d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd kernel with SKQ
244,565 Commits 4 Branches 49 Tags 2 GiB
C 63.3%
C++ 23.3%
Roff 5.1%
Shell 2.9%
Makefile 1.5%
Other 3.4%
b2dba6634b
Go to file
Andrew Gallatin b2dba6634b kTLS: Fix a bug where we would not encrypt anon data inplace. 
Software Kernel TLS needs to allocate a new destination crypto
buffer when encrypting data from the page cache, so as to avoid
overwriting shared clear-text file data with encrypted data
specific to a single socket. When the data is anonymous, eg, not
tied to a file, then we can encrypt in place and avoid allocating
a new page. This fixes a bug where the existing code always
assumes the data is private, and never encrypts in place. This
results in unneeded page allocations and potentially more memory
bandwidth consumption when doing socket writes.

When the code was written at Netflix, ktls_encrypt() looked at
private sendfile flags to determine if the pages being encrypted
where part of the page cache (coming from sendfile) or
anonymous (coming from sosend). This was broken internally at
Netflix when the sendfile flags were made private, and the
M_WRITABLE() check was added. Unfortunately, M_WRITABLE() will
always be false for M_NOMAP mbufs, since one cannot just mtod()
them.

This change introduces a new flags field to the mbuf_ext_pgs
struct by stealing a byte from the tls hdr. Note that the current
header is still 2 bytes larger than the largest header we
support: AES-CBC with explicit IV. We set MBUF_PEXT_FLAG_ANON
when creating an unmapped mbuf in m_uiotombuf_nomap() (which is
the path that socket writes take), and we check for that flag in
ktls_encrypt() when looking for anon pages.

Reviewed by:	jhb
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D21796
2019-09-27 20:08:19 +00:00
bin Do not use our custom completion function, it is not needed anymore 2019-09-16 07:31:59 +00:00
cddl MFZoL: Retire send space estimation via ZFS_IOC_SEND 2019-09-22 08:44:41 +00:00
contrib compiler-rt: correct RISC-V struct_kernel_stat64_sz 2019-09-27 13:14:36 +00:00
crypto Merge OpenSSL 1.1.1d. 2019-09-10 21:08:17 +00:00
etc [jail] removal by jid doesn't trigger pre/post stop scripts 2019-09-12 18:53:29 +00:00
gnu Get the readline header from the installed header instead of the from the source 2019-09-12 15:50:14 +00:00
include Import OpenSSL 1.1.1d. 2019-09-10 17:40:53 +00:00
kerberos5 Fix generation of krb5-config with LC_CTYPE=*.UTF-8 2019-07-01 11:47:45 +00:00
lib Document varadic args as int, since you can't have short varadic args (they are 2019-09-27 16:11:47 +00:00
libexec fix the article to be correct... 2019-09-16 22:48:40 +00:00
release pkgbase: Move cap_mkdb from runtime to utilities POST-INSTALL 2019-09-16 12:51:30 +00:00
rescue Remove unused defines since r147075 2019-07-12 04:44:50 +00:00
sbin Size is unsigned, so remove the test entirely. 2019-09-25 07:51:30 +00:00
secure Merge OpenSSL 1.1.1d. 2019-09-10 21:08:17 +00:00
share Add myself (kaktus) as a src commiter. 2019-09-27 10:19:28 +00:00
stand Further normalize copyright notices 2019-09-26 16:19:22 +00:00
sys kTLS: Fix a bug where we would not encrypt anon data inplace. 2019-09-27 20:08:19 +00:00
targets - Retire pc-sysinstall(8) 2019-09-03 19:42:04 +00:00
tests Further normalize copyright notices 2019-09-26 16:19:22 +00:00
tools controlelf: update man page 2019-09-27 19:26:52 +00:00
usr.bin Correct the final argument name in the top(1) manpage. 2019-09-27 17:11:21 +00:00
usr.sbin efibootmgr(8): fix markup and style issues 2019-09-25 21:23:30 +00:00
.arcconfig callsign isn't required anymore 2016-09-29 06:19:45 +00:00
.arclint arc lint: ignore /tests/ in chmod 2017-12-19 03:38:06 +00:00
.cirrus.yml Update vendor/libarchive/dist to git 2f3033ca23f8c21160506c3c7ac8a0df0d3fde42 2019-09-26 01:42:09 +00:00
.clang-format Add a basic clang-format configuration file 2019-06-07 15:23:52 +00:00
.gitattributes Add a basic clang-format configuration file 2019-06-07 15:23:52 +00:00
.gitignore .gitignore: Add LINT kernel configurations generated into SRCDIR 2019-08-10 18:22:22 +00:00
COPYRIGHT Happy New Year 2019! 2019-01-01 00:25:25 +00:00
LOCKS LOCKS: update current locks 2018-06-09 03:08:04 +00:00
MAINTAINERS [skip ci] Add me to MAINTAINERS for fusefs 2019-07-28 15:20:47 +00:00
Makefile pkgbase: Add the sub stage-packages targets to TGTS 2019-07-24 08:00:00 +00:00
Makefile.inc1 Adjust Makefile.inc1 syscall sub commit 2019-09-25 18:04:09 +00:00
Makefile.libcompat libsysdecode: use the proper include directory 2019-07-25 17:10:17 +00:00
Makefile.sys.inc AUTO_OBJ: For all top-level targets enforce using an OBJDIR. 2017-12-05 21:29:47 +00:00
ObsoleteFiles.inc In r340411, libufs.so's major number was bumped to 7, but an entry in 2019-09-25 17:35:34 +00:00
README Import OpenSSL 1.1.1d. 2019-09-10 17:40:53 +00:00
README.md README: add generic notes about GENERIC and NOTES 2018-06-17 19:44:24 +00:00
RELNOTES RELNOTES: Document r352668 (crontab -n and -q options) 2019-09-25 13:04:34 +00:00
UPDATING Fix 20190507 UPDATING entry 2019-09-16 12:44:44 +00:00

README.md

FreeBSD Source:

This is the top level of the FreeBSD source directory. This file was last revised on: FreeBSD

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms. A large community has continually developed it for more than thirty years. Its advanced networking, security, and storage features have made FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage devices.

For copyright information, please see the file COPYRIGHT in this directory. Additional copyright information also exists for some sources in this tree - please see the specific source directories for more information.

The Makefile in this directory supports a number of targets for building components (or all) of the FreeBSD source tree. See build(7), config(8), https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html, and https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html for more information, including setting make(1) variables.

Source Roadmap:

bin		System/user commands.

cddl		Various commands and libraries under the Common Development
		and Distribution License.

contrib		Packages contributed by 3rd parties.

crypto		Cryptography stuff (see crypto/README).

etc		Template files for /etc.

gnu		Various commands and libraries under the GNU Public License.
		Please see gnu/COPYING* for more information.

include		System include files.

kerberos5	Kerberos5 (Heimdal) package.

lib		System libraries.

libexec		System daemons.

release		Release building Makefile & associated tools.

rescue		Build system for statically linked /rescue utilities.

sbin		System commands.

secure		Cryptographic libraries and commands.

share		Shared resources.

stand		Boot loader sources.

sys		Kernel sources.

sys/<arch>/conf Kernel configuration files. GENERIC is the configuration
		used in release builds. NOTES contains documentation of
		all possible entries.

tests		Regression tests which can be run by Kyua.  See tests/README
		for additional information.

tools		Utilities for regression testing and miscellaneous tasks.

usr.bin		User commands.

usr.sbin	System administration commands.

For information on synchronizing your source tree with one or more of the FreeBSD Project's development branches, please see:

https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html