Without this patch, the kgssapi uses detailed knowledge
of the internal context structure for Heimdal (up to vers 1.5).
It also does four upcalls to the gssd daemon to establish
a server side RPCSEC_GSS context.
This patch adds support for three new upcalls:
gss_init_sec_context_lucid_v1()
gss_accept_sec_context_lucid_v1()
gss_supports_lucid()
These are used to determine if the gssd can do the upcalls
and uses them to avoid needing detailed Heimdal knowledge
if they are supported.
gss_init_sec_context_lucid_v1() and
gss_accept_sec_context_lucid_v1() return the information
needed to complete the RPCSEC_GSS context.
They use gss_krb5_export_lucid_sec_context() to acquire
the information from the libraries. (MIT Kerberos supports
this and I believe newer versions of Heimdal does, as well).
This avoids the need for detailed knowledge about MIT's
internals and replaces the 2 or 4 (initiator or acceptor) upcalls
with a single upcall to create the RPCSEC_GSS context.
The old Heimdal (up to 1.5) support is left intact, but should
be removed whenever Heimdal 1.5 is removed from /usr/src.
It also modifies the Makefile so that the gssd is only built
when MK_KERBEROS_SUPPORT != "no", since it is useless without
Kerberos.
Reviewed by: cy
Differeential Revision: https://reviews.freebsd.org/D51731
Differeential Revision: https://reviews.freebsd.org/D51733
lib/libgssapi is based on Heimdal. As on Linux systems, the MIT
libgssapi_krb5 replaces it. With both gssapi libraries and header files
installed results in broken buildworld (gssd) and ports that will not
build without modifications to support the MIT gssapi in an alternate
location.
73ed0c7992 removed the MIT GSSAPI headers from /usr/include. Apps using
MIT KRB5 gssapi functions and structures will fail to build without this
patch.
This patch includes a temporary patch to usr.sbin/gssd to allow it
to build with this patch. rmacklem@ has a patch for this and for
kgssapi that uses this patch to resolve kgssapi issues for NFS with
Kerberos.
This patch is an updated version of D51661 to allow it to build following
additional patchs to the tree.
This should have been implmented with 7e35117eb0.
Fixes: 7e35117eb0, 73ed0c7992
Differential Revision: https://reviews.freebsd.org/D51661
Support PSCI CPU_OFF by suspending the CPU and removing it from the
running CPU set.
Reviewed by: markj
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D51768
We need the MPIDR value in a few places in userspace. Rather than
calculate it ask the kernel to give it to us. This allows us to change
how it is calculated without having to change userspace.
Reviewed by: markj
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D51763
This should have been added with 8ae1d55bfc ("bhyve/arm64: Mark CPU0
as on at boot").
Fixes: 8ae1d55bfc ("bhyve/arm64: Mark CPU0 as on at boot")
Sponsored by: Arm Ltd
These are deprecated, but in the mean time, move them to another
package. routed in particularly doesn't need to be in -runtime.
Reviewed by: manu
Differential Revision: https://reviews.freebsd.org/D51783
It was missed from the set. As it's the boot CPU it starts on.
Reviewed by: markj
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D51767
When multiple CPUs try to start the same CPU only one should return
success, the other CPUs should see either ON_PENDING or ALREADY_ON.
There was a race between checking if the CPU is on and marking it as
on in the running_cpumask CPU set.
Fix the race by using CPU_TEST_SET_ATOMIC to both check and set the
state in running_cpumask.
Reviewed by: markj
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D51766
Fix a number of style issues and attempt to reduce the diff to NetBSD.
Reviewed by: glebius, kib
Differential Revision: https://reviews.freebsd.org/D51773
Until cy@ commits his change, this change is needed to
make the gssd build. It will not actually work correctly
until the cy@ commit is done.
I will revert this patch then.
Without this patch, the kgssapi uses detailed knowledge
of the internal context structure for Heimdal (up to vers 1.5).
It also does four upcalls to the gssd daemon to establish
a server side RPCSEC_GSS context.
This patch adds support for three new upcalls:
gss_init_sec_context_lucid_v1()
gss_accept_sec_context_lucid_v1()
gss_supports_lucid()
These are used to determine if the gssd can do the upcalls
and uses them to avoid needing detailed Heimdal knowledge
if they are supported.
gss_init_sec_context_lucid_v1() and
gss_accept_sec_context_lucid_v1() return the information
needed to complete the RPCSEC_GSS context.
They use gss_krb5_export_lucid_sec_context() to acquire
the information from the libraries. (MIT Kerberos supports
this and I believe newer versions of Heimdal does, as well).
This avoids the need for detailed knowledge about MIT's
internals and replaces the 2 or 4 (initiator or acceptor) upcalls
with a single upcall to create the RPCSEC_GSS context.
The old Heimdal (up to 1.5) support is left intact, but should
be removed whenever Heimdal 1.5 is removed from /usr/src.
It also modifies the Makefile so that the gssd is only built
when MK_KERBEROS_SUPPORT != "no", since it is useless without
Kerberos.
Reviewed by: cy
Differential Revision: https://reviews.freebsd.org/D51731
Differential Revision: https://reviews.freebsd.org/D51733
While the overall structure is similar for NVMeoF controllers and
iSCSI targets, there are sufficient differences that NVMe support uses
an alternate configuration syntax.
- In authentication groups, permitted NVMeoF hosts can be allowed by
names (NQNs) via "host-nqn" values (similar to "initiator-name" for
iSCSI). Similarly, "host-address" accepts permitted host addresses
similar to "initiator-portal" for iSCSI.
- A new "transport-group" context enumerates transports that can be
used by a group of NVMeoF controllers similar to the "portal-group"
context for iSCSI. In this section, the "listen" keyword accepts a
transport as well as an address to permit other types of transports
besides TCP in the future. The "foreign", "offload", and "redirect"
keywords are also not meaningful and thus not supported.
- A new "controller" context describes an NVMeoF I/O controller
similar to the "target" context for iSCSI. One key difference here
is that "lun" objects are replaced by "namespace" objects. However,
a "namespace" can reference a named global lun permitting LUNs to be
shared between iSCSI targets and NVMeoF controllers.
NB: Authentication via CHAP is not implemented for NVMeoF.
Reviewed by: imp
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D48773
Explicitly hand off ownership of accepted sockets to the
portal::handle_connection method.
Reviewed by: asomers
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D51729
This is a prerequisite for adding NVMe over Fabrics support.
Convert portal_group, portal_group_port, and target into abstract
classes with virtual methods to support protocol-specific methods.
Add new iscsi_portal_group, iscsi_port, iscsi_portal and iscsi_target
subclasses in a new iscsi.cc file and move some iSCSI-specific logic
there. Rename ctld_connection to iscsi_connection and move it to a
new iscsi.hh header. Move iscsi_connection methods out of ctld.cc and
kernel.cc into iscsi.cc.
Reviewed by: imp
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D48772
Split out a private method to parse a listen address and optional
mask. This will avoid having to duplicate that code for NVMe
host addresses.
Rename the ag_names and ag_portals members to include "initiator"
to indicate they are iSCSI-specific.
Reviewed by: imp
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D51728
s/download/load/ to clarify the difference between these and fwget, our
utility to install firmware packages, in apropos results. Also, include
rtlbtfw, I missed that one last time.
MFC after: 3 days
Reviewed by: bz, pauamma
Fixes: 2c901189bb (terse descriptions)
Differential Revision: https://reviews.freebsd.org/D51333
The Windows graphics driver reads the value of the BDSM register from MMIO
space. This value makes no sense in our virtual environment because it's a host
address. Therefore, we have to trap and emulate it.
Reviewed by: jhb
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D45342
We need an interface for protecting BAR regions to make it easier to use this
feature and to make it usable by external emulations like the GVT-d emulation.
Reviewed by: jhb
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D45341
At the moment, the list of protected BAR regions is unused by the passthru
emulation. Make use of it when mapping the BAR regions. This causes bhyve to
trap those regions.
Reviewed by: jhb
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D45340
We have to emulate some specific register of a BAR for passthru devices. Our
current use case are Intels integrated graphic devices. They mirror some of
their PCI config space into the MMIO space. Unfortunately, the Windows driver
reads from MMIO instead of PCI config space. For that reason, we have to trap
and emulate those register. Instead of implementing a quirk for this special
device, we're implementing a generic approach by using a list of trapped
register. That's much cleaner and can be reused. E.g. Nvidia GPUs mirror their
PCI config space in MMIO too and we can reuse it to trap the MSI-X table in the
future.
Note that the handling of this new list requires a larger patch. For that
reason, we split it into multiple commits. This means that the list isn't used
yet. This commit adds the callback on BAR reads and writes. Some subsequent
commit will add the trap for BAR regions and an interface to easily add
protected regions.
Reviewed by: jhb, markj
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D45339
The BDSM (Base Data Stolen Memory) register changed. Older generations are
using a 32 bit register. On newer generations a different register address is
used and the size was changed to 64 bit to permit allocating graphics stolen
memory above 4 GB. Bhyve has to detect that and properly emulate the correct
register.
Reviewed by: jhb, markj
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D45338
The address and size of the BDSM register has changed in recent Intel GPUs. To
account for that change, we have to detect the GPU generation. We've recently
added all known PCI IDs of Intel GPUs from Linux. Make use of this header to
scan the device ID and properly set the BDSM address.
Note that even though a bunch of devices is listed in our device array, not all
device will work properly. Especially some old devices may not support VT-d,
required for passthrough in general, at all.
Reviewed by: jhb
MFC after: 1 week
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D50807
Note that some of the functions for handling iSCSI login, discovery,
and kernel handoff are now functions of this class as they are logical
operations on an iSCSI connection and need access to various members
of this class.
This also fixes some memory leaks as ctld_connection wasn't properly
torn down once a connection finishes. These leaks were harmless in
practice since the ctld process exits after handling each connection.
Sponsored by: Chelsio Communications
Pull Request: https://github.com/freebsd/freebsd-src/pull/1794
Use C++ STL containers (std::string, std::list) for the data structure
holding the parsed output of the XML configuration obtained from the
kernel. This simplifies the code in various places and removes the
need for manual memory freeing (which was incomplete).
Use a std::list of pairs of std::string objects for the port and LUN
attribute lists instead of an nvlist.
Use a std::vector<char> for the resizable buffer receiving XML results
via ioctl(). Also, reuse the buffer from CTL_LUN_LIST for
CTL_PORT_LIST rather than doing a free() only to turn around and
malloc() again. While here, split out the code for fetching and
parsing the XML into a separate function.
Sponsored by: Chelsio Communications
Pull Request: https://github.com/freebsd/freebsd-src/pull/1794
- Various functions to add or lookup configuration objects are now
methods of the conf class.
- Use std::string and freebsd::pidfile for various members.
- Rename the global set_timeout() to start_timer() to avoid shadowing
conf::set_timeout() and also split out a separate stop_timer().
Sponsored by: Chelsio Communications
Pull Request: https://github.com/freebsd/freebsd-src/pull/1794
- Use std::string for string members.
- Use std::array for the array of LUN pointers indexed by LUN id.
- Move meat of the target_* functions from conf.cc into class methods.
Sponsored by: Chelsio Communications
Pull Request: https://github.com/freebsd/freebsd-src/pull/1794
- Use std::string and freebsd::nvlist_up for class members.
- Turn most lun_* and kernel_lun_* functions into class methods.
Sponsored by: Chelsio Communications
Pull Request: https://github.com/freebsd/freebsd-src/pull/1794
- Use std::string and freebsd::addrinfo_up for members.
- Add methods to open a connection and to send a request and parse
its response.
- Refactor existing isns_do_* functions to just construct requests
from a configuration.
Sponsored by: Chelsio Communications
Pull Request: https://github.com/freebsd/freebsd-src/pull/1794
- Use std::string, freebsd_nvlist_up to manage life cycle of class
members.
- Use an unordered_map<> keyed by std::string in struct conf to
replace the previous TAILQ.
- Replace PG_FILTER_* macros with a scoped enum.
- Provide a variety of accessors as portal groups are widely used
while keeping members private.
- The logic to "move" sockets from existing portals to new portals
when parsing new configuration is now split into several operations
across the conf and portal_group classes to preserve some semblance
of data hiding.
Sponsored by: Chelsio Communications
Pull Request: https://github.com/freebsd/freebsd-src/pull/1794
The existing C struct port was used to describe three types of ports:
iSCSI ports associated with a portal_group, ioctl ports, and
"physical" ports associated with a kernel device. This change chooses
to split these out into separate sub-classes of an abstract port base
class. Virtual methods are used in a few places such as sending the
class-specific CTL ioctls for creating and removing CTL kernel ports.
For ownership purposes, a struct conf instance "owns" each port via a
std::unique_ptr<> in a std::unordered_map<> indexed by name. Other
objects such as targets and portal_groups can also contain collections
of ports (targets hold a std::list of pointers, portal groups hold a
std::unordered_map<> indexed by target names). One
not-so-straightforward case is that if a new port fails to register,
it is removed from the configuration. In that case, these other
references also have to be removed explicitly.
Sponsored by: Chelsio Communications
Pull Request: https://github.com/freebsd/freebsd-src/pull/1794
- Use an unordered_map<> indexed by std::string to replace the TAILQ
of pport objects in struct kports since pport objects are looked up
name. Use a few wrapper methods around the unordered_map<> to
simplify consumers.
- Don't store a list of port pointers in pport. Only a single port is
ever associated (previously the code failed with an error if the
TAILQ wasn't empty when adding a port), so just store a pointer to a
single port and replace the empty TAILQ test with checking if the
pointer is null.
- Use std::string for the pport name.
- Add accessors (and a setter) for members of pport so that all the
fields can be private.
Sponsored by: Chelsio Communications
Pull Request: https://github.com/freebsd/freebsd-src/pull/1794
- Convert portal_init_socket and portal_reuse_socket into class methods.
Move the logic to handle proxy portal setup into the init_socket method
so that some fields can remain private.
- Add accessors for a few other members (most are const) so that all the
fields can be private.
- Use std::string, freebsd::addrinfo_up, and freebsd::fd_up classes to
manage fields owned exclusively.
- Add a vector of proxy portal pointers to struct conf and use the index
into the vector as the portal ID. This replaces an O(n^2) loop to
find the portal for a portal ID returned by kernel_accept with a direct
lookup.
Sponsored by: Chelsio Communications
Pull Request: https://github.com/freebsd/freebsd-src/pull/1794
Use a std::vector<> of chars to hold the iSNS packet. Convert the
various isns_req_* functions to be class methods instead.
Sponsored by: Chelsio Communications
Pull Request: https://github.com/freebsd/freebsd-src/pull/1794
Make data members private and convert functions for adding and
checking user and initiator authentication into class methods.
Use std::string to store the label for an auth_group and add a label()
method to retrieve a const C string version for logging.
Replace AG_TYPE_* macros with a scoped enum.
Replace the TAILQ of auth_group objects in struct conf with an
unordered_map<> of named auth_group objects. Anonymous auth_group
objects for targets are no longer stored in a global data structure.
Since a target can have a pointer to either named or anonymous
objects, use a shared_ptr<> to store references to auth_group objects.
Use the shared_ptr<>'s reference count to determine if a named
auth_group is unused in conf_verify() instead of walking all the
linked lists to check for references.
While here, avoid making a second copy of socket address for a client
and instead just store a pointer in ctld_connection.
Sponsored by: Chelsio Communications
Pull Request: https://github.com/freebsd/freebsd-src/pull/1794
Pull logic to parse a portal address string into a sockaddr and mask
into a parse() method. Reimplement the logic using operations on C++
std::string's instead of C string parsing.
Pull logic from inside the loop in auth_portal_find() to compare a
candidate socket address against a portal into a matches() method.
Use a std::list of auth_portal objects instead of a TAILQ in struct
auth_group.
Sponsored by: Chelsio Communications
Pull Request: https://github.com/freebsd/freebsd-src/pull/1794
Retire the struct auth_name type entirely and change the ag_names
member of struct auth_group to be an unordered_set<> of std::string
objects.
Sponsored by: Chelsio Communications
Pull Request: https://github.com/freebsd/freebsd-src/pull/1794
Use private std::string to hold secret and mutual authentication strings
along with accessors to retrieve constant C versions of those strings.
Add a helper function to determine if an auth object contains mutual
credentials.
Instead of storing the user name in the structure, use an
unordered_map<> with the username as the key for the ag_auths member
of auth_group. Add a parse error if multiple credentials specify the
same user. Previously the code always used the first credential when
verifying and ignored additional credentials silently.
Sponsored by: Chelsio Communications
Pull Request: https://github.com/freebsd/freebsd-src/pull/1794
In particular, this permits using ranged-for loops to iterate over
keys in an object which is more readable.
Sponsored by: Chelsio Communications
Pull Request: https://github.com/freebsd/freebsd-src/pull/1794
Split parse_conf in half keeping yyparse_conf as C-only function in
parse.y. parse_conf uses freebsd::FILE_up to ensure that the config
file is always closed.
Both parse_conf and uclparse_conf catch any exceptions thrown during
parsing. This is in preparation for using C++ objects allocated with
new for various data structures.
Note that this treats memory allocation failures from new as parsing
errors rather than ctld exiting entirely as it currently does if
malloc or calloc fail.
Sponsored by: Chelsio Communications
Pull Request: https://github.com/freebsd/freebsd-src/pull/1794