Commit Graph

226176 Commits

Author SHA1 Message Date
Toomas Soome
b07d6aa2ae libefi: pdinfo_t pd_unit and pd_open should be unsigned
The device index, partition index and reference counter are all positive
numbers. However, since our internal partition number may be negative
to indicate GPT table, the compare expression need to take care when comparing
pdinfo_t and partition data.
2017-09-22 07:29:26 +00:00
Michael Tuexen
d28a3a393b Add missing locking. Found by Coverity while scanning the usrsctp
library.

MFC after:	1 week
2017-09-22 06:33:01 +00:00
Michael Tuexen
afb908dada Add missing socket lock.
MFC after:	1 week
2017-09-22 06:07:47 +00:00
Conrad Meyer
67e4d800ec cryptotest.py: Like r323869, skip SHA HMAC tests on non-SHA drivers
Sponsored by:	Dell EMC Isilon
2017-09-22 04:41:48 +00:00
Conrad Meyer
e720124622 cryptotest.py: Fix whitespace style errors
I accidentally introduced different whitespace style in r323878.  I'm not
used to using tabs for indentation in Python scripts.

Whitespace only; no functional change.

Sponsored by:	Dell EMC Isilon
2017-09-22 04:25:44 +00:00
Toomas Soome
832d45d219 efilib.h: typo in structure member description
The link should be replaced by list.
2017-09-22 02:58:47 +00:00
Toomas Soome
024cc69661 r323885 did miss efilib.h update
The efilib.h update was left out from r323885 by mistake.
2017-09-22 02:56:26 +00:00
Toomas Soome
cbc1b3de8f libefi: efi_devpath_match local len should be unsigned
DevicePathNodeLength() will always return unsigned value.
2017-09-22 02:53:01 +00:00
Warner Losh
78ed811e6c cam iosched: Bettar account IOPS for smoother performance
Prevent cam_iosched_iops_tick() from discarding 'unspent' ios unless
it's a new accounting interval.

Previously ios that weren't used between ticks were lost, as a result
the iops limiter could enforce a limit below the configured maximum.

Obtained from: ElectroBSD
Submitted by: Fabian Keil
PR: 221974
2017-09-22 02:36:36 +00:00
Warner Losh
f777123b83 cam iosched: Enforce iop limits below the quanta value
Previously the iops limiter would always allow at least
quanta ios per second as cam_iosched_iops_tick() never set
ios->l_value1 below 1.

Submitted by: Fabian Keil <fk@fabiankeil.de>
Obtained from: ElectroBSD
PR: 221974
2017-09-22 02:36:32 +00:00
John Baldwin
cc05c7d256 Support AEAD requests with non-GCM algorithms.
In particular, support chaining an AES cipher with an HMAC for a request
including AAD.  This permits submitting requests from userland to encrypt
objects like IPSec packets using these algorithms.

In the non-GCM case, the authentication crypto descriptor covers both the
AAD and the ciphertext.  The GCM case remains unchanged.  This matches
the requests created internally in IPSec.  For the non-GCM case, the
COP_F_CIPHER_FIRST is also supported since the ordering matters.

Note that while this can be used to simulate IPSec requests from userland,
this ioctl cannot currently be used to perform TLS requests using AES-CBC
and MAC-before-encrypt.

Reviewed by:	cem
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D11759
2017-09-22 00:34:46 +00:00
John Baldwin
2c907637bc Add a new COP_F_CIPHER_FIRST flag for struct crypt_op.
This requests that the cipher be performed before rather than after
the HMAC when both are specified for a single operation.

Reviewed by:	cem
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D11757
2017-09-22 00:21:58 +00:00
John Baldwin
95f076384f Place the AAD before the plaintext/ciphertext for CIOCRYPTAEAD.
Software crypto implementations don't care how the buffer is laid out,
but hardware implementations may assume that the AAD is always before
the plain/cipher text and that the hash/tag is immediately after the end
of the plain/cipher text.

In particular, this arrangement matches the layout of both IPSec packets
and TLS frames.  Linux's crypto framework also assumes this layout for
AEAD requests.

Reviewed by:	cem
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D11758
2017-09-22 00:15:54 +00:00
Stephen Hurd
bf227542f3 Fix undeclared identifier error introduced in r323879
It doesn't appear to be safe to use gtask->gt_name.

Reported by:	Mark Johnston, Jenkins
Reviewed by:	sbruno
Approved by:	sbruno (mentor)
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D12448
2017-09-21 23:27:35 +00:00
Toomas Soome
cfe103a2ac libefi: efipart.c should use calloc()
The device specific *_add functions are using malloc() + memset,
should use calloc instead.
2017-09-21 23:22:18 +00:00
Toomas Soome
59fcc285f4 libefi: efi_devpath_match() should return bool
The current implementation of efi_devpath_match() is returning values 0 or 1,
so it should be updated to return bool.
2017-09-21 23:14:07 +00:00
Warner Losh
07f2d905e6 Always create usr/local/etc -> /etc/local symlink
/usr/local/etc gets created and populated by packages. However, if no
packages are installed when setup_nanobsd is run, this symlink won't
get created, causing problems if packages are installed later (say on
first boot). Therefore, always create the symlink and etc/local. It
does no harm and may help.

Inspired by crochet issue #183 (consuingly says NanoBSD, means crochet)
Sponsored by: Netflix
2017-09-21 23:10:56 +00:00
John Baldwin
e1d15b892a Only handle _PC_MAX_CANON, _PC_MAX_INPUT, and _PC_VDISABLE for TTY devices.
Move handling of these three pathconf() variables out of vop_stdpathconf()
and into devfs_pathconf() as TTY devices can only be devfs files.  In
addition, only return settings for these three variables for devfs devices
whose device switch has the D_TTY flag set.

Discussed with:	bde, kib
Sponsored by:	Chelsio Communications
2017-09-21 23:05:32 +00:00
John Baldwin
ed8d06aa19 Use UFS_LINK_MAX instead of LINK_MAX.
Submitted by:	bde
Sponsored by:	Chelsio Communications
2017-09-21 22:33:59 +00:00
Mark Johnston
568aef2f6a Simplify i915_gem_wire_page() and avoid unneeded page-busying.
Reviewed by:	alc, kib
MFC after:	1 week
2017-09-21 22:15:45 +00:00
Stephen Hurd
326aacb0e3 Improved logging of gtaskqueue failues
Check the return code of intr_setaffinity() and log any errors
it returns. When a qid is not located, log an error before returning
failure.  Also, use __func__ rather than hardcoding the function name

Reviewed by:	sbruno
Approved by:	sbruno (mentor)
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D12436
2017-09-21 21:14:48 +00:00
Conrad Meyer
005fdbbc69 cryptotest.py: Actually use NIST-KAT HMAC test vectors and test the right hashes
Previously, this test was entirely a no-op as no vector in the NIST-KAT file
has a precisely 20-byte key.

Additionally, not every vector in the file is SHA1.  The length field
determines the hash under test, and is now decoded correctly.

Finally, due to a limitation I didn't feel like fixing in cryptodev.py, MACs
are truncated to 16 bytes in this test.

With this change and the uncommitted D12437 (to allow key sizes other than
those used in IPSec), the SHA tests in cryptotest.py actually test something
and e.g. at least cryptosoft passes the test.

Sponsored by:	Dell EMC Isilon
2017-09-21 21:07:21 +00:00
Stephen Hurd
a0fcc37122 Fix M_GTASKQUEUE definition
Previously had the same short and long description as taskqueues.
This could cause problems with memguard(9) and vmstat -m which use
the short description as a unique identifier.

Reviewed by:	sbruno
Approved by:	sbruno (mentor)
MFC after:	3 days
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D12438
2017-09-21 20:34:33 +00:00
Stephen Hurd
23e90483ec bnxt: Fix driver when attached to a VF
- Use HWRM_FUNC_VF_CFG instead of HWRM_FUNC_CFG on VFs
- Fix NPAR/VF detection
- Clean up flag definitions
- Don't allow WoL on VFs

Although the bnxt driver doesn't support SR-IOV so can create VFs yet,
the PF could be running Linux or ESCi with a VF passed through to a
FreeBSD guest.  This fixes the driver for that use case.

Submitted by:	Siva Kallam <siva.kallam@@broadcom.com>
Reviewed by:	shurd, sbruno
Approved by:	sbruno (mentor)
Sponsored by:	Broadcom Limited
Differential Revision:	https://reviews.freebsd.org/D12410
2017-09-21 20:27:43 +00:00
Eugene Grosbein
10633c7e5a Unprotected modification of ng_iface(4) private data leads to kernel panic.
Fix a race with per-node read-mostly lock and refcounting for a hook.

PR:			220076
Tested by:		peixoto.cassiano
Approved by:		avg (mentor), mav (mentor)
MFC after:		1 week
Relnotes:		yes
Differential Revision:	https://reviews.freebsd.org/D12435
2017-09-21 20:16:10 +00:00
Conrad Meyer
b3eaa68045 cryptotest.py: Do not run AES-CBC or AES-GCM tests on non-AES crypto(4) drivers
For some reason, we only skipped AES-XTS tests if a driver was not in the
aesmodules list.  Skip other AES modes as well to prevent spurious failures
in non-AES drivers.

Sponsored by:	Dell EMC Isilon
2017-09-21 18:06:21 +00:00
Alan Cox
4aef95b3f0 Modernize calls to vm_page_unwire(). As of r288122, vm_page_unwire()
accepts PQ_NONE as the specified queue and returns a Boolean indicating
whether the page's wire count transitioned to zero.  Use these features
in dev/drm2.

Reviewed by:	kib, markj
MFC after:	1 week
2017-09-21 15:32:41 +00:00
Toomas Soome
5370de88cc libefi: devicename.c cleanups
Remove duplicated free()+return statements, default unit to 0
and improve strtol error processing.
2017-09-21 15:30:20 +00:00
Mariusz Zaborski
2560d18180 We use a few different ifdef's names to check if we are using Casper or not,
let's standardize this. Now we are always use WITH_CASPER name.

Discussed with:	emaste@
MFC after:	1 month
2017-09-21 14:41:41 +00:00
Sevan Janiyan
6d2e5f3ddf Ammend bin/cat/cat.c so the output is the same aside
from blank lines being numbered or unnumbered, depending on whether cat
was invoked with -ne or -be.

At present, when cat is invoked with -be, there is an aditional
difference that the '$' on blank lines is placed on the far left of the
output.

Discussed in bug 210607.

While here, revert the workaround from r304035 which skipped the unit test for
this issue previously.

PR:		210607
Submitted by:	myself
Reviewed by:	bdrewery
Obtained from:	NetBSD
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D12432
2017-09-21 14:14:49 +00:00
Kristof Provost
ed9de14d2f bridge: Set module version
This ensures that the loader will not load the module if it's also built in to
the kernel.

PR:		220860
Submitted by:	Eugene Grosbein <eugen@freebsd.org>
Reported by:	Marie Helene Kvello-Aune <marieheleneka@gmail.com>
2017-09-21 14:14:01 +00:00
Michael Tuexen
cdd2d7d4a5 Code cleanup, no functional change.
MFC after:	1 week
2017-09-21 11:56:31 +00:00
Mariusz Zaborski
ef0c8428f9 Plug memory leak in case when nvlist allocation succeeds, but nvpair
allocation fails.

Submitted by:	pjd@
MFC after:	1 month
Sponsored by:	Wheel Systems
2017-09-21 10:28:22 +00:00
Mariusz Zaborski
b6960f00fa Simplify the code by _not_ expecting success under 'fail'.
Submitted by:	pjd@ and oshogbo@
MFC after:	1 month
Sponsored by:	Wheel Systems
2017-09-21 10:18:02 +00:00
Mariusz Zaborski
56117a342f IMHO it is possible that failure will be treated as success because we don't
initialize nvp on every loop iteration and the code under 'fail'(!) label
detects success by checking of nvp != NULL.

Submitted by:	pjd@
MFC after:	1 month
Sponsored by:   Wheel Systems
2017-09-21 10:16:44 +00:00
Mariusz Zaborski
0a5f83e3fa Free 'value' only once we are done freeing all individual
Submitted by:   pjd@
MFC after:	1 month
Found by:       scan-build
Sponsored by:   Wheel Systems
2017-09-21 10:14:43 +00:00
Nick Hibma
657db16fce Remove an 'unused' function.
This function was only set in legacy.sh and only at the very end after
the disk image had been successfully created. The only difference will be
that the message 'Error encountered. Please check...' will not appear if
nanobsd.sh exits with an error after the disk image has been created.
2017-09-21 10:13:48 +00:00
Mariusz Zaborski
c696dd0687 Because nvp wasn't initialized on every loop iteration once we jumped
to 'fail' on error it was treated as success, because nvp!=NULL. Fix this
by not handling success under 'fail' label and by using separate variable
for parent nvpair.

If we succeeded to allocate nvlist, but failed to allocated nvpair we
would leak nvls[ii] on return. Destroy it when we cannot allocate nvpair,
before we goto fail.

Submitted by:	pjd@ and oshogbo@ (minor changes)
Found by:       scan-build
MFC after:	1 month
Sponsored by:	Wheel Systems
2017-09-21 10:10:42 +00:00
Mariusz Zaborski
a3c485d38d Make the code consistent by always using 'fail' label.
Submitted by:	pjd@ and oshogbo@
MFC after:	1 month
Sponsored by:	Wheel Systems
2017-09-21 10:06:00 +00:00
Mariusz Zaborski
1dacabe1ab The 'while (array != NULL) { }' suggests scan-build that array may be
initially NULL, which is not possible. Change the loop to
'do {} while (array != NULL)' to satisfy scan-build and assert that
array really cannot be NULL just in case.

Submitted by:	pjd@
Found by:	scan-build
MFC after:	1 month
Sponsored by:	Wheel Systems
2017-09-21 10:03:14 +00:00
Mariusz Zaborski
08016b3185 Remove redundant initialization. Don't use variable - just return the value.
Make scan-build happy by casting to 'void *' instead of 'void **'.

Submitted by:	pjd@
MFC after:	1 month
Found by:	scan-build and cppcheck
Sponsored by:	Wheel Systems
2017-09-21 10:00:16 +00:00
Michael Tuexen
53999485e0 Free the control structure after using is, not before.
Found by Coverity while scanning the usrsctp library.
MFC after:	1 week
2017-09-21 09:47:56 +00:00
Nick Hibma
7c1e70c8f9 Fix up style for consistency. 2017-09-21 09:27:44 +00:00
Nick Hibma
b391b675f7 Speling mistakes. 2017-09-21 09:22:41 +00:00
Michael Tuexen
d0d8c7de19 No need to wakeup, since sctp_add_to_readq() does it.
MFC after:	1 week
2017-09-21 09:18:05 +00:00
Conrad Meyer
7abea82d17 cryptotest.py: Add a seatbelt that we're actually testing anything
Without nist-kat installed, cryptotest.py is a no-op.  Showing 'success' in
that case is unhelpful.

Sponsored by:	Dell EMC Isilon
2017-09-21 05:46:28 +00:00
Rick Macklem
6b43e06029 Add a few definitions for Flex File Layout for pNFS.
These definitions will be used by a future commit.
2017-09-21 00:41:12 +00:00
Jung-uk Kim
8c294161aa Remove an ancient comment about the existence of READ(16) and WRITE(16).
MFC after:	3 days
2017-09-21 00:03:59 +00:00
Andrey V. Elsukov
5df8171da3 Use in_localip() function instead of unlocked access to addresses hash
to determine that an address is our local.

PR:		220078
MFC after:	1 week
2017-09-20 22:35:28 +00:00
Andrey V. Elsukov
369bc48dc5 Do not acquire IPFW_WLOCK when a named object is created and destroyed.
Acquiring of IPFW_WLOCK is requried for cases when we are going to
change some data that can be accessed during processing of packets flow.
When we create new named object, there are not yet any rules, that
references it, thus holding IPFW_UH_WLOCK is enough to safely update
needed structures. When we destroy an object, we do this only when its
reference counter becomes zero. And it is safe to not acquire IPFW_WLOCK,
because noone references it. The another case is when we failed to finish
some action and thus we are doing rollback and destroying an object, in
this case it is still not referenced by rules and no need to acquire
IPFW_WLOCK.

This also fixes panic with INVARIANTS due to recursive IPFW_WLOCK acquiring.

MFC after:	1 week
Sponsored by:	Yandex LLC
2017-09-20 22:00:06 +00:00