Commit Graph

244813 Commits

Author SHA1 Message Date
imp
aafe805fed cam iosched: Enforce iop limits below the quanta value
Previously the iops limiter would always allow at least
quanta ios per second as cam_iosched_iops_tick() never set
ios->l_value1 below 1.

Submitted by: Fabian Keil <fk@fabiankeil.de>
Obtained from: ElectroBSD
PR: 221974
2017-09-22 02:36:32 +00:00
jhb
3c2af9be8d Support AEAD requests with non-GCM algorithms.
In particular, support chaining an AES cipher with an HMAC for a request
including AAD.  This permits submitting requests from userland to encrypt
objects like IPSec packets using these algorithms.

In the non-GCM case, the authentication crypto descriptor covers both the
AAD and the ciphertext.  The GCM case remains unchanged.  This matches
the requests created internally in IPSec.  For the non-GCM case, the
COP_F_CIPHER_FIRST is also supported since the ordering matters.

Note that while this can be used to simulate IPSec requests from userland,
this ioctl cannot currently be used to perform TLS requests using AES-CBC
and MAC-before-encrypt.

Reviewed by:	cem
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D11759
2017-09-22 00:34:46 +00:00
jhb
bee88d82bb Add a new COP_F_CIPHER_FIRST flag for struct crypt_op.
This requests that the cipher be performed before rather than after
the HMAC when both are specified for a single operation.

Reviewed by:	cem
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D11757
2017-09-22 00:21:58 +00:00
jhb
8ef23ac4de Place the AAD before the plaintext/ciphertext for CIOCRYPTAEAD.
Software crypto implementations don't care how the buffer is laid out,
but hardware implementations may assume that the AAD is always before
the plain/cipher text and that the hash/tag is immediately after the end
of the plain/cipher text.

In particular, this arrangement matches the layout of both IPSec packets
and TLS frames.  Linux's crypto framework also assumes this layout for
AEAD requests.

Reviewed by:	cem
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D11758
2017-09-22 00:15:54 +00:00
shurd
5116c3be34 Fix undeclared identifier error introduced in r323879
It doesn't appear to be safe to use gtask->gt_name.

Reported by:	Mark Johnston, Jenkins
Reviewed by:	sbruno
Approved by:	sbruno (mentor)
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D12448
2017-09-21 23:27:35 +00:00
tsoome
e3bd1c0037 libefi: efipart.c should use calloc()
The device specific *_add functions are using malloc() + memset,
should use calloc instead.
2017-09-21 23:22:18 +00:00
tsoome
0f3861f775 libefi: efi_devpath_match() should return bool
The current implementation of efi_devpath_match() is returning values 0 or 1,
so it should be updated to return bool.
2017-09-21 23:14:07 +00:00
imp
ef7d9c4940 Always create usr/local/etc -> /etc/local symlink
/usr/local/etc gets created and populated by packages. However, if no
packages are installed when setup_nanobsd is run, this symlink won't
get created, causing problems if packages are installed later (say on
first boot). Therefore, always create the symlink and etc/local. It
does no harm and may help.

Inspired by crochet issue #183 (consuingly says NanoBSD, means crochet)
Sponsored by: Netflix
2017-09-21 23:10:56 +00:00
jhb
c5f4b54f16 Only handle _PC_MAX_CANON, _PC_MAX_INPUT, and _PC_VDISABLE for TTY devices.
Move handling of these three pathconf() variables out of vop_stdpathconf()
and into devfs_pathconf() as TTY devices can only be devfs files.  In
addition, only return settings for these three variables for devfs devices
whose device switch has the D_TTY flag set.

Discussed with:	bde, kib
Sponsored by:	Chelsio Communications
2017-09-21 23:05:32 +00:00
jhb
ebd5dd0a34 Use UFS_LINK_MAX instead of LINK_MAX.
Submitted by:	bde
Sponsored by:	Chelsio Communications
2017-09-21 22:33:59 +00:00
markj
6f05d50cd3 Simplify i915_gem_wire_page() and avoid unneeded page-busying.
Reviewed by:	alc, kib
MFC after:	1 week
2017-09-21 22:15:45 +00:00
shurd
c8fa21be21 Improved logging of gtaskqueue failues
Check the return code of intr_setaffinity() and log any errors
it returns. When a qid is not located, log an error before returning
failure.  Also, use __func__ rather than hardcoding the function name

Reviewed by:	sbruno
Approved by:	sbruno (mentor)
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D12436
2017-09-21 21:14:48 +00:00
cem
23508ac59c cryptotest.py: Actually use NIST-KAT HMAC test vectors and test the right hashes
Previously, this test was entirely a no-op as no vector in the NIST-KAT file
has a precisely 20-byte key.

Additionally, not every vector in the file is SHA1.  The length field
determines the hash under test, and is now decoded correctly.

Finally, due to a limitation I didn't feel like fixing in cryptodev.py, MACs
are truncated to 16 bytes in this test.

With this change and the uncommitted D12437 (to allow key sizes other than
those used in IPSec), the SHA tests in cryptotest.py actually test something
and e.g. at least cryptosoft passes the test.

Sponsored by:	Dell EMC Isilon
2017-09-21 21:07:21 +00:00
shurd
8b20e8f83d Fix M_GTASKQUEUE definition
Previously had the same short and long description as taskqueues.
This could cause problems with memguard(9) and vmstat -m which use
the short description as a unique identifier.

Reviewed by:	sbruno
Approved by:	sbruno (mentor)
MFC after:	3 days
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D12438
2017-09-21 20:34:33 +00:00
shurd
c932e515c4 bnxt: Fix driver when attached to a VF
- Use HWRM_FUNC_VF_CFG instead of HWRM_FUNC_CFG on VFs
- Fix NPAR/VF detection
- Clean up flag definitions
- Don't allow WoL on VFs

Although the bnxt driver doesn't support SR-IOV so can create VFs yet,
the PF could be running Linux or ESCi with a VF passed through to a
FreeBSD guest.  This fixes the driver for that use case.

Submitted by:	Siva Kallam <siva.kallam@@broadcom.com>
Reviewed by:	shurd, sbruno
Approved by:	sbruno (mentor)
Sponsored by:	Broadcom Limited
Differential Revision:	https://reviews.freebsd.org/D12410
2017-09-21 20:27:43 +00:00
eugen
74e3f7a235 Unprotected modification of ng_iface(4) private data leads to kernel panic.
Fix a race with per-node read-mostly lock and refcounting for a hook.

PR:			220076
Tested by:		peixoto.cassiano
Approved by:		avg (mentor), mav (mentor)
MFC after:		1 week
Relnotes:		yes
Differential Revision:	https://reviews.freebsd.org/D12435
2017-09-21 20:16:10 +00:00
cem
ce5730adaa cryptotest.py: Do not run AES-CBC or AES-GCM tests on non-AES crypto(4) drivers
For some reason, we only skipped AES-XTS tests if a driver was not in the
aesmodules list.  Skip other AES modes as well to prevent spurious failures
in non-AES drivers.

Sponsored by:	Dell EMC Isilon
2017-09-21 18:06:21 +00:00
alc
cb98f1d27d Modernize calls to vm_page_unwire(). As of r288122, vm_page_unwire()
accepts PQ_NONE as the specified queue and returns a Boolean indicating
whether the page's wire count transitioned to zero.  Use these features
in dev/drm2.

Reviewed by:	kib, markj
MFC after:	1 week
2017-09-21 15:32:41 +00:00
tsoome
a36c36a04d libefi: devicename.c cleanups
Remove duplicated free()+return statements, default unit to 0
and improve strtol error processing.
2017-09-21 15:30:20 +00:00
oshogbo
37b8624aaf We use a few different ifdef's names to check if we are using Casper or not,
let's standardize this. Now we are always use WITH_CASPER name.

Discussed with:	emaste@
MFC after:	1 month
2017-09-21 14:41:41 +00:00
sevan
dee8fcc6f9 Ammend bin/cat/cat.c so the output is the same aside
from blank lines being numbered or unnumbered, depending on whether cat
was invoked with -ne or -be.

At present, when cat is invoked with -be, there is an aditional
difference that the '$' on blank lines is placed on the far left of the
output.

Discussed in bug 210607.

While here, revert the workaround from r304035 which skipped the unit test for
this issue previously.

PR:		210607
Submitted by:	myself
Reviewed by:	bdrewery
Obtained from:	NetBSD
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D12432
2017-09-21 14:14:49 +00:00
kp
deed61f436 bridge: Set module version
This ensures that the loader will not load the module if it's also built in to
the kernel.

PR:		220860
Submitted by:	Eugene Grosbein <eugen@freebsd.org>
Reported by:	Marie Helene Kvello-Aune <marieheleneka@gmail.com>
2017-09-21 14:14:01 +00:00
tuexen
8b25605cf2 Code cleanup, no functional change.
MFC after:	1 week
2017-09-21 11:56:31 +00:00
oshogbo
d1a32b7182 Plug memory leak in case when nvlist allocation succeeds, but nvpair
allocation fails.

Submitted by:	pjd@
MFC after:	1 month
Sponsored by:	Wheel Systems
2017-09-21 10:28:22 +00:00
oshogbo
7bed56b0fa Simplify the code by _not_ expecting success under 'fail'.
Submitted by:	pjd@ and oshogbo@
MFC after:	1 month
Sponsored by:	Wheel Systems
2017-09-21 10:18:02 +00:00
oshogbo
5b3c574401 IMHO it is possible that failure will be treated as success because we don't
initialize nvp on every loop iteration and the code under 'fail'(!) label
detects success by checking of nvp != NULL.

Submitted by:	pjd@
MFC after:	1 month
Sponsored by:   Wheel Systems
2017-09-21 10:16:44 +00:00
oshogbo
14c708eabc Free 'value' only once we are done freeing all individual
Submitted by:   pjd@
MFC after:	1 month
Found by:       scan-build
Sponsored by:   Wheel Systems
2017-09-21 10:14:43 +00:00
n_hibma
775755f18f Remove an 'unused' function.
This function was only set in legacy.sh and only at the very end after
the disk image had been successfully created. The only difference will be
that the message 'Error encountered. Please check...' will not appear if
nanobsd.sh exits with an error after the disk image has been created.
2017-09-21 10:13:48 +00:00
oshogbo
c8344b9081 Because nvp wasn't initialized on every loop iteration once we jumped
to 'fail' on error it was treated as success, because nvp!=NULL. Fix this
by not handling success under 'fail' label and by using separate variable
for parent nvpair.

If we succeeded to allocate nvlist, but failed to allocated nvpair we
would leak nvls[ii] on return. Destroy it when we cannot allocate nvpair,
before we goto fail.

Submitted by:	pjd@ and oshogbo@ (minor changes)
Found by:       scan-build
MFC after:	1 month
Sponsored by:	Wheel Systems
2017-09-21 10:10:42 +00:00
oshogbo
9be4bc1273 Make the code consistent by always using 'fail' label.
Submitted by:	pjd@ and oshogbo@
MFC after:	1 month
Sponsored by:	Wheel Systems
2017-09-21 10:06:00 +00:00
oshogbo
f6f90f4861 The 'while (array != NULL) { }' suggests scan-build that array may be
initially NULL, which is not possible. Change the loop to
'do {} while (array != NULL)' to satisfy scan-build and assert that
array really cannot be NULL just in case.

Submitted by:	pjd@
Found by:	scan-build
MFC after:	1 month
Sponsored by:	Wheel Systems
2017-09-21 10:03:14 +00:00
oshogbo
0e3fd3e4f5 Remove redundant initialization. Don't use variable - just return the value.
Make scan-build happy by casting to 'void *' instead of 'void **'.

Submitted by:	pjd@
MFC after:	1 month
Found by:	scan-build and cppcheck
Sponsored by:	Wheel Systems
2017-09-21 10:00:16 +00:00
tuexen
7ff23453d1 Free the control structure after using is, not before.
Found by Coverity while scanning the usrsctp library.
MFC after:	1 week
2017-09-21 09:47:56 +00:00
n_hibma
47d7345226 Fix up style for consistency. 2017-09-21 09:27:44 +00:00
n_hibma
683aa1f96d Speling mistakes. 2017-09-21 09:22:41 +00:00
tuexen
862561790e No need to wakeup, since sctp_add_to_readq() does it.
MFC after:	1 week
2017-09-21 09:18:05 +00:00
cem
6a2e937b3f cryptotest.py: Add a seatbelt that we're actually testing anything
Without nist-kat installed, cryptotest.py is a no-op.  Showing 'success' in
that case is unhelpful.

Sponsored by:	Dell EMC Isilon
2017-09-21 05:46:28 +00:00
rmacklem
e8aa017e4d Add a few definitions for Flex File Layout for pNFS.
These definitions will be used by a future commit.
2017-09-21 00:41:12 +00:00
jkim
7f5b965729 Remove an ancient comment about the existence of READ(16) and WRITE(16).
MFC after:	3 days
2017-09-21 00:03:59 +00:00
ae
2377a2428e Use in_localip() function instead of unlocked access to addresses hash
to determine that an address is our local.

PR:		220078
MFC after:	1 week
2017-09-20 22:35:28 +00:00
ae
fe18ac71d3 Do not acquire IPFW_WLOCK when a named object is created and destroyed.
Acquiring of IPFW_WLOCK is requried for cases when we are going to
change some data that can be accessed during processing of packets flow.
When we create new named object, there are not yet any rules, that
references it, thus holding IPFW_UH_WLOCK is enough to safely update
needed structures. When we destroy an object, we do this only when its
reference counter becomes zero. And it is safe to not acquire IPFW_WLOCK,
because noone references it. The another case is when we failed to finish
some action and thus we are doing rollback and destroying an object, in
this case it is still not referenced by rules and no need to acquire
IPFW_WLOCK.

This also fixes panic with INVARIANTS due to recursive IPFW_WLOCK acquiring.

MFC after:	1 week
Sponsored by:	Yandex LLC
2017-09-20 22:00:06 +00:00
imp
ec76f67a17 Fix queue depth for nda.
1/4 of the number of queues times queue entries is too limiting. It
works up to about 4k IOPS / 3.0GB/s for hardware that can do
4.4k/3.2GB/s with nvd. 3/4 works better, though it highlights issues
in the fairness of nda's choice of TRIM vs READ. That will be fixed
separately.
2017-09-20 21:42:25 +00:00
tuexen
7db17aab93 Protect the address workqueue timer by a mutex.
MFC after:	1 week
2017-09-20 21:29:54 +00:00
imp
0b6b216266 cam iosched: Call cam_iosched_limiter_init() after ios->current is set to the default
Previously ios->current was set to 0 until the first
cam_iosched_cl_maybe_steer() call.

PR: 221954
Obtained from: ElectroBSD
Submitted by: Fabian Keil
Differential Revision: https://reviews.freebsd.org/D12349
2017-09-20 21:26:01 +00:00
imp
6512cacd5f cam iosched: Schedule cam_iosched_ticker() quanta times per second
Previously callout_reset() was called with a "ticks" value that was
off by one.  As a result cam_iosched_ticker() was called a bit too
frequently: On systems with hz=1000 a quanta value of 200 resulted in
~250 calls and a value of 100 in ~111 calls.

For the "queue_depth" and "bandwidth" limiters the difference doesn't
matter but the "iops" limiter depends on the scheduling to enforce the
correct maximum.

PR: 221956
Obtained from: ElectroBSD
Submitted by: Fabian Keil
Differential Revision: https://reviews.freebsd.org/D12350
2017-09-20 21:25:56 +00:00
imp
571843b8e4 cam iosched: Add a handler for the quanta sysctl to enforce valid values
Invalid values can result in devision-by-zero panics or other
undefined behaviour so lets not allow them.

PR: 221957
Obtained from: ElectroBSD
Submitted by: Fabian Keil
Differential Revision: https://reviews.freebsd.org/D12351
2017-09-20 21:19:53 +00:00
imp
c0941246ab cam iosched: Use the write queue for BIO_ZONE commands
Use the write queue for BIO_ZONE commands so they can't get executed
ahead of writes that were sent after them. More generally, since they
introduce strong ordering into the list, they need to go to the write
queue (which is the only queue that BIO_ORDERED is honored for at the
moment). In fact, fix mismatch between queueing and dequeueing code by
changing this to queue all non-reads (and non-trims) to the write
queue.

As a side effect this prevents the kernel message:
kernel: Found bio_cmd = 0x9
which cam_iosched_next_bio() emits when finding commands
other than BIO_READ in the read queue.

PR: 221973
Obtained from: ElectroBSD
Submitted by: Fabian Keil
Differential Revision: https://reviews.freebsd.org/D12353
2017-09-20 21:13:20 +00:00
shurd
29d0e17e0c Fix iflib netmap RX
RXQ setup for netmap was broken because netmap_rxq_init was getting called
before IFDI_INIT - thus we ended up with ring tail pointer being reset to zero.

Reviewed by:	sbruno
Approved by:	sbruno (mentor)
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D12140
2017-09-20 20:40:49 +00:00
davidcs
eba992b645 1. ql_hw.c:
In ql_hw_send() return EINVAL when TSO framelength exceeds max
	supported length by HW.(davidcs)
2. ql_os.c:
	In qla_send() call bus_dmamap_unload before freeing mbuf or
	recreating dmmamap.(davidcs)
	In qla_fp_taskqueue() Add additional checks for IFF_DRV_RUNNING
	Fix qla_clear_tx_buf() call bus_dmamap_sync() before freeing
	mbuf.

Submitted by:David.Bachu@netapp.com
MFC after:5 days
2017-09-20 20:07:45 +00:00
cem
3d7d2e7188 aesni(4): Fix another trivial typo (aensi -> aesni)
Sponsored by:	Dell EMC Isilon
2017-09-20 18:31:36 +00:00