Commit Graph

1070 Commits

Author SHA1 Message Date
dholland 53166c520a arm bswap32: fix fatal typo in thumb code (PR 55854) 2020-12-11 09:02:33 +00:00
dholland 3818c9a287 arm bswap32: Improve the comments showing the byte flow.
It's confusing to use 1-4 for bytes 1-4 and then 0 for literal zero,
so use a-d for bytes 1-4.
2020-12-09 02:46:57 +00:00
skrll e3ee4da69b Use the correct barriers - all of membar_{sync,producer,consumer} have
less scope than before.

LGTM from riastradh
2020-10-13 21:22:12 +00:00
skrll cfd51b63e1 Remove memory barriers from the atomic ops macros in the same way as was
done for the other atomic ops earlier.
2020-10-13 21:17:35 +00:00
skrll 058bd28709 Define _ARM_ARCH_8 when __ARM_ARCH_8A (no trailing double underscore) as
it is defined by gcc.

__ARM_ARCH_8A__ (with trailing double underscore) seems to be a typo (or
maybe historical)
2020-10-11 16:22:02 +00:00
skrll 7cbf2902dd Comment nit 2020-10-07 07:31:47 +00:00
jakllsch aeb04dceb1 Re-do previous aarch64eb strlen fix more simply and correctly. 2020-09-09 14:49:27 +00:00
mrg ebde11d941 make some prototypes match the builtin properly. GCC 9 complains
with the old version, GCC 8 is happy with this version.

tested on sparc.
2020-09-07 00:52:19 +00:00
jakllsch ea3caf96e6 Fix a broken corner case of strlen()/strnlen() on aarch64eb
Previously a string such as "\x1\x1\x1\x1\x1\x1\x1" would count as
0 instead of 7 on BE.
2020-09-05 20:24:43 +00:00
jakllsch d0f28ec00a Remove unused assembly source files 2020-09-03 16:45:49 +00:00
jakllsch 835e43960b Fix typo/pasteo in aarch64 clzdi2() END() 2020-09-02 15:43:06 +00:00
skrll e16659bb50 Part I of ad@'s performance improvements for aarch64
- Remove memory barriers from the atomic ops.  I don't understand why those
  are there.  Is it some architectural thing, or for a CPU bug, or just
  over-caution maybe?  They're not needed for correctness.

- Have unlikely conditional branches go forwards to help the static branch
  predictor.
2020-08-12 12:59:57 +00:00
skrll 76b3785162 More SYNC centralisation 2020-08-10 14:37:38 +00:00
skrll bf8d907e75 Centralise SYNC/BDSYNC in asm.h and introduce a new LLCSCSYNC and use it
before any ll/sc sequences.

Define LLSCSYNC as syncw; syncw for cnMIPS - issue two as early cnMIPS
has errat{um,a} that means the first can fail.
2020-08-06 10:00:20 +00:00
skrll 6d4375e1ca Trailing whitespace 2020-08-01 09:26:49 +00:00
christos d3ce6b6028 Fix lint 2020-06-20 00:16:50 +00:00
christos 3df41e0b22 remove error(1) comments 2020-06-15 00:46:00 +00:00
christos ad3c244aa9 add/fix linted comments 2020-06-14 21:31:01 +00:00
christos e0cecd8234 Fix incorrect type (found by lint), and add linted comments for the
long long -> long (uintmax_t on LP64)
2020-06-14 21:28:58 +00:00
thorpej 6620d0c742 Change previous to only apply when building with clang. 2020-06-12 00:02:26 +00:00
joerg 3c4ddcbfa9 Unbreak clang builds by removing questionable linker warning sections
trggered all over the place.
2020-06-11 22:25:44 +00:00
thorpej f2709a687f Fix a paste-o that caused prop_data_create_copy() to be intolerant
of creating empty data objects.  Fixes t_ifconfig::ifconfig_description
unit test.
2020-06-08 21:31:56 +00:00
thorpej bde2909f86 Update for proplib(3) API changes. 2020-06-06 22:28:07 +00:00
thorpej b1bbd8163d Correct a deprecation warning. 2020-06-06 22:23:31 +00:00
thorpej a792b8435e Improvements to the problib(3) API:
==> Provide a much more complete set of setters and getters for different
    value types in the prop_array_util(3) and prop_dictionary_util(3)
    functions.

==> Overhaul the prop_data(3), prop_number(3), and prop_string(3) APIs
    to be easier to use and less awkwardly named,  Deprecate the old
    awkward names, and produce link-time warnings when they are referenced.

==> Deprecate mutable prop_data(3) and prop_string(3) objects.  The old
    APIs that support them still exist, but will now produce link-time
    warnings when used.

==> When the new prop_string(3) API is used, strings are internally
    de-duplicated as a memory footprint optimization.

==> Provide a rich set of bounds-checked gettter functions in and a
    corresponding set of convenience setters in the prop_number(3) API.

==> Add a new prop_bool_value(3) function that is equivalent to
    prop_bool_true(3), but aligned with the new "value" routines in
    prop_data(3), prop_string(3), and prop_number(3).
2020-06-06 21:25:59 +00:00
rin 9769066979 Fix typo in comment. 2020-05-31 12:37:07 +00:00
rin 3a564f248f Add m68k assembler version of __muldi3().
This is intended for 68060:
  - GCC does not emit __muldi3() for 68020-40, that have 32 * 32 --> 64 mulul
  - mulsl (and moveml), used in this code, are not implemented for 68010

In comparison with that from compiler_rt, this version saves:
  - 12% of processing time
  - 12 bytes of stack
  - 50 bytes of code size
Also, slightly faster, memory saving, and smaller than libgcc version.

By examining with evcnt(9), __muldi3() is invoked more than 1000 times per
sec by kernel, which should justify to introduce assembler version of this
function.
2020-05-31 11:43:37 +00:00
riastradh 00fb1a3a30 Merge updates from upstream to reduce stack usage of SHA3_Selftest. 2020-05-30 18:40:28 +00:00
martin 8be1e866ab PR 55239: initialize all RAS sections for non-MP configurations 2020-05-15 15:20:40 +00:00
msaitoh 8012ca3f0e Remove extra semicolon. 2020-05-14 08:34:17 +00:00
maxv 712bef211f Use the hotpatch framework when patching _atomic_cas_64. 2020-05-01 08:32:50 +00:00
riastradh 5084c1b50f Rewrite entropy subsystem.
Primary goals:

1. Use cryptography primitives designed and vetted by cryptographers.
2. Be honest about entropy estimation.
3. Propagate full entropy as soon as possible.
4. Simplify the APIs.
5. Reduce overhead of rnd_add_data and cprng_strong.
6. Reduce side channels of HWRNG data and human input sources.
7. Improve visibility of operation with sysctl and event counters.

Caveat: rngtest is no longer used generically for RND_TYPE_RNG
rndsources.  Hardware RNG devices should have hardware-specific
health tests.  For example, checking for two repeated 256-bit outputs
works to detect AMD's 2019 RDRAND bug.  Not all hardware RNGs are
necessarily designed to produce exactly uniform output.

ENTROPY POOL

- A Keccak sponge, with test vectors, replaces the old LFSR/SHA-1
  kludge as the cryptographic primitive.

- `Entropy depletion' is available for testing purposes with a sysctl
  knob kern.entropy.depletion; otherwise it is disabled, and once the
  system reaches full entropy it is assumed to stay there as far as
  modern cryptography is concerned.

- No `entropy estimation' based on sample values.  Such `entropy
  estimation' is a contradiction in terms, dishonest to users, and a
  potential source of side channels.  It is the responsibility of the
  driver author to study the entropy of the process that generates
  the samples.

- Per-CPU gathering pools avoid contention on a global queue.

- Entropy is occasionally consolidated into global pool -- as soon as
  it's ready, if we've never reached full entropy, and with a rate
  limit afterward.  Operators can force consolidation now by running
  sysctl -w kern.entropy.consolidate=1.

- rndsink(9) API has been replaced by an epoch counter which changes
  whenever entropy is consolidated into the global pool.
  . Usage: Cache entropy_epoch() when you seed.  If entropy_epoch()
    has changed when you're about to use whatever you seeded, reseed.
  . Epoch is never zero, so initialize cache to 0 if you want to reseed
    on first use.
  . Epoch is -1 iff we have never reached full entropy -- in other
    words, the old rnd_initial_entropy is (entropy_epoch() != -1) --
    but it is better if you check for changes rather than for -1, so
    that if the system estimated its own entropy incorrectly, entropy
    consolidation has the opportunity to prevent future compromise.

- Sysctls and event counters provide operator visibility into what's
  happening:
  . kern.entropy.needed - bits of entropy short of full entropy
  . kern.entropy.pending - bits known to be pending in per-CPU pools,
    can be consolidated with sysctl -w kern.entropy.consolidate=1
  . kern.entropy.epoch - number of times consolidation has happened,
    never 0, and -1 iff we have never reached full entropy

CPRNG_STRONG

- A cprng_strong instance is now a collection of per-CPU NIST
  Hash_DRBGs.  There are only two in the system: user_cprng for
  /dev/urandom and sysctl kern.?random, and kern_cprng for kernel
  users which may need to operate in interrupt context up to IPL_VM.

  (Calling cprng_strong in interrupt context does not strike me as a
  particularly good idea, so I added an event counter to see whether
  anything actually does.)

- Event counters provide operator visibility into when reseeding
  happens.

INTEL RDRAND/RDSEED, VIA C3 RNG (CPU_RNG)

- Unwired for now; will be rewired in a subsequent commit.
2020-04-30 03:28:18 +00:00
maxv 129e4c2b33 Use the hotpatch framework for LFENCE/MFENCE. 2020-04-26 14:49:17 +00:00
maxv f012eec2fe Remove unused argument in macro. 2020-04-26 13:59:44 +00:00
maxv e18b0a4638 Remove unused. 2020-04-26 13:54:02 +00:00
maxv 88b0d179cd Drop the hardcoded array, use the hotpatch section. 2020-04-26 13:37:14 +00:00
bouyer c24c993fe4 Merge the bouyer-xenpvh branch, bringing in Xen PV drivers support under HVM
guests in GENERIC.
Xen support can be disabled at runtime with
boot -c
disable hypervisor
2020-04-25 15:26:16 +00:00
rin 27f1060c62 Restrict usage of m68k assembler versions of {,u}divsi3 and {,u}divsi3 to
kernel and bootloader for 68010.

They requires a special calling convention to udivsi3, and cannot to be
mixed up in normal routines provided by libgcc or compiler_rt. Although,
there's no problem for using them in a controlled situation, i.e., kernel
and standalone programs.

Note that this does not affect at all m68k ports other than sun2, since
codes generated by gcc do not call these routines.

Assembler files are moved from common/lib/libc/arch/m68k/gen to
sys/lib/libkern/arch/m68k in order not to be compiled in libc.

Revert hack introduced to lib/libc/compiler_rt/Makefile.inc rev 1.37:
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/compiler_rt/Makefile.inc#rev1.37

Proposed on port-sun2@ with no response...
(Again, this does not affect m68k ports other than sun2.)
http://mail-index.netbsd.org/port-sun2/2020/03/10/msg000102.html
2020-04-22 11:28:56 +00:00
ryo adc5085fcd Fixed to not use the "br" instruction. Branch Target Identification (BTI) doesn't like "br".
requested by maxv@
2020-04-11 05:12:52 +00:00
ad 5ff779fe83 Match the naming convention in the file. 2020-04-11 01:46:47 +00:00
ad f1ed81b8fc PR kern/54979 (radixtree might misbehave if ENOMEM)
- radix_tree_insert_node(): if the insert failed due to ENOMEM, roll back
  any updates made to the tree.

- radix_tree_grow(): either succeed or fail, never make partial adjustments
  to the tree.

- radix_tree_await_memory(): allocate & free the maximum possible number of
  nodes required by any insertion.
2020-04-10 23:43:05 +00:00
ad 5e0de1ec0e Rename radix_tree_node_clean_p() to radix_tree_node_sum() and have it return
the computed sum.  Use to replace any_children_tagmask().  Simpler & faster.
2020-04-10 21:56:41 +00:00
skrll a6a8f0073d Fix KASAN build on aarch64 2020-04-07 08:07:58 +00:00
wiz 81e8a3b48e Teach dk(4) about ZFS.
"looks ok" mlelstv
2020-03-30 08:36:09 +00:00
rin 880f104786 For kernel, rename ffs to __ffssi2 rather than having a weak symbol.
This enables us to load modules depended to __ffssi2.

It is difficult to deal with weak symbols consistently in in-kernel
linker. See explanation by pgoyette on tech-kern:

    http://mail-index.netbsd.org/tech-kern/2020/03/09/msg026148.html

Also, we do not currently provide ffs(9) as a kernel routine.
2020-03-10 08:15:44 +00:00
rin ee127cc58e Add missing END() for coldfire. 2020-03-09 13:36:10 +00:00
skrll 7680719e6b Give the thumb atomic ops a chance of working 2020-03-09 11:21:54 +00:00
rin da092eb7d2 Remove wrong comment (copy-paste from somewhere);
__mulsi3 does not depend on __udivsi3.
2020-03-09 08:29:11 +00:00
kamil 7f5eec67a9 Add support for alignment_assumptions in uubsan
Cherry-pick from FreeBSD:

From 7c1bc5ffc2fa68ddc76e5ea8a3a1a6fdfeee57f0 Mon Sep 17 00:00:00 2001
From: andrew <andrew@FreeBSD.org>
Date: Tue, 28 May 2019 09:12:15 +0000
Subject: [PATCH] Teach the kernel KUBSAN runtime about alignment_assumption

This checks the alignment of a given pointer is sufficient for the
requested alignment asked for. This fixes the build with a recent
llvm/clang.

Sponsored by:	DARPA, AFRL
2020-03-08 21:35:03 +00:00
rin fd255ae543 Implement workaround for IBM405 Errata 77 (aka CPU_210), where
interrupted stwcx. may errantly write data to memory:

    https://elinux.org/images/1/1d/Ppc405gp-errata.pdf

This is because stwcx. is split into two pieces in the pipeline.

We need to
(1) insert dcbt before every stwcx. instruction, as well as
(2) insert sync before every rfi/rfci instruction.

It is unclear which processors are affected, but according to Linux,
all 405-based cores up until 405GPR and 405EP are affected:

    https://github.com/torvalds/linux/blob/master/arch/powerpc/platforms/40x/Kconfig#L140

For kernel, this workaround can be restricted to affected processors.
However, for kernel modules and userland, we have to enable it for all
32bit powerpc archs in order to share common binaries as before.

Proposed on port-powerpc:

    http://mail-index.netbsd.org/port-powerpc/2020/02/21/msg003583.html
2020-03-01 23:23:36 +00:00