da92ecbc dougm Jan. 18, 2022, 6:49 p.m.
In vm_phys_alloc_seg_contig, in allocating multiple memory blocks for
a huge allocation, ensure that the end of the allocated range does not
exceed the upper segment limit.

Reorder a couple of checks to improve code layout.

Reviewed by:	alc
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D33870
da7fc5c3 jhb Jan. 18, 2022, 6:42 p.m.
The kernel pointers in this structure need to be 32-bit pointers,
not native pointers to 32-bit integers.

Reviewed by:	kib
Sponsored by:	The University of Cambridge, Google Inc.
Differential Revision:	https://reviews.freebsd.org/D33905
a3af69fa jhb Jan. 18, 2022, 5:28 p.m.
Only abort tasks queued for datamove after
cfiscsi_sesssion_terminate_tasks has posted its internal

Reported by:	Jithesh Arakkan @ Chelsio
Reviewed by:	mav
Fixes:		0cd6e85e242b iscsi: Abort data-out tasks queued on a terminating session.
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D33747
ec080394 cy Jan. 18, 2022, 4:17 p.m.
The long awaited hostapd 2.10 is finally here.

MFC after:      3 weeks
64e33c5c cy Jan. 18, 2022, 4:10 p.m.
This reverts commit 5eb81a4b4028113e3c319f21a1db6b67613ec7ab, reversing
changes made to c6806434e79079f4f9419c3ba4fec37efcaa1635 and
this reverts commit 679ff6112361d2660f4e0c3cda71198a5e773a25.

What happend is git rebase --rebase-merges doesn't do what is expected.
679ff611 cy Jan. 18, 2022, 4 p.m.
Restore .gitignore inadvertently deleted by

Fixes:		5eb81a4b4028113e3c319f21a1db6b67613ec7ab
Pointy hat to:	cy
46d35d41 markj Jan. 18, 2022, 3:51 p.m.
Fixes:	1811c1e957ee ("exec: Reimplement stack address randomization")
Reported by:	pho
Reported by:	syzbot+0446312a51bc13ead834@syzkaller.appspotmail.com
Sponsored by:	The FreeBSD Foundation
5eb81a4b cy Jan. 18, 2022, 3:45 p.m.
The long awaited hostapd 2.10 is finally here.

MFC after:	3 weeks
c6806434 cy Jan. 18, 2022, 2:21 p.m.
When a use sets umask in login.conf(5) to 027 or 077 a subsequently
fetched /var/db/ntpd.leap-seconds.list will inherit the permissions
allowed by the umask, resulting in a file that may not be readable
ntpd running under the ntp account. This patch adds a umask command
to preempt the umask in login.conf(5) prior to fetching a new copy
of the leap-seconds file.

PR:		261298
Reported by:	Martin Waschbusch <martin@waschbuesch.de>
MFC after:	3 days
aac52f94 rrs Jan. 18, 2022, 12:41 p.m.
The clang compiler recently got an update that generates warnings of unused
variables where they were set, and then never used. This revision goes through
the tcp stack and cleans all of those up.

Reviewed by: Michael Tuexen, Gleb Smirnoff
Sponsored by: Netflix Inc.
Differential Revision:
e0516c75 royger Jan. 18, 2022, 9:19 a.m.
All supported Xen instances by FreeBSD provide a local APIC
implementation, so there's no need to replace the native local APIC
implementation anymore.

Leave just the ipi_vectored hook in order to be able to override it
with an implementation based on event channels if the underlying local
APIC is not virtualized by hardware. Note the hook cannot use ifuncs,
because at the point where ifuncs are resolved the kernel doesn't yet
know whether it will benefit from using the optimization.

Sponsored by: Citrix Systems R&D
Reviewed by: kib
Differential revision: https://reviews.freebsd.org/D33917
2450da67 royger Jan. 18, 2022, 9:18 a.m.
Instead of using event channels or hypercalls to deal with IPIs and

Using a hardware virtualized APIC should be faster than using any PV
interface, since the VM exit can be avoided.

Xen exposes whether the domain is using hardware assisted x{2}APIC
emulation in a CPUID bit.

Sponsored by: Citrix Systems R&D
cc68614d delphij Jan. 18, 2022, 12:34 a.m.
50722514 markj Jan. 18, 2022, 12:01 a.m.
Once a crypto cursor has reached the end of its buffer, it is invalid to
call crypto_cursor_segment() for at least some crypto buffer types.
Reorganize loops to avoid this.

Fixes:	cfb7b942bed7 ("cryptosoft: Use multi-block encrypt/decrypt for non-AEAD ciphers.")
Fixes:	a221a8f4a0de ("cryptosoft: Use multi-block encrypt/decrypt for AES-GCM.")
Fixes:	f8580fcaa1e1 ("cryptosoft: Use multi-block encrypt/decrypt for AES-CCM.")
Fixes:	5022c68732e6 ("cryptosoft: Use multi-block encrypt/decrypt for ChaCha20-Poly1305.")
Reported and tested by:	madpilot
Discussed with:	jhb
Sponsored by:	The FreeBSD Foundation
21881527 markj Jan. 17, 2022, 9:12 p.m.
Reviewed by:	debdrup, danfe, emaste
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33908