Commit Graph

131665 Commits

Author SHA1 Message Date
Vladimir Kondratyev
80ddbddfd7 evdev: Add COMPAT_FREEBSD32 support for amd64 arch
Incompatibility between i386 and amd64 evdev ABIs was caused by presence of
'struct timeval' in evdev protocol. Replace it with 'struct timeval32' for
32 bit binaries.

Big-endian platforms may require additional work due to bitstr_t (array of
unsigned longs) usage in ioctl interface.

MFC after:	2 weeks
2020-03-29 23:00:33 +00:00
Ian Lepore
638dcf6ecf Add a missing suffix that was causing a whole word to get loaded instead
of the proper 8 or 16 bits when the macro was expanded for those sizes.

Fixes a hang in the armv7 kernel.

Submitted by:	Thomas Skibo
Pointy hat:	ian@
2020-03-29 17:30:08 +00:00
Michael Tuexen
9aca687811 Small cleanup by using a variable just assigned.
MFC after:		1 week
2020-03-28 22:35:04 +00:00
Michael Tuexen
25ec355353 Handle integer overflows correctly when converting msecs and secs to
ticks and vice versa.
These issues were caught by recently added panic() calls on INVARIANTS
systems.

Reported by:		syzbot+b44787b4be7096cd1590@syzkaller.appspotmail.com
Reported by:		syzbot+35f82d22805c1e899685@syzkaller.appspotmail.com
MFC after:		1 week
2020-03-28 20:25:45 +00:00
Konstantin Belousov
f30cf5588a hdaa: remove verbosity from the normal driver operations.
If hdaa is used in polling mode, it logs each change to the poll
interval under bootverbose, which makes it unusable (slow).  These
messages are arguably useless or are a debugging leftovers at best.

Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2020-03-28 16:26:47 +00:00
Konstantin Belousov
a7c55b3e1b ddb show pginfo: print pages reference value in hex.
It is more useful this way after the VPRC_ flags were introduced.

Sponsored by:	The FreeBSD Foundation
2020-03-28 12:21:52 +00:00
Ed Maste
c012cfe68a sys/netinet: remove spurious doubled ;s 2020-03-27 23:10:18 +00:00
Michael Tuexen
d5d190f2f9 Some more uint32_t cleanups, no functional change.
MFC after:		1 week
2020-03-27 21:48:52 +00:00
John Baldwin
c034143269 Refactor driver and consumer interfaces for OCF (in-kernel crypto).
- The linked list of cryptoini structures used in session
  initialization is replaced with a new flat structure: struct
  crypto_session_params.  This session includes a new mode to define
  how the other fields should be interpreted.  Available modes
  include:

  - COMPRESS (for compression/decompression)
  - CIPHER (for simply encryption/decryption)
  - DIGEST (computing and verifying digests)
  - AEAD (combined auth and encryption such as AES-GCM and AES-CCM)
  - ETA (combined auth and encryption using encrypt-then-authenticate)

  Additional modes could be added in the future (e.g. if we wanted to
  support TLS MtE for AES-CBC in the kernel we could add a new mode
  for that.  TLS modes might also affect how AAD is interpreted, etc.)

  The flat structure also includes the key lengths and algorithms as
  before.  However, code doesn't have to walk the linked list and
  switch on the algorithm to determine which key is the auth key vs
  encryption key.  The 'csp_auth_*' fields are always used for auth
  keys and settings and 'csp_cipher_*' for cipher.  (Compression
  algorithms are stored in csp_cipher_alg.)

- Drivers no longer register a list of supported algorithms.  This
  doesn't quite work when you factor in modes (e.g. a driver might
  support both AES-CBC and SHA2-256-HMAC separately but not combined
  for ETA).  Instead, a new 'crypto_probesession' method has been
  added to the kobj interface for symmteric crypto drivers.  This
  method returns a negative value on success (similar to how
  device_probe works) and the crypto framework uses this value to pick
  the "best" driver.  There are three constants for hardware
  (e.g. ccr), accelerated software (e.g. aesni), and plain software
  (cryptosoft) that give preference in that order.  One effect of this
  is that if you request only hardware when creating a new session,
  you will no longer get a session using accelerated software.
  Another effect is that the default setting to disallow software
  crypto via /dev/crypto now disables accelerated software.

  Once a driver is chosen, 'crypto_newsession' is invoked as before.

- Crypto operations are now solely described by the flat 'cryptop'
  structure.  The linked list of descriptors has been removed.

  A separate enum has been added to describe the type of data buffer
  in use instead of using CRYPTO_F_* flags to make it easier to add
  more types in the future if needed (e.g. wired userspace buffers for
  zero-copy).  It will also make it easier to re-introduce separate
  input and output buffers (in-kernel TLS would benefit from this).

  Try to make the flags related to IV handling less insane:

  - CRYPTO_F_IV_SEPARATE means that the IV is stored in the 'crp_iv'
    member of the operation structure.  If this flag is not set, the
    IV is stored in the data buffer at the 'crp_iv_start' offset.

  - CRYPTO_F_IV_GENERATE means that a random IV should be generated
    and stored into the data buffer.  This cannot be used with
    CRYPTO_F_IV_SEPARATE.

  If a consumer wants to deal with explicit vs implicit IVs, etc. it
  can always generate the IV however it needs and store partial IVs in
  the buffer and the full IV/nonce in crp_iv and set
  CRYPTO_F_IV_SEPARATE.

  The layout of the buffer is now described via fields in cryptop.
  crp_aad_start and crp_aad_length define the boundaries of any AAD.
  Previously with GCM and CCM you defined an auth crd with this range,
  but for ETA your auth crd had to span both the AAD and plaintext
  (and they had to be adjacent).

  crp_payload_start and crp_payload_length define the boundaries of
  the plaintext/ciphertext.  Modes that only do a single operation
  (COMPRESS, CIPHER, DIGEST) should only use this region and leave the
  AAD region empty.

  If a digest is present (or should be generated), it's starting
  location is marked by crp_digest_start.

  Instead of using the CRD_F_ENCRYPT flag to determine the direction
  of the operation, cryptop now includes an 'op' field defining the
  operation to perform.  For digests I've added a new VERIFY digest
  mode which assumes a digest is present in the input and fails the
  request with EBADMSG if it doesn't match the internally-computed
  digest.  GCM and CCM already assumed this, and the new AEAD mode
  requires this for decryption.  The new ETA mode now also requires
  this for decryption, so IPsec and GELI no longer do their own
  authentication verification.  Simple DIGEST operations can also do
  this, though there are no in-tree consumers.

  To eventually support some refcounting to close races, the session
  cookie is now passed to crypto_getop() and clients should no longer
  set crp_sesssion directly.

- Assymteric crypto operation structures should be allocated via
  crypto_getkreq() and freed via crypto_freekreq().  This permits the
  crypto layer to track open asym requests and close races with a
  driver trying to unregister while asym requests are in flight.

- crypto_copyback, crypto_copydata, crypto_apply, and
  crypto_contiguous_subsegment now accept the 'crp' object as the
  first parameter instead of individual members.  This makes it easier
  to deal with different buffer types in the future as well as
  separate input and output buffers.  It's also simpler for driver
  writers to use.

- bus_dmamap_load_crp() loads a DMA mapping for a crypto buffer.
  This understands the various types of buffers so that drivers that
  use DMA do not have to be aware of different buffer types.

- Helper routines now exist to build an auth context for HMAC IPAD
  and OPAD.  This reduces some duplicated work among drivers.

- Key buffers are now treated as const throughout the framework and in
  device drivers.  However, session key buffers provided when a session
  is created are expected to remain alive for the duration of the
  session.

- GCM and CCM sessions now only specify a cipher algorithm and a cipher
  key.  The redundant auth information is not needed or used.

- For cryptosoft, split up the code a bit such that the 'process'
  callback now invokes a function pointer in the session.  This
  function pointer is set based on the mode (in effect) though it
  simplifies a few edge cases that would otherwise be in the switch in
  'process'.

  It does split up GCM vs CCM which I think is more readable even if there
  is some duplication.

- I changed /dev/crypto to support GMAC requests using CRYPTO_AES_NIST_GMAC
  as an auth algorithm and updated cryptocheck to work with it.

- Combined cipher and auth sessions via /dev/crypto now always use ETA
  mode.  The COP_F_CIPHER_FIRST flag is now a no-op that is ignored.
  This was actually documented as being true in crypto(4) before, but
  the code had not implemented this before I added the CIPHER_FIRST
  flag.

- I have not yet updated /dev/crypto to be aware of explicit modes for
  sessions.  I will probably do that at some point in the future as well
  as teach it about IV/nonce and tag lengths for AEAD so we can support
  all of the NIST KAT tests for GCM and CCM.

- I've split up the exising crypto.9 manpage into several pages
  of which many are written from scratch.

- I have converted all drivers and consumers in the tree and verified
  that they compile, but I have not tested all of them.  I have tested
  the following drivers:

  - cryptosoft
  - aesni (AES only)
  - blake2
  - ccr

  and the following consumers:

  - cryptodev
  - IPsec
  - ktls_ocf
  - GELI (lightly)

  I have not tested the following:

  - ccp
  - aesni with sha
  - hifn
  - kgssapi_krb5
  - ubsec
  - padlock
  - safe
  - armv8_crypto (aarch64)
  - glxsb (i386)
  - sec (ppc)
  - cesa (armv7)
  - cryptocteon (mips64)
  - nlmsec (mips64)

Discussed with:	cem
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D23677
2020-03-27 18:25:23 +00:00
Michael Tuexen
239e5865df Use uint32_t where it is expected to be used. No functional change.
MFC after:		1 week
2020-03-27 11:08:11 +00:00
Hans Petter Selasky
9211468fc2 Change default microphone level from 0 to 25.
Discussed with:	Horse Ma <Shichun.Ma@dell.com>
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2020-03-27 10:28:15 +00:00
Hans Petter Selasky
c2bc9ff72a Improve USB audio mixer support for USB audio class 1 and 2.
- make sure volume controls are correctly mapped to "pcm" and "rec" depending
  on how they deliver audio to the USB host.
- make sure there are no duplicate record selections.
- remove internal only mixer class type.
- don't add software volume controls for recording only.
- some minor mixer code cleanup.

Tested by:	Horse Ma <Shichun.Ma@dell.com>
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2020-03-27 10:22:35 +00:00
Brandon Bergren
12d3a32659 Bump for powerpc/powerpcspe switch to lld. 2020-03-27 01:03:48 +00:00
Jung-uk Kim
3ee58df503 Merge ACPICA 20200326. 2020-03-27 00:29:33 +00:00
Mark Johnston
4596ac234e compat/linux/linux.h depends on queue.h since r353725.
Sponsored by:	The FreeBSD Foundation
2020-03-26 17:12:55 +00:00
Mark Johnston
355b3b7fd7 Simplify td_ucred handling in newnfs_connect().
No functional change intended.

MFC after:	1 week
2020-03-26 15:02:56 +00:00
Mark Johnston
b7e3a3b6e1 Remove unused SYSINIT macros for capability rights.
Static rights are initialized in cap_rights_sysinit().

MFC after:	1 week
2020-03-26 15:02:37 +00:00
Leandro Lupori
f6f325c837 [PowerPC64] Fix OPAL IPMI driver
This change fixes a couple of issues with OPAL IPMI driver and
implements a mechanism to detect timeouts and discard old messages left
in receive queue, to avoid old messages from being confused with the
reply of new ones.

Reviewed by:	jhibbits
Sponsored by:	Eldorado Research Institute (eldorado.org.br)
Differential Revision:	https://reviews.freebsd.org/D24185
2020-03-26 12:17:49 +00:00
Hans Petter Selasky
a0be362828 Be more intelligent when classifying USB audio terminal types, so that we
don't end up using SOUND_MIXER_VOLUME for all undefined types.

MFC after:	1 week
Sponsored by:	Mellanox Technologies
2020-03-26 07:52:04 +00:00
Hans Petter Selasky
91feacd19e Make mute controls available for USB audio mixers.
Submitted by:	Horse Ma <Shichun.Ma@dell.com>
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2020-03-26 07:46:16 +00:00
Hans Petter Selasky
edabe1ee6d Factor out USB audio mixer value range check.
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2020-03-26 07:42:36 +00:00
Hans Petter Selasky
7e88777b24 Avoid scaling USB audio mixer values twice.
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2020-03-26 07:37:00 +00:00
Conrad Meyer
ca0ec73c11 Expand generic subword atomic primitives
The goal of this change is to make the atomic_load_acq_{8,16},
atomic_testandset{,_acq}_long, and atomic_testandclear_long primitives
available in MI-namespace.

The second goal is to get this draft out of my local tree, as anything that
requires a full tinderbox is a big burden out of tree.  MD specifics can be
refined individually afterwards.

The generic implementations may not be ideal for your architecture; feel
free to implement better versions.  If no subword_atomic definitions are
needed, the include can be removed from your arch's machine/atomic.h.
Generic definitions are guarded by defined macros of the same name.  To
avoid picking up conflicting generic definitions, some macro defines are
added to various MD machine/atomic.h to register an existing implementation.

Include _atomic_subword.h in arm and arm64 machine/atomic.h.

For some odd reason, KCSAN only generates some versions of primitives.
Generate the _acq variants of atomic_load.*_8, atomic_load.*_16, and
atomic_testandset.*_long.  There are other questionably disabled primitives,
but I didn't run into them, so I left them alone.  KCSAN is only built for
amd64 in tinderbox for now.

Add atomic_subword implementations of atomic_load_acq_{8,16} implemented
using masking and atomic_load_acq_32.

Add generic atomic_subword implementations of atomic_testandset_long(),
atomic_testandclear_long(), and atomic_testandset_acq_long(), using
atomic_fcmpset_long() and atomic_fcmpset_acq_long().

On x86, add atomic_testandset_acq_long as an alias for
atomic_testandset_long.

Reviewed by:	kevans, rlibby (previous versions both)
Differential Revision:	https://reviews.freebsd.org/D22963
2020-03-25 23:12:43 +00:00
Michael Tuexen
7c63520c42 Remove an optimization, which was incorrect a couple of times and
therefore doesn't seem worth to be there.
In this case COOKIE where not retransmitted anymore, when the
socket was already closed.

MFC after:		1 week
2020-03-25 18:20:37 +00:00
Michael Tuexen
37686ccf08 Improve consistency in debug output.
MFC after:		1 week
2020-03-25 18:14:12 +00:00
Ryan Moeller
69534635ff MFOpenZFS: ZVOLs should not be allowed to have children
zfs create, receive and rename can bypass this hierarchy rule. Update
both userland and kernel module to prevent this issue and use pyzfs
unit tests to exercise the ioctls directly.

Note: this commit slightly changes zfs_ioc_create() ABI. This allow to
differentiate a generic error (EINVAL) from the specific case where we
tried to create a dataset below a ZVOL (ZFS_ERR_WRONG_PARENT).

Reviewed-by: Paul Dagnelie <pcd@delphix.com>
Reviewed-by: Matt Ahrens <mahrens@delphix.com>
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Tom Caputi <tcaputi@datto.com>
Signed-off-by: loli10K <ezomori.nozomu@gmail.com>

Approved by:	mav (mentor)
MFC after:	2 weeks
Sponsored by:	iXsystems, Inc.
openzfs/zfs@d8d418ff0c
2020-03-25 15:56:18 +00:00
Michael Tuexen
24187cfe72 Revert https://svnweb.freebsd.org/changeset/base/357829
This introduces a regression reported by koobs@ when running a pyhton
test suite on a loaded system.

This patch resulted in a failing accept() call, when the association
was setup and gracefully shutdown by the peer before accept was called.
So the following packetdrill script would fail:

+0.0 socket(..., SOCK_STREAM, IPPROTO_SCTP) = 3
+0.0 bind(3, ..., ...) = 0
+0.0 listen(3, 1) = 0
+0.0 < sctp: INIT[flgs=0, tag=1, a_rwnd=15000, os=1, is=1, tsn=1]
+0.0 > sctp: INIT_ACK[flgs=0, tag=2, a_rwnd=..., os=..., is=..., tsn=1, ...]
+0.1 < sctp: COOKIE_ECHO[flgs=0, len=..., val=...]
+0.0 > sctp: COOKIE_ACK[flgs=0]
+0.0 < sctp: DATA[flgs=BE, len=116, tsn=1, sid=0, ssn=0, ppid=0]
+0.0 > sctp: SACK[flgs=0, cum_tsn=1, a_rwnd=..., gaps=[], dups=[]]
+0.0 < sctp: SHUTDOWN[flgs=0, cum_tsn=0]
+0.0 > sctp: SHUTDOWN_ACK[flgs=0]
+0.0 < sctp: SHUTDOWN_COMPLETE[flgs=0]
+0.0 accept(3, ..., ...) = 4
+0.0 close(3) = 0
+0.0 recv(4, ..., 4096, 0) = 100
+0.0 recv(4, ..., 4096, 0) = 0
+0.0 close(4) = 0

Reported by:		koops@
2020-03-25 15:29:01 +00:00
Michael Tuexen
23e3c0880d Use consistent debug output.
MFC after:		1 week
2020-03-25 13:19:41 +00:00
Michael Tuexen
e056fafd92 Don't restore the vnet too early in error cases.
MFC after:		1 week
2020-03-25 13:18:37 +00:00
Michael Tuexen
7522682e5e Only call panic when building with INVARIANTS.
MFC after:		1 week
2020-03-24 23:04:07 +00:00
Michael Tuexen
a412576e36 Another cleanup of the timer code. Also be more pedantic about the
parameters of the timer start and stop routines. Several inconsistencies
have been fixed in earlier commits. Now they will be catched when running
an INVARIANTS system.

MFC after:	1 week
2020-03-24 22:44:36 +00:00
Justin Hibbits
77cb3b49b7 ichwd: Add Atom C3000 watchdog ID.
MFC after:	3 days
Sponsored by:	Juniper Networks, Inc
2020-03-24 21:28:48 +00:00
Conrad Meyer
704101dd3d Fix PNP matching for iflib NIC drivers
The previous descriptor string specified that all fields were significant for
match.  However, the only significant fields for in-tree drivers are
vendor:devid, and the fictitious zero values constructed by PVID() did not
match real subvendor, subdevice, revision, and/or class values, resulting in no
automatic probe.

If a future iflib driver needs to match on other criteria, the descriptor
string can be updated accordingly.  (E.g., "V32" and ~0 for unspecified values
in PVID().)

Reported by:	mav
Sponsored by:	Dell EMC Isilon
2020-03-24 19:20:10 +00:00
Mark Johnston
8db2e8fd16 Remove the secondary_stacks array in arm64 and riscv kernels.
Instead, dynamically allocate a page for the boot stack of each AP when
starting them up, like we do on x86.  This shrinks the bss by
MAXCPU*KSTACK_PAGES pages, which corresponds to 4MB on arm64 and 256KB
on riscv.

Duplicate the logic used on x86 to free the bootstacks, by using a
sysinit to wait for each AP to switch to a thread before freeing its
stack.

While here, mark some static MD variables as such.

Reviewed by:	kib
MFC after:	1 month
Sponsored by:	Juniper Networks, Klara Inc.
Differential Revision:	https://reviews.freebsd.org/D24158
2020-03-24 18:43:23 +00:00
Justin Hibbits
d681bc9e64 ismt: Fix ISMT_DESC_ADDR_RW macro, slave addresses are already left-shifted
Reverts r293369.  The macro was orginally correct, since our SMBus
framework, unlike i2c, already requires addresses to be 8-bit, LSB-cleared.

MFC after:	3 days
Sponsored by:	Juniper Networks, Inc
2020-03-24 18:35:33 +00:00
Ed Maste
ed6611cc8c iflib: simplify MPASS assertion
Submitted by:	andrew
2020-03-24 17:54:34 +00:00
Ed Maste
68af0153a7 iflib: split compound assertion
ThunderX cluster systems are panicking on boot with a failed assertion
MPASS(gtask != NULL && gtask->gt_taskqueue != NULL).  Split the
assertion so that it's clear which part is failing.
2020-03-24 17:25:56 +00:00
Konstantin Belousov
8cf8c2f65a kern_copy_file_range(): check the file type.
The syscall can only operate on valid vnode types.

Reported and tested by:	pho
Sponsored by:	The FreeBSD Foundation
2020-03-24 17:16:52 +00:00
Conrad Meyer
2596eb8847 arm: Fix atomic long APIs to correct 'u_long' signedness
As defined in atomic(9) and implemented on other architectures, the
atomic(9) functions all act on unsigned pointers and types.  Prior to this
revision, arm implemented some atomic(9) 'long' sized routines with correct
unsigned type, but others were incorrectly signed.

Reviewed by:	tinderbox
Sponsored by:	Dell EMC Isilon
2020-03-23 23:00:13 +00:00
John Baldwin
47172feb8d Use the newer EINTEGRITY error when authentication fails.
GELI used to fail with EINVAL when a read request spanned a disk
sector whose contents did not match the sector's authentication tag.
The recently-added EINTEGRITY more closely matches to the error in
this case.

Reviewed by:	cem, mckusick
MFC after:	2 weeks
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24131
2020-03-23 21:26:32 +00:00
Brooks Davis
e0fcf26335 Bump for kyua import.
Reported by:	cy
Sponsored by:	DARPA
2020-03-23 19:28:24 +00:00
Alex Richardson
0a20523dda Fix newvers.sh on macOS 10.15
It appears that the macOS /bin/sh echo now defaults to -e and therefore the
`#define VERSTR` included newline characters instead of \n. This caused compiler
errors due to unterminated strings. Fix by using printf instead of echo.
A less fragile solution might be to bootstrap the in-tree /bin/sh but that
requires more changes.

Reviewed By:	brooks
Differential Revision: https://reviews.freebsd.org/D24136
2020-03-23 17:51:44 +00:00
Baptiste Daroussin
e47b5c3de7 Remove unneeded dependency on libl 2020-03-23 14:33:29 +00:00
Michael Tuexen
d084818d9d Cleanup the file and add two ASSERT variants for locks, which will be
used shortly.

MFC after:		1 week
2020-03-23 12:17:13 +00:00
Alex Richardson
c5247ac505 Use a GCC-compatile compiler flag in files.xlp
Seems like GCC doesn't like -Qunused-arguments, so use
-Wno-unused-command-line-argument, which is supported by both GCC and Clang.
2020-03-22 22:18:06 +00:00
Alex Richardson
0823672d94 Fix linking OCTEON1 kernel with LLD
LLD complains that the type of .dynamic was changed. Fix this by copying
the approach used in the mips64 ldscript.
I do not have hardware to test this change so I only verified that the
kernel links and the section layout looks sensible.

Reviewed By:	imp, emaste
Differential Revision: https://reviews.freebsd.org/D24093
2020-03-22 22:18:00 +00:00
Rick Macklem
f9122b6488 Fix an NFS mount attempt where VFS_STATFS() fails.
r353150 added mnt_rootvnode and this seems to have broken NFS mounts when the
VFS_STATFS() called just after VFS_MOUNT() returns an error.
Then the code calls VFS_UNMOUNT(), which calls vflush(), which returns EBUSY.
Then the thread get stuck sleeping on "mntref" in vfs_mount_destroy().
This patch fixes this problem.

Reviewed by:	kib, mjg
Differential Revision:	https://reviews.freebsd.org/D24022
2020-03-22 18:18:30 +00:00
Mitchell Horne
9634349d9c Fix ordering of machine includes
Remove machine/asm.h since it is unused.
2020-03-22 17:59:36 +00:00
Hans Petter Selasky
d0edc32e72 Add new USB ID.
Submitted by:	Konrad Jopek <kjopek@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D24142
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2020-03-22 11:44:24 +00:00
Michael Tuexen
a57fb68b92 More timer cleanups, no functional change.
MFC after:		1 week
2020-03-21 16:12:19 +00:00