diff --git a/distrib/notes/amd64/features b/distrib/notes/amd64/features index 7bd8e2a69..9a1e4bcab 100644 --- a/distrib/notes/amd64/features +++ b/distrib/notes/amd64/features @@ -1,4 +1,4 @@ -dnl $OpenBSD: features,v 1.4 2023/10/05 11:58:34 kn Exp $ +dnl $OpenBSD: features,v 1.5 2024/09/17 10:13:50 jsg Exp $ dnl dnl This file lists almost all the conditional features of this port, dnl which are used to provide accurate installation notes. @@ -6,7 +6,7 @@ dnl dnl Information about the installer script features should be in sync with dnl src/distrib/amd64/common/install.md dnl and the list files in -dnl src/distrib/amd64/{common/list,ramdisk_cd/list.local} +dnl src/distrib/amd64/{ramdiskA,ramdisk_cd}/list dnl dnl ==== dnl diff --git a/distrib/notes/i386/features b/distrib/notes/i386/features index b040b20d0..69dead765 100644 --- a/distrib/notes/i386/features +++ b/distrib/notes/i386/features @@ -1,4 +1,4 @@ -dnl $OpenBSD: features,v 1.4 2023/10/05 11:58:34 kn Exp $ +dnl $OpenBSD: features,v 1.5 2024/09/17 10:13:50 jsg Exp $ dnl dnl This file lists almost all the conditional features of this port, dnl which are used to provide accurate installation notes. @@ -6,7 +6,7 @@ dnl dnl Information about the installer script features should be in sync with dnl src/distrib/i386/common/install.md dnl and the list files in -dnl src/distrib/i386/{common/list,ramdiskC/list.local,ramdisk_cd/list.local} +dnl src/distrib/i386/{ramdisk,ramdisk_cd}/list dnl dnl ==== dnl diff --git a/lib/libc/sys/pledge.2 b/lib/libc/sys/pledge.2 index 1973932e8..df5b46a20 100644 --- a/lib/libc/sys/pledge.2 +++ b/lib/libc/sys/pledge.2 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pledge.2,v 1.69 2023/10/30 06:11:04 jmc Exp $ +.\" $OpenBSD: pledge.2,v 1.70 2024/09/17 12:53:15 deraadt Exp $ .\" .\" Copyright (c) 2015 Nicholas Marriott .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: October 30 2023 $ +.Dd $Mdocdate: September 17 2024 $ .Dt PLEDGE 2 .Os .Sh NAME @@ -174,7 +174,6 @@ As a result, all the expected functionalities of libc stdio work. .Xr fstat 2 , .Xr fsync 2 , .Xr ftruncate 2 , -.Xr getdents 2 , .Xr getdtablecount 2 , .Xr getegid 2 , .Xr getentropy 2 , @@ -236,10 +235,11 @@ As a result, all the expected functionalities of libc stdio work. .Xr writev 2 .It Cm rpath A number of system calls are allowed if they only cause -read-only effects on the filesystem: +read-only effects on the filesystem, or expose filenames to programs: .Pp .Xr chdir 2 , .Xr getcwd 3 , +.Xr getdents 2 , .Xr openat 2 , .Xr fstatat 2 , .Xr faccessat 2 , diff --git a/regress/lib/libcrypto/c2sp/Makefile b/regress/lib/libcrypto/c2sp/Makefile index 5b86c3488..ddeb1fd96 100644 --- a/regress/lib/libcrypto/c2sp/Makefile +++ b/regress/lib/libcrypto/c2sp/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.2 2023/12/17 08:32:26 tb Exp $ +# $OpenBSD: Makefile,v 1.3 2024/09/17 06:12:06 tb Exp $ C2SP_TESTVECTORS = /usr/local/share/c2sp-testvectors/ @@ -18,7 +18,7 @@ cctv: cctv.go OSSL_LIB = /usr/local/lib/eopenssl OSSL_INC = /usr/local/include/eopenssl -. for V in 11 31 32 +. for V in 11 32 33 . if exists(/usr/local/bin/eopenssl$V) PROGS += cctv-openssl$V SRCS_cctv-openssl$V = diff --git a/regress/lib/libssl/tlsfuzzer/Makefile b/regress/lib/libssl/tlsfuzzer/Makefile index b57b44daa..f7d17c2b9 100644 --- a/regress/lib/libssl/tlsfuzzer/Makefile +++ b/regress/lib/libssl/tlsfuzzer/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.6 2022/07/18 09:17:44 tb Exp $ +# $OpenBSD: Makefile,v 1.7 2024/09/17 08:47:37 tb Exp $ .if !exists(/usr/local/share/tlsfuzzer) regress: @@ -14,6 +14,10 @@ localhost.key localhost.crt: certs: localhost.key localhost.crt +start-server: certs + openssl s_server -accept 4433 -groups X25519:P-256:P-521:P-384 \ + -key localhost.key -cert localhost.crt -www + CLEANFILES += localhost.key localhost.crt PORT ?= 4433 @@ -40,7 +44,7 @@ list-failing: missing: @python3 ${.CURDIR}/tlsfuzzer.py -m -.PHONY: all certs failing list list-failing missing port +.PHONY: all certs failing list list-failing missing port start-server .endif diff --git a/share/man/man4/psp.4 b/share/man/man4/psp.4 index dbe20f3f7..9682d84db 100644 --- a/share/man/man4/psp.4 +++ b/share/man/man4/psp.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: psp.4,v 1.2 2024/09/04 14:24:10 jsg Exp $ +.\" $OpenBSD: psp.4,v 1.4 2024/09/17 04:12:57 jsg Exp $ .\" .\" Copyright (c) 2024 Jonathan Gray .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: September 4 2024 $ +.Dd $Mdocdate: September 17 2024 $ .Dt PSP 4 .Os .Sh NAME @@ -26,11 +26,330 @@ The .Nm driver provides an interface to the AMD Platform Security Processor. +The interface can be accessed through the +.Xr ioctl 2 +interface exposed by +.Pa /dev/psp . +.Pp +.Xr vmd 8 +uses +.Nm +to configure and launch SEV-enabled guests. +.Sh IOCTL INTERFACE +The +.Xr ioctl 2 +command codes below are defined in +.In dev/ic/pspvar.h . +.Bl -tag -width xxxxxx +.It Dv PSP_IOC_GET_PSTATUS Fa "struct psp_platform_status *pspst" +Collect the current status of the platform. +.Bd -literal +struct psp_platform_status { + /* Output parameters from PSP_CMD_PLATFORMSTATUS */ + uint8_t api_major; + uint8_t api_minor; + uint8_t state; + uint8_t owner; + uint32_t cfges_build; + uint32_t guest_count; +} __packed; +.Ed +.Pp +.Va api_major +and +.Va api_minor +indicate the PSP firmware version. +.Pp +The current platform state is indicated by +.Va state . +The following values are defined: +.Bl -tag -width PSP_PSTATE_WORKING -compact +.It PSP_PSTATE_UNINIT +The platform is uninitialized. +.It PSP_PSTATE_INIT +The platform is initialized but not managing any guests. +.It PSP_PSTATE_WORKING +The platform is initialized and currently managing guests. +.El +.Pp +.Va owner +indicates whether the platform is self-owned or externally owned. +.Pp +Bit 0 of +.Va cfgs_build +indicates whether SEV-ES is configured on the platform or not. +Bits 31:24 indicate the firmware build ID. +.Pp +.Va guest_count +indicates the number of valid guests currently maintained by the +firmware. +.It Dv PSP_IOC_DF_FLUSH +This command flushes all write buffers of the CPU's data fabric. +It must be invoked after deactivating one or more guests with +.Dv PSP_IOC_DEACTIVATE . +.It Dv PSP_IOC_DECOMMISSION Fa "struct psp_decommission *pspdec" +Deletes all guest context of the guest identified by +.Va handle . +.Bd -literal +struct psp_decommission { + /* Input parameter for PSP_CMD_DECOMMISSION */ + uint32_t handle; +} __packed; +.Ed +.It Dv PSP_IOC_GET_GSTATUS +Retrieves status information about an SEV-enabled guest identified by +.Va handle . +.Bd -literal +struct psp_guest_status { + /* Input parameter for PSP_CMD_GUESTSTATUS */ + uint32_t handle; + + /* Output parameters from PSP_CMD_GUESTSTATUS */ + uint32_t policy; + uint32_t asid; + uint8_t state; +} __packed; +.Ed +.Pp +.Va policy +indicates the policy used for this guest. +.Va asid +indicates the guest's address space identifier (ASID). +.Pp +The state of the guest is indicated by +.Va state . +The following values are defined: +.Bl -tag -width PSP_GSTATE_RUNNING -compact +.It PSP_GSTATE_UNINIT +The guest is uninitialized. +.It PSP_GSTATE_LUPDATE +The guest is currently being launched and plaintext data is imported. +.It PSP_GSTATE_LSECRET +The guest is currently being launched and ciphertext data is imported. +.It PSP_GSTATE_RUNNING +The guest is fully launched. +.It PSP_GSTATE_SUPDATE +The guest is migrated to another machine. +.It PSP_GSTATE_RUPDATE +The guest is migrated from another machine. +.It PSP_GSTATE_SENT +Thee guest has bin migrated to another machine. +.El +.It Dv PSP_IOC_LAUNCH_START +This command encrypts a guest's memory. +.Bd -literal +struct psp_launch_start { + /* Input/Output parameter for PSP_CMD_LAUNCH_START */ + uint32_t handle; + + /* Input parameters for PSP_CMD_LAUNCH_START */ + uint32_t policy; + + /* The following input parameters are not used yet */ + uint64_t dh_cert_paddr; + uint32_t dh_cert_len; + uint32_t reserved; + uint64_t session_paddr; + uint32_t session_len; +} __packed; +.Ed +.Pp +If +.Va handle +is zero, a new key is created. +A unique handle is assigned to the guest and returned in +.Va handle . +.Pp +.Va policy +specifies the policy used for that guest. +.Pp +.Va dh_cert_paddr , +.Va dh_cert len , +.Va session_paddr +and +.Va session_len +are currently not used. +.It Dv PSP_IOC_LAUNCH_UPDATE_DATA +This command encrypts data of the guest identified by +.Va handle . +.Bd -literal +struct psp_launch_update_data { + /* Input parameters for PSP_CMD_LAUNCH_UPDATE_DATA */ + uint32_t handle; + uint32_t reserved; + uint64_t paddr; + uint32_t length; +} __packed; +.Ed +.Pp +.Va paddr +and +.Va length +specify the address and length of the data to be encrypted. +Both values must be a multiple of 16 bytes. +.It Dv PSP_IOC_LAUNCH_MEASURE +This commands generates a measurement of the guest's memory. +The guest is identified by +.Va handle . +.Bd -literal +struct psp_measure { + /* Output buffer for PSP_CMD_LAUNCH_MEASURE */ + uint8_t measure[32]; + uint8_t measure_nonce[16]; +} __packed; + +struct psp_launch_measure { + /* Input parameters for PSP_CMD_LAUNCH_MEASURE */ + uint32_t handle; + uint32_t reserved; + uint64_t measure_paddr; + + /* Input/output parameter for PSP_CMD_LAUNCH_MEASURE */ + uint32_t measure_len; + uint32_t padding; + + /* Output buffer from PSP_CMD_LAUNCH_MEASURE */ + struct psp_measure psp_measure; /* 64bit aligned */ +#define measure psp_measure.measure +#define measure_nonce psp_measure.measure_nonce +} __packed; +.Ed +.Pp +.Va measure_paddr +is currently not used and +.Va measure_len +must always be +.Li sizeof(struct psp_measure) . +.Pp +.Va psp_measure +contains the buffers +.Va measure +and +.Va measure_nonce . +These contain the measurement and nonce generated by the PSP. +.It Dv PSP_IOC_LAUNCH_FINISH +This command finalizes the launch of the guest identified by +.Va handle . +.Bd -literal +struct psp_launch_finish { + /* Input parameter for PSP_CMD_LAUNCH_FINISH */ + uint32_t handle; +} __packed; +.Ed +.It Dv PSP_IOC_ATTESTATION +This command generates an attestation report signed by the PSP with +a platform specific key. +.Bd -literal +struct psp_report { + /* Output buffer for PSP_CMD_ATTESTATION */ + uint8_t report_nonce[16]; + uint8_t report_launch_digest[32]; + uint32_t report_policy; + uint32_t report_sig_usage; + uint32_t report_sig_algo; + uint32_t reserved2; + uint8_t report_sig1[144]; +} __packed; + +struct psp_attestation { + /* Input parameters for PSP_CMD_ATTESTATION */ + uint32_t handle; + uint32_t reserved; + uint64_t attest_paddr; + uint8_t attest_nonce[16]; + + /* Input/output parameter from PSP_CMD_ATTESTATION */ + uint32_t attest_len; + uint32_t padding; + + /* Output parameter from PSP_CMD_ATTESTATION */ + struct psp_report psp_report; /* 64bit aligned */ +#define report_nonce psp_report.report_nonce +#define report_launch_digest psp_report.report_launch_digest +#define report_policy psp_report.report_policy +#define report_sig_usage psp_report.report_sig_usage; +#define report_report_sig_alg psp_report.report_sig_algo; +#define report_report_sig1 psp_report.report_sig1; +} __packed; +.Ed +.Pp +.Va handle +identifies the guest. +.Va attest_paddr +is currently not used. +.Va attest_nonce +is the nonce returned by a previous +.Dv PSP_IOC_LAUNCH_MEASURE +command. +.Va attest_len +must always be +.Li sizeof(struct psp_report) . +.Pp +The attestation report is returned in +.Va psp_report . +The format of the report is defined by +.Li struct psp_report . +.It Dv PSP_IOC_ACTIVATE +This commands associates the context of the guest identified by +.Va handle +with the address space identifier provided in +.Va asid . +.Bd -literal +struct psp_activate { + /* Input parameters for PSP_CMD_ACTIVATE */ + uint32_t handle; + uint32_t asid; +} __packed; +.Ed +.It Dv PSP_IOC_DEACTIVATE +This command dissociates the context of the guest identified by +.Va handle +from its current the address space identifier. +.Bd -literal +struct psp_deactivate { + /* Input parameter for PSP_CMD_DEACTIVATE */ + uint32_t handle; +} __packed; +.Ed +.It Dv PSP_IOC_SNP_GET_PSTATUS +This command returns the state of a SEV-SNP enabled platform. +.Bd -literal +struct psp_snp_platform_status { + uint8_t api_major; + uint8_t api_minor; + uint8_t state; + uint8_t is_rmp_init; + uint32_t build; + uint32_t features; + uint32_t guest_count; + uint64_t current_tcb; + uint64_t reported_tcb; +} __packed; +.Ed +.It Dv PSP_IOC_GUEST_SHUTDOWN +This command shuts down a guest identified by +.Va handle . +.Bd -literal +struct psp_guest_shutdown { + /* Input parameter for PSP_CMD_GUEST_SHUTDOWN */ + uint32_t handle; +} __packed; +.Ed +.Pp +The command combines +.Dv PSP_IOC_DEACTIVATE +and +.Dv PSP_IOC_DECOMMISSION +in a single +.Xr ioctl 2 +call. +.El .Sh FILES .Bl -tag -width /dev/psp .It Pa /dev/psp .El .Sh SEE ALSO +.Xr ioctl 2 , .Xr ccp 4 , .Xr vmd 8 .Rs diff --git a/sys/conf/GENERIC b/sys/conf/GENERIC index c8a573ef9..7b53cd7cd 100644 --- a/sys/conf/GENERIC +++ b/sys/conf/GENERIC @@ -1,4 +1,4 @@ -# $OpenBSD: GENERIC,v 1.297 2024/08/31 04:17:14 dlg Exp $ +# $OpenBSD: GENERIC,v 1.298 2024/09/17 13:45:49 jsg Exp $ # # Machine-independent option; used by all architectures for their # GENERIC kernel @@ -16,7 +16,7 @@ option KMEMSTATS # collect malloc(9) statistics option PTRACE # ptrace(2) system call #option KVA_GUARDPAGES # slow virtual address recycling (+ guarding) -option POOL_DEBUG # pool corruption detection +#option POOL_DEBUG # pool corruption detection #option VFSLCKDEBUG # VFS locking checks option CRYPTO # Cryptographic framework diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index eb5408ee2..03980f8d2 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -1,6 +1,6 @@ #!/bin/sh - # -# $OpenBSD: newvers.sh,v 1.204 2024/08/07 15:59:24 deraadt Exp $ +# $OpenBSD: newvers.sh,v 1.205 2024/09/17 13:39:17 deraadt Exp $ # $NetBSD: newvers.sh,v 1.17.2.1 1995/10/12 05:17:11 jtc Exp $ # # Copyright (c) 1984, 1986, 1990, 1993 @@ -71,9 +71,9 @@ ost="SecBSD" osr="1.6" cat >vers.c < @@ -73,10 +73,6 @@ nvme_pci_match(struct device *parent, void *match, void *aux) return (0); } -static const struct pci_matchid nvme_msi_blacklist[] = { - { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_OPTANE }, -}; - void nvme_pci_attach(struct device *parent, struct device *self, void *aux) { @@ -92,9 +88,6 @@ nvme_pci_attach(struct device *parent, struct device *self, void *aux) printf(": "); - if (pci_matchbyid(pa, nvme_msi_blacklist, nitems(nvme_msi_blacklist))) - CLR(pa->pa_flags, PCI_FLAGS_MSI_ENABLED); - maptype = pci_mapreg_type(pa->pa_pc, pa->pa_tag, NVME_PCI_BAR); if (pci_mapreg_map(pa, NVME_PCI_BAR, maptype, 0, &sc->sc_iot, &sc->sc_ioh, NULL, &sc->sc_ios, 0) != 0) { diff --git a/sys/dev/pv/if_vio.c b/sys/dev/pv/if_vio.c index 7a3740058..e9c5f8238 100644 --- a/sys/dev/pv/if_vio.c +++ b/sys/dev/pv/if_vio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_vio.c,v 1.54 2024/09/04 09:12:55 sf Exp $ */ +/* $OpenBSD: if_vio.c,v 1.55 2024/09/17 09:00:14 sf Exp $ */ /* * Copyright (c) 2012 Stefan Fritsch, Alexander Fiveg. @@ -317,8 +317,9 @@ void vio_iff(struct vio_softc *); int vio_media_change(struct ifnet *); void vio_media_status(struct ifnet *, struct ifmediareq *); int vio_ctrleof(struct virtqueue *); -int vio_wait_ctrl(struct vio_softc *sc); -int vio_wait_ctrl_done(struct vio_softc *sc); +int vio_ctrl_start(struct vio_softc *, uint8_t, uint8_t, int, int *); +int vio_ctrl_submit(struct vio_softc *, int); +void vio_ctrl_finish(struct vio_softc *); void vio_ctrl_wakeup(struct vio_softc *, enum vio_ctrl_state); int vio_alloc_mem(struct vio_softc *); int vio_alloc_dmamem(struct vio_softc *); @@ -1483,6 +1484,111 @@ vio_tx_drain(struct vio_softc *sc) /* * Control vq */ + +/* + * Lock the control queue and the sc_ctrl_* structs and prepare a request. + * + * If this function succeeds, the caller must also call either + * vio_ctrl_submit() or virtio_enqueue_abort(), in both cases followed by + * vio_ctrl_finish(). + */ +int +vio_ctrl_start(struct vio_softc *sc, uint8_t class, uint8_t cmd, int nslots, + int *slotp) +{ + struct virtio_softc *vsc = sc->sc_virtio; + struct virtqueue *vq = sc->sc_ctl_vq; + int r; + + splassert(IPL_NET); + + while (sc->sc_ctrl_inuse != FREE) { + if (sc->sc_ctrl_inuse == RESET || vio_needs_reset(sc)) + return ENXIO; + r = tsleep_nsec(&sc->sc_ctrl_inuse, PRIBIO, "viowait", INFSLP); + if (r != 0) + return r; + } + sc->sc_ctrl_inuse = INUSE; + + sc->sc_ctrl_cmd->class = class; + sc->sc_ctrl_cmd->command = cmd; + + r = virtio_enqueue_prep(vq, slotp); + if (r != 0) + panic("%s: %s virtio_enqueue_prep: control vq busy", + sc->sc_dev.dv_xname, __func__); + r = virtio_enqueue_reserve(vq, *slotp, nslots + 2); + if (r != 0) + panic("%s: %s virtio_enqueue_reserve: control vq busy", + sc->sc_dev.dv_xname, __func__); + + vio_dmamem_enqueue(vsc, sc, vq, *slotp, sc->sc_ctrl_cmd, + sizeof(*sc->sc_ctrl_cmd), 1); + + return 0; +} + +/* + * Submit a control queue request and wait for the result. + * + * vio_ctrl_start() must have been called successfully. + * After vio_ctrl_submit(), the caller may inspect the + * data returned from the hypervisor. Afterwards, the caller + * must always call vio_ctrl_finish(). + */ +int +vio_ctrl_submit(struct vio_softc *sc, int slot) +{ + struct virtio_softc *vsc = sc->sc_virtio; + struct virtqueue *vq = sc->sc_ctl_vq; + int r; + + vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_status, + sizeof(*sc->sc_ctrl_status), 0); + + virtio_enqueue_commit(vsc, vq, slot, 1); + + while (sc->sc_ctrl_inuse != DONE) { + if (sc->sc_ctrl_inuse == RESET || vio_needs_reset(sc)) + return ENXIO; + r = tsleep_nsec(&sc->sc_ctrl_inuse, PRIBIO, "viodone", + VIRTIO_NET_CTRL_TIMEOUT); + if (r != 0) { + if (r == EWOULDBLOCK) + printf("%s: ctrl queue timeout\n", + sc->sc_dev.dv_xname); + vio_ctrl_wakeup(sc, RESET); + return ENXIO; + } + } + + VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_cmd, + sizeof(*sc->sc_ctrl_cmd), BUS_DMASYNC_POSTWRITE); + VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_status, + sizeof(*sc->sc_ctrl_status), BUS_DMASYNC_POSTREAD); + + if (sc->sc_ctrl_status->ack != VIRTIO_NET_OK) + return EIO; + + return 0; +} + +/* + * Unlock the control queue and the sc_ctrl_* structs. + * + * It is ok to call this function if the control queue is marked dead + * due to a fatal error. + */ +void +vio_ctrl_finish(struct vio_softc *sc) +{ + if (sc->sc_ctrl_inuse == RESET) + return; + + vio_ctrl_wakeup(sc, FREE); +} + /* issue a VIRTIO_NET_CTRL_RX class command and wait for completion */ int vio_ctrl_rx(struct vio_softc *sc, int cmd, int onoff) @@ -1491,51 +1597,24 @@ vio_ctrl_rx(struct vio_softc *sc, int cmd, int onoff) struct virtqueue *vq = sc->sc_ctl_vq; int r, slot; - splassert(IPL_NET); - - if ((r = vio_wait_ctrl(sc)) != 0) + r = vio_ctrl_start(sc, VIRTIO_NET_CTRL_RX, cmd, 1, &slot); + if (r != 0) return r; - sc->sc_ctrl_cmd->class = VIRTIO_NET_CTRL_RX; - sc->sc_ctrl_cmd->command = cmd; sc->sc_ctrl_rx->onoff = onoff; - r = virtio_enqueue_prep(vq, &slot); - if (r != 0) - panic("%s: %s virtio_enqueue_prep: control vq busy", - sc->sc_dev.dv_xname, __func__); - r = virtio_enqueue_reserve(vq, slot, 3); - if (r != 0) - panic("%s: %s virtio_enqueue_reserve: control vq busy", - sc->sc_dev.dv_xname, __func__); - vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_cmd, - sizeof(*sc->sc_ctrl_cmd), 1); vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_rx, sizeof(*sc->sc_ctrl_rx), 1); - vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_status, - sizeof(*sc->sc_ctrl_status), 0); - virtio_enqueue_commit(vsc, vq, slot, 1); - if ((r = vio_wait_ctrl_done(sc)) != 0) - goto out; - - VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_cmd, - sizeof(*sc->sc_ctrl_cmd), BUS_DMASYNC_POSTWRITE); + r = vio_ctrl_submit(sc, slot); VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_rx, sizeof(*sc->sc_ctrl_rx), BUS_DMASYNC_POSTWRITE); - VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_status, - sizeof(*sc->sc_ctrl_status), BUS_DMASYNC_POSTREAD); - - if (sc->sc_ctrl_status->ack == VIRTIO_NET_OK) { - r = 0; - } else { + if (r != 0) printf("%s: ctrl cmd %d failed\n", sc->sc_dev.dv_xname, cmd); - r = EIO; - } DPRINTF("%s: cmd %d %d: %d\n", __func__, cmd, onoff, r); -out: - vio_ctrl_wakeup(sc, FREE); + + vio_ctrl_finish(sc); return r; } @@ -1546,87 +1625,29 @@ vio_ctrl_guest_offloads(struct vio_softc *sc, uint64_t features) struct virtqueue *vq = sc->sc_ctl_vq; int r, slot; - splassert(IPL_NET); - - if ((r = vio_wait_ctrl(sc)) != 0) + r = vio_ctrl_start(sc, VIRTIO_NET_CTRL_GUEST_OFFLOADS, + VIRTIO_NET_CTRL_GUEST_OFFLOADS_SET, 1, &slot); + if (r != 0) return r; - sc->sc_ctrl_cmd->class = VIRTIO_NET_CTRL_GUEST_OFFLOADS; - sc->sc_ctrl_cmd->command = VIRTIO_NET_CTRL_GUEST_OFFLOADS_SET; sc->sc_ctrl_guest_offloads->offloads = features; - r = virtio_enqueue_prep(vq, &slot); - if (r != 0) - panic("%s: %s virtio_enqueue_prep: control vq busy", - sc->sc_dev.dv_xname, __func__); - r = virtio_enqueue_reserve(vq, slot, 3); - if (r != 0) - panic("%s: %s virtio_enqueue_reserve: control vq busy", - sc->sc_dev.dv_xname, __func__); - vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_cmd, - sizeof(*sc->sc_ctrl_cmd), 1); vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_guest_offloads, sizeof(*sc->sc_ctrl_guest_offloads), 1); - vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_status, - sizeof(*sc->sc_ctrl_status), 0); - virtio_enqueue_commit(vsc, vq, slot, 1); - if ((r = vio_wait_ctrl_done(sc)) != 0) - goto out; + r = vio_ctrl_submit(sc, slot); - VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_cmd, - sizeof(*sc->sc_ctrl_cmd), BUS_DMASYNC_POSTWRITE); VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_guest_offloads, sizeof(*sc->sc_ctrl_guest_offloads), BUS_DMASYNC_POSTWRITE); - VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_status, - sizeof(*sc->sc_ctrl_status), BUS_DMASYNC_POSTREAD); - if (sc->sc_ctrl_status->ack == VIRTIO_NET_OK) { - r = 0; - } else { + if (r != 0) { printf("%s: offload features 0x%llx failed\n", sc->sc_dev.dv_xname, features); - r = EIO; } - DPRINTF("%s: features 0x%llx: %d\n", __func__, features, r); - out: - vio_ctrl_wakeup(sc, FREE); - return r; -} + DPRINTF("%s: offload features 0x%llx: %d\n", __func__, features, r); -int -vio_wait_ctrl(struct vio_softc *sc) -{ - int r = 0; - - while (sc->sc_ctrl_inuse != FREE) { - if (sc->sc_ctrl_inuse == RESET || vio_needs_reset(sc)) - return ENXIO; - r = tsleep_nsec(&sc->sc_ctrl_inuse, PRIBIO, "viowait", INFSLP); - } - sc->sc_ctrl_inuse = INUSE; - - return r; -} - -int -vio_wait_ctrl_done(struct vio_softc *sc) -{ - int r = 0; - - while (sc->sc_ctrl_inuse != DONE) { - if (sc->sc_ctrl_inuse == RESET || vio_needs_reset(sc)) - return ENXIO; - r = tsleep_nsec(&sc->sc_ctrl_inuse, PRIBIO, "viodone", - VIRTIO_NET_CTRL_TIMEOUT); - if (r == EWOULDBLOCK) { - printf("%s: ctrl queue timeout\n", - sc->sc_dev.dv_xname); - vio_ctrl_wakeup(sc, RESET); - return ENXIO; - } - } + vio_ctrl_finish(sc); return r; } @@ -1665,55 +1686,35 @@ vio_set_rx_filter(struct vio_softc *sc) struct virtio_softc *vsc = sc->sc_virtio; struct virtqueue *vq = sc->sc_ctl_vq; int r, slot; + size_t len_uc, len_mc; - splassert(IPL_NET); - if ((r = vio_wait_ctrl(sc)) != 0) + r = vio_ctrl_start(sc, VIRTIO_NET_CTRL_MAC, + VIRTIO_NET_CTRL_MAC_TABLE_SET, 2, &slot); + if (r != 0) return r; - sc->sc_ctrl_cmd->class = VIRTIO_NET_CTRL_MAC; - sc->sc_ctrl_cmd->command = VIRTIO_NET_CTRL_MAC_TABLE_SET; + len_uc = sizeof(*sc->sc_ctrl_mac_tbl_uc) + + sc->sc_ctrl_mac_tbl_uc->nentries * ETHER_ADDR_LEN; + len_mc = sizeof(*sc->sc_ctrl_mac_tbl_mc) + + sc->sc_ctrl_mac_tbl_mc->nentries * ETHER_ADDR_LEN; + vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_mac_tbl_uc, len_uc, + 1); + vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_mac_tbl_mc, len_mc, + 1); - r = virtio_enqueue_prep(vq, &slot); - if (r != 0) - panic("%s: %s virtio_enqueue_prep: control vq busy", - sc->sc_dev.dv_xname, __func__); - r = virtio_enqueue_reserve(vq, slot, 4); - if (r != 0) - panic("%s: %s virtio_enqueue_reserve: control vq busy", - sc->sc_dev.dv_xname, __func__); - vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_cmd, - sizeof(*sc->sc_ctrl_cmd), 1); - vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_mac_tbl_uc, - sizeof(*sc->sc_ctrl_mac_tbl_uc) + - sc->sc_ctrl_mac_tbl_uc->nentries * ETHER_ADDR_LEN, 1); - vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_mac_tbl_mc, - sizeof(*sc->sc_ctrl_mac_tbl_mc) + - sc->sc_ctrl_mac_tbl_mc->nentries * ETHER_ADDR_LEN, 1); - vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_status, - sizeof(*sc->sc_ctrl_status), 0); - virtio_enqueue_commit(vsc, vq, slot, 1); + r = vio_ctrl_submit(sc, slot); + VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_mac_tbl_uc, len_uc, + BUS_DMASYNC_POSTWRITE); + VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_mac_tbl_mc, len_mc, + BUS_DMASYNC_POSTWRITE); - if ((r = vio_wait_ctrl_done(sc)) != 0) - goto out; - - VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_cmd, - sizeof(*sc->sc_ctrl_cmd), BUS_DMASYNC_POSTWRITE); - VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_mac_info, - VIO_CTRL_MAC_INFO_SIZE, BUS_DMASYNC_POSTWRITE); - VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_status, - sizeof(*sc->sc_ctrl_status), BUS_DMASYNC_POSTREAD); - - if (sc->sc_ctrl_status->ack == VIRTIO_NET_OK) { - r = 0; - } else { + if (r != 0) { /* The host's filter table is not large enough */ printf("%s: failed setting rx filter\n", sc->sc_dev.dv_xname); - r = EIO; } -out: - vio_ctrl_wakeup(sc, FREE); + vio_ctrl_finish(sc); return r; } diff --git a/sys/nfs/nfs_bio.c b/sys/nfs/nfs_bio.c index d26b2cd3c..ddd5dabb4 100644 --- a/sys/nfs/nfs_bio.c +++ b/sys/nfs/nfs_bio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_bio.c,v 1.86 2024/05/01 13:15:59 jsg Exp $ */ +/* $OpenBSD: nfs_bio.c,v 1.87 2024/09/18 05:21:19 jsg Exp $ */ /* $NetBSD: nfs_bio.c,v 1.25.4.2 1996/07/08 20:47:04 jtc Exp $ */ /* @@ -616,7 +616,7 @@ nfs_doio(struct buf *bp, struct proc *p) default: panic("nfs_doio: type %x unexpected", vp->v_type); break; - }; + } if (error) { bp->b_flags |= B_ERROR; bp->b_error = error; diff --git a/sys/nfs/nfs_serv.c b/sys/nfs/nfs_serv.c index df2a079d6..ea7b59618 100644 --- a/sys/nfs/nfs_serv.c +++ b/sys/nfs/nfs_serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_serv.c,v 1.129 2024/09/11 12:22:34 claudio Exp $ */ +/* $OpenBSD: nfs_serv.c,v 1.130 2024/09/18 05:21:19 jsg Exp $ */ /* $NetBSD: nfs_serv.c,v 1.34 1997/05/12 23:37:12 fvdl Exp $ */ /* @@ -1110,7 +1110,7 @@ nfsrv_create(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, if (nd.ni_vp == NULL) va.va_mode = 0; break; - }; + } va.va_type = VREG; } else { sp = (struct nfsv2_sattr *)nfsm_dissect(&info, NFSX_V2SATTR); @@ -1133,7 +1133,7 @@ nfsrv_create(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, break; default: break; - }; + } } /* diff --git a/sys/nfs/nfs_socket.c b/sys/nfs/nfs_socket.c index c88b116f7..94533465a 100644 --- a/sys/nfs/nfs_socket.c +++ b/sys/nfs/nfs_socket.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_socket.c,v 1.153 2024/09/11 12:22:34 claudio Exp $ */ +/* $OpenBSD: nfs_socket.c,v 1.154 2024/09/18 05:21:19 jsg Exp $ */ /* $NetBSD: nfs_socket.c,v 1.27 1996/04/15 20:20:00 thorpej Exp $ */ /* @@ -1125,7 +1125,7 @@ nfs_rephead(int siz, struct nfsrv_descript *nd, struct nfssvc_sock *slp, *tl = 0; } break; - }; + } } *mrq = mreq; diff --git a/sys/nfs/nfs_srvcache.c b/sys/nfs/nfs_srvcache.c index 297d2d593..63cc7e7c7 100644 --- a/sys/nfs/nfs_srvcache.c +++ b/sys/nfs/nfs_srvcache.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_srvcache.c,v 1.31 2024/05/01 13:15:59 jsg Exp $ */ +/* $OpenBSD: nfs_srvcache.c,v 1.32 2024/09/18 05:21:19 jsg Exp $ */ /* $NetBSD: nfs_srvcache.c,v 1.12 1996/02/18 11:53:49 fvdl Exp $ */ /* @@ -204,7 +204,7 @@ nfsrv_getcache(struct nfsrv_descript *nd, struct nfssvc_sock *slp, rp->rc_flag |= RC_NAM; rp->rc_nam = m_copym(nd->nd_nam, 0, M_COPYALL, M_WAIT); break; - }; + } rp->rc_proc = nd->nd_procnum; hash = NFSRCHASH(nd->nd_retxid); LIST_INSERT_HEAD(hash, rp, rc_hash); diff --git a/sys/nfs/nfs_srvsubs.c b/sys/nfs/nfs_srvsubs.c index def0bc7ef..a32eac5e1 100644 --- a/sys/nfs/nfs_srvsubs.c +++ b/sys/nfs/nfs_srvsubs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_srvsubs.c,v 1.1 2024/09/09 03:50:14 jsg Exp $ */ +/* $OpenBSD: nfs_srvsubs.c,v 1.2 2024/09/18 05:21:19 jsg Exp $ */ /* $NetBSD: nfs_subs.c,v 1.27.4.3 1996/07/08 20:34:24 jtc Exp $ */ /* @@ -389,7 +389,7 @@ netaddr_match(int family, union nethostaddr *haddr, struct mbuf *nam) break; default: break; - }; + } return (0); } @@ -462,7 +462,7 @@ nfsm_srvsattr(struct mbuf **mp, struct vattr *va, struct mbuf *mrep, va->va_vaflags |= VA_UTIMES_CHANGE; getnanotime(&va->va_atime); break; - }; + } tl = (uint32_t *)nfsm_dissect(&info, NFSX_UNSIGNED); if (tl == NULL) @@ -480,7 +480,7 @@ nfsm_srvsattr(struct mbuf **mp, struct vattr *va, struct mbuf *mrep, va->va_vaflags |= VA_UTIMES_CHANGE; getnanotime(&va->va_mtime); break; - }; + } *dposp = info.nmi_dpos; *mp = info.nmi_md; diff --git a/sys/nfs/nfs_syscalls.c b/sys/nfs/nfs_syscalls.c index 161f33053..71555b02f 100644 --- a/sys/nfs/nfs_syscalls.c +++ b/sys/nfs/nfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_syscalls.c,v 1.127 2024/06/26 01:40:49 jsg Exp $ */ +/* $OpenBSD: nfs_syscalls.c,v 1.128 2024/09/18 05:21:19 jsg Exp $ */ /* $NetBSD: nfs_syscalls.c,v 1.19 1996/02/18 11:53:52 fvdl Exp $ */ /* @@ -469,7 +469,7 @@ loop: m_freem(nd->nd_mrep); m_freem(nd->nd_nam2); break; - }; + } if (nd) { pool_put(&nfsrv_descript_pl, nd); diff --git a/sys/nfs/nfs_vnops.c b/sys/nfs/nfs_vnops.c index 268cdae8b..01476828a 100644 --- a/sys/nfs/nfs_vnops.c +++ b/sys/nfs/nfs_vnops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_vnops.c,v 1.203 2024/09/12 09:04:51 claudio Exp $ */ +/* $OpenBSD: nfs_vnops.c,v 1.204 2024/09/18 05:21:19 jsg Exp $ */ /* $NetBSD: nfs_vnops.c,v 1.62.4.1 1996/07/08 20:26:52 jtc Exp $ */ /* @@ -653,7 +653,7 @@ nfs_setattr(void *v) tsize = np->n_size; np->n_size = np->n_vattr.va_size = vap->va_size; uvm_vnp_setsize(vp, np->n_size); - }; + } } else if ((vap->va_mtime.tv_nsec != VNOVAL || vap->va_atime.tv_nsec != VNOVAL) && vp->v_type == VREG && diff --git a/usr.bin/rsync/blocks.c b/usr.bin/rsync/blocks.c index f76fb81b6..b300e41a0 100644 --- a/usr.bin/rsync/blocks.c +++ b/usr.bin/rsync/blocks.c @@ -1,4 +1,4 @@ -/* $OpenBSD: blocks.c,v 1.23 2024/02/28 09:36:11 claudio Exp $ */ +/* $OpenBSD: blocks.c,v 1.24 2024/09/18 10:22:36 job Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -121,7 +121,7 @@ blkhash_set(struct blktab *p, const struct blkset *bset) void blkhash_free(struct blktab *p) { - + free(p->q); free(p->blks); free(p); } diff --git a/usr.sbin/vmd/vm.conf.5 b/usr.sbin/vmd/vm.conf.5 index aaeed8fac..9b455254e 100644 --- a/usr.sbin/vmd/vm.conf.5 +++ b/usr.sbin/vmd/vm.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: vm.conf.5,v 1.64 2024/09/11 15:42:52 bluhm Exp $ +.\" $OpenBSD: vm.conf.5,v 1.65 2024/09/16 22:30:01 bluhm Exp $ .\" .\" Copyright (c) 2015 Mike Larkin .\" Copyright (c) 2015 Reyk Floeter @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: September 11 2024 $ +.Dd $Mdocdate: September 16 2024 $ .Dt VM.CONF 5 .Os .Sh NAME @@ -324,7 +324,11 @@ If only is given, only the group is set. .It Ic sev -Enables SEV for guest. +Enables AMD Secure Encrypted Virtualization for guest. +.Xr vmd 8 +uses +.Xr psp 4 +to configure the guest for SEV. .El .Sh VM INSTANCES It is possible to use configured or running VMs as a template for