Displaying 1 50 of 266,463 commits (0.022s)

HardenedBSD — sys/netinet tcp_fastopen.c

Enable TCP_FASTOPEN by default for FreeBSD 12.

Submitted by:        kbowling
Reviewed by:        tuexen
Differential Revision:        https://reviews.freebsd.org/D15959
Delta File
+1 -1 sys/netinet/tcp_fastopen.c
+1 -1 1 file

HardenedBSD — sys/netinet in_pcb.c

Reap unused variable and assignment that had no effect.  Noted by cross
compiling with gcc on mips.

Reviewed by:        mmacy
Delta File
+0 -2 sys/netinet/in_pcb.c
+0 -2 1 file

HardenedBSD — share/examples/bhyve vmrun.sh

HBSD: Resolve merge conflict

Signed-off-by:        Shawn Webb <shawn.webb at hardenedbsd.org>
Sponsored-by:        SoldierX
Delta File
+0 -4 share/examples/bhyve/vmrun.sh
+0 -4 1 file

HardenedBSD — share/examples/bhyve vmrun.sh

bhyve/vmrun.sh: make -L functional.

Sponsored by:        The FreeBSD Foundation
MFC after:        3 days
Delta File
+1 -1 share/examples/bhyve/vmrun.sh
+1 -1 1 file

HardenedBSD — lib/libc/stdlib qsort.c

MFC r334928:
libc qsort(3): stop aliasing.

PR:        228780
Delta File
+17 -44 lib/libc/stdlib/qsort.c
+17 -44 1 file

HardenedBSD — etc ntp.conf

Fix a comment; the ntp leaplist file is updated periodically, but not weekly
(it's only updated when a check shows it's within 30 days of expiring).

PR:                207138
Delta File
+1 -1 etc/ntp.conf
+1 -1 1 file

HardenedBSD — etc ntp.conf

Modernize usage of "restrict" keyword in ntp.conf

It is no longer necessary to specify a -4/-6 flag on any ntp.conf
keyword.  The address type is inferred from the address itself as
necessary.  "restrict default" statements always apply to both address
families regardless of any -4/-6 flag that may be present.

So this change just tidies up our default config by removing the redundant
restrict -6 statement and comment, and by removing the -6 flag from the
restrict keyword that allows access from localhost.

This change was inspired by the patches provided in PRs 201803 and 210245,
and included some contrib/ntp code inspection to verify that the -4/-6
keywords are basically no-ops in all contexts now.

PR:                201803 210245
Differential Revision:        https://reviews.freebsd.org/D15974
Delta File
+3 -5 etc/ntp.conf
+3 -5 1 file

HardenedBSD — sys/arm/broadcom/bcm2835 bcm2835_spi.c

Retrieve the bus clock speed and mode (polarity/phase) from the child device
and set up the hardware accordingly on each transfer.  This replaces the old
configuration done via sysctl, and allows both fdt configuration data and
userland control via the spigen device to work.

Submitted by:        Bob Frazier
Differential Revision:        https://reviews.freebsd.org/D15031
Delta File
+87 -34 sys/arm/broadcom/bcm2835/bcm2835_spi.c
+87 -34 1 file

HardenedBSD — usr.sbin/spi spi.8

Add an example for displaying the manufacturer and size info from a
standard spiflash chip.
Delta File
+6 -0 usr.sbin/spi/spi.8
+6 -0 1 file

HardenedBSD — sys/dts/arm/overlays spigen-rpi-b.dtso spigen-rpi2.dtso

Add spi-max-frequency properties to all spigen nodes.  This is a required
property for spi devices, although in the spigen case it's expected that
the speed will be overridden at runtime via the ioctl interface.  A very
conservative 500khz speed is used (I've never seen a spi device that
couldn't run at 1mhz).

HardenedBSD — usr.bin/top machine.c

top(1): Restructure printing of process states

This avoids the need to have separate buffers and calls to sprintf for
various calls.
Delta File
+63 -77 usr.bin/top/machine.c
+63 -77 1 file

HardenedBSD — usr.bin/top machine.c

top(1): Convert process listing to sbuf too

This also fixes -mio with 'T' set (thread-id instead of process-id).

This can go further by removing the existing sprintf, and using sbuf
directly. This will be done in a followup commit.
Delta File
+45 -57 usr.bin/top/machine.c
+45 -57 1 file

HardenedBSD — usr.bin/top machine.c

top(1): Use basename instead of a homegrown alternative
Delta File
+2 -5 usr.bin/top/machine.c
+2 -5 1 file

HardenedBSD — lib/libcasper/libcasper libcasper_service.3 Makefile

Document libcasper_service.

Reviewed by:        bcr@
Differential Revision:        https://reviews.freebsd.org/D15766

HardenedBSD — share/man/man9 OF_getprop.9 Makefile

Document multi variants of *prop_alloc functions

Add documentation and symlinks for OF_getprop_alloc_multi
and OF_getencprop_alloc_multi functions.

Also while here fix copy-pasted .Dt value and add one more
failure condition for OF_getencprop_alloc.

HardenedBSD — share/man/man9 fdt_pinctrl.9

Bump .Dd value after r335585
Delta File
+1 -1 share/man/man9/fdt_pinctrl.9
+1 -1 1 file

HardenedBSD — share/man/man9 fdt_pinctrl.9

Fix invalid OF_getencprop_alloc usage in fdt_pinctrl(9)

r332341 introduced OF_getencprop_alloc_multi that should be used
instead of OF_getencprop_alloc to get multi-cell properties.
Fix example to reflect this change.
Delta File
+2 -2 share/man/man9/fdt_pinctrl.9
+2 -2 1 file

HardenedBSD — sys/crypto/aesni aesni.c

aesni(4): Fix {de,en}crypt operations that allocated a buffer

aesni(4) allocates a contiguous buffer for the data it processes if the
provided input was not already virtually contiguous, and copies the input
there.  It performs encryption or decryption in-place.

r324037 removed the logic that then copied the processed data back to the
user-provided input buffer, breaking {de,enc}crypt for mbuf chains or
iovecs with more than a single descriptor.

PR:                228094 (probably, not confirmed)
Submitted by:        Sean Fagan <kithrup AT me.com>
Reported by:        Emeric POUPON <emeric.poupon AT stormshield.eu>
X-MFC-With:        324037
Security:        could result in plaintext being output by "encrypt"
Delta File
+4 -0 sys/crypto/aesni/aesni.c
+4 -0 1 file

HardenedBSD — sys/crypto/aesni aesni.c

aesni(4): Support CRD_F_KEY_EXPLICIT OCF mode

PR:                227788
Reported by:        eadler@
Delta File
+31 -11 sys/crypto/aesni/aesni.c
+31 -11 1 file

HardenedBSD — sys/arm/allwinner aw_mmc.c

aw_mmc: Fix style(9) after r335476
Delta File
+21 -21 sys/arm/allwinner/aw_mmc.c
+21 -21 1 file

HardenedBSD — sys/arm/allwinner/clkng aw_clk_nkmp.c aw_clk_nm.c

allwinner: clkng: Correct mux width and flags

The test for checking if the clock have a mux was inverted and the mask
to calculate the parent index was wrong was wrong too.
It means that upon creation the incorrect parent was resolved as the current
one and upon reparent the switch was never made.

Pointy hat (lots of them): manu

HardenedBSD — sys/amd64/amd64 pmap.c, sys/arm64/arm64 pmap.c

Re-count available PV entries after reclaiming a PV chunk.

The call to reclaim_pv_chunk() in reserve_pv_entries() may free a
PV chunk with free entries belonging to the current pmap.  In this
case we must account for the free entries that were reclaimed, or
reserve_pv_entries() may return without having reserved the requested
number of entries.

Reviewed by:        alc, kib
Tested by:        pho (previous version)
MFC after:        2 weeks
Differential Revision:        https://reviews.freebsd.org/D15911
Delta File
+12 -2 sys/amd64/amd64/pmap.c
+12 -2 sys/arm64/arm64/pmap.c
+24 -4 2 files

HardenedBSD — sys/vm uma_int.h

Sort uma_zone fields according to 64 byte cache line with adjacent line
prefetch on 64bit architectures.  Prior to this, two lines were needed
for the fast path and each line may fetch an unused adjacent neighbor.
 - Move fields used by the fast path into a single line.
 - Move constants into the adjacent line which is mostly used for
   the spare bucket alloc 'medium path'.
 - Unpad the mtx which is only used by the fast path and place it in
   a line with rarely used data.  This aligns the cachelines better and
   eliminates 128 bytes of wasted space.

This gives a 45% improvement on a will-it-scale test on a 24 core machine.

Reviewed by:        mmacy
Delta File
+28 -21 sys/vm/uma_int.h
+28 -21 1 file

HardenedBSD — sys/kern subr_epoch.c

epoch(9): Don't trigger taskq enqueue before the grouptaskqs are setup

If EARLY_AP_STARTUP is not defined it is possible for an epoch to be
allocated prior to it being possible to call epoch_call without

Based on patch by andrew@

PR:                229014
Reported by:        andrew
Delta File
+14 -1 sys/kern/subr_epoch.c
+14 -1 1 file

HardenedBSD — sys/netinet tcp_fsm.h tcp_output.c, sys/netinet/tcp_stacks rack.c

Revert r334843, and partially revert r335180.

tcp_outflags[] were defined since 4BSD and are defined nowadays in
all its descendants. Removing them breaks third party application.

HardenedBSD — usr.bin/top top.c

top(1): show CPU state breakdown on first run

There is no documented reason for this not to be shown on the first run.
I can't find any good reason, and it breaks batch mode.

PR:                218889
Submitted by:        "Jeremy C. Reed" <reed at reedmedia.net>
Delta File
+1 -20 usr.bin/top/top.c
+1 -20 1 file

HardenedBSD — etc/rc.d ntpd

Use 'mv -f' in rc.d/ntpd to avoid spuriously halting the boot.

The final 'mv' to install a fetched leap-list file can fail (due to a
readonly fs, or schg flags, for example), and that leads to mv(1)
prompting the user, stopping the boot process.  Instead, use mv -f
to supress the prompting, and if verbose mode is on, emit a warning
that the existing file cannot be replaced.

PR:                219255
Delta File
+2 -1 etc/rc.d/ntpd
+2 -1 1 file

HardenedBSD — sys/powerpc/aim trap_subr64.S

powerpc64: Fix stack setup in dbtrap

r330610 relocated the DMAP from the base of memory to the base of the fourth
quadrant of memory.  This broke synthetic traps, such as KDB forced
breakpoints.  Use GET_TOCBASE() so the DMAP offset is handled.

Submitted by:        git_bdragon.rkt0.net
Differential Revision:        https://reviews.freebsd.org/D15973
Delta File
+1 -1 sys/powerpc/aim/trap_subr64.S
+1 -1 1 file

HardenedBSD — sys/fs/nfs nfs_commonsubs.c

Set the slotid and ND_HASSLOTID flag for NFSv4.1 sequenced operations.

Most NFSv4.1 compound RPCs start with a Sequence operation. For these
cases, save the slotid and note that it is saved by setting ND_HASSLOTID.
This is used by r335568 to free up the session slot and disable it.

MFC after:        2 weeks
Delta File
+2 -0 sys/fs/nfs/nfs_commonsubs.c
+2 -0 1 file

HardenedBSD — lib/libthr/support Makefile.inc

MFC r335258:
Remove unused file.
Delta File
+0 -29 lib/libthr/support/Makefile.inc
+0 -29 1 file

HardenedBSD — sys/amd64/amd64 exception.S cpu_switch.S, sys/amd64/include asmacros.h pcpu.h

MFC r333059 (by tychon):
Expand the checks for UCR3 == PMAP_NO_CR3 to enable processes to be
excluded from PTI.

HardenedBSD — sbin/pfctl parse.y, share/man/man5 pf.conf.5

pf: Support "return" statements in passing rules when they fail.

Normally pf rules are expected to do one of two things: pass the traffic or
block it. Blocking can be silent - "drop", or loud - "return", "return-rst",
"return-icmp". Yet there is a 3rd category of traffic passing through pf:
Packets matching a "pass" rule but when applying the rule fails. This happens
when redirection table is empty or when src node or state creation fails. Such
rules always fail silently without notifying the sender.

Allow users to configure this behaviour too, so that pf returns an error packet
in these cases.

PR:                226850
Submitted by:        Kajetan Staszkiewicz <vegeta tuxpowered.net>
MFC after:        1 week
Sponsored by:        InnoGames GmbH
Delta File
+81 -63 sys/netpfil/pf/pf.c
+25 -3 sbin/pfctl/parse.y
+25 -0 share/man/man5/pf.conf.5
+131 -66 3 files

HardenedBSD — sys/fs/nfs nfs_commonkrpc.c

Fix the handling of NFSv4.1 sessions for "soft" mounts.

When a "soft" mount is used for NFSv4.1, an RPC that fails without completing
will leave a slot in the NFSv4.1 session in an indeterminate state.
As such, all that can be done is free up the slot while making is no longer
A "soft" NFSv4.1 mount is not recommended in general, since it will leave
Open/Lock state in an indeterminate state. An exception is a pNFS mount of
a DS, since there are no Opens/Locks done for them except file creates
where loss of the Open state does not matter.
The patch also makes connections to DSs soft, so that they will fail when
a DS is non-functional or network partitioned, allowing the pNFS MDS to disable
the DS for a mirrored configuration.
This patch should not affect normal "hard" NFSv4.1 mounts.

MFC after:        2 weeks
Delta File
+64 -16 sys/fs/nfs/nfs_commonkrpc.c
+64 -16 1 file

HardenedBSD — sys/fs/nfs nfs_var.h, sys/fs/nfsclient nfs_clstate.c nfs_clrpcops.c

Change the NFSv4.1 pNFS client so that it returns the DS error in layoutreturn.

When the NFSv4.1 pNFS client gets an error for a DS I/O operation using a
Flexible File layout, it returns the layout with an error.
This patch changes the code slightly, so that it returns the layout for all
errors except EACCES and lets the MDS decide what to do based on the error.
It also makes a couple of changes to nfscl_layoutrecall() to ensure that
the first layoutreturn(s) will have the error in the reply.
Plus, the patch adds a wakeup() so that the "nfscl" thread won't wait 1sec
before doing the LayoutReturn.
Tested against the pNFS service.
This patch should not affect non-pNFS use of the client.
The unused "dsp" argument will be used by a future patch that disables the
connection to the DS when possible.

MFC after:        2 weeks

HardenedBSD — etc/rc.d nfsd

Add "mountcritremote" to the REQUIRE line for nfsd.

For a pNFS MDS server, there must be mounts done to the DSs before the
nfsd is started. Adding the REQUIRE line makes sure these are done.
If there are NFS mounts in /etc/fstab that cannot be completed before
the nfsd starts, the "bg" mount option can still be used to handle that.
I do not believe this should cause problems for non-pNFS NFS servers.
(I have requested a review by rc@, but it is still pending.)
Delta File
+1 -1 etc/rc.d/nfsd
+1 -1 1 file

HardenedBSD — usr.sbin/syslogd syslogd.c

Still parse messages that don't contain an RFC 3164 timestamp.

The changes made in r326573 required that messages always start with an
RFC 3164 timestamp. It looks like certain devices, but also certain
logging libraries (Python 3's "logging" package) simply don't generate
RFC 3164 formatted messages containing a timestamp.

Make timestamps optional again. When the timestamp is missing, also
assume that the message contains no hostname. The first word of the
message likely already belongs to the message payload.

PR:                229236
Reported by:        Michael Grimm & Marek Zarychta
Reviewed by:        glebius (cursory)
MFC after:        1 week
Delta File
+57 -55 usr.sbin/syslogd/syslogd.c
+57 -55 1 file

HardenedBSD — sys/dts/arm/overlays spigen-rpi2.dtso spigen-rpi-b.dtso, sys/modules/dtb/rpi Makefile

Add spigen(4) fdt data overlays for RPI-B, RPI-2.

By adding spigen-rpi{2,-b}.dtso to fdt_overlays= in loader.conf, the fdt data
will set up the correct pinmux and device nodes to create a spigen(4) device
for each available chipselect pin.

Submitted by:        Bob Frazier
Differential Revision:        https://reviews.freebsd.org/D15067

HardenedBSD — sys/vm uma_core.c

Eliminate a spurious panic on non-SMP systems (occurred on shutdown/reboot).
Delta File
+2 -0 sys/vm/uma_core.c
+2 -0 1 file

HardenedBSD — sys/dev/cxgbe t4_main.c

cxgbe(4): Determine early in the ioctl whether it is allowed to sleep or
not, instead of always starting a non-sleepable operation and
re-adjusting later.  This ensures that an operation that is allowed to
sleep (ifconfig up/down) never fails with EBUSY on the initial attempt
to start a synchronized operation.

This is a direct commit to stable/11.  The driver ioctl is always
allowed to sleep in head.

Sponsored by:        Chelsio Communications
Delta File
+35 -26 sys/dev/cxgbe/t4_main.c
+35 -26 1 file

HardenedBSD — sys/amd64/conf HARDENEDBSD-MINIMAL


This kernel config was submitted by @pkubaj and was modified by me to
account for proper whitespace.

Signed-off-by:        Shawn Webb <shawn.webb at hardenedbsd.org>
Sponsored-by:        SoldierX
Submitted-by:        @pkubaj
github-issue:        #301
MFC-to:                11-STABLE
Delta File
+160 -0 sys/amd64/conf/HARDENEDBSD-MINIMAL
+160 -0 1 file

HardenedBSD — lib/clang llvm.build.mk, lib/clang/include/llvm/Config llvm-config.h AsmParsers.def

Add support for selectively enabling LLVM targets

This makes it possible, through src.conf(5) settings, to select which
LLVM targets you want to build during buildworld.  The current list is:


To not influence anything right now, all of these are on by default, in
situations where clang is enabled.

Selectively turning a few targets off manually should work.  Turning on
only one target should work too, even if that target does not correspond
to the build architecture.  (In that case, LLVM_NATIVE_ARCH will not be
defined, and you can only use the resulting clang executable for

I performed a few measurements on one of the FreeBSD.org reference
machines, building clang from scratch, with all targets enabled, and
with only the x86 target enabled.  The latter was ~12% faster in real
time (on a 32-core box), and ~14% faster in user time.  For a full

    [5 lines not shown]

HardenedBSD — sys/arm/arm trap.c trap-v6.c, sys/mips/mips trap.c

MFC r333667: followup to r332730/r332752: set kdb_why to "trap" for fatal traps

This change updates arm, arm64 and mips achitectures.  Additionally, it
removes redundant checks for kdb_active where it already results in
kdb_reenter() and adds kdb_reenter() calls where they were missing.

Some architectures check the return value of kdb_trap(), but some don't.
I haven't changed any of that.

Some trap handling routines have a return code.  I am not sure if I
provided correct ones for returns after kdb_reenter().  kdb_reenter
should never return unless kdb_jmpbufp is NULL for some reason.

HardenedBSD — sys/cddl/contrib/opensolaris/uts/common/fs/zfs zfs_ioctl.c

Revert r335546 as temporary pool name feature has not been merged

HardenedBSD — usr.bin/top screen.c top.c

top(1): remove special handling of load > 5

When the load is "high" (an arbitrary value) top(1) previously moved the
cursor to the top-left of the screen as an acknowledgment. In practice,
on modern machines, even relatively slow ones, it looked more like a
glitch. Remove the logic.

HardenedBSD — sys/cddl/contrib/opensolaris/uts/common/fs/zfs zfs_ioctl.c

MFC r333630: Fix 'zpool create -t <tempname>'

Creating a pool with a temporary name fails when we also specify custom
dataset properties: this is because we mistakenly call
zfs_set_prop_nvlist() on the "real" pool name which, as expected,
cannot be found because the SPA is present in the namespace with the
temporary name.

HardenedBSD — sys/x86/x86 cpu_machdep.c

MFC r334785: expand descriptions of x86 panic_on_nmi and kdb_on_nmi sysctls
Delta File
+2 -2 sys/x86/x86/cpu_machdep.c
+2 -2 1 file

HardenedBSD — sys/dev/amdsbwd amdsbwd.c amd_chipset.h

MFC r333269: amdsbwd: fix reboot status reporting

HardenedBSD — sys/cddl/compat/opensolaris/kern opensolaris_taskq.c

MFC r333243: opensolaris system_taskq does not need to run at maximum priority

HardenedBSD — sys/dev/amdsbwd amdsbwd.c

MFC r333212: amdsbwd: add suspend and resume methods
Delta File
+31 -0 sys/dev/amdsbwd/amdsbwd.c
+31 -0 1 file

HardenedBSD — sys/kern kern_prot.c kern_jail.c

MFC r332816: call racct_proc_ucred_changed() under the proc lock