jmg (John-Mark Gurney)
User

Projects

User Details

User Since
Sep 2 2014, 10:55 PM (158 w, 6 d)

Recent Activity

Fri, Sep 8

jmg added a comment to D10680: IPSec performance increase in single flow mode by making crypto(9) multi thread.

I don't see any man page updates for this code. Please make sure any new capabilities, flags and features are properly documented in crypto(9). I cannot provide review on the patch till documentation is written.

Fri, Sep 8, 2:04 PM

Thu, Sep 7

jmg added a comment to D12132: Avoid spinning in random_harvest_queue.

So, you'll still suffer terribly with this, as random_harvest_fast is not PCPU, so you'll have the cache line bouncing around.

Thu, Sep 7, 3:46 PM

Apr 28 2017

jmg abandoned D3932: PCIe HotPlug support.
Apr 28 2017, 5:42 PM
jmg added a comment to D10517: Use const with some read-only buffers in opencrypto APIs..

looks fine, have you verified that the tests in tests/sys/opencrypto pass? they are not present in your test plan.

Apr 28 2017, 5:31 PM

Apr 19 2017

jmg added a comment to D10384: Make crypto(9) multi thread.

Eventually the goal for us is to use crypto(9) from IPsec to accelerate single flows processing. Indeed IPsec does not guarantee packet ordering (neither does IP), but it would be for sure quite harmful for some end user applications if packets are not ordered.
A same crypto session may be used for several flows coming from the nic on several CPUs. It would be needed to keep the packets ordered for each flow on each CPU but it does not really matter to loss the ESP packet order in ouput, as the anti replay window handles that on the remote host.
That's why I think it would be nice for crypto(9) users to keep ordering when dispatching the jobs.

No, this is a requirement of the IPsec layer, not all users of crypto(9) require this. For example, disk encryption does not need this, as the upper layers ensures that writes are ordered correctly (ZFS and UFS both do this). And by forcing order, you are increasing latency unnecessarily for other consumers.

This isn't hard to handle at the IPsec layer. You use a TAILQ to enqueue the packets w/ a simple data structure w/ a flag that gets set when the packet is completed, then each completed packet, while the head of the tailq is ready, send it. It's not hard, and keeps the ordering logic where it belongs, or you add a flag to crypto(9) and the logic there, but you need to allow non-ordered operation.

This is maybe a bit more difficult, since we would need to reorder packets only within the flows that may share the same crypto session, but I get your idea. Maybe a reording queue per CPU would do the job, since we expect each flow to be pinned on the same CPU.

Apr 19 2017, 4:27 PM
jmg added a comment to D7876: Add Security System/Crypto (PRNG) driver for Allwinner A10/A20 SoC.

If this is truly a PRNG which it appears it is, It is not an effective source of entropy and should not be added. I'd be happy to review more information on the PRNG if you have it.

Apr 19 2017, 4:14 PM

Apr 15 2017

jmg added a comment to D10384: Make crypto(9) multi thread.
In D10384#215403, @jmg wrote:

as per other comments in the code, ordering does not have to be maintained.. w/ the async nature of callbacks, it is already assumed that the callers can handle this.

Thanks for your comments!

Eventually the goal for us is to use crypto(9) from IPsec to accelerate single flows processing. Indeed IPsec does not guarantee packet ordering (neither does IP), but it would be for sure quite harmful for some end user applications if packets are not ordered.
A same crypto session may be used for several flows coming from the nic on several CPUs. It would be needed to keep the packets ordered for each flow on each CPU but it does not really matter to loss the ESP packet order in ouput, as the anti replay window handles that on the remote host.
That's why I think it would be nice for crypto(9) users to keep ordering when dispatching the jobs.

Apr 15 2017, 6:01 AM

Apr 14 2017

jmg added a comment to D10384: Make crypto(9) multi thread.

as per other comments in the code, ordering does not have to be maintained.. w/ the async nature of callbacks, it is already assumed that the callers can handle this.

Apr 14 2017, 4:04 PM

Mar 20 2017

jmg added a comment to D10048: Replace the kernel RC4 with Chacha20..

markm, I've pointed out where the issue is.

Mar 20 2017, 1:04 AM

Mar 19 2017

jmg added a comment to D10048: Replace the kernel RC4 with Chacha20..

This will cause issues on platforms that do not use loader. We do not require loader on all of our platforms, and those that don't will have issues w/ the way chacha is started. As there is not an error (continues), this creates divergent behavior.

Mar 19 2017, 5:38 PM

Mar 5 2017

jmg committed rS314707: add missing MLINKS for functions that this man page documents..
add missing MLINKS for functions that this man page documents.
Mar 5 2017, 6:37 PM

Nov 16 2015

jmg committed rS290900: If you backup a large file that is mostly holes, previously we'd issue.
If you backup a large file that is mostly holes, previously we'd issue
Nov 16 2015, 1:30 AM
jmg retitled D4173: remove artifical tcp send/recv buffer limit, and add threads for io.. from to remove artifical tcp send/recv buffer limit, and add threads for io...
Nov 16 2015, 1:16 AM

Nov 5 2015

jmg committed rS290421: I'm still maintaining these....
I'm still maintaining these...
Nov 5 2015, 10:03 PM

Nov 4 2015

jmg updated the diff for D3933: Add /boot/entropy at install time, and be more careful with permissions.
  • add /boot/entropy to install generation.. Also, be extra careful
  • add quotes around the $i for more space protection..
  • use umask per delphij...
  • dteske says the parens are not needed.. remove them..
  • pull in dteske's version..
Nov 4 2015, 12:55 AM
jmg updated the diff for D3933: Add /boot/entropy at install time, and be more careful with permissions.
  • add /boot/entropy to install generation.. Also, be extra careful
  • add quotes around the $i for more space protection..
  • use umask per delphij...
  • dteske says the parens are not needed.. remove them..
Nov 4 2015, 12:50 AM
jmg commandeered D3933: Add /boot/entropy at install time, and be more careful with permissions.

take back so I can update and confirm my change is same..

Nov 4 2015, 12:49 AM
jmg added a comment to D1503: Use explicitly specified ivsize instead of blocksize, when we mean IV size..

has this been tested? This looks good otherwise.

Nov 4 2015, 12:37 AM
jmg added a comment to D3933: Add /boot/entropy at install time, and be more careful with permissions.

mark various parts done

Nov 4 2015, 12:05 AM
jmg updated the diff for D3933: Add /boot/entropy at install time, and be more careful with permissions.
  • add /boot/entropy to install generation.. Also, be extra careful
  • add quotes around the $i for more space protection..
  • use umask per delphij...
Nov 4 2015, 12:04 AM
jmg added a comment to D3933: Add /boot/entropy at install time, and be more careful with permissions.

for jails we don't need to create the file, but I don't see any harm in having this file created... I looked briefly at the jail script, and I don't see a good way to turn it off in the jail case...

Nov 4 2015, 12:00 AM

Oct 20 2015

jmg added inline comments to D3929: Replace sys/crypto/sha2/sha2.c with lib/libmd/sha512c.c.
Oct 20 2015, 11:34 PM
jmg added a comment to D3654: Avoid EINTR when debugging..

I have no issue w/ the kern_event.c change. I am have not reviewed anything else.

Oct 20 2015, 11:30 PM

Oct 19 2015

jmg added a comment to D3933: Add /boot/entropy at install time, and be more careful with permissions.

though using dd to put it in an image works, it doesn't change the file size, so I needed to delete some comments, and add white space... once I did that, I was able to verify that the script ran fine...

Oct 19 2015, 1:14 AM
jmg updated the diff for D3933: Add /boot/entropy at install time, and be more careful with permissions.
  • add /boot/entropy to install generation.. Also, be extra careful
  • add quotes around the $i for more space protection..
Oct 19 2015, 1:13 AM
jmg added a comment to D3933: Add /boot/entropy at install time, and be more careful with permissions.

Well, I attempted to test this, and I don't believe that this file is being called at the end of install.

Oct 19 2015, 12:23 AM
jmg updated subscribers of D3933: Add /boot/entropy at install time, and be more careful with permissions.

I had thought that we weren't writing out even /entropy files, but @op pointed me to this file.

Oct 19 2015, 12:19 AM

Oct 18 2015

jmg retitled D3933: Add /boot/entropy at install time, and be more careful with permissions from to Add /boot/entropy at install time, and be more careful with permissions.
Oct 18 2015, 8:10 PM
jmg added a reviewer for D3932: PCIe HotPlug support: gavin.
Oct 18 2015, 7:14 PM
jmg added a comment to D3932: PCIe HotPlug support.

address some comments.

Oct 18 2015, 7:14 PM
jmg retitled D3932: PCIe HotPlug support from to PCIe HotPlug support.
Oct 18 2015, 9:13 AM
jmg committed rS289494: drop a bunch of white space at end of lines and end of files....
drop a bunch of white space at end of lines and end of files...
Oct 18 2015, 8:14 AM
jmg committed rS289492: page sized is not spelled 4096 on all arches....
page sized is not spelled 4096 on all arches...
Oct 18 2015, 8:08 AM

Oct 17 2015

jmg added a comment to D3929: Replace sys/crypto/sha2/sha2.c with lib/libmd/sha512c.c.

Just a few comments.

Oct 17 2015, 9:14 PM

Oct 12 2015

jmg added a comment to V6: Should /usr/local be included in FreeBSD's toolchain paths?.

I said Yes, but I think that we need to clean up our base libraries first. We need to make most/all libs private. If it isn't part of posix, it needs a man page which links to functions provided.

Oct 12 2015, 10:27 PM

Aug 27 2015

jmg committed rS287218: add documentation for timers that silby added in r197244, almost 6 years.
add documentation for timers that silby added in r197244, almost 6 years
Aug 27 2015, 7:12 PM

Aug 16 2015

jmg added a comment to D3390: improvements to kproc/kthread man pages.

Thanks. changed.

Aug 16 2015, 4:31 AM
jmg updated the diff for D3390: improvements to kproc/kthread man pages.
  • change a needs to to a must to be more correct.. If there are threads
Aug 16 2015, 4:30 AM

Aug 15 2015

jmg added a comment to D3390: improvements to kproc/kthread man pages.

Address all but /The/That/ change.. I understand why you suggested it, but it reads not as easily for me... We are only referencing the once example.

Aug 15 2015, 11:53 PM
jmg updated the diff for D3390: improvements to kproc/kthread man pages.
  • address comments from bjk...
Aug 15 2015, 11:51 PM
jmg updated the diff for D3390: improvements to kproc/kthread man pages.

hopefully update the diff w/ complete change..

Aug 15 2015, 11:47 PM
jmg abandoned D3394: improvements to kproc/kthread man pages.

ok, this is an issue w/ git and arc locally, not with phabric...

Aug 15 2015, 11:40 PM
jmg retitled D3394: improvements to kproc/kthread man pages from to improvements to kproc/kthread man pages.
Aug 15 2015, 11:39 PM
jmg updated the diff for D3390: improvements to kproc/kthread man pages.
  • Fix date..
Aug 15 2015, 11:36 PM
jmg updated the diff for D3390: improvements to kproc/kthread man pages.

add documentation to kthread, and fix up kproc Sx

Aug 15 2015, 11:31 PM
jmg added inline comments to D3354: Reintroduce loadable modules for random(4).
Aug 15 2015, 10:21 PM
jmg added a reviewer for D3390: improvements to kproc/kthread man pages: jhb.
Aug 15 2015, 7:06 PM
jmg retitled D3390: improvements to kproc/kthread man pages from to improvements to kproc/kthread man pages.
Aug 15 2015, 7:06 PM
jmg added a comment to D3354: Reintroduce loadable modules for random(4).

Minor comments.

Aug 15 2015, 5:54 PM

Aug 12 2015

jmg accepted D3364: Perform cleanups in response to D3307..

Thanks, looks good.

Aug 12 2015, 5:44 PM

Aug 11 2015

jmg added a comment to D3354: Reintroduce loadable modules for random(4).
In D3354#68427, @markm wrote:

I have only glanced over the code and it seems good overall.

Thanks!

One thought: can we make DEV_RANDOM something like NO_DEV_RANDOM? That way it would be an opt-out feature, as most systems still need it.

Nope, sorry. The DEV_RANDOM pseudo-option comes for free from 'device random' in the kernel config file. There is no negative variant, but it is safe enough given that the kernel configs that need this device have it.

Aug 11 2015, 10:52 PM
jmg added a comment to D3354: Reintroduce loadable modules for random(4).

Are you opening this up to more reviewers? Or still only for SO (aka delphij)? The reason I ask is that secteam only consists of delphij, so adding secteam doesn't add any new reviewers.

Aug 11 2015, 7:43 PM
jmg accepted D3308: Make poll() and kqueue() on CloudABI work..

Comments are not required to be addressed.

Aug 11 2015, 7:38 PM
jmg added a comment to D3307: Add support for anonymous kqueues..

Look good.. Please address the comments.

Aug 11 2015, 7:27 PM

Aug 4 2015

jmg added a comment to D3303: Make it possible to implement poll(2) on top of kqueue(2)..
In D3303#66772, @ed wrote:
In D3303#66768, @jmg wrote:

I don't see an issue w/ this, though if this is committed, but then CloudABI decided to not use it anymore, I request that it be removed.

Of course. Would it make sense to #ifdef _KERNEL it and revert the man page changes? That way we can be certain that userspace won't use it.

Aug 4 2015, 9:52 PM
jmg added a comment to D3303: Make it possible to implement poll(2) on top of kqueue(2)..

I don't see an issue w/ this, though if this is committed, but then CloudABI decided to not use it anymore, I request that it be removed.

Aug 4 2015, 9:01 PM
jmg committed rS286292: Make IPsec work with AES-GCM and AES-ICM (aka CTR) in OCF... IPsec.
Make IPsec work with AES-GCM and AES-ICM (aka CTR) in OCF... IPsec
Aug 4 2015, 5:47 PM

Aug 2 2015

jmg committed rS286213: looks like all archs either have clang or cdefs included before...
looks like all archs either have clang or cdefs included before..
Aug 2 2015, 9:33 PM
jmg committed rS286170: mark this function as deprecated, and put the warning first, since I.
mark this function as deprecated, and put the warning first, since I
Aug 2 2015, 12:22 AM
jmg committed rS286168: convert to C11's _Static_assert, and pull in sys/cdefs.h for.
convert to C11's _Static_assert, and pull in sys/cdefs.h for
Aug 2 2015, 12:16 AM

Aug 1 2015

jmg committed rS286159: use : instead of true....
use : instead of true...
Aug 1 2015, 5:28 PM

Jul 31 2015

jmg added inline comments to D3254: Fix buffer overflow in syslogd, wall and talkd..
Jul 31 2015, 4:29 PM
jmg committed rS286110: temporarily fix build.. This isn't the final fix, and testing is.
temporarily fix build.. This isn't the final fix, and testing is
Jul 31 2015, 7:48 AM
jmg committed rS286103: The implementation note isn't true anymore...
The implementation note isn't true anymore..
Jul 31 2015, 3:28 AM
jmg committed rS286101: these are comparing authenticators and need to be constant time....
these are comparing authenticators and need to be constant time...
Jul 31 2015, 12:32 AM
jmg committed rS286100: Clean up this header file....
Clean up this header file...
Jul 31 2015, 12:23 AM

Jul 30 2015

jmg added a comment to D3254: Fix buffer overflow in syslogd, wall and talkd..

I'm fine w/ this change.

Jul 30 2015, 11:45 PM

Jul 29 2015

jmg committed rS286049: const'ify an arg that we don't update....
const'ify an arg that we don't update...
Jul 29 2015, 11:37 PM
jmg removed a reviewer for D3236: Make pipes in CloudABI work.: jmg.
Jul 29 2015, 3:55 PM
jmg committed rS286000: RFC4868 section 2.3 requires that the output be half... This fixes.
RFC4868 section 2.3 requires that the output be half... This fixes
Jul 29 2015, 7:15 AM

Jul 28 2015

jmg committed rD47124: DES is a terrible suggestion, and it MUST NOT be used per RFC7321...
DES is a terrible suggestion, and it MUST NOT be used per RFC7321..
Jul 28 2015, 5:22 PM

Jul 25 2015

jmg requested changes to D3197: Do not compile in the really expensive entropy harvesting unless it is requested..

Please post a complete patch that includes both sets of changes, and adds proper documentation.

Jul 25 2015, 5:55 PM

Jul 18 2015

jmg committed rS285683: move the prototype to the lib.h header.. This makes more sense, and.
move the prototype to the lib.h header.. This makes more sense, and
Jul 18 2015, 10:58 PM
jmg committed rS285682: other fixes to make boot2 compile for IXP... Properly end the asm.
other fixes to make boot2 compile for IXP... Properly end the asm
Jul 18 2015, 8:26 PM
jmg committed rS285681: revert r278579, this is in a different compile environment than the.
revert r278579, this is in a different compile environment than the
Jul 18 2015, 8:20 PM

Jul 15 2015

jmg committed rD46991: remove a stray semi-colon....
remove a stray semi-colon...
Jul 15 2015, 11:08 PM
jmg committed rS285615: fix the docs, the number of frags per inode (NFPI) changed in r228794.
fix the docs, the number of frags per inode (NFPI) changed in r228794
Jul 15 2015, 9:35 PM
jmg added a comment to D3084: add option to invert data set so you can convert seconds into per seconds...

errx needed to be used instead of err as errno will not be set in this case.

Jul 15 2015, 6:18 AM
jmg updated the diff for D3084: add option to invert data set so you can convert seconds into per seconds...

Update to add error when d == 0...

Jul 15 2015, 6:15 AM
jmg committed rS285595: fix error message... errx since errno may not be set (if we didn't.
fix error message... errx since errno may not be set (if we didn't
Jul 15 2015, 6:14 AM
jmg added a comment to D3084: add option to invert data set so you can convert seconds into per seconds...

I could also use the term reciprocal, but for me invert makes sense and is more common.

Jul 15 2015, 6:04 AM
jmg added a comment to D3084: add option to invert data set so you can convert seconds into per seconds...
In D3084#61045, @imp wrote:

Invert isn't the right terminology.
You are converting from the time domain to the frequency domain.
This is a fundamental conceptual faux pas.

Jul 15 2015, 5:56 AM
jmg added a member for security: jmg.
Jul 15 2015, 5:44 AM
jmg retitled D3084: add option to invert data set so you can convert seconds into per seconds.. from to add option to invert data set so you can convert seconds into per seconds...
Jul 15 2015, 12:17 AM

Jul 14 2015

jmg accepted D3053: Implement the CloudABI random_get() system call..

Other than the set/true change, the changes to the manpage are great.

Jul 14 2015, 6:00 PM
jmg committed rS285526: Fix XTS, and name things a bit better....
Fix XTS, and name things a bit better...
Jul 14 2015, 7:45 AM
jmg retitled D3074: add support for NO_ROOT installs in the traditional kernel install... from to add support for NO_ROOT installs in the traditional kernel install....
Jul 14 2015, 7:14 AM
jmg committed rS285525: fix typos...
fix typos..
Jul 14 2015, 6:35 AM
jmg committed rS285523: cryptodev is not needed for TCP_SIGNATURE....
cryptodev is not needed for TCP_SIGNATURE...
Jul 14 2015, 5:10 AM

Jul 12 2015

jmg added a comment to D3053: Implement the CloudABI random_get() system call..

Please make it clear how the function behaves. Too much is unspecified.

Jul 12 2015, 9:44 PM

Jul 11 2015

jmg committed rS285381: some additional improvements to the documentation....
some additional improvements to the documentation...
Jul 11 2015, 4:20 AM
jmg committed rS285366: Complete the move that was started w/ r263218.. For some reason I.
Complete the move that was started w/ r263218.. For some reason I
Jul 11 2015, 3:12 AM

Jul 10 2015

jmg added a comment to D1503: Use explicitly specified ivsize instead of blocksize, when we mean IV size..

does rS285336 have all these changes in it?

Jul 10 2015, 8:21 AM

Jul 9 2015

jmg committed rS285324: increase buffer size to significantly increase performance....
increase buffer size to significantly increase performance...
Jul 9 2015, 4:13 PM

Jul 8 2015

jmg added a comment to D3016: Add proper locking to the fpu_ctx allocated by aesni...

the pause has been removed in rS285297, it was unneeded because another lock by the crypto driver prevented it. I have also documented this in the man page.

Jul 8 2015, 10:50 PM
jmg committed rS285297: upon further examination, it turns out that _unregister_all already.
upon further examination, it turns out that _unregister_all already
Jul 8 2015, 10:48 PM
jmg committed rS285296: yet more documentation improvements... Many changes were made to the.
yet more documentation improvements... Many changes were made to the
Jul 8 2015, 10:46 PM
jmg committed rS285290: Now that aesni won't reuse fpu contexts (D3016), add seatbelts to the.
Now that aesni won't reuse fpu contexts (D3016), add seatbelts to the
Jul 8 2015, 7:26 PM
jmg closed D3015: add INUSE flag to x86 fpu routines by committing rS285290: Now that aesni won't reuse fpu contexts (D3016), add seatbelts to the.
Jul 8 2015, 7:26 PM
jmg closed D3016: Add proper locking to the fpu_ctx allocated by aesni.. by committing rS285289: address an issue where consumers, like IPsec, can reuse the same.
Jul 8 2015, 7:15 PM