r343969 nwhitehorn Feb. 10, 2019, 8:13 p.m.
- Distribute RX load across multiple cores, if present. This reverts
  r217212, which is no longer relevant (I think because of the newer
- Use newer APIs for pinning taskqueue entries to specific cores.
- Deepen RX buffers.

This more than doubles NAT forwarding throughput on my EdgeRouter Lite from,
with typical packet mixture, 90 Mbps to over 200 Mbps. The result matches
forwarding throughput in Linux without the UBNT hardware offload on the same
hardware, and thus likely reflects hardware limits.

Reviewed by:	jhibbits
r343968 np Feb. 10, 2019, 7:20 p.m.
Sponsored by:	Chelsio Communications
r343967 pluknet Feb. 10, 2019, 7:07 p.m.
Notably, unlike in OpenBSD, which the man page was copied from,
ai_canonname and ai_addr come in different order.

PR:		225880
MFC after:	1 week
r343966 kib Feb. 10, 2019, 7:01 p.m.
i386 is the only architecture where uint64_t does not specify 8-bytes
alignment, which makes struct xswdev layout not compatible between
64bit and i386.

Reported and tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
r343965 mmel Feb. 10, 2019, 6:28 p.m.
DMAMAP_DMAMEM_ALLOC is property of dmamap, not dmatag.

MFC after:	1 week
Reported by:	ian
Pointy hat:	mmel
r343964 kib Feb. 10, 2019, 5:19 p.m.
With this change, randomization can be enabled for all non-fixed
mappings.  It means that the base address for the mapping is selected
with a guaranteed amount of entropy (bits). If the mapping was
requested to be superpage aligned, the randomization honours the
superpage attributes.

Although the value of ASLR is diminshing over time as exploit authors
work out simple ASLR bypass techniques, it elimintates the trivial
exploitation of certain vulnerabilities, at least in theory.  This
implementation is relatively small and happens at the correct
architectural level.  Also, it is not expected to introduce
regressions in existing cases when turned off (default for now), or
cause any significant maintaince burden.

The randomization is done on a best-effort basis - that is, the
allocator falls back to a first fit strategy if fragmentation prevents
entropy injection.  It is trivial to implement a strong mode where
failure to guarantee the requested amount of entropy results in
mapping request failure, but I do not consider that to be usable.

I have not fine-tuned the amount of entropy injected right now. It is
only a quantitive change that will not change the implementation.  The
current amount is controlled by aslr_pages_rnd.

To not spoil coalescing optimizations, to reduce the page table
fragmentation inherent to ASLR, and to keep the transient superpage
promotion for the malloced memory, locality clustering is implemented
for anonymous private mappings, which are automatically grouped until
fragmentation kicks in.  The initial location for the anon group range
is, of course, randomized.  This is controlled by vm.cluster_anon,
enabled by default.

The default mode keeps the sbrk area unpopulated by other mappings,
but this can be turned off, which gives much more breathing bits on
architectures with small address space, such as i386.  This is tied
with the question of following an application's hint about the mmap(2)
base address. Testing shows that ignoring the hint does not affect the
function of common applications, but I would expect more demanding
code could break. By default sbrk is preserved and mmap hints are
satisfied, which can be changed by using the
kern.elf{32,64}.aslr.honor_sbrk sysctl.

ASLR is enabled on per-ABI basis, and currently it is only allowed on
FreeBSD native i386 and amd64 (including compat 32bit) ABIs.  Support
for additional architectures will be added after further testing.

Both per-process and per-image controls are implemented:
- NT_FREEBSD_FCTL_ASLR_DISABLE feature control note bit makes it possible
  to force ASLR off for the given binary.  (A tool to edit the feature
  control note is in development.)
Global controls are:
- kern.elf{32,64}.aslr.enable - for non-fixed mappings done by mmap(2);
- kern.elf{32,64}.aslr.pie_enable - for PIE image activation mappings;
- kern.elf{32,64}.aslr.honor_sbrk - allow to use sbrk area for mmap(2);
- vm.cluster_anon - enables anon mapping clustering.

PR:	208580 (exp runs)
Exp-runs done by:	antoine
Reviewed by:	markj (previous version)
Discussed with:	emaste
Tested by:	pho
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D5603
r343963 mmel Feb. 10, 2019, 2:30 p.m.
MFC after:	1 week
Reported by:	jah
r343962 mmel Feb. 10, 2019, 2:25 p.m.
- for now, alignments bigger that page size is allowed only for buffers
   allocated by bus_dmamem_alloc(), cover this fact by KASSERT.
 - never bounce buffers allocated by bus_dmamem_alloc(), these always comply
   with the required rules (alignment, boundary, address range).

MFC after:	1 week
Reviewed by:	jah
PR:		235542
r343961 tuexen Feb. 10, 2019, 2:02 p.m.
MFC after:		3 days
r343960 tuexen Feb. 10, 2019, 1:55 p.m.
option. The problem affects only setsockopt with invalid parameters.

This issue was found by syzkaller.

MFC after:		3 days
r343959 dim Feb. 10, 2019, 1:44 p.m.
Avoid setting zero bytes beyond the length of the 'thisline' parameters
in i_process() and u_process(), and don't attempt to memset a negative
number of bytes.

MFC after:	1 week
r343958 dim Feb. 10, 2019, 1:34 p.m.
declarations from base gcc, by renaming those variables.

MFC after:	1 week
r343957 dim Feb. 10, 2019, 1:31 p.m.
both clang and gcc, by either constifying variables, or when that is not
possible, using __DECONST.

MFC after:	1 week
r343954 tuexen Feb. 10, 2019, 10:42 a.m.
This occurs when call setsockopt() with invalid parameters.

This issue was found by syzkaller.

MFC after:		3 days
r343953 peterj Feb. 10, 2019, 8:46 a.m.
Replace calls to sinf(x) and cosf(x) with a single call to sincosf().

Submitted by:	Steve Kargl <sgk@troutmask.apl.washington.edu>
Reviewed by:	bde
Approved by:	grog
MFC after:	3 days