From owner-svn-src-all@freebsd.org Mon Mar 9 16:02:55 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B5037266919; Mon, 9 Mar 2020 16:02:55 +0000 (UTC) (envelope-from sjg@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48bjg31CMqz49tL; Mon, 9 Mar 2020 16:02:55 +0000 (UTC) (envelope-from sjg@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 05673D588; Mon, 9 Mar 2020 16:02:55 +0000 (UTC) (envelope-from sjg@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 029G2seR004351; Mon, 9 Mar 2020 16:02:54 GMT (envelope-from sjg@FreeBSD.org) Received: (from sjg@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 029G2snS004349; Mon, 9 Mar 2020 16:02:54 GMT (envelope-from sjg@FreeBSD.org) Message-Id: <202003091602.029G2snS004349@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: sjg set sender to sjg@FreeBSD.org using -f From: "Simon J. Gerraty" Date: Mon, 9 Mar 2020 16:02:54 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r358813 - in head/stand: ficl i386/loader X-SVN-Group: head X-SVN-Commit-Author: sjg X-SVN-Commit-Paths: in head/stand: ficl i386/loader X-SVN-Commit-Revision: 358813 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Mar 2020 16:02:55 -0000 Author: sjg Date: Mon Mar 9 16:02:54 2020 New Revision: 358813 URL: https://svnweb.freebsd.org/changeset/base/358813 Log: veloader use vectx API for kernel and modules The vectx API, computes the hash for verifying a file as it is read. This avoids the overhead of reading files twice - once to verify, then again to load. For doing an install via loader, avoiding the need to rewind large files is critical. This API is only used for modules, kernel and mdimage as these are the biggest files read by the loader. The reduction in boot time depends on how expensive the I/O is on any given platform. On a fast VM we see 6% improvement. For install via loader the first file to be verified is likely to be the kernel, so some of the prep work (finding manifest etc) done by verify_file() needs to be factored so it can be reused for vectx_open(). For missing or unrecognized fingerprint entries, we fail in vectx_open() unless verifying is disabled. Otherwise fingerprint check happens in vectx_close() and since this API is only used for files which must be verified (VE_MUST) we panic if we get an incorrect hash. Reviewed by: imp,tsoome MFC after: 1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org//D23827 Modified: head/stand/ficl/fileaccess.c head/stand/i386/loader/chain.c Modified: head/stand/ficl/fileaccess.c ============================================================================== --- head/stand/ficl/fileaccess.c Mon Mar 9 15:55:13 2020 (r358812) +++ head/stand/ficl/fileaccess.c Mon Mar 9 16:02:54 2020 (r358813) @@ -69,7 +69,7 @@ static void ficlFopen(FICL_VM *pVM, char *writeMode) / else #ifdef LOADER_VERIEXEC if (*mode == 'r' && - verify_file(fileno(f), filename, 0, VE_GUESS) < 0) { + verify_file(fileno(f), filename, 0, VE_GUESS, __func__) < 0) { fclose(f); stackPushPtr(pVM->pStack, NULL); } else Modified: head/stand/i386/loader/chain.c ============================================================================== --- head/stand/i386/loader/chain.c Mon Mar 9 15:55:13 2020 (r358812) +++ head/stand/i386/loader/chain.c Mon Mar 9 16:02:54 2020 (r358813) @@ -95,7 +95,7 @@ command_chain(int argc, char *argv[]) } #else #ifdef LOADER_VERIEXEC - if (verify_file(fd, argv[1], 0, VE_MUST) < 0) { + if (verify_file(fd, argv[1], 0, VE_MUST, __func__) < 0) { sprintf(command_errbuf, "can't verify: %s", argv[1]); close(fd); return (CMD_ERROR);