HardenedBSD/src 5ffb2f1sys/dev/iwx if_iwx.c if_iwxreg.h, sys/netinet tcp_pcap.c

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+11,016-0sys/dev/iwx/if_iwx.c
+7,922-0sys/dev/iwx/if_iwxreg.h
+924-0sys/dev/iwx/if_iwxvar.h
+0-452sys/netinet/tcp_pcap.c
+321-0sys/dev/iwx/if_iwx_debug.c
+265-0sys/dev/iwx/if_iwx_debug.h
+20,448-45221 files not shown
+20,552-64127 files

HardenedBSD/src f89ac29sys/dev/mlx5/mlx5_en mlx5_en_main.c mlx5_en_rx.c, sys/dev/pci pci.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+11-0sys/dev/mlx5/mlx5_en/mlx5_en_main.c
+5-0sys/dev/mlx5/mlx5_en/mlx5_en_rx.c
+0-2sys/dev/pci/pci.c
+1-0sys/dev/mlx5/mlx5_en/en.h
+17-24 files

HardenedBSD/src e0e9678contrib/netbsd-tests/usr.bin/grep t_grep.sh, sys/vm uma_core.c

Merge branch 'freebsd/14-stable/main' into hardened/14-stable/master
DeltaFile
+7-0sys/vm/uma_core.c
+2-2usr.bin/top/top.c
+1-1contrib/netbsd-tests/usr.bin/grep/t_grep.sh
+10-33 files

HardenedBSD/src 8d95e94contrib/netbsd-tests/usr.bin/grep t_grep.sh

netbsd-tests: Update a test case to chase grep symlink handling changes

This test case verifies that grep detects symlink loops when traversing
a directory hierarchy.

Fixes:          fc12c191c087 ("grep: Default to -p instead of -S.")
Reviewed by:    ngie, jhb
Reported by:    Jenkins
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D46544

(cherry picked from commit a700bef1e4ee3e6f4e1a86a374bf9b4044f69a70)
DeltaFile
+1-1contrib/netbsd-tests/usr.bin/grep/t_grep.sh
+1-11 files

HardenedBSD/src 680d348sys/dev/pci pci.c

Revert "pci: Only re-route IRQs based on firmware on x86"

This reverts commit 0e33c2e6df7a5de65db40c7cc0fc97f66da28ccd.
DeltaFile
+0-2sys/dev/pci/pci.c
+0-21 files

HardenedBSD/src f0adc90sys/dev/mlx5/mlx5_en mlx5_en_main.c mlx5_en_rx.c

mlx5en: sync channel close with the rq completion processing

Without the wait, mlx5e_destroy_rq() might free mbuf that is passed up
to the network stack on receive in mlx5e_poll_rx_cq().

Sponsored by:   NVidia networking
MFC after:      1 week
DeltaFile
+11-0sys/dev/mlx5/mlx5_en/mlx5_en_main.c
+5-0sys/dev/mlx5/mlx5_en/mlx5_en_rx.c
+1-0sys/dev/mlx5/mlx5_en/en.h
+17-03 files

HardenedBSD/src 02324aesys/vm uma_core.c

uma: Avoid excessive per-CPU draining

After commit 389a3fa693ef, uma_reclaim_domain(UMA_RECLAIM_DRAIN_CPU)
calls uma_zone_reclaim_domain(UMA_RECLAIM_DRAIN_CPU) twice on each zone
in addition to globally draining per-CPU caches. This was unintended
and is unnecessarily slow; in particular, draining per-CPU caches
requires binding to each CPU.

Stop draining per-CPU caches when visiting each zone, just do it once in
pcpu_cache_drain_safe() to minimize the amount of expensive sched_bind()
calls.

Fixes:          389a3fa693ef ("uma: Add UMA_ZONE_UNMANAGED")
MFC after:      1 week
Sponsored by:   Klara, Inc.
Sponsored by:   NetApp, Inc.
Reviewed by:    gallatin, kib
Differential Revision:  https://reviews.freebsd.org/D49349

(cherry picked from commit f506d5af50fccc37f5aa9fe090e9a0d5f05506c8)
DeltaFile
+7-0sys/vm/uma_core.c
+7-01 files

HardenedBSD/src a4251e9usr.bin/top top.c

top: Make locale issues non-fatal.

If the `setlocale()` call fails, emit a warning and sleep briefly so the
user has a chance to see the warning before we redraw the screen.  Note
that we have no way of knowing exactly what is wrong, but at least we
can suggest that they check their environment.

MFC after:      1 week
Sponsored by:   Klara, Inc.
Reviewed by:    kevans
Differential Revision:  https://reviews.freebsd.org/D49230

(cherry picked from commit 180065eb09e699820a1e1c45d3d00156e0effe29)
DeltaFile
+2-2usr.bin/top/top.c
+2-21 files

HardenedBSD/src b94cc99. ObsoleteFiles.inc

HBSD: Resolve merge conflict

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+3-5ObsoleteFiles.inc
+3-51 files

HardenedBSD/src fa917aesys/dev/iwx if_iwx.c if_iwxreg.h, sys/netinet tcp_pcap.c

Merge remote-tracking branch 'origin/freebsd/current/main' into hardened/current/master

Conflicts:
        ObsoleteFiles.inc (unresolved)
DeltaFile
+11,016-0sys/dev/iwx/if_iwx.c
+7,922-0sys/dev/iwx/if_iwxreg.h
+924-0sys/dev/iwx/if_iwxvar.h
+0-452sys/netinet/tcp_pcap.c
+321-0sys/dev/iwx/if_iwx_debug.c
+265-0sys/dev/iwx/if_iwx_debug.h
+20,448-45217 files not shown
+20,537-63923 files

HardenedBSD/src d748462lib/libjail jail.c, sys/dev/sound/pcm vchan.c

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+621-0sys/kern/kern_jailmeta.c
+588-0tests/sys/kern/jailmeta.sh
+80-95sys/vm/vm_reserv.c
+79-43sys/kern/kern_rangelock.c
+26-84sys/dev/sound/pcm/vchan.c
+69-15lib/libjail/jail.c
+1,463-23737 files not shown
+1,890-34843 files

HardenedBSD/src f138ecalib/libc/sys close.2, sys/compat/linprocfs linprocfs.c

Merge branch 'freebsd/14-stable/main' into hardened/14-stable/master
DeltaFile
+94-93usr.bin/top/top.1
+43-0sys/dev/acpi_support/acpi_ibm.c
+27-15sys/netlink/route/rt.c
+13-13usr.bin/top/commands.c
+1-5sys/compat/linprocfs/linprocfs.c
+1-4lib/libc/sys/close.2
+179-1305 files not shown
+187-14011 files

HardenedBSD/src 9e7af40sys/compat/linux linux_socket.c

linux: Handle IP_RECVTOS cmsg type

This unbreaks apps using GameNetworkingSockets from Valve.

(cherry picked from commit 186dc094cf1ce14b26c6dfa329a445357121238a)
DeltaFile
+2-1sys/compat/linux/linux_socket.c
+2-11 files

HardenedBSD/src a5918bfsys/compat/linux linux_socket.c

linux: Fix a typo in linux_recvmsg_common

We are supposed to check the result of bsd_to_linux_sockopt_level here
rather than its input.

(cherry picked from commit 9f55630b8d72602f6ec86b15b607f5fc5fde911e)
DeltaFile
+1-1sys/compat/linux/linux_socket.c
+1-11 files

HardenedBSD/src eca3c05sys/compat/linprocfs linprocfs.c

linprocfs: Correct sysfs /proc/<pid>/mountinfo entry

Technically mount source could be an arbitrary string (since it's
effectively ignored), but it's common to repeat fs type there.

(cherry picked from commit b9752d5d1cea30a39e89c83ea3aeb539581418cb)
DeltaFile
+1-5sys/compat/linprocfs/linprocfs.c
+1-51 files

HardenedBSD/src e215460sys/netlink/route rt.c

netlink/route: fix nlattr_get_multipath() to check length

of supplied nexthop sub-attributes.  While here, use unsigned types for
length calculations and improve style(9).

PR:                     283860
(cherry picked from commit 49a6e213416b5c0c9eccdff0af1c6b01f34c3693)
DeltaFile
+22-10sys/netlink/route/rt.c
+22-101 files

HardenedBSD/src f2a4943sys/netlink/route rt.c

netlink/route: fix fib number validation in old Linux compat mode

The value passed via old field also needs to be validated.

PR:                     283848
Fixes:                  f34aca55adef1e28cd68b2e6705a0cac03f0238e
(cherry picked from commit 031fbf8dc962ca8d458b217ba2b4a9e637b7e932)
DeltaFile
+3-3sys/netlink/route/rt.c
+3-31 files

HardenedBSD/src 886fcbdsys/dev/acpi_support acpi_ibm.c, sys/modules/acpi/acpi_ibm Makefile

acpi_ibm: pass brightness events to evdev(4)

unless the dev.acpi_ibm.0.handlerevents sysctl is set to process
them internally.  The default for the latter is to ignore them,
so passing to evdev(4) is enabled by default.

Reviewed by:            wulf, imp
Tested on:              Lenovo Thinpad X11 Carbon 7Th Gen
Differential Revision:  https://reviews.freebsd.org/D48174

(cherry picked from commit c21f5751ef0932796676e55953461e0679020e28)
DeltaFile
+43-0sys/dev/acpi_support/acpi_ibm.c
+1-1sys/modules/acpi/acpi_ibm/Makefile
+44-12 files

HardenedBSD/src 1bda3falib/libc/sys close.2, sys/netinet tcp_usrreq.c

tcp: don't ever return ECONNRESET on close(2)

The SUS doesn't mention this error code as a possible one [1]. The FreeBSD
manual page specifies a possible ECONNRESET for close(2):

[ECONNRESET]    The underlying object was a stream socket that was
                shut down by the peer before all pending data was
                delivered.

In the past it had been EINVAL (see 21367f630d72), and this EINVAL was
added as a safety measure in 623dce13c64ef.  After conversion to
ECONNRESET it had been documented in the manual page in 78e3a7fdd51e6, but
I bet wasn't ever tested to actually be ever returned, cause the
tcp-testsuite[2] didn't exist back then.  So documentation is incorrect
since 2006, if my bet wins.  Anyway, in the modern FreeBSD the condition
described above doesn't end up with ECONNRESET error code from close(2).
The error condition is reported via SO_ERROR socket option, though.  This
can be checked using the tcp-testsuite, temporarily disabling the
getsockopt(SO_ERROR) lines using sed command [3].  Most of these

    [35 lines not shown]
DeltaFile
+1-4lib/libc/sys/close.2
+0-5sys/netinet/tcp_usrreq.c
+1-92 files

HardenedBSD/src 96e6fc5sys/netlink/route rt.c

netlink/route: validate family attribute

PR:                     283818
(cherry picked from commit cdacb12065e4d85416655743da5bc6b17a9d9119)
DeltaFile
+3-3sys/netlink/route/rt.c
+3-31 files

HardenedBSD/src c541138usr.bin/top top.1 top.c

top: Sync usage and synopsis

Switching between io and cpu sorting uses a great example in the usage.
[-m io | cpu]. Use that everywhere.

MFC after:              3 days
Reviewed by:            mhorne
Approved by:            mhorne (mentor)
Differential Revision:  https://reviews.freebsd.org/D49515

(cherry picked from commit 187d954eab94fdcb33609d91966dbd727acfd720)
DeltaFile
+2-2usr.bin/top/top.1
+1-1usr.bin/top/top.c
+3-32 files

HardenedBSD/src 1fdca2ausr.bin/top top.1 commands.c

top: Polish key bindings in usage and manual

Organize key bindings by ascii(7) for consistency and maintainability,
mark them as Interactive Commands, wordsmith them, and sync their
organization between the manual and help screen.

MFC after:              3 days
PR:                     282734
Fixes:                  c8aa5e526 (move command mapping to commands.c)
Reviewed by:            imp, mhorne, Jim Brown <jpb at jimby.name>
Approved by:            mhorne (mentor)
Differential Revision:  https://reviews.freebsd.org/D49462

(cherry picked from commit 0a85254d5a33800600477ce57fbaab64591aa6ea)
DeltaFile
+92-91usr.bin/top/top.1
+13-13usr.bin/top/commands.c
+105-1042 files

HardenedBSD/src bb9c4deshare/man/man7 hier.7

hier.7: Storage partitions are not filesystems

I recommended the incorrect text to the submitter.

MFC after:              3 days
Fixes:                  f47cbb29e1c2 (Add /dev/gpt)
Reported by:            Mark Millard <marklmi at yahoo.com>
Reviewed by:            imp, mhorne
Approved by:            mhorne (mentor)
Differential Revision:  https://reviews.freebsd.org/D49523

(cherry picked from commit 50296dccddf1a7734be2aef606cd8e0408ee8780)
DeltaFile
+1-1share/man/man7/hier.7
+1-11 files

HardenedBSD/src 18b3e37share/man/man7 hier.7

hier.7: Add /dev/gpt

While here, fix a typo.

MFC after:      3 days
Reviewed by:    mhorne, emaste, ziaee
Approved by:    mhorne (mentor)
Pull Request:   https://github.com/freebsd/freebsd-src/pull/1608

(cherry picked from commit f47cbb29e1c2bcb5b5ad838d2d5342a47b0c4692)
DeltaFile
+3-1share/man/man7/hier.7
+3-11 files

HardenedBSD/src 5637747share/man/man5 src.conf.5

HBSD: Resolve merge conflict

Regen src.conf.5.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+1-5share/man/man5/src.conf.5
+1-51 files

HardenedBSD/src e6c41ealib/libjail jail.c, sys/dev/sound/pcm vchan.c

Merge remote-tracking branch 'internal/freebsd/current/main' into hardened/current/master

Conflicts:
        share/man/man5/src.conf.5 (unresolved)
DeltaFile
+621-0sys/kern/kern_jailmeta.c
+588-0tests/sys/kern/jailmeta.sh
+80-95sys/vm/vm_reserv.c
+79-43sys/kern/kern_rangelock.c
+26-84sys/dev/sound/pcm/vchan.c
+69-15lib/libjail/jail.c
+1,463-23737 files not shown
+1,893-34743 files

HardenedBSD/src 6e76489sys/netinet tcp_pcap.c tcp_pcap.h

tcp: remove support for TCPPCAP

This feature could be used to store the last sent and received TCP
packets for a TCP endpoint. There was no utility to get these packets
from a live system or core.
This functionality is now provided by TCP Black Box Logging, which also
stores additional events. There are tools to get these traces from a
live system or a core.
Therefore remove TCPPCAP to avoid maintaining it, when it is not
used anymore.

Reviewed by:            rrs, rscheff, Peter Lei, glebiu
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D49589
DeltaFile
+0-452sys/netinet/tcp_pcap.c
+0-39sys/netinet/tcp_pcap.h
+0-33sys/netinet/tcp_usrreq.c
+0-24sys/netinet/tcp_subr.c
+0-12sys/netinet/tcp_output.c
+0-7sys/netinet/tcp_input.c
+0-5678 files not shown
+5-58314 files

HardenedBSD/src 1bf4618sys/netpfil/pf pf.c

pf: factor out duplicate code to undo nat

Suggested by:   markj
Reviewed by:    markj
Sponsored by:   Rubicon Communications, LLC ("Netgate")
Differential Revision:  https://reviews.freebsd.org/D49582
DeltaFile
+13-20sys/netpfil/pf/pf.c
+13-201 files

HardenedBSD/src e7995c9sys/net pfvar.h, sys/netpfil/pf pf.c

pf: inline pf_addrcpy()

Make it easier for the compiler to inline this in the many cases where the 'af'
is known at compile time.

Reviewed by:    glebius, markj
Sponsored by:   Rubicon Communications, LLC ("Netgate")
Differential Revision:  https://reviews.freebsd.org/D49581
DeltaFile
+19-0sys/net/pfvar.h
+0-17sys/netpfil/pf/pf.c
+19-172 files

HardenedBSD/src 5924183sys/netpfil/pf pf.c

pf: explicitly NULL state key pointers

After the pf_state_insert() call we may not use these pointers again.
Explicitly NULL them to ensure we don't.
Also NULL them out if we free the keys directly.

Reviewed by:    glebius, markj
MFC after:      3 weeks
Sponsored by:   Rubicon Communications, LLC ("Netgate")
Differential Revision:  https://reviews.freebsd.org/D49553
DeltaFile
+4-0sys/netpfil/pf/pf.c
+4-01 files