FreeBSD/src 722b8e3sys/kern link_elf.c

Fix style nits in kern_linker.c

Reported by:    jrtc27
Fixes:  c21bc6f3c242 ("ddb: Add CTF-based pretty printing")
Approved by:    markj (mentor)
DeltaFile
+0-1sys/kern/link_elf.c
+0-11 files

FreeBSD/src d6e1ae6sys/netinet in.c, sys/netinet6 in6.c

carp: check CARP status in in_localip_fib(), in6_localip_fib()

Don't report a BACKUP CARP address as local.  These two functions are used
only by source address validation for input packets, controlled by sysctls
net.inet.ip.source_address_validation and
net.inet6.ip6.source_address_validation.  For this purpose we definitely
want to treat BACKUP addresses as non local.

This change is conservative and doesn't modify compat in_localip() and
in6_localip().  They are used more widely than the FIB-aware versions.
The change would modify the notion of ipfw(4) 'me' keyword.  There might
be other consequences as in_localip() is used by various tunneling
protocols.

PR:                     277349
(cherry picked from commit 56f7860087eec14b4a65310b70bd704e79e1b48c)
DeltaFile
+3-1sys/netinet/in.c
+3-1sys/netinet6/in6.c
+6-22 files

FreeBSD/src 637e67esys/ddb db_ctf.c db_ctf.h

ddb: Drop obsolete -FreeBSD identifier from license

Reported by:    jrtc27
Fixes:  c21bc6f3c242 ("ddb: Add CTF-based pretty printing")
Approved by:    markj (mentor)
DeltaFile
+1-1sys/ddb/db_ctf.c
+1-1sys/ddb/db_ctf.h
+1-1sys/ddb/db_pprint.c
+3-33 files

FreeBSD/src 2aee804sys/kern kern_shutdown.c, sys/sys conf.h

kerneldump: Add flag to indicate kernel core was successfully dumped

This allows for shutdown_final EVENTHANDLERs to know that a core dump
successfully occurred. Embedded systems may want to record this fact
or act on it.

Obtained from:  Juniper Networks, Inc.
Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D44542
DeltaFile
+4-1sys/kern/kern_shutdown.c
+1-0sys/sys/conf.h
+5-12 files

FreeBSD/src fe429e6stand/efi/include efichar.h, stand/efi/libefi efichar.c

stand/efi: Changes to efichar to allow it to be used in the kernel

Replace malloc/free with EFICHAR_MALLOC and EFICHAR_FREEE macros.

Obtained from:  Juniper Networks, Inc.
Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D44541
DeltaFile
+12-5stand/efi/libefi/efichar.c
+8-0stand/efi/include/efichar.h
+20-52 files

FreeBSD/src a983ceasys/netpfil/pf pf.c, tests/sys/netpfil/pf route_to.sh

pf: fix reply-to after rdr and dummynet

If we redirect a packet to localhost and it gets dummynet'd it may be
re-injected later (e.g. when delayed) which means it will be passed
through ip_input() again. ip_input() will then reject the packet because
it's directed to the loopback address, but did not arrive on a loopback
interface.

Fix this by having pf set the rcvif to V_iflo if we redirect to
loopback.

See also:       https://redmine.pfsense.org/issues/15363
Sponsored by:   Rubicon Communications, LLC ("Netgate")
DeltaFile
+61-0tests/sys/netpfil/pf/route_to.sh
+12-0sys/netpfil/pf/pf.c
+73-02 files

FreeBSD/src 5aaef5abin/cp cp.c

cp: Fix grammar in comment.

This reverts commit 416fdc2d71656e2f0b4a16828fb0c736ae32b74a.
DeltaFile
+1-1bin/cp/cp.c
+1-11 files

FreeBSD/src b7b78c1sys/kern subr_trap.c, sys/netinet tcp_hpts.c

Optimize HPTS so that little work is done until we have a hpts thread that is over the connection threshold

HPTS inserts a softclock for system call return that optimizes performance. However when
no HPTS threads need the help (i.e. when they have less than 100 or so connections) then
there should be little work done i.e. check the counter and return instead of running through
all the threads getting locks etc.ptimize HPTS so that little work is done until we have a hpts
thread that is over the connection threshold.

Reported by:    eduardo
Reviewed by:    gallatin, glebius, tuexen
Tested by:      gallatin
Differential Revision: https://reviews.freebsd.org/D44420
DeltaFile
+9-1sys/netinet/tcp_hpts.c
+3-1sys/sys/systm.h
+2-0sys/kern/subr_trap.c
+14-23 files

FreeBSD/src 1c091d1sys/amd64/amd64 fpu.c, sys/i386/i386 npx.c

x86: handle MXCSR from XSAVEOPT when x87 state was optimized

PR:     275322
Reported by:    Cheyenne Wills <cheyenne.wills at gmail.com>
Reviewed by:    emaste, jhb, olce
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D44522
DeltaFile
+21-0sys/amd64/amd64/fpu.c
+21-0sys/i386/i386/npx.c
+42-02 files

FreeBSD/src 7a0d63c. UPDATING, sys/conf newvers.sh

Add UPDATING entries and bump the branch version.

Approved by:    so
Approved by:    re (so, implicit, appease the commit-hook)
DeltaFile
+8-0UPDATING
+1-1sys/conf/newvers.sh
+9-12 files

FreeBSD/src 26059a4contrib/llvm-project/llvm/lib/CodeGen PrologEpilogInserter.cpp

Merge commit f800c1f3b207 from llvm-project (by Arthur Eubanks):

  [PEI] Don't zero out noreg operands

  A tail call may have $noreg operands.

  Fixes a crash.

  Reviewed By: xgupta

  Differential Revision: https://reviews.llvm.org/D156485

This should fix an assertion failure building qemu, specifically those
parts using -fzero-call-used-regs.

Reported by:    Daniel Berrangé <dan-freebsd at berrange.com>
PR:             277474
MFC after:      3 days
Approved by:    so

    [5 lines not shown]
DeltaFile
+7-2contrib/llvm-project/llvm/lib/CodeGen/PrologEpilogInserter.cpp
+7-21 files

FreeBSD/src f07351fsys/dev/wg if_wg.c

if_wg: use proper barriers around pkt->p_state

Without appropriate load-synchronization to pair with store barriers in
wg_encrypt() and wg_decrypt(), the compiler and hardware are often
allowed to reorder these loads in wg_deliver_out() and wg_deliver_in()
such that we end up with a garbage or intermediate mbuf that we try to
pass on.  The issue is particularly prevalent with the weaker
memory models of !x86 platforms.

Switch from the big-hammer wmb() to more explicit acq/rel atomics to
both make it obvious what we're syncing up with, and to avoid somewhat
hefty fences on platforms that don't necessarily need this.

With this patch, my dual-iperf3 reproducer is dramatically more stable
than it is without on aarch64.

PR:             264115
Reviewed by:    andrew, zlei
Approved by:    so

    [5 lines not shown]
DeltaFile
+4-6sys/dev/wg/if_wg.c
+4-61 files

FreeBSD/src fb393d2sys/arm/conf NOTES

arm: Remove TI from NOTES

TI support was removed so remove it from NOTES too.

Sponsored by:   Beckhoff Automation GmbH & Co. KG
DeltaFile
+0-3sys/arm/conf/NOTES
+0-31 files

FreeBSD/src f5ac4e1. UPDATING, sys/conf newvers.sh

Add UPDATING entries and bump the branch version.

Approved by:    so
DeltaFile
+11-0UPDATING
+1-1sys/conf/newvers.sh
+12-12 files

FreeBSD/src d9d90e5contrib/unbound configure, contrib/unbound/daemon worker.c

unbound: Vendor import 1.19.1

Release notes at
    https://www.nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/

Security:       CVE-2023-50387, CVE-2023-50868
Security:       FreeBSD-SA-24:03.unbound
Approved by:    so

(cherry picked from commit 8f76bb7dad48538c6832c2fb466a433d2a3f8cd5)
(cherry picked from commit 4f4adb0576dfbcd0d956db0146c9de7e1bb71563)
(cherry picked from commit 948e11aaf420cd7d493cc2e118cacc06d18653fe)
(cherry picked from commit f5a091c1f6a068cdc5c3bd23536830de9dfe7b84)
(cherry picked from commit 6e71235e558ef579605e7f35b02f983b9a246a4a)
(cherry picked from commit 64ac3bca3a6ec8510ae7175cbdd73aa594756e2a)
(cherry picked from commit 103ba509e72e3949d22485666949e9705d4af8cd)
(cherry picked from commit 2bdab519a5c9822571d005c62adec484cf65c2e7)
(cherry picked from commit 5aab39b24ce7437265b94461ffdd9b12c0723658)
(cherry picked from commit a077e95570d9cef9882be688dc28303b6257cfd0)

    [4 lines not shown]
DeltaFile
+301-492contrib/unbound/configure
+516-129contrib/unbound/validator/validator.c
+317-160contrib/unbound/daemon/worker.c
+474-1contrib/unbound/doc/Changelog
+301-124contrib/unbound/util/netevent.c
+190-204contrib/unbound/services/mesh.c
+2,099-1,110179 files not shown
+11,845-2,617185 files

FreeBSD/src d338712. UPDATING, sys/conf newvers.sh

Add UPDATING entries and bump the branch version.

Approved by:    so
DeltaFile
+17-0UPDATING
+1-1sys/conf/newvers.sh
+18-12 files

FreeBSD/src c189b94contrib/unbound configure, contrib/unbound/daemon worker.c

unbound: Vendor import 1.19.1

Release notes at
    https://www.nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/

Security:       CVE-2023-50387, CVE-2023-50868
Security:       FreeBSD-SA-24:03.unbound
Approved by:    so

(cherry picked from commit 8f76bb7dad48538c6832c2fb466a433d2a3f8cd5)
(cherry picked from commit 1b5982339ced0f39ef588a07a3e960954e87c65e)
(cherry picked from commit 948e11aaf420cd7d493cc2e118cacc06d18653fe)
(cherry picked from commit 9afc0c849e6e0436351fbdaf6157d1c822793d80)
(cherry picked from commit 6e71235e558ef579605e7f35b02f983b9a246a4a)
(cherry picked from commit 8a9416b18f8a894c4bb0c3a284746d5e0bc81152)
(cherry picked from commit 103ba509e72e3949d22485666949e9705d4af8cd)
(cherry picked from commit 4631a5104763c01123dad62546b1325cb16bf44c)
(cherry picked from commit 5aab39b24ce7437265b94461ffdd9b12c0723658)
(cherry picked from commit a118088ff3741023c24caeff1a4fff7b660817fd)

    [4 lines not shown]
DeltaFile
+301-492contrib/unbound/configure
+516-129contrib/unbound/validator/validator.c
+317-160contrib/unbound/daemon/worker.c
+474-1contrib/unbound/doc/Changelog
+301-124contrib/unbound/util/netevent.c
+190-204contrib/unbound/services/mesh.c
+2,099-1,110179 files not shown
+11,845-2,617185 files

FreeBSD/src c48fe39kerberos5/lib/libroken fbsd_ossl_provider_load.c

kerberos5: Mitigate the possibility of using an old libcrypto

By using the full library name (libcrypto.so.30) we avoid the exposure
of using an old, possibly vulnerable, library.

Reported by:            jrtc27
Fixes:                  476d63e091c2
Approved by:            so
Security:               FreeBSD-EN-24:08.kerberos

(cherry picked from commit 0990136ed1753ac7837206f9c5f4b83ccff6c405)
(cherry picked from commit 17e941a0c88cac2d8cd28d6614448adbd65d4b72)
DeltaFile
+2-1kerberos5/lib/libroken/fbsd_ossl_provider_load.c
+2-11 files

FreeBSD/src aaf2c7fcrypto/heimdal/lib/kadm5 create_s.c, crypto/heimdal/lib/krb5 salt.c

kerberos: Fix numerous segfaults when using weak crypto

Weak crypto is provided by the openssl legacy provider which is
not load by default. Load the legacy providers as needed.

When the legacy provider is loaded into the default context the default
provider will no longer be automatically loaded. Without the default
provider the various kerberos applicaions and functions will abort().

This is the second attempt at this patch. Instead of linking
secure/lib/libcrypto at build time we now link it at runtime, avoiding
buildworld failures under Linux and MacOS. This is because
TARGET_ENDIANNESS is undefined at pre-build time.

PR:             272835
Tested by:      netchild
                Joerg Pulz <Joerg.Pulz at frm2.tum.de> (previous version)
Approved by:    so
Security:       FreeBSD-EN-24:08.kerberos

    [3 lines not shown]
DeltaFile
+77-0kerberos5/lib/libroken/fbsd_ossl_provider_load.c
+6-2kerberos5/lib/libroken/Makefile
+5-0crypto/heimdal/lib/krb5/salt.c
+4-0kerberos5/include/crypto-headers.h
+4-0kerberos5/include/fbsd_ossl_provider.h
+4-0crypto/heimdal/lib/kadm5/create_s.c
+100-24 files not shown
+109-210 files

FreeBSD/src 711422dcontrib/llvm-project/llvm/lib/CodeGen PrologEpilogInserter.cpp

Merge commit f800c1f3b207 from llvm-project (by Arthur Eubanks):

  [PEI] Don't zero out noreg operands

  A tail call may have $noreg operands.

  Fixes a crash.

  Reviewed By: xgupta

  Differential Revision: https://reviews.llvm.org/D156485

This should fix an assertion failure building qemu, specifically those
parts using -fzero-call-used-regs.

Reported by:    Daniel Berrangé <dan-freebsd at berrange.com>
PR:             277474
MFC after:      3 days
Approved by:    so

    [4 lines not shown]
DeltaFile
+7-2contrib/llvm-project/llvm/lib/CodeGen/PrologEpilogInserter.cpp
+7-21 files

FreeBSD/src 56be7cdsys/dev/wg if_wg.c

if_wg: use proper barriers around pkt->p_state

Without appropriate load-synchronization to pair with store barriers in
wg_encrypt() and wg_decrypt(), the compiler and hardware are often
allowed to reorder these loads in wg_deliver_out() and wg_deliver_in()
such that we end up with a garbage or intermediate mbuf that we try to
pass on.  The issue is particularly prevalent with the weaker
memory models of !x86 platforms.

Switch from the big-hammer wmb() to more explicit acq/rel atomics to
both make it obvious what we're syncing up with, and to avoid somewhat
hefty fences on platforms that don't necessarily need this.

With this patch, my dual-iperf3 reproducer is dramatically more stable
than it is without on aarch64.

PR:             264115
Reviewed by:    andrew, zlei
Approved by:    so

    [4 lines not shown]
DeltaFile
+4-6sys/dev/wg/if_wg.c
+4-61 files

FreeBSD/src a3ec305sys/kern tty.c

kern: fix panic with disabled ttys

PR: 277240, 277329
Reviewed by: kib (earlier version)
Fixes: f1d0a0cbecf2 ("jail: Fix information leak.")
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D44086
Approved by:    so
Security:       FreeBSD-EN-24:05.tty

(cherry picked from commit 975d7730828a8bde28c2a0092b6e95c4c4e22f34)
(cherry picked from commit 8d22744f5be165a2a82a2a204789e44bbdc5a2ee)
DeltaFile
+4-3sys/kern/tty.c
+4-31 files

FreeBSD/src 8f1f4e6sys/dev/wg if_wg.c

if_wg: use proper barriers around pkt->p_state

Without appropriate load-synchronization to pair with store barriers in
wg_encrypt() and wg_decrypt(), the compiler and hardware are often
allowed to reorder these loads in wg_deliver_out() and wg_deliver_in()
such that we end up with a garbage or intermediate mbuf that we try to
pass on.  The issue is particularly prevalent with the weaker
memory models of !x86 platforms.

Switch from the big-hammer wmb() to more explicit acq/rel atomics to
both make it obvious what we're syncing up with, and to avoid somewhat
hefty fences on platforms that don't necessarily need this.

With this patch, my dual-iperf3 reproducer is dramatically more stable
than it is without on aarch64.

PR:             264115
Reviewed by:    andrew, zlei
Approved by:    so

    [4 lines not shown]
DeltaFile
+4-6sys/dev/wg/if_wg.c
+4-61 files

FreeBSD/src f3195ccsys/kern tty.c

kern: fix panic with disabled ttys

PR: 277240, 277329
Reviewed by: kib (earlier version)
Fixes: f1d0a0cbecf2 ("jail: Fix information leak.")
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D44086
Approved by:    so
Security:       FreeBSD-EN-24:05.tty

(cherry picked from commit 975d7730828a8bde28c2a0092b6e95c4c4e22f34)
(cherry picked from commit 8d22744f5be165a2a82a2a204789e44bbdc5a2ee)
(cherry picked from commit a60220bbb5511469fe53fd4290713ba891f8f48a)
DeltaFile
+4-3sys/kern/tty.c
+4-31 files

FreeBSD/src 39f6f6flib/libmagic Makefile

libmagic: Use HOST_CC when compiling hostprog used by build

The "mkmagic" program should be built with the host compiler.

Only use BTOOLSPATH if not building for host

Obtained from:  Juniper Networks, Inc.
Reviewed by:    sjg
Differential Revision:  https://reviews.freebsd.org/D44539
DeltaFile
+3-2lib/libmagic/Makefile
+3-21 files

FreeBSD/src f6e77cbinclude Makefile

include: Allow SDESTDIR to be overridden

Obtained from:  Juniper Networks, Inc.
Reviewed by:    sjg
Differential Revision:  https://reviews.freebsd.org/D44540
DeltaFile
+1-1include/Makefile
+1-11 files

FreeBSD/src a6d8dcbbin/csh Makefile

csh: Use HOST_CC when compiling hostprog used by csh build

The "gethost" program should be built with the host compiler.

Obtained from:  Juniper Networks, Inc.
Reviewed by:    sjg
Differential Revision:  https://reviews.freebsd.org/D44537
DeltaFile
+1-1bin/csh/Makefile
+1-11 files

FreeBSD/src 3abd36cshare/mk sys.mk

sys.mk: Define HOST_CC as CC by default.

This allows for setting a different compiler for building hostprogs
when cross compiling.

Obtained from:  Juniper Networks, Inc.
Reviewed by:    sjg
Differential Revision:  https://reviews.freebsd.org/D44536
DeltaFile
+2-0share/mk/sys.mk
+2-01 files

FreeBSD/src 970ea0busr.sbin/bsdinstall/scripts netconfig

bsdinstall: draw attention to new network config options

The network configuration options have changed in bsdinstall, with
an Auto option to proceed directly to DHCP and IPv6 autoconfig (which
is the default) as well as Manual (the old mode).  For users like me
that were used to hitting return automatically to select an interface,
but want manual configuration, attempt to call out the difference:
Change the menu caption to say "Please select a network interface
and configuration mode:" and not just an interface.

Reviewed by:    jrtc27
DeltaFile
+1-1usr.sbin/bsdinstall/scripts/netconfig
+1-11 files

FreeBSD/src d5aead8sys/arm64/include pcpu.h

arm64: Delete stale comment

Fixes:  078a69abcbb8 ("Use a uint64_t to store the arm64 mpidr")
DeltaFile
+0-1sys/arm64/include/pcpu.h
+0-11 files