Commit Graph

64 Commits

Author SHA1 Message Date
markm
d586165577 Huge cleanup of random(4) code.
* GENERAL
- Update copyright.
- Make kernel options for RANDOM_YARROW and RANDOM_DUMMY. Set
  neither to ON, which means we want Fortuna
- If there is no 'device random' in the kernel, there will be NO
  random(4) device in the kernel, and the KERN_ARND sysctl will
  return nothing. With RANDOM_DUMMY there will be a random(4) that
  always blocks.
- Repair kern.arandom (KERN_ARND sysctl). The old version went
  through arc4random(9) and was a bit weird.
- Adjust arc4random stirring a bit - the existing code looks a little
  suspect.
- Fix the nasty pre- and post-read overloading by providing explictit
  functions to do these tasks.
- Redo read_random(9) so as to duplicate random(4)'s read internals.
  This makes it a first-class citizen rather than a hack.
- Move stuff out of locked regions when it does not need to be
  there.
- Trim RANDOM_DEBUG printfs. Some are excess to requirement, some
  behind boot verbose.
- Use SYSINIT to sequence the startup.
- Fix init/deinit sysctl stuff.
- Make relevant sysctls also tunables.
- Add different harvesting "styles" to allow for different requirements
  (direct, queue, fast).
- Add harvesting of FFS atime events. This needs to be checked for
  weighing down the FS code.
- Add harvesting of slab allocator events. This needs to be checked for
  weighing down the allocator code.
- Fix the random(9) manpage.
- Loadable modules are not present for now. These will be re-engineered
  when the dust settles.
- Use macros for locks.
- Fix comments.

* src/share/man/...
- Update the man pages.

* src/etc/...
- The startup/shutdown work is done in D2924.

* src/UPDATING
- Add UPDATING announcement.

* src/sys/dev/random/build.sh
- Add copyright.
- Add libz for unit tests.

* src/sys/dev/random/dummy.c
- Remove; no longer needed. Functionality incorporated into randomdev.*.

* live_entropy_sources.c live_entropy_sources.h
- Remove; content moved.
- move content to randomdev.[ch] and optimise.

* src/sys/dev/random/random_adaptors.c src/sys/dev/random/random_adaptors.h
- Remove; plugability is no longer used. Compile-time algorithm
  selection is the way to go.

* src/sys/dev/random/random_harvestq.c src/sys/dev/random/random_harvestq.h
- Add early (re)boot-time randomness caching.

* src/sys/dev/random/randomdev_soft.c src/sys/dev/random/randomdev_soft.h
- Remove; no longer needed.

* src/sys/dev/random/uint128.h
- Provide a fake uint128_t; if a real one ever arrived, we can use
  that instead. All that is needed here is N=0, N++, N==0, and some
  localised trickery is used to manufacture a 128-bit 0ULLL.

* src/sys/dev/random/unit_test.c src/sys/dev/random/unit_test.h
- Improve unit tests; previously the testing human needed clairvoyance;
  now the test will do a basic check of compressibility. Clairvoyant
  talent is still a good idea.
- This is still a long way off a proper unit test.

* src/sys/dev/random/fortuna.c src/sys/dev/random/fortuna.h
- Improve messy union to just uint128_t.
- Remove unneeded 'static struct fortuna_start_cache'.
- Tighten up up arithmetic.
- Provide a method to allow eternal junk to be introduced; harden
  it against blatant by compress/hashing.
- Assert that locks are held correctly.
- Fix the nasty pre- and post-read overloading by providing explictit
  functions to do these tasks.
- Turn into self-sufficient module (no longer requires randomdev_soft.[ch])

* src/sys/dev/random/yarrow.c src/sys/dev/random/yarrow.h
- Improve messy union to just uint128_t.
- Remove unneeded 'staic struct start_cache'.
- Tighten up up arithmetic.
- Provide a method to allow eternal junk to be introduced; harden
  it against blatant by compress/hashing.
- Assert that locks are held correctly.
- Fix the nasty pre- and post-read overloading by providing explictit
  functions to do these tasks.
- Turn into self-sufficient module (no longer requires randomdev_soft.[ch])
- Fix some magic numbers elsewhere used as FAST and SLOW.

Differential Revision: https://reviews.freebsd.org/D2025
Reviewed by: vsevolod,delphij,rwatson,trasz,jmg
Approved by: so (delphij)
2015-06-30 17:00:45 +00:00
jkim
318c4f97e6 CALLOUT_MPSAFE has lost its meaning since r141428, i.e., for more than ten
years for head.  However, it is continuously misused as the mpsafe argument
for callout_init(9).  Deprecate the flag and clean up callout_init() calls
to make them more consistent.

Differential Revision:	https://reviews.freebsd.org/D2613
Reviewed by:	jhb
MFC after:	2 weeks
2015-05-22 17:05:21 +00:00
jhb
51e6965b32 Don't check maps for static DMA allocations against NULL to see if an
allocation succeeded.  Instead, check the tag against NULL.
2014-06-13 19:34:34 +00:00
jhb
02e632b712 Don't destroy bus_dma maps created by bus_dmamem_alloc(). In some cases,
don't create a map before calling bus_dmamem_alloc() (such maps were
leaked).  It is believed that the extra destroy of the map was generally
harmless since bus_dmamem_alloc() often uses special maps for which
bus_dmamap_destroy() is a no-op (e.g. on x86).

Reviewed by:	scottl
2014-06-10 20:25:45 +00:00
markm
b28953010e Snapshot. This passes the build test, but has not yet been finished or debugged.
Contains:

* Refactor the hardware RNG CPU instruction sources to feed into
the software mixer. This is unfinished. The actual harvesting needs
to be sorted out. Modified by me (see below).

* Remove 'frac' parameter from random_harvest(). This was never
used and adds extra code for no good reason.

* Remove device write entropy harvesting. This provided a weak
attack vector, was not very good at bootstrapping the device. To
follow will be a replacement explicit reseed knob.

* Separate out all the RANDOM_PURE sources into separate harvest
entities. This adds some secuity in the case where more than one
is present.

* Review all the code and fix anything obviously messy or inconsistent.
Address som review concerns while I'm here, like rename the pseudo-rng
to 'dummy'.

Submitted by:	Arthur Mesh <arthurmesh@gmail.com> (the first item)
2013-10-04 06:55:06 +00:00
markm
d3a8919edc Yarrow wants entropy estimations to be conservative; the usual idea
is that if you are certain you have N bits of entropy, you declare
N/2.
2013-09-06 17:51:52 +00:00
scottl
28bd1409da Update PCI drivers to no longer look at the MEMIO-enabled bit in the PCI
command register.  The lazy BAR allocation code in FreeBSD sometimes
disables this bit when it detects a range conflict, and will re-enable
it on demand when a driver allocates the BAR.  Thus, the bit is no longer
a reliable indication of capability, and should not be checked.  This
results in the elimination of a lot of code from drivers, and also gives
the opportunity to simplify a lot of drivers to use a helper API to set
the busmaster enable bit.

This changes fixes some recent reports of disk controllers and their
associated drives/enclosures disappearing during boot.

Submitted by:	jhb
Reviewed by:	jfv, marius, achadd, achim
MFC after:	1 day
2013-08-12 23:30:01 +00:00
glebius
a69aaa7721 Mechanically substitute flags from historic mbuf allocator with
malloc(9) flags in sys/dev.
2012-12-04 09:32:43 +00:00
scottl
2e7ae86807 More conversions of drivers to use the PCI parent DMA tag. 2012-03-12 18:15:08 +00:00
marius
17e14c6132 - There's no need to overwrite the default device method with the default
one. Interestingly, these are actually the default for quite some time
  (bus_generic_driver_added(9) since r52045 and bus_generic_print_child(9)
  since r52045) but even recently added device drivers do this unnecessarily.
  Discussed with: jhb, marcel
- While at it, use DEVMETHOD_END.
  Discussed with: jhb
- Also while at it, use __FBSDID.
2011-11-22 21:28:20 +00:00
ed
0c56cf839d Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs.
The SYSCTL_NODE macro defines a list that stores all child-elements of
that node. If there's no SYSCTL_DECL macro anywhere else, there's no
reason why it shouldn't be static.
2011-11-07 15:43:11 +00:00
imp
0c0fbd95a0 Cast the bus_size_t to a intmax_t rather than assuming type-punning to
a size_t.  Switch from %z to %j.
2010-03-29 17:26:24 +00:00
avg
d5ad944b79 strict kobj sigs: fix assortment of device_detach and device_shutdown impls
with common issue of having void return type instead of int

Reviewed by:	imp, current@
Approved by:	jhb (mentor)
2009-06-11 17:14:28 +00:00
philip
d85fb9ad18 Add PCI IDs for the Broadcom 5825 incarnation.
Submitted by:	Brian A. Seklecki <bseklecki -at- collaborativefusion.com>
MFC after:	1 day
2009-05-07 18:03:47 +00:00
sam
f96ba7ffda Overhaul driver/subsystem api's:
o make all crypto drivers have a device_t; pseudo drivers like the s/w
  crypto driver synthesize one
o change the api between the crypto subsystem and drivers to use kobj;
  cryptodev_if.m defines this api
o use the fact that all crypto drivers now have a device_t to add support
  for specifying which of several potential devices to use when doing
  crypto operations
o add new ioctls that allow user apps to select a specific crypto device
  to use (previous ioctls maintained for compatibility)
o overhaul crypto subsystem code to eliminate lots of cruft and hide
  implementation details from drivers
o bring in numerous fixes from Michale Richardson/hifn; mostly for
  795x parts
o add an optional mechanism for mmap'ing the hifn 795x public key h/w
  to user space for use by openssl (not enabled by default)
o update crypto test tools to use new ioctl's and add cmd line options
  to specify a device to use for tests

These changes will also enable much future work on improving the core
crypto subsystem; including proper load balancing and interposing code
between the core and drivers to dispatch small operations to the s/w
driver as appropriate.

These changes were instigated by the work of Michael Richardson.

Reviewed by:	pjd
Approved by:	re
2007-03-21 03:42:51 +00:00
piso
6a2ffa86e5 o break newbus api: add a new argument of type driver_filter_t to
bus_setup_intr()

o add an int return code to all fast handlers

o retire INTR_FAST/IH_FAST

For more info: http://docs.freebsd.org/cgi/getmsg.cgi?fetch=465712+0+current/freebsd-current

Reviewed by: many
Approved by: re@
2007-02-23 12:19:07 +00:00
ru
993a35babf Switch to using STAILQ_REMOVE_HEAD() instead of STAILQ_REMOVE_HEAD_UNTIL().
Submitted by:	Stepan A. Baranov

This corresponds to OpenBSD rev. 1.134:

: revision 1.134
: date: 2004/05/04 16:59:31;  author: grange;  state: Exp;  lines: +10 -10
: Remove useless ``elm'' argument from the SIMPLEQ_REMOVE_HEAD macro.
: This matches our SLIST behaviour and NetBSD's SIMPLEQ as well.
:
: ok millert krw deraadt
2006-10-24 11:17:46 +00:00
jhb
5d888a0655 Trim trailing whitespace. 2006-10-02 18:16:29 +00:00
jhb
b69bfe457d - Use m_getcl(), m_get(), and m_gethdr() rather than the older macros for
alloc'ing mbufs so that there is less error handling required.
- Go ahead and account for the data space in the first mbuf before entering
  the loop to alloc more mbuf's.  This simplifies the loop logic and avoids
  confusing Coverity.

CID:		817
Reviewed by:	sam
Tested by:	pjd
Found by:	Coverity Prevent (tm)
2006-08-02 17:41:58 +00:00
pjd
1be5d52a81 Handle errors in the same way it is done in safe(4). 2006-06-06 13:58:12 +00:00
pjd
95669b8564 Don't increase hst_obytes field twice - it is already done at the begining
of the function.
It was wrong anyway, because we also support uio's structures, not only
mbufs.
2006-06-06 13:32:26 +00:00
pjd
36f6d629b7 Use newly added functions to simplify the code. 2006-06-04 22:17:25 +00:00
pjd
ab72bdd9e6 Use defines from cryptodev.h. 2006-06-04 15:00:52 +00:00
pjd
1dc756f405 - Remove HMAC_BLOCK_LEN, it serves no purpose.
- Use defines of used algorithm instead of HMAC_BLOCK_LEN.
2006-06-04 14:49:34 +00:00
pjd
51d59a64a2 Add support for the CRD_F_KEY_EXPLICIT flag for both encryption and
authentication operations.
2006-06-04 14:13:17 +00:00
pjd
5d2b8cab82 Don't forget to destroy the sc_freeqlock mutex on detach. 2006-06-04 13:45:04 +00:00
pjd
1e94f38ebf Forgot to remove the line. 2006-05-23 09:02:14 +00:00
pjd
155cfd3b00 Fix HMACs handling with uio's by not using crp_mac for storing calculated
HMAC. crp_mac is going to be removed.
2006-05-22 16:18:21 +00:00
pjd
b32bb839fe Protect the sc_needwakeup field with the sc_freeqlock mutex. 2006-05-22 10:11:18 +00:00
pjd
13602a353c Honor cri_mlen value.
Reviewed by:	sam
Tested on:	hifn(4), ubsec(4)
Compile-tested:	safe(4)
2006-05-17 18:34:26 +00:00
phk
ef310efff8 Since DELAY() was moved, most <machine/clock.h> #includes have been
unnecessary.
2006-05-16 14:37:58 +00:00
pjd
23fa018811 ubsec(4) doesn't support explicitly provided keys. Return an error instead
of encrypting/decrypting data with a wrong key.
2006-04-10 18:37:46 +00:00
imp
ca5e477ca2 Use BUS_PROBE_DEFAULT in preference to 0. Also for vx, return
BUS_PROBE_LOW_PRIORITY in stead of ifdef for devices that xl and vx
both support so that xl will snarf them on up.
2005-03-01 07:50:12 +00:00
imp
4b319958e7 Start each of the license/copyright comments with /*-, minor shuffle of lines 2005-01-06 01:43:34 +00:00
phk
9d102d7d5a Add missing <sys/module.h> includes 2004-05-30 20:08:47 +00:00
njl
05a1f56fc9 Convert callers to the new bus_alloc_resource_any(9) API.
Submitted by:	Mark Santcroos <marks@ripe.net>
Reviewed by:	imp, dfr, bde
2004-03-17 17:50:55 +00:00
obrien
c63dab466c Use __FBSDID().
Also some minor style cleanups.
2003-08-24 17:55:58 +00:00
imp
bf11908ab7 Prefer new location of pci include files (which have only been in the
tree for two or more years now), except in a few places where there's
code to be compatible with older versions of FreeBSD.
2003-08-22 07:08:17 +00:00
sam
59ff2ad5c7 Change instances of callout_init that specify MPSAFE behaviour to
use CALLOUT_MPSAFE instead of "1" for the second parameter.  This
does not change the behaviour; it just makes the intent more clear.
2003-08-19 17:51:11 +00:00
scottl
4d495abb9d Mega busdma API commit.
Add two new arguments to bus_dma_tag_create(): lockfunc and lockfuncarg.
Lockfunc allows a driver to provide a function for managing its locking
semantics while using busdma.  At the moment, this is used for the
asynchronous busdma_swi and callback mechanism.  Two lockfunc implementations
are provided: busdma_lock_mutex() performs standard mutex operations on the
mutex that is specified from lockfuncarg.  dftl_lock() is a panic
implementation and is defaulted to when NULL, NULL are passed to
bus_dma_tag_create().  The only time that NULL, NULL should ever be used is
when the driver ensures that bus_dmamap_load() will not be deferred.
Drivers that do not provide their own locking can pass
busdma_lock_mutex,&Giant args in order to preserve the former behaviour.

sparc64 and powerpc do not provide real busdma_swi functions, so this is
largely a noop on those platforms.  The busdma_swi on is64 is not properly
locked yet, so warnings will be emitted on this platform when busdma
callback deferrals happen.

If anyone gets panics or warnings from dflt_lock() being called, please
let me know right away.

Reviewed by:	tmm, gibbs
2003-07-01 15:52:06 +00:00
sam
e6589a620a Add support to eliminate a context switch per crypto op when using the
software crypto device:

o record crypto device capabilities in each session id
o add a capability that indicates if the crypto driver operates synchronously
o tag the software crypto driver as operating synchronously

This commit also introduces crypto session id macros that cleanup their
construction and querying.
2003-06-27 20:07:10 +00:00
sam
dc9835e169 Redo locking for proper SMP operation:
o replace driver-global lock with three locks: one for the handling of mcr1
  operations, one for handling of mcr2 operations, and one for the mcr1
  free list
o mark the interrupt handler MPSAFE
o don't use locking on detach; disabling interrupts is sufficient (I think)
2003-06-02 23:32:03 +00:00
sam
0c267521bc recognize the Sun Crypto 5821 and Crypto 1K cards;
they both use the Broadcom 5821

Submitted by:	Panagiotis Astithas
MFC after:	1 day
2003-04-27 04:26:22 +00:00
phk
e059b79437 Including <sys/stdint.h> is (almost?) universally only to be able to use
%j in printfs, so put a newsted include in <sys/systm.h> where the printf
prototype lives and save everybody else the trouble.
2003-03-18 08:45:25 +00:00
sam
08b96bb139 o add crypto driver glue for using the new rndtest driver/module; this is
conditional in each driver on foo_RNDTEST being defined_
o bring HIFN_DEBUG and UBSEC_DEBUG out to be visible options; they control
  the debugging printfs that are set with hw.foo.debug (e.g. hw.hifn.debug)
2003-03-11 22:47:06 +00:00
sam
e1a878e4c9 correct output byte count statistic collection 2003-03-11 18:43:24 +00:00
sam
0694bf3fc5 add 5801 and 5802 recognition (somehow lost in transition from openbsd)
Noticed by:	Larry Baird <lab@gta.com>
2003-02-27 21:10:20 +00:00
sam
9f8c317a7d o instead of applying arbitrary tunables, just honor the COP_F_BATCH
flag that can be marked on each symmetric op
o eliminate hw.ubsec.maxbatch and hw.ubsec.maxaggr since they are not
  needed anymore
o change ubsec_feed to return void instead of int since zero is always
  returned and noone ever looked at the return value
2003-02-24 06:03:13 +00:00
imp
cf874b345d Back out M_* changes, per decision of the TRB.
Approved by: trb
2003-02-19 05:47:46 +00:00
sam
3c791c8729 add 5823 device id's; this allows 5823 parts to function but you cannot
use the AES functionality

Submitted by:	Jonathan Stone <jonathan@DSG.Stanford.EDU>
MFC after:	1 day
2003-02-07 23:02:02 +00:00