Fast-IPsec is a rework of the OpenBSD and KAME IPsec code, using the
OpenCryptoFramework (and thus hardware crypto accelerators) and
numerous detailed performance improvements.
This import is (aside from SPL-level names) the FreeBSD source,
imported ``as-is'' as a historical snapshot, for future maintenance
and comparison against the FreeBSD source. For now, several minor
kernel-API differences are hidden by macros a shim file, ipsec_osdep.h,
which (aside from SPL names) can be targeted at either NetBSD or FreeBSD.
(previously 'GLptr' was used as mask.)
this long standing bug seems to be uncovered by
my previous change(rev.1.2) on some machines.
PR/22457 from Matthias Scheler, and tested by him.
and when MAXDSIZ were increased memcpy() length sometimes were larger
than 64k (like in amap_extend()) All functions now checks the length.
This fixes PR#19968.
Disable the inline string functions and use the C versions instead.
since it was write-only. When setting up a process, make sure the fake
callframes are properly linked together.
Only lower SPL when in Idle loop. Raise spl to previous level (which would
be IPL_SCHED) when exiting Idle loop. Never lower SPL anyplace else.
which caused the exception. To avoid an endless loop if
the user is ignoring or catching SIGFPE, adjust the saved
PC to skip over the offending instruction.
XXX: It's not clear that this is the correct behaviour,
XXX: but it's the only way to make sh5 pass the IEEEFP
XXX: regression tests in regress/lib/libc/ieeefp/except.
means "count", in this context) the entropy we're adding because we poll the
device periodically. Sure, we poll it periodically, but it's a hardware
RNG -- the data returned should be random no matter when we read the
register!
The patch below (hopefully) improves some signaling problems
found by Nathan.
It also contains some cleanup of the sa_upcall_userret() function
removing any sleep calls using PCATCH.
Unblocked threads now only use an upcall stack after they
acquire the virtual CPU.
This prevents unblocked threads from stealing all available
upcall stacks.
Tested by Nick Hudson.
instead of keeping sysmon_envsys_list_slock spinlock held
because some drivers might sleep in sysmon_envsys ops,
XXX sysmon_envsys_lock is now redundant
I doubt it makes much sense to use the VM's stack for this, but the
old code was doubtless wrong because it potentially overwrote random
user memory.
(It might be a good idea to use the process' pre-vm86()-call stack,
but atm the infrastructure for this is missing.)
