r344150 mw Feb. 15, 2019, 10:34 a.m.
Requested ID should be validated when the packet is received and not
when the driver is repopulating the mbufs.

Submitted by: Michal Krawczyk <mk@semihalf.com>
Obtained from: Semihalf
Sponsored by: Amazon, Inc.
MFC after: 1 week
r344148 tuexen Feb. 15, 2019, 9:45 a.m.
segments sent in TIMEWAIT state, which I introduced in r336937.

MFC after:	3 days
Sponsored by:	Netflix, Inc.
r344143 sef Feb. 15, 2019, 4:15 a.m.
This did not show up in my testing.

Differential Revision:	https://reviews.freebsd.org/D18592
r344142 sef Feb. 15, 2019, 4:01 a.m.
r344141 sef Feb. 15, 2019, 3:53 a.m.
This commit essentially has three parts:

* Add the AES-CCM encryption hooks.  This is in and of itself fairly small,
as there is only a small difference between CCM and the other ICM-based
* Hook the code into the OpenCrypto framework.  This is the bulk of the
changes, as the algorithm type has to be checked for, and the differences
between it and GCM dealt with.
* Update the cryptocheck tool to be aware of it.  This is invaluable for
confirming that the code works.

This is a software-only implementation, meaning that the performance is very

Sponsored by:	iXsystems Inc.
Differential Revision:	https://reviews.freebsd.org/D19090
r344140 sef Feb. 15, 2019, 3:46 a.m.
This adds the CBC-MAC code to the kernel, but does not hook it up to
anything (that comes in the next commit).

https://tools.ietf.org/html/rfc3610 describes the algorithm.

Note that this is a software-only implementation, which means it is
fairly slow.

Sponsored by:   iXsystems Inc
Differential Revision:  https://reviews.freebsd.org/D18592
r344133 bde Feb. 14, 2019, 7:07 p.m.
The previous fix was unnecessarily very slow up to 105 hours where the
simple formula used previously worked, and unnecessarily slow by a factor
of about 5/3 up to 388 days, and didn't work above 388 days.  388 days is
not a long time, since it is a reasonable uptime, and for processes the
times being calculated are aggregated over all threads, so with N CPUs
running the same thread a runtime of 388 days is reachable after only
388 / N physical days.

The PRs document overflow at 388 days, but don't try to fix it.

Use the simple formula up to 76 hours.  Then use a complicated general
method that reduces to the simple formula up to a bit less than 105
hours, then reduces to the previous method without its extra work up
to almost 388 days, then does more complicated reductions, usually
many bits at a time so that this is not slow.  This works up to half
of maximum representable time (292271 years), with accumulated rounding
errors of at most 32 usec.

amd64 can do all this with no avoidable rounding errors in an inline
asm with 2 instructions, but this is too special to use.  __uint128_t
can do the same with 100's of instructions on 64-bit arches.  Long
doubles with at least 64 bits of precision are the easiest method to
use on i386 userland, but are hard to use in the kernel.

PR:		76972 and duplicates
Reviewed by:	kib
r344132 erj Feb. 14, 2019, 6:02 p.m.
Don't use a struct if_irq for IFLIB_INTR_IOV type interrupts since that results
in get_core_offset() being called on them, and get_core_offset() doesn't
handle IFLIB_INTR_IOV type interrupts, which results in an assert() being triggered
in iflib_irq_set_affinity().

PR:		235730
Reported by:	Jeffrey Pieper <jeffrey.e.pieper@intel.com>
MFC after:	1 day
Sponsored by:	Intel Corporation
r344129 imp Feb. 14, 2019, 5:04 p.m.
r344128 kib Feb. 14, 2019, 3:45 p.m.
Make the clustering enabling knob more fine-grained by providing a
setting where the allocation with hint is not clustered. This is aimed
to be somewhat more compatible with e.g. go 1.4 which expects that
hinted mmap without MAP_FIXED does not change the allocation address.

Now the vm.cluster_anon can be set to 1 to only cluster when no hints,
and to 2 to always cluster.  Default value is 1.

Requested by: peter
Reviewed by:	emaste, markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 month
Differential revision:	https://reviews.freebsd.org/D19194
r344123 luporl Feb. 14, 2019, 3:15 p.m.
When sigreturn() restored a thread's context, SRR1 was being restored
to its previous value, but pcb_flags was not being touched.

This could cause a mismatch between the thread's MSR and its pcb_flags.
For instance, when the thread used the FPU for the first time inside
the signal handler, sigreturn() would clear SRR1, but not pcb_flags.
Then, the thread would return with the FPU bit cleared in MSR and,
the next time it tried to use the FPU, it would fail on a KASSERT
that checked if the FPU was disabled.

This change clears the FPU bit in both pcb_flags and frame->srr1,
as the code that restores the context expects to use the FPU trap
to re-enable it.

PR:		234539
Reported by:	sbruno
Reviewed by:	jhibbits, sbruno
Differential Revision:	https://reviews.freebsd.org/D19166
r344121 kib Feb. 14, 2019, 2:44 p.m.
Discussed with:	emaste
Sponsored by:	The FreeBSD Foundation
r344120 kib Feb. 14, 2019, 2:02 p.m.
In particular, use ifuncs for __getcontextx_size(), also calculate the
size of the extended save area in resolver.  Same for __fillcontextx2().

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
r344119 kib Feb. 14, 2019, 1:59 p.m.
Based on the discussion with:	jkim
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
r344118 kib Feb. 14, 2019, 1:53 p.m.
Some older compilers, when generating PIC code, cannot handle inline
asm that clobbers %ebx (because %ebx is used as the GOT offset
register).  Userspace versions avoid clobbering %ebx by saving it to
stack before executing the CPUID instruction.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week