HardenedBSD/src 8b22a37lib/libc/gen directory.3, sbin/nvmecontrol telemetry.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+199-0sys/dev/smartpqi/smartpqi_ioctl.c
+52-38lib/libc/gen/directory.3
+30-38sys/netinet6/ip6_mroute.c
+19-37usr.bin/diff3/diff3.c
+23-15sbin/nvmecontrol/telemetry.c
+6-13usr.bin/diff/pr.c
+329-14136 files not shown
+415-18642 files

HardenedBSD/src 9e0fe12sys/i386/i386 swtch.S

i386: Fix build and remove empty unused macro

When inlining the macro, reg was not substituted with the %ecx argument
previously passed in. One of the definitions was also left behind as an
empty macro.

PR:             292883
Fixes:          377c053a43f3 ("cpu_switch(): unconditionally wait on the blocked mutex transient")
MFC after:      1 week
DeltaFile
+1-3sys/i386/i386/swtch.S
+1-31 files

HardenedBSD/src f7144a9sys/sys sdt.h

sdt: Use the "cc" operand modifier for the address of probes for GCC 15+

This is required for GCC on RISC-V.  The GCC 15 docs claim that "cc" is
similar to "c" except that it "tries harder".

NB: I have not yet found a way to make the DTrace probes compile on
RISC-V with older versions of GCC.

Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D54964
DeltaFile
+4-0sys/sys/sdt.h
+4-01 files

HardenedBSD/src 03d8ac9crypto/heimdal/kdc mit_dump.c

heimdal: Pass the correct pointer to realloc when growing a string buffer

The realloc in my_fgetln was trying to grow the pointer to the string
buffer, not the string buffer itself.

In function 'my_fgetln',
    inlined from 'mit_prop_dump' at crypto/heimdal/kdc/mit_dump.c:156:19:
crypto/heimdal/kdc/mit_dump.c:119:13: error: 'realloc' called on unallocated object 'line' [-Werror=free-nonheap-object]
  119 |         n = realloc(buf, *sz + (*sz >> 1));
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crypto/heimdal/kdc/mit_dump.c: In function 'mit_prop_dump':
crypto/heimdal/kdc/mit_dump.c:139:11: note: declared here
  139 |     char *line = NULL;
      |           ^~~~

Reviewed by:    rmacklem, cy
Fixes:          a93e1b731ae4 ("heimdal-kadmin: Add support for the -f dump option")
Differential Revision:  https://reviews.freebsd.org/D54933
DeltaFile
+1-1crypto/heimdal/kdc/mit_dump.c
+1-11 files

HardenedBSD/src 7f54c65sys/dev/smartpqi smartpqi_ioctl.c smartpqi_defines.h

smartpqi: Update to vendor version 14.4690.0.2008 - 15.2.0.2008

Update to versions:
FreeBSD14 14.4690.2008
FreeBSD15 15.2.0.2008

Included in this update are:
 - Support for new controllers
 - Add code that utilizes the new BIG_IOCTL_Command_struct and allows
   the I/O buffer size for a single passthrough ioctl to be stored as a
   32 bit integer instead of the original 16 bit integer.
 - Update occurrences of Microsemi to Microchip
 - Some format changes including converting comments from C++ to C
   style, remove instances of /* $FreeBSD$ */, and updating copyright
   dates.

Update to versions:
FreeBSD14 14.4690.2008
FreeBSD15 15.2.0.2008

    [22 lines not shown]
DeltaFile
+199-0sys/dev/smartpqi/smartpqi_ioctl.c
+8-3sys/dev/smartpqi/smartpqi_defines.h
+8-1sys/dev/smartpqi/smartpqi_ioctl.h
+6-2sys/dev/smartpqi/smartpqi_controllers.h
+3-1sys/dev/smartpqi/smartpqi_helper.c
+2-2sys/dev/smartpqi/smartpqi_event.c
+226-910 files not shown
+237-1916 files

HardenedBSD/src a45fb94sys/netinet6 ip6_mroute.c

ip6_mroute: Remove an unhelpful comment

ifnets already track if_allmulti() calls in the if_amcount field.  That
field is older than the comment, so I'm not exactly sure what the intent
was; let's just remove it.

MFC after:      2 weeks
Sponsored by:   Stormshield
Sponsored by:   Klara, Inc.
DeltaFile
+0-4sys/netinet6/ip6_mroute.c
+0-41 files

HardenedBSD/src 5bb953bsys/netinet6 ip6_mroute.c

ip6_mroute: Fix the UPCALL_TIMING build

MFC after:      2 weeks
Sponsored by:   Stormshield
Sponsored by:   Klara, Inc.
DeltaFile
+1-1sys/netinet6/ip6_mroute.c
+1-11 files

HardenedBSD/src d0474edlib/libsys socket.2

socket.2: Cross-reference netintro(4)

netintro(4) is a great manual page that provides a basic introduction to
network facilities, I think it is well worth mentioning in the
socket(2).

I also think we can incorporate this reference somewhere in the text as
well, but I'm not sure, maybe the reference in the SEE ALSO section
would be enough.

Reviewed by:    glebius
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D55032
DeltaFile
+2-1lib/libsys/socket.2
+2-11 files

HardenedBSD/src 07940d1tests/atf_python/sys/net vnet.py

atf_python: Run vnet handlers in $HOME

When kyua runs a test, it creates a temp directory and sets $HOME to
point to it.  Tests are run with the cwd set to that temp directory.

When a process attaches to a jail, its cwd is set to the root of the
jail.  Modify atf_python to cd to $HOME instead, so that it's easier for
tests to share files.

Reviewed by:    zlei, ngie
MFC after:      2 weeks
Sponsored by:   Stormshield
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D54971
DeltaFile
+1-0tests/atf_python/sys/net/vnet.py
+1-01 files

HardenedBSD/src b320e89sys/netinet6 ip6_mroute.c

ip6_mroute: Remove an unused constant

No functional change intended.

MFC after:      2 weeks
Sponsored by:   Stormshield
Sponsored by:   Klara, Inc.
DeltaFile
+0-2sys/netinet6/ip6_mroute.c
+0-21 files

HardenedBSD/src b370fccsys/netinet6 ip6_mroute.c

ip6_mroute: Make MF6CFIND a regular function

This is more natural and corresponds more closely to the v4 multicast
routing code.  No functional change intended.

Reviewed by:    glebius
MFC after:      2 weeks
Sponsored by:   Stormshield
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D54983
DeltaFile
+20-25sys/netinet6/ip6_mroute.c
+20-251 files

HardenedBSD/src 7483987sys/netinet ip_mroute.c, sys/netinet6 ip6_mroute.c raw_ip6.c

ip_mroute: Make privilege checking more consistent

- The v6 socket option and ioctl handlers had no privilege checks at
  all.  The socket options, I believe, can only be reached via a raw
  socket, but a jailed root user with a raw socket shouldn't be able to
  configure multicast routing in a non-VNET jail.  The ioctls can only
  be used to fetch stats.
- Delete a bogus comment in X_mrt_ioctl(), one can issue multicast
  routing ioctls against any socket.  Note that the call path is
  soo_ioctl()->rtioctl_fib()->mrt_ioctl().

I think all of the mroute privilege checks should be done within the
ip(6)_mroute code, but let's first make the v4 and v6 modules
consistent.

Reviewed by:    glebius
MFC after:      2 weeks
Sponsored by:   Stormshield
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D54982
DeltaFile
+9-6sys/netinet6/ip6_mroute.c
+6-0sys/netinet6/raw_ip6.c
+0-5sys/netinet/ip_mroute.c
+15-113 files

HardenedBSD/src d030974. ObsoleteFiles.inc

ObsoleteFiles.mk: Remove obsolete MIT KRB5 plugins

Fixes:                  1f9da4793cb1, dd0ec030f8fd
MFC after:              1 week
Differential revision:  https://reviews.freebsd.org/D54780
DeltaFile
+9-0ObsoleteFiles.inc
+9-01 files

HardenedBSD/src 1c00d5alib/libc/gen dirfd.c

libc: Fix missing include

Although not needed on FreeBSD due to namespace pollution, we should
technically #include <stddef.h> to secure a definition of NULL.

Fixes:          5074d5c9845e ("libc: Improve POSIX conformance of dirfd()")
DeltaFile
+1-0lib/libc/gen/dirfd.c
+1-01 files

HardenedBSD/src 4047536usr.bin/diff3 diff3.c

diff3: use pdwait instead of homemade one

MFC After:      3 days
DeltaFile
+19-37usr.bin/diff3/diff3.c
+19-371 files

HardenedBSD/src c479817usr.bin/diff pr.h

diff: remove useless include as kevent is not used anymore

MFC After:      3 days
DeltaFile
+0-2usr.bin/diff/pr.h
+0-21 files

HardenedBSD/src 0ec58e7usr.bin/diff pr.c pr.h

diff: use pdwait(2) instead of homemade one

MFC After:      3 days
Reviewed by:    des
Differential Revision:  https://reviews.freebsd.org/D55053
DeltaFile
+6-13usr.bin/diff/pr.c
+1-2usr.bin/diff/pr.h
+7-152 files

HardenedBSD/src 4d73b07usr.bin/diff diffreg_new.c diff.h

diff: fix support for -l with new diff algorithm

MFC After: 3 days
Reviewed by:    des
Differential Revision:  https://reviews.freebsd.org/D55052
DeltaFile
+7-0usr.bin/diff/diffreg_new.c
+1-0usr.bin/diff/diff.h
+1-0usr.bin/diff/diff.c
+9-03 files

HardenedBSD/src cc7957dlib/libc/gen posix_spawn.c, share/man/man5 src.conf.5

HBSD: Resolve merge conflicts

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+1-13share/man/man5/src.conf.5
+0-9sys/kern/imgact_elf.c
+1-5lib/libc/gen/posix_spawn.c
+0-5share/mk/src.libnames.mk
+0-5share/mk/src.opts.mk
+0-3sys/kern/kern_fork.c
+2-406 files

HardenedBSD/src 5074d5clib/libc/gen directory.3 dirfd.c

libc: Improve POSIX conformance of dirfd()

POSIX states that dirfd() should set errno to EINVAL and return -1 if
dirp does not refer to a valid directory stream.  Our interpretation is
that this applies if dirp is null or the file descriptor associated
with it is negative.

MFC after:      1 week
Sponsored by:   Klara, Inc.
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D55025
DeltaFile
+13-1lib/libc/gen/directory.3
+5-0lib/libc/gen/dirfd.c
+18-12 files

HardenedBSD/src 387ae63lib/libc/gen directory.3 telldir.c

libc: Clean up *dir() code

Fix style nits (mostly whitespace issues) and clean up the manual page.

MFC after:      1 week
Sponsored by:   Klara, Inc.
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D55024
DeltaFile
+40-38lib/libc/gen/directory.3
+2-2lib/libc/gen/telldir.c
+0-3lib/libc/gen/dirfd.c
+0-2lib/libc/gen/scandir.c
+0-1lib/libc/gen/opendir.c
+0-1lib/libc/gen/rewinddir.c
+42-473 files not shown
+43-499 files

HardenedBSD/src ff9fe85sbin/nvmecontrol telemetry.c

nvmecontrol: telemetry-log don't sanity check host generation number

Don't sanity check the host initiated generation number. It's not
necessarily constant between the two log page fetches. nvme-cli doesn't
do this stanity check and it generates a lot of false positives.

Sponsored by:           Netflix
Differential Revision:  https://reviews.freebsd.org/D55018
DeltaFile
+0-10sbin/nvmecontrol/telemetry.c
+0-101 files

HardenedBSD/src 350c123sbin/nvmecontrol telemetry.c nvmecontrol.8

nvmecontrol: telemetry-log --verbose

Add -v / --verbose to report status report since these things can take
minutes to retrieve.

Sponsored by:           Netflix
Differential Revision:  https://reviews.freebsd.org/D55019
DeltaFile
+21-3sbin/nvmecontrol/telemetry.c
+5-1sbin/nvmecontrol/nvmecontrol.8
+26-42 files

HardenedBSD/src 05322eesbin/nvmecontrol telemetry.c

nvmecontrol: Always set the RAE bit on telemetry-log requests

nvme-cli, as well as some vendor scripts, always set the RAE bit of the
GET LOG PAGE request when retrieving telemetry logs to avoid the log
getting reset to something new. Adopt that praactice here (nvme-cli
telemetry-log does have a --rae option, but that just turns on the rae
bit which defaults to being on: there's no way to turn it off).

Sponsored by:           Netflix
Differential Revision:  https://reviews.freebsd.org/D55017
DeltaFile
+2-2sbin/nvmecontrol/telemetry.c
+2-21 files

HardenedBSD/src 54473b9sys/dev/e1000 if_em.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+1-1sys/dev/e1000/if_em.c
+1-11 files

HardenedBSD/src e63ee5fsys/dev/e1000 if_em.c

e1000: Fix setting the promiscuous mode

The variable reg_rctl stores the value read from reg E1000_RCTL. It
may contain bits E1000_RCTL_VFE and E1000_RCTL_CFIEN which control
VLAN hardware filter feature. The promiscuous mode implies all tagged
or untagged packets should be accepted, so the VLAN hardware filter
feature should be disabled when enabling the promiscuous mode.
Calling em_if_vlan_filter_disable() did the task, but later writing
the value of reg_rctl back to the reg E1000_RCTL may restore the
feature.

Move the calling of em_if_vlan_filter_disable() after writing the reg
to fix that.

PR:             292759
Reviewed by:    kbowling
Tested by:      vova at zote.me
Fixes:          2796f7cab107 e1000: Fix up HW vlan ops
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D54973
DeltaFile
+1-1sys/dev/e1000/if_em.c
+1-11 files

HardenedBSD/src 5501ebblib/libc/string bcmp.3, release/scripts pkgbase-stage.lua

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+107-75sys/dev/hwpmc/hwpmc_amd.c
+29-30sys/dev/hwpmc/hwpmc_amd.h
+9-1lib/libc/string/bcmp.3
+8-0sys/dev/ichiic/ig4_pci.c
+3-0release/scripts/pkgbase-stage.lua
+156-1065 files

HardenedBSD/src 6d37c3dlib/libc/string bcmp.3

bcmp(3): update manpage to following the Posix Standard

Reviewed by: glebius
Approved by: glebius (mentor)
Differential Revision: https://reviews.freebsd.org/D52980
DeltaFile
+9-1lib/libc/string/bcmp.3
+9-11 files

HardenedBSD/src 4ddc6e9crypto/openssl FREEBSD-upgrade.md FREEBSD-upgrade, lib/libc/gen posix_spawn.c

Merge remote-tracking branch 'origin/freebsd/15-stable/main' into hardened/15-stable/main

Conflicts:
        lib/libc/gen/posix_spawn.c (unresolved)
        share/man/man5/src.conf.5 (unresolved)
        share/mk/src.libnames.mk (unresolved)
        share/mk/src.opts.mk (unresolved)
        sys/amd64/sgx/sgx_linux.c (deleted)
        sys/kern/imgact_elf.c (unresolved)
        sys/kern/kern_fork.c (unresolved)
DeltaFile
+278-127sys/kern/kern_exit.c
+202-0crypto/openssl/FREEBSD-upgrade.md
+0-122crypto/openssl/FREEBSD-upgrade
+88-21lib/libc/gen/posix_spawn.c
+101-0lib/libsys/i386/pdrfork_thread.S
+71-26sys/kern/kern_fork.c
+740-296179 files not shown
+1,935-735185 files

HardenedBSD/src 49d75d9release/scripts pkgbase-stage.lua

pkgbase-stage.lua: Add '*-jail-dbg' variant to dvd1

- Add *-jail-dbg variant to dvd1 to match the non-jail variant;
- Remove assertion introduced in the previous commit for consistency with existing code.

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1991
DeltaFile
+2-2release/scripts/pkgbase-stage.lua
+2-21 files