HardenedBSD/hardenedbsd b87244clibexec/rtld-elf debug.h Makefile

MFC r346216:
ld-elf.so: make LD_DEBUG always functional.

HardenedBSD/hardenedbsd c06d37asys/contrib/dev/ath/ath_hal/ar9300 ar9300_freebsd.c, sys/dev/ath if_athvar.h if_ath_rx.c

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  [ath] [ath_hal] [ath_hal_9300] Extend the start PCU receive to handle resetting ANI.
  dtc(1): Pull in fix for segfault-upon-error condition

HardenedBSD/hardenedbsd 4966247sys/fs/nfs nfs_commonsubs.c nfs_commonport.c, usr.sbin/nfsuserd nfsuserd.c Makefile

Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master

* freebsd/10-stable/master:
  MFC: r345995 Delete the BUGS entry related to failing when jails are enabled.
  MFC: r345994 Fix nfsuserd so that it handles the mapped localhost address when jails are 
enabled.
  MFC: r345992, r346087 Add INET6 support for the upcalls to the nfsuserd daemon.

HardenedBSD/hardenedbsd 95d91destand/efi/include efiip.h efitcp.h, stand/efi/libefi env.c

MFC r341101, r341231, r341276, r341329, r341433, r341780, r342054-r342055,
r342721, r342742, r342840, r343008, r343225

r341101:
powerpcspe: Don't crash the loader on ubldr with SPE instructions.

-msoft-float seems to be insufficient for disabling the SPE on powerpcspe.
Force it off with -mno-spe as well.  This prevents a crash in ubldr on
powerpcspe.

r341231:
loader: command_bcache() should print unsigned values

All bcache counters are unsigned.

r341276:
When handling CMD_CRIT error set command_errmsg to NULL after we dump it out,
so that it does not result in error message printed twice.

OK load doodoo
can't find 'doodoo'
can't find 'doodoo'
OK

r341329:

    [75 lines not shown]

HardenedBSD/hardenedbsd 93c1f86sbin/init init.c

MFC r337534-r337535

r337534:
Refactor common code into execute_script().

r337535:
Use NULLs instead of casted zeroes, for consistency.
DeltaFile
+63-83sbin/init/init.c
+63-831 files

HardenedBSD/hardenedbsd 8f1d746stand/common bcache.c part.c, stand/efi/libefi delay.c

MFC r338262, r339334, r339796, r340240, r340857, r340917, r341007

r338262:
stand: fdt: Drop some write-only assignments/variables and leaked bits

Generally straightforward enough; a copy of argv[1] was being made in
command_fdt_internal, solely used for a comparison within the
handler-search, then promptly leaked.

r339334:
loader.efi: add poweroff command

Add poweroff command to make life a bit easier.

r339796:
Simplify the EFI delay() function by calling BS->Stall()

r340240:
loader: ptable_open() check for ptable_cd9660read result is wrong

The ptable_*read() functions return NULL on read errors (and partition table
closed as an side effect). The ptable_open must check the return value and
act properly.

r340857:

    [12 lines not shown]

HardenedBSD/hardenedbsd a62c750sbin/init init.8 init.c, stand/man loader.8

MFC r337321, r337435, r337707, r337740, r337834, r337836, r337968

r337321:
Make it possible for init to execute any executable, not just sh(1)
scripts. This means one should be able to eg rewrite their /etc/rc
in Python.

r337435:
Move description of init_shell, init_script, and init_chroot kenv
tunables from loader(8) to init(8), since it's init that actually
uses them.  Add .Xrs at their old place.

r337707:
Move around text in loader(8), in particular stuff related to ZFS,
to restore the usual section order.

r337740:
Add init_exec kenv(1) variable, to make init(8) execute a file
after opening the console, replacing init as PID 1.

From the user point of view, it makes it possible to run eg the
shell as PID 1, using 'set init_exec=/bin/sh' at the loader(8)
prompt.

r337834:

    [9 lines not shown]

HardenedBSD/hardenedbsd b8fec7cstand/defaults loader.conf.5

MFC r339292: Fix a minor typo in loader.conf(5).

HardenedBSD/hardenedbsd ed4178bstand/libsa cd9660.c printf.c, stand/libsa/zfs zfs.c

MFC r337871, r339970, r342151, r342161, r343123-r343124, r344226, r344234,
r344248, r344387

r337871:
pkgfs_init: Initialize pkg

new_package may not set *pp if it errors out, leaving pkg uninitialized.

r339970:
Remove unnecessary include from libstand.

r342151:
loader: zfs reader should not probe partitionless disks

First of all, normal setups can not boot such pools as the tools
do not support installing boot programs.

Secondly, for proper pool configuration detection, we need to checks all
four label copies on disk, 2 from front and 2 from the end of the disk,
but zfs label does not contain the size of the disk - so we depend on
firmware to report the correct disk size or use information from the
partition table.

Without partition table, we only can rely on firmware to report and support
disk IO properly.

    [66 lines not shown]

HardenedBSD/hardenedbsd bcff510stand/i386/libi386 biosdisk.c bioscd.c, stand/i386/loader main.c

MFC r341253, r341328, r342619, r342626, r342707, r342785, r342865

r341253:
The libstand's panic() appends its own '\n' to the message, so that users of the API
don't need to supply one.

r341328:
loader: create separate lists for fd, cd and hd, merge bioscd with biosdisk

Create unified block IO implementation in BIOS version, like it is done in UEFI
side. Implement fd, disk and cd device lists, this will split floppy devices
from disks and will allow us to have consistent, predictable device naming
(modulo BIOS issues).

r342619:
loader: create bio_alloc and bio_free for bios bounce buffer

We do have 16KB buffer space defined in pxe.c, move it to bio.c and implement
bio_alloc()/bio_free() interface to make it possible to use this space for
other BIOS calls (notably, from biosdisk.c).

r342626:
Add Copyright.

r342707:

    [14 lines not shown]

HardenedBSD/hardenedbsd 11f50d1stand/common disk.c part.c, stand/i386/libi386 biosdisk.c

MFC r339658, r339959, r340047, r340049, r340215

r339658:
loader: biosdisk interface should be able to cope with 4k sectors

The 4kn support in current bios specific biosdisk.c is broken, as the code
is only implementing the support for the 512B sector size.

This work is building the support for custom size sectors, we still do assume
the requested data to be multiple of 512B blocks and we only do address the
biosdisk.c interface here.

For reference, see also:
https://www.illumos.org/issues/8303
https://www.illumos.org/rb/r/547

As the GELI is moved above biosdisk "layer", the GELI should just work

r339959:
loader: issue edd probe before legacy ah=08 and detect no media

while probing for drives, use int13 extended info before standard one and
provide workaround for case we are not getting needed information in case
of floppy drive.


    [24 lines not shown]

HardenedBSD/hardenedbsd 20d9ca0stand/i386/libi386 biosdisk.c bioscd.c, stand/i386/loader chain.c

MFC i386 stand cleanup: r337353-r337354, r337356, r337872, r337878, r337881,
r337890-r337891, r338188

r337353:
loader: cstyle cleanup for biosdisk.c

Also switch u_int to uint32_t. Also replace "write" by "dowrite".
No functional changes intended.

r337354:
loader: 337353 did miss to rename 2 write instances

2 write instances got somehow missed.

r337356:
loader: bd_open() should cleanup from disk_open() error

Since bd_open() does early increment for reference counter and bcache
allocation, it also should undo those in case of the error.

Also remove unused variables rdev, g_err.

r337872:
libi386: remove BD_SUPPORT_FRAGS


    [36 lines not shown]

HardenedBSD/hardenedbsd d5b4e42stand/i386/libi386 biosdisk.c

MFC r337271, r337317: stand: i386: sector calculation fixes

r337271:
Some drives report a geometry that is inconsisetent with the total
number of sectors reported through the BIOS. Cylinders * heads *
sectors may not necessarily be equal to the total number of sectors
reported through int13h function 48h.

An example of this is when a Mediasonic HD3-U2B PATA to USB enclosure
with a 80 GB disk is attached. Loader hangs at line 506 of
stand/i386/libi386/biosdisk.c while attempting to read sectors beyond
the end of the disk, sector 156906855. I discovered that the Mediasonic
enclosure was reporting the disk with 9767 cylinders, 255 heads, 63
sectors/track. That's 156906855 sectors. However camcontrol and
Windows 10 both report report the disk having 156301488 sectors, not
the calculated value. At line 280 biosdisk.c sets the sectors to the
higher of either bd->bd_sectors or the total calculated at line 276
(156906855) instead of the lower and correct value of 156301488 reported
by int 13h 48h.

This was tested on all three of my Mediasonic HD3-U2B PATA to USB
enclosures.

Instead of using the higher of bd_sectors (returned by int13h) or the
calculated value, this patch uses the lower and safer of the values.

    [7 lines not shown]

HardenedBSD/hardenedbsd 5ef0186stand/efi/libefi env.c

MFC r336424-r336425: loader command typos

r336424:
Fix typo in the command summary.

Of course, I can't get the command to work, but it's a start...

r336425:
More typos

HardenedBSD/hardenedbsd 66576a7sbin/reboot boot_i386.8, stand/man loader.8

MFC r333662: Clarify that boot_mute / boot -m mutes kernel console only

Perhaps RB_MUTE could mute user startup (rc) output as well, but right
now it mutes only kernel console output, so make the documentation match
reality.

PR:            228193

HardenedBSD/hardenedbsd 1205340sys/contrib/dev/ath/ath_hal/ar9300 ar9300_freebsd.c, sys/dev/ath if_athvar.h if_ath_rx.c

[ath] [ath_hal] [ath_hal_9300] Extend the start PCU receive to handle resetting ANI.

One of the fun issues with scanning has been how the existing
ANI values were programmed into the hardware when channels were
changed.  If you're on a really crappy channel and ANI has made
you deaf then when you scan you continue to be deaf on all channels.

This code passes in a flag to startpcureceive which in AR5416 and later
is also used to enable ANI.  This allows it to know if it's a normal
operation or a scan operation.

This fixes my situation at home where a temporary spot of a device
going deaf due to interference starts scanning and .. can't hear
anything until I restart.

Now, this isn't the full fix - ideally:

(a) all the ANI config and per-channel information would be migrated
     to the shared HAL stuff and enabled for all of the NICs;
(b) when a station reassociates and some other error conditions
    (like missed beacons, NF calibration failures, etc) a knob
    to reset ANI parameters would likely help recovery.

But hey, I'm committing bits of code again! woo!


    [3 lines not shown]

HardenedBSD/hardenedbsd a490f63usr.bin/dtc fdt.cc

dtc(1): Pull in fix for segfault-upon-error condition

Specifically, parse errors within a node would lead to a segfault due to
an unconditional dereference after emitting the error.

Obtained from:  https://github.com/davidchisnall/dtc/commit/e5ecf9319fd3f
MFC after:      3 days
DeltaFile
+4-1usr.bin/dtc/fdt.cc
+4-11 files

HardenedBSD/hardenedbsd f7c5235usr.sbin/nfsuserd nfsuserd.8

MFC: r345995
Delete the BUGS entry related to failing when jails are enabled.

r345994 has finally fixed the bug that caused the nfsuserd(8) daemon to
fail when jails were enabled, so delete the BUGS entry from the man page.

HardenedBSD/hardenedbsd 622226dusr.sbin/nfsuserd nfsuserd.c Makefile

MFC: r345994
Fix nfsuserd so that it handles the mapped localhost address when jails
are enabled.

The nfsuserd(8) daemon does not function correctly when jails are enabled,
since localhost gets mapped to another IP address and, as such, the upcall
RPC fails.
This patch fixes the problem by doing a getsockname(2) of a socket mapped
to localhost to find out what the correct address is for the comparison
test with the upcall's from IP address.
This patch also adds INET6 support and the required #ifdef's for INET and
INET6. It now uses INET6 by default for the upcalls, if the kernel has
INET6 support and the daemon is also built with INET6 support.

HardenedBSD/hardenedbsd 5e73b22sys/fs/nfs nfs_commonsubs.c nfs_commonport.c, sys/modules/nfscommon Makefile

MFC: r345992, r346087
Add INET6 support for the upcalls to the nfsuserd daemon.

The kernel code uses UDP to do upcalls to the nfsuserd(8) daemon to get
updates to the username<->uid and groupname<->gid mappings.
A change to AF_LOCAL last year had to be reverted, since it could result
in vnode locking issues on the AF_LOCAL socket.
This patch adds INET6 support and the required #ifdef INET and INET6
to the code.

HardenedBSD/hardenedbsd ef774f8usr.sbin/nfsuserd nfsuserd.8

MFC: r345995
Delete the BUGS entry related to failing when jails are enabled.

r345994 has finally fixed the bug that caused the nfsuserd(8) daemon to
fail when jails were enabled, so delete the BUGS entry from the man page.

HardenedBSD/hardenedbsd 110c578usr.sbin/nfsuserd nfsuserd.c Makefile

MFC: r345994
Fix nfsuserd so that it handles the mapped localhost address when jails
are enabled.

The nfsuserd(8) daemon does not function correctly when jails are enabled,
since localhost gets mapped to another IP address and, as such, the upcall
RPC fails.
This patch fixes the problem by doing a getsockname(2) of a socket mapped
to localhost to find out what the correct address is for the comparison
test with the upcall's from IP address.
This patch also adds INET6 support and the required #ifdef's for INET and
INET6. It now uses INET6 by default for the upcalls, if the kernel has
INET6 support and the daemon is also built with INET6 support.

HardenedBSD/hardenedbsd 1f07ecasys/fs/nfs nfs_commonsubs.c nfs_commonport.c, sys/modules/nfscommon Makefile

MFC: r345992, r346087
Add INET6 support for the upcalls to the nfsuserd daemon.

The kernel code uses UDP to do upcalls to the nfsuserd(8) daemon to get
updates to the username<->uid and groupname<->gid mappings.
A change to AF_LOCAL last year had to be reverted, since it could result
in vnode locking issues on the AF_LOCAL socket.
This patch adds INET6 support and the required #ifdef INET and INET6
to the code.

HardenedBSD/hardenedbsd da679aacontrib/sqlite3 sqlite3.c configure, contrib/sqlite3/tea configure

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  MFV r346450:
  psm(4): give names to synaptics commands
  psm(4): respect tap_disabled configuration with enabled Extended support
  psm(4): do not process gestures when palm is present
  psm(4): Add support for 4 and 5 finger touches in synaptics driver
  Make libvgl mostly work without superuser privilege in direct modes by not doing any 
unnecessary PIO instructions or refusing to start when the i/o privilege needed for these 
instructions cannot be acquired.

HardenedBSD/hardenedbsd 5cd0479usr.sbin/nfsuserd nfsuserd.8

MFC: r345995
Delete the BUGS entry related to failing when jails are enabled.

r345994 has finally fixed the bug that caused the nfsuserd(8) daemon to
fail when jails were enabled, so delete the BUGS entry from the man page.

This is a content change.

HardenedBSD/hardenedbsd 6e8f86busr.sbin/nfsuserd nfsuserd.c Makefile

MFC: r345994
Fix nfsuserd so that it handles the mapped localhost address when jails
are enabled.

The nfsuserd(8) daemon does not function correctly when jails are enabled,
since localhost gets mapped to another IP address and, as such, the upcall
RPC fails.
This patch fixes the problem by doing a getsockname(2) of a socket mapped
to localhost to find out what the correct address is for the comparison
test with the upcall's from IP address.
This patch also adds INET6 support and the required #ifdef's for INET and
INET6. It now uses INET6 by default for the upcalls, if the kernel has
INET6 support and the daemon is also built with INET6 support.

HardenedBSD/hardenedbsd 0d2ee16sys/fs/nfs nfs_commonsubs.c nfs_commonport.c, sys/modules/nfscommon Makefile

MFC: r345992, r346087
Add INET6 support for the upcalls to the nfsuserd daemon.

The kernel code uses UDP to do upcalls to the nfsuserd(8) daemon to get
updates to the username<->uid and groupname<->gid mappings.
A change to AF_LOCAL last year had to be reverted, since it could result
in vnode locking issues on the AF_LOCAL socket.
This patch adds INET6 support and the required #ifdef INET and INET6
to the code.
This patch also reverts the unused AF_LOCAL socket code.

HardenedBSD/hardenedbsd d4a47e2contrib/sqlite3 sqlite3.c configure, contrib/sqlite3/tea configure configure.ac

MFV r346450:

Update sqlite3-3.27.1 (3270100) --> sqlite3-3.27.2 (3270200)

MFC after:      11 days

HardenedBSD/hardenedbsd a9965c3usr.bin/svn/svn Makefile

HBSD: Disable cfi-icall for svn/svnlite

svn/svnlite violates cfi-icall. Goal is to re-enable cfi-icall when
Cross-DSO CFI launches.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>

HardenedBSD/hardenedbsd e56fffcsys/dev/atkbdc psm.c

psm(4): give names to synaptics commands

Submitted by:   Ben LeMasurier <ben at crypt.ly>
MFC after:      2 weeks
DeltaFile
+31-11sys/dev/atkbdc/psm.c
+31-111 files

HardenedBSD/hardenedbsd b07da6eshare/man/man4 psm.4, sys/dev/atkbdc psm.c

psm(4): respect tap_disabled configuration with enabled Extended support

This fixes a bug where, even when hw.psm.tap_enabled=0, touchpad taps
were processed.
tap_enabled has three states: unconfigured, disabled, and enabled (-1, 0, 1).
To respect PR kern/139272, taps are ignored only when explicity disabled.

Submitted by:   Ben LeMasurier <ben at crypt.ly> (initial version)
MFC after:      2 weeks

HardenedBSD/hardenedbsd 68284b4sys/dev/atkbdc psm.c

psm(4): do not process gestures when palm is present

Ignoring of gesture processing when the palm is detected helps to reduce
some of the erratic pointer behavior.

This fixes regression introduced in r317814

Reported by:    Ben LeMasurier <ben at crypt.ly>
MFC after:      2 weeks
DeltaFile
+16-9sys/dev/atkbdc/psm.c
+16-91 files

HardenedBSD/hardenedbsd c9e5830sys/dev/atkbdc psm.c

psm(4): Add support for 4 and 5 finger touches in synaptics driver

While 4-th and 5-th finger positions are not exported through PS/2
interface, total number of touches is reported by MT trackpads.

MFC after:      2 weeks
DeltaFile
+10-1sys/dev/atkbdc/psm.c
+10-11 files

HardenedBSD/hardenedbsd 35b6fb0lib/libvgl mouse.c simple.c

Make libvgl mostly work without superuser privilege in direct modes by
not doing any unnecessary PIO instructions or refusing to start when the
i/o privilege needed for these instructions cannot be acquired.

This turns off useless palette management in direct modes.  Palette
management had no useful effect since the hardware palette is not used
in these modes.

This transiently acquires i/o privilege if possible as needed to give
VGLSetBorder() and VGLBlankDisplay() a chance of working.  Neither has
much chance of working.  I was going to drop support for them in direct
modes, but found that VGLBlankDisplay() still works with an old graphics
card on a not so old LCD monitor.

This has some good side effects: reduce glitches for managing the palette
for screen switches, and speed up and reduce async-signal-unsafeness in
mouse cursor drawing.

HardenedBSD/hardenedbsd 1cde0bbsys/compat/linuxkpi/common/src linux_compat.c, sys/modules/em Makefile

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  Revert r346443
  netdump: Fix 11 compatibility DIOCSKERNELDUMP ioctl
  Enable ioremap for aarch64 in the LinuxKPI
  tests/sys/opencrypto: fix whitespace per PEP8
  Use symlinks for kernel modules rather than hardlinks
  Export cpu_core from opensolaris.ko.

HardenedBSD/hardenedbsd b3b07cbsys/vm vm_mmap.c

HBSD: Don't apply ASLR to mmap when ASR is enabled

Prefer FreeBSD's mmap randomization when ASR is enabled. If the user
specifically wants ASR rather than PaX ASLR, honor that. Randomization
is intentially enabled for the stack and shared page, given FreeBSD's
ASR implementation lacks stack and shared page randomization.

If/when FreeBSD implements stack and shared page randomization, a
follow-up commit to prefer that over HardenedBSD's PaX ASLR
implementation when ASR is enabled.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+6-4sys/vm/vm_mmap.c
+6-41 files

HardenedBSD/hardenedbsd 4b3bd55sys/vm vm_map.c

HBSD: Disable clustering non-fixed mappings by default

FreeBSD's ASR implementation introduced the concept of allocation
clustering. In FreeBSD, clustering is enabled by default. Clustering
weakens the ASR/ASLR implementation.

With clustering enabled:

```
Anonymous mapping randomization test     : 21 quality bits (guessed)
Heap randomization test (ET_EXEC)        : 21 quality bits (guessed)
Heap randomization test (PIE)            : 22 quality bits (guessed)
Main executable randomization (ET_EXEC)  : No randomization
Main executable randomization (PIE)      : 30 quality bits (guessed)
Shared library randomization test        : 30 quality bits (guessed)
VDSO randomization test                  : 28 quality bits (guessed)
Stack randomization test (SEGMEXEC)      : 41 quality bits (guessed)
Stack randomization test (PAGEEXEC)      : 41 quality bits (guessed)
Arg/env randomization test (SEGMEXEC)    : 42 quality bits (guessed)
Arg/env randomization test (PAGEEXEC)    : 42 quality bits (guessed)
Randomization under memory exhaustion @~0: 21 bits (guessed)
Randomization under memory exhaustion @0 : 21 bits (guessed)
```

With clustering disabled:

    [23 lines not shown]
DeltaFile
+1-1sys/vm/vm_map.c
+1-11 files

HardenedBSD/hardenedbsd c15f9b8sys/kern imgact_elf.c

HBSD: Logic enhancements

Restore FreeBSD's ASR implementation's ability to randomize the PIE
execbase. When FreeBSD's ASR is enabled, prefer that over HardenedBSD's
PaX ASLR implementation for the PIE execbase and RTLD randomization.

This change also restores the meaning of the et_dyn_addr variable by the
introduction of a new variable: do_asr. In general, it's good practice
to ensure each variable has only a single meaning.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+16-18sys/kern/imgact_elf.c
+16-181 files

HardenedBSD/hardenedbsd b331cfbtests/sys/opencrypto cryptodev.py cryptotest.py

Revert r346443

My wide sweeping stylistic change (while well intended) is impeding others from
working on `tests/sys/opencrypto`.

The plan is to revert the change in ^/head, then reintroduce the changes after
the other changes get merged into ^/head .

Approved by:    emaste (mentor; implicit)
Requested by:   jhb
MFC after:      2 months

HardenedBSD/hardenedbsd 926ea6esys/netinet/netdump netdump_client.c

netdump: Fix 11 compatibility DIOCSKERNELDUMP ioctl

The logic was present for the 11 version of the DIOCSKERNELDUMP ioctl, but
had not been updated for the 12 ABI.

Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D19980

HardenedBSD/hardenedbsd 3ea680fsys/compat/linuxkpi/common/include/linux io.h, sys/compat/linuxkpi/common/src linux_compat.c

Enable ioremap for aarch64 in the LinuxKPI

Required for Mellanox drivers (e.g. on Ampere eMAG at Packet.com).

PR:            237055
Submitted by:   Greg V <greg at unrelenting.technology>
Reviewed by:    hselasky
Differential Revision:  https://reviews.freebsd.org/D19987

HardenedBSD/hardenedbsd fbb8c98tests/sys/opencrypto cryptodev.py cryptotest.py

tests/sys/opencrypto: fix whitespace per PEP8

Replace hard tabs with four-character indentations, per PEP8.

This is being done to separate stylistic changes from the tests from functional
ones, as I accidentally introduced a bug to the tests when I used four-space
indentation locally.

No functional change.

MFC after:      2 months
Approved by:    emaste (mentor: implicit blanket approval for trivial fixes)

HardenedBSD/hardenedbsd 3a57462contrib/sqlite3 sqlite3.c config.guess

MFC r345996:

Update sqlite3-3.26.0 (3260000) --> sqlite3-3.27.1 (3270100)

HardenedBSD/hardenedbsd ec6ec5econtrib/sqlite3 sqlite3.c config.guess

MFC r345996:

Update sqlite3-3.26.0 (3260000) --> sqlite3-3.27.1 (3270100)

HardenedBSD/hardenedbsd ce29f9bsys/kern imgact_elf.c, sys/sys imgact.h

HBSD: Resolve merge conflicts

This commit simply resolves the merge conflicts between FreeBSD's ASR
implementation and HardenedBSD's ASLR implementation. It boots
successfully. However, work needs to be done to make the two
implementations play well with each other. When one implementation is
enabled, the other must be disabled. Simply resolving the merge conflict
is not enough.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>

HardenedBSD/hardenedbsd fdcd6f1sys/modules/em Makefile, sys/modules/fusefs Makefile

Use symlinks for kernel modules rather than hardlinks

When aliasing a kernel module to a different name (ie if_igb for if_em),
it's better to use symlinks than hard links. kldxref will omit entries for
the links, ensuring that the loaded module has the correct name.

Reviewed by:    imp
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D19979

HardenedBSD/hardenedbsd 940e8fctests/sys/opencrypto cryptodev.py cryptotest.py

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  Specify using Python2, these .py files have not been converted to use Python3 yet, but 
the default Python version in ports has been switched to 3.

HardenedBSD/hardenedbsd 9b1b891sys/modules/opensolaris Makefile

Export cpu_core from opensolaris.ko.

It is referenced by dtrace*.ko.

PR:            191462
Submitted by:   me.freebsd at cgf.cx
MFC after:      1 week

HardenedBSD/hardenedbsd 4ba2201sys/conf kern.post.mk kmod.mk

MFC r345348, r345594:
Use -fdebug-prefix-map to map auto-generated kernel build paths.

HardenedBSD/hardenedbsd 40d7e78usr.sbin/bhyve uart_emul.c

MFC r346010:
Fix indentation.