r323889 jhb Sept. 22, 2017, 12:15 a.m.
Software crypto implementations don't care how the buffer is laid out,
but hardware implementations may assume that the AAD is always before
the plain/cipher text and that the hash/tag is immediately after the end
of the plain/cipher text.

In particular, this arrangement matches the layout of both IPSec packets
and TLS frames.  Linux's crypto framework also assumes this layout for
AEAD requests.

Reviewed by:	cem
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D11758
r323887 shurd Sept. 21, 2017, 11:27 p.m.
It doesn't appear to be safe to use gtask->gt_name.

Reported by:	Mark Johnston, Jenkins
Reviewed by:	sbruno
Approved by:	sbruno (mentor)
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D12448
r323886 tsoome Sept. 21, 2017, 11:22 p.m.
The device specific *_add functions are using malloc() + memset,
should use calloc instead.
r323885 tsoome Sept. 21, 2017, 11:14 p.m.
The current implementation of efi_devpath_match() is returning values 0 or 1,
so it should be updated to return bool.
r323883 imp Sept. 21, 2017, 11:10 p.m.
/usr/local/etc gets created and populated by packages. However, if no
packages are installed when setup_nanobsd is run, this symlink won't
get created, causing problems if packages are installed later (say on
first boot). Therefore, always create the symlink and etc/local. It
does no harm and may help.

Inspired by crochet issue #183 (consuingly says NanoBSD, means crochet)
Sponsored by: Netflix
r323882 jhb Sept. 21, 2017, 11:05 p.m.
Move handling of these three pathconf() variables out of vop_stdpathconf()
and into devfs_pathconf() as TTY devices can only be devfs files.  In
addition, only return settings for these three variables for devfs devices
whose device switch has the D_TTY flag set.

Discussed with:	bde, kib
Sponsored by:	Chelsio Communications
r323881 jhb Sept. 21, 2017, 10:33 p.m.
Submitted by:	bde
Sponsored by:	Chelsio Communications
r323880 markj Sept. 21, 2017, 10:15 p.m.
Reviewed by:	alc, kib
MFC after:	1 week
r323879 shurd Sept. 21, 2017, 9:14 p.m.
Check the return code of intr_setaffinity() and log any errors
it returns. When a qid is not located, log an error before returning
failure.  Also, use __func__ rather than hardcoding the function name

Reviewed by:	sbruno
Approved by:	sbruno (mentor)
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D12436
r323878 cem Sept. 21, 2017, 9:07 p.m.
Previously, this test was entirely a no-op as no vector in the NIST-KAT file
has a precisely 20-byte key.

Additionally, not every vector in the file is SHA1.  The length field
determines the hash under test, and is now decoded correctly.

Finally, due to a limitation I didn't feel like fixing in cryptodev.py, MACs
are truncated to 16 bytes in this test.

With this change and the uncommitted D12437 (to allow key sizes other than
those used in IPSec), the SHA tests in cryptotest.py actually test something
and e.g. at least cryptosoft passes the test.

Sponsored by:	Dell EMC Isilon
r323876 shurd Sept. 21, 2017, 8:34 p.m.
Previously had the same short and long description as taskqueues.
This could cause problems with memguard(9) and vmstat -m which use
the short description as a unique identifier.

Reviewed by:	sbruno
Approved by:	sbruno (mentor)
MFC after:	3 days
Sponsored by:	Limelight Networks
Differential Revision:	https://reviews.freebsd.org/D12438
r323874 shurd Sept. 21, 2017, 8:27 p.m.
- Use HWRM_FUNC_VF_CFG instead of HWRM_FUNC_CFG on VFs
- Fix NPAR/VF detection
- Clean up flag definitions
- Don't allow WoL on VFs

Although the bnxt driver doesn't support SR-IOV so can create VFs yet,
the PF could be running Linux or ESCi with a VF passed through to a
FreeBSD guest.  This fixes the driver for that use case.

Submitted by:	Siva Kallam <siva.kallam@@broadcom.com>
Reviewed by:	shurd, sbruno
Approved by:	sbruno (mentor)
Sponsored by:	Broadcom Limited
Differential Revision:	https://reviews.freebsd.org/D12410
r323873 eugen Sept. 21, 2017, 8:16 p.m.
Fix a race with per-node read-mostly lock and refcounting for a hook.

PR:			220076
Tested by:		peixoto.cassiano
Approved by:		avg (mentor), mav (mentor)
MFC after:		1 week
Relnotes:		yes
Differential Revision:	https://reviews.freebsd.org/D12435
r323869 cem Sept. 21, 2017, 6:06 p.m.
For some reason, we only skipped AES-XTS tests if a driver was not in the
aesmodules list.  Skip other AES modes as well to prevent spurious failures
in non-AES drivers.

Sponsored by:	Dell EMC Isilon
r323868 alc Sept. 21, 2017, 3:32 p.m.
accepts PQ_NONE as the specified queue and returns a Boolean indicating
whether the page's wire count transitioned to zero.  Use these features
in dev/drm2.

Reviewed by:	kib, markj
MFC after:	1 week