src/sys/opencrypto/cryptodev.c, branch releng/8.0 FreeBSD source tree Fix cryptodev UIO creation. 2009-05-23T13:23:46+00:00 Rafal Jaworowski raj@FreeBSD.org 2009-05-23T13:23:46+00:00 ae184a6a7da0cbe989be569657448e1220839e86 Cryptodev uses UIO structure do get data from userspace and pass it to cryptographic engines. Initially UIO size is equal to size of data passed to engine, but if UIO is prepared for hash calculation an additional small space is created to hold result of operation. While creating space for the result, UIO I/O vector size is correctly extended, but uio_resid field in UIO structure is not modified. As bus_dma code uses uio_resid field to determine size of UIO DMA mapping, resulting mapping hasn't correct size. This leads to a crash if all the following conditions are met: 1. Hardware cryptographic accelerator writes result of hash operation using DMA. 2. Size of input data is less or equal than (n * PAGE_SIZE), 3. Size of input data plus size of hash result is grather than (n * PAGE_SIZE, where n is the same as in point 2. This patch fixes this problem by adding size of the extenstion to uio_resid field in UIO structure. Submitted by: Piotr Ziecik kosmo ! semihalf dot com Reviewed by: philip Obtained from: Semihalf 
Cryptodev uses UIO structure do get data from userspace and pass it to
cryptographic engines. Initially UIO size is equal to size of data passed to
engine, but if UIO is prepared for hash calculation an additional small space
is created to hold result of operation.

While creating space for the result, UIO I/O vector size is correctly
extended, but uio_resid field in UIO structure is not modified.

As bus_dma code uses uio_resid field to determine size of UIO DMA mapping,
resulting mapping hasn't correct size. This leads to a crash if all the
following conditions are met:

     1. Hardware cryptographic accelerator writes result of hash operation
        using DMA.
     2. Size of input data is less or equal than (n * PAGE_SIZE),
     3. Size of input data plus size of hash result is grather than
        (n * PAGE_SIZE, where n is the same as in point 2.

This patch fixes this problem by adding size of the extenstion to uio_resid
field in UIO structure.

Submitted by:	Piotr Ziecik kosmo ! semihalf dot com
Reviewed by:	philip
Obtained from:	Semihalf
Fix a number of style issues in the MALLOC / FREE commit. I've tried to 2008-10-23T20:26:15+00:00 Dag-Erling Smørgrav des@FreeBSD.org 2008-10-23T20:26:15+00:00 e11e3f187d4a8c39f0e06dfdba09881354cbbf56 be careful not to fix anything that was already broken; the NFSv4 code is particularly bad in this respect. 
be careful not to fix anything that was already broken; the NFSv4 code is
particularly bad in this respect.
Retire the MALLOC and FREE macros. They are an abomination unto style(9). 2008-10-23T15:53:51+00:00 Dag-Erling Smørgrav des@FreeBSD.org 2008-10-23T15:53:51+00:00 1ede983cc905643549d8cae56a9d0e28fc68375f MFC after: 3 months 
MFC after:	3 months
Make ftruncate a 'struct file' operation rather than a vnode operation. 2008-01-07T20:05:19+00:00 John Baldwin jhb@FreeBSD.org 2008-01-07T20:05:19+00:00 e46502943ac1471d7e3718557de87b17265985fe This makes it possible to support ftruncate() on non-vnode file types in the future. - 'struct fileops' grows a 'fo_truncate' method to handle an ftruncate() on a given file descriptor. - ftruncate() moves to kern/sys_generic.c and now just fetches a file object and invokes fo_truncate(). - The vnode-specific portions of ftruncate() move to vn_truncate() in vfs_vnops.c which implements fo_truncate() for vnode file types. - Non-vnode file types return EINVAL in their fo_truncate() method. Submitted by: rwatson 
This makes it possible to support ftruncate() on non-vnode file types in
the future.
- 'struct fileops' grows a 'fo_truncate' method to handle an ftruncate() on
  a given file descriptor.
- ftruncate() moves to kern/sys_generic.c and now just fetches a file
  object and invokes fo_truncate().
- The vnode-specific portions of ftruncate() move to vn_truncate() in
  vfs_vnops.c which implements fo_truncate() for vnode file types.
- Non-vnode file types return EINVAL in their fo_truncate() method.

Submitted by:	rwatson
Remove explicit locking of struct file. 2007-12-30T01:42:15+00:00 Jeff Roberson jeff@FreeBSD.org 2007-12-30T01:42:15+00:00 397c19d1753d210247d77eb3ca33d1c7c1eb2fa9 - Introduce a finit() which is used to initailize the fields of struct file in such a way that the ops vector is only valid after the data, type, and flags are valid. - Protect f_flag and f_count with atomic operations. - Remove the global list of all files and associated accounting. - Rewrite the unp garbage collection such that it no longer requires the global list of all files and instead uses a list of all unp sockets. - Mark sockets in the accept queue so we don't incorrectly gc them. Tested by: kris, pho 
 - Introduce a finit() which is used to initailize the fields of struct file
   in such a way that the ops vector is only valid after the data, type,
   and flags are valid.
 - Protect f_flag and f_count with atomic operations.
 - Remove the global list of all files and associated accounting.
 - Rewrite the unp garbage collection such that it no longer requires
   the global list of all files and instead uses a list of all unp sockets.
 - Mark sockets in the accept queue so we don't incorrectly gc them.

Tested by:	kris, pho
Deny attempt to malloc unbounded amount of the memory. 2007-10-08T20:08:34+00:00 Konstantin Belousov kib@FreeBSD.org 2007-10-08T20:08:34+00:00 1649bbbb94899fbdf2aace982f2091fe1bea4677 Convert malloc()/bzero() to malloc(M_ZERO). Obtained from: OpenBSD MFC after: 3 days Approved by: re (kensmith) 
Convert malloc()/bzero() to malloc(M_ZERO).

Obtained from:  OpenBSD
MFC after:      3 days
Approved by:    re (kensmith)
Integrate the Camellia Block Cipher. For more information see RFC 4132 2007-05-09T19:37:02+00:00 George V. Neville-Neil gnn@FreeBSD.org 2007-05-09T19:37:02+00:00 559d3390d07890da9ca8ad6427f1ae7df7a9257a and its bibliography. Submitted by: Tomoyuki Okazaki <okazaki at kick dot gr dot jp> MFC after: 1 month 
and its bibliography.

Submitted by:   Tomoyuki Okazaki <okazaki at kick dot gr dot jp>
MFC after:      1 month
Replace custom file descriptor array sleep lock constructed using a mutex 2007-04-04T09:11:34+00:00 Robert Watson rwatson@FreeBSD.org 2007-04-04T09:11:34+00:00 5e3f7694b189584ae30219566fcc6c4c3d059305 and flags with an sxlock. This leads to a significant and measurable performance improvement as a result of access to shared locking for frequent lookup operations, reduced general overhead, and reduced overhead in the event of contention. All of these are imported for threaded applications where simultaneous access to a shared file descriptor array occurs frequently. Kris has reported 2x-4x transaction rate improvements on 8-core MySQL benchmarks; smaller improvements can be expected for many workloads as a result of reduced overhead. - Generally eliminate the distinction between "fast" and regular acquisisition of the filedesc lock; the plan is that they will now all be fast. Change all locking instances to either shared or exclusive locks. - Correct a bug (pointed out by kib) in fdfree() where previously msleep() was called without the mutex held; sx_sleep() is now always called with the sxlock held exclusively. - Universally hold the struct file lock over changes to struct file, rather than the filedesc lock or no lock. Always update the f_ops field last. A further memory barrier is required here in the future (discussed with jhb). - Improve locking and reference management in linux_at(), which fails to properly acquire vnode references before using vnode pointers. Annotate improper use of vn_fullpath(), which will be replaced at a future date. In fcntl(), we conservatively acquire an exclusive lock, even though in some cases a shared lock may be sufficient, which should be revisited. The dropping of the filedesc lock in fdgrowtable() is no longer required as the sxlock can be held over the sleep operation; we should consider removing that (pointed out by attilio). Tested by: kris Discussed with: jhb, kris, attilio, jeff 
and flags with an sxlock.  This leads to a significant and measurable
performance improvement as a result of access to shared locking for
frequent lookup operations, reduced general overhead, and reduced overhead
in the event of contention.  All of these are imported for threaded
applications where simultaneous access to a shared file descriptor array
occurs frequently.  Kris has reported 2x-4x transaction rate improvements
on 8-core MySQL benchmarks; smaller improvements can be expected for many
workloads as a result of reduced overhead.

- Generally eliminate the distinction between "fast" and regular
  acquisisition of the filedesc lock; the plan is that they will now all
  be fast.  Change all locking instances to either shared or exclusive
  locks.

- Correct a bug (pointed out by kib) in fdfree() where previously msleep()
  was called without the mutex held; sx_sleep() is now always called with
  the sxlock held exclusively.

- Universally hold the struct file lock over changes to struct file,
  rather than the filedesc lock or no lock.  Always update the f_ops
  field last. A further memory barrier is required here in the future
  (discussed with jhb).

- Improve locking and reference management in linux_at(), which fails to
  properly acquire vnode references before using vnode pointers.  Annotate
  improper use of vn_fullpath(), which will be replaced at a future date.

In fcntl(), we conservatively acquire an exclusive lock, even though in
some cases a shared lock may be sufficient, which should be revisited.
The dropping of the filedesc lock in fdgrowtable() is no longer required
as the sxlock can be held over the sleep operation; we should consider
removing that (pointed out by attilio).

Tested by:	kris
Discussed with:	jhb, kris, attilio, jeff
Overhaul driver/subsystem api's: 2007-03-21T03:42:51+00:00 Sam Leffler sam@FreeBSD.org 2007-03-21T03:42:51+00:00 6810ad6f2aeb6f6076d535c55a3e58f4b3358e79 o make all crypto drivers have a device_t; pseudo drivers like the s/w crypto driver synthesize one o change the api between the crypto subsystem and drivers to use kobj; cryptodev_if.m defines this api o use the fact that all crypto drivers now have a device_t to add support for specifying which of several potential devices to use when doing crypto operations o add new ioctls that allow user apps to select a specific crypto device to use (previous ioctls maintained for compatibility) o overhaul crypto subsystem code to eliminate lots of cruft and hide implementation details from drivers o bring in numerous fixes from Michale Richardson/hifn; mostly for 795x parts o add an optional mechanism for mmap'ing the hifn 795x public key h/w to user space for use by openssl (not enabled by default) o update crypto test tools to use new ioctl's and add cmd line options to specify a device to use for tests These changes will also enable much future work on improving the core crypto subsystem; including proper load balancing and interposing code between the core and drivers to dispatch small operations to the s/w driver as appropriate. These changes were instigated by the work of Michael Richardson. Reviewed by: pjd Approved by: re 
o make all crypto drivers have a device_t; pseudo drivers like the s/w
  crypto driver synthesize one
o change the api between the crypto subsystem and drivers to use kobj;
  cryptodev_if.m defines this api
o use the fact that all crypto drivers now have a device_t to add support
  for specifying which of several potential devices to use when doing
  crypto operations
o add new ioctls that allow user apps to select a specific crypto device
  to use (previous ioctls maintained for compatibility)
o overhaul crypto subsystem code to eliminate lots of cruft and hide
  implementation details from drivers
o bring in numerous fixes from Michale Richardson/hifn; mostly for
  795x parts
o add an optional mechanism for mmap'ing the hifn 795x public key h/w
  to user space for use by openssl (not enabled by default)
o update crypto test tools to use new ioctl's and add cmd line options
  to specify a device to use for tests

These changes will also enable much future work on improving the core
crypto subsystem; including proper load balancing and interposing code
between the core and drivers to dispatch small operations to the s/w
driver as appropriate.

These changes were instigated by the work of Michael Richardson.

Reviewed by:	pjd
Approved by:	re
Fix usage of HMAC algorithms via /dev/crypto. 2006-05-22T16:24:11+00:00 Pawel Jakub Dawidek pjd@FreeBSD.org 2006-05-22T16:24:11+00:00 cd80523efcf31d123f711bfce61a621ec80dc09d