From owner-svn-src-projects@freebsd.org Sun Mar 8 18:12:55 2020 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A0BC1270D5C for ; Sun, 8 Mar 2020 18:12:55 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48b8bW32w6z4Vj8; Sun, 8 Mar 2020 18:12:55 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 2FF9C25DBB; Sun, 8 Mar 2020 18:12:55 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 028ICsYu004881; Sun, 8 Mar 2020 18:12:54 GMT (envelope-from rmacklem@FreeBSD.org) Received: (from rmacklem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 028ICsts004880; Sun, 8 Mar 2020 18:12:54 GMT (envelope-from rmacklem@FreeBSD.org) Message-Id: <202003081812.028ICsts004880@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to rmacklem@FreeBSD.org using -f From: Rick Macklem Date: Sun, 8 Mar 2020 18:12:54 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r358755 - projects/nfs-over-tls/usr.sbin/rpctlscd X-SVN-Group: projects X-SVN-Commit-Author: rmacklem X-SVN-Commit-Paths: projects/nfs-over-tls/usr.sbin/rpctlscd X-SVN-Commit-Revision: 358755 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Mar 2020 18:12:55 -0000 Author: rmacklem Date: Sun Mar 8 18:12:54 2020 New Revision: 358755 URL: https://svnweb.freebsd.org/changeset/base/358755 Log: Update rpctlscd to add options for handling of the certificate provided by the server when the handshake (SSL_connect()) is done. Also, temporarily switch it to use TLS1.2, since that is what will initially be supported by the KERN_TLS. Modified: projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c Modified: projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c ============================================================================== --- projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c Sun Mar 8 18:12:07 2020 (r358754) +++ projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c Sun Mar 8 18:12:54 2020 (r358755) @@ -33,16 +33,22 @@ __FBSDID("$FreeBSD$"); #include +#include +#include #include #include #include +#include #include #include +#include #include #include #include #include +#include + #include #include #include @@ -50,21 +56,30 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include "rpctlscd.h" #ifndef _PATH_RPCTLSCDSOCK #define _PATH_RPCTLSCDSOCK "/var/run/rpctlscd.sock" #endif +#ifndef _PATH_CERTANDKEY +#define _PATH_CERTANDKEY "/etc/rpctlscd/" +#endif -static int rpctls_debug_level; -static int rpctls_verbose; +static int rpctls_debug_level; +static bool rpctls_verbose; static int testnossl; -static SSL_CTX *rpctls_ctx = NULL; +static SSL_CTX *rpctls_ctx = NULL; +static const char *rpctls_verify_cafile = NULL; +static const char *rpctls_certdir = _PATH_CERTANDKEY; +static bool rpctls_verify = false; +static bool rpctls_comparehost = false; -static void rpctlscd_terminate(int); -static SSL_CTX *rpctls_setupcl_ssl(char *certpath); -static SSL *rpctls_connect(SSL_CTX *ctx, int s); +static void rpctlscd_terminate(int); +static SSL_CTX *rpctls_setupcl_ssl(bool cert); +static SSL *rpctls_connect(SSL_CTX *ctx, int s); +static int rpctls_checkhost(int s, X509 *cert); extern void rpctlscd_1(struct svc_req *rqstp, SVCXPRT *transp); extern int gssd_syscall(const char *path); @@ -80,26 +95,42 @@ main(int argc, char **argv) struct sockaddr_un sun; int fd, oldmask, ch; SVCXPRT *xprt; - char *certpath; + bool cert; - rpctls_verbose = 0; + rpctls_verbose = false; testnossl = 0; - certpath = NULL; - while ((ch = getopt(argc, argv, "c:dtv")) != -1) { + cert = false; + while ((ch = getopt(argc, argv, "cD:dhl:tVv")) != -1) { switch (ch) { case 'c': - certpath = optarg; + cert = true; + break; + case 'D': + rpctls_certdir = optarg; + break; case 'd': rpctls_debug_level++; break; + case 'h': + rpctls_comparehost = true; + break; + case 'l': + rpctls_verify_cafile = optarg; + break; case 't': testnossl = 1; break; + case 'V': + rpctls_verify = true; + break; case 'v': - rpctls_verbose = 1; + rpctls_verbose = true; break; default: - fprintf(stderr, "usage: %s [-d] [-v]\n", argv[0]); + fprintf(stderr, "usage: %s [-c] " + "[-D certdir] [-d] [-h] " + "[-l verify_locations_file] " + "[-V] [-v]\n", argv[0]); exit(1); break; } @@ -164,7 +195,7 @@ main(int argc, char **argv) } /* Set up the OpenSSL TSL stuff. */ - rpctls_ctx = rpctls_setupcl_ssl(certpath); + rpctls_ctx = rpctls_setupcl_ssl(cert); if (rpctls_ctx == NULL) { if (rpctls_debug_level == 0) { syslog(LOG_ERR, "Can't set up TSL context"); @@ -187,7 +218,7 @@ rpctlscd_verbose_out(const char *fmt, ...) { va_list ap; - if (rpctls_verbose != 0) { + if (rpctls_verbose) { va_start(ap, fmt); if (rpctls_debug_level == 0) vsyslog(LOG_INFO | LOG_DAEMON, fmt, ap); @@ -259,10 +290,12 @@ rpctlscd_terminate(int sig __unused) } static SSL_CTX * -rpctls_setupcl_ssl(char *certpath) +rpctls_setupcl_ssl(bool cert) { SSL_CTX *ctx; long flags; + char path[PATH_MAX]; + size_t len, rlen; int ret; OpenSSL_add_all_algorithms(); @@ -276,23 +309,56 @@ rpctls_setupcl_ssl(char *certpath) SSL_CTX_set_ecdh_auto(ctx, 1); /* - * If certpath is set, it refers to the certifcate file to be used - * during an SSL_connect(). + * If cert is true, a certificate and key exists in + * rpctls_certdir, so that it can do mutual authentication. */ - if (certpath != NULL) { - ret = SSL_CTX_use_certificate_file(ctx, certpath, + if (cert) { + /* Get the cert.pem and key.pem files. */ + len = strlcpy(path, rpctls_certdir, sizeof(path)); + rlen = sizeof(path) - len; + if (strlcpy(&path[len], "cert.pem", rlen) != 8) { + SSL_CTX_free(ctx); + return (NULL); + } + ret = SSL_CTX_use_certificate_file(ctx, path, SSL_FILETYPE_PEM); if (ret != 1) { rpctlscd_verbose_out("rpctls_setupcl_ssl: can't use " - "the certificate file %s\n", certpath); + "certificate file path=%s ret=%d\n", path, ret); SSL_CTX_free(ctx); return (NULL); } + if (strlcpy(&path[len], "key.pem", rlen) != 7) { + SSL_CTX_free(ctx); + return (NULL); + } + ret = SSL_CTX_use_PrivateKey_file(ctx, path, + SSL_FILETYPE_PEM); + if (ret != 1) { + rpctlscd_verbose_out("rpctls_setupcl_ssl: Can't use " + "private key path=%s ret=%d\n", path, ret); + SSL_CTX_free(ctx); + return (NULL); + } } + if (rpctls_verify_cafile != NULL) { + ret = SSL_CTX_load_verify_locations(ctx, + rpctls_verify_cafile, NULL); + if (ret != 1) { + rpctlscd_verbose_out("rpctls_setupcl_ssl: " + "Can't load verify locations\n"); + SSL_CTX_free(ctx); + return (NULL); + } + } /* RPC-over-TLS must use TLSv1.3. */ +#ifdef notyet flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2; +#else + flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1_3; +#endif SSL_CTX_set_options(ctx, flags); return (ctx); } @@ -303,20 +369,24 @@ rpctls_connect(SSL_CTX *ctx, int s) SSL *ssl; X509 *cert; int ret; + char *cp; ssl = SSL_new(ctx); if (ssl == NULL) { - rpctlscd_verbose_out("rpctls_connect: SSL_new failed\n"); + rpctlscd_verbose_out("rpctls_connect: " + "SSL_new failed\n"); return (NULL); } if (SSL_set_fd(ssl, s) != 1) { - rpctlscd_verbose_out("rpctls_connect: SSL_set_fd failed\n"); + rpctlscd_verbose_out("rpctls_connect: " + "SSL_set_fd failed\n"); SSL_free(ssl); return (NULL); } ret = SSL_connect(ssl); if (ret != 1) { - rpctlscd_verbose_out("rpctls_connect: SSL_connect failed %d\n", + rpctlscd_verbose_out("rpctls_connect: " + "SSL_connect failed %d\n", ret); SSL_free(ssl); return (NULL); @@ -324,13 +394,26 @@ rpctls_connect(SSL_CTX *ctx, int s) cert = SSL_get_peer_certificate(ssl); if (cert == NULL) { - rpctlscd_verbose_out("rpctls_connect: get peer certificate " - "failed\n"); + rpctlscd_verbose_out("rpctls_connect: get peer" + " certificate failed\n"); SSL_shutdown(ssl); SSL_free(ssl); return (NULL); } + cp = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); + rpctlscd_verbose_out("rpctls_connect: cert subjectName=%s\n", cp); + ret = SSL_get_verify_result(ssl); + rpctlscd_verbose_out("rpctls_connect: get " + "verify result=%d\n", ret); + if (ret == X509_V_OK && rpctls_comparehost && + rpctls_checkhost(s, cert) != 1) + ret = X509_V_ERR_HOSTNAME_MISMATCH; X509_free(cert); + if (rpctls_verify && ret != X509_V_OK) { + SSL_shutdown(ssl); + SSL_free(ssl); + return (NULL); + } #ifdef notnow ret = BIO_get_ktls_send(SSL_get_wbio(ssl)); @@ -339,5 +422,62 @@ rpctls_connect(SSL_CTX *ctx, int s) fprintf(stderr, "ktls_recv=%d\n", ret); #endif return (ssl); +} + +/* + * Check a client IP address against any host address in the + * certificate. Basically getpeername(2), getnameinfo(3) and + * X509_check_host(). + */ +static int +rpctls_checkhost(int s, X509 *cert) +{ + struct sockaddr *sad; + struct sockaddr_in *sin; + struct sockaddr_in6 *sin6; + struct sockaddr_storage ad; + char hostnam[NI_MAXHOST + 1], addrstr[INET6_ADDRSTRLEN + 1]; + const char *cp; + socklen_t slen; + int ret; + + sad = (struct sockaddr *)&ad; + slen = sizeof(ad); + if (getpeername(s, sad, &slen) < 0) + return (0); + switch (sad->sa_family) { + case AF_INET: + sin = (struct sockaddr_in *)sad; + cp = inet_ntop(sad->sa_family, &sin->sin_addr.s_addr, + addrstr, sizeof(addrstr)); + if (cp != NULL) + rpctlscd_verbose_out("rpctls_checkhost: " + "peer ip %s\n", cp); + if (getnameinfo((const struct sockaddr *)sad, + sizeof(struct sockaddr_in), hostnam, + sizeof(hostnam), NULL, 0, NI_NAMEREQD) != 0) + return (0); + break; + case AF_INET6: + sin6 = (struct sockaddr_in6 *)sad; + cp = inet_ntop(sad->sa_family, &sin6->sin6_addr, + addrstr, sizeof(addrstr)); + if (cp != NULL) + rpctlscd_verbose_out("rpctls_checkhost: " + "peer ip %s\n", cp); + if (getnameinfo((const struct sockaddr *)sad, + sizeof(struct sockaddr_in6), hostnam, + sizeof(hostnam), NULL, 0, NI_NAMEREQD) != 0) + return (0); + break; + default: + return (0); + } + rpctlscd_verbose_out("rpctls_checkhost: hostname %s\n", + hostnam); + ret = X509_check_host(cert, hostnam, strlen(hostnam), 0, NULL); + rpctlscd_verbose_out("rpctls_checkhost: X509_check_host ret=%d\n", + ret); + return (ret); } From owner-svn-src-projects@freebsd.org Sun Mar 8 18:19:09 2020 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8AA4027115E for ; Sun, 8 Mar 2020 18:19:09 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48b8kj2MHwz4mLS; Sun, 8 Mar 2020 18:19:09 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 22DF125DD8; Sun, 8 Mar 2020 18:19:09 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 028IJ9fV005641; Sun, 8 Mar 2020 18:19:09 GMT (envelope-from rmacklem@FreeBSD.org) Received: (from rmacklem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 028IJ9N2005640; Sun, 8 Mar 2020 18:19:09 GMT (envelope-from rmacklem@FreeBSD.org) Message-Id: <202003081819.028IJ9N2005640@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to rmacklem@FreeBSD.org using -f From: Rick Macklem Date: Sun, 8 Mar 2020 18:19:09 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r358760 - projects/nfs-over-tls/usr.sbin/rpctlssd X-SVN-Group: projects X-SVN-Commit-Author: rmacklem X-SVN-Commit-Paths: projects/nfs-over-tls/usr.sbin/rpctlssd X-SVN-Commit-Revision: 358760 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Mar 2020 18:19:09 -0000 Author: rmacklem Date: Sun Mar 8 18:19:08 2020 New Revision: 358760 URL: https://svnweb.freebsd.org/changeset/base/358760 Log: Add options to handle client certificates for mutual authentication. This has only been tested with certificates that are signed by a site local CA. However, I think the options will handle trusted CAs as well. To do: add support for certificate revolkation. And the man page needs to be updated for both daemons. Modified: projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Modified: projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c ============================================================================== --- projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Sun Mar 8 18:15:34 2020 (r358759) +++ projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Sun Mar 8 18:19:08 2020 (r358760) @@ -33,16 +33,22 @@ __FBSDID("$FreeBSD$"); #include +#include +#include #include #include #include +#include #include #include #include #include +#include #include #include +#include + #include #include #include @@ -50,6 +56,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include "rpctlssd.h" @@ -61,16 +68,21 @@ __FBSDID("$FreeBSD$"); #define _PATH_CERTANDKEY "/etc/rpctlssd/" #endif -static int rpctls_debug_level; -static int rpctls_verbose; +static int rpctls_debug_level; +static bool rpctls_verbose; static int testnossl; -static SSL_CTX *rpctls_ctx = NULL; -static char *rpctls_cafiles = NULL; -static char *rpctls_verify_loc = NULL; +static SSL_CTX *rpctls_ctx = NULL; +static bool rpctls_do_mutual = false; +static const char *rpctls_verify_cafile = NULL; +static const char *rpctls_client_cafiles = NULL; +static const char *rpctls_certdir = _PATH_CERTANDKEY; +static bool rpctls_comparehost = false; -static void rpctlssd_terminate(int); -static SSL_CTX *rpctls_setup_ssl(char *certdir); -static SSL *rpctls_server(SSL_CTX *ctx, int s); +static void rpctlssd_terminate(int); +static SSL_CTX *rpctls_setup_ssl(const char *certdir); +static SSL *rpctls_server(SSL_CTX *ctx, int s, + uint32_t *flags); +static int rpctls_checkhost(int s, X509 *cert); extern void rpctlssd_1(struct svc_req *rqstp, SVCXPRT *transp); extern int gssd_syscall(const char *path); @@ -88,38 +100,43 @@ main(int argc, char **argv) SVCXPRT *xprt; debug = 0; - rpctls_verbose = 0; + rpctls_verbose = false; testnossl = 0; - while ((ch = getopt(argc, argv, "c:dl:tv")) != -1) { + while ((ch = getopt(argc, argv, "C:D:dhl:mtv")) != -1) { switch (ch) { - case 'c': - rpctls_cafiles = optarg; + case 'C': + rpctls_client_cafiles = optarg; break; + case 'D': + rpctls_certdir = optarg; + break; case 'd': rpctls_debug_level++; break; + case 'h': + rpctls_comparehost = true; + break; case 'l': - rpctls_verify_loc = optarg; + rpctls_verify_cafile = optarg; break; + case 'm': + rpctls_do_mutual = true; + break; case 't': testnossl = 1; break; case 'v': - rpctls_verbose = 1; + rpctls_verbose = true; break; default: - fprintf(stderr, "usage: %s [-c ] [-d] " - "[-l ] [-v]\n", argv[0]); + fprintf(stderr, "usage: %s [-C client_calist] " + "[-D certdir] [-d] [-h] " + "[-l verify_locations_file] " + "[-m] [-v]\n", argv[0]); exit(1); break; } } - if ((rpctls_cafiles != NULL && rpctls_verify_loc == NULL) || - (rpctls_cafiles == NULL && rpctls_verify_loc != NULL)) { - fprintf(stderr, "usage: %s [-c ] [-d] " - "[-l ] [-v]\n", argv[0]); - exit(1); - } if (rpctls_debug_level == 0) { if (daemon(0, 0) != 0) @@ -179,7 +196,7 @@ main(int argc, char **argv) err(1, "Can't register service for local rpctlssd socket"); } - rpctls_ctx = rpctls_setup_ssl(_PATH_CERTANDKEY); + rpctls_ctx = rpctls_setup_ssl(rpctls_certdir); if (rpctls_ctx == NULL) { if (rpctls_debug_level == 0) { syslog(LOG_ERR, "Can't create SSL context"); @@ -202,7 +219,7 @@ rpctlssd_verbose_out(const char *fmt, ...) { va_list ap; - if (rpctls_verbose != 0) { + if (rpctls_verbose) { va_start(ap, fmt); if (rpctls_debug_level == 0) vsyslog(LOG_INFO | LOG_DAEMON, fmt, ap); @@ -221,12 +238,15 @@ rpctlssd_null_1_svc(void *argp, void *result, struct s } bool_t -rpctlssd_connect_1_svc(void *argp, void *result, struct svc_req *rqstp) +rpctlssd_connect_1_svc(void *argp, + struct rpctlssd_connect_res *result, struct svc_req *rqstp) { int s; SSL *ssl; + uint32_t flags; rpctlssd_verbose_out("rpctlsd_connect_svc: started\n"); + memset(result, 0, sizeof(*result)); /* Get the socket fd from the kernel. */ s = gssd_syscall("E"); rpctlssd_verbose_out("rpctlsd_connect_svc s=%d\n", s); @@ -235,13 +255,15 @@ rpctlssd_verbose_out("rpctlsd_connect_svc s=%d\n", s); if (testnossl == 0) { /* Do the server side of a TLS handshake. */ - ssl = rpctls_server(rpctls_ctx, s); + ssl = rpctls_server(rpctls_ctx, s, &flags); if (ssl == NULL) - rpctlssd_verbose_out("rpctlssd_connect_svc: ssl accept " - "failed\n"); - else + rpctlssd_verbose_out("rpctlssd_connect_svc: ssl " + "accept failed\n"); + else { rpctlssd_verbose_out("rpctlssd_connect_svc: " - "succeeded\n"); + "succeeded flags=0x%x\n", flags); + result->flags = flags; + } } /* Done with socket fd, so let the kernel know. */ @@ -266,8 +288,16 @@ rpctlssd_terminate(int sig __unused) exit(0); } +/* Allow the handshake to proceed. */ +static int +rpctls_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) +{ + + return (1); +} + static SSL_CTX * -rpctls_setup_ssl(char *certdir) +rpctls_setup_ssl(const char *certdir) { SSL_CTX *ctx; char path[PATH_MAX]; @@ -310,32 +340,36 @@ rpctls_setup_ssl(char *certdir) } /* Set Mutual authentication, as required. */ - if (rpctls_cafiles != NULL && rpctls_verify_loc != NULL) { - rpctlssd_verbose_out("rpctls_setup_ssl: set mutual " - "authentication cafiles=%s verf_loc=%s\n", rpctls_cafiles, - rpctls_verify_loc); - ret = SSL_CTX_load_verify_locations(ctx, rpctls_verify_loc, - NULL); - if (ret != 1) { - rpctlssd_verbose_out("rpctls_setup_ssl: Can't load " - "verify locations\n"); - SSL_CTX_free(ctx); - return (NULL); + if (rpctls_do_mutual) { + rpctlssd_verbose_out("rpctls_setup_ssl: set mutual\n"); + if (rpctls_verify_cafile != NULL) { + ret = SSL_CTX_load_verify_locations(ctx, + rpctls_verify_cafile, NULL); + if (ret != 1) { + rpctlssd_verbose_out("rpctls_setup_ssl: " + "Can't load verify locations\n"); + SSL_CTX_free(ctx); + return (NULL); + } } - SSL_CTX_set_client_CA_list(ctx, - SSL_load_client_CA_file(rpctls_cafiles)); - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | - SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); + if (rpctls_client_cafiles != NULL) + SSL_CTX_set_client_CA_list(ctx, + SSL_load_client_CA_file(rpctls_client_cafiles)); + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, + rpctls_verify_callback); } return (ctx); } static SSL * -rpctls_server(SSL_CTX *ctx, int s) +rpctls_server(SSL_CTX *ctx, int s, uint32_t *flags) { SSL *ssl; + X509 *cert; int ret; + char *cp; + *flags = 0; ssl = SSL_new(ctx); if (ssl == NULL) { rpctlssd_verbose_out("rpctls_server: SSL_new failed\n"); @@ -348,11 +382,104 @@ rpctls_server(SSL_CTX *ctx, int s) } ret = SSL_accept(ssl); if (ret != 1) { - rpctlssd_verbose_out("rpctls_server: SS_accept failed ret=%d\n", - ret); + rpctlssd_verbose_out("rpctls_server: SSL_accept " + "failed ret=%d\n", ret); SSL_free(ssl); return (NULL); } + *flags |= RPCTLS_FLAGS_HANDSHAKE; + if (rpctls_do_mutual) { + cert = SSL_get_peer_certificate(ssl); + if (cert == NULL) + rpctlssd_verbose_out("rpctls_server: " + "No peer certificate\n"); + else { + cp = X509_NAME_oneline(X509_get_subject_name(cert), + NULL, 0); + rpctlssd_verbose_out("rpctls_server: cert " + "subjectName=%s\n", cp); + *flags |= RPCTLS_FLAGS_GOTCERT; + ret = SSL_get_verify_result(ssl); + rpctlssd_verbose_out("rpctls_server: get " + "verify result=%d\n", ret); + if (ret == + X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT || + ret == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) + *flags |= RPCTLS_FLAGS_SELFSIGNED; + else if (ret == X509_V_OK) { + if (rpctls_comparehost) { + ret = rpctls_checkhost(s, cert); + if (ret != 1) { + *flags |= + RPCTLS_FLAGS_DISABLED; + rpctlssd_verbose_out( + "rpctls_server: " + "checkhost " + "failed\n"); + } + } + *flags |= RPCTLS_FLAGS_VERIFIED; + } + X509_free(cert); + } + } return (ssl); +} + +/* + * Check a client IP address against any host address in the + * certificate. Basically getpeername(2), getnameinfo(3) and + * X509_check_host(). + */ +static int +rpctls_checkhost(int s, X509 *cert) +{ + struct sockaddr *sad; + struct sockaddr_in *sin; + struct sockaddr_in6 *sin6; + struct sockaddr_storage ad; + char hostnam[NI_MAXHOST + 1], addrstr[INET6_ADDRSTRLEN + 1]; + const char *cp; + socklen_t slen; + int ret; + + sad = (struct sockaddr *)&ad; + slen = sizeof(ad); + if (getpeername(s, sad, &slen) < 0) + return (0); + switch (sad->sa_family) { + case AF_INET: + sin = (struct sockaddr_in *)sad; + cp = inet_ntop(sad->sa_family, &sin->sin_addr.s_addr, + addrstr, sizeof(addrstr)); + if (cp != NULL) + rpctlssd_verbose_out("rpctls_checkhost: " + "peer ip %s\n", cp); + if (getnameinfo((const struct sockaddr *)sad, + sizeof(struct sockaddr_in), hostnam, + sizeof(hostnam), NULL, 0, NI_NAMEREQD) != 0) + return (0); + break; + case AF_INET6: + sin6 = (struct sockaddr_in6 *)sad; + cp = inet_ntop(sad->sa_family, &sin6->sin6_addr, + addrstr, sizeof(addrstr)); + if (cp != NULL) + rpctlssd_verbose_out("rpctls_checkhost: " + "peer ip %s\n", cp); + if (getnameinfo((const struct sockaddr *)sad, + sizeof(struct sockaddr_in6), hostnam, + sizeof(hostnam), NULL, 0, NI_NAMEREQD) != 0) + return (0); + break; + default: + return (0); + } + rpctlssd_verbose_out("rpctls_checkhost: hostname %s\n", + hostnam); + ret = X509_check_host(cert, hostnam, strlen(hostnam), 0, NULL); + rpctlssd_verbose_out("rpctls_checkhost: X509_check_host ret=%d\n", + ret); + return (ret); } From owner-svn-src-projects@freebsd.org Sun Mar 8 18:24:17 2020 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0B5C0271597 for ; Sun, 8 Mar 2020 18:24:17 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48b8rc2mZnz3GBR; Sun, 8 Mar 2020 18:24:16 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 46AFE25FA9; Sun, 8 Mar 2020 18:24:16 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 028IOGM2011612; Sun, 8 Mar 2020 18:24:16 GMT (envelope-from rmacklem@FreeBSD.org) Received: (from rmacklem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 028IOFta011609; Sun, 8 Mar 2020 18:24:15 GMT (envelope-from rmacklem@FreeBSD.org) Message-Id: <202003081824.028IOFta011609@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to rmacklem@FreeBSD.org using -f From: Rick Macklem Date: Sun, 8 Mar 2020 18:24:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r358764 - in projects/nfs-over-tls/usr.sbin: rpctlscd rpctlssd X-SVN-Group: projects X-SVN-Commit-Author: rmacklem X-SVN-Commit-Paths: in projects/nfs-over-tls/usr.sbin: rpctlscd rpctlssd X-SVN-Commit-Revision: 358764 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Mar 2020 18:24:17 -0000 Author: rmacklem Date: Sun Mar 8 18:24:15 2020 New Revision: 358764 URL: https://svnweb.freebsd.org/changeset/base/358764 Log: Fix a local hack that was in the Makefiles for both rpctlscd and rpctlssd. These Makefiles still need to be updated for building without both of INET and INET6. Modified: projects/nfs-over-tls/usr.sbin/rpctlscd/Makefile projects/nfs-over-tls/usr.sbin/rpctlssd/Makefile Modified: projects/nfs-over-tls/usr.sbin/rpctlscd/Makefile ============================================================================== --- projects/nfs-over-tls/usr.sbin/rpctlscd/Makefile Sun Mar 8 18:23:41 2020 (r358763) +++ projects/nfs-over-tls/usr.sbin/rpctlscd/Makefile Sun Mar 8 18:24:15 2020 (r358764) @@ -13,7 +13,7 @@ LIBADD= ssl crypto CLEANFILES= rpctlscd_svc.c rpctlscd_xdr.c rpctlscd.h -RPCSRC= /usr/src/sys.dec13-2019/rpc/rpcsec_tls/rpctlscd.x +RPCSRC= ${SRCTOP}/sys/rpc/rpcsec_tls/rpctlscd.x RPCGEN= RPCGEN_CPP=${CPP:Q} rpcgen -L -C -M rpctlscd_svc.c: ${RPCSRC} rpctlscd.h Modified: projects/nfs-over-tls/usr.sbin/rpctlssd/Makefile ============================================================================== --- projects/nfs-over-tls/usr.sbin/rpctlssd/Makefile Sun Mar 8 18:23:41 2020 (r358763) +++ projects/nfs-over-tls/usr.sbin/rpctlssd/Makefile Sun Mar 8 18:24:15 2020 (r358764) @@ -13,7 +13,7 @@ LIBADD= ssl crypto CLEANFILES= rpctlssd_svc.c rpctlssd_xdr.c rpctlssd.h -RPCSRC= /usr/src/sys.dec13-2019/rpc/rpcsec_tls/rpctlssd.x +RPCSRC= ${SRCTOP}/sys/rpc/rpcsec_tls/rpctlssd.x RPCGEN= RPCGEN_CPP=${CPP:Q} rpcgen -L -C -M rpctlssd_svc.c: ${RPCSRC} rpctlssd.h From owner-svn-src-projects@freebsd.org Sun Mar 8 18:37:07 2020 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3A946271D0E for ; Sun, 8 Mar 2020 18:37:07 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48b97Q6r4Rz4JQ1; Sun, 8 Mar 2020 18:37:06 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9F6EE26186; Sun, 8 Mar 2020 18:37:06 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 028Ib6SE018208; Sun, 8 Mar 2020 18:37:06 GMT (envelope-from rmacklem@FreeBSD.org) Received: (from rmacklem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 028Ib4Eg018199; Sun, 8 Mar 2020 18:37:04 GMT (envelope-from rmacklem@FreeBSD.org) Message-Id: <202003081837.028Ib4Eg018199@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to rmacklem@FreeBSD.org using -f From: Rick Macklem Date: Sun, 8 Mar 2020 18:37:04 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r358765 - projects/nfs-over-tls/sys/rpc X-SVN-Group: projects X-SVN-Commit-Author: rmacklem X-SVN-Commit-Paths: projects/nfs-over-tls/sys/rpc X-SVN-Commit-Revision: 358765 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Mar 2020 18:37:07 -0000 Author: rmacklem Date: Sun Mar 8 18:37:04 2020 New Revision: 358765 URL: https://svnweb.freebsd.org/changeset/base/358765 Log: Make a bunch of changes to the kernel RPC so that it can handle reception of ext_pgs mbuf lists. jhb@ thinks this will be be needed for certain cases of the KERN_TLS. There are also some changes for handling of flags passed down from the rpctlssd daemon that indicate the results of client certificate validation. One of these flags, RPCTLS_FLAGS_DISABLE, causes all RPCs on the connection to fail with AUTH_REJECTEDCRED. The others will be used by future commits to the NFS server code to check against new export flags. There are also changes in rpcsec_tls and the nfs code to make this support work. Modified: projects/nfs-over-tls/sys/rpc/clnt.h projects/nfs-over-tls/sys/rpc/clnt_bck.c projects/nfs-over-tls/sys/rpc/clnt_vc.c projects/nfs-over-tls/sys/rpc/rpc_generic.c projects/nfs-over-tls/sys/rpc/rpcsec_tls.h projects/nfs-over-tls/sys/rpc/svc.c projects/nfs-over-tls/sys/rpc/svc.h projects/nfs-over-tls/sys/rpc/svc_auth.c projects/nfs-over-tls/sys/rpc/svc_vc.c Modified: projects/nfs-over-tls/sys/rpc/clnt.h ============================================================================== --- projects/nfs-over-tls/sys/rpc/clnt.h Sun Mar 8 18:24:15 2020 (r358764) +++ projects/nfs-over-tls/sys/rpc/clnt.h Sun Mar 8 18:37:04 2020 (r358765) @@ -120,6 +120,7 @@ struct rpc_callextra { void *rc_feedback_arg; /* argument for callback */ struct rpc_timers *rc_timers; /* optional RTT timers */ struct rpc_err rc_err; /* detailed call status */ + u_int rc_mbufoffs; /* Offset in resultsp mbuf */ }; #endif Modified: projects/nfs-over-tls/sys/rpc/clnt_bck.c ============================================================================== --- projects/nfs-over-tls/sys/rpc/clnt_bck.c Sun Mar 8 18:24:15 2020 (r358764) +++ projects/nfs-over-tls/sys/rpc/clnt_bck.c Sun Mar 8 18:37:04 2020 (r358765) @@ -61,8 +61,11 @@ __FBSDID("$FreeBSD$"); * connection provided by the client to the server. */ +#include "opt_kern_tls.h" + #include #include +#include #include #include #include @@ -84,7 +87,12 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include +#ifdef KERN_TLS +extern u_int ktls_maxlen; +#endif + struct cmessage { struct cmsghdr cmsg; struct cmsgcred cmcred; @@ -203,7 +211,8 @@ clnt_bck_call( uint32_t xid; struct mbuf *mreq = NULL, *results; struct ct_request *cr; - int error; + int error, maxextsiz; + uint32_t junk; cr = malloc(sizeof(struct ct_request), M_RPC, M_WAITOK); @@ -296,6 +305,18 @@ call_again: TAILQ_INSERT_TAIL(&ct->ct_pending, cr, cr_link); mtx_unlock(&ct->ct_lock); + /* For RPC-over-TLS, copy mrep to a chain of ext_pgs. */ + if ((xprt->xp_tls & RPCTLS_FLAGS_HANDSHAKE) != 0) { + /* + * Copy the mbuf chain to a chain of + * ext_pgs mbuf(s) as required by KERN_TLS. + */ + maxextsiz = TLS_MAX_MSG_SIZE_V10_2; +#ifdef KERN_TLS + maxextsiz = min(maxextsiz, ktls_maxlen); +#endif + mreq = _rpc_copym_into_ext_pgs(mreq, maxextsiz); + } /* * sosend consumes mreq. */ @@ -403,7 +424,9 @@ got_reply: ext->rc_feedback(FEEDBACK_OK, proc, ext->rc_feedback_arg); xdrmbuf_create(&xdrs, cr->cr_mrep, XDR_DECODE); - ok = xdr_replymsg(&xdrs, &reply_msg); + ok = xdr_uint32_t(&xdrs, &junk); + if (ok) + ok = xdr_replymsg(&xdrs, &reply_msg); cr->cr_mrep = NULL; if (ok) { @@ -422,6 +445,14 @@ got_reply: } else { KASSERT(results, ("auth validated but no result")); + if (ext) { + if ((results->m_flags & M_NOMAP) != + 0) + ext->rc_mbufoffs = + xdrs.x_handy; + else + ext->rc_mbufoffs = 0; + } *resultsp = results; } } /* end successful completion */ Modified: projects/nfs-over-tls/sys/rpc/clnt_vc.c ============================================================================== --- projects/nfs-over-tls/sys/rpc/clnt_vc.c Sun Mar 8 18:24:15 2020 (r358764) +++ projects/nfs-over-tls/sys/rpc/clnt_vc.c Sun Mar 8 18:37:04 2020 (r358765) @@ -84,6 +84,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #ifdef KERN_TLS extern u_int ktls_maxlen; @@ -532,6 +533,19 @@ got_reply: if (ext && ext->rc_feedback) ext->rc_feedback(FEEDBACK_OK, proc, ext->rc_feedback_arg); +#ifdef notnow +{ struct mbuf *m, *m2; +int txxxx; +if (cr->cr_mrep != NULL) { +txxxx = m_length(cr->cr_mrep, NULL); +if (txxxx > 0) { +m = mb_copym_ext_pgs(cr->cr_mrep, txxxx, 16384, M_WAITOK, + false, mb_free_mext_pgs, &m2); +m2 = cr->cr_mrep; +cr->cr_mrep = m; +m_freem(m2); +} } } +#endif xdrmbuf_create(&xdrs, cr->cr_mrep, XDR_DECODE); ok = xdr_replymsg(&xdrs, &reply_msg); cr->cr_mrep = NULL; @@ -553,6 +567,14 @@ got_reply: } else { KASSERT(results, ("auth validated but no result")); + if (ext) { + if ((results->m_flags & M_NOMAP) != + 0) + ext->rc_mbufoffs = + xdrs.x_handy; + else + ext->rc_mbufoffs = 0; + } *resultsp = results; } } /* end successful completion */ @@ -749,8 +771,9 @@ clnt_vc_control(CLIENT *cl, u_int request, void *info) if (ct->ct_backchannelxprt == NULL) { xprt->xp_p2 = ct; if (ct->ct_tls) - xprt->xp_tls = TRUE; + xprt->xp_tls = RPCTLS_FLAGS_HANDSHAKE; ct->ct_backchannelxprt = xprt; +printf("backch tls=0x%x xprt=%p\n", xprt->xp_tls, xprt); } break; @@ -1032,9 +1055,11 @@ clnt_vc_soupcall(struct socket *so, void *arg, int wai ntohl(xid_plus_direction[1]); /* Check message direction. */ if (xid_plus_direction[1] == CALL) { +printf("Got backchannel callback\n"); /* This is a backchannel request. */ mtx_lock(&ct->ct_lock); xprt = ct->ct_backchannelxprt; +printf("backxprt=%p\n", xprt); if (xprt == NULL) { mtx_unlock(&ct->ct_lock); /* Just throw it away. */ Modified: projects/nfs-over-tls/sys/rpc/rpc_generic.c ============================================================================== --- projects/nfs-over-tls/sys/rpc/rpc_generic.c Sun Mar 8 18:24:15 2020 (r358764) +++ projects/nfs-over-tls/sys/rpc/rpc_generic.c Sun Mar 8 18:37:04 2020 (r358765) @@ -904,8 +904,7 @@ _rpc_copym_into_ext_pgs(struct mbuf *mp, int maxextsiz tlen = mp->m_len; m2 = mp; for (m = mp->m_next; m != NULL; m = m->m_next) { - if ((m->m_flags & (M_EXT | M_NOMAP)) == - (M_EXT | M_NOMAP)) + if ((m->m_flags & M_NOMAP) != 0) break; tlen += m->m_len; m2 = m; Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls.h ============================================================================== --- projects/nfs-over-tls/sys/rpc/rpcsec_tls.h Sun Mar 8 18:24:15 2020 (r358764) +++ projects/nfs-over-tls/sys/rpc/rpcsec_tls.h Sun Mar 8 18:37:04 2020 (r358765) @@ -35,10 +35,16 @@ #define RPCTLS_SYSC_CONNECT 2 #define RPCTLS_SYSC_SERVER 3 +/* Flag bits to indicate certificate results. */ +#define RPCTLS_FLAGS_HANDSHAKE 0x01 +#define RPCTLS_FLAGS_GOTCERT 0x02 +#define RPCTLS_FLAGS_SELFSIGNED 0x04 +#define RPCTLS_FLAGS_VERIFIED 0x08 +#define RPCTLS_FLAGS_DISABLED 0x10 + #ifdef _KERNEL /* Functions that perform upcalls to the rpctlsd daemon. */ enum clnt_stat rpctls_connect(CLIENT *newclient, struct socket *so); -enum clnt_stat rpctls_server(struct socket *so); /* String for AUTH_TLS reply verifier. */ #define RPCTLS_START_STRING "STARTTLS" Modified: projects/nfs-over-tls/sys/rpc/svc.c ============================================================================== --- projects/nfs-over-tls/sys/rpc/svc.c Sun Mar 8 18:24:15 2020 (r358764) +++ projects/nfs-over-tls/sys/rpc/svc.c Sun Mar 8 18:37:04 2020 (r358765) @@ -670,10 +670,13 @@ svc_sendreply_common(struct svc_req *rqstp, struct rpc replay_setreply(xprt->xp_pool->sp_rcache, rply, svc_getrpccaller(rqstp), body); +printf("sendreply_common\n"); if (!SVCAUTH_WRAP(&rqstp->rq_auth, &body)) return (FALSE); +printf("at SVC_REPLY\n"); ok = SVC_REPLY(xprt, rply, rqstp->rq_addr, body, &rqstp->rq_reply_seq); +printf("aft SVC_REPLY ok=%d\n", ok); if (rqstp->rq_addr) { free(rqstp->rq_addr, M_SONAME); rqstp->rq_addr = NULL; @@ -814,6 +817,7 @@ svcerr_auth(struct svc_req *rqstp, enum auth_stat why) if (xprt->xp_pool->sp_rcache) replay_setreply(xprt->xp_pool->sp_rcache, &rply, svc_getrpccaller(rqstp), NULL); +printf("SVC SENDAUTHERR\n"); svc_sendreply_common(rqstp, &rply, NULL); } @@ -976,6 +980,7 @@ svc_getreq(SVCXPRT *xprt, struct svc_req **rqstp_ret) * should not be dispatched to the * application. */ +printf("AUTH FAILED=%d\n", why); if (why != RPCSEC_GSS_NODISPATCH) svcerr_auth(r, why); goto call_done; Modified: projects/nfs-over-tls/sys/rpc/svc.h ============================================================================== --- projects/nfs-over-tls/sys/rpc/svc.h Sun Mar 8 18:24:15 2020 (r358764) +++ projects/nfs-over-tls/sys/rpc/svc.h Sun Mar 8 18:37:04 2020 (r358765) @@ -175,7 +175,9 @@ typedef struct __rpc_svcxprt { int xp_upcallset; /* socket upcall is set up */ uint32_t xp_snd_cnt; /* # of bytes to send to socket */ uint32_t xp_snt_cnt; /* # of bytes sent to socket */ + u_int xp_mbufoffs; /* Offset into ext_pgs mbuf */ bool_t xp_dontrcv; /* Do not receive on the socket */ + uint32_t xp_tls; /* RPC-over-TLS on socket */ #else int xp_fd; u_short xp_port; /* associated port number */ Modified: projects/nfs-over-tls/sys/rpc/svc_auth.c ============================================================================== --- projects/nfs-over-tls/sys/rpc/svc_auth.c Sun Mar 8 18:24:15 2020 (r358764) +++ projects/nfs-over-tls/sys/rpc/svc_auth.c Sun Mar 8 18:37:04 2020 (r358765) @@ -53,6 +53,7 @@ __FBSDID("$FreeBSD$"); #include #include +#include static enum auth_stat (*_svcauth_rpcsec_gss)(struct svc_req *, struct rpc_msg *) = NULL; @@ -94,12 +95,18 @@ _authenticate(struct svc_req *rqst, struct rpc_msg *ms dummy = _svcauth_null(rqst, msg); return (dummy); case AUTH_SYS: + if ((rqst->rq_xprt->xp_tls & RPCTLS_FLAGS_DISABLED) != 0) + return (AUTH_REJECTEDCRED); dummy = _svcauth_unix(rqst, msg); return (dummy); case AUTH_SHORT: + if ((rqst->rq_xprt->xp_tls & RPCTLS_FLAGS_DISABLED) != 0) + return (AUTH_REJECTEDCRED); dummy = _svcauth_short(rqst, msg); return (dummy); case RPCSEC_GSS: + if ((rqst->rq_xprt->xp_tls & RPCTLS_FLAGS_DISABLED) != 0) + return (AUTH_REJECTEDCRED); if (!_svcauth_rpcsec_gss) return (AUTH_REJECTEDCRED); dummy = _svcauth_rpcsec_gss(rqst, msg); Modified: projects/nfs-over-tls/sys/rpc/svc_vc.c ============================================================================== --- projects/nfs-over-tls/sys/rpc/svc_vc.c Sun Mar 8 18:24:15 2020 (r358764) +++ projects/nfs-over-tls/sys/rpc/svc_vc.c Sun Mar 8 18:37:04 2020 (r358765) @@ -45,10 +45,13 @@ __FBSDID("$FreeBSD$"); * and a record/tcp stream. */ +#include "opt_kern_tls.h" + #include #include #include #include +#include #include #include #include @@ -66,12 +69,17 @@ __FBSDID("$FreeBSD$"); #include #include +#include #include #include #include +#ifdef KERN_TLS +extern u_int ktls_maxlen; +#endif + static bool_t svc_vc_rendezvous_recv(SVCXPRT *, struct rpc_msg *, struct sockaddr **, struct mbuf **); static enum xprt_stat svc_vc_rendezvous_stat(SVCXPRT *); @@ -581,6 +589,30 @@ svc_vc_process_pending(SVCXPRT *xprt) struct socket *so = xprt->xp_socket; struct mbuf *m; +{ struct mbuf *m1, *m2, *m3, *m4; + int txxxx; + m3 = cd->mpending; + m4 = NULL; + while (m3 != NULL && (m3->m_flags & M_NOMAP) != 0) { + m4 = m3; + m3 = m3->m_next; + } + if (m3 != NULL) { + txxxx = m_length(m3, NULL); + if (txxxx > 0) { + m1 = mb_copym_ext_pgs(m3, txxxx, 16384, M_WAITOK, + false, mb_free_mext_pgs, &m2); + if (m4 != NULL) { + m4->m_next = m1; + m_freem(m3); + } else { + m2 = cd->mpending; + cd->mpending = m1; + m_freem(m2); + } + } + } +} /* * If cd->resid is non-zero, we have part of the * record already, otherwise we are expecting a record @@ -610,7 +642,7 @@ svc_vc_process_pending(SVCXPRT *xprt) header = ntohl(header); cd->eor = (header & 0x80000000) != 0; cd->resid = header & 0x7fffffff; - m_adj(cd->mpending, sizeof(uint32_t)); + cd->resid += sizeof(uint32_t); } /* @@ -623,10 +655,14 @@ svc_vc_process_pending(SVCXPRT *xprt) while (cd->mpending && cd->resid) { m = cd->mpending; if (cd->mpending->m_next - || cd->mpending->m_len > cd->resid) - cd->mpending = m_split(cd->mpending, - cd->resid, M_WAITOK); - else + || cd->mpending->m_len > cd->resid) { + if ((cd->mpending->m_flags & M_NOMAP) != 0) + cd->mpending = mb_splitatpos_ext( + cd->mpending, cd->resid, M_WAITOK); + else + cd->mpending = m_split(cd->mpending, + cd->resid, M_WAITOK); + } else cd->mpending = NULL; if (cd->mreq) m_last(cd->mreq)->m_next = m; @@ -660,7 +696,7 @@ svc_vc_recv(SVCXPRT *xprt, struct rpc_msg *msg, struct socket* so = xprt->xp_socket; XDR xdrs; int error, rcvflag; - uint32_t xid_plus_direction[2]; + uint32_t xid_plus_direction[3], junk; /* * Serialise access to the socket and our own record parsing @@ -691,15 +727,15 @@ svc_vc_recv(SVCXPRT *xprt, struct rpc_msg *msg, m_copydata(cd->mreq, 0, sizeof(xid_plus_direction), (char *)xid_plus_direction); - xid_plus_direction[0] = - ntohl(xid_plus_direction[0]); xid_plus_direction[1] = ntohl(xid_plus_direction[1]); + xid_plus_direction[2] = + ntohl(xid_plus_direction[2]); /* Check message direction. */ - if (xid_plus_direction[1] == REPLY) { + if (xid_plus_direction[2] == REPLY) { clnt_bck_svccall(xprt->xp_p2, cd->mreq, - xid_plus_direction[0]); + xid_plus_direction[1]); cd->mreq = NULL; continue; } @@ -719,13 +755,18 @@ svc_vc_recv(SVCXPRT *xprt, struct rpc_msg *msg, sx_xunlock(&xprt->xp_lock); - if (! xdr_callmsg(&xdrs, msg)) { + if (! xdr_uint32_t(&xdrs, &junk) || + ! xdr_callmsg(&xdrs, msg)) { XDR_DESTROY(&xdrs); return (FALSE); } *addrp = NULL; *mp = xdrmbuf_getall(&xdrs); + if (((*mp)->m_flags & M_NOMAP) != 0) + xprt->xp_mbufoffs = xdrs.x_handy; + else + xprt->xp_mbufoffs = 0; XDR_DESTROY(&xdrs); return (TRUE); @@ -827,13 +868,31 @@ svc_vc_backchannel_recv(SVCXPRT *xprt, struct rpc_msg mtx_unlock(&ct->ct_lock); sx_xunlock(&xprt->xp_lock); +printf("recv backch m=%p\n", m); +{ struct mbuf *m1, *m2; +int txxxx; +if (m != NULL) { +txxxx = m_length(m, NULL); +if (txxxx > 0) { +m1 = mb_copym_ext_pgs(m, txxxx, 16384, M_WAITOK, + false, mb_free_mext_pgs, &m2); +m2 = m; +m = m1; +m_freem(m2); +} } } xdrmbuf_create(&xdrs, m, XDR_DECODE); if (! xdr_callmsg(&xdrs, msg)) { +printf("recv backch callmsg failed\n"); XDR_DESTROY(&xdrs); return (FALSE); } *addrp = NULL; *mp = xdrmbuf_getall(&xdrs); + if (((*mp)->m_flags & M_NOMAP) != 0) + xprt->xp_mbufoffs = xdrs.x_handy; + else + xprt->xp_mbufoffs = 0; +printf("backch offs=%d\n", xprt->xp_mbufoffs); XDR_DESTROY(&xdrs); return (TRUE); } @@ -845,7 +904,7 @@ svc_vc_reply(SVCXPRT *xprt, struct rpc_msg *msg, XDR xdrs; struct mbuf *mrep; bool_t stat = TRUE; - int error, len; + int error, len, maxextsiz; /* * Leave space for record mark. @@ -875,7 +934,23 @@ svc_vc_reply(SVCXPRT *xprt, struct rpc_msg *msg, len = mrep->m_pkthdr.len; *mtod(mrep, uint32_t *) = htonl(0x80000000 | (len - sizeof(uint32_t))); + + /* For RPC-over-TLS, copy mrep to a chain of ext_pgs. */ + if ((xprt->xp_tls & RPCTLS_FLAGS_HANDSHAKE) != 0) { + /* + * Copy the mbuf chain to a chain of + * ext_pgs mbuf(s) as required by KERN_TLS. + */ + maxextsiz = TLS_MAX_MSG_SIZE_V10_2; +#ifdef KERN_TLS + maxextsiz = min(maxextsiz, ktls_maxlen); +#endif + mrep = _rpc_copym_into_ext_pgs(mrep, maxextsiz); + } atomic_add_32(&xprt->xp_snd_cnt, len); + /* + * sosend consumes mreq. + */ error = sosend(xprt->xp_socket, NULL, NULL, mrep, NULL, 0, curthread); if (!error) { @@ -902,7 +977,7 @@ svc_vc_backchannel_reply(SVCXPRT *xprt, struct rpc_msg XDR xdrs; struct mbuf *mrep; bool_t stat = TRUE; - int error; + int error, maxextsiz; /* * Leave space for record mark. @@ -932,6 +1007,19 @@ svc_vc_backchannel_reply(SVCXPRT *xprt, struct rpc_msg *mtod(mrep, uint32_t *) = htonl(0x80000000 | (mrep->m_pkthdr.len - sizeof(uint32_t))); + + /* For RPC-over-TLS, copy mrep to a chain of ext_pgs. */ + if ((xprt->xp_tls & RPCTLS_FLAGS_HANDSHAKE) != 0) { + /* + * Copy the mbuf chain to a chain of + * ext_pgs mbuf(s) as required by KERN_TLS. + */ + maxextsiz = TLS_MAX_MSG_SIZE_V10_2; +#ifdef KERN_TLS + maxextsiz = min(maxextsiz, ktls_maxlen); +#endif + mrep = _rpc_copym_into_ext_pgs(mrep, maxextsiz); + } sx_xlock(&xprt->xp_lock); ct = (struct ct_data *)xprt->xp_p2; if (ct != NULL) From owner-svn-src-projects@freebsd.org Sun Mar 8 18:45:50 2020 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5675D27218D for ; Sun, 8 Mar 2020 18:45:50 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48b9KT6GRlz3CYd; Sun, 8 Mar 2020 18:45:49 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8AAA726379; Sun, 8 Mar 2020 18:45:49 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 028IjnLg024506; Sun, 8 Mar 2020 18:45:49 GMT (envelope-from rmacklem@FreeBSD.org) Received: (from rmacklem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 028Ijmxm024502; Sun, 8 Mar 2020 18:45:48 GMT (envelope-from rmacklem@FreeBSD.org) Message-Id: <202003081845.028Ijmxm024502@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to rmacklem@FreeBSD.org using -f From: Rick Macklem Date: Sun, 8 Mar 2020 18:45:48 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r358766 - projects/nfs-over-tls/sys/rpc/rpcsec_tls X-SVN-Group: projects X-SVN-Commit-Author: rmacklem X-SVN-Commit-Paths: projects/nfs-over-tls/sys/rpc/rpcsec_tls X-SVN-Commit-Revision: 358766 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Mar 2020 18:45:50 -0000 Author: rmacklem Date: Sun Mar 8 18:45:48 2020 New Revision: 358766 URL: https://svnweb.freebsd.org/changeset/base/358766 Log: Add support for the RPCTLS_FLAGS_xxx flags that indicate results of client certificates being replied into the kernel by the rpctlssd daemon. Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctlscd.x projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctlssd.x Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c ============================================================================== --- projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c Sun Mar 8 18:37:04 2020 (r358765) +++ projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c Sun Mar 8 18:45:48 2020 (r358766) @@ -93,6 +93,8 @@ static struct opaque_auth rpctls_null_verf; static CLIENT *rpctls_connect_client(void); static CLIENT *rpctls_server_client(void); +static enum clnt_stat rpctls_server(struct socket *so, + uint32_t *flags); static void rpctls_init(void *dummy) @@ -425,11 +427,12 @@ printf("aft wakeup\n"); } /* Do an upcall for a new server socket using TLS. */ -enum clnt_stat -rpctls_server(struct socket *so) +static enum clnt_stat +rpctls_server(struct socket *so, uint32_t *flags) { enum clnt_stat stat; CLIENT *cl; + struct rpctlssd_connect_res res; static bool rpctls_server_busy = false; printf("In rpctls_server\n"); @@ -449,8 +452,10 @@ printf("server_client=%p\n", cl); printf("rpctls_conect so=%p\n", so); /* Do the server upcall. */ - stat = rpctlssd_connect_1(NULL, NULL, cl); -printf("aft server upcall=%d\n", stat); + stat = rpctlssd_connect_1(NULL, &res, cl); + if (stat == RPC_SUCCESS) + *flags = res.flags; +printf("aft server upcall stat=%d flags=0x%x\n", stat, res.flags); CLNT_RELEASE(cl); /* Once the upcall is done, the daemon is done with the fp and so. */ @@ -477,6 +482,7 @@ _svcauth_rpcsec_tls(struct svc_req *rqst, struct rpc_m bool_t call_stat; enum clnt_stat stat; SVCXPRT *xprt; + uint32_t flags; /* Initialize reply. */ rqst->rq_verf = rpctls_null_verf; @@ -523,19 +529,17 @@ printf("authtls: null reply=%d\n", call_stat); } /* Do an upcall to do the TLS handshake. */ - stat = rpctls_server(rqst->rq_xprt->xp_socket); + stat = rpctls_server(rqst->rq_xprt->xp_socket, &flags); /* Re-enable reception on the socket within the krpc. */ sx_xlock(&xprt->xp_lock); xprt->xp_dontrcv = FALSE; if (stat == RPC_SUCCESS) - xprt->xp_tls = TRUE; + xprt->xp_tls = flags; sx_xunlock(&xprt->xp_lock); xprt_active(xprt); /* Harmless if already active. */ printf("authtls: aft handshake stat=%d\n", stat); - if (stat != RPC_SUCCESS) - return (AUTH_REJECTEDCRED); return (RPCSEC_GSS_NODISPATCH); } Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctlscd.x ============================================================================== --- projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctlscd.x Sun Mar 8 18:37:04 2020 (r358765) +++ projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctlscd.x Sun Mar 8 18:45:48 2020 (r358766) @@ -25,9 +25,9 @@ * SUCH DAMAGE. */ -/* Modified from gssd.x for the client side of RPC-over-TLS. */ - /* $FreeBSD$ */ + +/* Modified from gssd.x for the client side of RPC-over-TLS. */ program RPCTLSCD { version RPCTLSCDVERS { Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctlssd.x ============================================================================== --- projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctlssd.x Sun Mar 8 18:37:04 2020 (r358765) +++ projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctlssd.x Sun Mar 8 18:45:48 2020 (r358766) @@ -25,14 +25,19 @@ * SUCH DAMAGE. */ +/* $FreeBSD$ */ + /* Modified from gssd.x for the server side of RPC-over-TLS. */ -/* $FreeBSD$ */ +struct rpctlssd_connect_res { + uint32_t flags; +}; program RPCTLSSD { version RPCTLSSDVERS { void RPCTLSSD_NULL(void) = 0; - void RPCTLSSD_CONNECT(void) = 1; + rpctlssd_connect_res + RPCTLSSD_CONNECT(void) = 1; } = 1; } = 0x40677375; From owner-svn-src-projects@freebsd.org Sun Mar 8 18:52:06 2020 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0D0DC2724C3 for ; Sun, 8 Mar 2020 18:52:06 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48b9Sj5zDsz40S9; Sun, 8 Mar 2020 18:52:05 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 836B126517; Sun, 8 Mar 2020 18:52:05 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 028Iq5gV030145; Sun, 8 Mar 2020 18:52:05 GMT (envelope-from rmacklem@FreeBSD.org) Received: (from rmacklem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 028Iq5GA030143; Sun, 8 Mar 2020 18:52:05 GMT (envelope-from rmacklem@FreeBSD.org) Message-Id: <202003081852.028Iq5GA030143@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to rmacklem@FreeBSD.org using -f From: Rick Macklem Date: Sun, 8 Mar 2020 18:52:05 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r358768 - in projects/nfs-over-tls/sys: kern sys X-SVN-Group: projects X-SVN-Commit-Author: rmacklem X-SVN-Commit-Paths: in projects/nfs-over-tls/sys: kern sys X-SVN-Commit-Revision: 358768 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Mar 2020 18:52:06 -0000 Author: rmacklem Date: Sun Mar 8 18:52:04 2020 New Revision: 358768 URL: https://svnweb.freebsd.org/changeset/base/358768 Log: Add mb_splitatpos_extpgs() to kern_mbuf.c. It is similar to m_split(), but handles ext_pgs mbufs with anonymous pages. It does not duplicate the m_pkthdr mbuf, since that could result in an mbuf with m_len == 0 and npgs == 0, which does not seem to be allowed by certain sanity checks on ext_pgs mbuf chains. For my uses, I do not need an m_pkthdr mbuf. Modified: projects/nfs-over-tls/sys/kern/kern_mbuf.c projects/nfs-over-tls/sys/sys/mbuf.h Modified: projects/nfs-over-tls/sys/kern/kern_mbuf.c ============================================================================== --- projects/nfs-over-tls/sys/kern/kern_mbuf.c Sun Mar 8 18:48:01 2020 (r358767) +++ projects/nfs-over-tls/sys/kern/kern_mbuf.c Sun Mar 8 18:52:04 2020 (r358768) @@ -1679,6 +1679,8 @@ mb_copym_ext_pgs(struct mbuf *mp, int len, int mlen, i m_freem(mout); return (NULL); } + KASSERT((mp->m_flags & M_NOMAP) == 0, + ("mb_copym_ext_pgs: ext_pgs input mbuf")); mbpos = mtod(mp, char *); mblen = mp->m_len; mp = mp->m_next; @@ -1696,4 +1698,120 @@ mb_copym_ext_pgs(struct mbuf *mp, int len, int mlen, i if (mlast != NULL) *mlast = m; return (mout); +} + +/* + * Split an ext_pgs mbuf list into two lists at len bytes. + * Similar to m_split(), but for ext_pgs mbufs with + * anonymous pages. + */ +struct mbuf * +mb_splitatpos_ext(struct mbuf *m0, int len, int how) +{ + struct mbuf *m, *mp; + struct mbuf_ext_pgs *pgs, *pgs0; + vm_page_t pg; + int i, j, left, pgno, plen, trim; + char *cp, *cp0; + + /* Nothing to do. */ + if (len == 0) + return (NULL); + + /* Find the correct mbuf to split at. */ + for (mp = m0; mp != NULL && len > mp->m_len; mp = mp->m_next) + len -= mp->m_len; + if (mp == NULL) + return (NULL); + + /* If len == mp->m_len, we can just split the mbuf list. */ + if (len == mp->m_len) { + m = mp->m_next; + mp->m_next = NULL; + return (m); + } + + /* Find the page to split at. */ + KASSERT((mp->m_flags & (M_EXT | M_NOMAP)) == + (M_EXT | M_NOMAP), + ("mb_splitatpos_ext: m0 not ext_pgs")); + pgs = mp->m_ext.ext_pgs; + KASSERT((pgs->flags & MBUF_PEXT_FLAG_ANON) != 0, + ("mb_splitatpos_ext: not anonymous pages")); + pgno = 0; + left = len; + do { + if (pgno == 0) + plen = mbuf_ext_pg_len(pgs, 0, + pgs->first_pg_off); + else + plen = mbuf_ext_pg_len(pgs, pgno, 0); + if (left <= plen) + break; + left -= plen; + pgno++; + } while (pgno < pgs->npgs); + if (pgno == pgs->npgs) + panic("mb_splitatpos_ext"); + mp->m_len = len; + + m = mb_alloc_ext_pgs(how, false, mb_free_mext_pgs); + if (m == NULL) + return (NULL); + pgs0 = m->m_ext.ext_pgs; + pgs0->flags |= MBUF_PEXT_FLAG_ANON; + + /* + * If left < plen, allocate a new page for the new mbuf + * and copy the data after left in the page to this new + * page. + */ + if (left < plen) { + do { + pg = vm_page_alloc(NULL, 0, VM_ALLOC_NORMAL | + VM_ALLOC_NOOBJ | VM_ALLOC_NODUMP | + VM_ALLOC_WIRED); + if (pg == NULL) { + if (how == M_NOWAIT) { + m_free(m); + return (NULL); + } + vm_wait(NULL); + } + } while (pg == NULL); + pgs0->pa[0] = VM_PAGE_TO_PHYS(pg); + pgs0->npgs++; + trim = plen - left; + cp = (char *)(void *)PHYS_TO_DMAP(pgs->pa[pgno]); + cp0 = (char *)(void *)PHYS_TO_DMAP(pgs0->pa[0]); + if (pgno == 0) + cp += pgs->first_pg_off; + cp += left; + if (pgno == pgs->npgs - 1) + pgs0->last_pg_len = trim; + else { + pgs0->last_pg_len = pgs->last_pg_len; + pgs0->first_pg_off = PAGE_SIZE - trim; + cp0 += PAGE_SIZE - trim; + } + memcpy(cp0, cp, trim); + m->m_len = trim; + } else + pgs0->last_pg_len = pgs->last_pg_len; + + /* Move the pages beyond pgno to the new mbuf. */ + for (i = pgno + 1, j = pgs0->npgs; i < pgs->npgs; i++, j++) { + pgs0->pa[j] = pgs->pa[i]; + /* Never moves page 0. */ + m->m_len += mbuf_ext_pg_len(pgs, i, 0); + } + pgs0->npgs = j; + pgs->npgs = pgno + 1; + + /* Can now update pgs->last_pg_len. */ + pgs->last_pg_len = left; + + m->m_next = mp->m_next; + mp->m_next = NULL; + return (m); } Modified: projects/nfs-over-tls/sys/sys/mbuf.h ============================================================================== --- projects/nfs-over-tls/sys/sys/mbuf.h Sun Mar 8 18:48:01 2020 (r358767) +++ projects/nfs-over-tls/sys/sys/mbuf.h Sun Mar 8 18:52:04 2020 (r358768) @@ -703,6 +703,7 @@ struct mbuf *mb_alloc_ext_pgs(int, bool, m_ext_free_t) struct mbuf *mb_alloc_ext_plus_pages(int, int, bool, m_ext_free_t); struct mbuf *mb_copym_ext_pgs(struct mbuf *, int, int, int, bool, m_ext_free_t, struct mbuf **); +struct mbuf *mb_splitatpos_ext(struct mbuf *, int, int); int mb_unmapped_compress(struct mbuf *m); struct mbuf *mb_unmapped_to_ext(struct mbuf *m); void mb_free_notready(struct mbuf *m, int count); From owner-svn-src-projects@freebsd.org Sun Mar 8 18:55:00 2020 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1F49927259F for ; Sun, 8 Mar 2020 18:55:00 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48b9X34g0Lz47Mj; Sun, 8 Mar 2020 18:54:59 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 734B526549; Sun, 8 Mar 2020 18:54:59 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 028Isx1v030308; Sun, 8 Mar 2020 18:54:59 GMT (envelope-from rmacklem@FreeBSD.org) Received: (from rmacklem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 028Isx6X030307; Sun, 8 Mar 2020 18:54:59 GMT (envelope-from rmacklem@FreeBSD.org) Message-Id: <202003081854.028Isx6X030307@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to rmacklem@FreeBSD.org using -f From: Rick Macklem Date: Sun, 8 Mar 2020 18:54:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r358769 - projects/nfs-over-tls/sys/kern X-SVN-Group: projects X-SVN-Commit-Author: rmacklem X-SVN-Commit-Paths: projects/nfs-over-tls/sys/kern X-SVN-Commit-Revision: 358769 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Mar 2020 18:55:00 -0000 Author: rmacklem Date: Sun Mar 8 18:54:59 2020 New Revision: 358769 URL: https://svnweb.freebsd.org/changeset/base/358769 Log: Expose ktls_maxlen so that the kernel RPC over TLS code can access it. Maybe this should be a simple accessor function that returns the maximum length of a KERN_TLS application data segment, instead of duplicating the calculation in the kernel RPC code. Modified: projects/nfs-over-tls/sys/kern/uipc_ktls.c Modified: projects/nfs-over-tls/sys/kern/uipc_ktls.c ============================================================================== --- projects/nfs-over-tls/sys/kern/uipc_ktls.c Sun Mar 8 18:52:04 2020 (r358768) +++ projects/nfs-over-tls/sys/kern/uipc_ktls.c Sun Mar 8 18:54:59 2020 (r358769) @@ -105,7 +105,7 @@ SYSCTL_INT(_kern_ipc_tls, OID_AUTO, bind_threads, CTLF &ktls_bind_threads, 0, "Bind crypto threads to cores or domains at boot"); -static u_int ktls_maxlen = 16384; +u_int ktls_maxlen = 16384; SYSCTL_UINT(_kern_ipc_tls, OID_AUTO, maxlen, CTLFLAG_RWTUN, &ktls_maxlen, 0, "Maximum TLS record size"); From owner-svn-src-projects@freebsd.org Sun Mar 8 19:02:31 2020 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D81832728A2 for ; Sun, 8 Mar 2020 19:02:31 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48b9hl6BZDz4NMm; Sun, 8 Mar 2020 19:02:31 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CF16826734; Sun, 8 Mar 2020 19:02:31 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 028J2VLF036169; Sun, 8 Mar 2020 19:02:31 GMT (envelope-from rmacklem@FreeBSD.org) Received: (from rmacklem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 028J2VPG036166; Sun, 8 Mar 2020 19:02:31 GMT (envelope-from rmacklem@FreeBSD.org) Message-Id: <202003081902.028J2VPG036166@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to rmacklem@FreeBSD.org using -f From: Rick Macklem Date: Sun, 8 Mar 2020 19:02:31 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r358770 - projects/nfs-over-tls/sys/fs/nfs X-SVN-Group: projects X-SVN-Commit-Author: rmacklem X-SVN-Commit-Paths: projects/nfs-over-tls/sys/fs/nfs X-SVN-Commit-Revision: 358770 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Mar 2020 19:02:31 -0000 Author: rmacklem Date: Sun Mar 8 19:02:30 2020 New Revision: 358770 URL: https://svnweb.freebsd.org/changeset/base/358770 Log: Add support for reception of ext_pgs mbuf chains to the common NFS code. Also, simplify the check for ext_pgs mbufs to just test for M_NOMAP. Get rid of a couple of functions that are no longer needed. And fix newnfs_realign() so that it works for ext_pgs mbufs. Modified: projects/nfs-over-tls/sys/fs/nfs/nfs_commonkrpc.c projects/nfs-over-tls/sys/fs/nfs/nfs_commonport.c projects/nfs-over-tls/sys/fs/nfs/nfs_commonsubs.c projects/nfs-over-tls/sys/fs/nfs/nfs_var.h Modified: projects/nfs-over-tls/sys/fs/nfs/nfs_commonkrpc.c ============================================================================== --- projects/nfs-over-tls/sys/fs/nfs/nfs_commonkrpc.c Sun Mar 8 18:54:59 2020 (r358769) +++ projects/nfs-over-tls/sys/fs/nfs/nfs_commonkrpc.c Sun Mar 8 19:02:30 2020 (r358770) @@ -898,11 +898,9 @@ tryagain: * These could cause pointer alignment problems, so copy them to * well aligned mbufs. */ -#ifdef notnow newnfs_realign(&nd->nd_mrep, M_WAITOK); -#endif nd->nd_md = nd->nd_mrep; - nfsm_set(nd, false); + nfsm_set(nd, ext.rc_mbufoffs, false); nd->nd_repstat = 0; if (nd->nd_procnum != NFSPROC_NULL && nd->nd_procnum != NFSV4PROC_CBNULL) { Modified: projects/nfs-over-tls/sys/fs/nfs/nfs_commonport.c ============================================================================== --- projects/nfs-over-tls/sys/fs/nfs/nfs_commonport.c Sun Mar 8 18:54:59 2020 (r358769) +++ projects/nfs-over-tls/sys/fs/nfs/nfs_commonport.c Sun Mar 8 19:02:30 2020 (r358770) @@ -180,8 +180,34 @@ newnfs_realign(struct mbuf **pm, int how) { struct mbuf *m, *n; int off, space; + bool copyit; ++nfs_realign_test; + + /* + * For ext_pgs mbufs, just copy the entire chain if there is an + * alignment problem. + */ + copyit = false; + m = *pm; + while ((m->m_flags & M_NOMAP) != 0) { + if ((m->m_len & 0x3) != 0 || + (m->m_ext.ext_pgs->first_pg_off & 0x3) != 0) { + copyit = true; + break; + } + m = m->m_next; + if (m == NULL) + return (0); + } + if (copyit) { + m = mb_unmapped_to_ext(*pm); + if (m == NULL) + return (ENOMEM); + *pm = m; + return (0); + } + while ((m = *pm) != NULL) { if ((m->m_len & 0x3) || (mtod(m, intptr_t) & 0x3)) { /* Modified: projects/nfs-over-tls/sys/fs/nfs/nfs_commonsubs.c ============================================================================== --- projects/nfs-over-tls/sys/fs/nfs/nfs_commonsubs.c Sun Mar 8 18:54:59 2020 (r358769) +++ projects/nfs-over-tls/sys/fs/nfs/nfs_commonsubs.c Sun Mar 8 19:02:30 2020 (r358770) @@ -383,7 +383,7 @@ nfscl_reqstart(struct nfsrv_descript *nd, int procnum, mb = mb_alloc_ext_plus_pages(PAGE_SIZE, M_WAITOK, false, mb_free_mext_pgs); nd->nd_mreq = nd->nd_mb = mb; - nfsm_set(nd, true); + nfsm_set(nd, 0, true); } else { if (nfs_bigrequest[procnum]) NFSMCLGET(mb, M_WAITOK); @@ -656,8 +656,7 @@ nfsm_mbufuio(struct nfsrv_descript *nd, struct uio *ui left = siz; uiosiz = left; while (left > 0) { - if ((nd->nd_md->m_flags & (M_EXT | M_NOMAP)) == - (M_EXT | M_NOMAP)) + if ((nd->nd_md->m_flags & M_NOMAP) != 0) xfer = nfsm_copyfrommbuf_extpgs(nd, uiocp, uiop->uio_segflg, left); else @@ -708,15 +707,14 @@ nfsm_dissct(struct nfsrv_descript *nd, int siz, int ho caddr_t retp; retp = NULL; - if ((nd->nd_md->m_flags & (M_EXT | M_NOMAP)) == - (M_EXT | M_NOMAP)) + if ((nd->nd_md->m_flags & M_NOMAP) != 0) left = nd->nd_dextpgsiz; else left = mtod(nd->nd_md, char *) + nd->nd_md->m_len - nd->nd_dpos; while (left == 0) { - if ((nd->nd_md->m_flags & (M_EXT | M_NOMAP)) == - (M_EXT | M_NOMAP) && nd->nd_dextpg < + if ((nd->nd_md->m_flags & M_NOMAP) != 0 && + nd->nd_dextpg < nd->nd_md->m_ext.ext_pgs->npgs - 1) { pgs = nd->nd_md->m_ext.ext_pgs; nd->nd_dextpg++; @@ -730,15 +728,13 @@ nfsm_dissct(struct nfsrv_descript *nd, int siz, int ho if (left >= siz) { retp = nd->nd_dpos; nd->nd_dpos += siz; - if ((nd->nd_md->m_flags & (M_EXT | M_NOMAP)) == - (M_EXT | M_NOMAP)) + if ((nd->nd_md->m_flags & M_NOMAP) != 0) nd->nd_dextpgsiz -= siz; } else if (siz > ncl_mbuf_mhlen) { panic("nfs S too big"); } else { /* Make sure an ext_pgs mbuf is at the last page. */ - if ((nd->nd_md->m_flags & (M_EXT | M_NOMAP)) == - (M_EXT | M_NOMAP)) { + if ((nd->nd_md->m_flags & M_NOMAP) != 0) { if (nd->nd_dextpg < nd->nd_md->m_ext.ext_pgs->npgs - 1) { mp2 = nfsm_splitatpgno(nd->nd_md, @@ -775,9 +771,8 @@ nfsm_dissct(struct nfsrv_descript *nd, int siz, int ho while (siz2 > 0) { if (nd->nd_md == NULL) return (NULL); - nfsm_set(nd, false); - if ((nd->nd_md->m_flags & (M_EXT | M_NOMAP)) == - (M_EXT | M_NOMAP)) + nfsm_set(nd, 0, false); + if ((nd->nd_md->m_flags & M_NOMAP) != 0) xfer = nfsm_copyfrommbuf_extpgs(nd, p, UIO_SYSSPACE, siz2); else @@ -819,8 +814,7 @@ nfsm_advance(struct nfsrv_descript *nd, int offs, int * If left == -1, calculate it here. */ if (left == -1) { - if ((nd->nd_md->m_flags & (M_EXT | M_NOMAP)) == - (M_EXT | M_NOMAP)) + if ((nd->nd_md->m_flags & M_NOMAP) != 0) left = nd->nd_dextpgsiz; else left = mtod(nd->nd_md, char *) + @@ -831,8 +825,8 @@ nfsm_advance(struct nfsrv_descript *nd, int offs, int * Loop around, advancing over the mbuf data. */ while (offs > left) { - if ((nd->nd_md->m_flags & (M_EXT | M_NOMAP)) == - (M_EXT | M_NOMAP) && nd->nd_dextpg < + if ((nd->nd_md->m_flags & M_NOMAP) != 0 && + nd->nd_dextpg < nd->nd_md->m_ext.ext_pgs->npgs - 1) { xfer = nfsm_copyfrommbuf_extpgs(nd, NULL, UIO_SYSSPACE, offs); @@ -846,8 +840,7 @@ nfsm_advance(struct nfsrv_descript *nd, int offs, int } } if (offs > 0) { - if ((nd->nd_md->m_flags & (M_EXT | M_NOMAP)) == - (M_EXT | M_NOMAP)) + if ((nd->nd_md->m_flags & M_NOMAP) != 0) nfsm_copyfrommbuf_extpgs(nd, NULL, UIO_SYSSPACE, offs); else @@ -1104,13 +1097,12 @@ nfsm_trimtrailing(struct nfsrv_descript *nd, struct mb struct mbuf_ext_pgs *pgs; vm_page_t pg; int fullpgsiz, i; - char *ppos; if (mb->m_next != NULL) { m_freem(mb->m_next); mb->m_next = NULL; } - if ((mb->m_flags & (M_EXT | M_NOMAP)) == (M_EXT | M_NOMAP)) { + if ((mb->m_flags & M_NOMAP) != 0) { pgs = mb->m_ext.ext_pgs; /* First, get rid of any pages after this position. */ for (i = pgs->npgs - 1; i > bextpg; i--) { @@ -1127,10 +1119,6 @@ nfsm_trimtrailing(struct nfsrv_descript *nd, struct mb mb->m_len = mbuf_ext_pg_len(pgs, 0, pgs->first_pg_off); for (i = 1; i < pgs->npgs; i++) mb->m_len += mbuf_ext_pg_len(pgs, i, 0); - ppos = (char *)(void *)PHYS_TO_DMAP(pgs->pa[bextpg]); - ppos += pgs->last_pg_len; - if (ppos != bpos) - printf("EEK trimtrail\n"); nd->nd_bextpgsiz = bextpgsiz; nd->nd_bextpg = bextpg; } else @@ -2492,8 +2480,7 @@ nfsrv_mtostr(struct nfsrv_descript *nd, char *str, int rem = NFSM_RNDUP(siz) - siz; while (siz > 0) { - if ((nd->nd_md->m_flags & (M_EXT | M_NOMAP)) == - (M_EXT | M_NOMAP)) + if ((nd->nd_md->m_flags & M_NOMAP) != 0) xfer = nfsm_copyfrommbuf_extpgs(nd, str, UIO_SYSSPACE, siz); else @@ -4892,7 +4879,7 @@ nfsv4_findmirror(struct nfsmount *nmp) * The build argument is true for build and false for dissect. */ int -nfsm_set(struct nfsrv_descript *nd, bool build) +nfsm_set(struct nfsrv_descript *nd, u_int offs, bool build) { struct mbuf *m; struct mbuf_ext_pgs *pgs; @@ -4902,29 +4889,68 @@ nfsm_set(struct nfsrv_descript *nd, bool build) m = nd->nd_mb; else m = nd->nd_md; - if ((m->m_flags & (M_EXT | M_NOMAP)) == (M_EXT | M_NOMAP)) { + if ((m->m_flags & M_NOMAP) != 0) { if (build) { pgs = m->m_ext.ext_pgs; - nd->nd_bpos = (char *)(void *) - PHYS_TO_DMAP(pgs->pa[0]); - nd->nd_bpos += pgs->first_pg_off; nd->nd_bextpg = 0; - /* For build, set the size that can be filled. */ - rlen = nd->nd_bextpgsiz = PAGE_SIZE - - pgs->first_pg_off; + while (offs > 0) { + if (nd->nd_bextpg == 0) + rlen = mbuf_ext_pg_len(pgs, 0, + pgs->first_pg_off); + else + rlen = mbuf_ext_pg_len(pgs, + nd->nd_bextpg, 0); + if (offs <= rlen) + break; + offs -= rlen; + nd->nd_bextpg++; + if (nd->nd_bextpg == pgs->npgs) { + printf("nfsm_set: build offs " + "out of range\n"); + nd->nd_bextpg--; + break; + } + } + nd->nd_bpos = (char *)(void *) + PHYS_TO_DMAP(pgs->pa[nd->nd_bextpg]); + if (nd->nd_bextpg == 0) + nd->nd_bpos += pgs->first_pg_off; + if (offs > 0) { + nd->nd_bpos += offs; + rlen = nd->nd_bextpgsiz = rlen - offs; + } else if (nd->nd_bextpg == 0) + rlen = nd->nd_bextpgsiz = PAGE_SIZE - + pgs->first_pg_off; + else + rlen = nd->nd_bextpgsiz = PAGE_SIZE; } else { pgs = m->m_ext.ext_pgs; - nd->nd_dpos = (char *)(void *) - PHYS_TO_DMAP(pgs->pa[0]); - nd->nd_dpos += pgs->first_pg_off; nd->nd_dextpg = 0; - /* For dissect, set the size already filled. */ - rlen = nd->nd_dextpgsiz = mbuf_ext_pg_len(pgs, 0, - pgs->first_pg_off); + do { + nd->nd_dpos = (char *)(void *) + PHYS_TO_DMAP(pgs->pa[nd->nd_dextpg]); + if (nd->nd_dextpg == 0) { + nd->nd_dpos += pgs->first_pg_off; + rlen = nd->nd_dextpgsiz = + mbuf_ext_pg_len(pgs, 0, + pgs->first_pg_off); + } else + rlen = nd->nd_dextpgsiz = + mbuf_ext_pg_len(pgs, + nd->nd_dextpg, 0); + if (offs > rlen) { + nd->nd_dextpg++; + offs -= rlen; + } else if (offs > 0) { + nd->nd_dpos += offs; + nd->nd_dextpgsiz -= offs; + offs = 0; + } + } while (offs > 0); } } else if (build) { - nd->nd_bpos = mtod(m, char *); - rlen = m->m_len; + nd->nd_bpos = mtod(m, char *) + offs; + rlen = m->m_len - offs; } else { nd->nd_dpos = mtod(m, char *); rlen = m->m_len; @@ -5026,6 +5052,7 @@ nfsm_splitatpgno(struct mbuf *mp, int pgno, int how) if (m == NULL) return (m); pgs0 = m->m_ext.ext_pgs; + pgs0->flags |= MBUF_PEXT_FLAG_ANON; /* Move the pages beyond pgno to the new mbuf. */ for (i = pgno + 1, j = 0; i < pgs->npgs; i++, j++) @@ -5066,7 +5093,7 @@ nfsm_shiftnext(struct nfsrv_descript *nd, int *leftp) nd->nd_md = nd->nd_md->m_next; if (nd->nd_md == NULL) return (false); - *leftp = nfsm_set(nd, false); + *leftp = nfsm_set(nd, 0, false); return (true); } @@ -5105,70 +5132,28 @@ nfsm_add_ext_pgs(struct mbuf *m, int maxextsiz, int *b } /* - * Trim the ext_pgs mbuf to the current dissect position. + * Calculate the data offset of m for dextpg and dextpgsiz. */ -void -nfsm_trimatpos_extpgs(struct nfsrv_descript *nd) +int +nfsm_extpgs_calc_offs(struct mbuf *m, int dextpg, int dextpgsiz) { struct mbuf_ext_pgs *pgs; - vm_page_t pg; - int i, j; + int cnt, offs; - pgs = nd->nd_md->m_ext.ext_pgs; - for (i = 0; i < nd->nd_dextpg; i++) { - pg = PHYS_TO_VM_PAGE(pgs->pa[0]); - vm_page_unwire_noq(pg); - vm_page_free(pg); - nd->nd_md->m_len -= mbuf_ext_pg_len(pgs, i, - pgs->first_pg_off); - pgs->first_pg_off = 0; - for (j = 0; j < pgs->npgs - 1; j++) - pgs->pa[j] = pgs->pa[j + 1]; - pgs->npgs--; - } - nd->nd_dextpg = 0; - if (nd->nd_dextpgsiz > 0) { - j = mbuf_ext_pg_len(pgs, 0, pgs->first_pg_off); - j -= nd->nd_dextpgsiz; - pgs->first_pg_off += j; - nd->nd_md->m_len -= j; - if (nd->nd_dextpg == pgs->npgs - 1) - pgs->last_pg_len -= j; - } -} - -/* - * Trim the ext_pgs mbuf back to "tlen" bytes in length. - */ -void -nfsm_trimback_extpgs(struct mbuf *m, int len) -{ - struct mbuf_ext_pgs *pgs; - vm_page_t pg; - int i, j, pgno, tlen; - + offs = 0; pgs = m->m_ext.ext_pgs; - pgno = 0; - tlen = len; - while (len > 0 && pgno < pgs->npgs) { - if (pgno == 0) - i = mbuf_ext_pg_len(pgs, pgno, + for (cnt = 0; cnt < dextpg; cnt++) { + if (cnt == 0) + offs += mbuf_ext_pg_len(pgs, 0, pgs->first_pg_off); else - i = mbuf_ext_pg_len(pgs, pgno, 0); - if (len <= i) { - /* Free pages past pgno. */ - for (j = pgno + 1; j < pgs->npgs; j++) { - pg = PHYS_TO_VM_PAGE(pgs->pa[j]); - vm_page_unwire_noq(pg); - vm_page_free(pg); - } - pgs->npgs = pgno + 1; - pgs->last_pg_len = len; - } - len -= i; - pgno++; + offs += mbuf_ext_pg_len(pgs, cnt, 0); } - m->m_len = tlen; + if (dextpg == 0) + cnt = mbuf_ext_pg_len(pgs, 0, + pgs->first_pg_off); + else + cnt = mbuf_ext_pg_len(pgs, dextpg, 0); + offs += cnt - dextpgsiz; + return (offs); } - Modified: projects/nfs-over-tls/sys/fs/nfs/nfs_var.h ============================================================================== --- projects/nfs-over-tls/sys/fs/nfs/nfs_var.h Sun Mar 8 18:54:59 2020 (r358769) +++ projects/nfs-over-tls/sys/fs/nfs/nfs_var.h Sun Mar 8 19:02:30 2020 (r358770) @@ -361,14 +361,13 @@ int nfsv4_sequencelookup(struct nfsmount *, struct nfs void nfsv4_freeslot(struct nfsclsession *, int); struct ucred *nfsrv_getgrpscred(struct ucred *); struct nfsdevice *nfsv4_findmirror(struct nfsmount *); -int nfsm_set(struct nfsrv_descript *, bool); +int nfsm_set(struct nfsrv_descript *, u_int, bool); bool nfsm_shiftnext(struct nfsrv_descript *, int *); -void nfsm_trimatpos_extpgs(struct nfsrv_descript *); -void nfsm_trimback_extpgs(struct mbuf *, int); +int nfsm_extpgs_calc_offs(struct mbuf *, int, int); /* nfs_clcomsubs.c */ void nfsm_uiombuf(struct nfsrv_descript *, struct uio *, int); -struct mbuf *nfsm_uiombuflist(int, int, struct uio *, int, struct mbuf **, char **); +struct mbuf *nfsm_uiombuflist(bool, int, struct uio *, int, struct mbuf **, char **); nfsuint64 *nfscl_getcookie(struct nfsnode *, off_t off, int); u_int8_t *nfscl_getmyip(struct nfsmount *, struct in6_addr *, int *); int nfsm_getfh(struct nfsrv_descript *, struct nfsfh **); @@ -687,8 +686,8 @@ int nfsvno_readlink(vnode_t, struct ucred *, int, NFSP mbuf_t *, int *); int nfsvno_read(vnode_t, off_t, int, struct ucred *, int, NFSPROC_T *, mbuf_t *, mbuf_t *); -int nfsvno_write(vnode_t, off_t, int, int *, mbuf_t, char *, int, int, - struct ucred *, NFSPROC_T *); +int nfsvno_write(vnode_t, off_t, int, int *, struct nfsrv_descript *, + NFSPROC_T *); int nfsvno_createsub(struct nfsrv_descript *, struct nameidata *, vnode_t *, struct nfsvattr *, int *, int32_t *, NFSDEV_T, struct nfsexstuff *); From owner-svn-src-projects@freebsd.org Sun Mar 8 19:09:15 2020 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 098412729D2 for ; Sun, 8 Mar 2020 19:09:15 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48b9rV565Nz4XhD; Sun, 8 Mar 2020 19:09:14 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7A90B2673D; Sun, 8 Mar 2020 19:09:14 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 028J9EBN036978; Sun, 8 Mar 2020 19:09:14 GMT (envelope-from rmacklem@FreeBSD.org) Received: (from rmacklem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 028J9DvR036556; Sun, 8 Mar 2020 19:09:13 GMT (envelope-from rmacklem@FreeBSD.org) Message-Id: <202003081909.028J9DvR036556@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to rmacklem@FreeBSD.org using -f From: Rick Macklem Date: Sun, 8 Mar 2020 19:09:13 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r358771 - projects/nfs-over-tls/sys/fs/nfsclient X-SVN-Group: projects X-SVN-Commit-Author: rmacklem X-SVN-Commit-Paths: projects/nfs-over-tls/sys/fs/nfsclient X-SVN-Commit-Revision: 358771 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Mar 2020 19:09:15 -0000 Author: rmacklem Date: Sun Mar 8 19:09:13 2020 New Revision: 358771 URL: https://svnweb.freebsd.org/changeset/base/358771 Log: Add support for reception of ext_pgs mbufs to the NFS client. There also includes changes to simplify the handling of the mbuf chain for doing proxied writes to mirrored DSs, so that the nfsm_copym() function was no longer needed and is deleted. Modified: projects/nfs-over-tls/sys/fs/nfsclient/nfs_clcomsubs.c projects/nfs-over-tls/sys/fs/nfsclient/nfs_clkrpc.c projects/nfs-over-tls/sys/fs/nfsclient/nfs_clrpcops.c Modified: projects/nfs-over-tls/sys/fs/nfsclient/nfs_clcomsubs.c ============================================================================== --- projects/nfs-over-tls/sys/fs/nfsclient/nfs_clcomsubs.c Sun Mar 8 19:02:30 2020 (r358770) +++ projects/nfs-over-tls/sys/fs/nfsclient/nfs_clcomsubs.c Sun Mar 8 19:09:13 2020 (r358771) @@ -158,15 +158,22 @@ nfsm_uiombuf(struct nfsrv_descript *nd, struct uio *ui /* * copies a uio scatter/gather list to an mbuf chain. * This version returns the mbuf list and does not use "nd". + * It allocates mbuf(s) of NFSM_RNDUP(siz) and ensures that + * it is nul padded to a multiple of 4 bytes. + * Since mbufs are allocated by this function, they will + * always have space for an exact multiple of 4 bytes in + * each mbuf. This implies that the nul padding can be + * safely done without checking for available space in + * the mbuf data area (or page for M_NOMAP mbufs). * NOTE: can ony handle iovcnt == 1 */ struct mbuf * -nfsm_uiombuflist(int flag, int maxextsiz, struct uio *uiop, int siz, +nfsm_uiombuflist(bool doextpgs, int maxextsiz, struct uio *uiop, int siz, struct mbuf **mbp, char **cpp) { char *uiocp; struct mbuf *mp, *mp2, *firstmp; - int xfer, left, mlen; + int i, left, mlen, rem, xfer; int uiosiz, clflg, bextpg, bextpgsiz = 0; char *mcp, *tcp; @@ -176,7 +183,8 @@ nfsm_uiombuflist(int flag, int maxextsiz, struct uio * clflg = 1; else clflg = 0; - if ((flag & ND_EXTPG) != 0) { + rem = NFSM_RNDUP(siz) - siz; + if (doextpgs) { mp = mb_alloc_ext_plus_pages(PAGE_SIZE, M_WAITOK, false, mb_free_mext_pgs); mcp = (char *)(void *) @@ -199,12 +207,12 @@ nfsm_uiombuflist(int flag, int maxextsiz, struct uio * left = siz; uiosiz = left; while (left > 0) { - if ((flag & ND_EXTPG) != 0) + if (doextpgs) mlen = bextpgsiz; else mlen = M_TRAILINGSPACE(mp); if (mlen == 0) { - if ((flag & ND_EXTPG) != 0) { + if (doextpgs) { mp = nfsm_add_ext_pgs(mp, maxextsiz, &bextpg); mcp = (char *)(void *)PHYS_TO_DMAP( @@ -231,7 +239,7 @@ nfsm_uiombuflist(int flag, int maxextsiz, struct uio * left -= xfer; uiocp += xfer; mcp += xfer; - if ((flag & ND_EXTPG) != 0) { + if (doextpgs) { bextpgsiz -= xfer; mp->m_ext.ext_pgs->last_pg_len += xfer; } @@ -243,6 +251,12 @@ nfsm_uiombuflist(int flag, int maxextsiz, struct uio * uiop->uio_iov->iov_base = (void *)tcp; uiop->uio_iov->iov_len -= uiosiz; siz -= uiosiz; + } + for (i = 0; i < rem; i++) { + *mcp++ = '\0'; + mp->m_len++; + if (doextpgs) + mp->m_ext.ext_pgs->last_pg_len++; } if (cpp != NULL) *cpp = mcp; Modified: projects/nfs-over-tls/sys/fs/nfsclient/nfs_clkrpc.c ============================================================================== --- projects/nfs-over-tls/sys/fs/nfsclient/nfs_clkrpc.c Sun Mar 8 19:02:30 2020 (r358770) +++ projects/nfs-over-tls/sys/fs/nfsclient/nfs_clkrpc.c Sun Mar 8 19:09:13 2020 (r358771) @@ -73,6 +73,7 @@ nfscb_program(struct svc_req *rqst, SVCXPRT *xprt) struct nfsrv_descript nd; int cacherep, credflavor; +printf("cbprogram proc=%d\n", rqst->rq_proc); memset(&nd, 0, sizeof(nd)); if (rqst->rq_proc != NFSPROC_NULL && rqst->rq_proc != NFSV4PROC_CBCOMPOUND) { @@ -92,7 +93,8 @@ nfscb_program(struct svc_req *rqst, SVCXPRT *xprt) rqst->rq_args = NULL; newnfs_realign(&nd.nd_mrep, M_WAITOK); nd.nd_md = nd.nd_mrep; - nd.nd_dpos = mtod(nd.nd_md, caddr_t); +printf("cbreq nd_md=%p offs=%d\n", nd.nd_md, rqst->rq_xprt->xp_mbufoffs); + nfsm_set(&nd, rqst->rq_xprt->xp_mbufoffs, false); nd.nd_nam = svc_getrpccaller(rqst); nd.nd_nam2 = rqst->rq_addr; nd.nd_mreq = NULL; @@ -265,6 +267,7 @@ nfscbd_nfsd(struct thread *td, struct nfsd_nfscbd_args nfscbd_pool->sp_minthreads = 4; nfscbd_pool->sp_maxthreads = 4; +printf("CBpool\n"); svc_run(nfscbd_pool); rpc_gss_clear_svc_name_call(NFS_CALLBCKPROG, NFSV4_CBVERS); Modified: projects/nfs-over-tls/sys/fs/nfsclient/nfs_clrpcops.c ============================================================================== --- projects/nfs-over-tls/sys/fs/nfsclient/nfs_clrpcops.c Sun Mar 8 19:02:30 2020 (r358770) +++ projects/nfs-over-tls/sys/fs/nfsclient/nfs_clrpcops.c Sun Mar 8 19:09:13 2020 (r358771) @@ -78,6 +78,9 @@ extern int nfs_pnfsiothreads; extern u_long sb_max_adj; extern int nfs_maxcopyrange; extern bool nfs_use_ext_pgs; +#ifdef KERN_TLS +extern u_int ktls_maxlen; +#endif NFSCLSTATEMUTEX; int nfstest_outofseq = 0; int nfscl_assumeposixlocks = 1; @@ -162,7 +165,6 @@ static int nfscl_dofflayoutio(vnode_t, struct uio *, i nfsv4stateid_t *, int, struct nfscldevinfo *, struct nfscllayout *, struct nfsclflayout *, uint64_t, uint64_t, int, int, struct mbuf *, struct nfsclwritedsdorpc *, struct ucred *, NFSPROC_T *); -static struct mbuf *nfsm_copym(struct mbuf *, int, int); static int nfsrpc_readds(vnode_t, struct uio *, nfsv4stateid_t *, int *, struct nfsclds *, uint64_t, int, struct nfsfh *, int, int, int, struct ucred *, NFSPROC_T *); @@ -5691,7 +5693,7 @@ nfscl_doiods(vnode_t vp, struct uio *uiop, int *iomode struct nfscllayout *layp; struct nfscldevinfo *dip; struct nfsclflayout *rflp; - struct mbuf *m; + struct mbuf *m, *m2; struct nfsclwritedsdorpc *drpc, *tdrpc; nfsv4stateid_t stateid; struct ucred *newcred; @@ -5703,6 +5705,8 @@ nfscl_doiods(vnode_t vp, struct uio *uiop, int *iomode size_t iovlen = 0; off_t offs = 0; ssize_t resid = 0; + int maxextsiz; + bool doextpgs; if (!NFSHASPNFS(nmp) || nfscl_enablecallb == 0 || nfs_numnfscbd == 0 || (np->n_flag & NNOLAYOUT) != 0) @@ -5796,8 +5800,23 @@ nfscl_doiods(vnode_t vp, struct uio *uiop, int *iomode iovbase = uiop->uio_iov->iov_base; iovlen = uiop->uio_iov->iov_len; - m = nfsm_uiombuflist(0, 0, uiop, len, - NULL, NULL); + doextpgs = false; + maxextsiz = 0; + if ((NFSHASTLS(nmp) || + (nfs_use_ext_pgs && + xfer > MCLBYTES)) && + PMAP_HAS_DMAP != 0) { + doextpgs = true; + maxextsiz = 16384; +#ifdef KERN_TLS + maxextsiz = min( + TLS_MAX_MSG_SIZE_V10_2, + ktls_maxlen); +#endif + } + m = nfsm_uiombuflist(doextpgs, + maxextsiz, uiop, len, NULL, + NULL); } tdrpc = drpc = malloc(sizeof(*drpc) * (mirrorcnt - 1), M_TEMP, M_WAITOK | @@ -5805,6 +5824,12 @@ nfscl_doiods(vnode_t vp, struct uio *uiop, int *iomode } } for (i = firstmirror; i < mirrorcnt && error == 0; i++){ + if (m != NULL && i < mirrorcnt - 1) + m2 = m_copym(m, 0, M_COPYALL, M_WAITOK); + else { + m2 = m; + m = NULL; + } if ((layp->nfsly_flags & NFSLY_FLEXFILE) != 0) { dev = rflp->nfsfl_ffm[i].dev; dip = nfscl_getdevinfo(nmp->nm_clp, dev, @@ -5821,7 +5846,7 @@ nfscl_doiods(vnode_t vp, struct uio *uiop, int *iomode uiop, iomode, must_commit, &eof, &stateid, rwaccess, dip, layp, rflp, off, xfer, - i, docommit, m, tdrpc, + i, docommit, m2, tdrpc, newcred, p); else error = nfscl_doflayoutio(vp, @@ -5830,12 +5855,13 @@ nfscl_doiods(vnode_t vp, struct uio *uiop, int *iomode dip, layp, rflp, off, xfer, docommit, newcred, p); nfscl_reldevinfo(dip); - } else + } else { + m_freem(m2); error = EIO; + } tdrpc++; } - if (m != NULL) - m_freem(m); + m_freem(m); tdrpc = drpc; timo = hz / 50; /* Wait for 20msec. */ if (timo < 1) @@ -5897,38 +5923,6 @@ nfscl_doiods(vnode_t vp, struct uio *uiop, int *iomode } /* - * Make a copy of the mbuf chain and add an mbuf for null padding, as required. - */ -static struct mbuf * -nfsm_copym(struct mbuf *m, int off, int xfer) -{ - struct mbuf *m2, *m3, *m4; - uint32_t *tl; - int rem; - - m2 = m_copym(m, off, xfer, M_WAITOK); - rem = NFSM_RNDUP(xfer) - xfer; - if (rem > 0) { - /* - * The zero padding to a multiple of 4 bytes is required by - * the XDR. So that the mbufs copied by reference aren't - * modified, add an mbuf with the zero'd bytes to the list. - * rem will be a maximum of 3, so one zero'd uint32_t is - * sufficient. - */ - m3 = m2; - while (m3->m_next != NULL) - m3 = m3->m_next; - NFSMGET(m4); - tl = NFSMTOD(m4, uint32_t *); - *tl = 0; - mbuf_setlen(m4, rem); - mbuf_setnext(m3, m4); - } - return (m2); -} - -/* * Find a file layout that will handle the first bytes of the requested * range and return the information from it needed to the I/O operation. */ @@ -6179,7 +6173,18 @@ nfscl_dofflayoutio(vnode_t vp, struct uio *uiop, int * NFSUNLOCKCLSTATE(); } } else { - m = nfsm_copym(mp, rel_off, xfer); + /* + * Split off the first xfer bytes of the mbuf + * chain. + */ + m = mp; + if (xfer < len) { + if ((m->m_flags & M_NOMAP) != 0) + mp = mb_splitatpos_ext(m, xfer, + M_WAITOK); + else + mp = m_split(m, xfer, M_WAITOK); + } NFSCL_DEBUG(4, "mcopy reloff=%d xfer=%jd\n", rel_off, (uintmax_t)xfer); /* @@ -6198,6 +6203,8 @@ nfscl_dofflayoutio(vnode_t vp, struct uio *uiop, int * xfer, fhp, m, dp->nfsdi_vers, dp->nfsdi_minorvers, tcred, p); NFSCL_DEBUG(4, "nfsio_writedsmir=%d\n", error); + if (xfer == len) + mp = NULL; if (error != 0 && error != EACCES && error != ESTALE) { NFSCL_DEBUG(4, @@ -6216,6 +6223,7 @@ nfscl_dofflayoutio(vnode_t vp, struct uio *uiop, int * if ((dp->nfsdi_flags & NFSDI_TIGHTCOUPLED) == 0) NFSFREECRED(tcred); } + m_freem(mp); /* In case errors occurred. */ NFSCL_DEBUG(4, "eo nfscl_dofflayoutio=%d\n", error); return (error); } From owner-svn-src-projects@freebsd.org Sun Mar 8 19:18:35 2020 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 60D29272E25 for ; Sun, 8 Mar 2020 19:18:35 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48bB3G40s0z406R; Sun, 8 Mar 2020 19:18:34 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 797BD26933; Sun, 8 Mar 2020 19:18:34 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 028JIYVR043349; Sun, 8 Mar 2020 19:18:34 GMT (envelope-from rmacklem@FreeBSD.org) Received: (from rmacklem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 028JIXTw043343; Sun, 8 Mar 2020 19:18:33 GMT (envelope-from rmacklem@FreeBSD.org) Message-Id: <202003081918.028JIXTw043343@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to rmacklem@FreeBSD.org using -f From: Rick Macklem Date: Sun, 8 Mar 2020 19:18:33 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r358772 - projects/nfs-over-tls/sys/fs/nfsserver X-SVN-Group: projects X-SVN-Commit-Author: rmacklem X-SVN-Commit-Paths: projects/nfs-over-tls/sys/fs/nfsserver X-SVN-Commit-Revision: 358772 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Mar 2020 19:18:35 -0000 Author: rmacklem Date: Sun Mar 8 19:18:33 2020 New Revision: 358772 URL: https://svnweb.freebsd.org/changeset/base/358772 Log: Add support for reception of ext_pgs mbufs to the NFS server code. This also includes a cleanup of nfs_fha_new.c to avoid use of all the function pointer indirection, no longer needed, since there is no old NFS server. It would be nice to make file handle affinity work for NFSv4, but I can't see how to do it. Modified: projects/nfs-over-tls/sys/fs/nfsserver/nfs_fha_new.c projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdcache.c projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdkrpc.c projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdport.c projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdserv.c projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdsubs.c Modified: projects/nfs-over-tls/sys/fs/nfsserver/nfs_fha_new.c ============================================================================== --- projects/nfs-over-tls/sys/fs/nfsserver/nfs_fha_new.c Sun Mar 8 19:09:13 2020 (r358771) +++ projects/nfs-over-tls/sys/fs/nfsserver/nfs_fha_new.c Sun Mar 8 19:18:33 2020 (r358772) @@ -31,22 +31,24 @@ __FBSDID("$FreeBSD$"); #include +#include #include -#include #include #include #include #include #include +static MALLOC_DEFINE(M_NFS_FHA, "NFS FHA", "NFS FHA"); + static void fhanew_init(void *foo); static void fhanew_uninit(void *foo); rpcproc_t fhanew_get_procnum(rpcproc_t procnum); int fhanew_realign(struct mbuf **mb, int malloc_flags); -int fhanew_get_fh(uint64_t *fh, int v3, struct mbuf **md, caddr_t *dpos); +int fhanew_get_fh(uint64_t *fh, int v3, struct nfsrv_descript *nd); int fhanew_is_read(rpcproc_t procnum); int fhanew_is_write(rpcproc_t procnum); -int fhanew_get_offset(struct mbuf **md, caddr_t *dpos, int v3, +int fhanew_get_offset(struct nfsrv_descript *nd, int v3, struct fha_info *info); int fhanew_no_offset(rpcproc_t procnum); void fhanew_set_locktype(rpcproc_t procnum, struct fha_info *info); @@ -62,7 +64,324 @@ extern SVCPOOL *nfsrvd_pool; SYSINIT(nfs_fhanew, SI_SUB_ROOT_CONF, SI_ORDER_ANY, fhanew_init, NULL); SYSUNINIT(nfs_fhanew, SI_SUB_ROOT_CONF, SI_ORDER_ANY, fhanew_uninit, NULL); +static struct fha_hash_entry * +fha_hash_entry_new(u_int64_t fh) +{ + struct fha_hash_entry *e; + + e = malloc(sizeof(*e), M_NFS_FHA, M_WAITOK); + e->fh = fh; + e->num_rw = 0; + e->num_exclusive = 0; + e->num_threads = 0; + LIST_INIT(&e->threads); + + return (e); +} + static void +fha_hash_entry_destroy(struct fha_hash_entry *e) +{ + + mtx_assert(e->mtx, MA_OWNED); + KASSERT(e->num_rw == 0, + ("%d reqs on destroyed fhe %p", e->num_rw, e)); + KASSERT(e->num_exclusive == 0, + ("%d exclusive reqs on destroyed fhe %p", e->num_exclusive, e)); + KASSERT(e->num_threads == 0, + ("%d threads on destroyed fhe %p", e->num_threads, e)); + free(e, M_NFS_FHA); +} + +static void +fha_hash_entry_remove(struct fha_hash_entry *e) +{ + + mtx_assert(e->mtx, MA_OWNED); + LIST_REMOVE(e, link); + fha_hash_entry_destroy(e); +} + +static struct fha_hash_entry * +fha_hash_entry_lookup(struct fha_params *softc, u_int64_t fh) +{ + struct fha_hash_slot *fhs; + struct fha_hash_entry *fhe, *new_fhe; + + fhs = &softc->fha_hash[fh % FHA_HASH_SIZE]; + new_fhe = fha_hash_entry_new(fh); + new_fhe->mtx = &fhs->mtx; + mtx_lock(&fhs->mtx); + LIST_FOREACH(fhe, &fhs->list, link) + if (fhe->fh == fh) + break; + if (!fhe) { + fhe = new_fhe; + LIST_INSERT_HEAD(&fhs->list, fhe, link); + } else + fha_hash_entry_destroy(new_fhe); + return (fhe); +} + +static void +fha_hash_entry_add_thread(struct fha_hash_entry *fhe, SVCTHREAD *thread) +{ + + mtx_assert(fhe->mtx, MA_OWNED); + thread->st_p2 = 0; + LIST_INSERT_HEAD(&fhe->threads, thread, st_alink); + fhe->num_threads++; +} + +static void +fha_hash_entry_remove_thread(struct fha_hash_entry *fhe, SVCTHREAD *thread) +{ + + mtx_assert(fhe->mtx, MA_OWNED); + KASSERT(thread->st_p2 == 0, + ("%d reqs on removed thread %p", thread->st_p2, thread)); + LIST_REMOVE(thread, st_alink); + fhe->num_threads--; +} + +/* + * Account for an ongoing operation associated with this file. + */ +static void +fha_hash_entry_add_op(struct fha_hash_entry *fhe, int locktype, int count) +{ + + mtx_assert(fhe->mtx, MA_OWNED); + if (LK_EXCLUSIVE == locktype) + fhe->num_exclusive += count; + else + fhe->num_rw += count; +} + +/* + * Get the service thread currently associated with the fhe that is + * appropriate to handle this operation. + */ +static SVCTHREAD * +fha_hash_entry_choose_thread(struct fha_params *softc, + struct fha_hash_entry *fhe, struct fha_info *i, SVCTHREAD *this_thread) +{ + SVCTHREAD *thread, *min_thread = NULL; + int req_count, min_count = 0; + off_t offset1, offset2; + + LIST_FOREACH(thread, &fhe->threads, st_alink) { + req_count = thread->st_p2; + + /* If there are any writes in progress, use the first thread. */ + if (fhe->num_exclusive) { +#if 0 + ITRACE_CURPROC(ITRACE_NFS, ITRACE_INFO, + "fha: %p(%d)w", thread, req_count); +#endif + return (thread); + } + + /* Check whether we should consider locality. */ + if ((i->read && !softc->ctls.read) || + (i->write && !softc->ctls.write)) + goto noloc; + + /* + * Check for locality, making sure that we won't + * exceed our per-thread load limit in the process. + */ + offset1 = i->offset; + offset2 = thread->st_p3; + + if (((offset1 >= offset2) + && ((offset1 - offset2) < (1 << softc->ctls.bin_shift))) + || ((offset2 > offset1) + && ((offset2 - offset1) < (1 << softc->ctls.bin_shift)))) { + if ((softc->ctls.max_reqs_per_nfsd == 0) || + (req_count < softc->ctls.max_reqs_per_nfsd)) { +#if 0 + ITRACE_CURPROC(ITRACE_NFS, ITRACE_INFO, + "fha: %p(%d)r", thread, req_count); +#endif + return (thread); + } + } + +noloc: + /* + * We don't have a locality match, so skip this thread, + * but keep track of the most attractive thread in case + * we need to come back to it later. + */ +#if 0 + ITRACE_CURPROC(ITRACE_NFS, ITRACE_INFO, + "fha: %p(%d)s off1 %llu off2 %llu", thread, + req_count, offset1, offset2); +#endif + if ((min_thread == NULL) || (req_count < min_count)) { + min_count = req_count; + min_thread = thread; + } + } + + /* + * We didn't find a good match yet. See if we can add + * a new thread to this file handle entry's thread list. + */ + if ((softc->ctls.max_nfsds_per_fh == 0) || + (fhe->num_threads < softc->ctls.max_nfsds_per_fh)) { + thread = this_thread; +#if 0 + ITRACE_CURPROC(ITRACE_NFS, ITRACE_INFO, + "fha: %p(%d)t", thread, thread->st_p2); +#endif + fha_hash_entry_add_thread(fhe, thread); + } else { + /* + * We don't want to use any more threads for this file, so + * go back to the most attractive nfsd we're already using. + */ + thread = min_thread; + } + + return (thread); +} + +static void +fha_init(struct fha_params *softc) +{ + int i; + + for (i = 0; i < FHA_HASH_SIZE; i++) + mtx_init(&softc->fha_hash[i].mtx, "fhalock", NULL, MTX_DEF); + + /* + * Set the default tuning parameters. + */ + softc->ctls.enable = FHA_DEF_ENABLE; + softc->ctls.read = FHA_DEF_READ; + softc->ctls.write = FHA_DEF_WRITE; + softc->ctls.bin_shift = FHA_DEF_BIN_SHIFT; + softc->ctls.max_nfsds_per_fh = FHA_DEF_MAX_NFSDS_PER_FH; + softc->ctls.max_reqs_per_nfsd = FHA_DEF_MAX_REQS_PER_NFSD; + + /* + * Add sysctls so the user can change the tuning parameters. + */ + SYSCTL_ADD_UINT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree), + OID_AUTO, "enable", CTLFLAG_RWTUN, + &softc->ctls.enable, 0, "Enable NFS File Handle Affinity (FHA)"); + + SYSCTL_ADD_UINT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree), + OID_AUTO, "read", CTLFLAG_RWTUN, + &softc->ctls.read, 0, "Enable NFS FHA read locality"); + + SYSCTL_ADD_UINT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree), + OID_AUTO, "write", CTLFLAG_RWTUN, + &softc->ctls.write, 0, "Enable NFS FHA write locality"); + + SYSCTL_ADD_UINT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree), + OID_AUTO, "bin_shift", CTLFLAG_RWTUN, + &softc->ctls.bin_shift, 0, "Maximum locality distance 2^(bin_shift) bytes"); + + SYSCTL_ADD_UINT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree), + OID_AUTO, "max_nfsds_per_fh", CTLFLAG_RWTUN, + &softc->ctls.max_nfsds_per_fh, 0, "Maximum nfsd threads that " + "should be working on requests for the same file handle"); + + SYSCTL_ADD_UINT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree), + OID_AUTO, "max_reqs_per_nfsd", CTLFLAG_RWTUN, + &softc->ctls.max_reqs_per_nfsd, 0, "Maximum requests that " + "single nfsd thread should be working on at any time"); + + SYSCTL_ADD_OID(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree), + OID_AUTO, "fhe_stats", CTLTYPE_STRING | CTLFLAG_RD, 0, 0, + fhenew_stats_sysctl, "A", ""); + +} + +static void +fha_uninit(struct fha_params *softc) +{ + int i; + + sysctl_ctx_free(&softc->sysctl_ctx); + for (i = 0; i < FHA_HASH_SIZE; i++) + mtx_destroy(&softc->fha_hash[i].mtx); +} + +/* + * This just specifies that offsets should obey affinity when within + * the same 1Mbyte (1<<20) chunk for the file (reads only for now). + */ +static void +fha_extract_info(struct svc_req *req, struct fha_info *i) +{ + static u_int64_t random_fh = 0; + int error; + int v3 = (req->rq_vers == 3); + rpcproc_t procnum; + struct nfsrv_descript lnd, *nd; + + nd = &lnd; + /* + * We start off with a random fh. If we get a reasonable + * procnum, we set the fh. If there's a concept of offset + * that we're interested in, we set that. + */ + i->fh = ++random_fh; + i->offset = 0; + i->locktype = LK_EXCLUSIVE; + i->read = i->write = 0; + + /* + * Extract the procnum and convert to v3 form if necessary, + * taking care to deal with out-of-range procnums. Caller will + * ensure that rq_vers is either 2 or 3. + */ + procnum = req->rq_proc; + if (!v3) { + rpcproc_t tmp_procnum; + + tmp_procnum = fhanew_get_procnum(procnum); + if (tmp_procnum == -1) + goto out; + procnum = tmp_procnum; + } + + /* + * We do affinity for most. However, we divide a realm of affinity + * by file offset so as to allow for concurrent random access. We + * only do this for reads today, but this may change when IFS supports + * efficient concurrent writes. + */ + if (fhanew_no_offset(procnum)) + goto out; + + i->read = fhanew_is_read(procnum); + i->write = fhanew_is_write(procnum); + + error = fhanew_realign(&req->rq_args, M_NOWAIT); + if (error) + goto out; + nd->nd_md = req->rq_args; + nfsm_set(nd, req->rq_xprt->xp_mbufoffs, false); + + /* Grab the filehandle. */ + error = fhanew_get_fh(&i->fh, v3, nd); + if (error) + goto out; + + /* Content ourselves with zero offset for all but reads. */ + if (i->read || i->write) + fhanew_get_offset(nd, v3, i); + +out: + fhanew_set_locktype(procnum, i); +} + +static void fhanew_init(void *foo) { struct fha_params *softc; @@ -71,19 +390,6 @@ fhanew_init(void *foo) bzero(softc, sizeof(*softc)); - /* - * Setup the callbacks for this FHA personality. - */ - softc->callbacks.get_procnum = fhanew_get_procnum; - softc->callbacks.realign = fhanew_realign; - softc->callbacks.get_fh = fhanew_get_fh; - softc->callbacks.is_read = fhanew_is_read; - softc->callbacks.is_write = fhanew_is_write; - softc->callbacks.get_offset = fhanew_get_offset; - softc->callbacks.no_offset = fhanew_no_offset; - softc->callbacks.set_locktype = fhanew_set_locktype; - softc->callbacks.fhe_stats_sysctl = fhenew_stats_sysctl; - snprintf(softc->server_name, sizeof(softc->server_name), FHANEW_SERVER_NAME); @@ -130,9 +436,8 @@ fhanew_realign(struct mbuf **mb, int malloc_flags) } int -fhanew_get_fh(uint64_t *fh, int v3, struct mbuf **md, caddr_t *dpos) +fhanew_get_fh(uint64_t *fh, int v3, struct nfsrv_descript *nd) { - struct nfsrv_descript lnd, *nd; uint32_t *tl; uint8_t *buf; uint64_t t; @@ -140,11 +445,7 @@ fhanew_get_fh(uint64_t *fh, int v3, struct mbuf **md, error = 0; len = 0; - nd = &lnd; - nd->nd_md = *md; - nd->nd_dpos = *dpos; - if (v3) { NFSM_DISSECT_NONBLOCK(tl, uint32_t *, NFSX_UNSIGNED); if ((len = fxdr_unsigned(int, *tl)) <= 0 || len > NFSX_FHMAX) { @@ -164,9 +465,6 @@ fhanew_get_fh(uint64_t *fh, int v3, struct mbuf **md, *fh = t; nfsmout: - *md = nd->nd_md; - *dpos = nd->nd_dpos; - return (error); } @@ -189,19 +487,14 @@ fhanew_is_write(rpcproc_t procnum) } int -fhanew_get_offset(struct mbuf **md, caddr_t *dpos, int v3, +fhanew_get_offset(struct nfsrv_descript *nd, int v3, struct fha_info *info) { - struct nfsrv_descript lnd, *nd; uint32_t *tl; int error; error = 0; - nd = &lnd; - nd->nd_md = *md; - nd->nd_dpos = *dpos; - if (v3) { NFSM_DISSECT_NONBLOCK(tl, uint32_t *, 2 * NFSX_UNSIGNED); info->offset = fxdr_hyper(tl); @@ -211,9 +504,6 @@ fhanew_get_offset(struct mbuf **md, caddr_t *dpos, int } nfsmout: - *md = nd->nd_md; - *dpos = nd->nd_dpos; - return (error); } @@ -264,15 +554,158 @@ fhanew_set_locktype(rpcproc_t procnum, struct fha_info } } +SVCTHREAD * +fhanew_assign(SVCTHREAD *this_thread, struct svc_req *req) +{ + SVCTHREAD *thread; + struct fha_info i; + struct fha_hash_entry *fhe; + struct fha_params *softc; + + softc = &fhanew_softc; + + /* Check to see whether we're enabled. */ + if (softc->ctls.enable == 0) + goto thist; + + /* + * Only do placement if this is an NFS request. + */ + if (req->rq_prog != NFS_PROG) + goto thist; + + if (req->rq_vers != 2 && req->rq_vers != 3) + goto thist; + + fha_extract_info(req, &i); + + /* + * We save the offset associated with this request for later + * nfsd matching. + */ + fhe = fha_hash_entry_lookup(softc, i.fh); + req->rq_p1 = fhe; + req->rq_p2 = i.locktype; + req->rq_p3 = i.offset; + + /* + * Choose a thread, taking into consideration locality, thread load, + * and the number of threads already working on this file. + */ + thread = fha_hash_entry_choose_thread(softc, fhe, &i, this_thread); + KASSERT(thread, ("fha_assign: NULL thread!")); + fha_hash_entry_add_op(fhe, i.locktype, 1); + thread->st_p2++; + thread->st_p3 = i.offset; + + /* + * Grab the pool lock here to not let chosen thread go away before + * the new request inserted to its queue while we drop fhe lock. + */ + mtx_lock(&thread->st_lock); + mtx_unlock(fhe->mtx); + + return (thread); +thist: + req->rq_p1 = NULL; + mtx_lock(&this_thread->st_lock); + return (this_thread); +} + static int fhenew_stats_sysctl(SYSCTL_HANDLER_ARGS) { - return (fhe_stats_sysctl(oidp, arg1, arg2, req, &fhanew_softc)); -} + int error, i; + struct sbuf sb; + struct fha_hash_entry *fhe; + bool_t first, hfirst; + SVCTHREAD *thread; + struct fha_params *softc; + softc = &fhanew_softc; -SVCTHREAD * -fhanew_assign(SVCTHREAD *this_thread, struct svc_req *req) + sbuf_new(&sb, NULL, 65536, SBUF_FIXEDLEN); + + if (!*softc->pool) { + sbuf_printf(&sb, "NFSD not running\n"); + goto out; + } + + for (i = 0; i < FHA_HASH_SIZE; i++) + if (!LIST_EMPTY(&softc->fha_hash[i].list)) + break; + + if (i == FHA_HASH_SIZE) { + sbuf_printf(&sb, "No file handle entries.\n"); + goto out; + } + + hfirst = TRUE; + for (; i < FHA_HASH_SIZE; i++) { + mtx_lock(&softc->fha_hash[i].mtx); + if (LIST_EMPTY(&softc->fha_hash[i].list)) { + mtx_unlock(&softc->fha_hash[i].mtx); + continue; + } + sbuf_printf(&sb, "%shash %d: {\n", hfirst ? "" : ", ", i); + first = TRUE; + LIST_FOREACH(fhe, &softc->fha_hash[i].list, link) { + sbuf_printf(&sb, "%sfhe %p: {\n", first ? " " : ", ", fhe); + + sbuf_printf(&sb, " fh: %ju\n", (uintmax_t) fhe->fh); + sbuf_printf(&sb, " num_rw/exclusive: %d/%d\n", + fhe->num_rw, fhe->num_exclusive); + sbuf_printf(&sb, " num_threads: %d\n", fhe->num_threads); + + LIST_FOREACH(thread, &fhe->threads, st_alink) { + sbuf_printf(&sb, " thread %p offset %ju " + "reqs %d\n", thread, + thread->st_p3, thread->st_p2); + } + + sbuf_printf(&sb, " }"); + first = FALSE; + } + sbuf_printf(&sb, "\n}"); + mtx_unlock(&softc->fha_hash[i].mtx); + hfirst = FALSE; + } + + out: + sbuf_trim(&sb); + sbuf_finish(&sb); + error = sysctl_handle_string(oidp, sbuf_data(&sb), sbuf_len(&sb), req); + sbuf_delete(&sb); + return (error); +} + +/* + * Called when we're done with an operation. The request has already + * been de-queued. + */ +void +fhanew_nd_complete(SVCTHREAD *thread, struct svc_req *req) { - return (fha_assign(this_thread, req, &fhanew_softc)); + struct fha_hash_entry *fhe = req->rq_p1; + struct mtx *mtx; + + /* + * This may be called for reqs that didn't go through + * fha_assign (e.g. extra NULL ops used for RPCSEC_GSS. + */ + if (!fhe) + return; + + mtx = fhe->mtx; + mtx_lock(mtx); + fha_hash_entry_add_op(fhe, req->rq_p2, -1); + thread->st_p2--; + KASSERT(thread->st_p2 >= 0, ("Negative request count %d on %p", + thread->st_p2, thread)); + if (thread->st_p2 == 0) { + fha_hash_entry_remove_thread(fhe, thread); + if (0 == fhe->num_rw + fhe->num_exclusive) + fha_hash_entry_remove(fhe); + } + mtx_unlock(mtx); } Modified: projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdcache.c ============================================================================== --- projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdcache.c Sun Mar 8 19:09:13 2020 (r358771) +++ projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdcache.c Sun Mar 8 19:18:33 2020 (r358772) @@ -1023,8 +1023,22 @@ nfsrc_getlenandcksum(mbuf_t m1, u_int16_t *cksum) len += mbuf_len(m); m = mbuf_next(m); } - cklen = (len > NFSRVCACHE_CHECKLEN) ? NFSRVCACHE_CHECKLEN : len; - *cksum = in_cksum(m1, cklen); + /* + * in_cksum() doesn't work for ext_pgs mbufs, so just return a + * random checksum to avoid a false hit. + * Since NFSv4.1 and NFSv4.2 does not actually use + * the DRC, due to sessions, I think this should be ok. + * Also, most NFS over TCP implementations do not implement + * a DRC at all. Unfortunately, the DRC is used for NFSv4.0 + * for the cases where there are sequenced operations, such as + * file lock operations, so it must still be enabled for NFSv4.0. + */ + if ((m1->m_flags & M_NOMAP) == 0) { + cklen = (len > NFSRVCACHE_CHECKLEN) ? NFSRVCACHE_CHECKLEN : + len; + *cksum = in_cksum(m1, cklen); + } else + *cksum = arc4random(); return (len); } Modified: projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdkrpc.c ============================================================================== --- projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdkrpc.c Sun Mar 8 19:09:13 2020 (r358771) +++ projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdkrpc.c Sun Mar 8 19:18:33 2020 (r358772) @@ -45,7 +45,6 @@ __FBSDID("$FreeBSD$"); #include #include -#include #include #include @@ -162,11 +161,9 @@ nfssvc_program(struct svc_req *rqst, SVCXPRT *xprt) */ nd.nd_mrep = rqst->rq_args; rqst->rq_args = NULL; -#ifdef notnow newnfs_realign(&nd.nd_mrep, M_WAITOK); -#endif nd.nd_md = nd.nd_mrep; - nfsm_set(&nd, false); + nfsm_set(&nd, rqst->rq_xprt->xp_mbufoffs, false); nd.nd_nam = svc_getrpccaller(rqst); nd.nd_nam2 = rqst->rq_addr; nd.nd_mreq = NULL; @@ -604,7 +601,7 @@ nfsrvd_init(int terminating) SYSCTL_STATIC_CHILDREN(_vfs_nfsd)); nfsrvd_pool->sp_rcache = NULL; nfsrvd_pool->sp_assign = fhanew_assign; - nfsrvd_pool->sp_done = fha_nd_complete; + nfsrvd_pool->sp_done = fhanew_nd_complete; NFSD_LOCK(); } } Modified: projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdport.c ============================================================================== --- projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdport.c Sun Mar 8 19:09:13 2020 (r358771) +++ projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdport.c Sun Mar 8 19:18:33 2020 (r358772) @@ -122,14 +122,14 @@ static void nfsrv_pnfsremovesetup(struct vnode *, NFSP static void nfsrv_pnfsremove(struct vnode **, int, char *, fhandle_t *, NFSPROC_T *); static int nfsrv_proxyds(struct vnode *, off_t, int, struct ucred *, - struct thread *, int, struct mbuf **, char *, struct mbuf **, - struct nfsvattr *, struct acl *, off_t *, int, bool *); + struct thread *, int, struct mbuf **, struct nfsrv_descript *, + struct mbuf **, struct nfsvattr *, struct acl *, off_t *, int, bool *); static int nfsrv_setextattr(struct vnode *, struct nfsvattr *, NFSPROC_T *); static int nfsrv_readdsrpc(fhandle_t *, off_t, int, struct ucred *, NFSPROC_T *, struct nfsmount *, struct mbuf **, struct mbuf **); static int nfsrv_writedsrpc(fhandle_t *, off_t, int, struct ucred *, NFSPROC_T *, struct vnode *, struct nfsmount **, int, struct mbuf **, - char *, int *); + struct nfsrv_descript *, int *); static int nfsrv_allocatedsrpc(fhandle_t *, off_t, off_t, struct ucred *, NFSPROC_T *, struct vnode *, struct nfsmount **, int, int *); static int nfsrv_setacldsrpc(fhandle_t *, struct ucred *, NFSPROC_T *, @@ -820,7 +820,7 @@ nfsrv_createiovec(int len, struct mbuf **mpp, struct m i = 0; while (left > 0) { if (m == NULL) - panic("nfsvno_read iov"); + panic("nfsrv_createiovec iov"); siz = min(M_TRAILINGSPACE(m), left); if (siz > 0) { iv->iov_base = mtod(m, caddr_t) + m->m_len; @@ -1012,7 +1012,7 @@ nfsrv_createiovecw(int retlen, struct mbuf *m, char *c len = retlen; while (len > 0) { if (mp == NULL) - panic("nfsvno_write"); + panic("nfsrv_createiovecw"); if (i > 0) { i = min(i, len); ivp->iov_base = cp; @@ -1120,8 +1120,7 @@ nfsrv_createiovecw_extpgs(int retlen, struct mbuf *m, */ int nfsvno_write(struct vnode *vp, off_t off, int retlen, int *stable, - struct mbuf *mp, char *cp, int dextpg, int dextpgsiz, - struct ucred *cred, struct thread *p) + struct nfsrv_descript *nd, struct thread *p) { struct iovec *iv; int cnt, ioflags, error; @@ -1132,23 +1131,25 @@ nfsvno_write(struct vnode *vp, off_t off, int retlen, * Attempt to write to a DS file. A return of ENOENT implies * there is no DS file to write. */ - error = nfsrv_proxyds(vp, off, retlen, cred, p, NFSPROC_WRITEDS, - &mp, cp, NULL, NULL, NULL, NULL, 0, NULL); + error = nfsrv_proxyds(vp, off, retlen, nd->nd_cred, p, + NFSPROC_WRITEDS, &nd->nd_md, nd, NULL, NULL, NULL, + NULL, 0, NULL); if (error != ENOENT) { *stable = NFSWRITE_FILESYNC; return (error); } - if (*stable == NFSWRITE_UNSTABLE) ioflags = IO_NODELOCKED; else ioflags = (IO_SYNC | IO_NODELOCKED); - if ((mp->m_flags & (M_EXT | M_NOMAP)) == (M_EXT | M_NOMAP)) - error = nfsrv_createiovecw_extpgs(retlen, mp, cp, dextpg, - dextpgsiz, &iv, &cnt); + if ((nd->nd_md->m_flags & M_NOMAP) != 0) + error = nfsrv_createiovecw_extpgs(retlen, nd->nd_md, + nd->nd_dpos, nd->nd_dextpg, nd->nd_dextpgsiz, + &iv, &cnt); else - error = nfsrv_createiovecw(retlen, mp, cp, &iv, &cnt); + error = nfsrv_createiovecw(retlen, nd->nd_md, + nd->nd_dpos, &iv, &cnt); if (error != 0) return (error); uiop->uio_iov = iv; @@ -1162,7 +1163,7 @@ nfsvno_write(struct vnode *vp, off_t off, int retlen, ioflags |= nh->nh_seqcount << IO_SEQSHIFT; /* XXX KDM make this more systematic? */ nfsstatsv1.srvbytes[NFSV4OP_WRITE] += uiop->uio_resid; - error = VOP_WRITE(vp, uiop, ioflags, cred); + error = VOP_WRITE(vp, uiop, ioflags, nd->nd_cred); if (error == 0) nh->nh_nextoff = uiop->uio_offset; free(iv, M_TEMP); @@ -4635,7 +4636,7 @@ nfsrv_dssetacl(struct vnode *vp, struct acl *aclp, str static int nfsrv_proxyds(struct vnode *vp, off_t off, int cnt, struct ucred *cred, - struct thread *p, int ioproc, struct mbuf **mpp, char *cp, + struct thread *p, int ioproc, struct mbuf **mpp, struct nfsrv_descript *nd, struct mbuf **mpp2, struct nfsvattr *nap, struct acl *aclp, off_t *offp, int content, bool *eofp) { @@ -4767,7 +4768,7 @@ tryagain: } } else if (ioproc == NFSPROC_WRITEDS) error = nfsrv_writedsrpc(fh, off, cnt, cred, p, vp, - &nmp[0], mirrorcnt, mpp, cp, &failpos); + &nmp[0], mirrorcnt, mpp, nd, &failpos); else if (ioproc == NFSPROC_SETATTR) error = nfsrv_setattrdsrpc(fh, cred, p, vp, &nmp[0], mirrorcnt, nap, &failpos); @@ -5145,46 +5146,54 @@ nfsrv_readdsrpc(fhandle_t *fhp, off_t off, int len, st } /* - * Now, adjust first mbuf so that any XDR before the - * read data is skipped over. + * Now, get rid of mbuf data that preceeds the + * current position. For a regular mbuf, adjust + * m_data, m_len and then find the end of the read + * data and trim off any mbuf(s) after that. + * For an ext_pgs mbuf, split it and free the first + * and third mbuf chains. */ - if ((nd->nd_md->m_flags & (M_EXT | M_NOMAP)) == - (M_EXT | M_NOMAP)) - nfsm_trimatpos_extpgs(nd); - else { + tlen = NFSM_RNDUP(retlen); + if ((m->m_flags & M_NOMAP) != 0) { + trimlen = nfsm_extpgs_calc_offs(m, + nd->nd_dextpg, nd->nd_dextpgsiz); + nd->nd_mrep = mb_splitatpos_ext(m, trimlen, + M_WAITOK); + m_freem(m); + m = mb_splitatpos_ext(nd->nd_mrep, tlen, + M_WAITOK); + m_freem(m); + m = m_last(nd->nd_mrep); + } else { trimlen = nd->nd_dpos - mtod(m, char *); if (trimlen > 0) { m->m_len -= trimlen; - NFSM_DATAP(m, trimlen); + m->m_data += trimlen; } - } - /* - * Truncate the mbuf chain at retlen bytes of data, - * plus XDR padding that brings the length up to a - * multiple of 4. - */ - tlen = NFSM_RNDUP(retlen); - do { - if (m->m_len >= tlen) { - if ((m->m_flags & (M_EXT | M_NOMAP)) == - (M_EXT | M_NOMAP)) - nfsm_trimback_extpgs(m, tlen); - else + /* + * Truncate the mbuf chain at retlen bytes of + * data, plus XDR padding that brings the + * length up to a multiple of 4. + */ + do { + if (m->m_len >= tlen) { m->m_len = tlen; - tlen = 0; - m2 = m->m_next; - m->m_next = NULL; - m_freem(m2); - break; + tlen = 0; + m2 = m->m_next; + m->m_next = NULL; + m_freem(m2); + break; + } + tlen -= m->m_len; + m = m->m_next; + } while (m != NULL); + if (tlen > 0) { + printf("nfsrv_readdsrpc: busted mbuf " + "list\n"); + error = ENOENT; + goto nfsmout; } - tlen -= m->m_len; - m = m->m_next; - } while (m != NULL); - if (tlen > 0) { - printf("nfsrv_readdsrpc: busted mbuf list\n"); - error = ENOENT; - goto nfsmout; } *mpp = nd->nd_mrep; *mpendp = m; @@ -5258,12 +5267,14 @@ nfsrv_writedsdorpc(struct nfsmount *nmp, fhandle_t *fh /* Put data in mbuf chain. */ nd->nd_mb->m_next = m; + if ((m->m_flags & M_NOMAP) != 0) + nd->nd_flag |= ND_EXTPG; /* Set nd_mb and nd_bpos to end of data. */ while (m->m_next != NULL) m = m->m_next; nd->nd_mb = m; - nd->nd_bpos = mtod(m, char *) + m->m_len; + nfsm_set(nd, m->m_len, true); NFSD_DEBUG(4, "nfsrv_writedsdorpc: lastmb len=%d\n", m->m_len); /* Do a Getattr for the attributes that change upon writing. */ @@ -5346,12 +5357,13 @@ start_writedsdorpc(void *arg, int pending) static int nfsrv_writedsrpc(fhandle_t *fhp, off_t off, int len, struct ucred *cred, NFSPROC_T *p, struct vnode *vp, struct nfsmount **nmpp, int mirrorcnt, - struct mbuf **mpp, char *cp, int *failposp) + struct mbuf **mpp, struct nfsrv_descript *nd, int *failposp) { struct nfsrvwritedsdorpc *drpc, *tdrpc = NULL; struct nfsvattr na; - struct mbuf *m; + struct mbuf *m, *m1, *m2; int error, i, offs, ret, timo; + bool gotnomap; NFSD_DEBUG(4, "in nfsrv_writedsrpc\n"); KASSERT(*mpp != NULL, ("nfsrv_writedsrpc: NULL mbuf chain")); @@ -5360,11 +5372,27 @@ nfsrv_writedsrpc(fhandle_t *fhp, off_t off, int len, s tdrpc = drpc = malloc(sizeof(*drpc) * (mirrorcnt - 1), M_TEMP, M_WAITOK); - /* Calculate offset in mbuf chain that data starts. */ - offs = cp - mtod(*mpp, char *); - NFSD_DEBUG(4, "nfsrv_writedsrpc: mcopy offs=%d len=%d\n", offs, len); + NFSD_DEBUG(4, "nfsrv_writedsrpc: mcopy len=%d\n", len); /* + * For M_NOMAP mbufs, the mbuf chain needs to be split into 3 chains + * so that m_copym() can be done with offs == 0 and M_COPYALL. + * *mpp - Everything that preceeds the data to be written. + * m1 - The data to be written. + * m2 - Everything that follows the data to be written. + */ + m1 = *mpp; + gotnomap = false; + if ((m1->m_flags & M_NOMAP) != 0) { + gotnomap = true; + offs = nfsm_extpgs_calc_offs(nd->nd_md, nd->nd_dextpg, + nd->nd_dextpgsiz); + m1 = mb_splitatpos_ext(m1, offs, M_WAITOK); + m2 = mb_splitatpos_ext(m1, NFSM_RNDUP(len), M_WAITOK); + } else + offs = nd->nd_dpos - mtod(m1, char *); + + /* * Do the write RPC for every DS, using a separate kernel process * for every DS except the last one. */ @@ -5379,7 +5407,11 @@ nfsrv_writedsrpc(fhandle_t *fhp, off_t off, int len, s tdrpc->p = p; tdrpc->inprog = 0; tdrpc->err = 0; - tdrpc->m = m_copym(*mpp, offs, NFSM_RNDUP(len), M_WAITOK); + if (gotnomap) + tdrpc->m = m_copym(m1, 0, M_COPYALL, M_WAITOK); + else + tdrpc->m = m_copym(m1, offs, NFSM_RNDUP(len), + M_WAITOK); ret = EIO; if (nfs_pnfsiothreads != 0) { ret = nfs_pnfsio(start_writedsdorpc, tdrpc); @@ -5397,7 +5429,10 @@ nfsrv_writedsrpc(fhandle_t *fhp, off_t off, int len, s nmpp++; fhp++; } - m = m_copym(*mpp, offs, NFSM_RNDUP(len), M_WAITOK); + if (gotnomap) + m = m_copym(m1, 0, M_COPYALL, M_WAITOK); + else + m = m_copym(m1, offs, NFSM_RNDUP(len), M_WAITOK); ret = nfsrv_writedsdorpc(*nmpp, fhp, off, len, &na, m, cred, p); if (nfsds_failerr(ret) && *failposp == -1 && mirrorcnt > 1) *failposp = mirrorcnt - 1; @@ -5419,6 +5454,14 @@ nfsrv_writedsrpc(fhandle_t *fhp, off_t off, int len, s else if (error == 0 && tdrpc->err != 0) error = tdrpc->err; } + + /* For gotnomap, chain the lists back to-gether. */ + if (gotnomap) { + m_last(*mpp)->m_next = m1; + m_last(m1)->m_next = m2; + nd->nd_md = m1; + nfsm_set(nd, 0, false); + } free(drpc, M_TEMP); return (error); } @@ -6431,7 +6474,7 @@ nfsvno_setxattr(struct vnode *vp, char *name, int len, uiop->uio_td = p; uiop->uio_offset = 0; uiop->uio_resid = len; - if ((m->m_flags & (M_EXT | M_NOMAP)) == (M_EXT | M_NOMAP)) + if ((m->m_flags & M_NOMAP) != 0) error = nfsrv_createiovecw_extpgs(len, m, cp, dextpg, dextpgsiz, &iv, &cnt); else Modified: projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdserv.c ============================================================================== --- projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdserv.c Sun Mar 8 19:09:13 2020 (r358771) +++ projects/nfs-over-tls/sys/fs/nfsserver/nfs_nfsdserv.c Sun Mar 8 19:18:33 2020 (r358772) @@ -699,8 +699,7 @@ nfsrvd_readlink(struct nfsrv_descript *nd, __unused in if (mp != NULL) { nd->nd_mb->m_next = mp; nd->nd_mb = mpend; - if ((mpend->m_flags & (M_EXT | M_NOMAP)) == - (M_EXT | M_NOMAP)) { + if ((mpend->m_flags & M_NOMAP) != 0) { pgs = mpend->m_ext.ext_pgs; nd->nd_bextpg = pgs->npgs - 1; nd->nd_bpos = (char *)(void *) @@ -863,7 +862,8 @@ nfsrvd_read(struct nfsrv_descript *nd, __unused int is * Always use ext_pgs if ND_EXTPG is set. */ if ((nd->nd_flag & ND_EXTPG) != 0 || (PMAP_HAS_DMAP != 0 && - ((nd->nd_flag & ND_TLS) != 0 || nfs_use_ext_pgs))) + ((nd->nd_flag & ND_TLS) != 0 || (nfs_use_ext_pgs && + cnt > MCLBYTES)))) nd->nd_repstat = nfsvno_read(vp, off, cnt, nd->nd_cred, nd->nd_maxextsiz, p, &m3, &m2); else @@ -903,8 +903,7 @@ nfsrvd_read(struct nfsrv_descript *nd, __unused int is if (m3) { nd->nd_mb->m_next = m3; nd->nd_mb = m2; - if ((m2->m_flags & (M_EXT | M_NOMAP)) == - (M_EXT | M_NOMAP)) { + if ((m2->m_flags & M_NOMAP) != 0) { nd->nd_flag |= ND_EXTPG; pgs = m2->m_ext.ext_pgs; *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-projects@freebsd.org Tue Mar 10 06:49:45 2020 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CF53225A5A8 for ; Tue, 10 Mar 2020 06:49:45 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48c5LK0Tppz4Zks; Tue, 10 Mar 2020 06:49:45 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D643D1F83F; Tue, 10 Mar 2020 06:49:44 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02A6nirp037419; Tue, 10 Mar 2020 06:49:44 GMT (envelope-from dim@FreeBSD.org) Received: (from dim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02A6niKW037415; Tue, 10 Mar 2020 06:49:44 GMT (envelope-from dim@FreeBSD.org) Message-Id: <202003100649.02A6niKW037415@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: dim set sender to dim@FreeBSD.org using -f From: Dimitry Andric Date: Tue, 10 Mar 2020 06:49:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r358831 - in projects/clang1000-import: lib/clang lib/csu/arm lib/libc++ usr.bin/clang/clang X-SVN-Group: projects X-SVN-Commit-Author: dim X-SVN-Commit-Paths: in projects/clang1000-import: lib/clang lib/csu/arm lib/libc++ usr.bin/clang/clang X-SVN-Commit-Revision: 358831 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Mar 2020 06:49:46 -0000 Author: dim Date: Tue Mar 10 06:49:43 2020 New Revision: 358831 URL: https://svnweb.freebsd.org/changeset/base/358831 Log: Remove -mlong-calls vhen building arm libraries and llvm. Clang from 9.0.0 onwards already has the necessary relocation range extenders, so this workaround is no longer needed (it produces longer and slower code). Tested on real hardware, and in cross-compile environment. Submitted by: mmel Modified: projects/clang1000-import/lib/clang/llvm.build.mk projects/clang1000-import/lib/csu/arm/Makefile projects/clang1000-import/lib/libc++/Makefile projects/clang1000-import/usr.bin/clang/clang/Makefile Modified: projects/clang1000-import/lib/clang/llvm.build.mk ============================================================================== --- projects/clang1000-import/lib/clang/llvm.build.mk Tue Mar 10 06:29:59 2020 (r358830) +++ projects/clang1000-import/lib/clang/llvm.build.mk Tue Mar 10 06:49:43 2020 (r358831) @@ -110,8 +110,3 @@ CXXSTD?= c++14 CXXFLAGS+= -fno-exceptions CXXFLAGS+= -fno-rtti CXXFLAGS.clang+= -stdlib=libc++ - -.if ${MACHINE_CPUARCH} == "arm" -STATIC_CFLAGS+= -mlong-calls -STATIC_CXXFLAGS+= -mlong-calls -.endif Modified: projects/clang1000-import/lib/csu/arm/Makefile ============================================================================== --- projects/clang1000-import/lib/csu/arm/Makefile Tue Mar 10 06:29:59 2020 (r358830) +++ projects/clang1000-import/lib/csu/arm/Makefile Tue Mar 10 06:49:43 2020 (r358831) @@ -8,7 +8,6 @@ OBJS+= Scrt1.o gcrt1.o CFLAGS+= -I${.CURDIR:H}/common \ -I${SRCTOP}/lib/libc/include CFLAGS+= -DCRT_IRELOC_SUPPRESS -STATIC_CFLAGS+= -mlong-calls FILES= ${OBJS} FILESMODE= ${LIBMODE} Modified: projects/clang1000-import/lib/libc++/Makefile ============================================================================== --- projects/clang1000-import/lib/libc++/Makefile Tue Mar 10 06:29:59 2020 (r358830) +++ projects/clang1000-import/lib/libc++/Makefile Tue Mar 10 06:49:43 2020 (r358831) @@ -7,9 +7,6 @@ _LIBCXXRTDIR= ${SRCTOP}/contrib/libcxxrt HDRDIR= ${SRCTOP}/contrib/llvm-project/libcxx/include SRCDIR= ${SRCTOP}/contrib/llvm-project/libcxx/src CXXINCLUDEDIR= ${INCLUDEDIR}/c++/v${SHLIB_MAJOR} -.if ${MACHINE_CPUARCH} == "arm" -STATIC_CXXFLAGS+= -mlong-calls -.endif .PATH: ${SRCDIR} Modified: projects/clang1000-import/usr.bin/clang/clang/Makefile ============================================================================== --- projects/clang1000-import/usr.bin/clang/clang/Makefile Tue Mar 10 06:29:59 2020 (r358830) +++ projects/clang1000-import/usr.bin/clang/clang/Makefile Tue Mar 10 06:49:43 2020 (r358831) @@ -13,9 +13,6 @@ SRCS+= driver.cpp .if ${MK_SHARED_TOOLCHAIN} == "no" NO_SHARED?= yes -.if ${MACHINE_CPUARCH} == "arm" -CFLAGS+= -mlong-calls -.endif .endif LINKS= ${BINDIR}/clang ${BINDIR}/clang++ \ From owner-svn-src-projects@freebsd.org Tue Mar 10 07:04:09 2020 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7F92525A97D for ; Tue, 10 Mar 2020 07:04:09 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48c5fx3Wqfz4nYj; Tue, 10 Mar 2020 07:04:09 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 72EAD1FBDC; Tue, 10 Mar 2020 07:04:09 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02A749WO048872; Tue, 10 Mar 2020 07:04:09 GMT (envelope-from dim@FreeBSD.org) Received: (from dim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02A745HS048851; Tue, 10 Mar 2020 07:04:05 GMT (envelope-from dim@FreeBSD.org) Message-Id: <202003100704.02A745HS048851@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: dim set sender to dim@FreeBSD.org using -f From: Dimitry Andric Date: Tue, 10 Mar 2020 07:04:05 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r358832 - in projects/clang1000-import: . contrib/amd lib/libprocstat lib/libsecureboot lib/libsecureboot/h lib/libsecureboot/tests libexec/rc/rc.d release share/man/man5 share/man/man7... X-SVN-Group: projects X-SVN-Commit-Author: dim X-SVN-Commit-Paths: in projects/clang1000-import: . contrib/amd lib/libprocstat lib/libsecureboot lib/libsecureboot/h lib/libsecureboot/tests libexec/rc/rc.d release share/man/man5 share/man/man7 share/mk share/vt/fonts ... X-SVN-Commit-Revision: 358832 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Mar 2020 07:04:09 -0000 Author: dim Date: Tue Mar 10 07:04:05 2020 New Revision: 358832 URL: https://svnweb.freebsd.org/changeset/base/358832 Log: Merge ^/head r358731 through r358831. Added: projects/clang1000-import/stand/common/readin.h - copied unchanged from r358831, head/stand/common/readin.h projects/clang1000-import/sys/dev/iicbus/acpi_iicbus.c - copied unchanged from r358831, head/sys/dev/iicbus/acpi_iicbus.c projects/clang1000-import/sys/powerpc/booke/pmap_32.c - copied unchanged from r358831, head/sys/powerpc/booke/pmap_32.c projects/clang1000-import/sys/powerpc/booke/pmap_64.c - copied unchanged from r358831, head/sys/powerpc/booke/pmap_64.c Deleted: projects/clang1000-import/contrib/amd/ projects/clang1000-import/libexec/rc/rc.d/amd projects/clang1000-import/tools/build/options/WITHOUT_AMD projects/clang1000-import/tools/build/options/WITH_AMD projects/clang1000-import/usr.sbin/amd/ Modified: projects/clang1000-import/Makefile.inc1 projects/clang1000-import/ObsoleteFiles.inc projects/clang1000-import/UPDATING projects/clang1000-import/lib/libprocstat/libprocstat.c projects/clang1000-import/lib/libsecureboot/h/libsecureboot.h projects/clang1000-import/lib/libsecureboot/h/verify_file.h projects/clang1000-import/lib/libsecureboot/tests/tvo.c projects/clang1000-import/lib/libsecureboot/vectx.c projects/clang1000-import/lib/libsecureboot/verify_file.c projects/clang1000-import/libexec/rc/rc.d/Makefile projects/clang1000-import/release/Makefile projects/clang1000-import/share/man/man5/src.conf.5 projects/clang1000-import/share/man/man7/arch.7 projects/clang1000-import/share/mk/src.opts.mk projects/clang1000-import/share/vt/fonts/INDEX.fonts projects/clang1000-import/stand/common/bootstrap.h projects/clang1000-import/stand/common/interp_forth.c projects/clang1000-import/stand/common/interp_simple.c projects/clang1000-import/stand/common/load_elf.c projects/clang1000-import/stand/common/load_elf_obj.c projects/clang1000-import/stand/common/misc.c projects/clang1000-import/stand/common/module.c projects/clang1000-import/stand/efi/loader/arch/i386/i386_copy.c projects/clang1000-import/stand/efi/loader/copy.c projects/clang1000-import/stand/efi/loader/loader_efi.h projects/clang1000-import/stand/efi/loader/main.c projects/clang1000-import/stand/ficl/fileaccess.c projects/clang1000-import/stand/ficl/loader.c projects/clang1000-import/stand/i386/libi386/i386_copy.c projects/clang1000-import/stand/i386/libi386/libi386.h projects/clang1000-import/stand/i386/loader/chain.c projects/clang1000-import/stand/liblua/lstd.c projects/clang1000-import/stand/libofw/libofw.h projects/clang1000-import/stand/libofw/ofw_copy.c projects/clang1000-import/stand/loader.mk projects/clang1000-import/stand/mips/beri/loader/arch.c projects/clang1000-import/stand/powerpc/kboot/main.c projects/clang1000-import/stand/uboot/lib/copy.c projects/clang1000-import/stand/uboot/lib/libuboot.h projects/clang1000-import/stand/userboot/userboot/copy.c projects/clang1000-import/stand/userboot/userboot/libuserboot.h projects/clang1000-import/sys/arm64/rockchip/rk_pcie.c projects/clang1000-import/sys/conf/files projects/clang1000-import/sys/dev/aacraid/aacraid.c projects/clang1000-import/sys/dev/acpica/acpi.c projects/clang1000-import/sys/dev/acpica/acpivar.h projects/clang1000-import/sys/dev/cpufreq/cpufreq_dt.c projects/clang1000-import/sys/dev/ichiic/ig4_iic.c projects/clang1000-import/sys/dev/iicbus/iicbus.c projects/clang1000-import/sys/dev/iicbus/iicbus.h projects/clang1000-import/sys/dev/usb/controller/xhci.c projects/clang1000-import/sys/dev/usb/input/wmt.c projects/clang1000-import/sys/dev/usb/usb_hub.c projects/clang1000-import/sys/fs/fifofs/fifo_vnops.c projects/clang1000-import/sys/fs/fuse/fuse_internal.c projects/clang1000-import/sys/kern/kern_descrip.c projects/clang1000-import/sys/kern/kern_linker.c projects/clang1000-import/sys/kern/sys_pipe.c projects/clang1000-import/sys/kern/uipc_ktls.c projects/clang1000-import/sys/modules/i2c/iicbus/Makefile projects/clang1000-import/sys/net/ieee8023ad_lacp.c projects/clang1000-import/sys/net/ieee8023ad_lacp.h projects/clang1000-import/sys/net/if_lagg.c projects/clang1000-import/sys/net/if_var.h projects/clang1000-import/sys/netinet/in_pcb.c projects/clang1000-import/sys/netinet/tcp_ratelimit.c projects/clang1000-import/sys/powerpc/booke/pmap.c projects/clang1000-import/sys/riscv/sifive/fu540_spi.c projects/clang1000-import/sys/sys/filedesc.h projects/clang1000-import/sys/sys/pipe.h projects/clang1000-import/sys/sys/seqc.h projects/clang1000-import/sys/ufs/ffs/ffs_alloc.c projects/clang1000-import/sys/ufs/ffs/ffs_suspend.c projects/clang1000-import/sys/vm/uma_core.c projects/clang1000-import/sys/vm/uma_int.h projects/clang1000-import/tests/sys/fs/fusefs/fsync.cc projects/clang1000-import/tests/sys/fs/fusefs/notify.cc projects/clang1000-import/tests/sys/net/if_bridge_test.sh projects/clang1000-import/tools/build/mk/OptionalObsoleteFiles.inc projects/clang1000-import/usr.bin/posixshmcontrol/posixshmcontrol.c projects/clang1000-import/usr.sbin/Makefile projects/clang1000-import/usr.sbin/newsyslog/newsyslog.conf.d/Makefile Directory Properties: projects/clang1000-import/ (props changed) Modified: projects/clang1000-import/Makefile.inc1 ============================================================================== --- projects/clang1000-import/Makefile.inc1 Tue Mar 10 06:49:43 2020 (r358831) +++ projects/clang1000-import/Makefile.inc1 Tue Mar 10 07:04:05 2020 (r358832) @@ -2284,11 +2284,6 @@ _basic_bootstrap_tools+=sbin/sysctl bin/chflags # mkfifo is used by sys/conf/newvers.sh _basic_bootstrap_tools+=usr.bin/mkfifo -.if ${MK_AMD} != "no" -# unifdef is only used by usr.sbin/amd/libamu/Makefile -_basic_bootstrap_tools+=usr.bin/unifdef -.endif - .if ${MK_BOOT} != "no" _basic_bootstrap_tools+=bin/dd # xz/unxz is used by EFI Modified: projects/clang1000-import/ObsoleteFiles.inc ============================================================================== --- projects/clang1000-import/ObsoleteFiles.inc Tue Mar 10 06:49:43 2020 (r358831) +++ projects/clang1000-import/ObsoleteFiles.inc Tue Mar 10 07:04:05 2020 (r358832) @@ -273,6 +273,28 @@ OLD_DIRS+=usr/lib/clang/9.0.1/lib/freebsd OLD_DIRS+=usr/lib/clang/9.0.1/lib OLD_DIRS+=usr/lib/clang/9.0.1 +# 20200309: amd(8) retired +OLD_FILES+=etc/amd.map +OLD_FILES+=etc/newsyslog.conf.d/amd.conf +OLD_FILES+=etc/rc.d/amd +OLD_FILES+=usr/bin/pawd +OLD_FILES+=usr/sbin/amd +OLD_FILES+=usr/sbin/amq +OLD_FILES+=usr/sbin/fixmount +OLD_FILES+=usr/sbin/fsinfo +OLD_FILES+=usr/sbin/hlfsd +OLD_FILES+=usr/sbin/mk-amd-map +OLD_FILES+=usr/sbin/wire-test +OLD_FILES+=usr/share/examples/etc/amd.map +OLD_FILES+=usr/share/man/man1/pawd.1.gz +OLD_FILES+=usr/share/man/man5/amd.conf.5.gz +OLD_FILES+=usr/share/man/man8/amd.8.gz +OLD_FILES+=usr/share/man/man8/amq.8.gz +OLD_FILES+=usr/share/man/man8/fixmount.8.gz +OLD_FILES+=usr/share/man/man8/fsinfo.8.gz +OLD_FILES+=usr/share/man/man8/hlfsd.8.gz +OLD_FILES+=usr/share/man/man8/mk-amd-map.8.gz +OLD_FILES+=usr/share/man/man8/wire-test.8.gz # 20200301: bktr removed OLD_DIRS+=usr/include/dev/bktr OLD_FILES+=usr/include/dev/bktr/ioctl_bktr.h Modified: projects/clang1000-import/UPDATING ============================================================================== --- projects/clang1000-import/UPDATING Tue Mar 10 06:49:43 2020 (r358831) +++ projects/clang1000-import/UPDATING Tue Mar 10 07:04:05 2020 (r358832) @@ -32,6 +32,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: information about prerequisites and upgrading, if you are not already using clang 3.5.0 or higher. +20200309: + The amd(8) automount daemon has been removed from the source tree. + As of FreeBSD 10.1 autofs(5) is the preferred tool for automounting. + amd is still available in the sysutils/am-utils port. + 20200301: Removed brooktree driver (bktr.4) from the tree. Modified: projects/clang1000-import/lib/libprocstat/libprocstat.c ============================================================================== --- projects/clang1000-import/lib/libprocstat/libprocstat.c Tue Mar 10 06:49:43 2020 (r358831) +++ projects/clang1000-import/lib/libprocstat/libprocstat.c Tue Mar 10 07:04:05 2020 (r358832) @@ -460,6 +460,7 @@ procstat_getfiles_kvm(struct procstat *procstat, struc struct file file; struct filedesc filed; struct pwd pwd; + unsigned long pwd_addr; struct vm_map_entry vmentry; struct vm_object object; struct vmspace vmspace; @@ -488,10 +489,10 @@ procstat_getfiles_kvm(struct procstat *procstat, struc return (NULL); } haspwd = false; - if (filed.fd_pwd != NULL) { - if (!kvm_read_all(kd, (unsigned long)filed.fd_pwd, &pwd, - sizeof(pwd))) { - warnx("can't read fd_pwd at %p", (void *)filed.fd_pwd); + pwd_addr = (unsigned long)(FILEDESC_KVM_LOAD_PWD(&filed)); + if (pwd_addr != 0) { + if (!kvm_read_all(kd, pwd_addr, &pwd, sizeof(pwd))) { + warnx("can't read fd_pwd at %p", (void *)pwd_addr); return (NULL); } haspwd = true; Modified: projects/clang1000-import/lib/libsecureboot/h/libsecureboot.h ============================================================================== --- projects/clang1000-import/lib/libsecureboot/h/libsecureboot.h Tue Mar 10 06:49:43 2020 (r358831) +++ projects/clang1000-import/lib/libsecureboot/h/libsecureboot.h Tue Mar 10 07:04:05 2020 (r358832) @@ -69,12 +69,6 @@ void fingerprint_info_add(const char *, const char *, int ve_check_hash(br_hash_compat_context *, const br_hash_class *, const char *, const char *, size_t); -struct vectx; -struct vectx* vectx_open(int, const char *, off_t, struct stat *, int *); -ssize_t vectx_read(struct vectx *, void *, size_t); -off_t vectx_lseek(struct vectx *, off_t, int); -int vectx_close(struct vectx *); - char * hexdigest(char *, size_t, unsigned char *, size_t); int verify_fd(int, const char *, off_t, struct stat *); int verify_open(const char *, int); Modified: projects/clang1000-import/lib/libsecureboot/h/verify_file.h ============================================================================== --- projects/clang1000-import/lib/libsecureboot/h/verify_file.h Tue Mar 10 06:49:43 2020 (r358831) +++ projects/clang1000-import/lib/libsecureboot/h/verify_file.h Tue Mar 10 07:04:05 2020 (r358832) @@ -39,13 +39,21 @@ struct stat; -void ve_debug_set(int); -int ve_status_get(int); -void ve_efi_init(void); -int load_manifest(const char *, const char *, const char *, struct stat *); -int pass_manifest(const char *, const char *); -int pass_manifest_export_envs(void); -int verify_file(int, const char *, off_t, int); -void verify_pcr_export(void); +int verify_prep(int, const char *, off_t, struct stat *, const char *); +void ve_debug_set(int); +char *ve_error_get(void); +void ve_efi_init(void); +int ve_status_get(int); +int load_manifest(const char *, const char *, const char *, struct stat *); +int pass_manifest(const char *, const char *); +int pass_manifest_export_envs(void); +int verify_file(int, const char *, off_t, int, const char *); +void verify_pcr_export(void); + +struct vectx; +struct vectx* vectx_open(int, const char *, off_t, struct stat *, int *, const char *); +ssize_t vectx_read(struct vectx *, void *, size_t); +off_t vectx_lseek(struct vectx *, off_t, int); +int vectx_close(struct vectx *, int, const char *); #endif /* _VERIFY_FILE_H_ */ Modified: projects/clang1000-import/lib/libsecureboot/tests/tvo.c ============================================================================== --- projects/clang1000-import/lib/libsecureboot/tests/tvo.c Tue Mar 10 06:49:43 2020 (r358831) +++ projects/clang1000-import/lib/libsecureboot/tests/tvo.c Tue Mar 10 07:04:05 2020 (r358832) @@ -31,6 +31,8 @@ __FBSDID("$FreeBSD$"); #include #include +size_t DestdirLen; +char *Destdir; char *Skip; int @@ -42,7 +44,10 @@ main(int argc, char *argv[]) int Vflag; char *cp; char *prefix; + char *destdir; + Destdir = NULL; + DestdirLen = 0; prefix = NULL; Skip = NULL; @@ -50,8 +55,12 @@ main(int argc, char *argv[]) printf("Trust %d\n", n); Vflag = 0; - while ((c = getopt(argc, argv, "dp:s:T:V")) != -1) { + while ((c = getopt(argc, argv, "D:dp:s:T:V")) != -1) { switch (c) { + case 'D': + Destdir = optarg; + DestdirLen = strlen(optarg); + break; case 'd': DebugVe++; break; @@ -92,7 +101,7 @@ main(int argc, char *argv[]) */ int x; - x = verify_file(fd, argv[optind], 0, VE_GUESS); + x = verify_file(fd, argv[optind], 0, VE_GUESS, __func__); printf("verify_file(%s) = %d\n", argv[optind], x); close(fd); } @@ -147,7 +156,7 @@ main(int argc, char *argv[]) lseek(fd, 0, SEEK_SET); off = st.st_size % 512; vp = vectx_open(fd, argv[optind], off, - &st, &error); + &st, &error, __func__); if (!vp) { printf("vectx_open(%s) failed: %d %s\n", argv[optind], error, @@ -155,7 +164,8 @@ main(int argc, char *argv[]) } else { off = vectx_lseek(vp, (st.st_size % 1024), SEEK_SET); - + /* we can seek backwards! */ + off = vectx_lseek(vp, off/2, SEEK_SET); if (off < st.st_size) { n = vectx_read(vp, buf, sizeof(buf)); @@ -165,7 +175,7 @@ main(int argc, char *argv[]) off = vectx_lseek(vp, 0, SEEK_END); /* repeating that should be harmless */ off = vectx_lseek(vp, 0, SEEK_END); - error = vectx_close(vp); + error = vectx_close(vp, VE_MUST, __func__); if (error) { printf("vectx_close(%s) == %d %s\n", argv[optind], error, Modified: projects/clang1000-import/lib/libsecureboot/vectx.c ============================================================================== --- projects/clang1000-import/lib/libsecureboot/vectx.c Tue Mar 10 06:49:43 2020 (r358831) +++ projects/clang1000-import/lib/libsecureboot/vectx.c Tue Mar 10 07:04:05 2020 (r358832) @@ -33,6 +33,7 @@ __FBSDID("$FreeBSD$"); #endif #include "libsecureboot-priv.h" +#include /** * @file vectx.c @@ -50,12 +51,14 @@ struct vectx { const char *vec_path; /* path we are verifying */ const char *vec_want; /* hash value we want */ off_t vec_off; /* current offset */ + off_t vec_hashed; /* where we have hashed to */ size_t vec_size; /* size of path */ size_t vec_hashsz; /* size of hash */ int vec_fd; /* file descriptor */ int vec_status; /* verification status */ }; + /** * @brief * verify an open file as we read it @@ -86,24 +89,31 @@ struct vectx { * NULL is only returned for non-files or out-of-memory. */ struct vectx * -vectx_open(int fd, const char *path, off_t off, struct stat *stp, int *error) +vectx_open(int fd, const char *path, off_t off, struct stat *stp, + int *error, const char *caller) { struct vectx *ctx; struct stat st; size_t hashsz; char *cp; + int rc; - if (!stp) { - if (fstat(fd, &st) == 0) - stp = &st; - } + if (!stp) + stp = &st; - /* we *should* only get called for files */ - if (stp && !S_ISREG(stp->st_mode)) { - *error = 0; + rc = verify_prep(fd, path, off, stp, __func__); + + DEBUG_PRINTF(2, + ("vectx_open: caller=%s,name='%s',prep_rc=%d\n", + caller,path, rc)); + + switch (rc) { + case VE_FINGERPRINT_NONE: + case VE_FINGERPRINT_UNKNOWN: + case VE_FINGERPRINT_WRONG: + *error = rc; return (NULL); } - ctx = malloc(sizeof(struct vectx)); if (!ctx) goto enomem; @@ -111,10 +121,16 @@ vectx_open(int fd, const char *path, off_t off, struct ctx->vec_path = path; ctx->vec_size = stp->st_size; ctx->vec_off = 0; + ctx->vec_hashed = 0; ctx->vec_want = NULL; ctx->vec_status = 0; - hashsz = 0; + ctx->vec_hashsz = hashsz = 0; + if (rc == 0) { + /* we are not verifying this */ + *error = 0; + return (ctx); + } cp = fingerprint_info_lookup(fd, path); if (!cp) { ctx->vec_status = VE_FINGERPRINT_NONE; @@ -161,6 +177,10 @@ vectx_open(int fd, const char *path, off_t off, struct vectx_lseek(ctx, off, SEEK_SET); } } + DEBUG_PRINTF(2, + ("vectx_open: caller=%s,name='%s',hashsz=%lu,status=%d\n", + caller, path, (unsigned long)ctx->vec_hashsz, + ctx->vec_status)); return (ctx); enomem: /* unlikely */ @@ -175,6 +195,8 @@ enomem: /* unlikely */ * * It is critical that all file I/O comes through here. * We keep track of current offset. + * We also track what offset we have hashed to, + * so we won't replay data if we seek backwards. * * @param[in] pctx * pointer to ctx @@ -190,6 +212,8 @@ vectx_read(struct vectx *ctx, void *buf, size_t nbytes { unsigned char *bp = buf; int n; + int delta; + int x; size_t off; if (ctx->vec_hashsz == 0) /* nothing to do */ @@ -201,9 +225,20 @@ vectx_read(struct vectx *ctx, void *buf, size_t nbytes if (n < 0) return (n); if (n > 0) { - ctx->vec_md->update(&ctx->vec_ctx.vtable, &bp[off], n); - off += n; - ctx->vec_off += n; + /* we may have seeked backwards! */ + delta = ctx->vec_hashed - ctx->vec_off; + if (delta > 0) { + x = MIN(delta, n); + off += x; + n -= x; + ctx->vec_off += x; + } + if (n > 0) { + ctx->vec_md->update(&ctx->vec_ctx.vtable, &bp[off], n); + off += n; + ctx->vec_off += n; + ctx->vec_hashed += n; + } } } while (n > 0 && off < nbytes); return (off); @@ -213,10 +248,10 @@ vectx_read(struct vectx *ctx, void *buf, size_t nbytes * @brief * vectx equivalent of lseek * - * We do not actually, seek, but call vectx_read + * When seeking forwards we actually call vectx_read * to reach the desired offset. * - * We do not support seeking backwards. + * We support seeking backwards. * * @param[in] pctx * pointer to ctx @@ -225,6 +260,8 @@ vectx_read(struct vectx *ctx, void *buf, size_t nbytes * desired offset * * @param[in] whence + * We try to convert whence to ``SEEK_SET``. + * We do not support ``SEEK_DATA`` or ``SEEK_HOLE``. * * @return offset or error. */ @@ -239,22 +276,26 @@ vectx_lseek(struct vectx *ctx, off_t off, int whence) return (lseek(ctx->vec_fd, off, whence)); /* - * Try to convert whence to SEEK_SET - * but we cannot support seeking backwards! - * Nor beyond end of file. + * Convert whence to SEEK_SET */ if (whence == SEEK_END && off <= 0) { whence = SEEK_SET; off += ctx->vec_size; - } else if (whence == SEEK_CUR && off >= 0) { + } else if (whence == SEEK_CUR) { whence = SEEK_SET; off += ctx->vec_off; } - if (whence != SEEK_SET || off < ctx->vec_off || + if (whence != SEEK_SET || (size_t)off > ctx->vec_size) { - printf("ERROR: %s: unsupported operation\n", __func__); + printf("ERROR: %s: unsupported operation: whence=%d off=%lld -> %lld\n", + __func__, whence, (long long)ctx->vec_off, (long long)off); return (-1); } + if (off < ctx->vec_hashed) { + /* seeking backwards! just do it */ + ctx->vec_off = lseek(ctx->vec_fd, off, whence); + return (ctx->vec_off); + } n = 0; do { delta = off - ctx->vec_off; @@ -281,16 +322,35 @@ vectx_lseek(struct vectx *ctx, off_t off, int whence) * @return 0 or an error. */ int -vectx_close(struct vectx *ctx) +vectx_close(struct vectx *ctx, int severity, const char *caller) { int rc; if (ctx->vec_hashsz == 0) { rc = ctx->vec_status; } else { +#ifdef VE_PCR_SUPPORT + /* + * Only update pcr with things that must verify + * these tend to be processed in a more deterministic + * order, which makes our pseudo pcr more useful. + */ + ve_pcr_updating_set((severity == VE_MUST)); +#endif rc = ve_check_hash(&ctx->vec_ctx, ctx->vec_md, ctx->vec_path, ctx->vec_want, ctx->vec_hashsz); } + DEBUG_PRINTF(2, + ("vectx_close: caller=%s,name='%s',rc=%d,severity=%d\n", + caller,ctx->vec_path, rc, severity)); + if (severity > VE_WANT || rc == VE_FINGERPRINT_WRONG) + printf("%serified %s\n", (rc <= 0) ? "Unv" : "V", + ctx->vec_path); +#if !defined(UNIT_TEST) && !defined(DEBUG_VECTX) + /* we are generally called with VE_MUST */ + if (severity > VE_WANT && rc == VE_FINGERPRINT_WRONG) + panic("cannot continue"); +#endif free(ctx); return ((rc < 0) ? rc : 0); } Modified: projects/clang1000-import/lib/libsecureboot/verify_file.c ============================================================================== --- projects/clang1000-import/lib/libsecureboot/verify_file.c Tue Mar 10 06:49:43 2020 (r358831) +++ projects/clang1000-import/lib/libsecureboot/verify_file.c Tue Mar 10 07:04:05 2020 (r358832) @@ -43,6 +43,8 @@ __FBSDID("$FreeBSD$"); * define MANIFEST_SKIP to Skip - in tests/tvo.c so that * tvo can control the value we use in find_manifest() */ +extern char *Destdir; +extern size_t DestdirLen; extern char *Skip; # undef MANIFEST_SKIP # define MANIFEST_SKIP Skip @@ -167,12 +169,21 @@ load_manifest(const char *name, const char *prefix, ve_utc_set(stp->st_mtime); content = (char *)verify_signed(name, VEF_VERBOSE); if (content) { +#ifdef UNIT_TEST + if (DestdirLen > 0 && + strncmp(name, Destdir, DestdirLen) == 0) { + name += DestdirLen; + if (prefix && + strncmp(prefix, Destdir, DestdirLen) == 0) + prefix += DestdirLen; + } +#endif fingerprint_info_add(name, prefix, skip, content, stp); add_verify_status(stp, VE_VERIFIED); loaded_manifests = 1; /* we are verifying! */ DEBUG_PRINTF(3, ("loaded: %s %s %s\n", name, prefix, skip)); - rc = 0; + rc = VE_VERIFIED; } else { rc = VE_FINGERPRINT_WRONG; add_verify_status(stp, rc); /* remember */ @@ -245,13 +256,15 @@ severity_guess(const char *filename) return (VE_WANT); } +static int Verifying = -1; /* 0 if not verifying */ + static void verify_tweak(int fd, off_t off, struct stat *stp, char *tweak, int *accept_no_fp, - int *verbose, int *verifying) + int *verbose) { if (strcmp(tweak, "off") == 0) { - *verifying = 0; + Verifying = 0; } else if (strcmp(tweak, "strict") == 0) { /* anything caller wants verified must be */ *accept_no_fp = VE_WANT; @@ -314,7 +327,59 @@ getenv_int(const char *var, int def) return (int)val; } + /** + * @brief prepare to verify an open file + * + * @param[in] fd + * open descriptor + * + * @param[in] filename + * path we opened and will use to lookup fingerprint + * + * @param[in] stp + * stat pointer so we can check file type + */ +int +verify_prep(int fd, const char *filename, off_t off, struct stat *stp, + const char *caller) +{ + int rc; + + if (Verifying < 0) { + Verifying = ve_trust_init(); +#ifndef UNIT_TEST + ve_debug_set(getenv_int("VE_DEBUG_LEVEL", VE_DEBUG_LEVEL)); +#endif + /* initialize ve_status with default result */ + rc = Verifying ? VE_NOT_CHECKED : VE_NOT_VERIFYING; + ve_status_set(0, rc); + ve_status_state = VE_STATUS_NONE; + if (Verifying) { + ve_self_tests(); + ve_anchor_verbose_set(1); + } + } + if (!Verifying || fd < 0) + return (0); + if (stp) { + if (fstat(fd, stp) < 0 || !S_ISREG(stp->st_mode)) + return (0); + } + DEBUG_PRINTF(2, + ("caller=%s,fd=%d,name='%s',off=%lld,dev=%lld,ino=%lld\n", + caller, fd, filename, (long long)off, (long long)stp->st_dev, + (long long)stp->st_ino)); + rc = is_verified(stp); + if (rc == VE_NOT_CHECKED) { + rc = find_manifest(filename); + } else { + ve_status_set(fd, rc); + } + return (rc); +} + +/** * @brief verify an open file * * @param[in] fd @@ -342,45 +407,26 @@ getenv_int(const char *var, int def) * @return >= 0 on success < 0 on failure */ int -verify_file(int fd, const char *filename, off_t off, int severity) +verify_file(int fd, const char *filename, off_t off, int severity, + const char *caller) { - static int verifying = -1; + static int once; static int accept_no_fp = ACCEPT_NO_FP_DEFAULT; static int verbose = VE_VERBOSE_DEFAULT; struct stat st; char *cp; int rc; - if (verifying < 0) { - verifying = ve_trust_init(); - verbose = getenv_int("VE_VERBOSE", VE_VERBOSE_DEFAULT); - ve_debug_set(getenv_int("VE_DEBUG_LEVEL", VE_DEBUG_LEVEL)); - /* initialize ve_status with default result */ - rc = verifying ? VE_NOT_CHECKED : VE_NOT_VERIFYING; - ve_status_set(0, rc); - ve_status_state = VE_STATUS_NONE; - if (verifying) { - ve_self_tests(); - ve_anchor_verbose_set(1); - } - } - if (!verifying) - return (0); + rc = verify_prep(fd, filename, off, &st, caller); - if (fd < 0 || fstat(fd, &st) < 0 || !S_ISREG(st.st_mode)) + if (!rc) return (0); - DEBUG_PRINTF(3, ("fd=%d,name='%s',off=%lld,dev=%lld,ino=%lld\n", - fd, filename, (long long)off, (long long)st.st_dev, - (long long)st.st_ino)); - - - rc = is_verified(&st); - if (rc != VE_NOT_CHECKED) { - ve_status_set(fd, rc); - return (rc); + if (!once) { + once++; + verbose = getenv_int("VE_VERBOSE", VE_VERBOSE_DEFAULT); } - rc = find_manifest(filename); + if (rc != VE_FINGERPRINT_WRONG && loaded_manifests) { if (severity <= VE_GUESS) severity = severity_guess(filename); @@ -392,6 +438,12 @@ verify_file(int fd, const char *filename, off_t off, i */ ve_pcr_updating_set((severity == VE_MUST)); #endif +#ifdef UNIT_TEST + if (DestdirLen > 0 && + strncmp(filename, Destdir, DestdirLen) == 0) { + filename += DestdirLen; + } +#endif if ((rc = verify_fd(fd, filename, off, &st)) >= 0) { if (verbose || severity > VE_WANT) { #if defined(VE_DEBUG_LEVEL) && VE_DEBUG_LEVEL > 0 @@ -412,8 +464,7 @@ verify_file(int fd, const char *filename, off_t off, i if (strncmp(cp, "loader.ve.", 10) == 0) { cp += 10; verify_tweak(fd, off, &st, cp, - &accept_no_fp, &verbose, - &verifying); + &accept_no_fp, &verbose); } } } Modified: projects/clang1000-import/libexec/rc/rc.d/Makefile ============================================================================== --- projects/clang1000-import/libexec/rc/rc.d/Makefile Tue Mar 10 06:49:43 2020 (r358831) +++ projects/clang1000-import/libexec/rc/rc.d/Makefile Tue Mar 10 07:04:05 2020 (r358832) @@ -141,12 +141,6 @@ ACPIPACKAGE= acpi CONFS+= powerd .endif -.if ${MK_AMD} != "no" -CONFGROUPS+= AMD -AMD+= amd -AMDPACKAGE= amd -.endif - .if ${MK_APM} != "no" CONFGROUPS+= APM APM+= apm Modified: projects/clang1000-import/release/Makefile ============================================================================== --- projects/clang1000-import/release/Makefile Tue Mar 10 06:49:43 2020 (r358831) +++ projects/clang1000-import/release/Makefile Tue Mar 10 07:04:05 2020 (r358832) @@ -192,7 +192,7 @@ disc1: packagesystem # Install system mkdir -p ${.TARGET} cd ${WORLDDIR} && ${IMAKE} installkernel installworld distribution \ - DESTDIR=${.OBJDIR}/${.TARGET} MK_AMD=no MK_AT=no \ + DESTDIR=${.OBJDIR}/${.TARGET} MK_AT=no \ MK_INSTALLLIB=no MK_LIB32=no MK_MAIL=no \ MK_TOOLCHAIN=no MK_PROFILE=no \ MK_RESCUE=no MK_DICT=no \ @@ -221,7 +221,7 @@ bootonly: packagesystem # Install system mkdir -p ${.TARGET} cd ${WORLDDIR} && ${IMAKE} installkernel installworld distribution \ - DESTDIR=${.OBJDIR}/${.TARGET} MK_AMD=no MK_AT=no \ + DESTDIR=${.OBJDIR}/${.TARGET} MK_AT=no \ MK_GAMES=no \ MK_INSTALLLIB=no MK_LIB32=no MK_MAIL=no \ MK_TOOLCHAIN=no MK_PROFILE=no \ Modified: projects/clang1000-import/share/man/man5/src.conf.5 ============================================================================== --- projects/clang1000-import/share/man/man5/src.conf.5 Tue Mar 10 06:49:43 2020 (r358831) +++ projects/clang1000-import/share/man/man5/src.conf.5 Tue Mar 10 07:04:05 2020 (r358832) @@ -1,6 +1,6 @@ .\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman. .\" $FreeBSD$ -.Dd February 29, 2020 +.Dd March 9, 2020 .Dt SRC.CONF 5 .Os .Sh NAME @@ -100,13 +100,6 @@ Set to not build .Xr acpiconf 8 , .Xr acpidump 8 and related programs. -.It Va WITH_AMD -Set to build the legacy -.Xr amd 8 -automount daemon and related programs. -Note that -.Xr autofs 5 -is the preferred automount technique. .It Va WITHOUT_APM Set to not build .Xr apm 8 , @@ -162,6 +155,10 @@ is set explicitly) (unless .Va WITHOUT_LOADER_VERIEXEC is set explicitly) +.It Va WITH_LOADER_VERIEXEC_VECTX +(unless +.Va WITHOUT_LOADER_VERIEXEC_VECTX +is set explicitly) .It Va WITH_VERIEXEC (unless .Va WITHOUT_VERIEXEC @@ -1105,6 +1102,10 @@ When set, these options are also in effect: .It Va WITH_LOADER_EFI_SECUREBOOT (unless .Va WITHOUT_LOADER_EFI_SECUREBOOT +is set explicitly) +.It Va WITH_LOADER_VERIEXEC_VECTX +(unless +.Va WITHOUT_LOADER_VERIEXEC_VECTX is set explicitly) .El .It Va WITH_LOADER_VERIEXEC_PASS_MANIFEST Modified: projects/clang1000-import/share/man/man7/arch.7 ============================================================================== --- projects/clang1000-import/share/man/man7/arch.7 Tue Mar 10 06:49:43 2020 (r358831) +++ projects/clang1000-import/share/man/man7/arch.7 Tue Mar 10 07:04:05 2020 (r358832) @@ -26,7 +26,7 @@ .\" .\" $FreeBSD$ .\" -.Dd January 8, 2020 +.Dd March 8, 2020 .Dt ARCH 7 .Os .Sh NAME @@ -69,7 +69,6 @@ and should be avoided. .Pp On some architectures, e.g., -.Dv sparc64 , .Dv powerpc and AIM variants of .Dv powerpc64 , @@ -210,7 +209,6 @@ Machine-dependent type sizes: .It powerpc64 Ta 8 Ta 8 Ta 8 .It riscv64 Ta 8 Ta 16 Ta 8 .It riscv64sf Ta 8 Ta 16 Ta 8 -.It sparc64 Ta 8 Ta 16 Ta 8 .El .Pp .Sy time_t @@ -237,7 +235,6 @@ is 8 bytes on all supported architectures except i386. .It powerpc64 Ta big Ta unsigned .It riscv64 Ta little Ta signed .It riscv64sf Ta little Ta signed -.It sparc64 Ta big Ta signed .El .Ss Page Size .Bl -column -offset indent "Sy Architecture" "Sy Page Sizes" @@ -261,7 +258,6 @@ is 8 bytes on all supported architectures except i386. .It powerpc64 Ta 4K .It riscv64 Ta 4K .It riscv64sf Ta 4K -.It sparc64 Ta 8K .El .Ss Floating Point .Bl -column -offset indent "Sy Architecture" "Sy float, double" "Sy long double" @@ -285,7 +281,6 @@ is 8 bytes on all supported architectures except i386. .It powerpc64 Ta hard Ta hard, double precision .It riscv64 Ta hard Ta hard, double precision .It riscv64sf Ta soft Ta soft, double precision -.It sparc64 Ta hard Ta hard, quad precision .El .Ss Default Tool Chain .Fx uses a variety of tool chain components for the supported CPU @@ -321,18 +316,9 @@ This table shows the default tool chain for each archi .It powerpc64 Ta Clang Ta lld .It riscv64 Ta Clang Ta lld .It riscv64sf Ta Clang Ta lld -.It sparc64 Ta GCC(1) Ta GNU ld(1) .El .Pp (1) External toolchain provided by ports/packages. -.Pp -Note that GCC 4.2.1 is deprecated, and scheduled for removal on 2020-03-31. -Any CPU architectures not migrated by then -(to either base system Clang or external toolchain) -may be removed from the tree after that date. -make universe will not build mips or sparc64 -architectures unless the xtoolchain binaries have been installed for -the architecture. .Ss MACHINE_ARCH vs MACHINE_CPUARCH vs MACHINE .Dv MACHINE_CPUARCH should be preferred in Makefiles when the generic @@ -353,7 +339,6 @@ or similar things like boot sequences. .It mips Ta mips Ta mips, mipsel, mips64, mips64el, mipshf, mipselhf, mips64elhf, mipsn32 .It powerpc Ta powerpc Ta powerpc, powerpcspe, powerpc64 .It riscv Ta riscv Ta riscv64, riscv64sf -.It sparc64 Ta sparc64 Ta sparc64 .El .Ss Predefined Macros The compiler provides a number of predefined macros. @@ -399,7 +384,6 @@ Architecture-specific macros: .It powerpc64 Ta Dv __powerpc__, Dv __powerpc64__ .It riscv64 Ta Dv __riscv, Dv __riscv_xlen == 64 .It riscv64sf Ta Dv __riscv, Dv __riscv_xlen == 64 -.It sparc64 Ta Dv __sparc64__ .El .Pp Compilers may define additional variants of architecture-specific macros. Modified: projects/clang1000-import/share/mk/src.opts.mk ============================================================================== --- projects/clang1000-import/share/mk/src.opts.mk Tue Mar 10 06:49:43 2020 (r358831) +++ projects/clang1000-import/share/mk/src.opts.mk Tue Mar 10 07:04:05 2020 (r358832) @@ -194,7 +194,6 @@ __DEFAULT_YES_OPTIONS = \ ZONEINFO __DEFAULT_NO_OPTIONS = \ - AMD \ BEARSSL \ BSD_GREP \ CLANG_EXTRAS \ @@ -222,6 +221,7 @@ __DEFAULT_DEPENDENT_OPTIONS= \ CLANG_FULL/CLANG \ LOADER_VERIEXEC/BEARSSL \ LOADER_EFI_SECUREBOOT/LOADER_VERIEXEC \ + LOADER_VERIEXEC_VECTX/LOADER_VERIEXEC \ VERIEXEC/BEARSSL \ # MK_*_SUPPORT options which default to "yes" unless their corresponding Modified: projects/clang1000-import/share/vt/fonts/INDEX.fonts ============================================================================== --- projects/clang1000-import/share/vt/fonts/INDEX.fonts Tue Mar 10 06:49:43 2020 (r358831) +++ projects/clang1000-import/share/vt/fonts/INDEX.fonts Tue Mar 10 07:04:05 2020 (r358832) @@ -34,9 +34,9 @@ MENU:fr:Choisissez votre fonte écran FONT:en:vgarom-8x14.fnt # -gallant.fnt:en:Gallant Character set, 8x16 -gallant.fnt:da:Gallant-tegnsæt, 8x16 -gallant.fnt:de:Gallant Zeichensatz, 8x16 +gallant.fnt:en:Gallant Character set, 12x22 +gallant.fnt:da:Gallant-tegnsæt, 12x22 +gallant.fnt:de:Gallant Zeichensatz, 12x22 terminus-b32.fnt:en:Terminus BSD Console, size 32 terminus-b32.fnt:da:Terminus BSD-konsol, størrelse 32 Modified: projects/clang1000-import/stand/common/bootstrap.h ============================================================================== --- projects/clang1000-import/stand/common/bootstrap.h Tue Mar 10 06:49:43 2020 (r358831) +++ projects/clang1000-import/stand/common/bootstrap.h Tue Mar 10 07:04:05 2020 (r358832) @@ -33,6 +33,8 @@ #include #include +#include "readin.h" + /* Commands and return values; nonzero return sets command_errmsg != NULL */ typedef int (bootblk_cmd_t)(int argc, char *argv[]); #define COMMAND_ERRBUFSZ (256) @@ -70,8 +72,8 @@ void hexdump(caddr_t region, size_t len); size_t strlenout(vm_offset_t str); char *strdupout(vm_offset_t str); void kern_bzero(vm_offset_t dest, size_t len); -int kern_pread(int fd, vm_offset_t dest, size_t len, off_t off); -void *alloc_pread(int fd, off_t off, size_t len); +int kern_pread(readin_handle_t fd, vm_offset_t dest, size_t len, off_t off); +void *alloc_pread(readin_handle_t fd, off_t off, size_t len); /* bcache.c */ void bcache_init(size_t nblks, size_t bsize); @@ -303,7 +305,7 @@ struct arch_switch ssize_t (*arch_copyout)(const vm_offset_t src, void *dest, const size_t len); /* Read from file to module address space, same semantics as read() */ - ssize_t (*arch_readin)(const int fd, vm_offset_t dest, + ssize_t (*arch_readin)(readin_handle_t fd, vm_offset_t dest, const size_t len); /* Perform ISA byte port I/O (only for systems with ISA) */ int (*arch_isainb)(int port); @@ -347,10 +349,6 @@ time_t time(time_t *tloc); #ifndef CTASSERT #define CTASSERT(x) _Static_assert(x, "compile-time assertion failed") -#endif - -#ifdef LOADER_VERIEXEC -#include #endif #endif /* !_BOOTSTRAP_H_ */ Modified: projects/clang1000-import/stand/common/interp_forth.c ============================================================================== --- projects/clang1000-import/stand/common/interp_forth.c Tue Mar 10 06:49:43 2020 (r358831) +++ projects/clang1000-import/stand/common/interp_forth.c Tue Mar 10 07:04:05 2020 (r358832) @@ -284,7 +284,7 @@ bf_init(void) /* try to load and run init file if present */ if ((fd = open("/boot/boot.4th", O_RDONLY)) != -1) { #ifdef LOADER_VERIEXEC - if (verify_file(fd, "/boot/boot.4th", 0, VE_GUESS) < 0) { + if (verify_file(fd, "/boot/boot.4th", 0, VE_GUESS, __func__) < 0) { close(fd); return; } @@ -386,7 +386,7 @@ interp_include(const char *filename) } #ifdef LOADER_VERIEXEC - if (verify_file(fd, filename, 0, VE_GUESS) < 0) { + if (verify_file(fd, filename, 0, VE_GUESS, __func__) < 0) { close(fd); sprintf(command_errbuf,"can't verify '%s'", filename); return(CMD_ERROR); Modified: projects/clang1000-import/stand/common/interp_simple.c ============================================================================== --- projects/clang1000-import/stand/common/interp_simple.c Tue Mar 10 06:49:43 2020 (r358831) +++ projects/clang1000-import/stand/common/interp_simple.c Tue Mar 10 07:04:05 2020 (r358832) @@ -97,7 +97,7 @@ interp_include(const char *filename) } #ifdef LOADER_VERIEXEC - if (verify_file(fd, filename, 0, VE_GUESS) < 0) { + if (verify_file(fd, filename, 0, VE_GUESS, __func__) < 0) { close(fd); sprintf(command_errbuf,"can't verify '%s'", filename); return(CMD_ERROR); Modified: projects/clang1000-import/stand/common/load_elf.c ============================================================================== --- projects/clang1000-import/stand/common/load_elf.c Tue Mar 10 06:49:43 2020 (r358831) +++ projects/clang1000-import/stand/common/load_elf.c Tue Mar 10 07:04:05 2020 (r358832) @@ -71,8 +71,17 @@ typedef struct elf_file { size_t firstlen; int kernel; uint64_t off; +#ifdef LOADER_VERIEXEC_VECTX + struct vectx *vctx; +#endif } *elf_file_t; +#ifdef LOADER_VERIEXEC_VECTX +#define VECTX_HANDLE(ef) (ef)->vctx +#else +#define VECTX_HANDLE(ef) (ef)->fd +#endif + static int __elfN(loadimage)(struct preloaded_file *mp, elf_file_t ef, uint64_t loadaddr); static int __elfN(lookup_symbol)(struct preloaded_file *mp, elf_file_t ef, @@ -214,7 +223,20 @@ __elfN(load_elf_header)(char *filename, elf_file_t ef) close(ef->fd); return (ENOMEM); } - bytes_read = read(ef->fd, ef->firstpage, PAGE_SIZE); +#ifdef LOADER_VERIEXEC_VECTX + { + int verror; + + ef->vctx = vectx_open(ef->fd, filename, 0L, NULL, &verror, __func__); + if (verror) { + printf("Unverified %s: %s\n", filename, ve_error_get()); + close(ef->fd); + free(ef->vctx); + return (EAUTH); + } + } +#endif + bytes_read = VECTX_READ(VECTX_HANDLE(ef), ef->firstpage, PAGE_SIZE); ef->firstlen = (size_t)bytes_read; if (bytes_read < 0 || ef->firstlen <= sizeof(Elf_Ehdr)) { err = EFTYPE; /* could be EIO, but may be small file */ @@ -245,10 +267,10 @@ __elfN(load_elf_header)(char *filename, elf_file_t ef) goto error; } -#ifdef LOADER_VERIEXEC - if (verify_file(ef->fd, filename, bytes_read, VE_MUST) < 0) { - err = EAUTH; - goto error; +#if defined(LOADER_VERIEXEC) && !defined(LOADER_VERIEXEC_VECTX) + if (verify_file(ef->fd, filename, bytes_read, VE_MUST, __func__) < 0) { + err = EAUTH; + goto error; } #endif return (0); @@ -259,6 +281,9 @@ error: ef->firstpage = NULL; } if (ef->fd != -1) { +#ifdef LOADER_VERIEXEC_VECTX + free(ef->vctx); +#endif close(ef->fd); ef->fd = -1; } @@ -415,8 +440,20 @@ oerr: out: if (ef.firstpage) free(ef.firstpage); - if (ef.fd != -1) + if (ef.fd != -1) { +#ifdef LOADER_VERIEXEC_VECTX + if (!err && ef.vctx) { + int verror; + + verror = vectx_close(ef.vctx, VE_MUST, __func__); + if (verror) { + err = EAUTH; + file_discard(fp); + } + } +#endif close(ef.fd); + } return (err); } @@ -562,7 +599,8 @@ __elfN(loadimage)(struct preloaded_file *fp, elf_file_ phdr[i].p_vaddr + off, fpcopy); } if (phdr[i].p_filesz > fpcopy) { - if (kern_pread(ef->fd, phdr[i].p_vaddr + off + fpcopy, + if (kern_pread(VECTX_HANDLE(ef), + phdr[i].p_vaddr + off + fpcopy, phdr[i].p_filesz - fpcopy, phdr[i].p_offset + fpcopy) != 0) { printf("\nelf" __XSTRING(__ELF_WORD_SIZE) @@ -606,7 +644,7 @@ __elfN(loadimage)(struct preloaded_file *fp, elf_file_ chunk = (size_t)ehdr->e_shnum * (size_t)ehdr->e_shentsize; if (chunk == 0 || ehdr->e_shoff == 0) goto nosyms; - shdr = alloc_pread(ef->fd, ehdr->e_shoff, chunk); *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-projects@freebsd.org Tue Mar 10 07:05:05 2020 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EAA6C25A9AB for ; Tue, 10 Mar 2020 07:05:05 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48c5h143Lfz4nwD; Tue, 10 Mar 2020 07:05:05 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 84F561FBDE; Tue, 10 Mar 2020 07:05:05 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02A7552h048973; Tue, 10 Mar 2020 07:05:05 GMT (envelope-from dim@FreeBSD.org) Received: (from dim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02A755uq048971; Tue, 10 Mar 2020 07:05:05 GMT (envelope-from dim@FreeBSD.org) Message-Id: <202003100705.02A755uq048971@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: dim set sender to dim@FreeBSD.org using -f From: Dimitry Andric Date: Tue, 10 Mar 2020 07:05:05 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r358833 - projects/clang1000-import X-SVN-Group: projects X-SVN-Commit-Author: dim X-SVN-Commit-Paths: projects/clang1000-import X-SVN-Commit-Revision: 358833 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Mar 2020 07:05:06 -0000 Author: dim Date: Tue Mar 10 07:05:04 2020 New Revision: 358833 URL: https://svnweb.freebsd.org/changeset/base/358833 Log: Set tentative dates. Modified: projects/clang1000-import/ObsoleteFiles.inc projects/clang1000-import/UPDATING Modified: projects/clang1000-import/ObsoleteFiles.inc ============================================================================== --- projects/clang1000-import/ObsoleteFiles.inc Tue Mar 10 07:04:05 2020 (r358832) +++ projects/clang1000-import/ObsoleteFiles.inc Tue Mar 10 07:05:04 2020 (r358833) @@ -36,7 +36,7 @@ # xargs -n1 | sort | uniq -d; # done -# 2020mmdd: new clang import which bumps version from 9.0.1 to 10.0.0. +# 20200310: new clang import which bumps version from 9.0.1 to 10.0.0. OLD_FILES+=usr/lib/clang/9.0.1/include/cuda_wrappers/algorithm OLD_FILES+=usr/lib/clang/9.0.1/include/cuda_wrappers/complex OLD_FILES+=usr/lib/clang/9.0.1/include/cuda_wrappers/new Modified: projects/clang1000-import/UPDATING ============================================================================== --- projects/clang1000-import/UPDATING Tue Mar 10 07:04:05 2020 (r358832) +++ projects/clang1000-import/UPDATING Tue Mar 10 07:05:04 2020 (r358833) @@ -26,7 +26,7 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) -2020mmdd: +20200310: Clang, llvm, lld, lldb, compiler-rt, libc++, libunwind and openmp have been upgraded to 10.0.0. Please see the 20141231 entry below for information about prerequisites and upgrading, if you are not already From owner-svn-src-projects@freebsd.org Tue Mar 10 17:49:12 2020 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 203BD26B5AC for ; Tue, 10 Mar 2020 17:49:12 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48cMzC3FjHz449W; Tue, 10 Mar 2020 17:49:11 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 39BD3271D7; Tue, 10 Mar 2020 17:49:11 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02AHnBDN035112; Tue, 10 Mar 2020 17:49:11 GMT (envelope-from dim@FreeBSD.org) Received: (from dim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02AHn9Z7035102; Tue, 10 Mar 2020 17:49:09 GMT (envelope-from dim@FreeBSD.org) Message-Id: <202003101749.02AHn9Z7035102@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: dim set sender to dim@FreeBSD.org using -f From: Dimitry Andric Date: Tue, 10 Mar 2020 17:49:09 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r358849 - in projects/clang1000-import: lib/libusb sys/amd64/vmm/intel sys/amd64/vmm/io sys/compat/linux sys/sys X-SVN-Group: projects X-SVN-Commit-Author: dim X-SVN-Commit-Paths: in projects/clang1000-import: lib/libusb sys/amd64/vmm/intel sys/amd64/vmm/io sys/compat/linux sys/sys X-SVN-Commit-Revision: 358849 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Mar 2020 17:49:12 -0000 Author: dim Date: Tue Mar 10 17:49:09 2020 New Revision: 358849 URL: https://svnweb.freebsd.org/changeset/base/358849 Log: Merge ^/head r358832 through r358848. Modified: projects/clang1000-import/lib/libusb/libusb_global_linux.h projects/clang1000-import/sys/amd64/vmm/intel/vmx.c projects/clang1000-import/sys/amd64/vmm/io/vlapic.c projects/clang1000-import/sys/amd64/vmm/io/vlapic.h projects/clang1000-import/sys/compat/linux/linux_ioctl.c projects/clang1000-import/sys/compat/linux/linux_ioctl.h projects/clang1000-import/sys/sys/param.h Directory Properties: projects/clang1000-import/ (props changed) Modified: projects/clang1000-import/lib/libusb/libusb_global_linux.h ============================================================================== --- projects/clang1000-import/lib/libusb/libusb_global_linux.h Tue Mar 10 16:53:49 2020 (r358848) +++ projects/clang1000-import/lib/libusb/libusb_global_linux.h Tue Mar 10 17:49:09 2020 (r358849) @@ -77,4 +77,11 @@ } while (0) #endif +#ifndef TAILQ_FOREACH_SAFE +#define TAILQ_FOREACH_SAFE(var, head, field, tvar) \ + for ((var) = TAILQ_FIRST((head)); \ + (var) && ((tvar) = TAILQ_NEXT((var), field), 1); \ + (var) = (tvar)) +#endif + #endif /* _LIBUSB_GLOBAL_LINUX_H_ */ Modified: projects/clang1000-import/sys/amd64/vmm/intel/vmx.c ============================================================================== --- projects/clang1000-import/sys/amd64/vmm/intel/vmx.c Tue Mar 10 16:53:49 2020 (r358848) +++ projects/clang1000-import/sys/amd64/vmm/intel/vmx.c Tue Mar 10 17:49:09 2020 (r358849) @@ -175,6 +175,10 @@ static int cap_invpcid; SYSCTL_INT(_hw_vmm_vmx_cap, OID_AUTO, invpcid, CTLFLAG_RD, &cap_invpcid, 0, "Guests are allowed to use INVPCID"); +static int tpr_shadowing; +SYSCTL_INT(_hw_vmm_vmx_cap, OID_AUTO, tpr_shadowing, CTLFLAG_RD, + &tpr_shadowing, 0, "TPR shadowing support"); + static int virtual_interrupt_delivery; SYSCTL_INT(_hw_vmm_vmx_cap, OID_AUTO, virtual_interrupt_delivery, CTLFLAG_RD, &virtual_interrupt_delivery, 0, "APICv virtual interrupt delivery support"); @@ -630,7 +634,7 @@ vmx_restore(void) static int vmx_init(int ipinum) { - int error, use_tpr_shadow; + int error; uint64_t basic, fixed0, fixed1, feature_control; uint32_t tmp, procbased2_vid_bits; @@ -754,6 +758,24 @@ vmx_init(int ipinum) &tmp) == 0); /* + * Check support for TPR shadow. + */ + error = vmx_set_ctlreg(MSR_VMX_PROCBASED_CTLS, + MSR_VMX_TRUE_PROCBASED_CTLS, PROCBASED_USE_TPR_SHADOW, 0, + &tmp); + if (error == 0) { + tpr_shadowing = 1; + TUNABLE_INT_FETCH("hw.vmm.vmx.use_tpr_shadowing", + &tpr_shadowing); + } + + if (tpr_shadowing) { + procbased_ctls |= PROCBASED_USE_TPR_SHADOW; + procbased_ctls &= ~PROCBASED_CR8_LOAD_EXITING; + procbased_ctls &= ~PROCBASED_CR8_STORE_EXITING; + } + + /* * Check support for virtual interrupt delivery. */ procbased2_vid_bits = (PROCBASED2_VIRTUALIZE_APIC_ACCESSES | @@ -761,13 +783,9 @@ vmx_init(int ipinum) PROCBASED2_APIC_REGISTER_VIRTUALIZATION | PROCBASED2_VIRTUAL_INTERRUPT_DELIVERY); - use_tpr_shadow = (vmx_set_ctlreg(MSR_VMX_PROCBASED_CTLS, - MSR_VMX_TRUE_PROCBASED_CTLS, PROCBASED_USE_TPR_SHADOW, 0, - &tmp) == 0); - error = vmx_set_ctlreg(MSR_VMX_PROCBASED_CTLS2, MSR_VMX_PROCBASED_CTLS2, procbased2_vid_bits, 0, &tmp); - if (error == 0 && use_tpr_shadow) { + if (error == 0 && tpr_shadowing) { virtual_interrupt_delivery = 1; TUNABLE_INT_FETCH("hw.vmm.vmx.use_apic_vid", &virtual_interrupt_delivery); @@ -779,13 +797,6 @@ vmx_init(int ipinum) procbased_ctls2 &= ~PROCBASED2_VIRTUALIZE_X2APIC_MODE; /* - * No need to emulate accesses to %CR8 if virtual - * interrupt delivery is enabled. - */ - procbased_ctls &= ~PROCBASED_CR8_LOAD_EXITING; - procbased_ctls &= ~PROCBASED_CR8_STORE_EXITING; - - /* * Check for Posted Interrupts only if Virtual Interrupt * Delivery is enabled. */ @@ -1054,10 +1065,13 @@ vmx_vminit(struct vm *vm, pmap_t pmap) vmx->ctx[i].guest_dr6 = DBREG_DR6_RESERVED1; error += vmwrite(VMCS_GUEST_DR7, DBREG_DR7_RESERVED1); - if (virtual_interrupt_delivery) { - error += vmwrite(VMCS_APIC_ACCESS, APIC_ACCESS_ADDRESS); + if (tpr_shadowing) { error += vmwrite(VMCS_VIRTUAL_APIC, vtophys(&vmx->apic_page[i])); + } + + if (virtual_interrupt_delivery) { + error += vmwrite(VMCS_APIC_ACCESS, APIC_ACCESS_ADDRESS); error += vmwrite(VMCS_EOI_EXIT0, 0); error += vmwrite(VMCS_EOI_EXIT1, 0); error += vmwrite(VMCS_EOI_EXIT2, 0); @@ -2661,6 +2675,12 @@ vmx_exit_process(struct vmx *vmx, int vcpu, struct vm_ SDT_PROBE3(vmm, vmx, exit, mwait, vmx, vcpu, vmexit); vmexit->exitcode = VM_EXITCODE_MWAIT; break; + case EXIT_REASON_TPR: + vlapic = vm_lapic(vmx->vm, vcpu); + vlapic_sync_tpr(vlapic); + vmexit->inst_length = 0; + handled = HANDLED; + break; case EXIT_REASON_VMCALL: case EXIT_REASON_VMCLEAR: case EXIT_REASON_VMLAUNCH: @@ -2947,6 +2967,16 @@ vmx_run(void *arg, int vcpu, register_t rip, pmap_t pm } /* + * If TPR Shadowing is enabled, the TPR Threshold + * must be updated right before entering the guest. + */ + if (tpr_shadowing && !virtual_interrupt_delivery) { + if ((vmx->cap[vcpu].proc_ctls & PROCBASED_USE_TPR_SHADOW) != 0) { + vmcs_write(VMCS_TPR_THRESHOLD, vlapic_get_cr8(vlapic)); + } + } + + /* * VM exits restore the base address but not the * limits of GDTR and IDTR. The VMCS only stores the * base address, so VM exits set the limits to 0xffff. @@ -3634,10 +3664,33 @@ vmx_set_tmr(struct vlapic *vlapic, int vector, bool le } static void -vmx_enable_x2apic_mode(struct vlapic *vlapic) +vmx_enable_x2apic_mode_ts(struct vlapic *vlapic) { struct vmx *vmx; struct vmcs *vmcs; + uint32_t proc_ctls; + int vcpuid; + + vcpuid = vlapic->vcpuid; + vmx = ((struct vlapic_vtx *)vlapic)->vmx; + vmcs = &vmx->vmcs[vcpuid]; + + proc_ctls = vmx->cap[vcpuid].proc_ctls; + proc_ctls &= ~PROCBASED_USE_TPR_SHADOW; + proc_ctls |= PROCBASED_CR8_LOAD_EXITING; + proc_ctls |= PROCBASED_CR8_STORE_EXITING; + vmx->cap[vcpuid].proc_ctls = proc_ctls; + + VMPTRLD(vmcs); + vmcs_write(VMCS_PRI_PROC_BASED_CTLS, proc_ctls); + VMCLEAR(vmcs); +} + +static void +vmx_enable_x2apic_mode_vid(struct vlapic *vlapic) +{ + struct vmx *vmx; + struct vmcs *vmcs; uint32_t proc_ctls2; int vcpuid, error; @@ -3795,12 +3848,16 @@ vmx_vlapic_init(void *arg, int vcpuid) vlapic_vtx->pir_desc = &vmx->pir_desc[vcpuid]; vlapic_vtx->vmx = vmx; + if (tpr_shadowing) { + vlapic->ops.enable_x2apic_mode = vmx_enable_x2apic_mode_ts; + } + if (virtual_interrupt_delivery) { vlapic->ops.set_intr_ready = vmx_set_intr_ready; vlapic->ops.pending_intr = vmx_pending_intr; vlapic->ops.intr_accepted = vmx_intr_accepted; vlapic->ops.set_tmr = vmx_set_tmr; - vlapic->ops.enable_x2apic_mode = vmx_enable_x2apic_mode; + vlapic->ops.enable_x2apic_mode = vmx_enable_x2apic_mode_vid; } if (posted_interrupts) Modified: projects/clang1000-import/sys/amd64/vmm/io/vlapic.c ============================================================================== --- projects/clang1000-import/sys/amd64/vmm/io/vlapic.c Tue Mar 10 16:53:49 2020 (r358848) +++ projects/clang1000-import/sys/amd64/vmm/io/vlapic.c Tue Mar 10 17:49:09 2020 (r358849) @@ -555,6 +555,12 @@ vlapic_update_ppr(struct vlapic *vlapic) VLAPIC_CTR1(vlapic, "vlapic_update_ppr 0x%02x", ppr); } +void +vlapic_sync_tpr(struct vlapic *vlapic) +{ + vlapic_update_ppr(vlapic); +} + static VMM_STAT(VLAPIC_GRATUITOUS_EOI, "EOI without any in-service interrupt"); static void @@ -1079,6 +1085,8 @@ vlapic_pending_intr(struct vlapic *vlapic, int *vecptr int idx, i, bitpos, vector; uint32_t *irrptr, val; + vlapic_update_ppr(vlapic); + if (vlapic->ops.pending_intr) return ((*vlapic->ops.pending_intr)(vlapic, vecptr)); @@ -1136,7 +1144,6 @@ vlapic_intr_accepted(struct vlapic *vlapic, int vector panic("isrvec_stk_top overflow %d", stk_top); vlapic->isrvec_stk[stk_top] = vector; - vlapic_update_ppr(vlapic); } void Modified: projects/clang1000-import/sys/amd64/vmm/io/vlapic.h ============================================================================== --- projects/clang1000-import/sys/amd64/vmm/io/vlapic.h Tue Mar 10 16:53:49 2020 (r358848) +++ projects/clang1000-import/sys/amd64/vmm/io/vlapic.h Tue Mar 10 17:49:09 2020 (r358849) @@ -74,6 +74,8 @@ void vlapic_post_intr(struct vlapic *vlapic, int hostc void vlapic_fire_cmci(struct vlapic *vlapic); int vlapic_trigger_lvt(struct vlapic *vlapic, int vector); +void vlapic_sync_tpr(struct vlapic *vlapic); + uint64_t vlapic_get_apicbase(struct vlapic *vlapic); int vlapic_set_apicbase(struct vlapic *vlapic, uint64_t val); void vlapic_set_x2apic_state(struct vm *vm, int vcpuid, enum x2apic_state s); Modified: projects/clang1000-import/sys/compat/linux/linux_ioctl.c ============================================================================== --- projects/clang1000-import/sys/compat/linux/linux_ioctl.c Tue Mar 10 16:53:49 2020 (r358848) +++ projects/clang1000-import/sys/compat/linux/linux_ioctl.c Tue Mar 10 17:49:09 2020 (r358849) @@ -3488,6 +3488,9 @@ linux_ioctl_fbsd_usb(struct thread *td, struct linux_i case FBSD_LUSB_GET_POWER_USAGE: args->cmd = USB_GET_POWER_USAGE; break; + case FBSD_LUSB_DEVICESTATS: + args->cmd = USB_DEVICESTATS; + break; default: error = ENOIOCTL; } Modified: projects/clang1000-import/sys/compat/linux/linux_ioctl.h ============================================================================== --- projects/clang1000-import/sys/compat/linux/linux_ioctl.h Tue Mar 10 16:53:49 2020 (r358848) +++ projects/clang1000-import/sys/compat/linux/linux_ioctl.h Tue Mar 10 17:49:09 2020 (r358849) @@ -743,9 +743,10 @@ #define FBSD_LUSB_FS_OPEN_STREAM 0xffdf #define FBSD_LUSB_GET_DEV_PORT_PATH 0xffde #define FBSD_LUSB_GET_POWER_USAGE 0xffdd +#define FBSD_LUSB_DEVICESTATS 0xffdc #define FBSD_LUSB_MAX 0xffff -#define FBSD_LUSB_MIN 0xffdd +#define FBSD_LUSB_MIN 0xffdc /* * Linux btrfs clone operation Modified: projects/clang1000-import/sys/sys/param.h ============================================================================== --- projects/clang1000-import/sys/sys/param.h Tue Mar 10 16:53:49 2020 (r358848) +++ projects/clang1000-import/sys/sys/param.h Tue Mar 10 17:49:09 2020 (r358849) @@ -60,7 +60,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 1300082 /* Master, propagated to newvers */ +#define __FreeBSD_version 1300083 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, From owner-svn-src-projects@freebsd.org Tue Mar 10 17:55:49 2020 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 36EF826B9E5 for ; Tue, 10 Mar 2020 17:55:49 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48cN6r6Z63z4MKb; Tue, 10 Mar 2020 17:55:48 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A722B273A3; Tue, 10 Mar 2020 17:55:48 +0000 (UTC) (envelope-from dim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02AHtmV1040982; Tue, 10 Mar 2020 17:55:48 GMT (envelope-from dim@FreeBSD.org) Received: (from dim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02AHtmgP040981; Tue, 10 Mar 2020 17:55:48 GMT (envelope-from dim@FreeBSD.org) Message-Id: <202003101755.02AHtmgP040981@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: dim set sender to dim@FreeBSD.org using -f From: Dimitry Andric Date: Tue, 10 Mar 2020 17:55:48 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r358850 - in projects/clang1000-import: . contrib/llvm-project/clang contrib/llvm-project/llvm X-SVN-Group: projects X-SVN-Commit-Author: dim X-SVN-Commit-Paths: in projects/clang1000-import: . contrib/llvm-project/clang contrib/llvm-project/llvm X-SVN-Commit-Revision: 358850 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Mar 2020 17:55:49 -0000 Author: dim Date: Tue Mar 10 17:55:48 2020 New Revision: 358850 URL: https://svnweb.freebsd.org/changeset/base/358850 Log: Bash Subversion over the head with a cluestick. Modified: Directory Properties: projects/clang1000-import/ (props changed) projects/clang1000-import/contrib/llvm-project/clang/ (props changed) projects/clang1000-import/contrib/llvm-project/llvm/ (props changed) From owner-svn-src-projects@freebsd.org Thu Mar 12 16:15:05 2020 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1456A2652D3 for ; Thu, 12 Mar 2020 16:15:05 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48dYnh5VFlz4X32; Thu, 12 Mar 2020 16:15:04 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7643727D6E; Thu, 12 Mar 2020 16:15:04 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 02CGF4io012552; Thu, 12 Mar 2020 16:15:04 GMT (envelope-from ngie@FreeBSD.org) Received: (from ngie@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 02CGF4ja012551; Thu, 12 Mar 2020 16:15:04 GMT (envelope-from ngie@FreeBSD.org) Message-Id: <202003121615.02CGF4ja012551@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ngie set sender to ngie@FreeBSD.org using -f From: Enji Cooper Date: Thu, 12 Mar 2020 16:15:04 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r358915 - projects/import-googletest-1.10.0 X-SVN-Group: projects X-SVN-Commit-Author: ngie X-SVN-Commit-Paths: projects/import-googletest-1.10.0 X-SVN-Commit-Revision: 358915 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Mar 2020 16:15:05 -0000 Author: ngie Date: Thu Mar 12 16:15:03 2020 New Revision: 358915 URL: https://svnweb.freebsd.org/changeset/base/358915 Log: Open branch for importing googletest 1.10.0 The aim of this branch is to update contrib/googletest in base (1.8.1) to 1.10.0 (the last official release by Google). Added: - copied from r358914, head/ Directory Properties: projects/import-googletest-1.10.0/ (props changed)