Commit Graph

36343 Commits

Author SHA1 Message Date
Conrad Meyer
f3d2512db6 random(4): Add is_random_seeded(9) KPI
The imagined use is for early boot consumers of random to be able to make
decisions based on whether random is available yet or not.  One such
consumer seems to be __stack_chk_init(), which runs immediately after random
is initialized.  A follow-up patch will attempt to address that.

Reported by:	many
Reviewed by:	delphij (except man page)
Approved by:	secteam(delphij)
Differential Revision:	https://reviews.freebsd.org/D19926
2019-04-16 17:12:17 +00:00
Marcin Wojtas
f39ec261ad Improve tpm20 style
No functional changes to the code are applied.

Submitted by: Kornel Duleba <mindal@semihalf.com>
Obtained from: Semihalf
Sponsored by: Stormshield
2019-04-16 02:46:21 +00:00
Marcin Wojtas
d68a65eabf tpm: Prevent session hijack
Check caller thread id before allowing to read the buffer
to make sure that it can only be accessed by the thread that
did the associated write to the TPM.

Submitted by: Kornel Duleba <mindal@semihalf.com>
Reviewed by: delphij
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D19713
2019-04-16 02:28:35 +00:00
Conrad Meyer
13774e8228 random(4): Block read_random(9) on initial seeding
read_random() is/was used, mostly without error checking, in a lot of
very sensitive places in the kernel -- including seeding the widely used
arc4random(9).

Most uses, especially arc4random(9), should block until the device is seeded
rather than proceeding with a bogus or empty seed.  I did not spy any
obvious kernel consumers where blocking would be inappropriate (in the
sense that lack of entropy would be ok -- I did not investigate locking
angle thoroughly).  In many instances, arc4random_buf(9) or that family
of APIs would be more appropriate anyway; that work was done in r345865.

A minor cleanup was made to the implementation of the READ_RANDOM function:
instead of using a variable-length array on the stack to temporarily store
all full random blocks sufficient to satisfy the requested 'len', only store
a single block on the stack.  This has some benefit in terms of reducing
stack usage, reducing memcpy overhead and reducing devrandom output leakage
via the stack.  Additionally, the stack block is now safely zeroed if it was
used.

One caveat of this change is that the kern.arandom sysctl no longer returns
zero bytes immediately if the random device is not seeded.  This means that
FreeBSD-specific userspace applications which attempted to handle an
unseeded random device may be broken by this change.  If such behavior is
needed, it can be replaced by the more portable getrandom(2) GRND_NONBLOCK
option.

On any typical FreeBSD system, entropy is persisted on read/write media and
used to seed the random device very early in boot, and blocking is never a
problem.

This change primarily impacts the behavior of /dev/random on embedded
systems with read-only media that do not configure "nodevice random".  We
toggle the default from 'charge on blindly with no entropy' to 'block
indefinitely.'  This default is safer, but may cause frustration.  Embedded
system designers using FreeBSD have several options.  The most obvious is to
plan to have a small writable NVRAM or NAND to persist entropy, like larger
systems.  Early entropy can be fed from any loader, or by writing directly
to /dev/random during boot.  Some embedded SoCs now provide a fast hardware
entropy source; this would also work for quickly seeding Fortuna.  A 3rd
option would be creating an embedded-specific, more simplistic random
module, like that designed by DJB in [1] (this design still requires a small
rewritable media for forward secrecy).  Finally, the least preferred option
might be "nodevice random", although I plan to remove this in a subsequent
revision.

To help developers emulate the behavior of these embedded systems on
ordinary workstations, the tunable kern.random.block_seeded_status was
added.  When set to 1, it blocks the random device.

I attempted to document this change in random.4 and random.9 and ran into a
bunch of out-of-date or irrelevant or inaccurate content and ended up
rototilling those documents more than I intended to.  Sorry.  I think
they're in a better state now.

PR:		230875
Reviewed by:	delphij, markm (earlier version)
Approved by:	secteam(delphij), devrandom(markm)
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D19744
2019-04-15 18:40:36 +00:00
Hans Petter Selasky
16fba2f38a Remove superfluous USB keyword.
Discussed with:		danfe@
MFC after:		1 week
Sponsored by:		Mellanox Technologies
2019-04-15 17:32:38 +00:00
Andrew Gallatin
538ff57b75 mlx5en: Enable new pfil(9) KPI ethernet filtering hooks
This allows efficient filtering at packet ingress on mlx5en.

Note that the packets are filtered (and potentially dropped) *before*
the driver has committed to (re)allocating an mbuf for the
packet. Dropped packets are treated essentially the same as an
error. Nothing is allocated, and the existing buffer is recycled. This
allows us to drop malicious packets at close to line rate with very
little CPU use.

Reviewed by:	hselasky, slavash, kib
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D19063
2019-04-15 17:14:50 +00:00
Hans Petter Selasky
1175aabdef Fix spelling.
Submitted by:		Dmitry Luhtionov <dmitryluhtionov@gmail.com>
MFC after:		1 week
Sponsored by:		Mellanox Technologies
2019-04-15 14:32:19 +00:00
Ed Maste
f89f4898a3 Add quirk for ignoring SPCR AccessWidth values on the PL011 UART
The SPCR table on the Lenovo HR330A Ampere eMAG server indicates 8-bit
access, but 32-bit access is required for the PL011 to work.

PL011 on SBSA platforms always supports 32-bit access (and that was
hardcoded here before my EC2 fix), let's use 32-bit access for PL011
and 32BIT interface types.

Tested by emaste on Ampere eMAG and Cavium/Marvell ThunderX2.

Submitted by:	Greg V <greg@unrelenting.technology>
Reviewed by:	andrew, imp (earlier)
Differential Revision:	https://reviews.freebsd.org/D19507
2019-04-15 13:41:53 +00:00
Alexander Motin
e5355d3319 Fix SCSI sense data pass through.
MFC after:	1 week
Sponsored by:	iXsystems, Inc.
2019-04-12 18:54:09 +00:00
Ilya Bakulin
745598d472 Add some CMD53-related definitions
In preparation to adding block mode functions, add necessary definitions.

Reviewed by:	bz
Approved by:	imp (mentor)
Differential Revision:	https://reviews.freebsd.org/D19832
2019-04-10 20:44:54 +00:00
Ilya Bakulin
5d5ae0660a Implement CMD53 block mode support for SDHCI and AllWinner-based boards
If a custom block size requested, use it, otherwise revert to the previous logic
of using just a data size if it's less than MMC_BLOCK_SIZE, and MMC_BLOCK_SIZE otherwise.

Reviewed by:	bz
Approved by:	imp (mentor)
Differential Revision:	https://reviews.freebsd.org/D19783
2019-04-10 19:53:36 +00:00
Ilya Bakulin
0660cfa0c4 Add new fields to mmc_data in preparation to SDIO CMD53 block mode support
SDIO command CMD53 (IO_RW_EXTENDED) allows data transfers using blocks of 1-2048 bytes,
with a maximum of 511 blocks per request.
Extend mmc_data structure to properly describe such requests,
and initialize the new fields in kernel and userland consumers.

No actual driver changes happen yet, these will follow in the separate changes.

Reviewed by:	bz
Approved by:	imp (mentor)
Differential Revision:	https://reviews.freebsd.org/D19779
2019-04-10 19:49:35 +00:00
Andriy Voskoboinyk
8942762122 urtw(4), otus(4), iwi(4): allow to set non-default MAC address via ifconfig(8)
Tested with Netgear WG111 v3 (RTL8187B, urtw(4)), STA mode.

MFC after:	1 week
2019-04-10 08:17:56 +00:00
John Baldwin
e9a00a5d17 Refine r330113 to honor the ProducerConsumer flag most of the time.
While it is true that the ACPI spec says that the flag is only valid
on Extended Address Space Descriptors, examples of other descriptors
in the spec use the ProducerConsumer flag explicitly, and real
hardware uses it as well.  In fact, even in the ASL of the Thunder X2
for which r330113 was a workaround, some devices use this flag on
non-Extended Address Space Descriptors correctly.  Instead, only
ignore the flag for resources associated with the UART devices on the
Thunder X2 using the "ARMH0011" HID to identify these devices.

This should fix regressions from ignoring this flag in other contexts
such as Hyper-V.

PR:		235876
Reported by:	Wei Hu <weh@microsoft.com>
Tested by:	emaste (Thunder X2)
MFC after:	2 weeks
2019-04-09 21:18:02 +00:00
John Baldwin
1fe39413c4 Don't pre-reserve resources for CPU devices when they are set.
CPUs can use shared (RF_SHAREABLE) resources for the I/O port used for
entering and exiting C states.  If this I/O port is included in an ACPI
system resource device, then this happens to still work, but if the port
wasn't part of a system resource device, only the first CPU could allocate
the I/O port and use C states since resource_list_reserve() was always
allocating the resource from nexus0 without RF_SHAREABLE.  By avoiding
the reservation, the flags from the bus_alloc_resource() in the CPU driver
(which include RF_SHAREABLE) are honored.

PR:		236513
Reported by:	stockhausen@collogia.de
Sleuthing by:	avg
Reviewed by:	avg
MFC after:	2 weeks
2019-04-09 19:22:08 +00:00
Ganbold Tsagaankhuu
cef38d45bb In some cases like NanoPI R1, its second USB ethernet
RTL8152 (chip version URE_CHIP_VER_4C10) doesn't
have hardwired MAC address, in other words, it is all zeros.
This commit fixes it by setting random MAC address
when MAC address is all zeros.

Reviewed by:	kevlo
Differential Revision:	https://reviews.freebsd.org/D19856
2019-04-09 13:54:08 +00:00
Ganbold Tsagaankhuu
ab0280c4d0 Fix URE_WDT6_SET_MODE value in the register definition.
Both linux and u-boot sources for RTL8152 driver has this value.
RTL8152 USB ethernet is used in NanoPI R1 board as second ethernet.
This fixes for me RTL8152 USB ethernet not detected problem after
reboot on NanoPI R1 board.

Both NetBSD and OpenBSD have a wrong value so far.
2019-04-08 13:40:46 +00:00
Konstantin Belousov
ca19084f36 Give new home to the comment from ppt_pci_reset(), explaining a nuance
of power reset.

Noted by:	soralx@cydem.org
Sponsored by:	Mellanox Technologies
MFC after:	12 days
2019-04-07 08:58:09 +00:00
Konstantin Belousov
7f755050f7 Remove single-use DEV_RESET() macro.
It conflicts with the sys/bus.h DEV_XXX namespace.

Reviewed by:	imp (previous version), jhb (previous version)
Sponsored by:	Mellanox Technologies
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D19646
2019-04-05 19:27:51 +00:00
Konstantin Belousov
5db2a4a812 Implement resets for PCI buses and PCIe bridges.
For PCI device (i.e. child of a PCI bus), reset tries FLR if
implemented and worked, and falls to power reset otherwise.

For PCIe bus (child of a PCIe bridge or root port), reset
disables PCIe link and then re-trains it, performing what is known as
link-level reset.

Reviewed by:	imp (previous version), jhb (previous version)
Sponsored by:	Mellanox Technologies
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D19646
2019-04-05 19:25:26 +00:00
Emmanuel Vadot
38332c70a2 twsi: Use config_intrhook_oneshot instead of config_intrhook_establish
Suggested by:	ian
MFC after:	1 month
X-MFC-With:	345948
2019-04-05 15:53:27 +00:00
Emmanuel Vadot
3dd177aa34 twsi: Add interrupt mode
Add the ability to use interrupts for i2c message.
We still use polling for early boot i2c transfer (for PMIC
for example) but as soon as interrupts are available use them.
On Allwinner SoC >A20 is seems that polling mode is broken for some
reason, this is now fixed by using interrupt mode.
For Allwinner also fix the frequency calculation, the one in the code
was for when the APB frequency is at 48Mhz while it is at 24Mhz on most
(all?) Allwinner SoCs. We now support both cases.

While here add more debug info when it's compiled in.

Tested On: A20, H3, A64
MFC after:	1 month
2019-04-05 14:44:23 +00:00
Ed Maste
fea616de3e if_muge: use NULL not 0 for DRIVER_MODULE pointer args
Sponsored by:	The FreeBSD Foundation
2019-04-04 19:59:31 +00:00
Ed Maste
5eb264119e cpsw: use phy-handle in FDT to find PHY address
In r337703 DTS files were updated to Linux 4.18, including Linux commit
4d8b032d3c03f4e9788a18bbb51b10e6c9e8a56b which removed the `phy_id`
property from am335x-bone-common (as the property was deprecated).

Use `phy-handle` via fdt_get_phyaddr, keeping the existing code as a
fallback for old DTBs.

PR:		236624
Submitted by:	manu, Gerald Aryeetey <aryeeteygerald_rogers.com>
Reported by:	Gerald Aryeetey
Reviewed by:	manu
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D19814
2019-04-03 21:01:53 +00:00
Marcin Wojtas
3a3e5039b9 Add a cv_wait to the TPM2.0 harvesting function
Harvesting has to compete for the TPM chip with userspace.
Before this change the callout could hijack an unread buffer
causing a userspace call to the TPM to fail.

Submitted by: Kornel Duleba <mindal@semihalf.com>
Reviewed by: delphij
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D19712
2019-04-03 08:22:58 +00:00
Tycho Nightingale
b80b32a2ab ioat(4) should use bus_dma(9) for the operation source and destination
addresses

Reviewed by:	cem
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D19725
2019-04-02 19:08:06 +00:00
Tycho Nightingale
a8d9ee9c50 ioatcontrol(8) could exercise 8k-aligned copy with page-break, crc and
crc-copy modes.

Reviewed by:	cem
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D19780
2019-04-02 19:06:25 +00:00
Navdeep Parhar
1b3fc371b7 cxgbe(4): Add a flag to indicate that bits in interrupt cause but not in
interrupt enable are not fatal.

The firmware sets up all the interrupt enables based on run time
configuration, which means the information in the enables is more
accurate than what's compiled into the driver.  This change also allows
the fatal bits to be updated without any changes in the driver in some
cases.

MFC after:	1 week
Sponsored by:	Chelsio Communications
2019-04-02 18:50:33 +00:00
Justin Hibbits
95a1f0e81c ipmi: Fixes for ipmi_opal(powernv)
* Crank the OPAL state machine during the receive loop, to make sure the
  pollers are executed
* Add a proper detach function, so the module can be unloaded and reloaded
  at runtime.

It still doesn't reliably work 100% of the time on POWER9, and it appears
timing and/or cache related.  It may work on POWER8 now.

MFC after:	2 weeks
2019-04-02 04:12:06 +00:00
Tycho Nightingale
b2bbb74489 Devices behind downstream bridges should still get DMAR protection.
Reviewed by:	kib
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D19717
2019-04-01 19:08:05 +00:00
Ilya Bakulin
5d20e65174 Use information about max data size that the controller is able to operate
Using DFLTPHYS/MAXPHYS is not always OK, instead make it possible for the
controller driver to provide maximum data size to MMCCAM, and use it there.

The old stack already does this.

Reviewed by:	manu
Approved by:	imp (mentor)
Differential Revision:	https://reviews.freebsd.org/D15892
2019-04-01 18:49:39 +00:00
Kirk McKusick
7e1a6d4777 When using the force option to shut down a memory-disk device,
I/O operations already in its queue were not being properly drained.
The GEOM framework does the queue draining, but the device driver
needs to wait for the draining to happen. The waiting is done by
adding a g_md_providergone() function to wait for the I/O operations
to finish up.

It is likely that every GEOM provider that implements orphaning
attached GEOM consumers needs to use the "providergone" mechanism
for this same reason, but some of them do not do so. Apparently
Kenneth Merry (ken@) added the drain for just such races, but he
missed adding it to some of the device drivers that needed it.

Submitted by: Chuck Silvers
Reviewed by:  imp
Tested by:    Chuck Silvers
MFC after:    1 week
Sponsored by: Netflix
2019-03-31 21:34:58 +00:00
Andriy Voskoboinyk
1ea35ead5a run(4): properly set F_DATAPAD radiotap flag if frame has padding between
frame header and data.

This will fix 'Mysterious OLPC stuff' for received frames and wrong
CCMP / TKIP / data decoding for transmitted frames in net/wireshark
dissector.

While here, drop unneeded comment - net80211 handles padding requirements
for Tx & Rx without driver adjustment.

Tested with D-Link DWA-140 rev B3, STA mode.

MFC after:	1 week
2019-03-31 14:18:02 +00:00
Andriy Voskoboinyk
e4c17012d0 run(4): do not clear PROTECTED bit if frame was not decrypted by NIC.
Tested with D-Link DWA-140 rev B3, STA / MONITOR modes.

MFC after:	1 week
2019-03-31 13:41:20 +00:00
Andriy Voskoboinyk
39abb4482d uath(4), urtw(4): restart driver if device does not respond after Tx request
MFC after:	1 week
2019-03-31 09:52:36 +00:00
Andriy Voskoboinyk
cb5d2742ff urtw(4): export TSF timestamp for received frames via radiotap
Tested with Netgear WG111 v3 (RTL8187B), STA mode.

MFC after:	1 week
2019-03-30 09:24:06 +00:00
Pawel Jakub Dawidek
e55624c605 Implement support for online disk capacity changes.
Obtained from:	Fudo Security
Tested in:	AWS
2019-03-30 07:20:28 +00:00
Jung-uk Kim
278f0de60d Merge ACPICA 20190329. 2019-03-29 20:21:28 +00:00
Navdeep Parhar
be09e82abb cxgbe/t4_tom: Catch up with r344433, which removed tcb_autorcvbuf_inc.
The declaration in tcp_var.h is still around so t4_tom continued to
compile but wouldn't load.  A separate commit will fix tcp_var.h

Reported By: Dustin Marquess (dmarquess at gmail)

Sponsored by:	Chelsio Communications
2019-03-29 16:43:24 +00:00
Navdeep Parhar
dd3b96ecec cxgbe(4): Count and clear interrupts generated at the software's request.
An interrupt can be requested by setting the F_SWINT bit in PL_PF_CTL.

MFC after:	1 week
Sponsored by:	Chelsio Communications
2019-03-28 21:22:28 +00:00
Hans Petter Selasky
b55bfda75c Add new USB PCI ID.
Submitted by:		Dmitry Luhtionov <dmitryluhtionov@gmail.com>
MFC after:		1 week
Sponsored by:		Mellanox Technologies
2019-03-28 09:00:56 +00:00
Ravi Pokala
ca219866e3 Teach jedec_dimm(4) to be more forgiving of non-fatal errors.
It looks like some DIMMs claim to have a TSOD, but actually don't. Some
claim they weren't able to change the SPD page, but they did. Neither of
those should be fatal errors.

PR:		235944
Submitted by:	Greg V <greg@unrelenting.technology>
Reported by:	Greg V <greg@unrelenting.technology>
Reviewed by:	cem
MFC after:	1 weeks
Sponsored by:	Panasas
Differential Revision:	https://reviews.freebsd.org/D19681
2019-03-27 21:50:01 +00:00
Scott Long
aa24a04abf Add missing break statements. Coverity CID 1400446.
Reported by:	mav
2019-03-27 12:25:46 +00:00
Edward Tomasz Napierala
7000d321e8 Make smartpqi(4) behave better when running out of memory, by returning
CAM_RESRC_UNAVAIL instead of CAM_REQUEUE_REQ.  This makes CAM delay a bit
before retrying, so that the retries actually get a chance to succeed.

Reviewed by:	sbruno
MFC after:	2 weeks
Sponsored by:	Klara Inc.
Differential Revision:	https://reviews.freebsd.org/D19696
2019-03-26 15:47:13 +00:00
Andriy Voskoboinyk
ae6f61b116 run(4): merge some common TSF-related code into run_disable_tsf()
No functional change intended.

MFC after:	5 days
2019-03-25 09:10:07 +00:00
Scott Long
8d8b448919 Add event table decoding for SAS Broadcast Primitive events. 2019-03-24 20:37:37 +00:00
Scott Long
9ceb90b2b6 Fix a transposition error from the previous commit 2019-03-24 19:29:30 +00:00
Scott Long
37b807ff36 r329522 created problemss with commands that enter the TIMEDOUT state but
are successfully returned by the card (usually due to an abort being issued
as part of timeout recovery). Remove what amounts to an insufficient
KASSERT, and don't overwrite the state value. State should probably be
re-designed, and that will be done with a future commit.

Reported by:	phk, bei.io
Reviewed by:	imp, mav
Differential Revision:	D19677
2019-03-24 19:09:50 +00:00
Allan Jude
91dfbef4aa Fix AMD type flash write operations, and display chip information at boot
Applies to MX flash chips on AR9132 and RT3050

Submitted by:	Hiroki Mori <yamori813@yahoo.co.jp>
Reviewed by:	imp, sbruno
Differential Revision:	https://reviews.freebsd.org/D14279
2019-03-24 06:28:25 +00:00
Marcin Wojtas
4ee7d3b011 Allow using TPM as entropy source.
TPM has a built-in RNG, with its own entropy source.
The driver was extended to harvest 16 random bytes from TPM every 10 seconds.
A new build option "TPM_HARVEST" was introduced - for now, however, it
is not enabled by default in the GENERIC config.

Submitted by: Kornel Duleba <mindal@semihalf.com>
Reviewed by: markm, delphij
Approved by: secteam
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D19620
2019-03-23 05:13:51 +00:00