e1b50e81 markj Jan. 27, 2021, 8:31 p.m.
- Document a constraint on the AAD size for AES-GCM.
- Note that the list of supported platforms and add-on devices is not
  complete and indicate that QAT devices will show up in pciconf
  output. [1]

PR:		252984 [1]
MFC after:	3 days
Sponsored by:	Rubicon Communications, LLC ("Netgate")
bd674d8b markj Jan. 27, 2021, 8:30 p.m.
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
d0d2e523 donner Jan. 27, 2021, 8:22 p.m.
Chained policing should be able to reuse the classification of
traffic.  A new mbuf_tag type is defined to handle gereral QoS
marking.  A new subtype is defined to track the color marking.

Reviewed by:	manpages (bcr), melifaro, kp
Approved by:	kp (mentor)
Sponsored by:	IKS Service GmbH
MFC after:	1 month
Differential Revision: https://reviews.freebsd.org/D22110
65efb73f freqlabs Jan. 27, 2021, 7:27 p.m.
The OID is saved when we encounter CTLFLAG_SKIP so that descendants can
be skipped as well. We then must not update the skip OID until we are
out of the node. This was achieved by resetting the skip OID once the
prefix no longer matches, but the case where the OID we reset on has
CTLFLAG_SKIP was not accounted for.

Reported by:	mav
Reviewed by:	mav
MFC after:	2 days
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D28364
48397f6c jrtc27 Jan. 27, 2021, 7:19 p.m.
When building natively on RISC-V, linking the bootstrap clang-tblgen
fails with:

  ld: error: undefined symbol: llvm::EnableABIBreakingChecks
  >>> referenced by PrettyStackTrace.cpp
  >>>               PrettyStackTrace.o:(.sdata+0x0) in archive
  >>> referenced by Signals.cpp
  >>>               Signals.o:(.sdata+0x8) in archive
  >>> referenced by Timer.cpp
  >>>               Timer.o:(.sdata+0x28) in archive

This is likely due to Error.h's inclusion of abi-breaking.h. It's
unclear why this only affects RISC-V, but perhaps relates to its more
eager use of .sdata due to the ABI's support for linker relaxations.
Regardless, this is theoretically an issue for all architectures.

Reported by:	Dennis Clarke <dclarke@blastwave.org>
Reviewed by:	dim
Tested by:	mhorne
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D28367
dd6c1c2a andrew Jan. 27, 2021, 7:03 p.m.
A struct recource already contains the bus_space_tag_t and
bus_space_handle_t. There is no neec to read them and store them again
in the drivers softc. Remove them and use the struct resource directly
with bus_read_* and bus_write_*.

Reviewed by:	mmel
Differential Revision:	https://reviews.freebsd.org/D28339
7012461c kevans Jan. 27, 2021, 7:02 p.m.
efi, like the various ${MACHINE} directories, should have a dependency on
the enabled interpreters.

The general rule here is that any top-level directory that has a program at
any depth within that includes loader.mk should add ${INTERP_DEPENDS} added
to its dependencies so that the appropriate ficl/lua bits are ready before
they begin.

Note that the only directories in-tree that require it but will not get it
in a more appropriate manner are i386 (on amd64), efi, and userboot. i386
and userboot are handled explicitly in Makefile.amd64 where they are added
to S.yes.

Reported-by:	bcran
MFC-after:	3 days
24a8f6d3 rrs Jan. 27, 2021, 6:52 p.m.
we need to make sure that the m_nextpkt field is NULL
else the lower layers may do unwanted things.

Reviewed By:  gallatin, melifaro
Differential Revision: https://reviews.freebsd.org/D28377
4f009328 arichardson Jan. 27, 2021, 5:48 p.m.
Building the kerberos5 subdirectory currently produces lots of warnings.
Since there are many instances of these warnings and it's contrib code,
this change silences the warnings instead of fixing them.

Reviewed By:	jhb, cy, bjk
Differential Revision: https://reviews.freebsd.org/D28025
8a2f9dff gbe Jan. 27, 2021, 5:20 p.m.
8dba3dd8 gbe Jan. 27, 2021, 5:18 p.m.
35dabb7b kp Jan. 27, 2021, 3:42 p.m.
Reported by:	Jose Luis Duran
7a808c5e kp Jan. 27, 2021, 3:42 p.m.
Move the validation checks to pf_rule_to_krule() to reduce duplication.
This also makes the checks consistent across different ioctls.

Reported-by:	syzbot+e9632d7ad17398f0bd8f@syzkaller.appspotmail.com
Reviewed by:	tuexen@, donner@
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D28362
5c325977 mjg Jan. 27, 2021, 3:08 p.m.
5fc384d1 mjg Jan. 27, 2021, 3 p.m.
The current abort is overzealous.