Commit Graph

276534 Commits

Author SHA1 Message Date
riastradh f385d5ca9e Convert ether_input from rnd_initial_entropy to entropy_epoch(). 2020-04-30 03:29:55 +00:00
riastradh 2c43339709 Count cprng_fast reseed events. 2020-04-30 03:29:45 +00:00
riastradh 66a63640d3 Adapt cprng_fast to use entropy_epoch(), not rnd_initial_entropy.
This way it has an opportunity to be reseeded after boot.
2020-04-30 03:29:35 +00:00
riastradh c9d3d505bf Simplify Intel RDRAND/RDSEED and VIA C3 RNG API.
Push it all into MD x86 code to keep it simpler, until we have other
examples on other CPUs.  Simplify RDSEED-to-RDRAND fallback.
Eliminate cpu_earlyrng in favour of just using entropy_extract, which
is available early now.
2020-04-30 03:29:19 +00:00
riastradh 5084c1b50f Rewrite entropy subsystem.
Primary goals:

1. Use cryptography primitives designed and vetted by cryptographers.
2. Be honest about entropy estimation.
3. Propagate full entropy as soon as possible.
4. Simplify the APIs.
5. Reduce overhead of rnd_add_data and cprng_strong.
6. Reduce side channels of HWRNG data and human input sources.
7. Improve visibility of operation with sysctl and event counters.

Caveat: rngtest is no longer used generically for RND_TYPE_RNG
rndsources.  Hardware RNG devices should have hardware-specific
health tests.  For example, checking for two repeated 256-bit outputs
works to detect AMD's 2019 RDRAND bug.  Not all hardware RNGs are
necessarily designed to produce exactly uniform output.

ENTROPY POOL

- A Keccak sponge, with test vectors, replaces the old LFSR/SHA-1
  kludge as the cryptographic primitive.

- `Entropy depletion' is available for testing purposes with a sysctl
  knob kern.entropy.depletion; otherwise it is disabled, and once the
  system reaches full entropy it is assumed to stay there as far as
  modern cryptography is concerned.

- No `entropy estimation' based on sample values.  Such `entropy
  estimation' is a contradiction in terms, dishonest to users, and a
  potential source of side channels.  It is the responsibility of the
  driver author to study the entropy of the process that generates
  the samples.

- Per-CPU gathering pools avoid contention on a global queue.

- Entropy is occasionally consolidated into global pool -- as soon as
  it's ready, if we've never reached full entropy, and with a rate
  limit afterward.  Operators can force consolidation now by running
  sysctl -w kern.entropy.consolidate=1.

- rndsink(9) API has been replaced by an epoch counter which changes
  whenever entropy is consolidated into the global pool.
  . Usage: Cache entropy_epoch() when you seed.  If entropy_epoch()
    has changed when you're about to use whatever you seeded, reseed.
  . Epoch is never zero, so initialize cache to 0 if you want to reseed
    on first use.
  . Epoch is -1 iff we have never reached full entropy -- in other
    words, the old rnd_initial_entropy is (entropy_epoch() != -1) --
    but it is better if you check for changes rather than for -1, so
    that if the system estimated its own entropy incorrectly, entropy
    consolidation has the opportunity to prevent future compromise.

- Sysctls and event counters provide operator visibility into what's
  happening:
  . kern.entropy.needed - bits of entropy short of full entropy
  . kern.entropy.pending - bits known to be pending in per-CPU pools,
    can be consolidated with sysctl -w kern.entropy.consolidate=1
  . kern.entropy.epoch - number of times consolidation has happened,
    never 0, and -1 iff we have never reached full entropy

CPRNG_STRONG

- A cprng_strong instance is now a collection of per-CPU NIST
  Hash_DRBGs.  There are only two in the system: user_cprng for
  /dev/urandom and sysctl kern.?random, and kern_cprng for kernel
  users which may need to operate in interrupt context up to IPL_VM.

  (Calling cprng_strong in interrupt context does not strike me as a
  particularly good idea, so I added an event counter to see whether
  anything actually does.)

- Event counters provide operator visibility into when reseeding
  happens.

INTEL RDRAND/RDSEED, VIA C3 RNG (CPU_RNG)

- Unwired for now; will be rewired in a subsequent commit.
2020-04-30 03:28:18 +00:00
riastradh 1154c4b65f Sort includes. 2020-04-30 03:27:15 +00:00
riastradh 825d46aec4 Accept both byte orders for random seed in `rndctl -L'.
The file format was defined with a machine-dependent 32-bit integer
field (the estimated number of bits of entropy in the process that
generated it).  Take whichever byte order gives a number that is
reasonable, i.e. lower than the number of bits in the buffer.

Continue to have `rndctl -S' generate it in machine-dependent byte
order for now, so that if you roll back to an older rndctl(8) then
`rndctl -L' on the same machine will still be able to load it with
the right entropy estimate.  In a future revision, perhaps we can
change it to be little-endian.
2020-04-30 03:24:48 +00:00
riastradh 9d6555baa4 Turn XXX comment into KASSERT. 2020-04-30 03:24:28 +00:00
riastradh 893769cdc8 Don't attach rndsource until it's actually ready to run. 2020-04-30 03:24:15 +00:00
jakllsch 0b202e5fc5 msk(4): rework rx descriptor loading to support multiple segments
This paves the way to replace the driver-internal jumbo frame rx buffer
with other recieve buffers (for example MCLGET/MEXTMALLOC) in the future.
2020-04-30 01:52:08 +00:00
christos b902ab58a2 New kernel example module written by Ayushi Sharma 2020-04-30 00:48:10 +00:00
sevan 4a23f2392c Sync with r1.3 from OpenBSD
"Use correct bit mask to promptly exit rge_set_phy_power() and
rge_exit_oob() timeout loops.

Spotted by CID 1491296 and 1491309."
2020-04-30 00:32:16 +00:00
rillig 0cf5f48424 usr.bin/make: add test case for lazy conditions 2020-04-29 23:15:21 +00:00
rtr abac7a776d LSO large send offload 2020-04-29 22:17:38 +00:00
ad 2c150a86f3 Back out HPET delay & TSC changes to rule them out as the cause for recent
hangs during boot etc.
2020-04-29 22:03:09 +00:00
nia 669bbdba3b unstr: Check that the input filename fits in the buffer. 2020-04-29 21:00:42 +00:00
nia 5774e6823b strfile: Check that input/output filenames don't exceed the buffer size 2020-04-29 20:45:05 +00:00
jakllsch 3af3d2f0c8 msk(4): Simply keep a ring of (tx) dmamaps, rather than a linked list 2020-04-29 20:03:52 +00:00
jakllsch 885c41e89f msk(4): don't keep array of pointers to each ring descriptor
With 512 descriptors each in 2 rings this saves 4KiB (LP32) or 8KiB (LP64)
per interface.
2020-04-29 18:52:03 +00:00
rin c9bd6518f1 PR toolchain/54820
PR toolchain/54877

earmv7hf{,eb}: compile gdb/dwarf2expr.c with -O0 for GCC8

http://cvsweb.netbsd.org/bsdweb.cgi/src/external/gpl3/gdb/lib/libgdb/Makefile#rev1.22
2020-04-29 11:08:40 +00:00
rin 91d0b17ea4 PR toolchain/54820
PR toolchain/54877

GCC 8.4 miscompiles dwarf2expr.c with -O2 or -O1 for earmv7hf{,eb}, which
results in crashes described in the PRs. No upstream fixes up to now. So,
let us disable optimization for this file.

Note that this affects only earmv7hf{,eb} as far as I can see. Crashes do
not occur neither for earmv6hf{,eb} nor earmv7{,eb}.
2020-04-29 11:04:58 +00:00
gson d609938dfa Remove references to "special", as mount_qemufwcfg(8) does not
actually take such an argument.  Discussed with jmcneill.
2020-04-29 09:54:43 +00:00
nia b414aa48a9 usbdevs: regen 2020-04-29 08:06:03 +00:00
nia c176e2865b usbdevs: more Intel Integrated Rate Matching Hub IDs 2020-04-29 08:05:10 +00:00
nia 4dc14cb759 hdaudiodevs: regen 2020-04-29 07:36:22 +00:00
nia fe05beaab7 hdaudiodevs: Add Realtek ALC292 2020-04-29 07:24:53 +00:00
riastradh 8f400c1021 Put forward declaration a little further forward to unbreak build. 2020-04-29 07:18:24 +00:00
mrg 92e849c948 bump ramdisk size to 3200k for gcc 8. yay! 2020-04-29 06:53:46 +00:00
riastradh 499bfa80cb Fix crgetgroups shim.
- Don't use a static buffer for the result.

- kauth_cred_getgroups refuses to return more than the actual number
  of groups, so passing NGROUPS_MAX generally doesn't work.

To avoid patching zfs, just expose struct kauth_cred::cr_groups
directly, with __KAUTH_PRIVATE.  Unclear why the official API only
exposes it via memcpy or copyout anyway.

This makes unprivileged zfs operations work, by anyone with access to
/dev/zfs (which is conventionally mode 777, and which we should maybe
set it to by default; zfs has its own ACL system, zfs allow).
2020-04-29 05:54:37 +00:00
riastradh e6079aec7f Set up more of a fake struct buf, for ldminphys.
Fixes:

arm64# zpool create rpool ld4
[ 198.4376097] panic: Trap: Data Abort (EL1): Translation Fault L1 with read access for 0000000000000178: pc ffffc0000017acf4: opcode f940bc00: ldr x0, [x0,#376]
[ 198.4694793] fp ffffc00073026660 ldminphys() at ffffc0000017acf4 netbsd:ldminphys+0x34
[ 198.4792624] fp ffffc00073026680 vdev_disk_open.part.4() at ffffc000013d4c4c zfs:vdev_disk_open.part.4+0x37c
[ 198.4792624] fp ffffc000730268d0 vdev_open() at ffffc000013d2530 zfs:vdev_open+0x68
[ 198.4792624] fp ffffc00073026920 vdev_open_children() at ffffc000013d2958 zfs:vdev_open_children+0x40
[ 198.4792624] fp ffffc00073026950 vdev_root_open() at ffffc000013dad48 zfs:vdev_root_open+0x30

XXX pullup-9
2020-04-29 04:30:40 +00:00
isaki 841e28ba96 Set AUDIO_BLK_MS 40 msec on other old(slow) architectures not only m68k.
Thanks tsutsui@ for comment about architecture choice.
And move it from audiodef.h to audio.c as suggested by joerg@.
2020-04-29 03:58:27 +00:00
riastradh 0f6461fb7e Reverse sense of NO_STATIC_MODULES -> OPENPAM_STATIC_MODULES.
This avoids leaking NO_STATIC_MODULES into the public header, which
has led to considerable confusion and workarounds in pkgrsc.

PR security/39313
PR security/55216

ok christos
2020-04-29 02:16:56 +00:00
thorpej 91da5a2e36 If the procfs mount is marked as linux-compat, then allow proc lookup
by any LWP ID in the proc, not just the canonical PID.
2020-04-29 01:56:54 +00:00
thorpej a05d1819c9 Fix proc lookup by distinguishing between the "tgid" and "tid" cases. 2020-04-29 01:55:52 +00:00
thorpej 5aee0edc68 Fix proc / lwp lookup processing in linux_sys_sched_getaffinity()
and linux_sys_sched_setaffinity().  They were incorrect even before
the LWP ID changes, but those changes exposed the latent bugs.
2020-04-29 01:55:18 +00:00
thorpej 6925a27fb3 Sanitize the pid and lid arguments passed to do_sched_getparam()
and sys__sched_getaffinity() now that -1 as the pid argument to
lwp_find2() means "wildcard proc".
2020-04-29 01:53:48 +00:00
thorpej 59150873b5 - proc_find() retains traditional semantics of requiring the canonical
PID to look up a proc.  Add a separate proc_find_lwpid() to look up a
  proc by the ID of any of its LWPs.
- Add proc_find_lwp_acquire_proc(), which enables looking up the LWP
  *and* a proc given the ID of any LWP.  Returns with the proc::p_lock
  held.
- Rewrite lwp_find2() in terms of proc_find_lwp_acquire_proc(), and add
  allow the proc to be wildcarded, rather than just curproc or specific
  proc.
- lwp_find2() now subsumes the original intent of lwp_getref_lwpid(), but
  in a much nicer way, so garbage-collect the remnants of that recently
  added mechanism.
2020-04-29 01:52:26 +00:00
thorpej d69d0e707c Oops, fix a silly mistake in the Linux futex syscall stubs -- we also
copy in the timeout for FUTEX_WAIT_BITSET.
2020-04-29 01:44:03 +00:00
ginsbach 2fb3c5f68b Fix spelling errors. 2020-04-28 22:29:32 +00:00
jmcneill b80975f901 regen 2020-04-28 21:48:20 +00:00
jmcneill edf03bff51 Add Realtek ALC293 2020-04-28 21:48:11 +00:00
jmcneill 1dbc2caa9c Detect PAT on the boot processor before cpu0 attaches so the early genfb
attach code can map the framebuffer with write combining.
2020-04-28 21:35:35 +00:00
christos a4e1043998 add a script to load the symbol files of all the modules in the kernel 2020-04-28 19:45:58 +00:00
jmcneill f80d38fbd5 pms_synaptics_enable: no need to send PMS_DEV_ENABLE here because
pms_enable does this for us. Seems to resolve issues with my trackpoint
not working immediately after starting X on ThinkPad X260.
2020-04-28 19:22:58 +00:00
riastradh f3c622e1ff Make FUTEX_WAIT_BITSET(bitset=0) fail with EINVAL to match Linux. 2020-04-28 17:27:03 +00:00
jakllsch 66ac6bee89 Use correct-semantic byteorder(9) functions to provide letoh*() in msk(4) 2020-04-28 17:26:01 +00:00
jakllsch f39b5bb20c Remove unused cargo cult include of <dev/mii/brgphyreg.h> in if_msk.c. 2020-04-28 17:15:48 +00:00
riastradh d02b15d402 Fix waiting on a zero bitset.
The logic in futex_wait assumes there are two paths out:

1. Error (signal or timeout), in which case we take ourselves off the
   queue.

2. Wakeup, in which case the waker takes us off the queue.

But if the user does FUTEX_WAIT_BITSET(bitset=0), as in the
futex_wait_pointless_bitset test, then we will never even go to
sleep, so there will be nobody to wake us as in (2), but it's not an
error as in (1) either.  As a result, we're left on the queue.

Instead, don't bother with any of the wait machinery in that case.
This does not actually match Linux semantics -- Linux returns EINVAL
if bitset is zero.  But let's make sure this passes the releng test
rig as the tests are written now, and then fix both the logic and the
tests -- this is a candidate fix for:

lib/libc/sys/t_futex_ops (277/847): 20 test cases
    futex_basic_wait_wake_private: [6.645189s] Passed.
    futex_basic_wait_wake_shared: [6.572692s] Passed.
    futex_cmp_requeue: [4.624082s] Passed.
    futex_requeue: [4.427191s] Passed.
    futex_wait_pointless_bitset: [0.202865s] Passed.
    futex_wait_timeout_deadline: [ 9074.4164779] panic: TAILQ_INSERT_TAIL 0xffff000056a1ad48 /tmp/bracket/build/2020.04.28.03.00.23-evbarm-aarch64/src/sys/kern/sys_futex.c:826
[ 9074.4340691] cpu0: Begin traceback...
[ 9074.4340691] trace fp ffffc0004ceffb40
[ 9074.4340691] fp ffffc0004ceffb60 vpanic() at ffffc000004aac58 netbsd:vpanic+0x160
[ 9074.4441432] fp ffffc0004ceffbd0 panic() at ffffc000004aad4c netbsd:panic+0x44
[ 9074.4441432] fp ffffc0004ceffc60 futex_wait_enqueue() at ffffc000004b7710 netbsd:futex_wait_enqueue+0x138
[ 9074.4555795] fp ffffc0004ceffc80 futex_func_wait.part.5() at ffffc000004b82f4 netbsd:futex_func_wait.part.5+0x17c
[ 9074.4660518] fp ffffc0004ceffd50 do_futex() at ffffc000004b8cd8 netbsd:do_futex+0x1d0
[ 9074.4660518] fp ffffc0004ceffdf0 sys___futex() at ffffc000004b9078 netbsd:sys___futex+0x50
2020-04-28 16:22:25 +00:00
bouyer 06a2dc5407 Add xbd to the list of valid disks.
Remove hardcoded root on xbd0 for Xen PVHVM, now that the x86 findroot()
knowns about xbd disks.
2020-04-28 15:43:34 +00:00
roy ba3b1f720c inet6: Ensure that route MTU is guarded by ARC_PHDS_MAXMTU
This mirrors the ARP behavior for ARCnet interfaces based on current
kernel RA handling.
2020-04-28 15:12:28 +00:00