Commit Graph

20441 Commits

Author SHA1 Message Date
Mark Johnston
95033af923 Add the SCTP_SUPPORT kernel option.
This is in preparation for enabling a loadable SCTP stack.  Analogous to
IPSEC/IPSEC_SUPPORT, the SCTP_SUPPORT kernel option must be configured
in order to support a loadable SCTP implementation.

Discussed with:	tuexen
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2020-06-18 19:32:34 +00:00
Adrian Chadd
70c8948af8 [ath] Mention DWDS, expresscard and minipcie.
I use all of these..
2020-06-17 03:16:20 +00:00
Adrian Chadd
dd1d42a94f [run] mention that some 11n functionality is now available.
A-MPDU, short-gi and 40MHz mode is currently not supported, but hey,
it supports enough 11n to be useful.
2020-06-17 03:12:43 +00:00
Sergey Kandaurov
6f5b118fe1 Complete a function block with Fc, no content change.
Notably, unbreaks rendering with groff.
2020-06-16 21:07:51 +00:00
Rick Macklem
0652c6c790 Update VFS_CHECKEXP.9 for the argument changes done by r362158.
The arguments for VFS_CHECKEXP() were changed by r362158.
Also, the numsecflavors and secflavors arguments were not documented,
so add these as well.

This is a content change.
2020-06-16 20:51:28 +00:00
Baptiste Daroussin
4083cbbf4f Fix typo in the documentation about the daily ntpd status
PR:		245679
Submitted by:	Taylor Stearns <t@tstearns.com>
MFC after:	3 days
2020-06-16 12:40:19 +00:00
Toomas Soome
e7fd9688ea Move font related data structured to sys/font.c and update vtfontcvt
Prepare support to be able to handle font data in loader, consolidate
data structures to sys/font.h and update vtfontcvt.

vtfontcvt update is about to output set of glyphs in form of C source,
the implementation does allow to output compressed or uncompressed font
bitmaps.

Reviewed by:	bcr
Differential Revision:	https://reviews.freebsd.org/D24189
2020-06-14 06:58:58 +00:00
Konstantin Belousov
17edf152e5 Control for Special Register Buffer Data Sampling mitigation.
New microcode update for Intel enables mitigation for SRBDS, which
slows down RDSEED and related instructions.  The update also provides
a control to limit the mitigation to SGX enclaves, which should
restore the speed of random generator by the cost of potential
cross-core bufer sampling.

See https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling

GIve the user control over it.

Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D25221
2020-06-12 22:14:45 +00:00
Edward Tomasz Napierala
462171d9aa Add compat.linux.debug sysctl, to make it possible to silence down
the debug messages. While here, clean up some variable naming.

Reviewed by:	bcr (manpages), emaste
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D25230
2020-06-12 14:37:50 +00:00
Gordon Bergling
7974b0046d Add myself (gbe) to committers-doc.dot and calendar.freebsd
Reviewed by:	bcr (mentor)
Approved by:	bcr (mentor)
Differential Revision:	https://reviews.freebsd.org/D25241
2020-06-12 09:34:10 +00:00
Konstantin Belousov
2ef84b7da9 Add pthread_getname_np() and pthread_setname_np() aliases for
pthread_get_name_np() and pthread_set_name_np().

This re-applies r361770 after compatibility fixes.

Reviewed by:	antoine, jkim, markj
Tested by:	antoine (exp-run)
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D25117
2020-06-10 22:13:24 +00:00
Edward Tomasz Napierala
8c5059e9ea Make linux(4) set the openfiles soft resource limit to 1024 for Linux
applications, which often depend on this being the case.  There's a new
sysctl, compat.linux.default_openfiles, to control this behaviour.

Reviewed by:	kevans, emaste, bcr (manpages)
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D25177
2020-06-10 18:50:46 +00:00
John Baldwin
a3d565a118 Add a crypto capability flag for accelerated software drivers.
Use this in GELI to print out a different message when accelerated
software such as AESNI is used vs plain software crypto.

While here, simplify the logic in GELI a bit for determing which type
of crypto driver was chosen the first time by examining the
capabilities of the matched driver after a single call to
crypto_newsession rather than making separate calls with different
flags.

Reviewed by:	delphij
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D25126
2020-06-09 22:26:07 +00:00
Mateusz Piotrowski
7465a290a0 Document that /lib is always in the list of shared library paths
/lib was added to the list in r119011.

MFC after:	1 week
2020-06-08 09:33:45 +00:00
Ed Maste
6d04a12b1a src.conf.5: regen after BINUTILS options removal 2020-06-07 13:52:49 +00:00
Yuri Pankov
2faadf1096 taskqueue(9): reference callout(9) instead of timeout(9)
As timeout(9) was removed and all consumers were converted to
callout(9), reference it instead for the description of sbt, pr,
and flags arguments.

Reviewed by:	trasz
Differential Revision:	https://reviews.freebsd.org/D25165
2020-06-07 09:17:57 +00:00
Warner Losh
31813e3236 Mention nda where we mention nvd. 2020-06-07 02:40:21 +00:00
Ed Maste
74e8d41e0a Retire BINUTILS and BINUTILS_BOOTSTRAP options
As of r361857 all BINUTILS options are disabled by default - ports
have been changed to depend on binutils if they require GNU as, and
all base system assembly files have been switched to use Clang's
integrated assembler.

Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
2020-06-07 00:07:21 +00:00
Ed Maste
2ea16071f0 src.conf.5: regen after r361876, SYSTEM_LINKER description update 2020-06-06 22:26:44 +00:00
Warner Losh
5da3d601f5 Add a section on CAM architecture.
Add xref to all SIM devices we currently have (including a rough indication
which ones are likely to fail).
Update to include all the CAM options.
Fix a few igor nits while I'm here.
2020-06-06 18:43:08 +00:00
Yuri Pankov
d0b8ad1e6c stats(7): fix bad Xr references and lint noise
Reviewed by:	bjk, debdrup
Differential Revision:	https://reviews.freebsd.org/D25166
2020-06-06 17:48:55 +00:00
Warner Losh
f2dbbab767 Sort alphabetically. 2020-06-06 07:13:06 +00:00
Warner Losh
1bb6f1d195 Fix typo
Submitted by: Yuri Pankov
2020-06-06 06:49:06 +00:00
Warner Losh
5ed1576e24 Document all the sysctl values for the nda devices. Include some minimal
documentation on namespace support for nda devices. Fix a few typos
and formatting nits to apease igor.
2020-06-06 06:21:20 +00:00
Ed Maste
dcf563030a src.conf.5: regen after r361857, BINUTILS_BOOTSTRAP off by default 2020-06-06 02:28:21 +00:00
Ed Maste
18983e3b88 src.opts.mk: disable BINUTILS_BOOTSTRAP universally
As of r361853 skein_block_asm.S is assembled using Clang's integrated
assembler.

PR:		233611
Sponsored by:	The FreeBSD Foundation
2020-06-06 02:27:28 +00:00
John Baldwin
82785a3cc8 Update crypto(7) to list current ciphers.
Add descriptions of AES-CCM, Camellia-CBC, and Chacha20.

Reviewed by:	cem (previous version)
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24963
2020-06-04 22:16:19 +00:00
Mark Johnston
e9ee2675cb Update vt(4) config option names to chase r303043.
PR:		246080
Submitted by:	David Marec <david@lapinbilly.eu>
MFC after:	1 week
2020-06-04 16:05:24 +00:00
Konstantin Belousov
064c283d65 Revert r361770 "Add pthread_getname_np() and pthread_setname_np() aliases" for now.
It is not compatible enough with Linux.

Requested by:	antoine, jkim
Sponsored by:	The FreeBSD Foundation
2020-06-04 09:06:03 +00:00
Konstantin Belousov
9bed49fea4 Add pthread_getname_np() and pthread_setname_np() aliases
for pthread_get_name_np() and pthread_set_name_np(), to be
compatible with Linux.

PR:	238404
Proposed and reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D25117
2020-06-03 20:54:36 +00:00
Vladimir Kondratyev
ec45be6c36 [psm] Workaround active PS/2 multiplexor hang
which happens on some laptops after returning to legacy multiplexing mode
at initialization stage.

PR:		242542
Reported by:	Felix Palmen <felix@palmen-it.de>
MFC after:	1 week
2020-06-02 01:04:49 +00:00
Ed Maste
8e1e3e1c5d bsd.prog.mk: split MK_PIE test for clarity
And a comment explaining why PIE flags are disabled for static binaries.
2020-06-02 00:46:15 +00:00
Warner Losh
08bc040214 Correct the release date for 2.11BSD
2.11BSD was announced on March 14, 1991 in comp.bugs.2bsd by
Steven M. Schultz. The document has a 'revised January 1991'
date at the top.

Patch/1 in the official repo is dated March 31, 1991, and an identical copy of
it was posted to comp.bugs.2bsd on May 5, 1991. Patch 2 in 22 parts was likewise
posted May 18, 1991. This makes the Feb 1992 date too late. It's possible it's a
typo for Feb 1991 since that lines up with the announcement being 2 weeks
later. Without an extant copy of the 2.11 tape, however, it's hard to say for
sure. Go with the date we have the most independent, direct evidence for, which
is the announcement date.
2020-05-31 21:38:33 +00:00
Ed Maste
4e2264e435 Add deprecation notice to WITH_BINUTILS option description 2020-05-30 16:12:50 +00:00
Ed Maste
fd71da37d4 Disable BINUTILS by default on amd64
The retirement of obsolete binutils 2.17.50 has been in progress for
quite some time.  All tools other than GNU as were removed prior to this
commit, and it was built only on amd64 - installed as /usr/bin/as, and
used as a bootstrap tool.

The amd64 exp-run has completed and failures have now been addressed in
the individual ports, so disable it by default.

PR:		233611, 205250 [exp-run]
Sponsored by:	The FreeBSD Foundation
2020-05-30 16:12:00 +00:00
Ed Maste
b22a6bb954 regen src.conf.5 after BINUTILS changes 2020-05-29 17:39:25 +00:00
Ed Maste
24930a2b4a Disable BINUTILS by default on i386
The retirement of obsolete binutils 2.17.50 has been in progress for
quite some time.  All tools other than GNU as were removed prior to this
commit, and it was built only on two archs:

i386, installed as /usr/bin/as
amd64, installed as /usr/bin/as and as a bootstrap tool

The i386 exp-run has completed and failures have been addressed in the
individual ports, so disable it there.

PR:		233611, 205250 [exp-run]
Sponsored by:	The FreeBSD Foundation
2020-05-29 17:36:54 +00:00
Ed Maste
c5ea81f7a6 rename in-tree libevent v1 to libevent1
r316063 installed pf's embedded libevent as a private lib, with headers
in /usr/include/private/event.  Unfortunately we also have a copy of
libevent v2 included in ntp, which needed to be updated for compatibility
with OpenSSL 1.1.

As unadorned 'libevent' generally refers to libevent v2, be explicit that
this one is libevent v1.

Reviewed by:	vangyzen (earlier)
Differential Revision:	https://reviews.freebsd.org/D17275
2020-05-28 22:05:50 +00:00
Eric van Gyzen
824214da64 Revert part of r360964
ports/devel/linux_libusb builds FreeBSD libusb with GCC 4.8.5
from devel/linux-c7-devtools.  Restore the tests for older GCC
in bsd.sys.mk to accomodate such ports.

Reported by:	tijl
Sponsored by:	Dell EMC Isilon
2020-05-28 21:56:31 +00:00
John Baldwin
23230d520a Remove an extraneous line continuation from r361481. 2020-05-25 23:07:50 +00:00
John Baldwin
9c0e3d3a53 Add support for optional separate output buffers to in-kernel crypto.
Some crypto consumers such as GELI and KTLS for file-backed sendfile
need to store their output in a separate buffer from the input.
Currently these consumers copy the contents of the input buffer into
the output buffer and queue an in-place crypto operation on the output
buffer.  Using a separate output buffer avoids this copy.

- Create a new 'struct crypto_buffer' describing a crypto buffer
  containing a type and type-specific fields.  crp_ilen is gone,
  instead buffers that use a flat kernel buffer have a cb_buf_len
  field for their length.  The length of other buffer types is
  inferred from the backing store (e.g. uio_resid for a uio).
  Requests now have two such structures: crp_buf for the input buffer,
  and crp_obuf for the output buffer.

- Consumers now use helper functions (crypto_use_*,
  e.g. crypto_use_mbuf()) to configure the input buffer.  If an output
  buffer is not configured, the request still modifies the input
  buffer in-place.  A consumer uses a second set of helper functions
  (crypto_use_output_*) to configure an output buffer.

- Consumers must request support for separate output buffers when
  creating a crypto session via the CSP_F_SEPARATE_OUTPUT flag and are
  only permitted to queue a request with a separate output buffer on
  sessions with this flag set.  Existing drivers already reject
  sessions with unknown flags, so this permits drivers to be modified
  to support this extension without requiring all drivers to change.

- Several data-related functions now have matching versions that
  operate on an explicit buffer (e.g. crypto_apply_buf,
  crypto_contiguous_subsegment_buf, bus_dma_load_crp_buf).

- Most of the existing data-related functions operate on the input
  buffer.  However crypto_copyback always writes to the output buffer
  if a request uses a separate output buffer.

- For the regions in input/output buffers, the following conventions
  are followed:
  - AAD and IV are always present in input only and their
    fields are offsets into the input buffer.
  - payload is always present in both buffers.  If a request uses a
    separate output buffer, it must set a new crp_payload_start_output
    field to the offset of the payload in the output buffer.
  - digest is in the input buffer for verify operations, and in the
    output buffer for compute operations.  crp_digest_start is relative
    to the appropriate buffer.

- Add a crypto buffer cursor abstraction.  This is a more general form
  of some bits in the cryptosoft driver that tried to always use uio's.
  However, compared to the original code, this avoids rewalking the uio
  iovec array for requests with multiple vectors.  It also avoids
  allocate an iovec array for mbufs and populating it by instead walking
  the mbuf chain directly.

- Update the cryptosoft(4) driver to support separate output buffers
  making use of the cursor abstraction.

Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D24545
2020-05-25 22:12:04 +00:00
Alan Somers
b5aac3ea28 [skip ci] ip.4: fix typos
MFC after:	2 weeks
2020-05-25 04:17:01 +00:00
John Baldwin
723d87648e Improve support for stream ciphers in the software encryption interface.
Add a 'native_blocksize' member to 'struct enc_xform' that ciphers can
use if they support a partial final block.  This is particular useful
for stream ciphers, but can also apply to other ciphers.  cryptosoft
will only pass in native blocks to the encrypt and decrypt hooks.  For
the final partial block, 'struct enc_xform' now has new
encrypt_last/decrypt_last hooks which accept the length of the final
block.  The multi_block methods are also retired.

Mark AES-ICM (AES-CTR) as a stream cipher.  This has some interesting
effects on IPsec in that FreeBSD can now properly receive all packets
sent by Linux when using AES-CTR, but FreeBSD can no longer
interoperate with OpenBSD and older verisons of FreeBSD which assume
AES-CTR packets have a payload padded to a 16-byte boundary.  Kornel
has offered to work on a patch to add a compatiblity sysctl to enforce
additional padding for AES-CTR in esp_output to permit compatibility
with OpenBSD and older versions of FreeBSD.

AES-XTS continues to use a block size of a single AES block length.
It is possible to adjust it to support partial final blocks by
implementing cipher text stealing via encrypt_last/decrypt_last hooks,
but I have not done so.

Reviewed by:	cem (earlier version)
Tested by:	Kornel Dulęba <mindal@semihalf.com> (AES-CTR with IPsec)
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D24906
2020-05-22 16:29:09 +00:00
Baptiste Daroussin
e19c3e0eb8 Update pciids to 2020.05.22
MFC after:	2 days
2020-05-22 09:38:44 +00:00
Rodney W. Grimes
242349823c Include all currently present kernel options for IPFW
Also fix igor complaint about manpage/s/man page

Reported by: rgrimes@freebsd.org

PR:		219075
Submitted by:	Dries Michiels driesm.michiels_gmail.com
Reported by:	rgrimes
Reviewed by:	bcr (manpages), 0mp
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D24541
2020-05-22 03:13:29 +00:00
Konstantin Belousov
ea6020830c amd64: Add a knob to flush RSB on context switches if machine has SMEP.
The flush is needed to prevent cross-process ret2spec, which is not handled
on kernel entry if IBPB is enabled but SMEP is present.
While there, add i386 RSB flush.

Reported by:	Anthony Steinhauser <asteinhauser@google.com>
Reviewed by:	markj, Anthony Steinhauser
Discussed with:	philip
admbugs:	961
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2020-05-20 22:00:31 +00:00
Ed Maste
0a3ed02ab8 vt: fix duplicate keymap descriptions
PR:		246495
Submitted by:	Jorge Maidana
MFC after:	1 week
2020-05-20 20:24:37 +00:00
Ed Maste
697b271da9 pkgbase: use -dev,-dbg instead of -development,-debug
-development is long and awkward, and is also inconsistent with prior art
from the Linux world, which uses -dev (Debian) or -devel (Red Hat).  Follow
the Debian convention, and similarly for debug info packages.

Also remove redundant pkgbase development tag from includes.  We already tag
include files with package=runtime,dev; there is no need to separately tag
them as dev.

Discussed with:	bapt
Reviewed by:	manu
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D24139
2020-05-20 19:45:22 +00:00
Ed Maste
d86cb34ed4 src.conf.5: regen after r361282, GNU_DIFF knob descriptions 2020-05-20 17:27:22 +00:00
Christian S.J. Peron
cfc1018761 Fix typo that snuck in
Reported by:	Jose Luis Duran
MFC after:	1 week
2020-05-15 23:44:52 +00:00