The modification to the hash are already naturally locked by
in_control_sx.  Convert the hash lists to CK lists. Remove the
in_ifaddr_rmlock. Assert the network epoch where necessary.

Most cases when the hash lookup is done the epoch is already entered.
Cover a few cases, that need entering the epoch, which mostly is
initial configuration of tunnel interfaces and multicast addresses.

Reviewed by:		melifaro
Differential revision:	https://reviews.freebsd.org/D32584

Missed that since sconfig(8) was built on i386 only. Since I enabled
cp(4) on amd64, enable sconfig(8) as well.

Fixes:	6aae3517

This reverts commit 59eab109.

The change suppressed EFAULT originating from uiomove().  The deadlock
avoidance mechanism implemented by vn_io_fault1() in the VFS handles
such errors by wiring the user pages and retrying, but this change
caused read() to return early instead.  This can result in short I/O,
causing misbehaviour in some applications, and possibly other
consequences.

Until this is resolved somehow, revert the commit.

Approved by:	mm

The last two drivers that required sppp are cp(4) and ce(4).

These devices are still produced and can be purchased
at Cronyx <http://cronyx.ru/hardware/wan.html>.

Since Roman Kurakin <rik@FreeBSD.org> has quit them, they no
longer support FreeBSD officially.  Later they have dropped
support for Linux drivers to.  As of mid-2020 they don't even
have a developer to maintain their Windows driver.  However,
their support verbally told me that they could provide aid to
a FreeBSD developer with documentaion in case if there appears
a new customer for their devices.

These drivers have a feature to not use sppp(4) and create an
interface, but instead expose the device as netgraph(4) node.
Then, you can attach ng_ppp(4) with help of ports/net/mpd5 on
top of the node and get your synchronous PPP.  Alternatively
you can attach ng_frame_relay(4) or ng_cisco(4) for HDLC.
Actually, last time I used cp(4) back in 2004, using netgraph(4)
instead of sppp(4) was already the right way to do.

Thus, remove the sppp(4) related part of the drivers and enable
by default the negraph(4) part.  Further maintenance of these
drivers in the tree shouldn't be a big deal.

While doing that, remove some cruft and enable cp(4) compilation
on amd64.  The ce(4) for some unknown reason marks its internal
DDK functions with __attribute__ fastcall, which most likely is
safe to remove, but without hardware I'm not going to do that, so
ce(4) remains i386-only.

Reviewed by:		emaste, imp, donner
Differential Revision:	https://reviews.freebsd.org/D32590
See also:		https://reviews.freebsd.org/D23928

If CAS detects that radix is not supported, set radix_mmu to 0
to avoid the kernel trying to use it and panic.

MFC after:	2 weeks
Sponsored by:	Instituto de Pesquisas Eldorado (eldorado.org.br)

vm_reserv_reclaim_*() will release pages to the default freepool, not
the direct freepool from which noobj allocations are drawn.  But if both
pools are empty, the noobj allocator variants must break reservations to
make progress.

Reported by:	cy
Reviewed by:	kib (previous version)
Fixes:	b498f71b ("vm_page: Add a new page allocator interface for unnamed pages")
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32592

TCP Hystart draft version -03:
https://datatracker.ietf.org/doc/html/draft-ietf-tcpm-hystartplusplus

Is a new version of hystart that allows one to carefully exit slow start if the RTT
spikes too much. The newer version has a slower-slow-start so to speak that then
kicks in for five round trips. To see if you exited too early, if not into congestion avoidance.
This commit will add that feature to our newreno CC and add the needed bits in rack to
be able to enable it.

Reviewed by: tuexen
Sponsored by: Netflix Inc.
Differential Revision:	https://reviews.freebsd.org/D32373

Fix clearing of bits in RCTL for the non-bpf/non-allmulti case.
Update RCTL after modifying the multicast filter registers as per
the Linux driver.

This fixes LACP on igc interfaces, where incoming LACP multicasti
control packets were being dropped.

Reviewed by:	kbowling
Obtained from:	Rubicon Communications, LLC ("Netgate")
MFC after:	3 days
Differential Revision: https://reviews.freebsd.org/D32574

Correct input_sta "assertion" checks.  CTS/ACK CTRL frames are shorter
then sizeof(struct ieee80211_frame_min) and were thus running into the
is_rx_tooshort error case.
Use ieee80211_anyhdrsize() to handle this better but make sure we do
at least have the first 2 octets needed for that.
While here move the safety checks before any code which may not obey
them later, just for good style.

The non-scanning check further down assumes a frame format also not
matching control frames.  For now skip the checks for control frames
which allows us to deal with some of them at least now.

Sponsored by:	The FreeBSD Foundation
Obtained from:	20210906 wireless v0.91 code drop
MFC after:	3 days
Reviewed by:	adrian
Differential Revision: https://reviews.freebsd.org/D32238

While IEEE80211_R_BAND was defined, there was no place to store the
band.  Add a field for that, adjust ieee80211_lookup_channel_rxstatus()
to require it, and update drivers passing "R_{FREQ|IEEE}" in already to
provide the band as well.  For the moment keep the fall-back code
requiring all three fields.

Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
Reviewed by:	adrian
Differential Revision: https://reviews.freebsd.org/D30662

Ensure that the ICMP error is returned with the correct
source and destination addresses.

MFC after:	3 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D32572

When we route-to a packet that later turns out to not fit in the
outbound interface MTU we generate an ICMP error.
However, if we've already changed those (i.e. we've passed through a NAT
rule) we have to undo the transformation first.

Obtained from:	pfSense
MFC after:	3 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D32571

The lead digit was lost in 05eba8e0 making it impossible to find the
commit.

The two subsequent RELNOTES commits gave one less digit of the commit
hash, which is what `git rev-parse --short` thinks the minimal length is,
but keep them to align with other entries.

Fixes:		05eba8e0
Differential Revision:	https://reviews.freebsd.org/D32595

Merge commit 'c66f7aac'

Changes: https://github.com/eggert/tz/blob/2021e/NEWS

MFC after:	3 days

Reminded by:	ygy

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

Conflicts:
	share/man/man4/Makefile (unresolved)

This man page formerly referred to boot1.efi searching for loader.efi;
when boot1.efi was obsoleted in favour of having loader.efi launched
directly, this was left claiming that loader.efi searched for
loader.efi.

Reviewed by:	bcran
Fixes:		db8b5613 Rework UEFI ESP generation
Differential Revision:	https://reviews.freebsd.org/D32334

This reverts commit 8cb175ba

. We don't
use FreeBSD's ASR implementation.
Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

PR:		211668
Fixes:		262717e2
Reported by:	jhb

In shm_largepage_phys_populate(), the result from vm_page_grab() is only
needed for assertion.

In shm_dotruncate_largepage(), there is a commented-out prototype code
for managed largepages.   The oldobjsz is saved for its sake, so mark
the variable as __unused directly.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week

It is only used to assert that the (current) process is locked

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week

The function ignores result returned by linker_release_module().
The FW_UNLOAD flag on the file is cleared, so even on error it would
not be tried again.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week

It is passed to the NDINIT() macro which ignores the thread argument
for some time.

Sponsored by:	The FreeBSD Foundation

For some of them, used only when KTR or KMSAN are configured, apply
__unused attribute directly.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week

umtxq_queue_lookup() does not change state.  It is redone inside
umtxq_insert() later, anyway.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week

Mark variables as __diagused for invariant-only vars

Reviewed by:	imp, mjg
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D32577

Conflicts:
	sys/contrib/openzfs/lib/libzfs/os/freebsd/libzfs_compat.c (unresolved)

A future change to TOE TLS will require a software fallback for the
first few TLS records received.  Future support for NIC TLS on receive
will also require a software fallback for certain cases.

Reviewed by:	gallatin, hselasky
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D32566

As a followup to SW KTLS assuming an OCF backend, rename
struct ocf_session to struct ktls_ocf_session and forward
declare it in <sys/ktls.h> to use as the type of
struct ktls_session.cipher.

Reviewed by:	gallatin, hselasky
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D32565

In particular, ktls_pending_rx_info() determines which TLS record is
at the end of the current receive socket buffer (including
not-yet-decrypted data) along with how much data in that TLS record is
not yet present in the socket buffer.

This is useful for future changes to support NIC TLS receive offload
and enhancements to TOE TLS receive offload.  Those use cases need a
way to synchronize a state machine on the NIC with the TLS record
boundaries in the TCP stream.

Reviewed by:	gallatin, hselasky
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D32564

Pointy hat:	kevans
Fixes:	4e380e84 ("cmp: add -n, --bytes to limit number of bytes [...]")
Sponsored by:	Klara, Inc.

Stack gap code used on amd64 can also be reused for arm64. Point
sv_stackgap to elf64_stackgap to enable this feature.

Reviewed by: mw, kib, emaste
Tested by: mw
MFC: after 1 month
Differential Revision: https://reviews.freebsd.org/D32588