Searched hist:61 (Results 1 - 25 of 61) sorted by relevance

123

/src/sys/arch/arc/jazz/
H A Dfdreg.h1.2 Tue May 22 03:22:50 GMT 2001 soda branches: 1.2.8; 1.2.24;
bus_space'fied fd driver by TSUTSUI Izumi,
works with PICA-61 and Microsoft-Jazz,
but still doesn't work with his NEC-JC94 (NEC Express 5800/230)
due to data overrun.
H A Dfdcvar.h1.1 Tue May 22 03:22:50 GMT 2001 soda branches: 1.1.2; 1.1.10; 1.1.26;
bus_space'fied fd driver by TSUTSUI Izumi,
works with PICA-61 and Microsoft-Jazz,
but still doesn't work with his NEC-JC94 (NEC Express 5800/230)
due to data overrun.

H A Dfdc_jazzio.c1.1 Tue May 22 03:22:50 GMT 2001 soda branches: 1.1.2; 1.1.4; 1.1.8;
bus_space'fied fd driver by TSUTSUI Izumi,
works with PICA-61 and Microsoft-Jazz,
but still doesn't work with his NEC-JC94 (NEC Express 5800/230)
due to data overrun.

/src/sys/arch/arc/arc/
H A Dp_acer_pica_61.c1.1 Wed Jun 13 15:29:30 GMT 2001 soda branches: 1.1.2; 1.1.10;
platform description for Acer PICA-61 and its OEM.
tested by myself on NEC Image RISCstation.

H A Dc_magnum.c1.1 Wed Jun 13 15:19:28 GMT 2001 soda branches: 1.1.2; 1.1.10;
common chipset description for magnum based platforms like
Microsoft-Jazz and PICA-61
/src/tests/dev/cgd/
H A Dt_cgd_adiantum.c1.1 Mon Jun 29 23:44:01 GMT 2020 riastradh New cgd cipher adiantum.

Adiantum is a wide-block cipher, built out of AES, XChaCha12,
Poly1305, and NH, defined in

Paul Crowley and Eric Biggers, `Adiantum: length-preserving
encryption for entry-level processors', IACR Transactions on
Symmetric Cryptology 2018(4), pp. 39--61.

Adiantum provides better security than a narrow-block cipher with CBC
or XTS, because every bit of each sector affects every other bit,
whereas with CBC each block of plaintext only affects the following
blocks of ciphertext in the disk sector, and with XTS each block of
plaintext only affects its own block of ciphertext and nothing else.

Adiantum generally provides much better performance than
constant-time AES-CBC or AES-XTS software do without hardware
support, and performance comparable to or better than the
variable-time (i.e., leaky) AES-CBC and AES-XTS software we had
before. (Note: Adiantum also uses AES as a subroutine, but only once
per disk sector. It takes only a small fraction of the time spent by
Adiantum, so there's relatively little performance impact to using
constant-time AES software over using variable-time AES software for
it.)

Adiantum naturally scales to essentially arbitrary disk sector sizes;
sizes >=1024-bytes take the most advantage of Adiantum's design for
performance, so 4096-byte sectors would be a natural choice if we
taught cgd to change the disk sector size. (However, it's a
different cipher for each disk sector size, so it _must_ be a cgd
parameter.)

The paper presents a similar construction HPolyC. The salient
difference is that HPolyC uses Poly1305 directly, whereas Adiantum
uses Poly1395(NH(...)). NH is annoying because it requires a
1072-byte key, which means the test vectors are ginormous, and
changing keys is costly; HPolyC avoids these shortcomings by using
Poly1305 directly, but HPolyC is measurably slower, costing about
1.5x what Adiantum costs on 4096-byte sectors.

For the purposes of cgd, we will reuse each key for many messages,
and there will be very few keys in total (one per cgd volume) so --
except for the annoying verbosity of test vectors -- the tradeoff
weighs in the favour of Adiantum, especially if we teach cgd to do
>>512-byte sectors.

For now, everything that Adiantum needs beyond what's already in the
kernel is gathered into a single file, including NH, Poly1305, and
XChaCha12. We can split those out -- and reuse them, and provide MD
tuned implementations, and so on -- as needed; this is just a first
pass to get Adiantum implemented for experimentation.

H A DMakefile1.11 Mon Jun 29 23:44:01 GMT 2020 riastradh New cgd cipher adiantum.

Adiantum is a wide-block cipher, built out of AES, XChaCha12,
Poly1305, and NH, defined in

Paul Crowley and Eric Biggers, `Adiantum: length-preserving
encryption for entry-level processors', IACR Transactions on
Symmetric Cryptology 2018(4), pp. 39--61.

Adiantum provides better security than a narrow-block cipher with CBC
or XTS, because every bit of each sector affects every other bit,
whereas with CBC each block of plaintext only affects the following
blocks of ciphertext in the disk sector, and with XTS each block of
plaintext only affects its own block of ciphertext and nothing else.

Adiantum generally provides much better performance than
constant-time AES-CBC or AES-XTS software do without hardware
support, and performance comparable to or better than the
variable-time (i.e., leaky) AES-CBC and AES-XTS software we had
before. (Note: Adiantum also uses AES as a subroutine, but only once
per disk sector. It takes only a small fraction of the time spent by
Adiantum, so there's relatively little performance impact to using
constant-time AES software over using variable-time AES software for
it.)

Adiantum naturally scales to essentially arbitrary disk sector sizes;
sizes >=1024-bytes take the most advantage of Adiantum's design for
performance, so 4096-byte sectors would be a natural choice if we
taught cgd to change the disk sector size. (However, it's a
different cipher for each disk sector size, so it _must_ be a cgd
parameter.)

The paper presents a similar construction HPolyC. The salient
difference is that HPolyC uses Poly1305 directly, whereas Adiantum
uses Poly1395(NH(...)). NH is annoying because it requires a
1072-byte key, which means the test vectors are ginormous, and
changing keys is costly; HPolyC avoids these shortcomings by using
Poly1305 directly, but HPolyC is measurably slower, costing about
1.5x what Adiantum costs on 4096-byte sectors.

For the purposes of cgd, we will reuse each key for many messages,
and there will be very few keys in total (one per cgd volume) so --
except for the annoying verbosity of test vectors -- the tradeoff
weighs in the favour of Adiantum, especially if we teach cgd to do
>>512-byte sectors.

For now, everything that Adiantum needs beyond what's already in the
kernel is gathered into a single file, including NH, Poly1305, and
XChaCha12. We can split those out -- and reuse them, and provide MD
tuned implementations, and so on -- as needed; this is just a first
pass to get Adiantum implemented for experimentation.

/src/sys/crypto/adiantum/
H A Dadiantum.h1.1 Mon Jun 29 23:44:01 GMT 2020 riastradh New cgd cipher adiantum.

Adiantum is a wide-block cipher, built out of AES, XChaCha12,
Poly1305, and NH, defined in

Paul Crowley and Eric Biggers, `Adiantum: length-preserving
encryption for entry-level processors', IACR Transactions on
Symmetric Cryptology 2018(4), pp. 39--61.

Adiantum provides better security than a narrow-block cipher with CBC
or XTS, because every bit of each sector affects every other bit,
whereas with CBC each block of plaintext only affects the following
blocks of ciphertext in the disk sector, and with XTS each block of
plaintext only affects its own block of ciphertext and nothing else.

Adiantum generally provides much better performance than
constant-time AES-CBC or AES-XTS software do without hardware
support, and performance comparable to or better than the
variable-time (i.e., leaky) AES-CBC and AES-XTS software we had
before. (Note: Adiantum also uses AES as a subroutine, but only once
per disk sector. It takes only a small fraction of the time spent by
Adiantum, so there's relatively little performance impact to using
constant-time AES software over using variable-time AES software for
it.)

Adiantum naturally scales to essentially arbitrary disk sector sizes;
sizes >=1024-bytes take the most advantage of Adiantum's design for
performance, so 4096-byte sectors would be a natural choice if we
taught cgd to change the disk sector size. (However, it's a
different cipher for each disk sector size, so it _must_ be a cgd
parameter.)

The paper presents a similar construction HPolyC. The salient
difference is that HPolyC uses Poly1305 directly, whereas Adiantum
uses Poly1395(NH(...)). NH is annoying because it requires a
1072-byte key, which means the test vectors are ginormous, and
changing keys is costly; HPolyC avoids these shortcomings by using
Poly1305 directly, but HPolyC is measurably slower, costing about
1.5x what Adiantum costs on 4096-byte sectors.

For the purposes of cgd, we will reuse each key for many messages,
and there will be very few keys in total (one per cgd volume) so --
except for the annoying verbosity of test vectors -- the tradeoff
weighs in the favour of Adiantum, especially if we teach cgd to do
>>512-byte sectors.

For now, everything that Adiantum needs beyond what's already in the
kernel is gathered into a single file, including NH, Poly1305, and
XChaCha12. We can split those out -- and reuse them, and provide MD
tuned implementations, and so on -- as needed; this is just a first
pass to get Adiantum implemented for experimentation.

H A Dadiantum_selftest.c1.1 Mon Jun 29 23:44:01 GMT 2020 riastradh New cgd cipher adiantum.

Adiantum is a wide-block cipher, built out of AES, XChaCha12,
Poly1305, and NH, defined in

Paul Crowley and Eric Biggers, `Adiantum: length-preserving
encryption for entry-level processors', IACR Transactions on
Symmetric Cryptology 2018(4), pp. 39--61.

Adiantum provides better security than a narrow-block cipher with CBC
or XTS, because every bit of each sector affects every other bit,
whereas with CBC each block of plaintext only affects the following
blocks of ciphertext in the disk sector, and with XTS each block of
plaintext only affects its own block of ciphertext and nothing else.

Adiantum generally provides much better performance than
constant-time AES-CBC or AES-XTS software do without hardware
support, and performance comparable to or better than the
variable-time (i.e., leaky) AES-CBC and AES-XTS software we had
before. (Note: Adiantum also uses AES as a subroutine, but only once
per disk sector. It takes only a small fraction of the time spent by
Adiantum, so there's relatively little performance impact to using
constant-time AES software over using variable-time AES software for
it.)

Adiantum naturally scales to essentially arbitrary disk sector sizes;
sizes >=1024-bytes take the most advantage of Adiantum's design for
performance, so 4096-byte sectors would be a natural choice if we
taught cgd to change the disk sector size. (However, it's a
different cipher for each disk sector size, so it _must_ be a cgd
parameter.)

The paper presents a similar construction HPolyC. The salient
difference is that HPolyC uses Poly1305 directly, whereas Adiantum
uses Poly1395(NH(...)). NH is annoying because it requires a
1072-byte key, which means the test vectors are ginormous, and
changing keys is costly; HPolyC avoids these shortcomings by using
Poly1305 directly, but HPolyC is measurably slower, costing about
1.5x what Adiantum costs on 4096-byte sectors.

For the purposes of cgd, we will reuse each key for many messages,
and there will be very few keys in total (one per cgd volume) so --
except for the annoying verbosity of test vectors -- the tradeoff
weighs in the favour of Adiantum, especially if we teach cgd to do
>>512-byte sectors.

For now, everything that Adiantum needs beyond what's already in the
kernel is gathered into a single file, including NH, Poly1305, and
XChaCha12. We can split those out -- and reuse them, and provide MD
tuned implementations, and so on -- as needed; this is just a first
pass to get Adiantum implemented for experimentation.
H A Dfiles.adiantum1.1 Mon Jun 29 23:44:01 GMT 2020 riastradh New cgd cipher adiantum.

Adiantum is a wide-block cipher, built out of AES, XChaCha12,
Poly1305, and NH, defined in

Paul Crowley and Eric Biggers, `Adiantum: length-preserving
encryption for entry-level processors', IACR Transactions on
Symmetric Cryptology 2018(4), pp. 39--61.

Adiantum provides better security than a narrow-block cipher with CBC
or XTS, because every bit of each sector affects every other bit,
whereas with CBC each block of plaintext only affects the following
blocks of ciphertext in the disk sector, and with XTS each block of
plaintext only affects its own block of ciphertext and nothing else.

Adiantum generally provides much better performance than
constant-time AES-CBC or AES-XTS software do without hardware
support, and performance comparable to or better than the
variable-time (i.e., leaky) AES-CBC and AES-XTS software we had
before. (Note: Adiantum also uses AES as a subroutine, but only once
per disk sector. It takes only a small fraction of the time spent by
Adiantum, so there's relatively little performance impact to using
constant-time AES software over using variable-time AES software for
it.)

Adiantum naturally scales to essentially arbitrary disk sector sizes;
sizes >=1024-bytes take the most advantage of Adiantum's design for
performance, so 4096-byte sectors would be a natural choice if we
taught cgd to change the disk sector size. (However, it's a
different cipher for each disk sector size, so it _must_ be a cgd
parameter.)

The paper presents a similar construction HPolyC. The salient
difference is that HPolyC uses Poly1305 directly, whereas Adiantum
uses Poly1395(NH(...)). NH is annoying because it requires a
1072-byte key, which means the test vectors are ginormous, and
changing keys is costly; HPolyC avoids these shortcomings by using
Poly1305 directly, but HPolyC is measurably slower, costing about
1.5x what Adiantum costs on 4096-byte sectors.

For the purposes of cgd, we will reuse each key for many messages,
and there will be very few keys in total (one per cgd volume) so --
except for the annoying verbosity of test vectors -- the tradeoff
weighs in the favour of Adiantum, especially if we teach cgd to do
>>512-byte sectors.

For now, everything that Adiantum needs beyond what's already in the
kernel is gathered into a single file, including NH, Poly1305, and
XChaCha12. We can split those out -- and reuse them, and provide MD
tuned implementations, and so on -- as needed; this is just a first
pass to get Adiantum implemented for experimentation.

H A Dadiantum.c1.1 Mon Jun 29 23:44:01 GMT 2020 riastradh New cgd cipher adiantum.

Adiantum is a wide-block cipher, built out of AES, XChaCha12,
Poly1305, and NH, defined in

Paul Crowley and Eric Biggers, `Adiantum: length-preserving
encryption for entry-level processors', IACR Transactions on
Symmetric Cryptology 2018(4), pp. 39--61.

Adiantum provides better security than a narrow-block cipher with CBC
or XTS, because every bit of each sector affects every other bit,
whereas with CBC each block of plaintext only affects the following
blocks of ciphertext in the disk sector, and with XTS each block of
plaintext only affects its own block of ciphertext and nothing else.

Adiantum generally provides much better performance than
constant-time AES-CBC or AES-XTS software do without hardware
support, and performance comparable to or better than the
variable-time (i.e., leaky) AES-CBC and AES-XTS software we had
before. (Note: Adiantum also uses AES as a subroutine, but only once
per disk sector. It takes only a small fraction of the time spent by
Adiantum, so there's relatively little performance impact to using
constant-time AES software over using variable-time AES software for
it.)

Adiantum naturally scales to essentially arbitrary disk sector sizes;
sizes >=1024-bytes take the most advantage of Adiantum's design for
performance, so 4096-byte sectors would be a natural choice if we
taught cgd to change the disk sector size. (However, it's a
different cipher for each disk sector size, so it _must_ be a cgd
parameter.)

The paper presents a similar construction HPolyC. The salient
difference is that HPolyC uses Poly1305 directly, whereas Adiantum
uses Poly1395(NH(...)). NH is annoying because it requires a
1072-byte key, which means the test vectors are ginormous, and
changing keys is costly; HPolyC avoids these shortcomings by using
Poly1305 directly, but HPolyC is measurably slower, costing about
1.5x what Adiantum costs on 4096-byte sectors.

For the purposes of cgd, we will reuse each key for many messages,
and there will be very few keys in total (one per cgd volume) so --
except for the annoying verbosity of test vectors -- the tradeoff
weighs in the favour of Adiantum, especially if we teach cgd to do
>>512-byte sectors.

For now, everything that Adiantum needs beyond what's already in the
kernel is gathered into a single file, including NH, Poly1305, and
XChaCha12. We can split those out -- and reuse them, and provide MD
tuned implementations, and so on -- as needed; this is just a first
pass to get Adiantum implemented for experimentation.

/src/sys/arch/arm/dts/
H A Dsun50i-a64-pinebook.dts1.13 Sun Nov 11 11:44:53 GMT 2018 mrg pull across this patch:

https://github.com/anarsoul/linux-2.6/commit/26b3d6f8ffa77cb05066c11967a498d6dacbdc42#diff-61a0580c3eaa34a373cc7ee7ee46dd2a

---
arm64: allwinner: a64: enable Bluetooth On Pinebook

Pinebook has an RTL8723CS WiFi + BT chip, BT is connected to UART1
and uses PL4 as BT reset, PL5 as device wake GPIO, PL6 as host wake GPIO
the I2C controlling signals are connected to R_I2C bus.

Enable it in the device tree.

Signed-off-by: Vasily Khoruzhick <anarsoul@gmail.com>
---

this enables:

[ 1.000019] com1 at simplebus1: ns16550a, working fifo
[ 1.000019] com1: interrupting on GIC irq 33

to attach. more work with firmware and btattach will be required,
for the BT to be actually functional.
/src/sys/sys/
H A Dfstrans.h1.14 Wed May 13 09:21:30 GMT 2020 hannken Add operation fstrans_held(struct mount *), true if the current thread
holds a fstrans lock.

Ride 9.99.61

/src/lib/libc/time/
H A Dstrftime.31.32 Sat Dec 24 05:33:51 GMT 2016 abhinav branches: 1.32.2;
As per C99 the range of values for the %S format specifier is [0,60]
rather than [0,61]. The standard has removed mention of double leap seconds.
The standard has give the following rationale in the time.h man page:

"The range [0,60] seconds allows for positive or negative leap seconds.
The formal definition of UTC does not permit double leap seconds, so all
mention of double leap seconds has been removed, and the range shortened
from the former [0,61] seconds seen in previous versions of POSIX."

1.32 Sat Dec 24 05:33:51 GMT 2016 abhinav branches: 1.32.2;
As per C99 the range of values for the %S format specifier is [0,60]
rather than [0,61]. The standard has removed mention of double leap seconds.
The standard has give the following rationale in the time.h man page:

"The range [0,60] seconds allows for positive or negative leap seconds.
The formal definition of UTC does not permit double leap seconds, so all
mention of double leap seconds has been removed, and the range shortened
from the former [0,61] seconds seen in previous versions of POSIX."

1.14 Sun Aug 18 06:27:49 GMT 2002 yamt - Mention leap seconds as the reason for (00-61)
- include blurb about ISO 8601 dates straight from strftime.c
from OpenBSD.

H A Dstrptime.31.6 Thu Mar 19 16:21:35 GMT 1998 tv Fixes from PRs 5056 and 5161, partly rethought:
- %C and %y can be used in conjunction properly, though %y can have its
old behaviour if used without %C
- %I formats hous 0..11 with 0 representing "12"; this is correct both
with and without am/pm (%p rule fixed to compensate)
- %j fixed for range [0..365] in struct tm
- %m fixed for range [0..11] in struct tm
- %S fixed for range [0..61] in struct tm

H A Dstrptime.c1.13 Thu Mar 19 16:21:35 GMT 1998 tv Fixes from PRs 5056 and 5161, partly rethought:
- %C and %y can be used in conjunction properly, though %y can have its
old behaviour if used without %C
- %I formats hous 0..11 with 0 representing "12"; this is correct both
with and without am/pm (%p rule fixed to compensate)
- %j fixed for range [0..365] in struct tm
- %m fixed for range [0..11] in struct tm
- %S fixed for range [0..61] in struct tm

/src/sys/arch/i386/i386/
H A Ddb_machdep.c1.5 Sat Jan 11 17:11:50 GMT 2014 christos branches: 1.5.6;
stop ddb backtrace at Xsoftintr() (Richard Hansen)

Stop unwinding frames when db_stack_trace_print() encouters
Xsoftintr(). This avoids a recursive panic() due to an invalid
pointer dereference when a software interrupt panic()s.

Here's what happens without this change:

When db_stack_trace_print() runs during a panic() and db_nextframe()
encounters the Xsoftintr() frame, db_nextframe() does the following at
db_machdep.c:292:

1. checks to see if there's a Xsoftintr() symbol (there is)
2. checks to see if the frame corresponds to an interrupt (the
symbol name begins with "Xsoft" so it does)

If both of the above are true (they are), db_nextframe() at
db_machdep.c:303 tries to get a pointer to a struct intrframe.
According to the comment at line 300, the second argument passed to
Xsoftintr() is a pointer to a struct intrframe. However, the comment
and the corresponding code are not correct -- Xsoftintr() doesn't take
any arguments[1]. Attempting to fetch the second argument only yields
stack garbage, not a struct intrframe. This causes db_machdep.c:307
to dereference a bad pointer, triggering the recursive panic().

[1] Xsoftintr() is called by Xspllower() which is called by splx()
a.k.a. spllower(). Neither Xspllower() nor Xsoftintr() set up a
standard frame when called (they don't do 'pushl %ebp; movl %esp,
%ebp'), so Xsoftintr()'s %ebp is the same as splx()'s %ebp. This
makes splx()'s arguments look like Xsoftintr()'s arguments, and
splx() does not take any arguments.

You can reproduce the recursive panic by reverting this change and
adding a call to panic() inside ipintr(). The backtrace will look
like the following (the line numbers you see might differ from these
line numbers -- this backtrace was generated from a slightly modified
version of the NetBSD 6.1 kernel):

#0 vpanic (fmt=0xc0ba995b "trap", ap=0xdaa51730) at /usr/src/sys/kern/subr_prf.c:211
#1 0xc0790529 in panic (fmt=0xc0ba995b "trap") at /usr/src/sys/kern/subr_prf.c:205
#2 0xc07decbc in trap (frame=0xdaa517c0) at /usr/src/sys/arch/i386/i386/trap.c:396
#3 0xc010cf48 in ?? () at /usr/src/sys/arch/i386/i386/vector.S:983
#4 0xc02857f0 in db_get_value (addr=56, size=4, is_signed=false) at /usr/src/sys/ddb/db_access.c:72
#5 0xc028a09a in db_nextframe (nextframe=0xdaa51b40, retaddr=0xdaa51b3c, arg0=0xdaa51b38, ip=0xdaa51b34, argp=0xdaa51d88, is_trap=0, pr=0xc07901b5 <printf>) at /usr/src/sys/arch/i386/i386/db_machdep.c:308
#6 0xc028be2b in db_stack_trace_print (addr=<optimized out>, have_addr=true, count=65533, modif=0xc0bb44bf "", pr=0xc07901b5 <printf>) at /usr/src/sys/arch/x86/x86/db_trace.c:275
#7 0xc07903cb in vpanic (fmt=0xc0b6ba76 "testing", ap=0xdaa51d4c) at /usr/src/sys/kern/subr_prf.c:296
#8 0xc0790529 in panic (fmt=0xc0b6ba76 "testing") at /usr/src/sys/kern/subr_prf.c:205
#9 0xc04e3d4f in ipintr () at /usr/src/sys/netinet/ip_input.c:369
#10 0xc054ac0d in softint_execute (s=<optimized out>, si=<optimized out>, l=<optimized out>) at /usr/src/sys/kern/kern_softint.c:543
#11 softint_dispatch (pinned=0xc4085560, s=4) at /usr/src/sys/kern/kern_softint.c:825
#12 0xc0100fdb in ?? () at /usr/src/sys/arch/i386/i386/spl.S:390
#13 0xc07d2e11 in tcp_usrreq (so=0xc40b0534, req=4, m=0x0, nam=0xc317ba00, control=0x0, l=0xc4085560) at /usr/src/sys/netinet/tcp_usrreq.c:615
#14 0xc04bb300 in tcp_usrreq_wrapper (a=0xc40b0534, b=4, c=0x0, d=0xc317ba00, e=0x0, f=0xc4085560) at /usr/src/sys/netinet/in_proto.c:164
#15 0xc0839006 in soconnect (so=0xc40b0534, nam=0xc317ba00, l=0xc4085560) at /usr/src/sys/kern/uipc_socket.c:821
#16 0xc083c4ce in do_sys_connect (l=0xc4085560, fd=4, nam=0xc317ba00) at /usr/src/sys/kern/uipc_syscalls.c:371
#17 0xc083dbeb in sys_connect (l=0xc4085560, uap=0xdbc27d00, retval=0xdbc27d28) at /usr/src/sys/kern/uipc_syscalls.c:350
#18 0xc07b1b4a in sy_call (rval=0xdbc27d28, uap=0xdbc27d00, l=0xc4085560, sy=0xc0c2f018) at /usr/src/sys/sys/syscallvar.h:61
#19 syscall (frame=0xdbc27d48) at /usr/src/sys/arch/x86/x86/syscall.c:179
#20 0xc010056d in ?? () at /usr/src/sys/arch/i386/i386/locore.S:1160
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

/src/sys/dev/ata/
H A Dwdvar.h1.38 Thu Dec 17 21:03:10 GMT 2009 bouyer branches: 1.38.12;
ATA sepcs changed the LBA48 boundary from 0xfffffff to 0xffffffe between
ATA6r1 and ATA6r3, which caused drives conform to ATA6r3 or later to
reject LBA28 commands at sector 0xfffffff.
Get the right idea from the LBA48 boundary from IDENTIFY words 60-61.
Remove the WD_QUIRK_FORCE_LBA48 quirk, associated tables entries and
autodetect code, it's not needed any more.
Based on patch sent to teck-kern by Christoph Badura, use of words 60-61
instead of a constant for the LBA48 boundary by me.
1.38 Thu Dec 17 21:03:10 GMT 2009 bouyer branches: 1.38.12;
ATA sepcs changed the LBA48 boundary from 0xfffffff to 0xffffffe between
ATA6r1 and ATA6r3, which caused drives conform to ATA6r3 or later to
reject LBA28 commands at sector 0xfffffff.
Get the right idea from the LBA48 boundary from IDENTIFY words 60-61.
Remove the WD_QUIRK_FORCE_LBA48 quirk, associated tables entries and
autodetect code, it's not needed any more.
Based on patch sent to teck-kern by Christoph Badura, use of words 60-61
instead of a constant for the LBA48 boundary by me.
/src/sys/dev/
H A Dcgd_crypto.c1.26 Mon Jun 29 23:44:01 GMT 2020 riastradh New cgd cipher adiantum.

Adiantum is a wide-block cipher, built out of AES, XChaCha12,
Poly1305, and NH, defined in

Paul Crowley and Eric Biggers, `Adiantum: length-preserving
encryption for entry-level processors', IACR Transactions on
Symmetric Cryptology 2018(4), pp. 39--61.

Adiantum provides better security than a narrow-block cipher with CBC
or XTS, because every bit of each sector affects every other bit,
whereas with CBC each block of plaintext only affects the following
blocks of ciphertext in the disk sector, and with XTS each block of
plaintext only affects its own block of ciphertext and nothing else.

Adiantum generally provides much better performance than
constant-time AES-CBC or AES-XTS software do without hardware
support, and performance comparable to or better than the
variable-time (i.e., leaky) AES-CBC and AES-XTS software we had
before. (Note: Adiantum also uses AES as a subroutine, but only once
per disk sector. It takes only a small fraction of the time spent by
Adiantum, so there's relatively little performance impact to using
constant-time AES software over using variable-time AES software for
it.)

Adiantum naturally scales to essentially arbitrary disk sector sizes;
sizes >=1024-bytes take the most advantage of Adiantum's design for
performance, so 4096-byte sectors would be a natural choice if we
taught cgd to change the disk sector size. (However, it's a
different cipher for each disk sector size, so it _must_ be a cgd
parameter.)

The paper presents a similar construction HPolyC. The salient
difference is that HPolyC uses Poly1305 directly, whereas Adiantum
uses Poly1395(NH(...)). NH is annoying because it requires a
1072-byte key, which means the test vectors are ginormous, and
changing keys is costly; HPolyC avoids these shortcomings by using
Poly1305 directly, but HPolyC is measurably slower, costing about
1.5x what Adiantum costs on 4096-byte sectors.

For the purposes of cgd, we will reuse each key for many messages,
and there will be very few keys in total (one per cgd volume) so --
except for the annoying verbosity of test vectors -- the tradeoff
weighs in the favour of Adiantum, especially if we teach cgd to do
>>512-byte sectors.

For now, everything that Adiantum needs beyond what's already in the
kernel is gathered into a single file, including NH, Poly1305, and
XChaCha12. We can split those out -- and reuse them, and provide MD
tuned implementations, and so on -- as needed; this is just a first
pass to get Adiantum implemented for experimentation.

/src/sys/dev/pci/
H A Dvioscsi.c1.7 Tue Oct 04 18:20:49 GMT 2016 jdolecek vioscsi_req_get()/virtio_enqueue_prep() failing is actually perfectly
normal - observed failures included 10, 27, 61 in-flight commands,
so probably depends on particular command mix; return with
XS_RESOURCE_SHORTAGE rather then panic

do vioscsi_req_put() when initial bus_dmamap_load() fails, as suggested
by the XXX; the vq_done hook is called by virtio, but in that case we never
get to commit the request to it
/src/sys/rump/kern/lib/libcrypto/
H A DMakefile1.8 Mon Jun 29 23:44:01 GMT 2020 riastradh New cgd cipher adiantum.

Adiantum is a wide-block cipher, built out of AES, XChaCha12,
Poly1305, and NH, defined in

Paul Crowley and Eric Biggers, `Adiantum: length-preserving
encryption for entry-level processors', IACR Transactions on
Symmetric Cryptology 2018(4), pp. 39--61.

Adiantum provides better security than a narrow-block cipher with CBC
or XTS, because every bit of each sector affects every other bit,
whereas with CBC each block of plaintext only affects the following
blocks of ciphertext in the disk sector, and with XTS each block of
plaintext only affects its own block of ciphertext and nothing else.

Adiantum generally provides much better performance than
constant-time AES-CBC or AES-XTS software do without hardware
support, and performance comparable to or better than the
variable-time (i.e., leaky) AES-CBC and AES-XTS software we had
before. (Note: Adiantum also uses AES as a subroutine, but only once
per disk sector. It takes only a small fraction of the time spent by
Adiantum, so there's relatively little performance impact to using
constant-time AES software over using variable-time AES software for
it.)

Adiantum naturally scales to essentially arbitrary disk sector sizes;
sizes >=1024-bytes take the most advantage of Adiantum's design for
performance, so 4096-byte sectors would be a natural choice if we
taught cgd to change the disk sector size. (However, it's a
different cipher for each disk sector size, so it _must_ be a cgd
parameter.)

The paper presents a similar construction HPolyC. The salient
difference is that HPolyC uses Poly1305 directly, whereas Adiantum
uses Poly1395(NH(...)). NH is annoying because it requires a
1072-byte key, which means the test vectors are ginormous, and
changing keys is costly; HPolyC avoids these shortcomings by using
Poly1305 directly, but HPolyC is measurably slower, costing about
1.5x what Adiantum costs on 4096-byte sectors.

For the purposes of cgd, we will reuse each key for many messages,
and there will be very few keys in total (one per cgd volume) so --
except for the annoying verbosity of test vectors -- the tradeoff
weighs in the favour of Adiantum, especially if we teach cgd to do
>>512-byte sectors.

For now, everything that Adiantum needs beyond what's already in the
kernel is gathered into a single file, including NH, Poly1305, and
XChaCha12. We can split those out -- and reuse them, and provide MD
tuned implementations, and so on -- as needed; this is just a first
pass to get Adiantum implemented for experimentation.
/src/bin/date/
H A Ddate.11.44 Tue Jan 03 16:01:05 GMT 2017 abhinav The range of the SS field is [0,60]

From the POSIX time.h man page:
"The formal definition of UTC does not permit double leap seconds, so all mention of double leap seconds has been removed, and the range shortened from the former [0,61] seconds seen in previous versions of POSIX."
/src/include/
H A Dtime.h1.14 Sun Nov 02 18:31:38 GMT 1997 kleink * Move prototypes of clock_getres(), clock_gettime() and clock_settime() from
<sys/time.h> to this file.
* Update range comment wrt. the tm_sec member of struct tm to [0-61] (double
leap seconds are supported).
/src/sys/kern/
H A Dvfs_trans.c1.62 Wed May 13 09:21:30 GMT 2020 hannken Add operation fstrans_held(struct mount *), true if the current thread
holds a fstrans lock.

Ride 9.99.61

/src/sys/arch/arc/conf/
H A Dfiles.arc1.30 Tue May 22 03:22:49 GMT 2001 soda bus_space'fied fd driver by TSUTSUI Izumi,
works with PICA-61 and Microsoft-Jazz,
but still doesn't work with his NEC-JC94 (NEC Express 5800/230)
due to data overrun.

Completed in 104 milliseconds

123