Commit Graph

374 Commits

Author SHA1 Message Date
Alexander V. Chernikov b948693357 Convert route caching to nexthop caching.
This change is build on top of nexthop objects introduced in r359823.

Nexthops are separate datastructures, containing all necessary information
 to perform packet forwarding such as gateway interface and mtu. Nexthops
 are shared among the routes, providing more pre-computed cache-efficient
 data while requiring less memory. Splitting the LPM code and the attached
 data solves multiple long-standing problems in the routing layer,
 drastically reduces the coupling with outher parts of the stack and allows
 to transparently introduce faster lookup algorithms.

Route caching was (re)introduced to minimise (slow) routing lookups, allowing
 for notably better performance for large TCP senders. Caching works by
 acquiring rtentry reference, which is protected by per-rtentry mutex.
 If the routing table is changed (checked by comparing the rtable generation id)
 or link goes down, cache record gets withdrawn.

Nexthops have the same reference counting interface, backed by refcount(9).
This change merely replaces rtentry with the actual forwarding nextop as a
 cached object, which is mostly mechanical. Other moving parts like cache
 cleanup on rtable change remains the same.

Differential Revision:	https://reviews.freebsd.org/D24340
2022-07-11 11:52:46 +02:00
Jonathan T. Looney 09e5cb57a0 Make the path length of UNIX domain sockets
specified by a #define. Also, add a comment describing the historical context
for this length.

Reviewed by:	bz, jhb, kbowling (previous version)
MFC after:	2 weeks
Sponsored by:	Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D24272
2022-07-11 11:52:46 +02:00
Alexander V. Chernikov 86484e84d7 Introduce nexthop objects and new routing KPI.
This is the foundational change for the routing subsytem rearchitecture.
 More details and goals are available in https://reviews.freebsd.org/D24141 .

This patch introduces concept of nexthop objects and new nexthop-based
 routing KPI.

Nexthops are objects, containing all necessary information for performing
 the packet output decision. Output interface, mtu, flags, gw address goes
 there. For most of the cases, these objects will serve the same role as
 the struct rtentry is currently serving.
Typically there will be low tens of such objects for the router even with
 multiple BGP full-views, as these objects will be shared between routing
 entries. This allows to store more information in the nexthop.

New KPI:

struct nhop_object *fib4_lookup(uint32_t fibnum, struct in_addr dst,
  uint32_t scopeid, uint32_t flags, uint32_t flowid);
struct nhop_object *fib6_lookup(uint32_t fibnum, const struct in6_addr *dst6,
  uint32_t scopeid, uint32_t flags, uint32_t flowid);

These 2 function are intended to replace all all flavours of
 <in_|in6_>rtalloc[1]<_ign><_fib>, mpath functions  and the previous
 fib[46]-generation functions.

Upon successful lookup, they return nexthop object which is guaranteed to
 exist within current NET_EPOCH. If longer lifetime is desired, one can
 specify NHR_REF as a flag and get a referenced version of the nexthop.
 Reference semantic closely resembles rtentry one, allowing sed-style conversion.

Additionally, another 2 functions are introduced to support uRPF functionality
 inside variety of our firewalls. Their primary goal is to hide the multipath
 implementation details inside the routing subsystem, greatly simplifying
 firewalls implementation:

int fib4_lookup_urpf(uint32_t fibnum, struct in_addr dst, uint32_t scopeid,
  uint32_t flags, const struct ifnet *src_if);
int fib6_lookup_urpf(uint32_t fibnum, const struct in6_addr *dst6, uint32_t scopeid,
  uint32_t flags, const struct ifnet *src_if);

All functions have a separate scopeid argument, paving way to eliminating IPv6 scope
 embedding and allowing to support IPv4 link-locals in the future.

Structure changes:
 * rtentry gets new 'rt_nhop' pointer, slightly growing the overall size.
 * rib_head gets new 'rnh_preadd' callback pointer, slightly growing overall sz.

Old KPI:
During the transition state old and new KPI will coexists. As there are another 4-5
 decent-sized conversion patches, it will probably take a couple of weeks.
To support both KPIs, fields not required by the new KPI (most of rtentry) has to be
 kept, resulting in the temporary size increase.
Once conversion is finished, rtentry will notably shrink.

More details:
* architectural overview: https://reviews.freebsd.org/D24141
* list of the next changes: https://reviews.freebsd.org/D24232

Reviewed by:	ae,glebius(initial version)
Differential Revision:	https://reviews.freebsd.org/D24232
2022-07-11 11:52:46 +02:00
Gleb Smirnoff f3303cf1d5 Although most of the NIC drivers are epoch ready,
due to peer pressure switch over to opt-in instead of opt-out for epoch.

Instead of IFF_NEEDSEPOCH, provide IFF_KNOWSEPOCH. If driver marks
itself with IFF_KNOWSEPOCH, then ether_input() would not enter epoch
when processing its packets.

Now this will create recursive entrance in epoch in >90% network
drivers, but will guarantee safeness of the transition.

Mark several tested drivers as IFF_KNOWSEPOCH.

Reviewed by:		hselasky, jeff, bz, gallatin
Differential Revision:	https://reviews.freebsd.org/D23674
2022-07-11 11:52:46 +02:00
Randall Stewart 0dfcaa0211 White space cleanup --
remove trailing tab's or spaces from any line.

Sponsored by:	Netflix Inc.
2022-07-11 11:52:46 +02:00
Gleb Smirnoff 301991542a Introduce flag IFF_NEEDSEPOCH
that marks Ethernet interfaces that supposedly may call into ether_input()
without network epoch.

They all need to be reviewed before 13.0-RELEASE.  Some may need
be fixed.  The flag is not planned to be used in the kernel for
a long time.
2022-07-11 11:52:46 +02:00
Michael Tuexen ebbb6536b7 Add flags for upcoming patches related to improved ECN handling.
No functional change.

Submitted by: Richard Scheffenegger
Reviewed by: rgrimes@, tuexen@
Differential Revision: https://reviews.freebsd.org/D22429
2022-07-11 11:52:46 +02:00
Edward Tomasz Napierala 0c4d87ca5f Make use of the stats(3) framework in the TCP stack.
This makes it possible to retrieve per-connection statistical
information such as the receive window size, RTT, or goodput,
using a newly added TCP_STATS getsockopt(3) option, and extract
them using the stats_voistat_fetch(3) API.

See the net/tcprtt port for an example consumer of this API.

Compared to the existing TCP_INFO system, the main differences
are that this mechanism is easy to extend without breaking ABI,
and provides statistical information instead of raw "snapshots"
of values at a given point in time.  stats(3) is more generic
and can be used in both userland and the kernel.

Reviewed by:	thj
Tested by:	thj
Obtained from:	Netflix
Relnotes:	yes
Sponsored by:	Klara Inc, Netflix
Differential Revision:	https://reviews.freebsd.org/D20655
2022-07-11 11:52:46 +02:00
David Bright 0c854dd6d1 Jail and capability mode for shm_rename;
add audit support for shm_rename

Co-mingling two things here:

  * Addressing some feedback from Konstantin and Kyle re: jail,
    capability mode, and a few other things
  * Adding audit support as promised.

The audit support change includes a partial refresh of OpenBSM from
upstream, where the change to add shm_rename has already been
accepted. Matthew doesn't plan to work on refreshing anything else to
support audit for those new event types.

Submitted by:	Matthew Bryan <matthew.bryan@isilon.com>
Reviewed by:	kib
Relnotes:	Yes
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D22083
2022-07-11 11:52:46 +02:00
John Baldwin 12fb531a70 Add a TOE KTLS mode and a TOE hook for allocating TLS sessions.
This adds the glue to allocate TLS sessions and invokes it from
the TLS enable socket option handler.  This also adds some counters
for active TOE sessions.

The TOE KTLS mode is returned by getsockopt(TLSTX_TLS_MODE) when
TOE KTLS is in use on a socket, but cannot be set via setsockopt().

To simplify various checks, a TLS session now includes an explicit
'mode' member set to the value returned by TLSTX_TLS_MODE.  Various
places that used to check 'sw_encrypt' against NULL to determine
software vs ifnet (NIC) TLS now check 'mode' instead.

Reviewed by:	np, gallatin
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D21891
2022-07-11 11:52:46 +02:00
Kyle Evans 1ef7e3904d MFD_*: swap ordering
This API is still young enough that I would expect no one to be dependant on
this yet... Swap the ordering while it's young to match Linux values to
potentially ease implementation of linuxolator syscall, being able to reuse
existing constants.
2022-07-11 11:52:46 +02:00
David Bright 53648039c4 Add an shm_rename syscall
Add an atomic shm rename operation, similar in spirit to a file
rename. Atomically unlink an shm from a source path and link it to a
destination path. If an existing shm is linked at the destination
path, unlink it as part of the same atomic operation. The caller needs
the same permissions as shm_unlink to the shm being renamed, and the
same permissions for the shm at the destination which is being
unlinked, if it exists. If those fail, EACCES is returned, as with the
other shm_* syscalls.

truss support is included; audit support will come later.

This commit includes only the implementation; the sysent-generated
bits will come in a follow-on commit.

Submitted by:	Matthew Bryan <matthew.bryan@isilon.com>
Reviewed by:	jilles (earlier revision)
Reviewed by:	brueffer (manpages, earlier revision)
Relnotes:	yes
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D21423
2022-07-11 11:52:46 +02:00
Kyle Evans 9243caa8d3 Add linux-compatible memfd_create
memfd_create is effectively a SHM_ANON shm_open(2) mapping with optional
CLOEXEC and file sealing support. This is used by some mesa parts, some
linux libs, and qemu can also take advantage of it and uses the sealing to
prevent resizing the region.

This reimplements shm_open in terms of shm_open2(2) at the same time.

shm_open(2) will be moved to COMPAT12 shortly.

Reviewed by:	markj, kib
Differential Revision:	https://reviews.freebsd.org/D21393
2022-07-11 11:52:46 +02:00
Kyle Evans 99b66f5315 Add a shm_open2 syscall to support upcoming memfd_create
shm_open2 allows a little more flexibility than the original shm_open.
shm_open2 doesn't enforce CLOEXEC on its callers, and it has a separate
shmflag argument that can be expanded later. Currently the only shmflag is
to allow file sealing on the returned fd.

shm_open and memfd_create will both be implemented in libc to use this new
syscall.

__FreeBSD_version is bumped to indicate the presence.

Reviewed by:	kib, markj
Differential Revision:	https://reviews.freebsd.org/D21393
2022-07-11 11:52:46 +02:00
Randall Stewart 878b65b3b6 This commit adds BBR (Bottleneck Bandwidth and RTT) congestion control.
This is a completely separate TCP stack (tcp_bbr.ko) that will be built only if
you add the make options WITH_EXTRA_TCP_STACKS=1 and also include the option
TCPHPTS.  You can also include the RATELIMIT option if you have a NIC interface
that supports hardware pacing, BBR understands how to use such a feature.

Note that this commit also adds in a general purpose time-filter which
allows you to have a min-filter or max-filter. A filter allows you to
have a low (or high) value for some period of time and degrade slowly
to another value has time passes. You can find out the details of
BBR by looking at the original paper at:

https://queue.acm.org/detail.cfm?id=3022184

or consult many other web resources you can find on the web
referenced by "BBR congestion control". It should be noted that
BBRv1 (which this is) does tend to unfairness in cases of small
buffered paths, and it will usually get less bandwidth in the case
of large BDP paths(when competing with new-reno or cubic flows). BBR
is still an active research area and we do plan on  implementing V2
of BBR to see if it is an improvement over V1.

Sponsored by:	Netflix Inc.
Differential Revision:	https://reviews.freebsd.org/D21582
2022-07-11 11:52:46 +02:00
Alan Somers ce921ffca8 Reduce namespace pollution from r349233
Define __daddr_t in _types.h and use it in filio.h

Reported by:	ian, bde
Reviewed by:	ian, imp, cem
MFC after:	2 weeks
MFC-With:	349233
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D20715
2022-07-11 11:52:46 +02:00
Alan Somers 5a6ad7c5bc #include <sys/types.h> from sys/filio.h
This fixes world build after r349231

Reported by:	Jenkins
MFC after:	2 weeks
MFC-With:	349231
Sponsored by:	The FreeBSD Foundation
2022-07-11 11:52:46 +02:00
Alan Somers 8fe49db783 Add FIOBMAP2 ioctl
This ioctl exposes VOP_BMAP information to userland. It can be used by
programs like fragmentation analyzers and optimized cp implementations. But
I'm using it to test fusefs's VOP_BMAP implementation. The "2" in the name
distinguishes it from the similar but incompatible FIBMAP ioctls in NetBSD
and Linux.  FIOBMAP2 differs from FIBMAP in that it uses a 64-bit block
number instead of 32-bit, and it also returns runp and runb.

Reviewed by:	mckusick
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D20705
2022-07-11 11:52:46 +02:00
Brooks Davis c42aaaea4f Move 32-bit compat support for FIODGNAME to the right place.
ioctl(2) commands only have meaning in the context of a file descriptor
so translating them in the syscall layer is incorrect.

The new handler users an accessor to retrieve/construct a pointer from
the last member of the passed structure and relies on type punning to
access the other member which requires no translation.

Unlike r339174 this change supports both places FIODGNAME is handled.

Reviewed by:	kib
Obtained from:	CheriBSD
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D17475
2022-07-11 11:52:46 +02:00
Pedro F. Giffuni eb4cbf4fd3 sys: further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
2022-07-11 11:52:46 +02:00
Sebastian Huber 5c0c0e5c77 RTEMS: Remove FreeBSD version tags 2022-07-11 11:52:46 +02:00
Sebastian Huber 282d57d2a8 Reduce namespace pollution from <sys/_types.h>
Provide only __daddr_t through <sys/_types.h>.
2022-07-08 06:57:52 +02:00
Sebastian Huber 4ab39e0a85 RTEMS: Declare ioctl() also if _KERNEL is defined
This fixes the following warning in libbsd:

rtems/blkdev.h:200:10: warning: implicit declaration of function 'ioctl'; did
  you mean 'ifioctl'? [-Wimplicit-function-declaration]

Remove unnecessary includes.
2022-07-08 06:57:52 +02:00
Sebastian Huber 27fd806cd7 RTEMS: _KERNEL tweak for <sys/cpuset.h>
If _KERNEL is defined, then do not delcare CPU_ALLOC() and CPU_FREE() since
__cpuset_alloc() and __cpuset_free() are not declared as well.
2022-07-01 07:25:32 +02:00
Stefan Eßer e7ffbdb018 newlib/libc/sys/rtems/include/sys/cpuset.h
Fix typo in source file.

Reported by:	pluknet at gmail.com (Sergey Kandaurov)
2022-06-22 10:28:42 +02:00
Stefan Eßer e927f541f7 Make CPU_SET macros compliant with other implementations
The introduction of <sched.h> improved compatibility with some 3rd
party software, but caused the configure scripts of some ports to
assume that they were run in a GLIBC compatible environment.

Parts of sched.h were made conditional on -D_WITH_CPU_SET_T being
added to ports, but there still were compatibility issues due to
invalid assumptions made in autoconfigure scripts.

The differences between the FreeBSD version of macros like CPU_AND,
CPU_OR, etc. and the GLIBC versions was in the number of arguments:
FreeBSD used a 2-address scheme (one source argument is also used as
the destination of the operation), while GLIBC uses a 3-adderess
scheme (2 source operands and a separately passed destination).

The GLIBC scheme provides a super-set of the functionality of the
FreeBSD macros, since it does not prevent passing the same variable
as source and destination arguments. In code that wanted to preserve
both source arguments, the FreeBSD macros required a temporary copy of
one of the source arguments.

This patch set allows to unconditionally provide functions and macros
expected by 3rd party software written for GLIBC based systems, but
breaks builds of externally maintained sources that use any of the
following macros: CPU_AND, CPU_ANDNOT, CPU_OR, CPU_XOR.

One contributed driver (contrib/ofed/libmlx5) has been patched to
support both the old and the new CPU_OR signatures. If this commit
is merged to -STABLE, the version test will have to be extended to
cover more ranges.

Ports that have added -D_WITH_CPU_SET_T to build on -CURRENT do
no longer require that option.

The FreeBSD version has been bumped to 1400046 to reflect this
incompatible change.

Reviewed by:	kib
MFC after:	2 weeks
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D33451
2022-06-22 10:28:42 +02:00
Stefan Eßer 6af6e29552 sys/_bitset.h: Fix fall-out from commit 5e04571cf3c
The changes to the bitset macros allowed sched.h to be included
into userland programs without name space pollution due to BIT_*
and BITSET_* macros.

The definition of a "struct bitset" had been overlooked. This name
space pollution caused the build of port print/miktex to fail.

This commit makes the definition of struct bitset depend on the
same condition as the visibility of the BIT_* and BITSET_* macros,
i.e. needs _KERNEL or _WANT_FREEBSD_BITSET to be defined before
including sys/_bitset.h.

It has been tested with "make universe" since a prior attempt to
fix the issue broke the PowerPC64 kernel build.

This commit shall be MFCed together with commit 5e04571cf3c.

Reported by:    arrowd
MFC after:      1 month
2022-06-22 10:15:26 +02:00
Stefan Eßer 3af17aef2b sys/_bitset.h: revert commit 74e014dbfab
It caused kernel build for PowerPC64 to fail.

A different patch is being tested with make universe to make sure it
works on all architectures.

MFC after:	1 month<N [day[s]|week[s]|month[s]].  Request a reminder email>
2022-06-22 10:15:26 +02:00
Stefan Eßer c78c56c06d sys/_bitset.h: Fix fall-out from commit 5e04571cf3c
There is a reference to malloc() in #define __BITSET_ALLOC. Even
though this macro is only defined but not used, it causes the lang/gcc
ports to fail. The gcc ports "poison" a number of functions including
malloc() and prevent their use (including in macro definitions).

This commit moved the declaration of __BITSET_ALLOC into the
conditional block that depends on _KERNEL or _WANT_FREEBSD_BITSET
being defined.

There is no use of __BITSET_ALLOC in the FreeBSD sources, and userland
programs that want to use BITSEC_ALLOC will define _WANT_FREEBSD_BITSET
anyway.

This patch has been tested by building lang/gcc11 and a successful
make buildworld.

This commit shall be MFCed together with commit 5e04571cf3c.

MFC after:	1 month
2022-06-22 10:15:26 +02:00
Konstantin Belousov 2f6651097e sys/_bitset.h: Fix fall-out from commit 5e04571cf3c
The changes to the bitset macros allowed sched.h to be included into
userland programs without name space pollution due to BIT_* and
BITSET_* macros.

The definition of a global variable "bitset" had been overlooked.
This name space pollution caused a compile failure in print/miktex.

This commit renames the bitset variable to __bitset with the same
mapping back to the bitset if _KERNEL or _WANT_FREEBSD_BITSET is
defined.

This fix has been suggested by kib. It has been tested to let the
build of the print/miktex port succeed and to not break buildworld.

This commit shall be MFCed together with commit 5e04571cf3c.

Reported by:	arrowd
MFC after:	1 month
2022-06-22 10:15:26 +02:00
Stefan Eßer a1071cb178 sys/bitset.h: reduce visibility of BIT_* macros
Add two underscore characters "__" to names of BIT_* and BITSET_*
macros to move them to the implementation name space and to prevent
a name space pollution due to BIT_* macros in 3rd party programs with
conflicting parameter signatures.

These prefixed macro names are used in kernel header files to define
macros in e.g. sched.h, sys/cpuset.h and sys/domainset.h.

If C programs are built with either -D_KERNEL (automatically passed
when building a kernel or kernel modules) or -D_WANT_FREENBSD_BITSET
(or this macros is defined in the source code before including the
bitset macros), then all macros are made visible with their previous
names, too. E.g., both __BIT_SET() and BIT_SET() are visible with
either of _KERNEL or _WANT_FREEBSD_BITSET defined.

The main reason for this change is that some 3rd party sources
including sched.h have been found to contain conflicting BIT_*
macros.

As a work-around, parts of shed.h have been made conditional and
depend on _WITH_CPU_SET_T being set when sched.h is included.
Ports that expect the full functionality provided by sched.h need
to be built with -D_WITH_CPU_SET_T. But this leads to conflicts if
BIT_* macros are defined in that program, too.

This patch set makes all of sched.h visible again without this
parameter being passed and without any name space pollution due
to BIT_* macros becoming visible when sched.h is included.

This patch set will be backported to the STABLE branches, but ports
will need to use -D_WITH_CPU_SET_T as long as there are supported
releases that do not contain these patches.

Reviewed by:	kib, markj
MFC after:	1 month
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D33235
2022-06-22 10:15:26 +02:00
Konstantin Belousov 4ac3ee88c7 sched.h: add CPU_EQUAL() for better compatibility with Linux
Reviewed by:	jhb
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D32901
2022-06-22 10:15:26 +02:00
Mark Johnston 6070714e0f cpuset(9): Add CPU_FOREACH_IS(SET|CLR) and modify consumers to use it
This implementation is faster and doesn't modify the cpuset, so it lets
us avoid some unnecessary copying as well.  No functional change
intended.

This is a re-application of commit
9068f6ea697b1b28ad1326a4c7a9ba86f08b985e.

Reviewed by:	cem, kib, jhb
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32029
2022-06-22 10:15:26 +02:00
Mark Johnston 27e8401c46 bitset: Reimplement BIT_FOREACH_IS(SET|CLR)
Eliminate the nested loops and re-implement following a suggestion from
rlibby.

Add some simple regression tests.

Reviewed by:	rlibby, kib
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32472
2022-06-22 10:15:26 +02:00
Mark Johnston 96ddb4055e Revert "cpuset(9): Add CPU_FOREACH_IS(SET|CLR) and modify consumers to use it"
This reverts commit 9068f6ea697b1b28ad1326a4c7a9ba86f08b985e.

The underlying macro needs to be reworked to avoid problems with control
flow statements.

Reported by:	rlibby
2022-06-22 10:15:26 +02:00
Mark Johnston 112245b78f cpuset(9): Add CPU_FOREACH_IS(SET|CLR) and modify consumers to use it
This implementation is faster and doesn't modify the cpuset, so it lets
us avoid some unnecessary copying as well.  No functional change
intended.

Reviewed by:	cem, kib, jhb
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32029
2022-06-22 10:15:26 +02:00
Mark Johnston 37a3e59636 bitset(9): Introduce BIT_FOREACH_ISSET and BIT_FOREACH_ISCLR
These allow one to non-destructively iterate over the set or clear bits
in a bitset.  The motivation is that we have several code fragments
which iterate over a CPU set like this:

while ((cpu = CPU_FFS(&cpus)) != 0) {
	cpu--;
	CPU_CLR(cpu, &cpus);
	<do something>;
}

This is slow since CPU_FFS begins the search at the beginning of the
bitset each time.  On amd64 and arm64, CPU sets have size 256, so there
are four limbs in the bitset and we do a lot of unnecessary scanning.

A second problem is that this is destructive, so code which needs to
preserve the original set has to make a copy.  In particular, we have
quite a few functions which take a cpuset_t parameter by value, meaning
that each call has to copy the 32 byte cpuset_t.

The new macros address both problems.

Reviewed by:	cem, kib
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32028
2022-06-22 10:15:26 +02:00
Patrick Kelsey 7c03cdf47e iflib: Improve mapping of TX/RX queues to CPUs
iflib now supports mapping each (TX,RX) queue pair to the same CPU
(default), to separate CPUs, or to a pair of physical and logical CPUs
that share the same L2 cache.  The mapping mechanism supports unequal
numbers of TX and RX queues, with the excess queues always being
mapped to consecutive physical CPUs.  When the platform cannot
distinguish between physical and logical CPUs, all are treated as
physical CPUs.  See the comment on get_cpuid_for_queue() for the
entire matrix.

The following device-specific tunables influence the mapping process:
dev.<device>.<unit>.iflib.core_offset       (existing)
dev.<device>.<unit>.iflib.separate_txrx     (existing)
dev.<device>.<unit>.iflib.use_logical_cores (new)

The following new, read-only sysctls provide visibility of the mapping
results:
dev.<device>.<unit>.iflib.{t,r}xq<n>.cpu

When an iflib driver allocates TX softirqs without providing reference
RX IRQs, iflib now binds those TX softirqs to CPUs using the above
mapping mechanism (that is, treats them as if they were TX IRQs).
Previously, such bindings were left up to the grouptaskqueue code and
thus fell outside of the iflib CPU mapping strategy.

Reviewed by:	kbowling
Tested by:	olivier, pkelsey
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D24094
2022-06-22 10:15:26 +02:00
Ryan Libby fb0a5865e4 bitset: implement BIT_TEST_CLR_ATOMIC & BIT_TEST_SET_ATOMIC
That is, provide wrappers around the atomic_testandclear and
atomic_testandset primitives.

Submitted by:	jeff
Reviewed by:	cem, kib, markj
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D22702
2022-06-22 10:15:26 +02:00
D Scott Phillips 9d50b44689 bitset: expand bit index type to `long`
An upcoming patch to use the bitset macros for tracking vm page
dump information could conceivably need more than INT_MAX bits.
Expand the bit type to long so that the extra range is available
on 64-bit platforms where it would most likely be needed.

CPUSET_COUNT and DOMAINSET_COUNT are also modified to remain of
type `int`.

Reviewed by:	kib, markj
Approved by:	scottl (implicit)
MFC after:	1 week
Sponsored by:	Ampere Computing, Inc.
Differential Revision:	https://reviews.freebsd.org/D26190
2022-06-22 10:15:26 +02:00
D Scott Phillips 4c5b7bec97 bitset: add BIT_FFS_AT() for finding the first bit set greater than a start bit
Reviewed by:	kib
Approved by:	scottl (implicit)
MFC after:	1 week
Sponsored by:	Ampere Computing, Inc.
Differential Revision:	https://reviews.freebsd.org/D26128
2022-06-22 10:15:26 +02:00
Konstantin Belousov 5e7a2b174a Fix undefined behavior: left-shifting into the sign bit.
Reviewed by:	dim, markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D22898
2022-06-22 10:15:26 +02:00
Ryan Libby de1380c36b bitset: rename confusing macro NAND to ANDNOT
s/BIT_NAND/BIT_ANDNOT/, and for CPU and DOMAINSET too.  The actual
implementation is "and not" (or "but not"), i.e. A but not B.
Fortunately this does appear to be what all existing callers want.

Don't supply a NAND (not (A and B)) operation at this time.

Discussed with:	jeff
Reviewed by:	cem
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D22791
2022-06-22 10:15:26 +02:00
Ryan Libby 96c645a0b1 bitset: avoid pessimized code when bitset size is not constant
We have a couple optimizations for when the bitset is known to be just
one word.  But with dynamically sized bitsets, it was actually more work
to determine the size than just to do the necessary computation.  Now,
only use the optimization when the size is known to be constant.

Reviewed by:	markj
Discussed with:	jeff
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D22639
2022-06-22 10:15:26 +02:00
Jeff Roberson a6bd733db9 Use a precise bit count for the slab free items in UMA.
This significantly shrinks embedded slab structures.

Reviewed by:	markj, rlibby (prior version)
Differential Revision:	https://reviews.freebsd.org/D22584
2022-06-22 10:15:26 +02:00
Sebastian Huber a13a044c17 RTEMS: Remove FreeBSD version tags 2022-06-22 10:14:38 +02:00
Mike Frysinger 96bc16f6b2 newlib: libc: merge build up a directory
Convert all the libc/ subdir makes into the top-level Makefile.  This
allows us to build all of libc from the top Makefile without using any
recursive make calls.  This is faster and avoids the funky lib.a logic
where we unpack subdir archives to repack into a single libc.a.  The
machine override logic is maintained though by way of Makefile include
ordering, and source file accumulation in libc_a_SOURCES.

There's a few dummy.c files that are no longer necessary since we aren't
doing the lib.a accumulating, so punt them.

The winsup code has been pulling the internal newlib ssp library out,
but that doesn't exist anymore, so change that to pull the objects.
2022-03-16 21:18:25 -04:00
Mike Frysinger 8343db918f newlib: libc: move configure into top-level
This kills off the last configure script under libc/ and folds it
into the top newlib configure script.  The a lot of the logic was
already in the top configure script, so move what's left into a
libc/acinclude.m4 file.
2022-02-25 13:52:48 -05:00
Mike Frysinger 416792d59a newlib: libc: delete crt0.o duplication
The crt0.o was handled in a subdir-by-subdir basis: it would be compiled
in one (e.g. libc/sys/$arch/), then copied up one level (libc/sys/), then
copied up another (libc/) before finally being copied & installed in the
top newlib dir.  The libc/sys/ copy was cleaned up, and then the top dir
was changed to copy it directly out of the libc/sys/$arch/ dir.  But the
libc/sys/ copy to libc/ was left behind.  Clean that up now too.
2022-02-18 21:25:32 -05:00
Mike Frysinger 2a83e65fc2 newlib: rtems: drop redundant header install
The top-level newlib dir already takes care of recursing into the
sys/xxx/include/ subdirs and installing any headers found, so the
rtems subdir doesn't need to do this itself.
2022-02-16 20:03:57 -05:00
Mike Frysinger 907764ebec newlib/libgloss: drop unused $(CROSS_CFLAGS)
This is used in a bunch of places, but nowhere is it ever set, and
nowhere can I find any documentation, nor can I find any other project
using it.  So delete the flags to simplify.
2022-02-15 20:02:51 -05:00
Mike Frysinger ac90a6590b newlib: phoenix: merge configure up to top-level
Merge sys/phoenix/ configure logic into libc/ itself.  This kills
off the last lingering script in this tree (other than libc itself).
2022-02-15 19:59:08 -05:00
Mike Frysinger 5b9c4cf23e newlib: drop support for $oext
This was needed only to support libtool in case objects ended in .lo
instead of .o, but we dropped libtool, so drop this too.
2022-02-09 23:35:23 -05:00
Mike Frysinger f034d8ad19 newlib: drop support for $aext
This was needed only to support libtool in case the library ended in
.la instead of .a, but we dropped libtool, so drop this too.
2022-02-09 23:34:17 -05:00
Mike Frysinger 006da84337 newlib: drop libtool support
This was only ever used for i?86-pc-linux-gnu targets, but that's been
broken for years, and has since been dropped.  So clean this up too.

This also deletes the funky objectlist logic since it only existed for
the libtool libraries.  Since it was the only thing left in the small
Makefile.shared file, we can punt that too.
2022-02-09 20:27:37 -05:00
Mike Frysinger e7ad3f5aa8 newlib: switch to AM_PROG_AR
Now that we require automake-1.15, we can use this macro rather than
do the tool search ourselves.
2022-02-08 21:24:59 -05:00
Mike Frysinger b9346cee1a newlib: switch to standard AC_PROG_CC
Now that we use AC_NO_EXECUTABLES, and we require a recent version of
autoconf, we don't need to define our own copies of these macros.  So
switch to the standard AC_PROG_CC.
2022-02-08 19:09:26 -05:00
Mike Frysinger 44f6310bf9 newlib: libc: include all chapters all the time in the manual
THe stdio subdir is actually required by the documentation.  The
stdio/def is handled dynamically, but libc.texi always expects it
to be included, and fails if it isn't.  So making it required when
building docs is safe.

The xdr subdir is handled dynamically, but it doesn't include any
docs, so the dynamic logic isn't (currently) adding any value.  So
making it required when building docs is safe.

That leaves: iconv, stdio64, posix, and signal subdirs.  The chapters
have a little disclaimer saying they are system-dependent, but even
then, imo having stable manuals regardless of the target is preferable,
and we can add more disclaimer language to these chapters if we want.

This doesn't touch the man page codepaths, just the info/pdf.
2022-02-04 19:39:09 -05:00
Mike Frysinger 6444f108d9 newlib: export abs_newlib_basedir for all subdirs
When using the top-level configure script but subdir Makefiles, the
newlib_basedir value gets a bit out of sync: it's relative to where
configure lives, not where the Makefile lives.  Move the abs setting
from the top-level configure script into acinclude.m4 so we can rely
on it being available everywhere.  Although this commit doesn't use
it anywhere, just lays the groundwork.
2022-01-29 01:35:30 -05:00
Mike Frysinger 08a55a233d newlib: libc: merge machine/ configure scripts up a level
The machine configure scripts are all effectively stub scripts that
pass the higher level options to its own makefile.  There were only
three doing custom tests.  The rest were all effectively the same as
the libc/ configure script.

So instead of recursively running configure in all of these subdirs,
generate their makefiles from the top-level configure.  For the few
unique ones, deploy a pattern of including subdir logic via m4:
	m4_include([machine/nds32/acinclude.m4])

Some of the generated machine makefiles have a bunch of extra stuff
added to them, but that's because they were inconsistent in their
configure libtool calls.  The top-level has it, so it exports some
new vars to the ones that weren't already.
2022-01-26 03:11:21 -05:00
Mike Frysinger 8bee45444f newlib: libc: merge most sys/ configure scripts up a level
The sys configure scripts are almost all effectively stub scripts that
pass the higher level options to its own makefile.  The phoenix & linux
ones are a bit more complicated with nested subdirs, so those have been
left alone for now.  Plus, I don't really have a way of testing them.
2022-01-26 03:11:21 -05:00
Mike Frysinger f159663b08 newlib: stop clobbering LDFLAGS with non-standard $ldflags
It's unclear why this was added originally, but assuming it was needed
20 years ago, it shouldn't be explicitly required nowadays.  Current
versions of autotools already take care of exporting LDFLAGS to the
Makefile as needed (things are actually getting linked).  That's why
the configure diffs show LDFLAGS still here, but shifted to a diff
place in the output list.  A few dirs stop exporting LDFLAGS, but
that's because they don't do any linking, only compiling, so it's
correct.

As for the use of $ldflags instead of the standard $LDFLAGS, I can't
really explain that at all.  Just use the right name so users don't
have to dig into why their setting isn't respected, and then use a
non-standard name instead.  Adjust the testsuite to match.
2022-01-21 17:10:10 -05:00
Mike Frysinger 4317e0676a newlib: stop checking --enable-multilib in subdirs
None of the subdirs actually use the multilib arg, so include the
logic only in the top-level configure.
2022-01-21 17:10:10 -05:00
Mike Frysinger 6746e06043 newlib: avoid duplicate awk checks
Since AM_INIT_AUTOMAKE calls AC_PROG_AWK, and some configure.ac
scripts call it too, we end up testing for awk multiple times.  If
we change NEWLIB_CONFIGURE to require the macro instead, then it
makes sure it's always expanded, but only once.

While we're here, do the same thing with AC_PROG_INSTALL since it
is also called by AM_INIT_AUTOMAKE, although it doesn't currently
result in duplicate configure checks.
2022-01-18 19:25:18 -05:00
Mike Frysinger 71086e8b2d newlib: delete (most) redundant lib_a_CCASFLAGS=$(AM_CCASFLAGS)
Since automake already sets per-library CCASFLAGS to $(AM_CCASFLAGS)
by default, there's no need to explicitly set it here.

Many of these dirs don't have .S files in the first place, so the rule
doesn't even do anything.  That can easily be seen when Makefile.in has
no changes as a result.

For the dirs with .S files, the custom rules are the same as the pattern
.S.o rules, so this is a nice cleanup.

The only dir that was adding extra flags (newlib/libc/machine/mn10300/)
to the per-library setting can have it moved to the global AM_CCASFLAGS
since the subdir only has one target.  Although the setting just adds
extra debugging flags, so maybe it should be deleted in general.

There are a few dirs that we leave the redundant setting in place.  This
is to workaround an automake limitation in subdirs that support building
with & w/out libtool:
https://www.gnu.org/software/automake/manual/html_node/Objects-created-both-with-libtool-and-without.html
2022-01-18 19:12:02 -05:00
Mike Frysinger 20e3103471 newlib: update to automake-1.15
This matches what the other GNU toolchain projects have done already.
The generated diff in practice isn't terribly large.  This will allow
more use of subdir local.mk includes due to fixes & improvements that
came after the 1.11 release series.
2022-01-14 19:10:38 -05:00
Mike Frysinger a100e80fc9 require autoconf-2.69 exactly
The newlib & libgloss dirs are already generated using autoconf-2.69.
To avoid merging new code and/or accidental regeneration using diff
versions, leverage config/override.m4 to pin to 2.69 exactly.  This
matches what gcc/binutils/gdb are already doing.

The README file already says to use autoconf-2.69.

To accomplish this, it's just as simple as adding -I flags to the
top-level config/ dir when running aclocal.  This is because the
override.m4 file overrides AC_INIT to first require the specific
autoconf version before calling the real AC_INIT.
2022-01-14 15:24:33 -05:00
Mike Frysinger 8fc6b4b30e newlib: regen aclocal.m4 after autoconf update
The configure scripts were regenerated with 2.69 for the newlib-4.2.0
release in 484d2ebf8d, but the aclocal
files were not.  Do that now to avoid confusion between the two as to
which version of autoconf was used.
2022-01-12 07:01:18 -05:00
Mike Frysinger ed20821a40 newlib: migrate from INCLUDES to AM_CPPFLAGS
Since automake deprecated the INCLUDES name in favor of AM_CPPFLAGS,
change all existing users over.  The generated code is the same since
the two variables have been used in the same exact places by design.

There are other cleanups to be done, but lets focus on just renaming
here so we can upgrade to a newer automake version w/out triggering
new warnings.
2022-01-05 20:29:53 -05:00
Jeff Johnston 484d2ebf8d Update newlib to 4.2.0 2021-12-31 12:46:13 -05:00
Jon Turney bfcabeb876
newlib: Regenerate autotools files 2021-12-29 22:45:06 +00:00
Jon Turney a4e734fcdb
newlib: Remove automake option 'cygnus'
The 'cygnus' option was removed from automake 1.13 in 2012, so the
presence of this option prevents that or a later version of automake
being used.

A check-list of the effects of '--cygnus' from the automake 1.12
documentation, and steps taken (where possible) to preserve those
effects (See also this thread [1] for discussion on that):

[1] https://lists.gnu.org/archive/html/bug-automake/2012-03/msg00048.html

1. The foreign strictness is implied.

Already present in AM_INIT_AUTOMAKE in newlib/acinclude.m4

2. The options no-installinfo, no-dependencies and no-dist are implied.

Already present in AM_INIT_AUTOMAKE in newlib/acinclude.m4

Future work: Remove no-dependencies and any explicit header dependencies,
and use automatic dependency tracking instead.  Are there explicit rules
which are now redundant to removing no-installinfo and no-dist?

3. The macro AM_MAINTAINER_MODE is required.

Already present in newlib/acinclude.m4

Note that maintainer-mode is still disabled by default.

4. Info files are always created in the build directory, and not in the
source directory.

This appears to be an error in the automake documentation describing
'--cygnus' [2]. newlib's info files are generated in the source
directory, and no special steps are needed to keep doing that.

[2] https://lists.gnu.org/archive/html/bug-automake/2012-04/msg00028.html

5. texinfo.tex is not required if a Texinfo source file is specified.
(The assumption is that the file will be supplied, but in a place that
automake cannot find.)

This effect is overriden by an explicit setting of the TEXINFO_TEX
variable (the directory part of which is fed into texi2X via the
TEXINPUTS environment variable).

6. Certain tools will be searched for in the build tree as well as in the
user's PATH. These tools are runtest, expect, makeinfo and texi2dvi.

For obscure automake reasons, this effect of '--cygnus' is not active
for makeinfo in newlib's configury.

However, there appears to be top-level configury which selects in-tree
runtest, expect and makeinfo, if present. So, if that works as it
appears, this effect is preserved. If not, this may cause problem if
anyone is building those tools in-tree.

This effect is not preserved for texi2dvi. This may cause problems if
anyone is building texinfo in-tree.

If needed, explicit checks for those tools looking in places relative to
$(top_srcdir)/../ as well as in PATH could be added.

7. The check target doesn't depend on all.

This effect is not preseved. The check target now depends on the all
target.

This concern seems somewhat academic given the current state of the
testsuite.

Also note that this doesn't touch libgloss.
2021-12-29 22:45:04 +00:00
Jon Turney 8e166351b3
newlib: Regenerate autotools files 2021-12-29 22:45:03 +00:00
Jon Turney 639cb7ec1a
newlib: Regenerate all autotools files
Regenerate all aclocal.m4, configure and Makefile.in files.
2021-12-09 21:41:35 +00:00
Mike Frysinger 59e83de0b1 libgloss/newlib: update configure.ac in Makefile.in files
The maintainer rules refer to configure.in directly, so update that
after renaming all the configure.ac files.
2021-11-06 14:14:49 -04:00
Mike Frysinger 920617998e libgloss/newlib: rename configure.in to configure.ac
The .in name has been deprecated for a long time in favor of .ac.
2021-09-13 10:14:37 -04:00
Joel Sherrill 59584ff16b libc/sys/rtems/crt0.c: Fix two warnings.
__assert_func() is marked as noreturn and stub should not.
	__tls_get_addr() needed to return a value..
2021-06-17 12:58:36 -05:00
Sebastian Huber a485393aea RTEMS: Add <poll.h> and <sys/poll.h>
Add the POSIX header file <poll.h> which is used by the GCC 11 Ada
runtime support.

Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
2021-01-05 13:41:34 -05:00
Jeff Johnston 415fdd4279 Bump up newlib version to 4.1.0 2020-12-18 18:50:49 -05:00
Jeff Johnston 14123c991b Bump newlib release to 4.0.0 2020-12-11 14:37:12 -05:00
Joel Sherrill fcaaf40c9d libc/sys/rtems/include/machine/_types.h: Define daddr_t to be 64 bits for RTEMS
This type needs to be able to represent a position on a disk or
file system.
2020-10-28 09:45:21 -05:00
Sebastian Huber b37a3388cc RTEMS: Include missing header and fix stub
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
2020-03-13 13:51:20 -05:00
Keith Packard 9042d0ce65 Use remove-advertising-clause script to edit BSD licenses
This edits licenses held by Berkeley and NetBSD, both of which
have removed the advertising requirement from their licenses.

Signed-off-by: Keith Packard <keithp@keithp.com>
2020-01-29 19:03:31 +01:00
Jeff Johnston 4e78f8ea16 Bump up newlib release to 3.3.0 2020-01-21 15:17:43 -05:00
Jeff Johnston 1afb22a120 Bump up release to 3.2.0 for yearly snapshot 2020-01-02 14:56:24 -05:00
kib 7e9b1550fd Add SIOCGIFDOWNREASON.
The ioctl(2) is intended to provide more details about the cause of
the down for the link.

Eventually we might define a comprehensive list of codes for the
situations.  But interface also allows the driver to provide free-form
null-terminated ASCII string to provide arbitrary non-formalized
information.  Sample implementation exists for mlx5(4), where the
string is fetched from firmware controlling the port.

Reviewed by:	hselasky, rrs
Sponsored by:	Mellanox Technologies
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D21527
2019-09-25 09:01:28 +02:00
jhb 1b35636119 Add kernel-side support for in-kernel TLS.
KTLS adds support for in-kernel framing and encryption of Transport
Layer Security (1.0-1.2) data on TCP sockets.  KTLS only supports
offload of TLS for transmitted data.  Key negotation must still be
performed in userland.  Once completed, transmit session keys for a
connection are provided to the kernel via a new TCP_TXTLS_ENABLE
socket option.  All subsequent data transmitted on the socket is
placed into TLS frames and encrypted using the supplied keys.

Any data written to a KTLS-enabled socket via write(2), aio_write(2),
or sendfile(2) is assumed to be application data and is encoded in TLS
frames with an application data type.  Individual records can be sent
with a custom type (e.g. handshake messages) via sendmsg(2) with a new
control message (TLS_SET_RECORD_TYPE) specifying the record type.

At present, rekeying is not supported though the in-kernel framework
should support rekeying.

KTLS makes use of the recently added unmapped mbufs to store TLS
frames in the socket buffer.  Each TLS frame is described by a single
ext_pgs mbuf.  The ext_pgs structure contains the header of the TLS
record (and trailer for encrypted records) as well as references to
the associated TLS session.

KTLS supports two primary methods of encrypting TLS frames: software
TLS and ifnet TLS.

Software TLS marks mbufs holding socket data as not ready via
M_NOTREADY similar to sendfile(2) when TLS framing information is
added to an unmapped mbuf in ktls_frame().  ktls_enqueue() is then
called to schedule TLS frames for encryption.  In the case of
sendfile_iodone() calls ktls_enqueue() instead of pru_ready() leaving
the mbufs marked M_NOTREADY until encryption is completed.  For other
writes (vn_sendfile when pages are available, write(2), etc.), the
PRUS_NOTREADY is set when invoking pru_send() along with invoking
ktls_enqueue().

A pool of worker threads (the "KTLS" kernel process) encrypts TLS
frames queued via ktls_enqueue().  Each TLS frame is temporarily
mapped using the direct map and passed to a software encryption
backend to perform the actual encryption.

(Note: The use of PHYS_TO_DMAP could be replaced with sf_bufs if
someone wished to make this work on architectures without a direct
map.)

KTLS supports pluggable software encryption backends.  Internally,
Netflix uses proprietary pure-software backends.  This commit includes
a simple backend in a new ktls_ocf.ko module that uses the kernel's
OpenCrypto framework to provide AES-GCM encryption of TLS frames.  As
a result, software TLS is now a bit of a misnomer as it can make use
of hardware crypto accelerators.

Once software encryption has finished, the TLS frame mbufs are marked
ready via pru_ready().  At this point, the encrypted data appears as
regular payload to the TCP stack stored in unmapped mbufs.

ifnet TLS permits a NIC to offload the TLS encryption and TCP
segmentation.  In this mode, a new send tag type (IF_SND_TAG_TYPE_TLS)
is allocated on the interface a socket is routed over and associated
with a TLS session.  TLS records for a TLS session using ifnet TLS are
not marked M_NOTREADY but are passed down the stack unencrypted.  The
ip_output_send() and ip6_output_send() helper functions that apply
send tags to outbound IP packets verify that the send tag of the TLS
record matches the outbound interface.  If so, the packet is tagged
with the TLS send tag and sent to the interface.  The NIC device
driver must recognize packets with the TLS send tag and schedule them
for TLS encryption and TCP segmentation.  If the the outbound
interface does not match the interface in the TLS send tag, the packet
is dropped.  In addition, a task is scheduled to refresh the TLS send
tag for the TLS session.  If a new TLS send tag cannot be allocated,
the connection is dropped.  If a new TLS send tag is allocated,
however, subsequent packets will be tagged with the correct TLS send
tag.  (This latter case has been tested by configuring both ports of a
Chelsio T6 in a lagg and failing over from one port to another.  As
the connections migrated to the new port, new TLS send tags were
allocated for the new port and connections resumed without being
dropped.)

ifnet TLS can be enabled and disabled on supported network interfaces
via new '[-]txtls[46]' options to ifconfig(8).  ifnet TLS is supported
across both vlan devices and lagg interfaces using failover, lacp with
flowid enabled, or lacp with flowid enabled.

Applications may request the current KTLS mode of a connection via a
new TCP_TXTLS_MODE socket option.  They can also use this socket
option to toggle between software and ifnet TLS modes.

In addition, a testing tool is available in tools/tools/switch_tls.
This is modeled on tcpdrop and uses similar syntax.  However, instead
of dropping connections, -s is used to force KTLS connections to
switch to software TLS and -i is used to switch to ifnet TLS.

Various sysctls and counters are available under the kern.ipc.tls
sysctl node.  The kern.ipc.tls.enable node must be set to true to
enable KTLS (it is off by default).  The use of unmapped mbufs must
also be enabled via kern.ipc.mb_use_ext_pgs to enable KTLS.

KTLS is enabled via the KERN_TLS kernel option.

This patch is the culmination of years of work by several folks
including Scott Long and Randall Stewart for the original design and
implementation; Drew Gallatin for several optimizations including the
use of ext_pgs mbufs, the M_NOTREADY mechanism for TLS records
awaiting software encryption, and pluggable software crypto backends;
and John Baldwin for modifications to support hardware TLS offload.

Reviewed by:	gallatin, hselasky, rrs
Obtained from:	Netflix
Sponsored by:	Netflix, Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D21277
2019-09-25 09:01:23 +02:00
thj 28a44b1ecd Rename IPPROTO 33 from SEP to DCCP
IPPROTO 33 is DCCP in the IANA Registry:
https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

IPPROTO_SEP was added about 20 years ago in r33804. The entries were added
straight from RFC1700, without regard to whether they were used.

The reference in RFC1700 for SEP is '[JC120] <mystery contact>', this is an
indication that the protocol number was probably in use in a private network.

As RFC1700 is no longer the authoritative list of internet numbers and that
IANA assinged 33 to DCCP in RFC4340, change the header to the actual
authoritative source.

Reviewed by:	Richard Scheffenegger, bz
Approved by:	bz (mentor)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D21178
2019-09-25 09:01:19 +02:00
rrs 693ba4025f This commit updates rack to what is basically
being used at NF as well as sets in some of the groundwork for
committing BBR. The hpts system is updated as well as some other needed
utilities for the entrance of BBR. This is actually part 1 of 3 more
needed commits which will finally complete with BBRv1 being added as a
new tcp stack.

Sponsored by:	Netflix Inc.
Differential Revision:	https://reviews.freebsd.org/D20834
2019-09-25 09:01:19 +02:00
jhb 2f55e1fa06 Add an external mbuf buffer type that holds
multiple unmapped pages.

Unmapped mbufs allow sendfile to carry multiple pages of data in a
single mbuf, without mapping those pages.  It is a requirement for
Netflix's in-kernel TLS, and provides a 5-10% CPU savings on heavy web
serving workloads when used by sendfile, due to effectively
compressing socket buffers by an order of magnitude, and hence
reducing cache misses.

For this new external mbuf buffer type (EXT_PGS), the ext_buf pointer
now points to a struct mbuf_ext_pgs structure instead of a data
buffer.  This structure contains an array of physical addresses (this
reduces cache misses compared to an earlier version that stored an
array of vm_page_t pointers).  It also stores additional fields needed
for in-kernel TLS such as the TLS header and trailer data that are
currently unused.  To more easily detect these mbufs, the M_NOMAP flag
is set in m_flags in addition to M_EXT.

Various functions like m_copydata() have been updated to safely access
packet contents (using uiomove_fromphys()), to make things like BPF
safe.

NIC drivers advertise support for unmapped mbufs on transmit via a new
IFCAP_NOMAP capability.  This capability can be toggled via the new
'nomap' and '-nomap' ifconfig(8) commands.  For NIC drivers that only
transmit packet contents via DMA and use bus_dma, adding the
capability to if_capabilities and if_capenable should be all that is
required.

If a NIC does not support unmapped mbufs, they are converted to a
chain of mapped mbufs (using sf_bufs to provide the mapping) in
ip_output or ip6_output.  If an unmapped mbuf requires software
checksums, it is also converted to a chain of mapped mbufs before
computing the checksum.

Submitted by:	gallatin (earlier version)
Reviewed by:	gallatin, hselasky, rrs
Discussed with:	ae, kp (firewalls)
Relnotes:	yes
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D20616
2019-09-25 09:01:19 +02:00
hselasky d41e144869 Convert all IPv4 and IPv6 multicast memberships
into using a STAILQ instead of a linear array.

The multicast memberships for the inpcb structure are protected by a
non-sleepable lock, INP_WLOCK(), which needs to be dropped when
calling the underlying possibly sleeping if_ioctl() method. When using
a linear array to keep track of multicast memberships, the computed
memory location of the multicast filter may suddenly change, due to
concurrent insertion or removal of elements in the linear array. This
in turn leads to various invalid memory access issues and kernel
panics.

To avoid this problem, put all multicast memberships on a STAILQ based
list. Then the memory location of the IPv4 and IPv6 multicast filters
become fixed during their lifetime and use after free and memory leak
issues are easier to track, for example by: vmstat -m | grep multi

All list manipulation has been factored into inline functions
including some macros, to easily allow for a future hash-list
implementation, if needed.

This patch has been tested by pho@ .

Differential Revision: https://reviews.freebsd.org/D20080
Reviewed by:	markj @
MFC after:	1 week
Sponsored by:	Mellanox Technologies
2019-09-25 09:01:15 +02:00
brooks e94d2a0f8b Extend mmap/mprotect API to specify the max page
protections.

A new macro PROT_MAX() alters a protection value so it can be OR'd with
a regular protection value to specify the maximum permissions.  If
present, these flags specify the maximum permissions.

While these flags are non-portable, they can be used in portable code
with simple ifdefs to expand PROT_MAX() to 0.

This change allows (e.g.) a region that must be writable during run-time
linking or JIT code generation to be made permanently read+execute after
writes are complete.  This complements W^X protections allowing more
precise control by the programmer.

This change alters mprotect argument checking and returns an error when
unhandled protection flags are set.  This differs from POSIX (in that
POSIX only specifies an error), but is the documented behavior on Linux
and more closely matches historical mmap behavior.

In addition to explicit setting of the maximum permissions, an
experimental sysctl vm.imply_prot_max causes mmap to assume that the
initial permissions requested should be the maximum when the sysctl is
set to 1.  PROT_NONE mappings are excluded from this for compatibility
with rtld and other consumers that use such mappings to reserve
address space before mapping contents into part of the reservation.  A
final version this is expected to provide per-binary and per-process
opt-in/out options and this sysctl will go away in its current form.
As such it is undocumented.

Reviewed by:	emaste, kib (prior version), markj
Additional suggestions from:	alc
Obtained from:	CheriBSD
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D18880
2019-09-25 09:01:10 +02:00
shurd 17baf5e390 Some devices take undesired actions when RTS and
DTR are asserted. Some development boards for example will reset on DTR,
and some radio interfaces will transmit on RTS.

This patch allows "stty -f /dev/ttyu9.init -rtsdtr" to prevent
RTS and DTR from being asserted on open(), allowing these devices
to be used without problems.

Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D20031
2019-09-25 09:01:07 +02:00
pfg 6bd0b9ed27 Fix mismatch from r342379. 2019-09-25 09:01:04 +02:00
pfg 84ba60e6eb gai_strerror() - Update string error messages according to RFC 3493.
Error messages in gai_strerror(3) vary largely among OSs.

For new software we largely replaced the obsoleted EAI_NONAME and
with EAI_NODATA but we never updated the corresponding message to better
match the intended use. We also have references to ai_flags and ai_family
which are not very descriptive for non-developer end users.

Bring new new error messages based on informational RFC 3493, which has
obsoleted RFC 2553, and make them consistent among the header adn
manpage.

MFC after:	1 month
Differentical Revision:	D18630
2019-09-25 08:38:27 +02:00
Sebastian Huber 9d4a6534fb Move RTEMS and XMK specific type definitions
Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
2019-02-19 09:06:22 +01:00
Jeff Johnston 5726873100 Bump release to 3.1.0 for yearly snapshot 2018-12-31 23:40:11 -05:00
Sebastian Huber dc6e94551f RTEMS: Use __uint64_t for __ino_t
FreeBSD uses a 64-bit ino_t since 2017-05-23.  We need this for the
pipe() support in libbsd.

Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
2018-12-20 12:12:38 +01:00
markj 44756a36ab Plug routing sysctl leaks.
Various structures exported by sysctl_rtsock() contain padding fields
which were not being zeroed.

Reported by:	Thomas Barabosch, Fraunhofer FKIE
Reviewed by:	ae
MFC after:	3 days
Security:	kernel memory disclosure
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D18333
2018-12-20 12:12:37 +01:00
Sebastian Huber 1471e7cd74 RTEMS: Avoid <machine/param.h> in <sys/_cpuset.h>
The <machine/param.h> header file exposes some unrelated stuff not
covered by C or POSIX.  Avoid its use in <sys/_cpuset.h> since it is
included in <rtems.h>.

Signed-off-by: Sebastian Huber <sebastian.huber@embedded-brains.de>
2018-11-08 09:38:12 +01:00