE_SNAPSHOT=yes option
for userland builds, and the kernel option BHYVE_SHAPSHOT.

Submitted by:	Mihai Tiganus, Flavius Anton, Darius Mihai
Submitted by:	Elena Mihailescu, Mihai Carabas, Sergiu Weisz
Relnotes:	yes
Sponsored by:	University Politehnica of Bucharest
Sponsored by:	Matthew Grooms (student scholarships)
Sponsored by:	iXsystems
Differential Revision:	https://reviews.freebsd.org/D19495
2020-05-05 00:02:04 +00:00
Warner Losh
25dcf0e535 Spell LOADER correctly so we test lua build. 2020-05-01 17:50:26 +00:00
Warner Losh
ce6fd19966 Catch up to arm/arm and sparc64 removal. 2020-05-01 17:17:01 +00:00
Warner Losh
22ea5a7250 When we have an invalid build option, don't rm -rf the current
directory.

Add a quick sanity check to objdir before using it.  It must start
with /. If there was a make error getting it, report that and continue
with the next target. If there was anything else, bail out.
2020-05-01 17:16:57 +00:00
John Baldwin
371f3da616 Remove the SYMVER build option.
This option was added as a transition aide when symbol versioning was
first added.  It was enabled by default in 2007 and is supported even
by the old GPLv2 binutils.  Trying to disable it currently fails to
build in libc and at this point it isn't worth fixing the build.

Reported by:	Michael Dexter
Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D24637
2020-04-30 22:08:40 +00:00
Cy Schubert
12de77b3db Due to popular demand, revert r360102.
Reported by:	many
2020-04-19 21:38:03 +00:00
Cy Schubert
4574585e8f Conditionally install Kerberos rc files based on MK_KERBEROS_SCRIPTS
instead of MK_KERBEROS. The reason for this change is some users
prefer to build FreeBSD WITHOUT_KERBEROS, wanting to retain the
Kerberos rc scripts to start/stop MIT Kerberos or Heimdal from ports.

PR:		197337
Reported by:	Adam McDougall <ebay at looksharp.net>
Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D24252
2020-04-19 17:01:21 +00:00
Kyle Evans
7d03e08112 Mark closefrom(2) COMPAT12, reimplement in libc to wrap close_range
Include a temporarily compatibility shim as well for kernels predating
close_range, since closefrom is used in some critical areas.

Reviewed by:	markj (previous version), kib
Differential Revision:	https://reviews.freebsd.org/D24399
2020-04-14 18:07:42 +00:00
Kyle Evans
18041d4ec5 depend-cleanup: fix typo, ^/lib/libc/sys/Makefile.inc generates .S stubs
Pointy hat:	kevans
2020-04-13 20:00:44 +00:00
Kyle Evans
6fe257c780 Move shm_open dependency cleanup into a new home
r359461 introduced this nifty script to centralize these things, so add
shm_open.c there to remove a total of one (1) bad example from
Makefile.inc1.

Looked over by:	emaste
2020-04-13 19:50:47 +00:00
Kyle Evans
147d7b567f llvm: add a build knob for enabling assertions
For head/, this will remain eternally default-on to maintain the status quo.
For stable/ branches, it should be flipped to default-off to maintain the
status quo.

There's value in being able to flip it one way or the other easily on head
or stable branches, whether you want to gain some performance back on head/
(for machines there's little chance you'll actually hit an assertion) or
potentially diagnose a problem with the version of llvm on an older branch.

Currently, stable branches get the CFLAGS+= -ndebug line uncommented; going
forward, they will instead have the default of LLVM_ASSERTIONS flipped.

Reviewed by:	dim, emaste, re (gjb)
MFC after:	1 week
MFC note:	flip the default of LLVM_ASSERTIONS
Differential Revision:	https://reviews.freebsd.org/D24264
2020-04-06 01:27:17 +00:00
Hartmut Brandt
a82d25d731 Add a makefile to build and run the tests for the bsnmp library.
This is not automatically built or run but must explicitly be built
with 'make' and run with 'make run'.
2020-04-01 15:39:02 +00:00
Ed Maste
4dad87a498 add shell script for stale dependency hack
It's rather awkward to debug issues with the dependency cleanup hacks
when implemented via make.  Add a cleanup shell script and move the
libomp hack there as an initial example.

Reviewed by:	brooks
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D24228
2020-03-30 20:20:15 +00:00
Ed Maste
a52b0bb1d2 drop GDB_LIBEXEC option (now always true)
In-tree gdb is essentially obsolete.  We kept it for sparc64 (because
gdb in ports lacked sparc64 support) and as a fallback for crashinfo.
gdb was installed to /libexec on all archs other than sparc64, where the
WITHOUT_GDB_LIBEXEC option was default, with gdb installed to /usr/bin.
With sparc64's retirement WITH_GDB_LIBEXEC became the default for all
architectures, but it was still possible to set it off and install gdb
into /usr/bin.

As the next step in gdb's retirement, remove the option and install gdb
only into /libexec as the crashinfo fallback. We expect users to install
the gdb port or package for debugging. The in-tree gdb lacks support for
a number of supported architectures and does not support contemporary
DWARF debug info.

Reviewed by:	jhb (earlier)
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D24227
2020-03-30 20:05:09 +00:00
John Baldwin
c034143269 Refactor driver and consumer interfaces for OCF (in-kernel crypto).
- The linked list of cryptoini structures used in session
  initialization is replaced with a new flat structure: struct
  crypto_session_params.  This session includes a new mode to define
  how the other fields should be interpreted.  Available modes
  include:

  - COMPRESS (for compression/decompression)
  - CIPHER (for simply encryption/decryption)
  - DIGEST (computing and verifying digests)
  - AEAD (combined auth and encryption such as AES-GCM and AES-CCM)
  - ETA (combined auth and encryption using encrypt-then-authenticate)

  Additional modes could be added in the future (e.g. if we wanted to
  support TLS MtE for AES-CBC in the kernel we could add a new mode
  for that.  TLS modes might also affect how AAD is interpreted, etc.)

  The flat structure also includes the key lengths and algorithms as
  before.  However, code doesn't have to walk the linked list and
  switch on the algorithm to determine which key is the auth key vs
  encryption key.  The 'csp_auth_*' fields are always used for auth
  keys and settings and 'csp_cipher_*' for cipher.  (Compression
  algorithms are stored in csp_cipher_alg.)

- Drivers no longer register a list of supported algorithms.  This
  doesn't quite work when you factor in modes (e.g. a driver might
  support both AES-CBC and SHA2-256-HMAC separately but not combined
  for ETA).  Instead, a new 'crypto_probesession' method has been
  added to the kobj interface for symmteric crypto drivers.  This
  method returns a negative value on success (similar to how
  device_probe works) and the crypto framework uses this value to pick
  the "best" driver.  There are three constants for hardware
  (e.g. ccr), accelerated software (e.g. aesni), and plain software
  (cryptosoft) that give preference in that order.  One effect of this
  is that if you request only hardware when creating a new session,
  you will no longer get a session using accelerated software.
  Another effect is that the default setting to disallow software
  crypto via /dev/crypto now disables accelerated software.

  Once a driver is chosen, 'crypto_newsession' is invoked as before.

- Crypto operations are now solely described by the flat 'cryptop'
  structure.  The linked list of descriptors has been removed.

  A separate enum has been added to describe the type of data buffer
  in use instead of using CRYPTO_F_* flags to make it easier to add
  more types in the future if needed (e.g. wired userspace buffers for
  zero-copy).  It will also make it easier to re-introduce separate
  input and output buffers (in-kernel TLS would benefit from this).

  Try to make the flags related to IV handling less insane:

  - CRYPTO_F_IV_SEPARATE means that the IV is stored in the 'crp_iv'
    member of the operation structure.  If this flag is not set, the
    IV is stored in the data buffer at the 'crp_iv_start' offset.

  - CRYPTO_F_IV_GENERATE means that a random IV should be generated
    and stored into the data buffer.  This cannot be used with
    CRYPTO_F_IV_SEPARATE.

  If a consumer wants to deal with explicit vs implicit IVs, etc. it
  can always generate the IV however it needs and store partial IVs in
  the buffer and the full IV/nonce in crp_iv and set
  CRYPTO_F_IV_SEPARATE.

  The layout of the buffer is now described via fields in cryptop.
  crp_aad_start and crp_aad_length define the boundaries of any AAD.
  Previously with GCM and CCM you defined an auth crd with this range,
  but for ETA your auth crd had to span both the AAD and plaintext
  (and they had to be adjacent).

  crp_payload_start and crp_payload_length define the boundaries of
  the plaintext/ciphertext.  Modes that only do a single operation
  (COMPRESS, CIPHER, DIGEST) should only use this region and leave the
  AAD region empty.

  If a digest is present (or should be generated), it's starting
  location is marked by crp_digest_start.

  Instead of using the CRD_F_ENCRYPT flag to determine the direction
  of the operation, cryptop now includes an 'op' field defining the
  operation to perform.  For digests I've added a new VERIFY digest
  mode which assumes a digest is present in the input and fails the
  request with EBADMSG if it doesn't match the internally-computed
  digest.  GCM and CCM already assumed this, and the new AEAD mode
  requires this for decryption.  The new ETA mode now also requires
  this for decryption, so IPsec and GELI no longer do their own
  authentication verification.  Simple DIGEST operations can also do
  this, though there are no in-tree consumers.

  To eventually support some refcounting to close races, the session
  cookie is now passed to crypto_getop() and clients should no longer
  set crp_sesssion directly.

- Assymteric crypto operation structures should be allocated via
  crypto_getkreq() and freed via crypto_freekreq().  This permits the
  crypto layer to track open asym requests and close races with a
  driver trying to unregister while asym requests are in flight.

- crypto_copyback, crypto_copydata, crypto_apply, and
  crypto_contiguous_subsegment now accept the 'crp' object as the
  first parameter instead of individual members.  This makes it easier
  to deal with different buffer types in the future as well as
  separate input and output buffers.  It's also simpler for driver
  writers to use.

- bus_dmamap_load_crp() loads a DMA mapping for a crypto buffer.
  This understands the various types of buffers so that drivers that
  use DMA do not have to be aware of different buffer types.

- Helper routines now exist to build an auth context for HMAC IPAD
  and OPAD.  This reduces some duplicated work among drivers.

- Key buffers are now treated as const throughout the framework and in
  device drivers.  However, session key buffers provided when a session
  is created are expected to remain alive for the duration of the
  session.

- GCM and CCM sessions now only specify a cipher algorithm and a cipher
  key.  The redundant auth information is not needed or used.

- For cryptosoft, split up the code a bit such that the 'process'
  callback now invokes a function pointer in the session.  This
  function pointer is set based on the mode (in effect) though it
  simplifies a few edge cases that would otherwise be in the switch in
  'process'.

  It does split up GCM vs CCM which I think is more readable even if there
  is some duplication.

- I changed /dev/crypto to support GMAC requests using CRYPTO_AES_NIST_GMAC
  as an auth algorithm and updated cryptocheck to work with it.

- Combined cipher and auth sessions via /dev/crypto now always use ETA
  mode.  The COP_F_CIPHER_FIRST flag is now a no-op that is ignored.
  This was actually documented as being true in crypto(4) before, but
  the code had not implemented this before I added the CIPHER_FIRST
  flag.

- I have not yet updated /dev/crypto to be aware of explicit modes for
  sessions.  I will probably do that at some point in the future as well
  as teach it about IV/nonce and tag lengths for AEAD so we can support
  all of the NIST KAT tests for GCM and CCM.

- I've split up the exising crypto.9 manpage into several pages
  of which many are written from scratch.

- I have converted all drivers and consumers in the tree and verified
  that they compile, but I have not tested all of them.  I have tested
  the following drivers:

  - cryptosoft
  - aesni (AES only)
  - blake2
  - ccr

  and the following consumers:

  - cryptodev
  - IPsec
  - ktls_ocf
  - GELI (lightly)

  I have not tested the following:

  - ccp
  - aesni with sha
  - hifn
  - kgssapi_krb5
  - ubsec
  - padlock
  - safe
  - armv8_crypto (aarch64)
  - glxsb (i386)
  - sec (ppc)
  - cesa (armv7)
  - cryptocteon (mips64)
  - nlmsec (mips64)

Discussed with:	cem
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D23677
2020-03-27 18:25:23 +00:00
Brandon Bergren
a04ec978b3 [PowerPC] Switch powerpc and powerpcspe to lld
Now that LLD 10 is out, and required patches have landed, we are now ready
to finally switch away from the ancient in-tree ld.bfd.

Special thanks to Fangrui Song for many hours of work on getting the
32-bit powerpc lld ready for prime-time.

Reviewed by:	emaste (earlier revision), jhibbits
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D24111
2020-03-27 01:00:03 +00:00