FreshBSD

MFC r346216:
ld-elf.so: make LD_DEBUG always functional.

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  [ath] [ath_hal] [ath_hal_9300] Extend the start PCU receive to handle resetting ANI.
  dtc(1): Pull in fix for segfault-upon-error condition

Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master

* freebsd/10-stable/master:
  MFC: r345995 Delete the BUGS entry related to failing when jails are enabled.
  MFC: r345994 Fix nfsuserd so that it handles the mapped localhost address when jails are 
enabled.
  MFC: r345992, r346087 Add INET6 support for the upcalls to the nfsuserd daemon.

MFC r341101, r341231, r341276, r341329, r341433, r341780, r342054-r342055,
r342721, r342742, r342840, r343008, r343225

r341101:
powerpcspe: Don't crash the loader on ubldr with SPE instructions.

-msoft-float seems to be insufficient for disabling the SPE on powerpcspe.
Force it off with -mno-spe as well.  This prevents a crash in ubldr on
powerpcspe.

r341231:
loader: command_bcache() should print unsigned values

All bcache counters are unsigned.

r341276:
When handling CMD_CRIT error set command_errmsg to NULL after we dump it out,
so that it does not result in error message printed twice.

OK load doodoo
can't find 'doodoo'
can't find 'doodoo'
OK

r341329:

    [75 lines not shown]

MFC r337534-r337535

r337534:
Refactor common code into execute_script().

r337535:
Use NULLs instead of casted zeroes, for consistency.

MFC r338262, r339334, r339796, r340240, r340857, r340917, r341007

r338262:
stand: fdt: Drop some write-only assignments/variables and leaked bits

Generally straightforward enough; a copy of argv[1] was being made in
command_fdt_internal, solely used for a comparison within the
handler-search, then promptly leaked.

r339334:
loader.efi: add poweroff command

Add poweroff command to make life a bit easier.

r339796:
Simplify the EFI delay() function by calling BS->Stall()

r340240:
loader: ptable_open() check for ptable_cd9660read result is wrong

The ptable_*read() functions return NULL on read errors (and partition table
closed as an side effect). The ptable_open must check the return value and
act properly.

r340857:

    [12 lines not shown]

MFC r337321, r337435, r337707, r337740, r337834, r337836, r337968

r337321:
Make it possible for init to execute any executable, not just sh(1)
scripts. This means one should be able to eg rewrite their /etc/rc
in Python.

r337435:
Move description of init_shell, init_script, and init_chroot kenv
tunables from loader(8) to init(8), since it's init that actually
uses them.  Add .Xrs at their old place.

r337707:
Move around text in loader(8), in particular stuff related to ZFS,
to restore the usual section order.

r337740:
Add init_exec kenv(1) variable, to make init(8) execute a file
after opening the console, replacing init as PID 1.

From the user point of view, it makes it possible to run eg the
shell as PID 1, using 'set init_exec=/bin/sh' at the loader(8)
prompt.

r337834:

    [9 lines not shown]

MFC r339292: Fix a minor typo in loader.conf(5).

MFC r337871, r339970, r342151, r342161, r343123-r343124, r344226, r344234,
r344248, r344387

r337871:
pkgfs_init: Initialize pkg

new_package may not set *pp if it errors out, leaving pkg uninitialized.

r339970:
Remove unnecessary include from libstand.

r342151:
loader: zfs reader should not probe partitionless disks

First of all, normal setups can not boot such pools as the tools
do not support installing boot programs.

Secondly, for proper pool configuration detection, we need to checks all
four label copies on disk, 2 from front and 2 from the end of the disk,
but zfs label does not contain the size of the disk - so we depend on
firmware to report the correct disk size or use information from the
partition table.

Without partition table, we only can rely on firmware to report and support
disk IO properly.

    [66 lines not shown]

MFC r341253, r341328, r342619, r342626, r342707, r342785, r342865

r341253:
The libstand's panic() appends its own '\n' to the message, so that users of the API
don't need to supply one.

r341328:
loader: create separate lists for fd, cd and hd, merge bioscd with biosdisk

Create unified block IO implementation in BIOS version, like it is done in UEFI
side. Implement fd, disk and cd device lists, this will split floppy devices
from disks and will allow us to have consistent, predictable device naming
(modulo BIOS issues).

r342619:
loader: create bio_alloc and bio_free for bios bounce buffer

We do have 16KB buffer space defined in pxe.c, move it to bio.c and implement
bio_alloc()/bio_free() interface to make it possible to use this space for
other BIOS calls (notably, from biosdisk.c).

r342626:
Add Copyright.

r342707:

    [14 lines not shown]

MFC r339658, r339959, r340047, r340049, r340215

r339658:
loader: biosdisk interface should be able to cope with 4k sectors

The 4kn support in current bios specific biosdisk.c is broken, as the code
is only implementing the support for the 512B sector size.

This work is building the support for custom size sectors, we still do assume
the requested data to be multiple of 512B blocks and we only do address the
biosdisk.c interface here.

For reference, see also:
https://www.illumos.org/issues/8303
https://www.illumos.org/rb/r/547

As the GELI is moved above biosdisk "layer", the GELI should just work

r339959:
loader: issue edd probe before legacy ah=08 and detect no media

while probing for drives, use int13 extended info before standard one and
provide workaround for case we are not getting needed information in case
of floppy drive.


    [24 lines not shown]

MFC i386 stand cleanup: r337353-r337354, r337356, r337872, r337878, r337881,
r337890-r337891, r338188

r337353:
loader: cstyle cleanup for biosdisk.c

Also switch u_int to uint32_t. Also replace "write" by "dowrite".
No functional changes intended.

r337354:
loader: 337353 did miss to rename 2 write instances

2 write instances got somehow missed.

r337356:
loader: bd_open() should cleanup from disk_open() error

Since bd_open() does early increment for reference counter and bcache
allocation, it also should undo those in case of the error.

Also remove unused variables rdev, g_err.

r337872:
libi386: remove BD_SUPPORT_FRAGS


    [36 lines not shown]

MFC r337271, r337317: stand: i386: sector calculation fixes

r337271:
Some drives report a geometry that is inconsisetent with the total
number of sectors reported through the BIOS. Cylinders * heads *
sectors may not necessarily be equal to the total number of sectors
reported through int13h function 48h.

An example of this is when a Mediasonic HD3-U2B PATA to USB enclosure
with a 80 GB disk is attached. Loader hangs at line 506 of
stand/i386/libi386/biosdisk.c while attempting to read sectors beyond
the end of the disk, sector 156906855. I discovered that the Mediasonic
enclosure was reporting the disk with 9767 cylinders, 255 heads, 63
sectors/track. That's 156906855 sectors. However camcontrol and
Windows 10 both report report the disk having 156301488 sectors, not
the calculated value. At line 280 biosdisk.c sets the sectors to the
higher of either bd->bd_sectors or the total calculated at line 276
(156906855) instead of the lower and correct value of 156301488 reported
by int 13h 48h.

This was tested on all three of my Mediasonic HD3-U2B PATA to USB
enclosures.

Instead of using the higher of bd_sectors (returned by int13h) or the
calculated value, this patch uses the lower and safer of the values.

    [7 lines not shown]

MFC r336424-r336425: loader command typos

r336424:
Fix typo in the command summary.

Of course, I can't get the command to work, but it's a start...

r336425:
More typos

MFC r333662: Clarify that boot_mute / boot -m mutes kernel console only

Perhaps RB_MUTE could mute user startup (rc) output as well, but right
now it mutes only kernel console output, so make the documentation match
reality.

PR:            228193

[ath] [ath_hal] [ath_hal_9300] Extend the start PCU receive to handle resetting ANI.

One of the fun issues with scanning has been how the existing
ANI values were programmed into the hardware when channels were
changed.  If you're on a really crappy channel and ANI has made
you deaf then when you scan you continue to be deaf on all channels.

This code passes in a flag to startpcureceive which in AR5416 and later
is also used to enable ANI.  This allows it to know if it's a normal
operation or a scan operation.

This fixes my situation at home where a temporary spot of a device
going deaf due to interference starts scanning and .. can't hear
anything until I restart.

Now, this isn't the full fix - ideally:

(a) all the ANI config and per-channel information would be migrated
     to the shared HAL stuff and enabled for all of the NICs;
(b) when a station reassociates and some other error conditions
    (like missed beacons, NF calibration failures, etc) a knob
    to reset ANI parameters would likely help recovery.

But hey, I'm committing bits of code again! woo!


    [3 lines not shown]

dtc(1): Pull in fix for segfault-upon-error condition

Specifically, parse errors within a node would lead to a segfault due to
an unconditional dereference after emitting the error.

Obtained from:  https://github.com/davidchisnall/dtc/commit/e5ecf9319fd3f
MFC after:      3 days

MFC: r345995
Delete the BUGS entry related to failing when jails are enabled.

r345994 has finally fixed the bug that caused the nfsuserd(8) daemon to
fail when jails were enabled, so delete the BUGS entry from the man page.

MFC: r345994
Fix nfsuserd so that it handles the mapped localhost address when jails
are enabled.

The nfsuserd(8) daemon does not function correctly when jails are enabled,
since localhost gets mapped to another IP address and, as such, the upcall
RPC fails.
This patch fixes the problem by doing a getsockname(2) of a socket mapped
to localhost to find out what the correct address is for the comparison
test with the upcall's from IP address.
This patch also adds INET6 support and the required #ifdef's for INET and
INET6. It now uses INET6 by default for the upcalls, if the kernel has
INET6 support and the daemon is also built with INET6 support.

MFC: r345992, r346087
Add INET6 support for the upcalls to the nfsuserd daemon.

The kernel code uses UDP to do upcalls to the nfsuserd(8) daemon to get
updates to the username<->uid and groupname<->gid mappings.
A change to AF_LOCAL last year had to be reverted, since it could result
in vnode locking issues on the AF_LOCAL socket.
This patch adds INET6 support and the required #ifdef INET and INET6
to the code.

MFC: r345995
Delete the BUGS entry related to failing when jails are enabled.

r345994 has finally fixed the bug that caused the nfsuserd(8) daemon to
fail when jails were enabled, so delete the BUGS entry from the man page.

MFC: r345994
Fix nfsuserd so that it handles the mapped localhost address when jails
are enabled.

The nfsuserd(8) daemon does not function correctly when jails are enabled,
since localhost gets mapped to another IP address and, as such, the upcall
RPC fails.
This patch fixes the problem by doing a getsockname(2) of a socket mapped
to localhost to find out what the correct address is for the comparison
test with the upcall's from IP address.
This patch also adds INET6 support and the required #ifdef's for INET and
INET6. It now uses INET6 by default for the upcalls, if the kernel has
INET6 support and the daemon is also built with INET6 support.

MFC: r345992, r346087
Add INET6 support for the upcalls to the nfsuserd daemon.

The kernel code uses UDP to do upcalls to the nfsuserd(8) daemon to get
updates to the username<->uid and groupname<->gid mappings.
A change to AF_LOCAL last year had to be reverted, since it could result
in vnode locking issues on the AF_LOCAL socket.
This patch adds INET6 support and the required #ifdef INET and INET6
to the code.

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  MFV r346450:
  psm(4): give names to synaptics commands
  psm(4): respect tap_disabled configuration with enabled Extended support
  psm(4): do not process gestures when palm is present
  psm(4): Add support for 4 and 5 finger touches in synaptics driver
  Make libvgl mostly work without superuser privilege in direct modes by not doing any 
unnecessary PIO instructions or refusing to start when the i/o privilege needed for these 
instructions cannot be acquired.

MFC: r345995
Delete the BUGS entry related to failing when jails are enabled.

r345994 has finally fixed the bug that caused the nfsuserd(8) daemon to
fail when jails were enabled, so delete the BUGS entry from the man page.

This is a content change.

MFC: r345994
Fix nfsuserd so that it handles the mapped localhost address when jails
are enabled.

The nfsuserd(8) daemon does not function correctly when jails are enabled,
since localhost gets mapped to another IP address and, as such, the upcall
RPC fails.
This patch fixes the problem by doing a getsockname(2) of a socket mapped
to localhost to find out what the correct address is for the comparison
test with the upcall's from IP address.
This patch also adds INET6 support and the required #ifdef's for INET and
INET6. It now uses INET6 by default for the upcalls, if the kernel has
INET6 support and the daemon is also built with INET6 support.

MFC: r345992, r346087
Add INET6 support for the upcalls to the nfsuserd daemon.

The kernel code uses UDP to do upcalls to the nfsuserd(8) daemon to get
updates to the username<->uid and groupname<->gid mappings.
A change to AF_LOCAL last year had to be reverted, since it could result
in vnode locking issues on the AF_LOCAL socket.
This patch adds INET6 support and the required #ifdef INET and INET6
to the code.
This patch also reverts the unused AF_LOCAL socket code.

MFV r346450:

Update sqlite3-3.27.1 (3270100) --> sqlite3-3.27.2 (3270200)

MFC after:      11 days

HBSD: Disable cfi-icall for svn/svnlite

svn/svnlite violates cfi-icall. Goal is to re-enable cfi-icall when
Cross-DSO CFI launches.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>

psm(4): give names to synaptics commands

Submitted by:   Ben LeMasurier <ben at crypt.ly>
MFC after:      2 weeks

psm(4): respect tap_disabled configuration with enabled Extended support

This fixes a bug where, even when hw.psm.tap_enabled=0, touchpad taps
were processed.
tap_enabled has three states: unconfigured, disabled, and enabled (-1, 0, 1).
To respect PR kern/139272, taps are ignored only when explicity disabled.

Submitted by:   Ben LeMasurier <ben at crypt.ly> (initial version)
MFC after:      2 weeks

psm(4): do not process gestures when palm is present

Ignoring of gesture processing when the palm is detected helps to reduce
some of the erratic pointer behavior.

This fixes regression introduced in r317814

Reported by:    Ben LeMasurier <ben at crypt.ly>
MFC after:      2 weeks

psm(4): Add support for 4 and 5 finger touches in synaptics driver

While 4-th and 5-th finger positions are not exported through PS/2
interface, total number of touches is reported by MT trackpads.

MFC after:      2 weeks

Make libvgl mostly work without superuser privilege in direct modes by
not doing any unnecessary PIO instructions or refusing to start when the
i/o privilege needed for these instructions cannot be acquired.

This turns off useless palette management in direct modes.  Palette
management had no useful effect since the hardware palette is not used
in these modes.

This transiently acquires i/o privilege if possible as needed to give
VGLSetBorder() and VGLBlankDisplay() a chance of working.  Neither has
much chance of working.  I was going to drop support for them in direct
modes, but found that VGLBlankDisplay() still works with an old graphics
card on a not so old LCD monitor.

This has some good side effects: reduce glitches for managing the palette
for screen switches, and speed up and reduce async-signal-unsafeness in
mouse cursor drawing.

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  Revert r346443
  netdump: Fix 11 compatibility DIOCSKERNELDUMP ioctl
  Enable ioremap for aarch64 in the LinuxKPI
  tests/sys/opencrypto: fix whitespace per PEP8
  Use symlinks for kernel modules rather than hardlinks
  Export cpu_core from opensolaris.ko.

HBSD: Don't apply ASLR to mmap when ASR is enabled

Prefer FreeBSD's mmap randomization when ASR is enabled. If the user
specifically wants ASR rather than PaX ASLR, honor that. Randomization
is intentially enabled for the stack and shared page, given FreeBSD's
ASR implementation lacks stack and shared page randomization.

If/when FreeBSD implements stack and shared page randomization, a
follow-up commit to prefer that over HardenedBSD's PaX ASLR
implementation when ASR is enabled.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>

HBSD: Disable clustering non-fixed mappings by default

FreeBSD's ASR implementation introduced the concept of allocation
clustering. In FreeBSD, clustering is enabled by default. Clustering
weakens the ASR/ASLR implementation.

With clustering enabled:

```
Anonymous mapping randomization test     : 21 quality bits (guessed)
Heap randomization test (ET_EXEC)        : 21 quality bits (guessed)
Heap randomization test (PIE)            : 22 quality bits (guessed)
Main executable randomization (ET_EXEC)  : No randomization
Main executable randomization (PIE)      : 30 quality bits (guessed)
Shared library randomization test        : 30 quality bits (guessed)
VDSO randomization test                  : 28 quality bits (guessed)
Stack randomization test (SEGMEXEC)      : 41 quality bits (guessed)
Stack randomization test (PAGEEXEC)      : 41 quality bits (guessed)
Arg/env randomization test (SEGMEXEC)    : 42 quality bits (guessed)
Arg/env randomization test (PAGEEXEC)    : 42 quality bits (guessed)
Randomization under memory exhaustion @~0: 21 bits (guessed)
Randomization under memory exhaustion @0 : 21 bits (guessed)
```

With clustering disabled:

    [23 lines not shown]

HBSD: Logic enhancements

Restore FreeBSD's ASR implementation's ability to randomize the PIE
execbase. When FreeBSD's ASR is enabled, prefer that over HardenedBSD's
PaX ASLR implementation for the PIE execbase and RTLD randomization.

This change also restores the meaning of the et_dyn_addr variable by the
introduction of a new variable: do_asr. In general, it's good practice
to ensure each variable has only a single meaning.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>

Revert r346443

My wide sweeping stylistic change (while well intended) is impeding others from
working on `tests/sys/opencrypto`.

The plan is to revert the change in ^/head, then reintroduce the changes after
the other changes get merged into ^/head .

Approved by:    emaste (mentor; implicit)
Requested by:   jhb
MFC after:      2 months

netdump: Fix 11 compatibility DIOCSKERNELDUMP ioctl

The logic was present for the 11 version of the DIOCSKERNELDUMP ioctl, but
had not been updated for the 12 ABI.

Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D19980

Enable ioremap for aarch64 in the LinuxKPI

Required for Mellanox drivers (e.g. on Ampere eMAG at Packet.com).

PR:            237055
Submitted by:   Greg V <greg at unrelenting.technology>
Reviewed by:    hselasky
Differential Revision:  https://reviews.freebsd.org/D19987

tests/sys/opencrypto: fix whitespace per PEP8

Replace hard tabs with four-character indentations, per PEP8.

This is being done to separate stylistic changes from the tests from functional
ones, as I accidentally introduced a bug to the tests when I used four-space
indentation locally.

No functional change.

MFC after:      2 months
Approved by:    emaste (mentor: implicit blanket approval for trivial fixes)

MFC r345996:

Update sqlite3-3.26.0 (3260000) --> sqlite3-3.27.1 (3270100)

MFC r345996:

Update sqlite3-3.26.0 (3260000) --> sqlite3-3.27.1 (3270100)

HBSD: Resolve merge conflicts

This commit simply resolves the merge conflicts between FreeBSD's ASR
implementation and HardenedBSD's ASLR implementation. It boots
successfully. However, work needs to be done to make the two
implementations play well with each other. When one implementation is
enabled, the other must be disabled. Simply resolving the merge conflict
is not enough.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>

Use symlinks for kernel modules rather than hardlinks

When aliasing a kernel module to a different name (ie if_igb for if_em),
it's better to use symlinks than hard links. kldxref will omit entries for
the links, ensuring that the loaded module has the correct name.

Reviewed by:    imp
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D19979

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  Specify using Python2, these .py files have not been converted to use Python3 yet, but 
the default Python version in ports has been switched to 3.

Export cpu_core from opensolaris.ko.

It is referenced by dtrace*.ko.

PR:            191462
Submitted by:   me.freebsd at cgf.cx
MFC after:      1 week

MFC r345348, r345594:
Use -fdebug-prefix-map to map auto-generated kernel build paths.

MFC r346010:
Fix indentation.