a0cbcbb7 jhb Oct. 6, 2021, 9:08 p.m.
If an operation would generate a MAC output (e.g. for digest operation
or for an AEAD or EtA operation), then an empty payload buffer is
valid.  Only reject requests with an empty buffer for "plain" cipher
sessions.

Some of the AES-CCM NIST KAT vectors use an empty payload.

While here, don't advance crp_payload_start for requests that use an
empty payload with an inline IV. (*)

Reported by:	syzbot+d4b94fbd9a44b032f428@syzkaller.appspotmail.com (*)
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32109
cgit
70dbebea jhb Oct. 6, 2021, 9:08 p.m.
A request without AAD for an AEAD cipher can be submitted via
CIOCCRYPT rather than CIOCCRYPTAEAD.

Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32108
cgit
16676123 jhb Oct. 6, 2021, 9:08 p.m.
Add 'ivlen' and 'maclen' fields to the structure used for CIOGSESSION2
to specify the explicit IV/nonce and MAC/tag lengths for crypto
sessions.  If these fields are zero, the default lengths are used.

This permits selecting an alternate nonce length for AEAD ciphers such
as AES-CCM which support multiple nonce leengths.  It also supports
truncated MACs as input to AEAD or ETA requests.

Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32107
cgit
5ae5ed5b jhb Oct. 6, 2021, 9:08 p.m.
Rather than copying crp_iv to a local array on the stack that is then
passed to xform reinit routines, pass crp_iv directly and remove the
local copy.

Reviewed by:	markj
Sponsored by:	Chelsio Communications, The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32106
cgit
1833d604 jhb Oct. 6, 2021, 9:08 p.m.
Add a 'len' argument to the reinit hook in 'struct enc_xform' to
permit support for AEAD ciphers such as AES-CCM and Chacha20-Poly1305
which support different nonce lengths.

Reviewed by:	markj
Sponsored by:	Chelsio Communications, The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32105
cgit
cb128893 jhb Oct. 6, 2021, 9:08 p.m.
While here, use crypto_read_iv() in a few more places in ccr(4) that I
missed previously.

Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D32104
cgit
b4e0a27c jhb Oct. 6, 2021, 9:08 p.m.
- Retire cse->mode and use csp->csp_mode instead.
- Use csp->csp_cipher_algorithm instead of the ivsize when checking
  for the fixup for the IV length for AES-XTS.

Reviewed by:	markj
Sponsored by:	Chelsio Communications, The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32103
cgit
28ccd780 kbowling Oct. 6, 2021, 9:03 p.m.
Drop arguments of function prototypes since the file is mixed between
listing arg names and not.

No functional changes

Reviewed by:	markj
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D32329
cgit
e7f8f3b9 0mp Oct. 6, 2021, 8:51 p.m.
login.conf.5 listed passwordtime in RESERVED CAPABILITIES, which is a
section for capabilities not implemented in the base system. However,
passwordtime has been implemented in the base for several years now.

PR:		246099
Reported by:	avg
Reviewed by:	0mp
MFC after:	3 days
cgit
f44a4487 asomers Oct. 6, 2021, 8:28 p.m.
The DevFusePoll::access/select test would occasionally segfault.  The
cause was a file descriptor that was shared between two threads.  The
first thread would kill the second and close the file descriptor.  But
it was possible that the second would read the file descriptor before it
shut down.  That did not cause problems for kqueue, poll, or blocking
operation, but it triggered segfaults in select's macros.

MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D32142
cgit
880b670c markj Oct. 6, 2021, 8:09 p.m.
Consumers that want the full allocation size will typically access the
full buffer, so mark the entire allocation as valid to avoid useless
KASAN reports.

Sponsored by:	The FreeBSD Foundation
cgit
032a5bd5 asomers Oct. 6, 2021, 8:07 p.m.
If the FUSE server tells the kernel that a file's size has changed, then
the kernel must invalidate any portion of that file in cache.  But the
kernel can't do that during VOP_STRATEGY, because the file's buffers are
already locked.  Instead, proceed with the write.

PR:		256937
Reported by:	Agata <chogata@moosefs.pro>
Tested by:	Agata <chogata@moosefs.pro>
MFC after:	2 weeks
Reviewed by:	pfg
Differential Revision: https://reviews.freebsd.org/D32332
cgit
7430017b asomers Oct. 6, 2021, 8:07 p.m.
fuse_vnop_bmap needs to know the file's size in order to calculate the
optimum amount of readahead.  If the file's size is unknown, it must ask
the FUSE server.  But if the file's data was previously cached and the
server reports that its size has shrunk, fusefs must invalidate the
cached data.  That's not possible during VOP_BMAP because the buffer
object is already locked.

Fix the panic by not querying the FUSE server for the file's size during
VOP_BMAP if we don't need it.  That's also a a slight performance
optimization.

PR:		256937
Reported by:	Agata <chogata@moosefs.pro>
Tested by:	Agata <chogata@moosefs.pro>
MFC after:	2 weeks
cgit
5d94aaac asomers Oct. 6, 2021, 8:07 p.m.
If the FUSE server does something that would make our cache incoherent,
we should print a warning to the user.  However, we previously warned in
some situations when we shouldn't, such as if the file's size changed on
the server _after_ our own attribute cache had expired.  This change
suppresses the warning in cases like that.  It also moves the warning
logic to a single place within the code.

PR:		256936
Reported by:	Agata <chogata@moosefs.pro>
Tested by:	Agata <chogata@moosefs.pro>, jSML4ThWwBID69YC@protonmail.com
MFC after:	2 weeks
cgit
a76de177 markj Oct. 6, 2021, 6:49 p.m.
This is compatible with Linux, and some driver error paths depend on it.

Reviewed by:	bz, emaste
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32337
cgit