Some VMs advertise the support of SSE instruction in a different set of the cpuid flags.
For more read https://forum.pfsense.org/index.php?topic=87314.0
Details
Details
Diff Detail
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
sys/crypto/aesni/aesni.c | ||
---|---|---|
89 | you're checking for CPUID_CLFSH not CPUID2_SSE41 on cpu_feature, if you're doing that spell it correctly. According to my reading, CLFSH just denotes the presence of SSE2, not the required SSE4 instructions that are now required by GCM... If the need for supporting older, non-SSE4 is desired, then an audit needs to be done, and only enable those algorithms that do not require SSE4. I did an audit of what machines are out there, and the second thread linked, all AES-NI machines have SSE4 support, if this is a bug in ESX/Xen/etc, then we need to special case it only for the respective cases. Please provide a dmesg output showing the features bits requiring this change. I currently don't see a need for this change. |