Commit Graph

81 Commits

Author SHA1 Message Date
jhb
2642ed4029 kthread_exit() no longer requires Giant, so don't force callers to acquire
Giant just to call kthread_exit().

Requested by:	many
2004-03-05 22:42:17 +00:00
phk
ad925439e0 Device megapatch 4/6:
Introduce d_version field in struct cdevsw, this must always be
initialized to D_VERSION.

Flip sense of D_NOGIANT flag to D_NEEDGIANT, this involves removing
four D_NOGIANT flags and adding 145 D_NEEDGIANT flags.
2004-02-21 21:10:55 +00:00
phk
0b3393f389 Correct the cleanup of the alias dev_t for /dev/urandom: being an
alias it depends on the aliased dev_t and disappears automatically
when that is removed.

Submitted by:	"Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net>
2004-02-12 20:46:49 +00:00
markm
6a2f4748c4 Fix a major faux pas of mine. I was causing 2 very bad things to
happen in interrupt context; 1) sleep locks, and 2) malloc/free
calls.

1) is fixed by using spin locks instead.

2) is fixed by preallocating a FIFO (implemented with a STAILQ)
   and using elements from this FIFO instead. This turns out
   to be rather fast.

OK'ed by:	re (scottl)
Thanks to:	peter, jhb, rwatson, jake
Apologies to:	*
2003-11-20 15:35:48 +00:00
markm
f9c9435156 Overhaul the entropy device:
o Each source gets its own queue, which is a FIFO, not a ring buffer.
  The FIFOs are implemented with the sys/queue.h macros. The separation
  is so that a low entropy/high rate source can't swamp the harvester
  with low-grade entropy and destroy the reseeds.

o Each FIFO is limited to 256 (set as a macro, so adjustable) events
  queueable. Full FIFOs are ignored by the harvester. This is to
  prevent memory wastage, and helps to keep the kernel thread CPU
  usage within reasonable limits.

o There is no need to break up the event harvesting into ${burst}
  sized chunks, so retire that feature.

o Break the device away from its roots with the memory device, and
  allow it to get its major number automagically.
2003-11-17 23:02:21 +00:00
tanimura
7eade05dfa - Implement selwakeuppri() which allows raising the priority of a
thread being waken up.  The thread waken up can run at a priority as
  high as after tsleep().

- Replace selwakeup()s with selwakeuppri()s and pass appropriate
  priorities.

- Add cv_broadcastpri() which raises the priority of the broadcast
  threads.  Used by selwakeuppri() if collision occurs.

Not objected in:	-arch, -current
2003-11-09 09:17:26 +00:00
markm
a3bf188d5b Make sure we get all user-written input. This simplifies the
code considerably.

Submitted by:	(forgotten)
[I'll happily acknowledge the submitter if he owns up!]
2003-11-02 10:55:16 +00:00
obrien
c63dab466c Use __FBSDID().
Also some minor style cleanups.
2003-08-24 17:55:58 +00:00
phk
230d90f47b Change the sleep identifier to "-" where random normally sleeps. 2003-07-02 08:04:57 +00:00
phk
0ae911eb0e Gigacommit to improve device-driver source compatibility between
branches:

Initialize struct cdevsw using C99 sparse initializtion and remove
all initializations to default values.

This patch is automatically generated and has been tested by compiling
LINT with all the fields in struct cdevsw in reverse order on alpha,
sparc64 and i386.

Approved by:    re(scottl)
2003-03-03 12:15:54 +00:00
imp
cf874b345d Back out M_* changes, per decision of the TRB.
Approved by: trb
2003-02-19 05:47:46 +00:00
ache
d15f8916c5 Remove srandom():
1) It is already called in init_main.c:proc0_post()
2) It is called each time read_random_phony() called, because "initialized"
variable is never set to 1.

Approved by:    markm
2003-02-05 15:56:04 +00:00
alfred
bf8e8a6e8f Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.
Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
2003-01-21 08:56:16 +00:00
markm
824369dc3e Fix a buffer overrun in /dev/random which, due to the nature of the
kernel memory allocator, is harmless. This could be a problem for
other systems, though. I've modified Darren's patch a little.

Original patch by: Darren Schack, Isilon Systems, Inc <darrens@isilon.com>
Also analysed by:  SGI, and in particular Divy Le Ray of SGI
OK'ed by:          re(rwatson)
2002-12-12 17:38:45 +00:00
scottl
3a150bca9c Some kernel threads try to do significant work, and the default KSTACK_PAGES
doesn't give them enough stack to do much before blowing away the pcb.
This adds MI and MD code to allow the allocation of an alternate kstack
who's size can be speficied when calling kthread_create.  Passing the
value 0 prevents the alternate kstack from being created.  Note that the
ia64 MD code is missing for now, and PowerPC was only partially written
due to the pmap.c being incomplete there.
Though this patch does not modify anything to make use of the alternate
kstack, acpi and usb are good candidates.

Reviewed by:	jake, peter, jhb
2002-10-02 07:44:29 +00:00
markm
d858b4fee1 Remove #ifdef'ed Giant mutex wrappers round debugging statements. 2002-09-21 21:44:19 +00:00
markm
7d834f54d0 No functional change. Fix comments and whitespace. 2002-09-21 21:40:02 +00:00
markm
2370535caa Upgrade the random device to use a "real" hash instead of building
one out of a block cipher. This has 2 advantages:
1) The code is _much_ simpler
2) We aren't committing our security to one algorithm (much as we
   may think we trust AES).

While I'm here, make an explicit reseed do a slow reseed instead
of a fast; this is in line with what the original paper suggested.
2002-07-15 13:58:35 +00:00
markm
6417a5c4b6 Fix really dumb braino of mine; cast a sizeof() to an int, which it is
being compared to, not size_t, which it already is.
2002-04-21 11:02:36 +00:00
jhb
db9aa81e23 Change callers of mtx_init() to pass in an appropriate lock type name. In
most cases NULL is passed, but in some cases such as network driver locks
(which use the MTX_NETWORK_LOCK macro) and UMA zone locks, a name is used.

Tested on:	i386, alpha, sparc64
2002-04-04 21:03:38 +00:00
jhb
dc2e474f79 Change the suser() API to take advantage of td_ucred as well as do a
general cleanup of the API.  The entire API now consists of two functions
similar to the pre-KSE API.  The suser() function takes a thread pointer
as its only argument.  The td_ucred member of this thread must be valid
so the only valid thread pointers are curthread and a few kernel threads
such as thread0.  The suser_cred() function takes a pointer to a struct
ucred as its first argument and an integer flag as its second argument.
The flag is currently only used for the PRISON_ROOT flag.

Discussed on:	smp@
2002-04-01 21:31:13 +00:00
markm
92e030d00a Provide infrastructure for harvesting SWI entropy. 2002-03-03 20:09:42 +00:00
markm
1b3c288707 Massive lint-inspired cleanup.
Remove unneeded includes.
Deal with unused function arguments.
Resolve a boatload of signed/unsigned imcompatabilities.
Etc.
2002-03-03 19:44:22 +00:00
jhb
3706cd3509 Simple p_ucred -> td_ucred changes to start using the per-thread ucred
reference.
2002-02-27 18:32:23 +00:00
msmith
caa458225b Staticise the random_state array.
Reviewed by:	markm
2002-01-10 00:09:21 +00:00
rwatson
6f5b301241 o Modify open() and close() for /dev/random to use securelevel_gt() instead
of direct securelevel variable checks.

Obtained from:	TrustedBSD Project
2001-09-26 20:15:42 +00:00
jhb
69b2d3f3db Use the passed in thread to selrecord() instead of curthread. 2001-09-21 22:46:54 +00:00
julian
5596676e6c KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
peter
0eadf02e1c Fix a minor buglet/typo here that gcc3 complains about. 2001-09-10 01:27:23 +00:00
markm
730f703e6a Fix type warnings.
PR: 29101
2001-07-20 08:58:04 +00:00
markm
bcca5847d5 Undo part of the tangle of having sys/lock.h and sys/mutex.h included in
other "system" header files.

Also help the deprecation of lockmgr.h by making it a sub-include of
sys/lock.h and removing sys/lockmgr.h form kernel .c files.

Sort sys/*.h includes where possible in affected files.

OK'ed by:	bde (with reservations)
2001-05-01 08:13:21 +00:00
jhb
b47bfbe544 Catch up to header include changes:
- <sys/mutex.h> now requires <sys/systm.h>
- <sys/mutex.h> and <sys/sx.h> now require <sys/lock.h>
2001-03-28 09:17:56 +00:00
markm
e636d5eb80 Fix nasty corruption problem where a 64bit variable was being used
(overflowed) to catch a 256bit result.

Hard work done by:	jhb
2001-03-28 06:27:42 +00:00
phk
c47745e977 Send the remains (such as I have located) of "block major numbers" to
the bit-bucket.
2001-03-26 12:41:29 +00:00
markm
33afa1d9ac Allow bog-standard ioctls through. There are really handled in
higher layers, but there needs to be a "no-error" return here.
2001-03-25 06:55:19 +00:00
markm
941b472415 Silence (harmless) warnings. 2001-03-24 08:38:42 +00:00
markm
ad4dd3b5a2 Very large makeover of the /dev/random driver.
o Separate the kernel stuff from the Yarrow algorithm. Yarrow is now
  well contained in one source file and one header.

o Replace the Blowfish-based crypto routines with Rijndael-based ones.
  (Rijndael is the new AES algorithm). The huge improvement in
  Rijndael's key-agility over Blowfish means that this is an
  extremely dramatic improvement in speed, and makes a heck of
  a difference in its (lack of) CPU load.

o Clean up the sysctl's. At BDE's prompting, I have gone back to
  static sysctls.

o Bug fixes. The streamlining of the crypto stuff enabled me to
  find and fix some bugs. DES also found a bug in the reseed routine
  which is fixed.

o Change the way reseeds clear "used" entropy. Previously, only the
  source(s) that caused a reseed were cleared. Now all sources in the
  relevant pool(s) are cleared.

o Code tidy-up. Mostly to make it (nearly) 80-column compliant.
2001-03-10 12:51:55 +00:00
markm
70d224b106 Take down a comment that is no longer true.
/dev/random is ready for prime time!
2001-03-03 14:35:01 +00:00
markm
886c7bc57d Provide the infrastructure for sysadmins to select the broad class
of entropy harvesting they wish to perform: "ethernet" (LAN),
point-to-point and interrupt.
2001-02-18 17:40:47 +00:00
markm
ea5e661a0c Make a big improvement to entropy-harvesting speed by not having any
locks (only atomic assigns) in the harvest ringbuffer.
2001-02-11 16:21:35 +00:00
bmilekic
f364d4ac36 Change and clean the mutex lock interface.
mtx_enter(lock, type) becomes:

mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks)
mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized)

similarily, for releasing a lock, we now have:

mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN.
We change the caller interface for the two different types of locks
because the semantics are entirely different for each case, and this
makes it explicitly clear and, at the same time, it rids us of the
extra `type' argument.

The enter->lock and exit->unlock change has been made with the idea
that we're "locking data" and not "entering locked code" in mind.

Further, remove all additional "flags" previously passed to the
lock acquire/release routines with the exception of two:

MTX_QUIET and MTX_NOSWITCH

The functionality of these flags is preserved and they can be passed
to the lock/unlock routines by calling the corresponding wrappers:

mtx_{lock, unlock}_flags(lock, flag(s)) and
mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN
locks, respectively.

Re-inline some lock acq/rel code; in the sleep lock case, we only
inline the _obtain_lock()s in order to ensure that the inlined code
fits into a cache line. In the spin lock case, we inline recursion and
actually only perform a function call if we need to spin. This change
has been made with the idea that we generally tend to avoid spin locks
and that also the spin locks that we do have and are heavily used
(i.e. sched_lock) do recurse, and therefore in an effort to reduce
function call overhead for some architectures (such as alpha), we
inline recursion for this case.

Create a new malloc type for the witness code and retire from using
the M_DEV type. The new type is called M_WITNESS and is only declared
if WITNESS is enabled.

Begin cleaning up some machdep/mutex.h code - specifically updated the
"optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN
and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently
need those.

Finally, caught up to the interface changes in all sys code.

Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
asmodai
fad0d5dcfa Fix typos: initalise -> initialise.
Initalise is not an english word.
2001-02-08 20:28:57 +00:00
markm
fde03d4ba0 Remove NOBLOCKRANDOM as a compile-time option. Instead, provide
exactly the same functionality via a sysctl, making this feature
a run-time option.

The default is 1(ON), which means that /dev/random device will
NOT block at startup.

setting kern.random.sys.seeded to 0(OFF) will cause /dev/random
to block until the next reseed, at which stage the sysctl
will be changed back to 1(ON).

While I'm here, clean up the sysctls, and make them dynamic.
Reviewed by:		des
Tested on Alpha by:	obrien
2001-01-14 17:50:15 +00:00
wollman
70c88bb8da select() DKI is now in <sys/selinfo.h>. 2001-01-09 04:33:49 +00:00
markm
d04b66b7bc Major speedup to /dev/random and the kernel thread that reseeds it.
There is no more TAILQ fifo to harvest the entropy; instead, there
is a circular buffer of constant size (changeable by macro) that
pretty dramatically improves the speed and fixes potential slowdowns-
by-locking.

Also gone are a slew of malloc(9) and free(9) calls; all harvesting
buffers are static.

All-in-all, this is a good performance improvement.

Thanks-to:	msmith for the circular buffer concept-code.
2000-12-02 18:40:16 +00:00
markm
fca882bcb5 Fix safety-net code. While technically a bug, I'm delighted to see
that it has never (apparently) been invoked.

Submitted by:	ache
2000-11-26 09:58:18 +00:00
markm
24be0469f9 D'uh. The explicit reseed was happening at the wrong security/privelige
levels.
2000-11-25 20:08:07 +00:00
markm
6ac673bf3c Greatly improve the boot-up unblocking time of the entropy device. 2000-11-25 19:13:29 +00:00
markm
cad5a0b685 More comment changing. Keep documentation in one place. 2000-11-25 18:00:54 +00:00
markm
75a7091fce Correct a comment. This represents a very minor policy change of my
intentions with this code.
2000-11-25 17:58:11 +00:00