FreshBSD

MFC: r340495

- Restore setting the clock for devices which support the default/legacy
  transfer mode only (lost with r321385). [1]
- Similarly, don't try to set the power class on MMC devices that comply
  to version 4.0 of the system specification but are operated in default/
  legacy transfer or 1-bit bus mode as no power class is specified for
  these cases. Trying to set a power class nevertheless resulted in an -
  albeit harmless - error message.

PR:     231713 [1]

MFC: r333647, r338275, r338280, r338513

- If present, take advantage of the R/W cache of eMMC revision 1.5 and
  later devices. These caches work akin to the ones found in HDDs/SSDs
  that ada(4)/da(4) also enable if existent, but likewise increase the
  likelihood of data loss in case of a sudden power outage etc. On the
  other hand, write performance is up to twice as high for e. g. 1 GiB
  files depending on the actual chip and transfer mode employed.
  For maximum data integrity, the usage of eMMC caches can be disabled
  via the hw.mmcsd.cache tunable.
- Get rid of the NOP mmcsd_open().
- Obtain the bus mode (MMC or SD) from the directly superordinated
  bus rather than reaching up to the bridge and use the cached mode
  in mmcsd_delete(), too.
- Use le32dec(9) for decoding EXT_CSD values where it makes sense. [1]
- Locally cache some instance variable values in mmc_discover_cards()
  in order to improve the code readability a bit.

Obtained from:  NetBSD [1]

MFC: r338304

The read accessors generated by __BUS_ACCESSOR() have the problem that
they don't check the result of BUS_READ_IVAR(9) and silently return stack
garbage on failure in case a bus doesn't implement a particular instance
variable for example. With MMC bridges not providing MMCBR_IVAR_RETUNE_REQ,
yet, this in turn can cause mmc(4) to get into a state in which re-tuning
seems to be necessary but is inappropriate, causing mmc_wait_for_request()
to fail. Thus, don't use __BUS_ACCESSOR() for mmcbr_get_retune_req() and
instead provide a version of the latter which returns retune_req_none if
reading MMCBR_IVAR_RETUNE_REQ fails.

Revert "MMC, HS200/HS400 support seems to break mmc legacy support, clock probing seems to 
have issues."

This reverts commit c4ec367c3d9c4c29da94411b29fe6bfa55cb5d09.

pf: Ensure that IP addresses match in ICMP error packets

States in pf(4) let ICMP and ICMP6 packets pass if they have a
packet in their payload that matches an exiting connection.  It was
not checked whether the outer ICMP packet has the same destination
IP as the source IP of the inner protocol packet.  Enforce that
these addresses match, to prevent ICMP packets that do not make
sense.

Reported by:    Nicolas Collignon, Corentin Bayet, Eloi Vanderbeken, Luca Moro at 
Synacktiv
Obtained from:  OpenBSD
Security:       CVE-2019-5598

pf: Ensure that IP addresses match in ICMP error packets

States in pf(4) let ICMP and ICMP6 packets pass if they have a
packet in their payload that matches an exiting connection.  It was
not checked whether the outer ICMP packet has the same destination
IP as the source IP of the inner protocol packet.  Enforce that
these addresses match, to prevent ICMP packets that do not make
sense.

Reported by:    Nicolas Collignon, Corentin Bayet, Eloi Vanderbeken, Luca Moro at 
Synacktiv
Obtained from:  OpenBSD
Security:       CVE-2019-5598

MFC r344510

netmap: remove redundant call to nm_set_native_flags()

This redundant call was introduced by mistake in r343772.

Sponsored by:   Sunny Valley Networks

MFC r343579, r344253

netmap: fix lock order reversal related to kqueue usage

When using poll(), select() or kevent() on netmap file descriptors,
netmap executes the equivalent of NIOCTXSYNC and NIOCRXSYNC commands,
before collecting the events that are ready. In other words, the
poll/kevent callback has side effects. This is done to avoid the
overhead of two system call per iteration (e.g., poll() + ioctl(NIOC*XSYNC)).

When the kqueue subsystem invokes the kqueue(9) f_event callback
(netmap_knrw), it holds the lock of the struct knlist object associated
to the netmap port (the lock is provided at initialization, by calling
knlist_init_mtx).
However, netmap_knrw() may need to wake up another netmap port (or even
the same one), which means that it may need to call knote().
Since knote() needs the lock of the struct knlist object associated to
the to-be-wake-up netmap port, it is possible to have a lock order reversal
problem (AB/BA deadlock).

This change prevents the deadlock by executing the knote() call in a
per-selinfo taskqueue, where it is possible to hold a mutex.
The change also adds a counter (kqueue_users) to keep track of how many
kqueue users are referencing a given struct nm_selinfo.
In this way, nm_os_selwakeup() can schedule the kevent notification

    [6 lines not shown]

vmx(4): add native netmap support

This change adds native netmap support for the vmx(4) adapter
(vmxnet3). Native support comes for free in 12, since the driver has been
ported to iflib. To make it minimally intrusive, the native support is
only enabled if vmxnet3.netmap_native is set at boot (e.g., in loader.conf).

Tested on stable/11 running inside vmplayer.

Submitted by:   Giuseppe Lettieri <g.lettieri at iet.unipi.it>
Reviewed by:    vmaffione, bryanv
Sponsored by:   Sunny Valley Networks
Differential Revision:  https://reviews.freebsd.org/D19104

MFC r343772, r343867

netmap: refactor logging macros and pipes

Changelist:
    - Replace ND, D and RD macros with nm_prdis, nm_prinf, nm_prerr
      and nm_prlim, to avoid possible naming conflicts.
    - Add netmap_krings_mode_commit() helper function and use that
      to reduce code duplication.
    - Refactor pipes control code to export some functions that
      can be reused by the veth driver (on Linux) and epair(4).
    - Add check to reject API requests with version less than 11.
    - Small code refactoring for the null adapter.

Conflicts:
        sys/dev/netmap/netmap.c

MFC r343689

netmap: upgrade sync-kloop support

Add SYNC_KLOOP_MODE option, and add support for direct mode, where application
executes the TXSYNC and RXSYNC in the context of the ioeventfd wake up callback.

MFC r343549

netmap: add notifications on kloop stop

On sync-kloop stop, send a wake-up signal to the kloop, so that
waiting for the timeout is not needed.
Also, improve logging in netmap_freebsd.c.

MFC r343346

netmap: improvements to the netmap kloop (CSB mode)

Changelist:
    - Add the proper memory barriers in the kloop ring processing
      functions.
    - Fix memory barriers usage in the user helpers (nm_sync_kloop_appl_write,
      nm_sync_kloop_appl_read).
    - Fix nm_kr_txempty() helper to look at rhead rather than rcur. This
      is important since the kloop can read a value of rcur which is ahead
      of the value of rhead (see explanation in nm_sync_kloop_appl_write)
    - Remove obsolete ptnetmap_guest_write_kring_csb() and
      ptnet_guest_read_kring_csb().
    - Prepare in advance the arguments for netmap_sync_kloop_[tr]x_ring(),
      to make the kloop faster.
    - Provide kernel and user implementation for nm_ldld_barrier() and
      nm_ldst_barrier()

MFC r343344

netmap: fix knote() argument to match the mutex state

The nm_os_selwakeup function needs to call knote() to wake up kqueue(9)
users. However, this function can be called from different code paths,
with different lock requirements.
This patch fixes the knote() call argument to match the relavant lock state.
Also, comments have been updated to reflect current code.

PR:     https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219846
Reported by:    Aleksandr Fedorov <aleksandr.fedorov at itglobal.com>
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D18876

netmap: small cleanup on em, lem, igb, ixgbe

Replace D, ND and RD macros with the corresponding nm_pr* ones.

ixl: remove unnecessary limitations related to netmap

Netmap supports the case where TX rings and RX rings have different size.
Remove unnecessary limitations related to netmap support, making the code
simpler.
Also, check that the value of the hw head index written back from the NIC
is valid.

Reviewed by:    erj
Differential Revision:  https://reviews.freebsd.org/D18984

MFC r343413

netmap: fix crash with monitors and VALE ports

Crash report described here:
    https://github.com/luigirizzo/netmap/issues/583
Fixed by providing dummy sync callback in case it is missing.

pf: IPv6 fragments with malformed extension headers could be erroneously passed by pf or 
cause a panic

We mistakenly used the extoff value from the last packet to patch the
next_header field. If a malicious host sends a chain of fragmented packets
where the first packet and the final packet have different lengths or number of
extension headers we'd patch the next_header at the wrong offset.
This can potentially lead to panics or rule bypasses.

Security:       CVE-2019-5597
Obtained from:  OpenBSD
Reported by:    Corentin Bayet, Nicolas Collignon, Luca Moro at Synacktiv

revert 
https://github.com/HardenedBSD/hardenedBSD-stable/commit/77a10c68ac3bf9cd0da50bd537dab858462c07f7 
 (https://reviews.freebsd.org/D14282) since it seems to cause crashes for some uefi boot 
systems.

pf: IPv6 fragments with malformed extension headers could be erroneously passed by pf or 
cause a panic

We mistakenly used the extoff value from the last packet to patch the
next_header field. If a malicious host sends a chain of fragmented packets
where the first packet and the final packet have different lengths or number of
extension headers we'd patch the next_header at the wrong offset.
This can potentially lead to panics or rule bypasses.

Security:       CVE-2019-5597
Obtained from:  OpenBSD
Reported by:    Corentin Bayet, Nicolas Collignon, Luca Moro at Synacktiv

revert 
https://github.com/HardenedBSD/hardenedBSD-stable/commit/77a10c68ac3bf9cd0da50bd537dab858462c07f7 
 (https://reviews.freebsd.org/D14282) since it seems to cause crashes for some uefi boot 
systems.

re: compile on arm

re: compile on arm

Revert "pmcstat: that doesn't make any sense..."

This reverts commit 7913071e4c5a9e09fab097d50af7c695377b4136.

Revert "uathload: same as previous"

This reverts commit 9c051fee57a1e1c13b9a9bae7555d1c548eda9b8.

Revert "nghook: disable compilation, armv6 issue and usused"

This reverts commit 2160e45071f999387fef62f79b5a46483450ae5a.

pmcstat: that doesn't make any sense...

uathload: same as previous

nghook: disable compilation, armv6 issue and usused

PR: https://github.com/opnsense/tools/issues/113

UPDATING and newvers entries for 11.2-p9

Approved by:    so
Security:       FreeBSD-SA-19:01.syscall

amd64: clear callee-preserved registers on syscall exit

Submitted by:   kib
Approved by:    so
Security:       CVE-2019-5595
Security:       FreeBSD-SA-19:01.syscall

amd64: clear callee-preserved registers on syscall exit

Submitted by:   kib
Approved by:    so
Security:       CVE-2019-5595
Security:       FreeBSD-SA-19:01.syscall

UPDATING and newvers entries for 11.2-p9

Approved by:    so
Security:       FreeBSD-SA-19:01.syscall

MMC, HS200/HS400 support seems to break mmc legacy support, clock probing seems to have 
issues.

Original source 
https://github.com/freebsd/freebsd/commit/398d5fc6afb7ce20f0cf9ecc4fe286e72afdbf29

This commit resets mmc_calculate_clock() to it's original behaviour.

MMC, HS200/HS400 support seems to break mmc legacy support, clock probing seems to have 
issues.

Original source 
https://github.com/freebsd/freebsd/commit/398d5fc6afb7ce20f0cf9ecc4fe286e72afdbf29

This commit resets mmc_calculate_clock() to it's original behaviour.

UPDATING and newvers entries for 11.2-p8

Approved by:    so
Security:       FreeBSD-EN-19:03.sqlite
Security:       FreeBSD-EN-19:04.tzdata
Security:       FreeBSD-EN-19:05.kqueue

MFS11 r340904: Avoid unsynchronized updates to kn_status.

Approved by:    so
Security:       FreeBSD-EN-19:05.kqueue

MFS11 r342668: Import tzdata 2018h, 2018i

Approved by:    so
Security:       FreeBSD-EN-19:04.tzdata

MFS11 r342292: MFC r333352 & r342183:

r333352: Update private sqlite from sqlite3-3.20.0 to sqlite3-3.23.1
r342183: Update sqlite3-3.23.1 --> sqlite3-3.26.0 (3260000)

PR:            234113
Approved by:    so
Security:       FreeBSD-EN-19:03.sqlite

MFS11 r342292: MFC r333352 & r342183:

r333352: Update private sqlite from sqlite3-3.20.0 to sqlite3-3.23.1
r342183: Update sqlite3-3.23.1 --> sqlite3-3.26.0 (3260000)

PR:            234113
Approved by:    so
Security:       FreeBSD-EN-19:03.sqlite

MFS11 r340904: Avoid unsynchronized updates to kn_status.

Approved by:    so
Security:       FreeBSD-EN-19:05.kqueue

UPDATING and newvers entries for 11.2-p8

Approved by:    so
Security:       FreeBSD-EN-19:03.sqlite
Security:       FreeBSD-EN-19:04.tzdata
Security:       FreeBSD-EN-19:05.kqueue

MFS11 r342668: Import tzdata 2018h, 2018i

Approved by:    so
Security:       FreeBSD-EN-19:04.tzdata

netmap: disable this notice again

If it's full it's full.  No use telling dmesg on every other packet.

MFC r342368, r342369

netmap: fix bug in netmap_poll() optimization

The bug was introduced by r339639, although it is present in the upstream
netmap code since 2015. It is due to resetting the want_rx variable to
POLLIN, rather than resetting it to POLLIN|POLLRDNORM.
It only affects select(), which uses POLLRDNORM. poll() is not affected,
because it uses POLLIN.
Also, it only affects FreeBSD, because Linux skips the optimization
implemented by the piece of code where the bug occurs.
To check if txsync can be skipped, it is necessary to look for
unseen TX space. However, this means comparing ring->cur
against ring->tail, rather than ring->head against ring->tail
(like nm_ring_empty() does).

Sponsored by:   Sunny Valley Networks

MFC r342300

netmap: move buf_size validation code to its own function

This code validates the netmap buf_size against the interface MTU
and maximum descriptor size, to make sure the values are consistent.
Moving this functionality to its own function is needed because this
function is also called by Linux-specific code.

MFC r342299

netmap: pipes: make sure both ends use the same number of slots

MFC r341992

netmap: fix warning in netmap_kloop.c

Reported by:    markj

MFC r341624

netmap: netmap_transmit should honor bpf packet tap hook

This allows tcpdump to capture outbound kernel packets while
in netmap mode

Submitted by:   Marc de la Gueronniere <mdelagueronniere at verisign.com>
Reviewed by:    vmaffione
MFC after:      1 week
Sponsored by:   Verisign, Inc.
Differential Revision:  https://reviews.freebsd.org/D17896

MFC r341516, r341589

netmap: align codebase to the current upstream (760279cfb2730a585)

Changelist:
  - Replace netmap passthrough host support with a more general
    mechanism to call TXSYNC/RXSYNC from an in-kernel event-loop.
    No kernel threads are used to use this feature: the application
    is required to spawn a thread (or a process) and issue a
    SYNC_KLOOP_START (NIOCCTRL) command in the thread body. The
    kernel loop is executed by the ioctl implementation, which returns
    to userspace only when a different thread calls SYNC_KLOOP_STOP
    or the netmap file descriptor is closed.
  - Update the if_ptnet driver to cope with the new data structures,
    and prune all the obsolete ptnetmap code.
  - Add support for "null" netmap ports, useful to allocate netmap_if,
    netmap_ring and netmap buffers to be used by specialized applications
    (e.g. hypervisors). TXSYNC/RXSYNC on these ports have no effect.
  - Various fixes and code refactoring.

Sponsored by:   Sunny Valley Networks
Differential Revision:  https://reviews.freebsd.org/D18015

netmap: fix module Makefile

Reported by:    mav

MFC r341144

netmap: set IFCAP_NETMAP in if_capabilities

Revision r307394 removed (by mistake) the code that sets IFCAP_NETMAP
in if_capabilities on netmap_attach. This patch reverts this change.

Reviewed by:    np
Approved by:    gnn (mentor)
Differential Revision:  https://reviews.freebsd.org/D17987