HardenedBSD/src d5e0be0sys/fs/nfsclient nfs_clvnops.c

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+2-1sys/fs/nfsclient/nfs_clvnops.c
+2-11 files

HardenedBSD/src c010286sys/fs/nfsclient nfs_clvnops.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+2-1sys/fs/nfsclient/nfs_clvnops.c
+2-11 files

HardenedBSD/src 19db59fusr.sbin/nfsd nfsd.8

Merge branch 'freebsd/14-stable/main' into hardened/14-stable/master
DeltaFile
+60-2usr.sbin/nfsd/nfsd.8
+60-21 files

HardenedBSD/src c2b8a5cusr.sbin/nfsd nfsd.8

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+60-2usr.sbin/nfsd/nfsd.8
+60-21 files

HardenedBSD/src e8567desys/fs/nfsclient nfs_clvnops.c

nfscl: Fix handling of POSIX draft default ACLs

A POSIX draft default ACL may not exist.  As such,
an ACL with zero ACEs needs to be allowed.

This patch fixes acquisition of POSIX draft default
ACLs when they do not exist on the directory.

Fixes:  a35bbd5d9f5f ("nfscommon: Add some support for POSIX draft ACLs")
DeltaFile
+2-1sys/fs/nfsclient/nfs_clvnops.c
+2-11 files

HardenedBSD/src ab5ec8cusr.sbin/nfsd nfsd.8

nfsd.8: Add a short paragraph w.r.t. NFSv3 vs NFSv4 setup

The nfsd can be configured to support NFSv3, NFSv4 or both
of them.

This patch adds a short paragraph to nfsd.8 to explain this.

This is a content change.

(cherry picked from commit 4f184fd35d81bbd85284d47d2a65aeece67e87d4)
DeltaFile
+60-2usr.sbin/nfsd/nfsd.8
+60-21 files

HardenedBSD/src 785d429usr.sbin/nfsd nfsd.8

nfsd.8: Add a short paragraph w.r.t. NFSv3 vs NFSv4 setup

The nfsd can be configured to support NFSv3, NFSv4 or both
of them.

This patch adds a short paragraph to nfsd.8 to explain this.

This is a content change.

(cherry picked from commit 4f184fd35d81bbd85284d47d2a65aeece67e87d4)
DeltaFile
+60-2usr.sbin/nfsd/nfsd.8
+60-21 files

HardenedBSD/src e951f78sbin/pfctl parse.y

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+0-1sbin/pfctl/parse.y
+0-11 files

HardenedBSD/src c962095sbin/pfctl parse.y

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+0-1sbin/pfctl/parse.y
+0-11 files

HardenedBSD/src 4fecc8esbin/pfctl parse.y

pfctl: remove duplicate "va" entry

It turns out we'd already added this a few years ago, so didn't need to
add it again.

Fixes:          190c1f3d9326
Reported by:    Seth Hoffert <seth.hoffert at gmail.com>
Sponsored by:   Rubicon Communications, LLC ("Netgate")
DeltaFile
+0-1sbin/pfctl/parse.y
+0-11 files

HardenedBSD/src 8ab44d0lib/libpfctl libpfctl.c libpfctl.h, sbin/pfctl pfctl_radix.c

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+68-1lib/libpfctl/libpfctl.c
+40-0sys/netpfil/pf/pf_nl.c
+6-16sbin/pfctl/pfctl_radix.c
+2-2tests/sys/netpfil/pf/nat.sh
+2-0lib/libpfctl/libpfctl.h
+2-0sys/netpfil/pf/pf_nl.h
+120-191 files not shown
+121-197 files

HardenedBSD/src ffe961flib/libpfctl libpfctl.c libpfctl.h, sbin/pfctl pfctl_radix.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+68-1lib/libpfctl/libpfctl.c
+40-0sys/netpfil/pf/pf_nl.c
+6-16sbin/pfctl/pfctl_radix.c
+2-2tests/sys/netpfil/pf/nat.sh
+2-0sys/netpfil/pf/pf_nl.h
+2-0lib/libpfctl/libpfctl.h
+120-191 files not shown
+121-197 files

HardenedBSD/src b2717ddsys/arm/allwinner aw_rtc.c

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+12-11sys/arm/allwinner/aw_rtc.c
+12-111 files

HardenedBSD/src 4a15a35sys/arm/allwinner aw_rtc.c

aw_rtc: bump settime() delays

There are delay loops, checking the BUSY status bit, before writing to
the date or time registers. Each iteration contains a 1usec delay, for a
maximum of 70 iterations.

This is frequently not enough on the D1 platform, where the message is
emitted:

  rtc0: could not set date, RTC busy

Bump the loop delay to 10usecs each, and the maximum number of
iterations to 150, for a maximum delay of 1.5msecs between each write of
the register.

In my testing this seems to be adequate.

The loop variable is renamed for clarity/simplicity.


    [6 lines not shown]
DeltaFile
+12-11sys/arm/allwinner/aw_rtc.c
+12-111 files

HardenedBSD/src 2eec2bctests/sys/netpfil/pf nat.sh

pf tests: avoid cleanup failures on skipped tests

If we skip the nat:binat_* tests (e.g. because pf.ko isn't loaded) the
inetd_tester.pid file isn't created. We still run the cleanup function,
which tries to use this file to clean up the test environment. This
results in 'broken: Test case cleanup did not terminate successfully'.
Avoid this by checking if the pid file exists before using it.

Sponsored by:   Rubicon Communications, LLC ("Netgate")
DeltaFile
+2-2tests/sys/netpfil/pf/nat.sh
+2-21 files

HardenedBSD/src 96c7e70lib/libpfctl libpfctl.c, sbin/pfctl pfctl_radix.c

pf: convert DIOCRCLRASTATS to netlink

Sponsored by:   Rubicon Communications, LLC ("Netgate")
DeltaFile
+60-18lib/libpfctl/libpfctl.c
+40-0sys/netpfil/pf/pf_nl.c
+7-1sbin/pfctl/pfctl_radix.c
+2-0sys/netpfil/pf/pf_nl.h
+109-194 files

HardenedBSD/src c2e7a52lib/libpfctl libpfctl.c libpfctl.h, sbin/pfctl pfctl_radix.c

pf: move DIOCRCLRASTATS into libpfctl

Sponsored by:   Rubicon Communications, LLC ("Netgate")
DeltaFile
+25-0lib/libpfctl/libpfctl.c
+1-17sbin/pfctl/pfctl_radix.c
+2-0lib/libpfctl/libpfctl.h
+28-173 files

HardenedBSD/src 190c1f3sbin/pfctl parse.y

pfctl: allow network programs select DSCP_VA for network ToS

OK stsp@

Obtained from:  OpenBSD, phessler <phessler at openbsd.org>, f8a2f73b65
Sponsored by:   Rubicon Communications, LLC ("Netgate")
DeltaFile
+1-0sbin/pfctl/parse.y
+1-01 files

HardenedBSD/src 03b193esys/contrib/openzfs/include/os/freebsd/spl/sys cmn_err.h kmem.h, sys/contrib/openzfs/include/sys spa.h zfs_debug.h

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+8-8sys/contrib/openzfs/include/os/freebsd/spl/sys/cmn_err.h
+2-2sys/contrib/openzfs/include/os/freebsd/spl/sys/kmem.h
+2-2sys/contrib/openzfs/include/sys/spa.h
+2-2sys/crypto/chacha20/chacha.c
+1-1sys/contrib/openzfs/include/sys/zfs_debug.h
+1-1sys/contrib/openzfs/include/sys/vdev.h
+16-161 files not shown
+17-177 files

HardenedBSD/src b66d62econtrib/ncurses/progs infocmp.c, sys/contrib/openzfs/include/os/freebsd/spl/sys cmn_err.h kmem.h

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+8-8sys/contrib/openzfs/include/os/freebsd/spl/sys/cmn_err.h
+2-2sys/contrib/openzfs/include/sys/spa.h
+2-2sys/contrib/openzfs/include/os/freebsd/spl/sys/kmem.h
+2-2sys/crypto/chacha20/chacha.c
+1-1sys/contrib/openzfs/include/sys/zfs_debug.h
+1-1contrib/ncurses/progs/infocmp.c
+16-161 files not shown
+17-177 files

HardenedBSD/src bcd9ea8sys/contrib/openzfs/include/os/freebsd/spl/sys cmn_err.h kmem.h, sys/contrib/openzfs/include/sys spa.h vdev.h

zfs: rename several printf attribute declarations to __printf__

For kernel builds, we redefine `__printf__` to `__freebsd_kprintf__`, to
support FreeBSD kernel printf(9) extensions with clang.

In OpenZFS various printf related functions are declared with
__attribute__((format(printf, X, Y))), so these won't work with the
above redefinition. With clang 21 and higher, this leads to errors
similar to:

    sys/contrib/openzfs/module/zfs/spa_misc.c:414:38: error: passing 'printf' format string where 'freebsd_kprintf' format string is expected [-Werror,-Wformat]
      414 |         (void) vsnprintf(buf, sizeof (buf), fmt, adx);
          |                                             ^

Since attribute names can always be spelled with leading and trailing
double underscores, rename these instances.

Note that in FreeBSD proper we usually use `__printflike` from
<sys/cdefs.h>, but that does not apply to OpenZFS.

    [4 lines not shown]
DeltaFile
+8-8sys/contrib/openzfs/include/os/freebsd/spl/sys/cmn_err.h
+2-2sys/contrib/openzfs/include/os/freebsd/spl/sys/kmem.h
+2-2sys/contrib/openzfs/include/sys/spa.h
+1-1sys/contrib/openzfs/include/sys/vdev.h
+1-1sys/contrib/openzfs/include/sys/zfs_debug.h
+14-145 files

HardenedBSD/src 667259bcontrib/ncurses/progs infocmp.c

ncurses: avoid warnings about too-long initializer strings

Increase the size of `assoc::from` to 8 bytes, to avoid warnings from
clang 21 similar to:

    contrib/ncurses/progs/infocmp.c:702:10: error: initializer-string for character array is too long, array size is 4 but initializer has size 5 (including the null terminating character); did you mean to use the 'nonstring' attribute? [-Werror,-Wunterminated-string-initialization]
      702 |     DATA("\033[2J", "ED2"),     /* clear page */
          |          ^~~~~~~~~
    contrib/ncurses/progs/infocmp.c:716:10: error: initializer-string for character array is too long, array size is 4 but initializer has size 5 (including the null terminating character); did you mean to use the 'nonstring' attribute? [-Werror,-Wunterminated-string-initialization]
      716 |     DATA("\033[!p", "DECSTR"),  /* soft reset */
          |          ^~~~~~~~~

Reviewed by:    markj
Obtained from:  https://invisible-island.net/archives/ncurses/6.5/ncurses-6.5-20241207.patch.gz
MFC after:      3 days
Differential Revision: https://reviews.freebsd.org/D54371
DeltaFile
+1-1contrib/ncurses/progs/infocmp.c
+1-11 files

HardenedBSD/src 710ec40sys/crypto/chacha20 chacha.c

crypto: avoid warnings about too-long initializer strings

Mark `sigma` and `tau` as `__non_string`, to avoid warnings from clang
21 similar to:

    sys/crypto/chacha20/chacha.c:53:31: error: initializer-string for character array is too long, array size is 16 but initializer has size 17 (including the null terminating character); did you mean to use the 'nonstring' attribute? [-Werror,-Wunterminated-string-initialization]
       53 | static const char sigma[16] = "expand 32-byte k";
          |                               ^~~~~~~~~~~~~~~~~~
    sys/crypto/chacha20/chacha.c:54:29: error: initializer-string for character array is too long, array size is 16 but initializer has size 17 (including the null terminating character); did you mean to use the 'nonstring' attribute? [-Werror,-Wunterminated-string-initialization]
       54 | static const char tau[16] = "expand 16-byte k";
          |                             ^~~~~~~~~~~~~~~~~~

MFC after:      3 days
Reviewed by:    markj
Differential Revision: https://reviews.freebsd.org/D54364
DeltaFile
+2-2sys/crypto/chacha20/chacha.c
+2-21 files

HardenedBSD/src 1f62835lib/libsys ioctl.2, share/man/man5 src.conf.5

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+39-25sys/vm/vm_object.c
+30-14sys/vm/vm_map.c
+7-1sys/vm/vm_object.h
+4-4share/man/man5/src.conf.5
+3-3tools/build/options/WITH_REPRODUCIBLE_PATHS
+4-1lib/libsys/ioctl.2
+87-488 files not shown
+94-5514 files

HardenedBSD/src 86758c5sys/vm vm_object.c vm_map.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+39-25sys/vm/vm_object.c
+30-14sys/vm/vm_map.c
+7-1sys/vm/vm_object.h
+76-403 files

HardenedBSD/src 436b566contrib/xz ChangeLog THANKS, contrib/xz/src/common my_landlock.h

Merge branch 'freebsd/14-stable/main' into hardened/14-stable/master
DeltaFile
+1,586-0contrib/xz/ChangeLog
+226-208contrib/xz/THANKS
+34-45contrib/xz/src/liblzma/common/stream_decoder_mt.c
+72-0contrib/xz/src/xz/hardware.c
+44-1contrib/xz/src/common/my_landlock.h
+18-20contrib/xz/src/liblzma/api/lzma/container.h
+1,980-27427 files not shown
+2,088-34233 files

HardenedBSD/src b9028a7contrib/xz ChangeLog THANKS, contrib/xz/src/common my_landlock.h

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+1,586-0contrib/xz/ChangeLog
+226-208contrib/xz/THANKS
+34-45contrib/xz/src/liblzma/common/stream_decoder_mt.c
+72-0contrib/xz/src/xz/hardware.c
+44-1contrib/xz/src/common/my_landlock.h
+18-20contrib/xz/src/liblzma/api/lzma/container.h
+1,980-27427 files not shown
+2,088-34233 files

HardenedBSD/src 353ba3bsys/vm vm_object.c

vm_object_coalesce(): do not account holes twice

alc wrote:
Suppose that the object is OBJ_ONEMAPPING and that we, in fact,
have a single mapping to it. Then, we punch a hole in that mapping.
vm_map_entry_delete() only subtracts from the object's charge when
we shrink the size of the object. Now, suppose that we perform
mmap(MAP_ANON) to reallocate some of the hole. Aren't we going to add to
the charge here, even though vm_map_entry_delete() never subtracted from
the charge for the hole that was created?

Only account the change in the charged object size that was added to it.

Noted by:       alc
Reviewed by:    alc, markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D54263
DeltaFile
+7-4sys/vm/vm_object.c
+7-41 files

HardenedBSD/src 7685aaesys/vm vm_map.c vm_object.c

vm_object_coalesce(): return swap reservation back if overcharged

It is possible for both vm_map_insert() and vm_object_coalesce() to charge
both for the same region.  The issue is that vm_map_insert() must charge
in advance to ensure that the mapping would not exceed the swap limit,
but then the coalesce might decide to extend the object, and already
(partially) backs the mapped region.

Handle this by passing to vm_object_coalesce() exact information about
the charging mode of the extending range 'not charging', 'charged' using
flags instead of simple boolean.  In vm_object_coalesce(), detect
overcharge and undo it if needed.

Note that this relies on vm_object_coalesce() call being the last action
in vm_map_insert() before extending the previous map entry.

Reported and tested by: pho
Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation

    [2 lines not shown]
DeltaFile
+30-14sys/vm/vm_map.c
+31-10sys/vm/vm_object.c
+7-1sys/vm/vm_object.h
+68-253 files

HardenedBSD/src e7053d9sys/vm vm_object.c

vm_object_coalesce(): simplify common expression

Add the next_end variable to replace commonly occuring the
next_pindex + next_size expression.

Suggested by:   alc
Reviewed by:    alc, markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D54263
DeltaFile
+7-6sys/vm/vm_object.c
+7-61 files