Cross Reference: /src/sys/rump/librump/rumpkern/Makefile.rumpkern

History log of /src/sys/rump/librump/rumpkern/Makefile.rumpkern
Revision	Date	Author	Comments
1.192	22-Dec-2024	riastradh	kern: Move some purely arithmetic routines to subr_time_arith.c. Preparation for testing and fixing: PR kern/58922: itimer(9): arithmetic overflow PR kern/58925: itimer(9) responds erratically to clock wound back PR kern/58926: itimer(9) integer overflow in overrun counting PR kern/58927: itimer(9): overrun accounting is broken
1.191	03-Jun-2023	lukem	branches: 1.191.6; bsd.own.mk: rename GCC_NO_* to CC_WNO_* Rename compiler-warning-disable variables from GCC_NO_warning to CC_WNO_warning where warning is the full warning name as used by the compiler. GCC_NO_IMPLICIT_FALLTHRU is CC_WNO_IMPLICIT_FALLTHROUGH Using the convention CC_compilerflag, where compilerflag is based on the full compiler flag name.
1.190	22-Apr-2023	riastradh	rump: Move vnode_if.c from rumpkern to rumpvfs. This has become increasingly less of a `fully dynamic interface', and the need for it in the rest of sys/kern/ has been obviated, so let's put it where it belongs in rumpvfs.
1.189	22-Apr-2023	riastradh	secmodel_extensions: Split vfs part into separate .c file. This way we can provide weak rumpkern stubs that don't require rumpvfs for things that are relevant to vfs, but if you do link rumpvfs then you get the same logic in secmodel extensions.
1.188	28-Mar-2022	christos	include the extensions secmodel
1.187	27-Aug-2020	riastradh	Sort includes, nix trailing whitespace, fix comment.
1.186	27-Aug-2020	riastradh	Move address hashing from init_main.c to kern_sysctl.c. This way rump gets it automatically. Make sure blake2s is in librumpkern.so, not just in librumpkern_crypto.so, for this to work.
1.185	14-Aug-2020	riastradh	New system call getrandom() compatible with Linux and others. Three ways to call: getrandom(p, n, 0) Blocks at boot until full entropy. Returns up to n bytes at p; guarantees up to 256 bytes even if interrupted after blocking. getrandom(0,0,0) serves as an entropy barrier: return only after system has full entropy. getrandom(p, n, GRND_INSECURE) Never blocks. Guarantees up to 256 bytes even if interrupted. Equivalent to /dev/urandom. Safe only after successful getrandom(...,0), getrandom(...,GRND_RANDOM), or read from /dev/random. getrandom(p, n, GRND_RANDOM) May block at any time. Returns up to n bytes at p, but no guarantees about how many -- may return as short as 1 byte. Equivalent to /dev/random. Legacy. Provided only for source compatibility with Linux. Can also use flags\|GRND_NONBLOCK to fail with EWOULDBLOCK/EAGAIN without producing any output instead of blocking. - The combination GRND_INSECURE\|GRND_NONBLOCK is the same as GRND_INSECURE, since GRND_INSECURE never blocks anyway. - The combinations GRND_INSECURE\|GRND_RANDOM and GRND_INSECURE\|GRND_RANDOM\|GRND_NONBLOCK are nonsensical and fail with EINVAL. As proposed on tech-userlevel, tech-crypto, tech-security, and tech-kern, and subsequently adopted by core (minus the getentropy part of the proposal, because other operating systems and participants in the discussion couldn't come to an agreement about getentropy and blocking semantics): https://mail-index.netbsd.org/tech-userlevel/2020/05/02/msg012333.html
1.184	28-Jul-2020	riastradh	Rewrite cprng_fast in terms of new ChaCha API.
1.183	30-Apr-2020	riastradh	Rewrite entropy subsystem. Primary goals: 1. Use cryptography primitives designed and vetted by cryptographers. 2. Be honest about entropy estimation. 3. Propagate full entropy as soon as possible. 4. Simplify the APIs. 5. Reduce overhead of rnd_add_data and cprng_strong. 6. Reduce side channels of HWRNG data and human input sources. 7. Improve visibility of operation with sysctl and event counters. Caveat: rngtest is no longer used generically for RND_TYPE_RNG rndsources. Hardware RNG devices should have hardware-specific health tests. For example, checking for two repeated 256-bit outputs works to detect AMD's 2019 RDRAND bug. Not all hardware RNGs are necessarily designed to produce exactly uniform output. ENTROPY POOL - A Keccak sponge, with test vectors, replaces the old LFSR/SHA-1 kludge as the cryptographic primitive. - `Entropy depletion' is available for testing purposes with a sysctl knob kern.entropy.depletion; otherwise it is disabled, and once the system reaches full entropy it is assumed to stay there as far as modern cryptography is concerned. - No `entropy estimation' based on sample values. Such `entropy estimation' is a contradiction in terms, dishonest to users, and a potential source of side channels. It is the responsibility of the driver author to study the entropy of the process that generates the samples. - Per-CPU gathering pools avoid contention on a global queue. - Entropy is occasionally consolidated into global pool -- as soon as it's ready, if we've never reached full entropy, and with a rate limit afterward. Operators can force consolidation now by running sysctl -w kern.entropy.consolidate=1. - rndsink(9) API has been replaced by an epoch counter which changes whenever entropy is consolidated into the global pool. . Usage: Cache entropy_epoch() when you seed. If entropy_epoch() has changed when you're about to use whatever you seeded, reseed. . Epoch is never zero, so initialize cache to 0 if you want to reseed on first use. . Epoch is -1 iff we have never reached full entropy -- in other words, the old rnd_initial_entropy is (entropy_epoch() != -1) -- but it is better if you check for changes rather than for -1, so that if the system estimated its own entropy incorrectly, entropy consolidation has the opportunity to prevent future compromise. - Sysctls and event counters provide operator visibility into what's happening: . kern.entropy.needed - bits of entropy short of full entropy . kern.entropy.pending - bits known to be pending in per-CPU pools, can be consolidated with sysctl -w kern.entropy.consolidate=1 . kern.entropy.epoch - number of times consolidation has happened, never 0, and -1 iff we have never reached full entropy CPRNG_STRONG - A cprng_strong instance is now a collection of per-CPU NIST Hash_DRBGs. There are only two in the system: user_cprng for /dev/urandom and sysctl kern.?random, and kern_cprng for kernel users which may need to operate in interrupt context up to IPL_VM. (Calling cprng_strong in interrupt context does not strike me as a particularly good idea, so I added an event counter to see whether anything actually does.) - Event counters provide operator visibility into when reseeding happens. INTEL RDRAND/RDSEED, VIA C3 RNG (CPU_RNG) - Unwired for now; will be rewired in a subsequent commit.
1.182	15-Jan-2020	ad	Merge from yamt-pagecache (after much testing): - Reduce unnecessary page scan in putpages esp. when an object has a ton of pages cached but only a few of them are dirty. - Reduce the number of pmap operations by tracking page dirtiness more precisely in uvm layer.
1.181	20-Dec-2019	ad	branches: 1.181.2; Split subr_cpu.c out of kern_cpu.c, to contain routines shared with rump.
1.180	16-Dec-2019	ad	- Extend the per-CPU counters matt@ did to include all of the hot counters in UVM, excluding uvmexp.free, which needs special treatment and will be done with a separate commit. Cuts system time for a build by 20-25% on a 48 CPU machine w/DIAGNOSTIC. - Avoid 64-bit integer divide on every fault (for rnd_add_uint32).
1.179	15-Dec-2019	ad	Merge from yamt-pagecache: - do gang lookup of pages using radixtree. - remove now unused uvm_object::uo_memq and vm_page::listq.queue.
1.178	12-Dec-2019	pgoyette	Eliminate per-hook duplication of common code as suggested by (and with major contributions from) riastradh@ Welcome to 9.99.23
1.177	13-Oct-2019	mrg	introduce some common variables for use in GCC warning disables: GCC_NO_FORMAT_TRUNCATION -Wno-format-truncation (GCC 7/8) GCC_NO_STRINGOP_TRUNCATION -Wno-stringop-truncation (GCC 8) GCC_NO_STRINGOP_OVERFLOW -Wno-stringop-overflow (GCC 8) GCC_NO_CAST_FUNCTION_TYPE -Wno-cast-function-type (GCC 8) use these to turn off warnings for most GCC-8 complaints. many of these are false positives, most of the real bugs are already commited, or are yet to come. we plan to introduce versions of (some?) of these that use the "-Wno-error=" form, which still displays the warnings but does not make it an error, and all of the above will be re-considered as either being "fix me" (warning still displayed) or "warning is wrong."
1.176	02-Sep-2019	riastradh	Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. Benefits: - larger seeds -- a 128-bit key alone is not enough for `128-bit security' - better resistance to timing side channels than AES - a better-understood security story (https://eprint.iacr.org/2018/349) - no loss in compliance with US government standards that nobody ever got fired for choosing, at least in the US-dominated western world - no dirty endianness tricks - self-tests Drawbacks: - performance hit: throughput is reduced to about 1/3 in naive measurements => possible to mitigate by using hardware SHA-256 instructions => all you really need is 32 bytes to seed a userland PRNG anyway => if we just used ChaCha this would go away... XXX pullup-7 XXX pullup-8 XXX pullup-9
1.175	13-May-2019	bad	branches: 1.175.2; On the one thousand and ninth day rump's mainbus was moved from rumpdev to rumpkern, liberating all rumpnet users from the need to -lrumpdev -lrumpvfs just because a loopback interface is mandatory. Rename rumpdev/autoconf.c to rumpkern/rump_autoconf.c to avoid accidentally picking up e.g. sys/arch/amd64/amd64/autoconf.c through make's .PATH. Move rumpdev/MAINBUS.ioconf to rumpkern.
1.174	27-Jan-2019	pgoyette	Merge the [pgoyette-compat] branch
1.173	24-Dec-2018	thorpej	Add threadpool(9), an abstraction that provides shared pools of kernel threads running at specific priorities, with support for unbound pools and per-cpu pools. Written by riastradh@, and based on the May 2014 draft, with a few changes by me: - Working on the assumption that a relative few priorities will actually be used, reduce the memory footprint by using linked lists, rather than 2 large (and mostly empty) tables. The performance impact is essentially nil, since these lists are consulted only when pools are created (and destroyed, for DIAGNOSTIC checks), and the lists will have at most 225 entries. - Make threadpool job object, which the caller must allocate storage for, really opaque. - Use typedefs for the threadpool types, to reduce the verbosity of the API somewhat. - Fix a bunch of pool / worker thread / job object lifecycle bugs. Also include an ATF unit test, written by me, that exercises the basics of the API by loading a kernel module that exposes several sysctls that allow the ATF test script to create and destroy threadpools, schedule a basic job, and verify that it ran. And thus NetBSD 8.99.29 has arrived.
1.172	16-Dec-2018	rmind	Import thmap -- a concurrent trie-hash map, combining the elements of hashing and radix trie. It supports lock-free lookups and concurrent inserts/deletes. It is designed to be optimal as a general purpose concurrent associative array. Upstream: https://github.com/rmind/thmap Discussed on tech-kern@
1.171	14-Sep-2018	mrg	retire kern_xxx.c. long live kern_xxx.c. split it into kern_reboot.c and kern_scdebug.c. while here, add my copyright to kern_scdebug.c as it was largely rewritten for kernhist support.
1.170	25-Jul-2017	ozaki-r	branches: 1.170.2; 1.170.4; Add localcount to rump kernels
1.169	08-Apr-2017	christos	branches: 1.169.4; 1.169.6; adjust flag.
1.168	20-Aug-2016	christos	branches: 1.168.2; need kern_ssp.c for a full SSP build.
1.167	11-Apr-2016	ozaki-r	branches: 1.167.2; Add psref to rump kernel
1.166	26-Jan-2016	pooka	nuke a few missed -Ifactiondir CPPFLAGSitions.
1.165	19-Oct-2015	pooka	Add a COMMENT describing what each component roughly does. "make describe" prints the comment. Requested/inspired by Vincent Schwarzer on rumpkernel-users
1.164	15-Sep-2015	pooka	Use the more widely accepted version of alphabetical order.
1.163	31-Aug-2015	ozaki-r	Allow rumpkernel to use rw_obj_*
1.162	21-Aug-2015	christos	Remove KERN.ioconf, ksyms does not really need it.
1.161	20-Aug-2015	christos	generate ioconf.h for pseudo-device attach prototype
1.160	17-Jun-2015	pooka	Remove unreal allocators, unconditionally use subr_{kmem,pool}. Will, with other work, allow to tighten the memory allocation hypercall specification to page-granularity allocations in the future.
1.159	23-Apr-2015	pooka	Rename RUMP_COMPAT to RUMP_NBCOMBAT to better signify what the variable does.
1.158	23-Apr-2015	pooka	g/c the never-used and never-useful hyperstubs.c
1.157	22-Apr-2015	pooka	Build compat code only when specified by RUMP_COMPAT
1.156	22-Apr-2015	pooka	Include kern_clock.c in rump kernels.
1.155	14-Apr-2015	riastradh	Fix rump build: rndpseudo_50.c now needed by kernel, not rnd device.
1.154	04-Feb-2015	pooka	default newvers.sh parameters to reproducible build
1.153	07-Jan-2015	pooka	Move sysproxy support into a separate component, rumpkern_sysproxy, instead of it being always provided by the rump kernel base. This move accomplishes two things: 1) it is no longer necessary to provide sysproxy hypercall stubs for platforms which do not want to use sysproxy 2) it is easier to reason about the security aspects, since configurations not linking the sysproxy component simply do not support remote system calls discussed on rumpkernel-users
1.152	03-Jan-2015	pooka	Put all sysproxy routines to their own C module, sysproxy.c
1.151	02-Dec-2014	pooka	Remove shlib_version files and just use Makefile SHLIB_MAJOR/MINOR, with the default provided by Makefile.rump (they're all 0.0 anyway)
1.150	09-Nov-2014	pooka	branches: 1.150.2; Move rump kernel man pages from various sources to sys/rump namely: * src/lib is used only when building for POSIX'y platforms, but the man pages have their use for all platforms * rumpuser.3 is a function of the rump kernel, not one of the of the POSIX'y implementation hosted in src/lib/librumpuser no functional change
1.149	11-Aug-2014	matt	Add MKCOMPAT support for aarch64 (COMPAT_MACHINE_CPU)
1.148	10-Aug-2014	tls	branches: 1.148.2; 1.148.4; 1.148.8; Merge tls-earlyentropy branch into HEAD.
1.147	05-Jun-2014	rmind	librump: include pcq(9) interface.
1.146	27-Apr-2014	pooka	Eliminate weak symbols from rump kernel syscall handlers, part 7: Build component constructors which establish syscalls at boottime.
1.145	25-Apr-2014	pooka	gardenize rump.c: move data structure helper routines to accessors.c
1.144	25-Apr-2014	pooka	Move the etfs linkage from rumpvfs to rumpkern, and replace the weak alias show with an honest pointer indirection. No client-visible change. (apart from this version working e.g. on musl w/ dlopen)
1.143	04-Apr-2014	njoly	branches: 1.143.2; Add compat 50 time syscalls, needed by rump sys_linux.
1.142	02-Apr-2014	pooka	Put nanosleep() and folks in librump instead of maintaining them in the separate rumpkern_time component. Keeping time-related routines elsewhere lead to some illogical behavior if you didn't think of linking in rumpkern_time (hands up everyone who checks the return value of nanosleep()). Add warnings if rumpkern_time is linked or used. I'll remove it in a month or two instead of now since it was part of a buildrump.sh snapshot and it's nicer if trying to use it gives a warning instead of an error in the next snapshot. "everything should be as modular as possible, but no more modular than that"
1.141	15-Mar-2014	pooka	Use uniprocessor-optimized locking in RUMP_LOCKS_UP=yes (default: no)
1.140	13-Mar-2014	pooka	Allow multiple "rumpcomp_user" source modules to be specified by introducing RUMPCOMP_USER_SRCS. Make RUMPCOMP_USER issue a deprecation warning, but for compat make it set RUMPCOMP_USER_SRCS=rumpcomp_user.c for now.
1.139	10-Mar-2014	pooka	Move the "is arch capable of loading native kernel modules into rump kernel" clauses from bsd.own.mk to Makefile.rump. Also, add a rump_nativeabi_p() call to determine if rump kernel is compiled with native ABI support.
1.138	28-Feb-2014	matt	Use the new FEAT_LDREX to replace ARMV6/ARMV7
1.137	18-Feb-2014	pooka	Use same uvm_swap_shutdown() stub for !vmswap kernels and rump kernels.
1.136	12-Feb-2014	pooka	Rototill a bit, and attempt to disguise it as non-gratuitous. Add arch/generic and move non-x86 files from rumpkern/ there. Also, move files from arch/i386 to arch/x86, and make both i386 and x86_64 use those. This clarifies the situation with what is MD vs. MI code. renames: rumpcpu_generic,kobj_stubs,pmap_stubs => arch/generic/rump_generic_$x arch/i386/* => arch/x86/rump_x86_$x (for those who forget, x86 requires MD code because rump kernels use the same ABI as kernel modules)
1.135	17-Jan-2014	pooka	Use subr_cprng.c instead of stub implementation. Rijndael migrates from rumpkern_crypto to rumpkern due to it being mandatory for cprng.
1.134	09-Dec-2013	pooka	Make ktrace a compile-time option
1.133	09-Dec-2013	pooka	Support ktrace for rump kernels. Requested by Justin Cormack on rumpkernel-users.
1.132	07-Sep-2013	pooka	Add an initial console device and open fd's 0/1/2 for initproc. This is again useful in standalone-type environments such as Xen, where all printf/etc calls go through the rump kernel.
1.131	03-Sep-2013	pooka	+ don't rename rump_syscalls.*o + support RUMP_KERNEL_IS_LIBC
1.130	22-Aug-2013	matt	Teach this about ARMV7
1.129	18-Jul-2013	matt	Coldfire uses atomic_cas_generic.c
1.128	23-Jun-2013	riastradh	branches: 1.128.2; 1.128.4; Rework rndsink(9) abstraction and adapt arc4random(9) and cprng(9). rndsink(9): - Simplify API. - Simplify locking scheme. - Add a man page. - Avoid races in destruction. - Avoid races in requesting entropy now and scheduling entropy later. Periodic distribution of entropy to sinks reduces the need for the last one, but this way we don't need to rely on periodic distribution (e.g., in a future tickless NetBSD). rndsinks_lock should probably eventually merge with the rndpool lock, but we'll put that off for now. cprng(9): - Make struct cprng_strong opaque. - Move rndpseudo.c parts that futz with cprng guts to subr_cprng.c. - Fix kevent locking. (Is kevent locking documented anywhere?) - Stub out rump cprng further until we can rumpify rndsink instead. - Strip code to grovel through struct cprng_strong in fstat.
1.127	01-May-2013	pooka	Actually, there's no point in unconditionally compiling in weak stubs which will never be used in the NetBSD build. Comment hyperstubs.c out from SRCS, but retain the source module as documentation.
1.126	30-Apr-2013	pooka	weak stubs for optional hypercalls
1.125	27-Apr-2013	pooka	* treat kern_malloc.c as an unreal allocator (it's so lightweight) * get rid of the rumpuser_realloc() hypercall * pass size to rumpuser_free()
1.124	15-Mar-2013	pooka	Allow Makefile.rump to append to SRCS.
1.123	10-Mar-2013	pooka	Use kern_malloc.c instead of the relegated allocators in memalloc.c. Previously this didn't make sense due to the use of kmem_map, but the new malloc is more dynamic and puts sense into using it.
1.122	10-Mar-2013	pooka	Always include subr_vmem.c, even with RUMP_UNREAL_ALLOCATORS=yes (previously it was just missing in that case). Record wchan to unreal pool_init() to avoid memory leak warning.
1.121	30-Dec-2012	pooka	Take into account armv6 hacks from common/lib/libc/arch/arm/atomic to allow this to build with -march=armv6k
1.120	04-Nov-2012	apb	Add references to ${_NETBSD_VERSION_DEPENDS} for files that need to be re-created when the NetBSD version changes. They will also be re-created when any build settings are changed.
1.119	20-Jul-2012	pooka	branches: 1.119.2; Make it possible to select between real and unreal allocators from make. Plus some gratuitous renaming.
1.118	22-Jun-2012	rmind	rumpkern: - Add subr_kcpuset.c and subr_pserialize.c modules. - Add kcpuset_{running,attached} for RUMP env.
1.117	29-Apr-2012	rmind	G/C kern_malloc_stdtype.c
1.116	10-Mar-2012	joerg	P1003_1B_SEMAPHORE is no longer optional.
1.115	02-Feb-2012	tls	branches: 1.115.2; Entropy-pool implementation move and cleanup. 1) Move core entropy-pool code and source/sink/sample management code to sys/kern from sys/dev. 2) Remove use of NRND as test for presence of entropy-pool code throughout source tree. 3) Remove use of RND_ENABLED in device drivers as microoptimization to avoid expensive operations on disabled entropy sources; make the rnd_add calls do this directly so all callers benefit. 4) Fix bug in recent rnd_add_data()/rnd_add_uint32() changes that might have lead to slight entropy overestimation for some sources. 5) Add new source types for environmental sensors, power sensors, VM system events, and skew between clocks, with a sample implementation for each. ok releng to go in before the branch due to the difficulty of later pullup (widespread #ifdef removal and moved files). Tested with release builds on amd64 and evbarm and live testing on amd64.
1.114	04-Dec-2011	jym	Implement the register/deregister/evaluation API for secmodel(9). It allows registration of callbacks that can be used later for cross-secmodel "safe" communication. When a secmodel wishes to know a property maintained by another secmodel, it has to submit a request to it so the other secmodel can proceed to evaluating the request. This is done through the secmodel_eval(9) call; example: bool isroot; error = secmodel_eval("org.netbsd.secmodel.suser", "is-root", cred, &isroot); if (error == 0 && !isroot) result = KAUTH_RESULT_DENY; This one asks the suser module if the credentials are assumed to be root when evaluated by suser module. If the module is present, it will respond. If absent, the call will return an error. Args and command are arbitrarily defined; it's up to the secmodel(9) to document what it expects. Typical example is securelevel testing: when someone wants to know whether securelevel is raised above a certain level or not, the caller has to request this property to the secmodel_securelevel(9) module. Given that securelevel module may be absent from system's context (thus making access to the global "securelevel" variable impossible or unsafe), this API can cope with this absence and return an error. We are using secmodel_eval(9) to implement a secmodel_extensions(9) module, which plugs with the bsd44, suser and securelevel secmodels to provide the logic behind curtain, usermount and user_set_cpu_affinity modes, without adding hooks to traditional secmodels. This solves a real issue with the current secmodel(9) code, as usermount or user_set_cpu_affinity are not really tied to secmodel_suser(9). The secmodel_eval(9) is also used to restrict security.models settings when securelevel is above 0, through the "is-securelevel-above" evaluation: - curtain can be enabled any time, but cannot be disabled if securelevel is above 0. - usermount/user_set_cpu_affinity can be disabled any time, but cannot be enabled if securelevel is above 0. Regarding sysctl(7) entries: curtain and usermount are now found under security.models.extensions tree. The security.curtain and vfs.generic.usermount are still accessible for backwards compat. Documentation is incoming, I am proof-reading my writings. Written by elad@, reviewed and tested (anita test + interact for rights tests) by me. ok elad@. See also http://mail-index.netbsd.org/tech-security/2011/11/29/msg000422.html XXX might consider va0 mapping too. XXX Having a secmodel(9) specific printf (like aprint_*) for reporting secmodel(9) errors might be a good idea, but I am not sure on how to design such a function right now.
1.113	27-Nov-2011	tsutsui	branches: 1.113.2; Revert "stopcap fix" for rump by christos, which causes build failure on most non-x86 ports and seems unnecessary. (caused by wrong rump_namei.h?)
1.112	25-Nov-2011	christos	Add subr_open_disk.c for getdiskinfo(). Once we get rid of getdiskinfo, this will not be needed.
1.111	19-Nov-2011	tls	First step of random number subsystem rework described in <20111022023242.BA26F14A158@mail.netbsd.org>. This change includes the following: An initial cleanup and minor reorganization of the entropy pool code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are fixed. Some effort is made to accumulate entropy more quickly at boot time. A generic interface, "rndsink", is added, for stream generators to request that they be re-keyed with good quality entropy from the pool as soon as it is available. The arc4random()/arc4randbytes() implementation in libkern is adjusted to use the rndsink interface for rekeying, which helps address the problem of low-quality keys at boot time. An implementation of the FIPS 140-2 statistical tests for random number generator quality is provided (libkern/rngtest.c). This is based on Greg Rose's implementation from Qualcomm. A new random stream generator, nist_ctr_drbg, is provided. It is based on an implementation of the NIST SP800-90 CTR_DRBG by Henric Jungheim. This generator users AES in a modified counter mode to generate a backtracking-resistant random stream. An abstraction layer, "cprng", is provided for in-kernel consumers of randomness. The arc4random/arc4randbytes API is deprecated for in-kernel use. It is replaced by "cprng_strong". The current cprng_fast implementation wraps the existing arc4random implementation. The current cprng_strong implementation wraps the new CTR_DRBG implementation. Both interfaces are rekeyed from the entropy pool automatically at intervals justifiable from best current cryptographic practice. In some quick tests, cprng_fast() is about the same speed as the old arc4randbytes(), and cprng_strong() is about 20% faster than rnd_extract_data(). Performance is expected to improve. The AES code in src/crypto/rijndael is no longer an optional kernel component, as it is required by cprng_strong, which is not an optional kernel component. The entropy pool output is subjected to the rngtest tests at startup time; if it fails, the system will reboot. There is approximately a 3/10000 chance of a false positive from these tests. Entropy pool _input_ from hardware random numbers is subjected to the rngtest tests at attach time, as well as the FIPS continuous-output test, to detect bad or stuck hardware RNGs; if any are detected, they are detached, but the system continues to run. A problem with rndctl(8) is fixed -- datastructures with pointers in arrays are no longer passed to userspace (this was not a security problem, but rather a major issue for compat32). A new kernel will require a new rndctl. The sysctl kern.arandom() and kern.urandom() nodes are hooked up to the new generators, but the /dev/*random pseudodevices are not, yet. Manual pages for the new kernel interfaces are forthcoming.
1.110	12-Jun-2011	mrg	branches: 1.110.2; include uvm_object.c in the rump kernel for the new uvm_obj* functions. don't build the uvm_object.c uvm_object_printit() for _RUMPKERNEL. (XXX) add empty panic() stubs for uvm_loanbreak() and ubc_purge(). fixes some more 5.99.53 rump build issues.
1.109	19-May-2011	joerg	branches: 1.109.2; Spell --fatal-warnings with two hyphens
1.108	21-Mar-2011	joerg	Include bsd.own.mk before making decisions based on mk.conf.
1.107	17-Jan-2011	pooka	use compat code from sys/compat/common
1.106	06-Jan-2011	pooka	branches: 1.106.2; Support LOCKDEBUG. To use it, compile sys/rump with RUMP_LOCKDEBUG=yes. requested by martin (sparc64 gdb cannot reliably produce a stack trace)
1.105	04-Jan-2011	pooka	Add SMP support for all architectures. tested on sparc64 by martin
1.104	17-Dec-2010	joerg	Support MKREPRO
1.103	26-Nov-2010	pooka	Duh, it's x86_64, not amd64. This should make the races which require SMP trigger in the amd64/qemu runs again.
1.102	22-Nov-2010	pooka	rename atomic_cas_up to rump_atomic_cas_up to avoid collisions
1.101	21-Nov-2010	pooka	Encode smp-capability into the makefile so that it can be used to avoid potential screwups.
1.100	21-Nov-2010	pooka	Add a lockless uniprocessor version of atomic_cas_generic.c, which is currently used by all the archs that previously used cas_generic.
1.99	21-Nov-2010	pooka	Realize the >1yo comment above rump_reboot and retire them to make room for sys_reboot.
1.98	27-Oct-2010	pooka	"i build dead files". ok, so let's not.
1.97	06-Sep-2010	pooka	Use standard uvm aobj pager. Most of the kernel aobj pager complexity comes from swap handling, but that is included only with VMSWAP.
1.96	01-Sep-2010	pooka	Implement rump_lwproc: the new lwp/proc management routines for rump. These move the management of the pid/lwpid space from the application into the kernel, make code more robust, and make it possible to attach multiple lwp's to non-proc0 processes.
1.95	30-Aug-2010	pooka	Include kern_prot.c for setuid etc.
1.94	30-Aug-2010	pooka	Use one line per sys/kern source module. no functional change.
1.93	21-Aug-2010	pgoyette	Add the new kern_cfglock.c to rump.
1.92	19-Jul-2010	pooka	* move stat syscalls to newstyle compat * implement compat for pollts
1.91	16-Jun-2010	pooka	Reinstate the blanket pmap.h for archs which do not conform to the kernel ABI (i.e. not i386 or amd64). Due to the "half function, half macro, all noodles" nature of pmap.h, it's too entangling and too brittle to keep up with an ifdeffy MI implementation.
1.90	13-Jun-2010	pooka	Fix previous in emul.c -- only numbers are operands for cpp comparisons. Apparently non-numbers logically produce arch-dependent behaviour.
1.89	10-Jun-2010	pooka	Use kern_proc.c instead of a collection of stubs. But what we really wanted from this commit was the support for proc_specificdata. TODO: make creating a new process actually use kern_proc and maybe even add an interface which starts a process with "any pid you don't like"
1.88	06-Jun-2010	njoly	Make vers.c depend on sys/param.h too, to ensure that this file is regenerated for on kernel version bump. Avoids __NetBSD_Version__ and osrelease out of sync problem for mkupdate builds. ok from pooka@.
1.87	18-May-2010	pooka	Whoops, default to MP locking.
1.86	18-May-2010	pooka	Add uniprocessor versions of mutex/rw/cv. They work only on virtual unicpu configurations (i.e. RUMP_NCPU==1), but are massively faster than the multiprocessor versions since the fast path does not have to perform any cache coherent operations. _Applications_ with lock-happy kernel paths, i.e. _not_ lock microbenchmarks, measure up to tens of percents speedup on my Core2 Duo. Every globally atomic state required by normal locks/atomic ops implies a hideous speed penalty even for the fast path. While this requires a unicpu configuration, it should be noted that we are talking about a virtual unicpu configuration. The host can have as many processors as it desires, and the speed benefit of virtual unicpu is still there. It's pretty obvious that in terms of scalability simple workload partitioning and replication into multiple kernels wins hands down over complicated locking or locklessing algorithms which depend on globally atomic state.
1.85	18-May-2010	pooka	Move routines related to kernel locking and scheduling from locks.c to klock.c. No functional change.
1.84	11-May-2010	pooka	Actually, push defining _RUMPKERNEL down to libkern, since it's not needed elsewhere.
1.83	11-May-2010	pooka	Limit visibility of _RUMPKERNEL to prevent abuse.
1.82	30-Apr-2010	pooka	Include devsw_conv0 from an i386 kernel compilation (no, we don't care about the arch as long as all the devices we care about are present). The file should be autogenerated, but that requires some more changes to config(1).
1.81	26-Apr-2010	pooka	Implement kobj_renamespace() for rump. Support for a few archs is missing, but that doesn't really matter, since they are living in their own "everything is a macro" happyland and don't support the native kernel ABI anyway.
1.80	21-Apr-2010	pooka	Move sys_module from vfs to kern -- while modules cannot be loaded, there's not forbidden about querying the list of (builtin) modules even when running without vfs.
1.79	21-Apr-2010	pooka	support kern_resource
1.78	21-Apr-2010	pooka	Move all signal-related from emul.c to signals.c. Additionally, define a few alternate signal models for the rump kernel, including ones where signals are ignored or sent to host processes.
1.77	14-Apr-2010	pooka	Use kern_syscall.c instead of homegrown syscall dis/establishment routines.
1.76	14-Apr-2010	pooka	Include kern_tc and use a timecounter driver instead of homerolled kern_tc implementation.
1.75	12-Apr-2010	pooka	support lwp specificdata
1.74	16-Feb-2010	pooka	branches: 1.74.2; Globally define -Wno-pointer-sign, as it has become a pointless exercise of "add it to every Makefile individually". XXX: should autosynchronize with the rest of the kernel buildflags in sys/conf/Makefile.kern.inc.
1.73	31-Jan-2010	pooka	branches: 1.73.2; Include newly-created subr_device.c and remove few special case device accessor copypastes. This makes it possible to link static binaries which use -lrumpdev.
1.72	31-Jan-2010	pooka	include kern_hook.c
1.71	15-Jan-2010	pooka	Use subr_percpu.c instead of homegrown implementation. ...except when using malloc(3)-relegated allocators (happens in production e.g. on Linux), since subr_percpu.c uses vmem and i don't want to reimplement vmem.
1.70	16-Dec-2009	pooka	update to newnewvers.sh usage
1.69	16-Dec-2009	pooka	Generate vers.c and include it in the kernel component.
1.68	14-Dec-2009	matt	Make librump play with mips nicely. Define ARCH_ELFSIZE for mips to be 32. This works for N64 kernels because objcopy them to be 32bit to the bootloaders can handle them.
1.67	13-Dec-2009	mrg	rename LD32DIR to MLIBDIR.
1.66	01-Dec-2009	pooka	Include cpu crosscall support (instead of stubbing it out).
1.65	27-Nov-2009	pooka	Now that Makefile.rump was changed and everything gets built in update builds too, flip the allocator define to prefer the kernel pool/kmem instead of malloc(3). Use malloc(3) only if RUMP_USE_UNREAL_ALLOCATORS is defined.
1.64	26-Nov-2009	pooka	include sys_pipe.c
1.63	06-Nov-2009	pooka	Enable kernel kmem/vmem/pool/pool_cache by default again instead of malloc(3) allocators.
1.62	04-Nov-2009	pooka	misc_stub and emul have been the same thing for a looong time now, so just move the few remaining routines in misc_stub to emul.
1.61	04-Nov-2009	pooka	Give the kthread->pthread interface emulation its own module.
1.60	04-Nov-2009	pooka	Pull all relegating memory allocators under a common roof in memalloc.c
1.59	04-Nov-2009	pooka	move copy-related routines to their own module
1.58	04-Nov-2009	pooka	Use std. uiomove() & friends.
1.57	04-Nov-2009	pooka	Use kern_mutex_obj.c directly instead of copypasting code.
1.56	03-Nov-2009	pooka	move module to SRCS where it logically belongs. no functional change.
1.55	20-Oct-2009	pooka	Actually, put uvm_readahead into rumpkern, since while it's technically vfs stuff, sys_descrip depends on it and readahead itself uses only the pager interface.
1.54	19-Oct-2009	christos	treat sun2 like the other losing platforms.
1.53	16-Oct-2009	pooka	Include sys_select.c for proper select()/poll() support.
1.52	15-Oct-2009	pooka	Add initial work on a rump virtual cpu scheduler. This is necessary for kernel code which has been written to avoid MP contention by using cpu-local storage (most prominently, select and pool_cache). Instead of always assuming rump_cpu, the scheduler must now be run (and unrun) on all entry points into rump. Likewise, rumpuser unruns and re-runs the scheduler around each potentially blocking operation. As an optimization, I modified some locking primitives to try to get the lock without blocking before releasing the cpu. Also, ltsleep was modified to assume that it is never called without the biglock held and made to use the biglock as the sleep interlock. Otherwise there is just too much drama with deadlocks. If some kernel code wants to call ltsleep without the biglock, then, snif, it's no longer supported and rump and should be modified to support newstyle locks anyway.
1.51	14-Oct-2009	pooka	Adjust rump sources for external/internal interfaces. No functional change.
1.50	02-Oct-2009	elad	First part of secmodel cleanup and other misc. changes: - Separate the suser part of the bsd44 secmodel into its own secmodel and directory, pending even more cleanups. For revision history purposes, the original location of the files was src/sys/secmodel/bsd44/secmodel_bsd44_suser.c src/sys/secmodel/bsd44/suser.h - Add a man-page for secmodel_suser(9) and update the one for secmodel_bsd44(9). - Add a "secmodel" module class and use it. Userland program and documentation updated. - Manage secmodel count (nsecmodels) through the module framework. This eliminates the need for secmodel_{,de}register() calls in secmodel code. - Prepare for secmodel modularization by adding relevant module bits. The secmodels don't allow auto unload. The bsd44 secmodel depends on the suser and securelevel secmodels. The overlay secmodel depends on the bsd44 secmodel. As the module class is only cosmetic, and to prevent ambiguity, the bsd44 and overlay secmodels are prefixed with "secmodel_". - Adapt the overlay secmodel to recent changes (mainly vnode scope). - Stop using link-sets for the sysctl node(s) creation. - Keep sysctl variables under nodes of their relevant secmodels. In other words, don't create duplicates for the suser/securelevel secmodels under the bsd44 secmodel, as the latter is merely used for "grouping". - For the suser and securelevel secmodels, "advertise presence" in relevant sysctl nodes (sysctl.security.models.{suser,securelevel}). - Get rid of the LKM preprocessor stuff. - As secmodels are now modules, there's no need for an explicit call to secmodel_start(); it's handled by the module framework. That said, the module framework was adjusted to properly load secmodels early during system startup. - Adapt rump to changes: Instead of using empty stubs for securelevel, simply use the suser secmodel. Also replace secmodel_start() with a call to secmodel_suser_start(). - 5.99.20. Testing was done on i386 ("release" build). Spearated module_init() changes were tested on sparc and sparc64 as well by martin@ (thanks!). Mailing list reference: http://mail-index.netbsd.org/tech-kern/2009/09/25/msg006135.html
1.49	02-Oct-2009	pooka	Include humanize and extent support in rumpkern.
1.48	16-Sep-2009	pooka	include init_sysctl_base.c
1.47	06-Sep-2009	pooka	Run rump_dev_init() where available.
1.46	02-Jun-2009	pooka	include syscalls.c
1.45	02-May-2009	pooka	branches: 1.45.2; Do not include securelevel, it includes too many dependencies on vfs in its current form.
1.44	29-Apr-2009	pooka	Add proof-of-concept code for enabling system calls to rump virtual kernels running in other processes on the same machine or on an entirely different host. I wrote this a while ago and am now committing it mainly to avoid losing it. It works, but could do with a little tuning here and there. What this will hopefully eventually buy us is the ability to use standard userland tools to configure rump kernels, e.g. ifconfig(8) and route(8) could be used to configure the networking stack provided by a rump kernel. Also some distributed OS implications may apply. fun fact: a system call which just does copyin/copyout takes >1000x longer when made over the LAN as compared to when made on the same machine.
1.43	16-Apr-2009	pooka	When I switched to real kauth, I forgot to include a secmodel. Fix this oversight by including bsd44. Makes permissions for p2k work again.
1.42	29-Mar-2009	pooka	include subr_evcnt
1.41	18-Mar-2009	pooka	Support kqueue in the rump virtual kernel.
1.40	30-Jan-2009	pooka	branches: 1.40.2; Turn of real allocators and fall back to malloc(3) for the time being. Since we have many threads but pretend to have only one cpu, the pool code runs into concurrency trouble for cpu-private data.
1.39	23-Jan-2009	pooka	Add a compile-time option to use kmem/vmem/pools from the kernel sources instead of homegrown allocators. Default to "on", even though they appear to be a few percent slower at least on short jobs (e.g. untar to tmpfs).
1.38	18-Jan-2009	he	Change the use of formally undocumented features, which have now been made to fail. Specifically, change .ifdef(SYMBOL) -> .ifdef SYMBOL or .if defined(SYMBOL), and corresponding for .ifndef. Also correct one error in lib/libm/Makefile (.ifdef (${MKCOMPLEX} != "no")?!?).
1.37	14-Jan-2009	pooka	Do rump kernel symbol protection for vax. All archs support it now.
1.36	12-Jan-2009	pooka	* Add adapted version of the userspace atomic_cas ops for platforms lacking special instructions. We always use the spinlocked version (could use RAS on UP NetBSD host, but it's not portable). * Add platform-based symbol quirk tables for selectively not renaming toolchain symbols for some platforms. Although, this should really depend on the (toolchain,platform)-tuple and not just the platform. This allows arm, hppa, mips and sh3 to build succesfully with an isolated rump kernel namespace. ... now, one arch remains: vax. you must compile vax. then, only then will you MI be.
1.35	08-Jan-2009	pooka	Remove vax MD source which is now brought in automatically via libkern.
1.34	06-Jan-2009	pooka	adjust LD32DIR comment. per discussion with mrg
1.33	05-Jan-2009	pooka	Rename malloc() to kern_malloc() to avoid name conflict with libc. Now it is possible to use the kernel linker with rump.
1.32	05-Jan-2009	pooka	Assemble with _LOCORE.
1.31	04-Jan-2009	pooka	Include libkern contents in librump.
1.30	02-Jan-2009	pooka	Add kludge to allow amd64 compat to build. This is not a proper fix which most likely requires some compat lib build infra toggle.
1.29	02-Jan-2009	pooka	Include kernel printf routines in rump instead of relying on the magic libc symbol. This also allows to bid farewell to subr_prf2.c and merge the contents back to subr_prf.c. The host kernel bridging is now done via rumpuser_putchar().
1.28	01-Jan-2009	pooka	Purge multiple kernel opt files.
1.27	01-Jan-2009	pooka	Define MODULAR for rump core components. This enables module loading via the kernel module framework (instead of dlopen()). For now it only works on amd64 and i386, but for the rest it should just be a matter of including the relevant kobj_machdep.c modules from the kernel sources.
1.26	31-Dec-2008	pooka	Include rb.c instead of relying on it being in libc.
1.25	30-Dec-2008	pooka	-I${RUMPTOP}/librump/rumpkern so that build from src/lib works. noted by Geoff Wing on current-users
1.24	29-Dec-2008	pooka	Switch i386 away from rump/include/machine. This means that rump on i386 now uses the native kernel ABI. This in turn means that rump modules and kernel modules are binary equivalent and can be used interchangeably.
1.23	29-Dec-2008	pooka	include subr_devsw in rumpkern
1.22	18-Dec-2008	pooka	include snprintb
1.21	18-Dec-2008	pooka	.PATH maintenance
1.20	19-Nov-2008	pooka	Split vfs out of rumpkern into rumpvfs. Non-fs rumps no longer include the file system code. File system rumps explicitly need to include rumpvfs from now on.
1.19	18-Nov-2008	pooka	cwd is logically a vfs concept, so take it out from the bosom of kern_descrip and into vfs_cwd. No functional change.
1.18	17-Nov-2008	pooka	Move rump public headers to include/rump
1.17	25-Oct-2008	apb	branches: 1.17.2; 1.17.4; Use ${TOOL_SED} instead if plain sed in Makefiles.
1.16	15-Oct-2008	pooka	branches: 1.16.2; Add support bits necessary for rumpnet functionality.
1.15	11-Oct-2008	pooka	Move uidinfo to its own module in kern_uidinfo.c and include in rump. No functional change to uidinfo.
1.14	10-Oct-2008	pooka	Add a simple percpu implementation (which isn't actually percpu at all, since we don't currently have the notion of "real" cpu in rump...but that's beyond the point).
1.13	10-Oct-2008	pooka	Support callouts and call callout_hardclock() from the timer interrupt thread. The sleepq implementation required for callouts is horrible, kludged only for callouts, and generally unacceptable. It needs revisiting, but I'm not sure yet should rump or kern_timeout be improved. It's almost untested as of now, but committing this will give me some maneuvering space while letting application compile.
1.12	09-Oct-2008	pooka	add kern_rate, subr_iostat and subr_once
1.11	09-Oct-2008	pooka	Reorganize SRCS+= into smaller chunks to make adding new files easier. No functional change.
1.10	09-Oct-2008	pooka	No point in having our private atomic ops, just use the ones now available in libc.
1.9	30-Sep-2008	pooka	Switch to std kern_auth.
1.8	27-Sep-2008	pooka	branches: 1.8.2; Help out reinoud a bit with the challenge of adding vfs_dirhash.c here
1.7	25-Sep-2008	pooka	Move global malloc types from kern_malloc into a separate module.
1.6	04-Aug-2008	pooka	branches: 1.6.2; Add support for using real kmem/vmem. Don't enable it by default, though, since it a) is a lot of unnecessary indirection in rump b) requires callouts which are so far unimplemented.
1.5	02-Aug-2008	simonb	sort sys/kern SRCS alphabetically.
1.4	01-Aug-2008	pooka	support real sysctls
1.3	31-Jul-2008	simonb	Merge the simonb-wapbl branch. From the original branch commit: Add Wasabi System's WAPBL (Write Ahead Physical Block Logging) journaling code. Originally written by Darrin B. Jewell while at Wasabi and updated to -current by Antti Kantee, Andy Doran, Greg Oster and Simon Burge. OK'd by core@, releng@.
1.2	30-Jul-2008	oster	branches: 1.2.2; Fix race during creation of rumpdefs.h, rumpvnode_if.h, and rumpvnode_if.c. Patch from pooka@ with tweak from me. Approved by: pooka
1.1	29-Jul-2008	pooka	Install rump libraries and utilities to the base system and remove the private non-installed build infrastructure from sys/rump. breakdown of commit: * install relevant headers into /usr/include/rump * build sys/rump/librump/rumpuser and sys/rump/librump/rumpkern from src/lib and install as librumpuser and librump, respectively + this retains the ability to test a librump build with just the kernel sources at hand * move sys/rump/fs/lib/libukfs and sys/rump/fs/lib/libp2k to src/lib for general consumption, they are not kernel-space dwellers anyway * build and install sys/rump/fs/lib/lib$fs as librumpfs_$fs * add chapter 3 manual pages for rump, rumpuser, ukfs and p2k * build and install userspace kernel file system daemons if MKPUFFS=yes is spexified * retire fsconsole for now, it will make a comeback with an actually implemented version shortly
1.2.2.2	31-Jul-2008	simonb	Sync with head.
1.2.2.1	30-Jul-2008	simonb	file Makefile.rumpkern was added on branch simonb-wapbl on 2008-07-31 04:51:05 +0000
1.6.2.3	10-Oct-2008	skrll	Sync with HEAD.
1.6.2.2	18-Sep-2008	wrstuden	Sync with wrstuden-revivesa-base-2.
1.6.2.1	04-Aug-2008	wrstuden	file Makefile.rumpkern was added on branch wrstuden-revivesa on 2008-09-18 04:37:04 +0000
1.8.2.4	17-Jan-2009	mjf	Sync with HEAD.
1.8.2.3	05-Oct-2008	mjf	Sync with HEAD.
1.8.2.2	28-Sep-2008	mjf	Sync with HEAD.
1.8.2.1	27-Sep-2008	mjf	file Makefile.rumpkern was added on branch mjf-devfs2 on 2008-09-28 10:41:03 +0000
1.16.2.3	13-Dec-2008	haad	Update haad-dm branch to haad-dm-base2.
1.16.2.2	19-Oct-2008	haad	Sync with HEAD.
1.16.2.1	15-Oct-2008	haad	file Makefile.rumpkern was added on branch haad-dm on 2008-10-19 22:18:06 +0000
1.17.4.1	15-Jul-2011	riz	Pull up following revision(s) (requested by manu in ticket #1604): sys/fs/puffs/puffs_msgif.c: revision 1.84 Apply patch from PR kern/44093 by yamt: Interrupt server wait only on certain signals (same set at nfs -i) instead of all signals. According to the PR this helps with "git clone" run on a puffs file system.
1.17.2.3	28-Apr-2009	skrll	Sync with HEAD.
1.17.2.2	03-Mar-2009	skrll	Sync with HEAD.
1.17.2.1	19-Jan-2009	skrll	Sync with HEAD.
1.40.2.2	23-Jul-2009	jym	Sync with HEAD.
1.40.2.1	13-May-2009	jym	Sync with HEAD. Commit is split, to avoid a "too many arguments" protocol error.
1.45.2.7	09-Oct-2010	yamt	sync with head
1.45.2.6	11-Aug-2010	yamt	sync with head.
1.45.2.5	11-Mar-2010	yamt	sync with head
1.45.2.4	16-Sep-2009	yamt	sync with head
1.45.2.3	20-Jun-2009	yamt	sync with head
1.45.2.2	04-May-2009	yamt	sync with head.
1.45.2.1	02-May-2009	yamt	file Makefile.rumpkern was added on branch yamt-nfs-mp on 2009-05-04 08:14:29 +0000
1.73.2.4	06-Nov-2010	uebayasi	Sync with HEAD.
1.73.2.3	22-Oct-2010	uebayasi	Sync with HEAD (-D20101022).
1.73.2.2	17-Aug-2010	uebayasi	Sync with HEAD.
1.73.2.1	30-Apr-2010	uebayasi	Sync with HEAD.
1.74.2.5	31-May-2011	rmind	sync with head
1.74.2.4	21-Apr-2011	rmind	sync with head
1.74.2.3	05-Mar-2011	rmind	sync with head
1.74.2.2	03-Jul-2010	rmind	sync with head
1.74.2.1	30-May-2010	rmind	sync with head
1.106.2.1	06-Jun-2011	jruoho	Sync with HEAD.
1.109.2.1	23-Jun-2011	cherry	Catchup with rmind-uvmplock merge.
1.110.2.7	22-May-2014	yamt	sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments")
1.110.2.6	23-Jan-2013	yamt	sync with head
1.110.2.5	16-Jan-2013	yamt	sync with (a bit old) head
1.110.2.4	30-Oct-2012	yamt	sync with head
1.110.2.3	23-May-2012	yamt	sync with head.
1.110.2.2	17-Apr-2012	yamt	sync with head
1.110.2.1	02-Nov-2011	yamt	page cache related changes - maintain object pages in radix tree rather than rb tree. - reduce unnecessary page scan in putpages. esp. when an object has a ton of pages cached but only a few of them are dirty. - reduce the number of pmap operations by tracking page dirtiness more precisely in uvm layer. - fix nfs commit range tracking. - fix nfs write clustering. XXX hack
1.113.2.3	29-Apr-2012	mrg	sync to latest -current.
1.113.2.2	11-Mar-2012	mrg	sync to latest -current
1.113.2.1	18-Feb-2012	mrg	merge to -current.
1.115.2.1	26-Jun-2012	riz	branches: 1.115.2.1.2; Pull up following revision(s) (requested by rmind in ticket #365): sys/rump/librump/rumpkern/rumpcpu_generic.c: revision 1.4 sys/net/npf/npf_session.c: revision 1.13 sys/net/npf/npf_tableset.c: revision 1.11 sys/net/npf/npf_state_tcp.c: revision 1.7 sys/net/npf/npf_inet.c: revision 1.12 sys/net/npf/npf.h: revision 1.17 sys/net/npf/npf_instr.c: revision 1.11 usr.sbin/npf/npftest/libnpftest/npf_table_test.c: revision 1.2 sys/net/npf/npf_state.c: revision 1.8 sys/net/npf/npf_log.c: revision 1.4 sys/net/npf/npf_alg.c: revision 1.4 sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.118 sys/net/npf/npf_nat.c: revision 1.13 sys/net/npf/npf.c: revision 1.11 sys/net/npf/npf_sendpkt.c: revision 1.11 sys/net/npf/npf_impl.h: revision 1.16 sys/rump/librump/rumpkern/scheduler.c: revision 1.28 rumpkern: - Add subr_kcpuset.c and subr_pserialize.c modules. - Add kcpuset_{running,attached} for RUMP env. NPF: - Rename some functions for consistency and de-inline them. - Fix few invalid asserts (add regressoin test). - Use pserialize(9) for ALG interface. - Minor fixes, sprinkle many comments.
1.115.2.1.2.1	06-Dec-2012	matt	Only add atomic_cas_generic.c to SRCS if there isn't already some atomic_cas_* already in SRCS.
1.119.2.5	03-Dec-2017	jdolecek	update from HEAD
1.119.2.4	20-Aug-2014	tls	Rebase to HEAD as of a few days ago.
1.119.2.3	23-Jun-2013	tls	resync from head
1.119.2.2	25-Feb-2013	tls	resync with head
1.119.2.1	20-Nov-2012	tls	Resync to 2012-11-19 00:00:00 UTC
1.128.4.1	23-Jul-2013	riastradh	sync with HEAD
1.128.2.2	18-May-2014	rmind	sync with head
1.128.2.1	28-Aug-2013	rmind	sync with head
1.143.2.2	10-Aug-2014	tls	Rebase.
1.143.2.1	09-Aug-2014	tls	Replace "ccrand" ChaCha implementation of cprng_fast with Taylor's smaller and somewhat simpler one. Fix rump builds so we can build a distribution.
1.148.8.1	03-Sep-2019	martin	Pull up following revision(s) (requested by riastradh in ticket #1705): sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1 sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1 sys/rump/kern/lib/libcrypto/Makefile: revision 1.5 sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1 sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal sys/conf/files: revision 1.1238 sys/dev/rndpseudo.c: revision 1.38 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal sys/sys/cprng.h: revision 1.13 - 1.15 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal sys/kern/subr_cprng.c: revision 1.31 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal cprng.h: use static __inline for consistency with other include headers and remove an unused function. - Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. Benefits: - larger seeds -- a 128-bit key alone is not enough for `128-bit security' - better resistance to timing side channels than AES - a better-understood security story (<a rel="nofollow" href="https://eprint.iacr.org/2018/349">https://eprint.iacr.org/2018/349</a>) - no loss in compliance with US government standards that nobody ever got fired for choosing, at least in the US-dominated western world - no dirty endianness tricks - self-tests Drawbacks: - performance hit: throughput is reduced to about 1/3 in naive measurements => possible to mitigate by using hardware SHA-256 instructions => all you really need is 32 bytes to seed a userland PRNG anyway => if we just used ChaCha this would go away...
1.148.4.1	03-Sep-2019	martin	Pull up following revision(s) (requested by riastradh in ticket #1705): sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1 sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1 sys/rump/kern/lib/libcrypto/Makefile: revision 1.5 sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1 sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal sys/conf/files: revision 1.1238 sys/dev/rndpseudo.c: revision 1.38 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal sys/sys/cprng.h: revision 1.13 - 1.15 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal sys/kern/subr_cprng.c: revision 1.31 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal cprng.h: use static __inline for consistency with other include headers and remove an unused function. - Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. Benefits: - larger seeds -- a 128-bit key alone is not enough for `128-bit security' - better resistance to timing side channels than AES - a better-understood security story (<a rel="nofollow" href="https://eprint.iacr.org/2018/349">https://eprint.iacr.org/2018/349</a>) - no loss in compliance with US government standards that nobody ever got fired for choosing, at least in the US-dominated western world - no dirty endianness tricks - self-tests Drawbacks: - performance hit: throughput is reduced to about 1/3 in naive measurements => possible to mitigate by using hardware SHA-256 instructions => all you really need is 32 bytes to seed a userland PRNG anyway => if we just used ChaCha this would go away...
1.148.2.1	03-Sep-2019	martin	Pull up following revision(s) (requested by riastradh in ticket #1705): sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1 sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1 sys/rump/kern/lib/libcrypto/Makefile: revision 1.5 sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1 sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal sys/conf/files: revision 1.1238 sys/dev/rndpseudo.c: revision 1.38 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal sys/sys/cprng.h: revision 1.13 - 1.15 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal sys/kern/subr_cprng.c: revision 1.31 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal cprng.h: use static __inline for consistency with other include headers and remove an unused function. - Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. Benefits: - larger seeds -- a 128-bit key alone is not enough for `128-bit security' - better resistance to timing side channels than AES - a better-understood security story (<a rel="nofollow" href="https://eprint.iacr.org/2018/349">https://eprint.iacr.org/2018/349</a>) - no loss in compliance with US government standards that nobody ever got fired for choosing, at least in the US-dominated western world - no dirty endianness tricks - self-tests Drawbacks: - performance hit: throughput is reduced to about 1/3 in naive measurements => possible to mitigate by using hardware SHA-256 instructions => all you really need is 32 bytes to seed a userland PRNG anyway => if we just used ChaCha this would go away...
1.150.2.8	28-Aug-2017	skrll	Sync with HEAD
1.150.2.7	05-Oct-2016	skrll	Sync with HEAD
1.150.2.6	22-Apr-2016	skrll	Sync with HEAD
1.150.2.5	19-Mar-2016	skrll	Sync with HEAD
1.150.2.4	27-Dec-2015	skrll	Sync with HEAD (as of 26th Dec)
1.150.2.3	22-Sep-2015	skrll	Sync with HEAD
1.150.2.2	06-Jun-2015	skrll	Sync with HEAD
1.150.2.1	06-Apr-2015	skrll	Sync with HEAD
1.167.2.2	26-Apr-2017	pgoyette	Sync with HEAD
1.167.2.1	16-Jul-2016	pgoyette	Make sure we include the localcount routines in the rump libraries
1.168.2.1	21-Apr-2017	bouyer	Sync with HEAD
1.169.6.2	03-Sep-2019	martin	Pull up following revision(s) (requested by riastradh in ticket #1365): sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1 sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1 sys/rump/kern/lib/libcrypto/Makefile: revision 1.5 sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1 sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal sys/conf/files: revision 1.1238 sys/dev/rndpseudo.c: revision 1.38 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal sys/sys/cprng.h: revision 1.13 - 1.15 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal sys/kern/subr_cprng.c: revision 1.31 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal cprng.h: use static __inline for consistency with other include headers and remove an unused function. - Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. Benefits: - larger seeds -- a 128-bit key alone is not enough for `128-bit security' - better resistance to timing side channels than AES - a better-understood security story (<a rel="nofollow" href="https://eprint.iacr.org/2018/349">https://eprint.iacr.org/2018/349</a>) - no loss in compliance with US government standards that nobody ever got fired for choosing, at least in the US-dominated western world - no dirty endianness tricks - self-tests Drawbacks: - performance hit: throughput is reduced to about 1/3 in naive measurements => possible to mitigate by using hardware SHA-256 instructions => all you really need is 32 bytes to seed a userland PRNG anyway => if we just used ChaCha this would go away...
1.169.6.1	21-Oct-2017	snj	Pull up following revision(s) (requested by ozaki-r in ticket #300): crypto/dist/ipsec-tools/src/setkey/parse.y: 1.19 crypto/dist/ipsec-tools/src/setkey/token.l: 1.20 distrib/sets/lists/tests/mi: 1.754, 1.757, 1.759 doc/TODO.smpnet: 1.12-1.13 sys/net/pfkeyv2.h: 1.32 sys/net/raw_cb.c: 1.23-1.24, 1.28 sys/net/raw_cb.h: 1.28 sys/net/raw_usrreq.c: 1.57-1.58 sys/net/rtsock.c: 1.228-1.229 sys/netinet/in_proto.c: 1.125 sys/netinet/ip_input.c: 1.359-1.361 sys/netinet/tcp_input.c: 1.359-1.360 sys/netinet/tcp_output.c: 1.197 sys/netinet/tcp_var.h: 1.178 sys/netinet6/icmp6.c: 1.213 sys/netinet6/in6_proto.c: 1.119 sys/netinet6/ip6_forward.c: 1.88 sys/netinet6/ip6_input.c: 1.181-1.182 sys/netinet6/ip6_output.c: 1.193 sys/netinet6/ip6protosw.h: 1.26 sys/netipsec/ipsec.c: 1.100-1.122 sys/netipsec/ipsec.h: 1.51-1.61 sys/netipsec/ipsec6.h: 1.18-1.20 sys/netipsec/ipsec_input.c: 1.44-1.51 sys/netipsec/ipsec_netbsd.c: 1.41-1.45 sys/netipsec/ipsec_output.c: 1.49-1.64 sys/netipsec/ipsec_private.h: 1.5 sys/netipsec/key.c: 1.164-1.234 sys/netipsec/key.h: 1.20-1.32 sys/netipsec/key_debug.c: 1.18-1.21 sys/netipsec/key_debug.h: 1.9 sys/netipsec/keydb.h: 1.16-1.20 sys/netipsec/keysock.c: 1.59-1.62 sys/netipsec/keysock.h: 1.10 sys/netipsec/xform.h: 1.9-1.12 sys/netipsec/xform_ah.c: 1.55-1.74 sys/netipsec/xform_esp.c: 1.56-1.72 sys/netipsec/xform_ipcomp.c: 1.39-1.53 sys/netipsec/xform_ipip.c: 1.50-1.54 sys/netipsec/xform_tcp.c: 1.12-1.16 sys/rump/librump/rumpkern/Makefile.rumpkern: 1.170 sys/rump/librump/rumpnet/net_stub.c: 1.27 sys/sys/protosw.h: 1.67-1.68 tests/net/carp/t_basic.sh: 1.7 tests/net/if_gif/t_gif.sh: 1.11 tests/net/if_l2tp/t_l2tp.sh: 1.3 tests/net/ipsec/Makefile: 1.7-1.9 tests/net/ipsec/algorithms.sh: 1.5 tests/net/ipsec/common.sh: 1.4-1.6 tests/net/ipsec/t_ipsec_ah_keys.sh: 1.2 tests/net/ipsec/t_ipsec_esp_keys.sh: 1.2 tests/net/ipsec/t_ipsec_gif.sh: 1.6-1.7 tests/net/ipsec/t_ipsec_l2tp.sh: 1.6-1.7 tests/net/ipsec/t_ipsec_misc.sh: 1.8-1.18 tests/net/ipsec/t_ipsec_sockopt.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_tcp.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_transport.sh: 1.5-1.6 tests/net/ipsec/t_ipsec_tunnel.sh: 1.9 tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh: 1.1-1.2 tests/net/ipsec/t_ipsec_tunnel_odd.sh: 1.3 tests/net/mcast/t_mcast.sh: 1.6 tests/net/net/t_ipaddress.sh: 1.11 tests/net/net_common.sh: 1.20 tests/net/npf/t_npf.sh: 1.3 tests/net/route/t_flags.sh: 1.20 tests/net/route/t_flags6.sh: 1.16 usr.bin/netstat/fast_ipsec.c: 1.22 Do m_pullup before mtod It may fix panicks of some tests on anita/sparc and anita/GuruPlug. --- KNF --- Enable DEBUG for babylon5 --- Apply C99-style struct initialization to xformsw --- Tweak outputs of netstat -s for IPsec - Get rid of "Fast" - Use ipsec and ipsec6 for titles to clarify protocol - Indent outputs of sub protocols Original outputs were organized like this: (Fast) IPsec: IPsec ah: IPsec esp: IPsec ipip: IPsec ipcomp: (Fast) IPsec: IPsec ah: IPsec esp: IPsec ipip: IPsec ipcomp: New outputs are organized like this: ipsec: ah: esp: ipip: ipcomp: ipsec6: ah: esp: ipip: ipcomp: --- Add test cases for IPComp --- Simplify IPSEC_OSTAT macro (NFC) --- KNF; replace leading whitespaces with hard tabs --- Introduce and use SADB_SASTATE_USABLE_P --- KNF --- Add update command for testing Updating an SA (SADB_UPDATE) requires that a process issuing SADB_UPDATE is the same as a process issued SADB_ADD (or SADB_GETSPI). This means that update command must be used with add command in a configuration of setkey. This usage is normally meaningless but useful for testing (and debugging) purposes. --- Add test cases for updating SA/SP The tests require newly-added udpate command of setkey. --- PR/52346: Frank Kardel: Fix checksumming for NAT-T See XXX for improvements. --- Remove codes for PACKET_TAG_IPSEC_IN_CRYPTO_DONE It seems that PACKET_TAG_IPSEC_IN_CRYPTO_DONE is for network adapters that have IPsec accelerators; a driver sets the mtag to a packet when its device has already encrypted the packet. Unfortunately no driver implements such offload features for long years and seems unlikely to implement them soon. (Note that neither FreeBSD nor Linux doesn't have such drivers.) Let's remove related (unused) codes and simplify the IPsec code. --- Fix usages of sadb_msg_errno --- Avoid updating sav directly On SADB_UPDATE a target sav was updated directly, which was unsafe. Instead allocate another sav, copy variables of the old sav to the new one and replace the old one with the new one. --- Simplify; we can assume sav->tdb_xform cannot be NULL while it's valid --- Rename key_alloc* functions (NFC) We shouldn't use the term "alloc" for functions that just look up data and actually don't allocate memory. --- Use explicit_memset to surely zero-clear key_auth and key_enc --- Make sure to clear keys on error paths of key_setsaval --- Add missing KEY_FREESAV --- Make sure a sav is inserted to a sah list after its initialization completes --- Remove unnecessary zero-clearing codes from key_setsaval key_setsaval is now used only for a newly-allocated sav. (It was used to reset variables of an existing sav.) --- Correct wrong assumption of sav->refcnt in key_delsah A sav in a list is basically not to be sav->refcnt == 0. And also KEY_FREESAV assumes sav->refcnt > 0. --- Let key_getsavbyspi take a reference of a returning sav --- Use time_mono_to_wall (NFC) --- Separate sending message routine (NFC) --- Simplify; remove unnecessary zero-clears key_freesaval is used only when a target sav is being destroyed. --- Omit NULL checks for sav->lft_c sav->lft_c can be NULL only when initializing or destroying sav. --- Omit unnecessary NULL checks for sav->sah --- Omit unnecessary check of sav->state key_allocsa_policy picks a sav of either MATURE or DYING so we don't need to check its state again. --- Simplify; omit unnecessary saidx passing - ipsec_nextisr returns a saidx but no caller uses it - key_checkrequest is passed a saidx but it can be gotton by another argument (isr) --- Fix splx isn't called on some error paths --- Fix header size calculation of esp where sav is NULL --- Fix header size calculation of ah in the case sav is NULL This fix was also needed for esp. --- Pass sav directly to opencrypto callback In a callback, use a passed sav as-is by default and look up a sav only if the passed sav is dead. --- Avoid examining freshness of sav on packet processing If a sav list is sorted (by lft_c->sadb_lifetime_addtime) in advance, we don't need to examine each sav and also don't need to delete one on the fly and send up a message. Fortunately every sav lists are sorted as we need. Added key_validate_savlist validates that each sav list is surely sorted (run only if DEBUG because it's not cheap). --- Add test cases for SAs with different SPIs --- Prepare to stop using isr->sav isr is a shared resource and using isr->sav as a temporal storage for each packet processing is racy. And also having a reference from isr to sav makes the lifetime of sav non-deterministic; such a reference is removed when a packet is processed and isr->sav is overwritten by new one. Let's have a sav locally for each packet processing instead of using shared isr->sav. However this change doesn't stop using isr->sav yet because there are some users of isr->sav. isr->sav will be removed after the users find a way to not use isr->sav. --- Fix wrong argument handling --- fix printf format. --- Don't validate sav lists of LARVAL or DEAD states We don't sort the lists so the validation will always fail. Fix PR kern/52405 --- Make sure to sort the list when changing the state by key_sa_chgstate --- Rename key_allocsa_policy to key_lookup_sa_bysaidx --- Separate test files --- Calculate ah_max_authsize on initialization as well as esp_max_ivlen --- Remove m_tag_find(PACKET_TAG_IPSEC_PENDING_TDB) because nobody sets the tag --- Restore a comment removed in previous The comment is valid for the below code. --- Make tests more stable sleep command seems to wait longer than expected on anita so use polling to wait for a state change. --- Add tests that explicitly delete SAs instead of waiting for expirations --- Remove invalid M_AUTHIPDGM check on ESP isr->sav M_AUTHIPDGM flag is set to a mbuf in ah_input_cb. An sav of ESP can have AH authentication as sav->tdb_authalgxform. However, in that case esp_input and esp_input_cb are used to do ESP decryption and AH authentication and M_AUTHIPDGM never be set to a mbuf. So checking M_AUTHIPDGM of a mbuf on isr->sav of ESP is meaningless. --- Look up sav instead of relying on unstable sp->req->sav This code is executed only in an error path so an additional lookup doesn't matter. --- Correct a comment --- Don't release sav if calling crypto_dispatch again --- Remove extra KEY_FREESAV from ipsec_process_done It should be done by the caller. --- Don't bother the case of crp->crp_buf == NULL in callbacks --- Hold a reference to an SP during opencrypto processing An SP has a list of isr (ipsecrequest) that represents a sequence of IPsec encryption/authentication processing. One isr corresponds to one opencrypto processing. The lifetime of an isr follows its SP. We pass an isr to a callback function of opencrypto to continue to a next encryption/authentication processing. However nobody guaranteed that the isr wasn't freed, i.e., its SP wasn't destroyed. In order to avoid such unexpected destruction of isr, hold a reference to its SP during opencrypto processing. --- Don't make SAs expired on tests that delete SAs explicitly --- Fix a debug message --- Dedup error paths (NFC) --- Use pool to allocate tdb_crypto For ESP and AH, we need to allocate an extra variable space in addition to struct tdb_crypto. The fixed size of pool items may be larger than an actual requisite size of a buffer, but still the performance improvement by replacing malloc with pool wins. --- Don't use unstable isr->sav for header size calculations We may need to optimize to not look up sav here for users that don't need to know an exact size of headers (e.g., TCP segmemt size caclulation). --- Don't use sp->req->sav when handling NAT-T ESP fragmentation In order to do this we need to look up a sav however an additional look-up degrades performance. A sav is later looked up in ipsec4_process_packet so delay the fragmentation check until then to avoid an extra look-up. --- Don't use key_lookup_sp that depends on unstable sp->req->sav It provided a fast look-up of SP. We will provide an alternative method in the future (after basic MP-ification finishes). --- Stop setting isr->sav on looking up sav in key_checkrequest --- Remove ipsecrequest#sav --- Stop setting mtag of PACKET_TAG_IPSEC_IN_DONE because there is no users anymore --- Skip ipsec_spi___preferred_new_timeout when running on qemu Probably due to PR 43997 --- Add localcount to rump kernels --- Remove unused macro --- Fix key_getcomb_setlifetime The fix adjusts a soft limit to be 80% of a corresponding hard limit. I'm not sure the fix is really correct though, at least the original code is wrong. A passed comb is zero-cleared before calling key_getcomb_setlifetime, so comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100; is meaningless. --- Provide and apply key_sp_refcnt (NFC) It simplifies further changes. --- Fix indentation Pointed out by knakahara@ --- Use pslist(9) for sptree --- Don't acquire global locks for IPsec if NET_MPSAFE Note that the change is just to make testing easy and IPsec isn't MP-safe yet. --- Let PF_KEY socks hold their own lock instead of softnet_lock Operations on SAD and SPD are executed via PF_KEY socks. The operations include deletions of SAs and SPs that will use synchronization mechanisms such as pserialize_perform to wait for references to SAs and SPs to be released. It is known that using such mechanisms with holding softnet_lock causes a dead lock. We should avoid the situation. --- Make IPsec SPD MP-safe We use localcount(9), not psref(9), to make the sptree and secpolicy (SP) entries MP-safe because SPs need to be referenced over opencrypto processing that executes a callback in a different context. SPs on sockets aren't managed by the sptree and can be destroyed in softint. localcount_drain cannot be used in softint so we delay the destruction of such SPs to a thread context. To do so, a list to manage such SPs is added (key_socksplist) and key_timehandler_spd deletes dead SPs in the list. For more details please read the locking notes in key.c. Proposed on tech-kern@ and tech-net@ --- Fix updating ipsec_used - key_update_used wasn't called in key_api_spddelete2 and key_api_spdflush - key_update_used wasn't called if an SP had been added/deleted but a reply to userland failed --- Fix updating ipsec_used; turn on when SPs on sockets are added --- Add missing IPsec policy checks to icmp6_rip6_input icmp6_rip6_input is quite similar to rip6_input and the same checks exist in rip6_input. --- Add test cases for setsockopt(IP_IPSEC_POLICY) --- Don't use KEY_NEWSP for dummy SP entries By the change KEY_NEWSP is now not called from softint anymore and we can use kmem_zalloc with KM_SLEEP for KEY_NEWSP. --- Comment out unused functions --- Add test cases that there are SPs but no relevant SAs --- Don't allow sav->lft_c to be NULL lft_c of an sav that was created by SADB_GETSPI could be NULL. --- Clean up clunky eval strings - Remove unnecessary \ at EOL - This allows to omit ; too - Remove unnecessary quotes for arguments of atf_set - Don't expand $DEBUG in eval - We expect it's expanded on execution Suggested by kre@ --- Remove unnecessary KEY_FREESAV in an error path sav should be freed (unreferenced) by the caller. --- Use pslist(9) for sahtree --- Use pslist(9) for sah->savtree --- Rename local variable newsah to sah It may not be new. --- MP-ify SAD slightly - Introduce key_sa_mtx and use it for some list operations - Use pserialize for some list iterations --- Introduce KEY_SA_UNREF and replace KEY_FREESAV with it where sav will never be actually freed in the future KEY_SA_UNREF is still key_freesav so no functional change for now. This change reduces diff of further changes. --- Remove out-of-date log output Pointed out by riastradh@ --- Use KDASSERT instead of KASSERT for mutex_ownable Because mutex_ownable is too heavy to run in a fast path even for DIAGNOSTIC + LOCKDEBUG. Suggested by riastradh@ --- Assemble global lists and related locks into cache lines (NFCI) Also rename variable names from tree to list because they are just lists, not trees. Suggested by riastradh@ --- Move locking notes --- Update the locking notes - Add locking order - Add locking notes for misc lists such as reglist - Mention pserialize, key_sp_ref and key_sp_unref on SP operations Requested by riastradh@ --- Describe constraints of key_sp_ref and key_sp_unref Requested by riastradh@ --- Hold key_sad.lock on SAVLIST_WRITER_INSERT_TAIL --- Add __read_mostly to key_psz Suggested by riastradh@ --- Tweak wording (pserialize critical section => pserialize read section) Suggested by riastradh@ --- Add missing mutex_exit --- Fix setkey -D -P outputs The outputs were tweaked (by me), but I forgot updating libipsec in my local ATF environment... --- MP-ify SAD (key_sad.sahlist and sah entries) localcount(9) is used to protect key_sad.sahlist and sah entries as well as SPD (and will be used for SAD sav). Please read the locking notes of SAD for more details. --- Introduce key_sa_refcnt and replace sav->refcnt with it (NFC) --- Destroy sav only in the loop for DEAD sav --- Fix KASSERT(solocked(sb->sb_so)) failure in sbappendaddr that is called eventually from key_sendup_mbuf If key_sendup_mbuf isn't passed a socket, the assertion fails. Originally in this case sb->sb_so was softnet_lock and callers held softnet_lock so the assertion was magically satisfied. Now sb->sb_so is key_so_mtx and also softnet_lock isn't always held by callers so the assertion can fail. Fix it by holding key_so_mtx if key_sendup_mbuf isn't passed a socket. Reported by knakahara@ Tested by knakahara@ and ozaki-r@ --- Fix locking notes of SAD --- Fix deadlock between key_sendup_mbuf called from key_acquire and localcount_drain If we call key_sendup_mbuf from key_acquire that is called on packet processing, a deadlock can happen like this: - At key_acquire, a reference to an SP (and an SA) is held - key_sendup_mbuf will try to take key_so_mtx - Some other thread may try to localcount_drain to the SP with holding key_so_mtx in say key_api_spdflush - In this case localcount_drain never return because key_sendup_mbuf that has stuck on key_so_mtx never release a reference to the SP Fix the deadlock by deferring key_sendup_mbuf to the timer (key_timehandler). --- Fix that prev isn't cleared on retry --- Limit the number of mbufs queued for deferred key_sendup_mbuf It's easy to be queued hundreds of mbufs on the list under heavy network load. --- MP-ify SAD (savlist) localcount(9) is used to protect savlist of sah. The basic design is similar to MP-ifications of SPD and SAD sahlist. Please read the locking notes of SAD for more details. --- Simplify ipsec_reinject_ipstack (NFC) --- Add per-CPU rtcache to ipsec_reinject_ipstack It reduces route lookups and also reduces rtcache lock contentions when NET_MPSAFE is enabled. --- Use pool_cache(9) instead of pool(9) for tdb_crypto objects The change improves network throughput especially on multi-core systems. --- Update ipsec(4), opencrypto(9) and vlan(4) are now MP-safe. --- Write known issues on scalability --- Share a global dummy SP between PCBs It's never be changed so it can be pre-allocated and shared safely between PCBs. --- Fix race condition on the rawcb list shared by rtsock and keysock keysock now protects itself by its own mutex, which means that the rawcb list is protected by two different mutexes (keysock's one and softnet_lock for rtsock), of course it's useless. Fix the situation by having a discrete rawcb list for each. --- Use a dedicated mutex for rt_rawcb instead of softnet_lock if NET_MPSAFE --- fix localcount leak in sav. fixed by ozaki-r@n.o. I commit on behalf of him. --- remove unnecessary comment. --- Fix deadlock between pserialize_perform and localcount_drain A typical ussage of localcount_drain looks like this: mutex_enter(&mtx); item = remove_from_list(); pserialize_perform(psz); localcount_drain(&item->localcount, &cv, &mtx); mutex_exit(&mtx); This sequence can cause a deadlock which happens for example on the following situation: - Thread A calls localcount_drain which calls xc_broadcast after releasing a specified mutex - Thread B enters the sequence and calls pserialize_perform with holding the mutex while pserialize_perform also calls xc_broadcast - Thread C (xc_thread) that calls an xcall callback of localcount_drain tries to hold the mutex xc_broadcast of thread B doesn't start until xc_broadcast of thread A finishes, which is a feature of xcall(9). This means that pserialize_perform never complete until xc_broadcast of thread A finishes. On the other hand, thread C that is a callee of xc_broadcast of thread A sticks on the mutex. Finally the threads block each other (A blocks B, B blocks C and C blocks A). A possible fix is to serialize executions of the above sequence by another mutex, but adding another mutex makes the code complex, so fix the deadlock by another way; the fix is to release the mutex before pserialize_perform and instead use a condvar to prevent pserialize_perform from being called simultaneously. Note that the deadlock has happened only if NET_MPSAFE is enabled. --- Add missing ifdef NET_MPSAFE --- Take softnet_lock on pr_input properly if NET_MPSAFE Currently softnet_lock is taken unnecessarily in some cases, e.g., icmp_input and encap4_input from ip_input, or not taken even if needed, e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them. NFC if NET_MPSAFE is disabled (default). --- - sanitize key debugging so that we don't print extra newlines or unassociated debugging messages. - remove unused functions and make internal ones static - print information in one line per message --- humanize printing of ip addresses --- cast reduction, NFC. --- Fix typo in comment --- Pull out ipsec_fill_saidx_bymbuf (NFC) --- Don't abuse key_checkrequest just for looking up sav It does more than expected for example key_acquire. --- Fix SP is broken on transport mode isr->saidx was modified accidentally in ipsec_nextisr. Reported by christos@ Helped investigations by christos@ and knakahara@ --- Constify isr at many places (NFC) --- Include socketvar.h for softnet_lock --- Fix buffer length for ipsec_logsastr
1.169.4.1	27-Apr-2017	pgoyette	Restore all work from the former pgoyette-localcount branch (which is now abandoned doe to cvs merge botch). The branch now builds, and installs via anita. There are still some problems (cgd is non-functional and all atf tests time-out) but they will get resolved soon.
1.170.4.3	13-Apr-2020	martin	Mostly merge changes from HEAD upto 20200411
1.170.4.2	08-Apr-2020	martin	Merge changes from current as of 20200406
1.170.4.1	10-Jun-2019	christos	Sync with HEAD
1.170.2.3	26-Dec-2018	pgoyette	Sync with HEAD, resolve a few conflicts
1.170.2.2	30-Sep-2018	pgoyette	Ssync with HEAD
1.170.2.1	20-Mar-2018	pgoyette	Initial implementation of sys/kern/kern_stup.c as discussed on tech-kern For now, we only handle the dev/ccd and NTP needs; more to follow.
1.175.2.1	03-Sep-2019	martin	Pull up following revision(s) (requested by riastradh in ticket #173): sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1 sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1 sys/rump/kern/lib/libcrypto/Makefile: revision 1.5 sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1 sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal sys/conf/files: revision 1.1238 sys/dev/rndpseudo.c: revision 1.38 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal sys/sys/cprng.h: revision 1.15 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal sys/kern/subr_cprng.c: revision 1.31 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. Benefits: - larger seeds -- a 128-bit key alone is not enough for `128-bit security' - better resistance to timing side channels than AES - a better-understood security story (<a rel="nofollow" href="https://eprint.iacr.org/2018/349">https://eprint.iacr.org/2018/349</a>) - no loss in compliance with US government standards that nobody ever got fired for choosing, at least in the US-dominated western world - no dirty endianness tricks - self-tests Drawbacks: - performance hit: throughput is reduced to about 1/3 in naive measurements => possible to mitigate by using hardware SHA-256 instructions => all you really need is 32 bytes to seed a userland PRNG anyway => if we just used ChaCha this would go away... XXX pullup-7 XXX pullup-8 XXX pullup-9
1.181.2.1	17-Jan-2020	ad	Sync with head.
1.191.6.1	02-Aug-2025	perseant	Sync with HEAD

OpenGrok