Allow aesni(4) module to be loaded on all VMs
AbandonedPublic
Actions

Authored by eri on Jul 4 2015, 9:41 AM.

Details

Reviewers

jmg
gnn

Summary

Some VMs advertise the support of SSE instruction in a different set of the cpuid flags.
For more read https://forum.pfsense.org/index.php?topic=87314.0

Repository

rS FreeBSD src repository - subversion

Lint

Lint Skipped

Unit

Tests Skipped

eri retitled this revision from to Allow aesni(4) module to be loaded on all VMs.

eri updated this object.

eri edited the test plan for this revision. (Show Details)

eri added reviewers: jmg, gnn.

eri set the repository for this revision to rS FreeBSD src repository - subversion.

jmg requested changes to this revision.Jul 5 2015, 7:18 AM

jmg edited edge metadata.

jmg added inline comments.

sys/crypto/aesni/aesni.c
89	you're checking for CPUID_CLFSH not CPUID2_SSE41 on cpu_feature, if you're doing that spell it correctly. According to my reading, CLFSH just denotes the presence of SSE2, not the required SSE4 instructions that are now required by GCM... If the need for supporting older, non-SSE4 is desired, then an audit needs to be done, and only enable those algorithms that do not require SSE4. I did an audit of what machines are out there, and the second thread linked, all AES-NI machines have SSE4 support, if this is a bug in ESX/Xen/etc, then we need to special case it only for the respective cases. Please provide a dmesg output showing the features bits requiring this change. I currently don't see a need for this change.

This revision now requires changes to proceed.Jul 5 2015, 7:18 AM

eri abandoned this revision.Feb 20 2017, 11:44 PM

Path

Size

sys/

crypto/

aesni/

2 lines