HomeFreeBSD

address an issue where consumers, like IPsec, can reuse the same

Description

address an issue where consumers, like IPsec, can reuse the same
session in multiple threads w/o locking.. There was a single fpu
context shared per session, if multiple threads were using the session,
and both migrated away, they could corrupt each other's fpu context...

This patch adds a per cpu context and a lock to protect it...

It also tries to better address unloading of the aesni module...
The pause will be removed once the OpenCrypto Framework provides a
better method for draining callers into _newsession...

I first discovered the fpu context sharing issue w/ a flood ping over
an IPsec tunnel between two bhyve machines... The patch in D3015
was used to verify that this fix does fix the issue...

Reviewed by: gnn, kib (both earlier versions)
Differential Revision: https://reviews.freebsd.org/D3016

Details

Provenance
jmgAuthored on
Reviewer
gnn
Differential Revision
D3016: Add proper locking to the fpu_ctx allocated by aesni..
Parents
rS285288: Address review.
Branches
Unknown
Tags
Unknown