1. 25 May, 2020 31 commits
    • Chuck Silvers's avatar
      This commit enables a UFS filesystem to do a forcible unmount when · d79ff54b
      Chuck Silvers authored
      the underlying media fails or becomes inaccessible. For example
      when a USB flash memory card hosting a UFS filesystem is unplugged.
      
      The strategy for handling disk I/O errors when soft updates are
      enabled is to stop writing to the disk of the affected file system
      but continue to accept I/O requests and report that all future
      writes by the file system to that disk actually succeed. Then
      initiate an asynchronous forced unmount of the affected file system.
      
      There are two cases for disk I/O errors:
      
         - ENXIO, which means that this disk is gone and the lower layers
           of the storage stack already guarantee that no future I/O to
           this disk will succeed.
      
         - EIO (or most other errors), which means that this particular
           I/O request has failed but subsequent I/O requests to this
           disk might still succeed.
      
      For ENXIO, we can just clear the error and continue, because we
      know that the file system cannot affect the on-disk state after we
      see this error. For EIO or other errors, we arrange for the geom_vfs
      layer to reject all future I/O requests with ENXIO just like is
      done when the geom_vfs is orphaned. In both cases, the file system
      code can just clear the error and proceed with the forcible unmount.
      
      This new treatment of I/O errors is needed for writes of any buffer
      that is involved in a dependency. Most dependencies are described
      by a structure attached to the buffer's b_dep field. But some are
      created and processed as a result of the completion of the dependencies
      attached to the buffer.
      
      Clearing of some dependencies require a read. For example if there
      is a dependency that requires an inode to be written, the disk block
      containing that inode must be read, the updated inode copied into
      place in that buffer, and the buffer then written back to disk.
      
      Often the needed buffer is already in memory and can be used. But
      if it needs to be read from the disk, the read will fail, so we
      fabricate a buffer full of zeroes and pretend that the read succeeded.
      This zero'ed buffer can be updated and written back to disk.
      
      The only case where a buffer full of zeros causes the code to do
      the wrong thing is when reading an inode buffer containing an inode
      that still has an inode dependency in memory that will reinitialize
      the effective link count (i_effnlink) based on the actual link count
      (i_nlink) that we read. To handle this case we now store the i_nlink
      value that we wrote in the inode dependency so that it can be
      restored into the zero'ed buffer thus keeping the tracking of the
      inode link count consistent.
      
      Because applications depend on knowing when an attempt to write
      their data to stable storage has failed, the fsync(2) and msync(2)
      system calls need to return errors if data fails to be written to
      stable storage. So these operations return ENXIO for every call
      made on files in a file system where we have otherwise been ignoring
      I/O errors.
      
      Coauthered by: mckusick
      Reviewed by:   kib
      Tested by:     Peter Holm
      Approved by:   mckusick (mentor)
      Sponsored by:  Netflix
      Differential Revision:  https://reviews.freebsd.org/D24088
      d79ff54b
    • John Baldwin's avatar
      Update sec(4) for separate output buffers changes in r361481. · b02676a2
      John Baldwin authored
      This does not add support for separate output buffers but updates the
      driver to cope with the changes.
      
      Pointy hat to:	jhb
      b02676a2
    • John Baldwin's avatar
      Update cesa(4) for separate output buffers changes in r361481. · 72d874fa
      John Baldwin authored
      This does not add support for separate output buffers but updates the
      driver to cope with the changes.
      
      Pointy hat to:	jhb
      72d874fa
    • John Baldwin's avatar
      23230d52
    • John Baldwin's avatar
      Expand coverage of different buffer sizes. · 7d50aff0
      John Baldwin authored
      - When -z is used, include small buffers from 1 to 32 bytes to test
        stream ciphers.  Note that while AES-XTS claims to support a block
        size of 1 in OpenSSL, it does require a minimum of 1 block of cipher
        text as it is not a stream cipher but depends on CTS to pad out the
        final partial block.
      
      - Permit multiple AAD sizes to be set via multiple -A options, or via
        -z.  When -z is set, use small buffers from 0 to 32 bytes followed
        by powers of 2 up to 256.  When multiple sizes are specified, the
        ETA and AEAD algorithms perform the full matrix of AAD sizes by
        payload sizes.
      
      - Only warn on unchanged ciphertext instead of erroring.  The
        currently generated plaintext and key for a couple of AES-CTR tests
        with a buffer size of 1 results in ciphertext that matches the
        plaintext.
      
      Reviewed by:	cem
      Sponsored by:	Netflix
      Differential Revision:	https://reviews.freebsd.org/D25006
      7d50aff0
    • Adrian Chadd's avatar
      [ath] [ath_hal] Propagate the HAL_RESET_TYPE through to the chip reset; set it during ath_reset() · 8c01c3dc
      Adrian Chadd authored
      Although I added the reset type field to ath_hal_reset() years ago,
      I never finished adding it both throughout the HALs and in if_ath.c.
      
      This will eventually deprecate the ath_hal force_full_reset option
      because it can be requested at the driver layer.
      
      So:
      
      * Teach ar5416ChipReset() and ar9300_chip_reset() about the HAL type
      * Use it in ar5416Reset() and ar9300_reset() when doing a full chip reset
      * Extend ath_reset() to include the HAL_RESET_TYPE parameter added in the above functions
      * Use HAL_RESET_NORMAL in most calls to ath_reset()
      * .. but use HAL_RESET_BBPANIC for the BB panics, and HAL_RESET_FORCE_COLD during fatal, beacon miss and other hardware related hangs.
      
      This should be a glorified no-op outside of actual hardware issues.
      I've tested things with ath_hal force_full_reset set to 1 for years now,
      so I know that feature and a full reset works (albeit much slower than
      a warm reset!) and it does unwedge hardware.
      
      The eventual aim is to use this for all the places where the driver
      detects a potential hang as well as if long calibration - ie, noise floor
      calibration - fails to complete. That's one of the big hardware related
      things that causes station mode operation to hang without easy recovery.
      
      Differential Revision:	https://reviews.freebsd.org/D24981
      8c01c3dc
    • John Baldwin's avatar
      Support separate output buffers for aesni(4). · a639f937
      John Baldwin authored
      The backend routines aesni(4) call for specific encryption modes all
      expect virtually contiguous input/output buffers.  If the existing
      output buffer is virtually contiguous, always write to the output
      buffer directly from the mode-specific routines.  If the output buffer
      is not contiguous, then a temporary buffer is allocated whose output
      is then copied to the output buffer.  If the input buffer is not
      contiguous, then the existing buffer used to hold the input is also
      used to hold temporary output.
      
      Sponsored by:	Netflix
      Differential Revision:	https://reviews.freebsd.org/D24545
      a639f937
    • John Baldwin's avatar
      Support separate output buffers in ccr(4). · 2adc3c94
      John Baldwin authored
      Sponsored by:	Netflix
      Differential Revision:	https://reviews.freebsd.org/D24545
      2adc3c94
    • John Baldwin's avatar
      Add a sysctl knob to use separate output buffers for /dev/crypto. · ba63e5e7
      John Baldwin authored
      This is a testing aid to permit using testing a driver's support of
      separate output buffers via cryptocheck.
      
      Sponsored by:	Netflix
      Differential Revision:	https://reviews.freebsd.org/D24545
      ba63e5e7
    • John Baldwin's avatar
      Export the _kern_crypto sysctl node from crypto.c. · 33f3bad3
      John Baldwin authored
      Sponsored by:	Netflix
      Differential Revision:	https://reviews.freebsd.org/D24545
      33f3bad3
    • John Baldwin's avatar
      Add support for optional separate output buffers to in-kernel crypto. · 9c0e3d3a
      John Baldwin authored
      Some crypto consumers such as GELI and KTLS for file-backed sendfile
      need to store their output in a separate buffer from the input.
      Currently these consumers copy the contents of the input buffer into
      the output buffer and queue an in-place crypto operation on the output
      buffer.  Using a separate output buffer avoids this copy.
      
      - Create a new 'struct crypto_buffer' describing a crypto buffer
        containing a type and type-specific fields.  crp_ilen is gone,
        instead buffers that use a flat kernel buffer have a cb_buf_len
        field for their length.  The length of other buffer types is
        inferred from the backing store (e.g. uio_resid for a uio).
        Requests now have two such structures: crp_buf for the input buffer,
        and crp_obuf for the output buffer.
      
      - Consumers now use helper functions (crypto_use_*,
        e.g. crypto_use_mbuf()) to configure the input buffer.  If an output
        buffer is not configured, the request still modifies the input
        buffer in-place.  A consumer uses a second set of helper functions
        (crypto_use_output_*) to configure an output buffer.
      
      - Consumers must request support for separate output buffers when
        creating a crypto session via the CSP_F_SEPARATE_OUTPUT flag and are
        only permitted to queue a request with a separate output buffer on
        sessions with this flag set.  Existing drivers already reject
        sessions with unknown flags, so this permits drivers to be modified
        to support this extension without requiring all drivers to change.
      
      - Several data-related functions now have matching versions that
        operate on an explicit buffer (e.g. crypto_apply_buf,
        crypto_contiguous_subsegment_buf, bus_dma_load_crp_buf).
      
      - Most of the existing data-related functions operate on the input
        buffer.  However crypto_copyback always writes to the output buffer
        if a request uses a separate output buffer.
      
      - For the regions in input/output buffers, the following conventions
        are followed:
        - AAD and IV are always present in input only and their
          fields are offsets into the input buffer.
        - payload is always present in both buffers.  If a request uses a
          separate output buffer, it must set a new crp_payload_start_output
          field to the offset of the payload in the output buffer.
        - digest is in the input buffer for verify operations, and in the
          output buffer for compute operations.  crp_digest_start is relative
          to the appropriate buffer.
      
      - Add a crypto buffer cursor abstraction.  This is a more general form
        of some bits in the cryptosoft driver that tried to always use uio's.
        However, compared to the original code, this avoids rewalking the uio
        iovec array for requests with multiple vectors.  It also avoids
        allocate an iovec array for mbufs and populating it by instead walking
        the mbuf chain directly.
      
      - Update the cryptosoft(4) driver to support separate output buffers
        making use of the cursor abstraction.
      
      Sponsored by:	Netflix
      Differential Revision:	https://reviews.freebsd.org/D24545
      9c0e3d3a
    • Conrad Meyer's avatar
      copystr(9): Move to deprecate (attempt #2) · 852c303b
      Conrad Meyer authored
      This reapplies logical r360944 and r360946 (reverting r360955), with fixed
      copystr() stand-in replacement macro.  Eventually the goal is to convert
      consumers and kill the macro, but for a first step it helps if the macro is
      correct.
      
      Prior commit message:
      
      Unlike the other copy*() functions, it does not serve to copy from one
      address space to another or protect against potential faults.  It's just
      an older incarnation of the now-more-common strlcpy().
      
      Add a coccinelle script to tools/ which can be used to mechanically
      convert existing instances where replacement with strlcpy is trivial.
      In the two cases which matched, fuse_vfsops.c and union_vfsops.c, the
      code was further refactored manually to simplify.
      
      Replace the declaration of copystr() in systm.h with a small macro
      wrapper around strlcpy (with correction from brooks@ -- thanks).
      
      Remove N redundant MI implementations of copystr.  For MIPS, this
      entailed inlining the assembler copystr into the only consumer,
      copyinstr, and making the latter a leaf function.
      
      Reviewed by:		jhb (earlier version)
      Discussed with:		brooks (thanks!)
      Differential Revision:	https://reviews.freebsd.org/D24672
      852c303b
    • Marcin Wojtas's avatar
      Introduce a driver for NXP LS1046A SoC AHCI. · 9085d7d6
      Marcin Wojtas authored
      Implement support for AHCI controller found in
      NXP QorIQ Layerscape SoCs.
      
      Submitted by: Artur Rojek <ar@semihalf.com>
      Reviewed by: manu
      Obtained from: Semihalf
      Sponsored by: Alstom Group
      Differential Revision: https://reviews.freebsd.org/D24466
      9085d7d6
    • Marcin Wojtas's avatar
      Introduce support for Epson RX-8803 RTC. · d97d8385
      Marcin Wojtas authored
      This patch introduces support for Epson RX-8803 RTC controller accessible
      over I2C bus. It has a resolution of 1 sec.
      Support for interrupt based alarm was not implemented.
      
      Submitted by: Kornel Duleba <mindal@semihalf.com>
      Reviewed by: manu
      Obtained from: Semihalf
      Sponsored by: Alstom Group
      Differential Revision: https://reviews.freebsd.org/D24364
      d97d8385
    • Marcin Wojtas's avatar
      Add TCA6416 GPIO expander support. · 7187cccc
      Marcin Wojtas authored
      Add basic TCA6416 GPIO expander support over I2C bus. The driver handles
      enabling and disabling pins, setting pin mode to IN and OUT and
      toggling the pins. External interrupts are not supported.
      
      Submitted by: Dawid Gorecki <dgr@semihalf.com>
      Reviewed by: manu, mmel
      Obtained from: Semihalf
      Sponsored by: Alstom Group
      Differential Revision: https://reviews.freebsd.org/D24363
      7187cccc
    • Marcin Wojtas's avatar
      Introduce VF610 I2C controller support. · 1e6005d8
      Marcin Wojtas authored
      NXP LS1046A contains I2C controller compatible with Vybrid VF610.
      Existing Vybrid MVF600 driver can be used to support it. For that purpose
      declare driver as ofw_iicbus and add methods associated with ofw_iicbus.
      
      For VF610 add dynamic clock prescaler calculation using clock information
      from clock driver and clock frequency requested in device tree.
      
      On the occasion add detach function and add additional error handling
      in i2c_attach function.
      
      Submitted by: Dawid Gorecki <dgr@semihalf.com>
      Reviewed by: manu
      Obtained from: Semihalf
      Sponsored by: Alstom Group
      Differential Revision: https://reviews.freebsd.org/D24361
      1e6005d8
    • Marcin Wojtas's avatar
      Add GPIO support for QorIQ boards. · a5dfa67d
      Marcin Wojtas authored
      This patch adds a GPIO controller support targeted for NXP LS1046A
      SoC. The driver implements the following features:
       * setting direction of each pin (IN or OUT)
       * setting the mode of output pins (PUSHPULL or OPENDRAIN)
       * setting the state of each output pin (1 or 0)
       * reading the state of each input pin (1 or 0)
      
      Submitted by: Kamil Koczurek <kek@semihalf.com>
                    Dawid Gorecki <dgr@semihalf.com>
      Reviewed by: manu
      Obtained from: Semihalf
      Sponsored by: Alstom Group
      Differential Revision: https://reviews.freebsd.org/D24353
      a5dfa67d
    • Marcin Wojtas's avatar
      Add LS1046A clockgen driver. · eacff8a2
      Marcin Wojtas authored
      Driver provides probe and attach functions for LS1046A clockgen and passes
      configuration information to QorIQ clockgen class. It may be used as
      a reference implementation for different QorIQ clockgen devices.
      
      Submitted by: Dawid Gorecki <dgr@semihalf.com>
      Reviewed by: mmel, manu
      Obtained from: Semihalf
      Sponsored by: Alstom Group
      Differential Revision: https://reviews.freebsd.org/D24352
      eacff8a2
    • Marcin Wojtas's avatar
      Add QorIQ platform clockgen driver. · b8cb0864
      Marcin Wojtas authored
      This patch adds classes and functions that can be used with various NXP
      QorIQ Layerscape SoCs.
      
      As for the clock topology - there is single platform PLL, which supplies
      clocks for the peripheral bus and additional PLLs for CPU cores. There
      can be multiple core PLLs (For example - LS1046A has two PLLs - CGAPLL1
      and CGAPLL2). Each PLL has fixed dividers on output. The core PLLs
      are not accessible from dts.
      
      This is a preparation patch for NXP LS1046A SoC support.
      
      Submitted by: Dawid Gorecki <dgr@semihalf.com>
      Reviewed by: mmel
      Obtained from: Semihalf
      Sponsored by: Alstom Group
      Differential Revision: https://reviews.freebsd.org/D24351
      b8cb0864
    • Emmanuel Vadot's avatar
      linuxkpi: Fix mod_timer and del_timer_sync · 42f0f394
      Emmanuel Vadot authored
      mod_timer is supposed to return 1 if the modified timer was pending, which
      is exactly what callout_reset does so return the value after checking
      that it's a correct one in case the api change.
      del_timer_sync returns int so add a function and handle that.
      
      Reviewed by:	hselasky
      Differential Revision:	https://reviews.freebsd.org/D24983
      42f0f394
    • Emmanuel Vadot's avatar
      linuxkpi: Add refcount.h · 4efd5dd7
      Emmanuel Vadot authored
      Implement some refcount functions needed by drm.
      Just use the atomic_t struct and functions from linuxkpi for simplicity.
      
      Sponsored-by: The FreeBSD Foundation
      
      Reviewed by:	hselsasky
      Differential Revision:	https://reviews.freebsd.org/D24985
      4efd5dd7
    • Emmanuel Vadot's avatar
      linuxkpi: Add __same_type and __must_be_array macros · 93d70cd3
      Emmanuel Vadot authored
      The same_type macro simply wraps around builtin_types_compatible_p which
      exist for both GCC and CLANG, which returns 1 if both types are the same.
      The __must_be_array macros returns 1 if the argument is an array.
      
      This is needed for DRM v5.3
      
      Sponsored-by: The FreeBSD Foundation
      Reviewed by:	hselasky
      Differential Revision:	https://reviews.freebsd.org/D24953
      93d70cd3
    • Mateusz Guzik's avatar
      5a90435c
    • Hans Petter Selasky's avatar
      Improve set progress parameters, SET PSV for HW TLS in mlx5en(4). · ce69b842
      Hans Petter Selasky authored
      There is no need for a fence and there is no need to provide
      the TCP sequence number.
      
      Sponsored by:	Mellanox Technologies
      ce69b842
    • Hans Petter Selasky's avatar
      Correctly set the initial vector for TLS v1.3 for mlx5en(4). · 233a6665
      Hans Petter Selasky authored
      For TLS v1.3 the 12 bytes of the initial vector, IV, should just be copied
      as-is from the kernel to the gcm_iv field, which hold the first 4 bytes,
      and the remaining 8 bytes go to the subsequent implicit_iv field.
      There is no need to consider the byte order on the 12 bytes of IV like
      initially done.
      
      Sponsored by:	Mellanox Technologies
      233a6665
    • Hans Petter Selasky's avatar
      Update the TLS capability bit after recent PRM changes in mlx5en(4). · 9550e340
      Hans Petter Selasky authored
      A CX6-DX firmware version equal to or newer than 12.27.0372 is
      now required.
      
      Sponsored by:	Mellanox Technologies
      9550e340
    • Murray Stokely's avatar
      Add example usage for formatting a floppy disk. Adding a more self · e0524746
      Murray Stokely authored
      contained example here in the fdformat man page will allow us to
      modernize and streamline the FreeBSD Handbook by cutting out some of
      this legacy material.
      
      While here, address some other minor grammatical nits in this man page.
      
      Reviewed by:	bcr (mentor)
      Approved by:	bcr (mentor)
      MFC after:	2 weeks
      Differential Revision:	https://reviews.freebsd.org/D24971
      e0524746
    • Peter Grehan's avatar
      Fix pci-passthru MSI issues with OpenBSD guests · 21368498
      Peter Grehan authored
      - Return 2 x 16-bit registers in the correct byte order
       for a 4-byte read that spans the CMD/STATUS register.
        This reversal was hiding the capabilities-list, which prevented
       the MSI capability from being found for XHCI passthru.
      
      - Reorganize MSI/MSI-x config writes so that a 4-byte write at the
       capability offset would have the read-only portion skipped.
        This prevented MSI interrupts from being enabled.
      
       Reported and extensively tested by Anatoli (me at anatoli dot ws)
      
      PR:	245392
      Reported by:	Anatoli (me at anatoli dot ws)
      Reviewed by:	jhb (bhyve)
      Approved by:	jhb, bz (mentor)
      MFC after:	1 week
      Differential Revision:	https://reviews.freebsd.org/D24951
      21368498
    • Mateusz Guzik's avatar
      vfs: use atomic_{store,load}_long to manage f_offset · e3d16bb6
      Mateusz Guzik authored
      ... instead of depending on the compiler not to mess them up
      e3d16bb6
    • Mateusz Guzik's avatar
      vfs: restore mtx-protected foffset locking for 32 bit platforms · 442e617f
      Mateusz Guzik authored
      They depend on it to accurately read the offset.
      
      The new code is not used as it would add an interrupt enable/disable
      trip on top of the atomic.
      
      This also fixes a bug where 32-bit nolock request would still lock the offset.
      
      No changes for 64-bit.
      
      Reported by:	emaste
      442e617f
    • Alan Somers's avatar
      [skip ci] ip.4: fix typos · b5aac3ea
      Alan Somers authored
      MFC after:	2 weeks
      b5aac3ea
  2. 24 May, 2020 4 commits
    • Cy Schubert's avatar
      Chase r361344. Update unbound version strings. · 9d8dfbc3
      Cy Schubert authored
      Reported by:	mike tancsa <mike@sentex.net>
      MFC after:	1 day
      9d8dfbc3
    • Ed Maste's avatar
      Make i386 memstick images bootable. · 05f23474
      Ed Maste authored
      This reverts the i386 part of r342283, "Rework UEFI ESP generation", and
      the followup commit in r342690.
      
      r342283 added an ESP to the i386 memstick image, and as a side effect
      made the ESP the active partition, not the bootcode-containing UFS
      partition.  As a result the i386 memstick images would not boot in
      either UEFI or legacy mode - UEFI failed because we do not support i386
      UEFI booting, and legacy mode failed because the partition with legacy
      bootcode was not active.
      
      The bootcode-containing UFS partition is again the only, and active,
      partition.
      
      PR:		246494
      Reported by:	Jorge Maidana
      Differential Revision:	The FreeBSD Foundation
      05f23474
    • Andriy Gapon's avatar
      libprocstat: try to fix fallout from r361363 · 56e8cb87
      Andriy Gapon authored
      The revision caused libprocstat to have two undefined symbols:
      - __start_set_pcpu
      - __stop_set_pcpu
      probably because of __GLOBL() used in sys/pcpu.h under _KERNEL.
      The symbols are not accessed by anything and the linker in base does not
      complain about them, but some ports are failing to build.
      Hack around the problem by providing definitions for those symbols.
      
      Probably there is a better solution, but I could not think of it yet.
      
      Reported by:	zeising
      MFC after:	3 days
      X-MFC with:	r361363
      Sponsored by:	Panzura
      56e8cb87
    • Mateusz Guzik's avatar
      vfs: scale foffset_lock by using atomics instead of serializing on mtx pool · 3fc40153
      Mateusz Guzik authored
      Contending cases still serialize on sleepq (which would be taken anyway).
      
      Reviewed by:	kib (previous version)
      Differential Revision:	https://reviews.freebsd.org/D21626
      3fc40153
  3. 23 May, 2020 5 commits