Commit Graph

238516 Commits

Author SHA1 Message Date
Matt Macy
ff2038a9bf Generalize AES iov optimization
Right now, aesni_cipher_alloc does a bit of special-casing
for CRYPTO_F_IOV, to not do any allocation if the first uio
is large enough for the requested size. While working on ZFS
crypto port, I ran into horrible performance because the code
uses scatter-gather, and many of the times the data to encrypt
was in the second entry. This code looks through the list, and
tries to see if there is a single uio that can contain the
requested data, and, if so, uses that.

This has a slight impact on the current consumers, in that the
check is a little more complicated for the ones that use
CRYPTO_F_IOV -- but none of them meet the criteria for testing
more than one.

Submitted by:	sef at ixsystems.com
Reviewed by:	cem@
MFC after:	3 days
Sponsored by:	iX Systems
Differential Revision:	https://reviews.freebsd.org/D18522
2018-12-13 04:40:53 +00:00
Warner Losh
a1128e850e Correctly implemenet atomic_swap_long for mips64.
MIPS64 has 64-bit longs, so use uint64_t for it, otherwise uint32_t.
sizeof(long) == sizeof(ptr) for all platforms, so define
atomic_swap_ptr in terms of atomic_swap_long.

Submitted by: hps@
2018-12-13 00:42:26 +00:00
Emmanuel Vadot
2d5e81fbd0 mv_thermal: Add thermal driver for AP806 and CP110 thermal sensor
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2018-12-12 22:33:05 +00:00
Emmanuel Vadot
31cdaf420f arm64: mv_cp110_icu: Fix build 2018-12-12 22:24:30 +00:00
Emmanuel Vadot
e5ff483e7a mv_gpio: Since it's also an interrupt controller, attach sooner
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2018-12-12 22:10:11 +00:00
Emmanuel Vadot
cf60d56e05 sdhci_xenon: Add Marvell 8k compatible string
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2018-12-12 22:09:35 +00:00
Emmanuel Vadot
44d027bb5d arm64: Add mv_cp110_icu and mv_cp110_gicp
icu is a interrupt concentrator in the CP110 block and gicp
is a gic extension to allow interrupts in the CP block to be turned
into GIC SPI interrupts

Sponsored by:	Rubicon Communications, LLC ("Netgate")
2018-12-12 22:08:43 +00:00
Emmanuel Vadot
2a3fb901a7 twsi: Clean up marvell part and add support for Marvell 7k/8k
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2018-12-12 22:05:07 +00:00
Emmanuel Vadot
73450c4a7a arm64: marvell: Add cp110 clock controller support
The cp110 clock controller controls the clocks and gate of the CP110
hardware block.

Every clock/gate are implemented except the NAND clock.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
2018-12-12 22:04:21 +00:00
Emmanuel Vadot
4f3a5b510b arm64: mv_gpio: Add Marvell 8K support
While here put the interrupts setup in it's own function

Sponsored by:	Rubicon Communications, LCC ("Netgate")
2018-12-12 22:02:57 +00:00
Emmanuel Vadot
e1453c9e4c arm64: marvell: Add driver for Marvell Ap806 System Controller
The first two clocks are for the clusters and their frequencies can be
found reading a register. Then a fixed 1200Mhz clock is present and two
fixed clocks, 'mss' which is 1200 / 6 and 'sdio' which is 1200 / 3.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
2018-12-12 22:01:06 +00:00
Emmanuel Vadot
2d2a085222 arm64: mvebu_pinctrl: Add driver for Marvell Pinmux Controller
Add a driver compatible with Marvell mvebu-pinctrl and add ap806-pinctrl
support.

Sponsored by:	Rubicon Communications, LCC ("Netgate")
2018-12-12 22:00:05 +00:00
Emmanuel Vadot
75a01d59f4 arm64: Add new SoC type MARVELL_8K
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2018-12-12 21:58:30 +00:00
Jung-uk Kim
f622545b79 Enable devcryptoeng for OpenSSL.
Since OpenSSL 1.1.1, the good old BSD-specific cryptodev engine has been
deprecated in favor of this new engine.  However, this engine is not
throughly tested on FreeBSD because it was originally written for Linux.

http://cryptodev-linux.org/

Also, the author actually meant to enable it by default on BSD platforms but
he failed to do so because there was a bug in the Configure script.

https://github.com/openssl/openssl/pull/7882

Now they found that it was more generic issue.

https://github.com/openssl/openssl/pull/7885

Therefore, we need to enable this engine on head to give it more exposure.
2018-12-12 21:56:47 +00:00
Emmanuel Vadot
2091650b73 fdt: Add support for simple-mfd bus
Quoting the binding Documentation :

"These devices comprise a nexus for heterogeneous hardware blocks containing
more than one non-unique yet varying hardware functionality."

Reviewed by:	loos
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D17751
2018-12-12 21:56:45 +00:00
Emmanuel Vadot
d9848bd254 pwm: Fix some arches by using %ju and casting to uintmax_t
Reported by:	ci.freebsd.org
2018-12-12 21:25:52 +00:00
Emmanuel Vadot
41dd88513b arm64: allwinner: Fix pwm dtso
Double patched files ended up in the tree

Reported by:	kevans
2018-12-12 21:10:34 +00:00
Emmanuel Vadot
c3c78b0aeb arm64: allwinner: Add DTSO for pwm and r_pwm
Those are both dtso (overlays) for the two pwm controllers found on the A64.
2018-12-12 21:02:22 +00:00
Emmanuel Vadot
277a038d0d arm64: allwinner: Add pwm driver
Add a pwm driver for Allwinner PWM
Add pwm and aw_pwm to the GENERIC kernel
2018-12-12 20:58:43 +00:00
Emmanuel Vadot
9312900f6d Add a pwm subsystem so we can configure pwm controller from kernel and userland.
The pwm subsystem consist of API for PWM controllers, pwmbus to register them
and a pwm(8) utility to talk to them from userland.

Reviewed by:	oshgobo (capsicum), bcr (manpage), 0mp (manpage)
Differential Revision:	https://reviews.freebsd.org/D17938
2018-12-12 20:56:56 +00:00
Maxim Sobolev
9b5ada0b59 Add NETGRAPH_CHECKSUM.
MFC after:	1 week
2018-12-12 20:40:01 +00:00
Mariusz Zaborski
e57d2a07c0 libcapsicum: add missing links
Reported by:	manu
2018-12-12 20:32:17 +00:00
Kristof Provost
ff514f1f8a pf tests: Basic rdr test
MFC after:	2 weeks
2018-12-12 20:19:56 +00:00
Kristof Provost
9bfe20461c pf tests: NAT exhaustion test
It's been reported that pf doesn't handle running out of available ports
for NAT correctly. It freezes until a state expires and it can find a
free port.
Test for this, by setting up a situation where only two ports are
available for NAT and then attempting to create three connections.

If successful the third connection will fail immediately. In an
incorrect case the connection attempt will freeze, also freezing all
interaction with pf through pfctl and trigger timeout.

PR:		233867
MFC after:	2 weeks
2018-12-12 20:19:18 +00:00
Kristof Provost
336683f24f pf: Fix endless loop on NAT exhaustion with sticky-address
When we try to find a source port in pf_get_sport() it's possible that
all available source ports will be in use. In that case we call
pf_map_addr() to try to find a new source IP to try from. If there are
no more available source IPs pf_map_addr() will return 1 and we stop
trying.

However, if sticky-address is set we'll always return the same IP
address, even if we've already tried that one.
We need to check the supplied address, because if that's the one we'd
set it means pf_get_sport() has already tried it, and we should error
out rather than keep trying.

PR:		233867
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D18483
2018-12-12 20:15:06 +00:00
Shteryana Shopova
e1747016b9 Add myself to the calendar 2018-12-12 19:58:54 +00:00
Maxim Sobolev
b9e0c8c2cc Add NETGRAPH_CHECKSUM.
MFC after:	1 week
2018-12-12 19:02:37 +00:00
Conrad Meyer
d2d82bfc90 gmirror: Remove a last-minute INVARIANTS breakage in r341840
I mistakenly added a lock assertion to this routine at the last minute
without confirming it was held during g_mirror_create.  It isn't (it isn't
even initialized yet).  Mea culpa.  Access is exclusive in both callers,
just not always by that particular lock.

Reported by:	lwhsu
X-MFC-With:	r341840, r341674
2018-12-12 18:13:56 +00:00
Vincenzo Maffione
76ed4255b5 netmap: add man page for ptnet
Add a man page for ptnet(4), describing the guest driver for netmap passthrough.

Reviewed by:	bcr
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D18518
2018-12-12 17:05:47 +00:00
Vincenzo Maffione
dde885de95 netmap: fix warning in netmap_kloop.c
Reported by:	markj
MFC after:	3 days
2018-12-12 16:32:15 +00:00
Mark Johnston
c2a5a6c17d Fix a possible mbuf double free in bwn_dma_tx_start().
If bus_dmamap_load_mbuf() fails following a defrag, the caller of
bwn_dma_tx_start() would free the original mbuf after m_defrag() had
already done so.  Fix this by returning the defragged mbuf to the
caller instead.  Update bwn_pio_tx_start() similarly for consistency.

Reported by:	Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed by:	landonf
Tested by:	landonf
MFC after:	3 days
admbug:		820
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D18342
2018-12-12 15:49:14 +00:00
Ed Maste
466ed83b6c Makefile.inc1: update stale wpa dependency removal statement
Only stale .depend files are removed; do not mention object files.
2018-12-12 15:23:40 +00:00
David Bright
09ff71d357 asmc: Add Support for Macbook Pro 8,1
PR:		217505
Submitted by:	John O. Brickley <obryan.brickley@gmail.com>, updated by Maciej Pasternacki <maciej@pasternacki.net>
Reported by:	John O. Brickley <obryan.brickley@gmail.com>
MFC after:	1 week
2018-12-12 13:43:55 +00:00
Hans Petter Selasky
46caeeca78 Don't register IOCTLs with capsicum when there is no valid file descriptor.
This fixes tcpdump when using mlx5_X devices.

Differential Revision:	https://reviews.freebsd.org/D18499
Reviewed by:		kib@, slavash@, oshogbo@
MFC after:		1 week
Sponsored by:		Mellanox Technologies
2018-12-12 09:51:10 +00:00
Conrad Meyer
23c25bd8b1 gmirror: Fix a bug introduced in r341674
r341674 inadvertently introduced a bug where newer mirror components being
tasted would clear the high sc_flags that are not controlled by component
metadata, such as G_MIRROR_DEVICE_FLAG_TASTING.  This could plausibly expose
a small window of time during STARTING where device destruction might race
with mirror component addition, probably resulting in a crash.

Reviewed by:	markj
X-MFC-With:	r341674
Differential Revision:	https://reviews.freebsd.org/D18521
2018-12-12 05:48:27 +00:00
Cy Schubert
b2d7ecdd54 Set default ciphers.
Submitted by:	jkim@
2018-12-12 05:18:53 +00:00
Yuri Pankov
547bc083d6 regcomp: reduce size of bitmap for multibyte locales
This fixes the obscure endless loop seen with case-insensitive
patterns containing characters in 128-255 range;  originally
found running GNU grep test suite.

Our regex implementation being kludgy translates the characters
in case-insensitive pattern to bracket expression containing both
cases for the character and doesn't correctly handle the case when
original character is in bitmap and the other case is not, falling
into the endless loop going through in p_bracket(), ordinary(),
and bothcases().

Reducing the bitmap to 0-127 range for multibyte locales solves this
as none of these characters have other case mapping outside of bitmap.
We are also safe in the case when the original character outside of
bitmap has other case mapping in the bitmap (there are several of those
in our current ctype maps having unidirectional mapping into bitmap).

Reviewed by:	bapt, kevans, pfg
Differential revision:	https://reviews.freebsd.org/D18302
2018-12-12 04:23:00 +00:00
Mark Johnston
7bdc329113 Use Capsicum helpers in ping(8).
Also use caph_cache_catpages() to ensure that strerror() works when
run with kern.trap_enotcap=1.

Reviewed by:	oshogbo
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D18514
2018-12-12 02:33:01 +00:00
Kirk McKusick
8f829a5cf0 Continuing efforts to provide hardening of FFS. This change adds a
check hash to the filesystem inodes. Access attempts to files
associated with an inode with an invalid check hash will fail with
EINVAL (Invalid argument). Access is reestablished after an fsck
is run to find and validate the inodes with invalid check-hashes.
This check avoids a class of filesystem panics related to corrupted
inodes. The hash is done using crc32c.

Note this check-hash is for the inode itself and not any of its
indirect blocks. Check-hash validation may be extended to also
cover indirect block pointers, but that will be a separate (and
more costly) feature.

Check hashes are added only to UFS2 and not to UFS1 as UFS1 is
primarily used in embedded systems with small memories and low-powered
processors which need as light-weight a filesystem as possible.

Reviewed by:  kib
Tested by:    Peter Holm
Sponsored by: Netflix
2018-12-11 22:14:37 +00:00
Kristof Provost
d3cc40300e pf tests: Use the ATF cleanup infrastructure in the ioctl tests
Use ATF_TC_CLEANUP(), because that means the cleanup code will get
called even if a test fails. Before it would only be executed if every
test within the body succeeded.

Reported by:	Marie Helene Kvello-Aune <marieheleneka@gmail.com>
MFC after:	2 weeks
2018-12-11 21:49:13 +00:00
Kristof Provost
87c7063c2b pf tests: ioctl tests require root rights
Explicitly mark these tests as requiring root rights. We need to be able
to open /dev/pf.

Reported by:	Marie Helene Kvello-Aune <marieheleneka@gmail.com>
MFC after:	2 weeks
2018-12-11 21:45:56 +00:00
Kristof Provost
5b551954ab pf: Prevent integer overflow in PF when calculating the adaptive timeout.
Mainly states of established TCP connections would be affected resulting
in immediate state removal once the number of states is bigger than
adaptive.start.  Disabling adaptive timeouts is a workaround to avoid this bug.
Issue found and initial diff by Mathieu Blanc (mathieu.blanc at cea dot fr)

Reported by: Andreas Longwitz <longwitz AT incore.de>
Obtained from:  OpenBSD
MFC after:	2 weeks
2018-12-11 21:44:39 +00:00
Bjoern A. Zeeb
7984cba7d7 Remove a dead file. CVS was removed in r251794. 2018-12-11 21:16:09 +00:00
Alexander Motin
49f8782283 Allow CTL device specification in bhyve virtio-scsi.
There was a large refactoring done in CTL to allow multiple ioctl frontend
ports (and respective devices) to be created, particularly for bhyve.
Unfortunately, respective part of bhyve functionality got lost somehow from
the original virtio-scsi commit.  This change allows wanted device path to
be specified in either of two ways:
 -s 6,virtio-scsi,/dev/cam/ctl1.1
 -s 6,virtio-scsi,dev=/dev/cam/ctl2.3
If neither is specified, the default /dev/cam/ctl device is used.

While there, remove per-queue CTL device opening, which makes no sense at
this point.

Reported by:	wg
Reviewed by:	araujo
MFC after:	3 days
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D18504
2018-12-11 20:47:00 +00:00
Mateusz Guzik
cc426dd319 Remove unused argument to priv_check_cred.
Patch mostly generated with cocinnelle:

@@
expression E1,E2;
@@

- priv_check_cred(E1,E2,0)
+ priv_check_cred(E1,E2)

Sponsored by:	The FreeBSD Foundation
2018-12-11 19:32:16 +00:00
Dimitry Andric
959530cc41 Upgrade our copies of clang, llvm, lld, lldb, compiler-rt and libc++ to
the upstream release_70 branch r348686 (effectively, 7.0.1 rc3).  The
release will follow very soon, but no more functional changes are
expected.

Release notes for llvm, clang and lld 7.0.0 are available here:
<http://releases.llvm.org/7.0.0/docs/ReleaseNotes.html>
<http://releases.llvm.org/7.0.0/tools/clang/docs/ReleaseNotes.html>
<http://releases.llvm.org/7.0.0/tools/lld/docs/ReleaseNotes.html>

PR:		230240, 230355
Relnotes:	yes
MFC after:	2 months
2018-12-11 19:05:28 +00:00
Stephen Hurd
7124b5ba04 Fix !tx_abdicate error from r336560
r336560 was supposed to restore pre-r323954 behaviour when tx_abdicate is
not set (the default case). However, it appears that rather than the drainage
check being made conditional on tx_abdicate being set, it was duplicated
so it occured twice if tx_abdicate was set and once if it was not.

Now when !tx_abdicate, drainage is only checked if the doorbell isn't
pending.

Reported by:    lev
MFC after:      1 week
Sponsored by:   Limelight Networks
2018-12-11 17:46:01 +00:00
Dimitry Andric
2bf1d8b75f Set tentative merge date, and add UPDATING note. 2018-12-11 17:39:49 +00:00
Mateusz Guzik
e8451da5e8 audi: replace open-coded TDP_AUDITREC checks with the macro
Sponsored by:	The FreeBSD Foundation
2018-12-11 17:14:12 +00:00
Mark Johnston
b6da2600f9 Fix the PAE kernel gcc build.
The error was caused by map_ucode() casting a vm_paddr_t to a void *.
Use a uintptr_t instead to match the caller.  Fix some style bugs while
here.

Reported by:	bde
Reviewed by:	bde
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2018-12-11 16:49:01 +00:00