HardenedBSD/src f7038edsys/amd64/include cpufunc.h, sys/i386/include cpufunc.h

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+6-20sys/i386/include/cpufunc.h
+6-8sys/amd64/include/cpufunc.h
+5-7tests/sys/netlink/test_rtnl_gre.c
+2-0usr.sbin/fstyp/exfat.c
+2-0usr.sbin/fstyp/fstyp.c
+2-0usr.sbin/fstyp/fstyp.h
+23-3517 files not shown
+55-3723 files

HardenedBSD/src eb7fe9esys/amd64/include cpufunc.h, sys/i386/include cpufunc.h

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+6-20sys/i386/include/cpufunc.h
+6-8sys/amd64/include/cpufunc.h
+5-7tests/sys/netlink/test_rtnl_gre.c
+2-0usr.sbin/fstyp/geli.c
+2-0usr.sbin/fstyp/fstyp.h
+2-0usr.sbin/bhyve/amd64/atkbdc.h
+23-3516 files not shown
+54-3622 files

HardenedBSD/src 32942f8lib/libc/arm/aeabi aeabi_unwind_cpp.c, lib/libsys/arm Makefile.sys

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+6-6lib/libc/arm/aeabi/aeabi_unwind_cpp.c
+5-0lib/libsys/arm/Makefile.sys
+11-62 files

HardenedBSD/src 102fed0share/man/man5 src.conf.5

src.conf.5: Fix "incompatibility" typo

MFC after:      3 days
Reviewed by:    ziaee
Signed-off-by:  Christos Longros <chris.longros at gmail.com>
Closes:         https://github.com/freebsd/freebsd-src/pull/2035
DeltaFile
+1-1share/man/man5/src.conf.5
+1-11 files

HardenedBSD/src 1cb3f59sys/kern kern_shutdown.c

Merge branch 'hardened/current/master___issue72' into 'hardened/current/master'

Harden kernel crashdump interface

See merge request hardenedbsd/HardenedBSD!117
DeltaFile
+1-1sys/kern/kern_shutdown.c
+1-11 files

HardenedBSD/src 49fa007tests/sys/netlink test_rtnl_gre.c

gre tests: Fix gcc warnings on gre netlink tests

Avoid using `snl_add_msg_attr_ip` for now and directly use
`snl_add_msg_attr_ip4` to silence gcc warnings.

Fixes: e1e18cc12e68
Differential Revision: https://reviews.freebsd.org/D54443
DeltaFile
+5-7tests/sys/netlink/test_rtnl_gre.c
+5-71 files

HardenedBSD/src eac62e1lib/libc/arm/aeabi aeabi_unwind_cpp.c

libc/arm: use __builtin_trap() instead of abort() in aeabi_unwind stubs

This avoids a dependency on the abort symbol in libsys.

PR:             292539
Reviewed by:    mmel
Approved by:    markj (mentor)
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D55255

(cherry picked from commit 1782bc9a0a8da2d6aca31b7790981e1980c9e4b9)
DeltaFile
+6-6lib/libc/arm/aeabi/aeabi_unwind_cpp.c
+6-61 files

HardenedBSD/src f16349flib/libsys/arm Makefile.sys

libsys/arm: include ARM EABI unwind bits into libsys

libsys required ARM EABI unwind symbols like __aeabi_unwind_cpp_pr0.
These symbols are normally provided by libc, but if a binary does
not link libc, the symbol ends up not being resolved.

Among other problems, this prevented gcc14 and newer from building
on arm.

Add the relevant symbols as hidden symbols into libsys to avoid this
problem.

(this patch was posted by jrtc27 who has asked me to move it along)

PR:             292539
Tested by:      fuz, Mark Millard <marklmi26-fbsd at yahoo.com>
Reviewed by:    mmel
Approved by:    markj (mentor)
MFC after:      1 week

    [3 lines not shown]
DeltaFile
+5-0lib/libsys/arm/Makefile.sys
+5-01 files

HardenedBSD/src 499d0f0usr.sbin/bhyve/amd64 atkbdc.h

bhyve: Add SPDX-License-Identifier tag

Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
DeltaFile
+2-0usr.sbin/bhyve/amd64/atkbdc.h
+2-01 files

HardenedBSD/src 89d7b30sys/amd64/include cpufunc.h, sys/i386/include cpufunc.h

i386,amd64: Explicitly set ECX=0 in do_cpuid() to be future-proof

In principle, do_cpuid() should only be used for CPUID leaves without
sub-leaves.  Even accessing sub-leaf zero (ECX=0), one must use
cpuid_count(ax, 0) rather than cpuid(ax).

However, one might assume do_cpuid(ax) is equivalent to
cpuid_count(ax, 0), but the old do_cpuid() did not initialize ECX before
executing the CPUID instruction.  If ECX contained a non-zero value, the
instruction could return unexpected results, potentially leading to
subtle and hard-to-debug issues, especially in ported code.

To be future-proof and to help port code, adjust do_cpuid(ax) to be
cpuid_count(ax, 0) to explicitly set ECX=0.

It's believed that this change does not fix any real bugs in FreeBSD.

See also the DragonFly commit:
https://github.com/DragonFlyBSD/DragonFlyBSD/commit/0087a1d163488a57787a9a6431dd94070b1988d4

    [4 lines not shown]
DeltaFile
+6-20sys/i386/include/cpufunc.h
+6-8sys/amd64/include/cpufunc.h
+12-282 files

HardenedBSD/src 836ac98usr.sbin/fstyp hammer_disk.h hfsplus.c

fstyp: Add SPDX-License-Identifier tags

Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
DeltaFile
+2-0usr.sbin/fstyp/hammer_disk.h
+2-0usr.sbin/fstyp/hfsplus.c
+2-0usr.sbin/fstyp/msdosfs.c
+2-0usr.sbin/fstyp/msdosfs.h
+2-0usr.sbin/fstyp/ntfs.c
+2-0usr.sbin/fstyp/ufs.c
+12-011 files not shown
+34-017 files

HardenedBSD/src 4333cf0sys/kern kern_cpu.c, sys/x86/cpufreq hwpstate_amd.c

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+144-54sys/x86/cpufreq/hwpstate_amd.c
+2-6sys/kern/kern_cpu.c
+1-0tests/sys/netlink/test_rtnl_gre.c
+147-603 files

HardenedBSD/src 25d4a9bsys/kern kern_cpu.c, sys/x86/cpufreq hwpstate_amd.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+144-54sys/x86/cpufreq/hwpstate_amd.c
+2-6sys/kern/kern_cpu.c
+1-0tests/sys/netlink/test_rtnl_gre.c
+147-603 files

HardenedBSD/src a709498sys/kern kern_shutdown.c

HBSD: Harden kernel crashdump interface

Previously, anyone on the system (notably a jail's root user) could
successfully call `dumpon -l` and determine which dump device(s) were
configured.

`dumpon -l` uses the sysctl node `kern.shutdown.dumpdevname` as its
comms channel with the kernel for that purpose. (`sysctl kern.shutdown.dumpdevname`
is essentially the same as `dumpon -l` without error handling.)

With this commit we add CTLFLAG_ROOTONLY to that sysctl node, such
that anyone except the root user on the host can access it, ensuring
that `dumpon -l`/`sysctl kern.shutdown.dumpdevname` always fails
inside a jail.
DeltaFile
+1-1sys/kern/kern_shutdown.c
+1-11 files

HardenedBSD/src f1b93fcsys/x86/cpufreq hwpstate_amd.c

hwpstate_amd(4): Fix punctuation in 'desired_performance' knob's description

To be consistent with that of the others.

No functional change.

Sponsored by:   The FreeBSD Foundation
DeltaFile
+1-1sys/x86/cpufreq/hwpstate_amd.c
+1-11 files

HardenedBSD/src b69a396sys/x86/cpufreq hwpstate_amd.c

hwpstate_amd(4): CPPC: Allow attaching even if CAPABILITY_1 cannot be read

If that MSR cannot be read, we fallback to defaults specified by the
ACPI specification, as we are already doing when the minimum and maximum
values in there look bogus.

Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D55252
DeltaFile
+28-17sys/x86/cpufreq/hwpstate_amd.c
+28-171 files

HardenedBSD/src 953b916sys/kern kern_cpu.c

cpufreq(4): cpufreq_levels_sysctl(): Remove always false NULL test

'sc->levels_buf' is initialized with malloc(M_WAITOK), so can never be
NULL.  Another sysctl handler function (cpufreq_curr_sysctl()) already
relies on that.

MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
DeltaFile
+2-6sys/kern/kern_cpu.c
+2-61 files

HardenedBSD/src 80d32a6sys/x86/cpufreq hwpstate_amd.c

hwpstate_amd(4): CPPC: Switch the default to maximum performance

Set controls to maximum performance to avoid regressions now that CPPC
is activated by default and to match what the P-state support does.

Relnotes:       yes
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D55253
DeltaFile
+10-8sys/x86/cpufreq/hwpstate_amd.c
+10-81 files

HardenedBSD/src 7f36d7asys/x86/cpufreq hwpstate_amd.c

hwpstate_amd(4): Consistency of cached CPPC_REQUEST value

If writing to the CPPC_REQUEST MSR fails, make sure we do not set the
softc's 'cppc.request' field to the intended new value.  Both
set_cppc_request_cb() and enable_cppc_cb() were changed to this effect.

In case enable_cppc_cb() could not read CPPC_REQUEST, mark that through
a new softc flag, HWPFL_CPPC_REQUEST_NOT_READ, so that we do not keep
and use a wrong value when the content of CPPC_REQUEST is read/written
through sysctl(9) knobs, but instead retry reading the MSR (this is the
purpose of the new get_cppc_request() sub-function).

When setting CPPC_REQUEST has failed, distinguish the case where it
could not be read at all from the case where it could not be written, by
respectively returning EIO and EOPNOTSUPP in these cases.  The previous
return value of EFAULT was confusing as sysctl(3) documents it as
happening if the passed arguments are invalid.

While here, add some herald comment before sysctl_cppc_dump_handler()

    [5 lines not shown]
DeltaFile
+108-31sys/x86/cpufreq/hwpstate_amd.c
+108-311 files

HardenedBSD/src 1635ba9tests/sys/netlink test_rtnl_gre.c

gre tests: Add required_kmods to gre netlink test

Fixes: e1e18cc12e68
Differential Revision: https://reviews.freebsd.org/D54443
DeltaFile
+1-0tests/sys/netlink/test_rtnl_gre.c
+1-01 files

HardenedBSD/src 785fc3dsys/dev/asmc asmc.c

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+36-21sys/dev/asmc/asmc.c
+36-211 files

HardenedBSD/src c548b4dsys/dev/asmc asmc.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+36-21sys/dev/asmc/asmc.c
+36-211 files

HardenedBSD/src 22c97besys/netpfil/ipfilter/netinet fil.c

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+22-3sys/netpfil/ipfilter/netinet/fil.c
+22-31 files

HardenedBSD/src ef1cde5sys/dev/asmc asmc.c

chore: asmc: use designated initializers in macros

This code cleanup makes it easier for human readers to understand what each
of the fields actually represents, as well as makes it easier to modify
what the macros actually do under the covers, without introducing
potential human errors.

No functional change intended.

MFC after:      1 week
DeltaFile
+33-18sys/dev/asmc/asmc.c
+33-181 files

HardenedBSD/src 90edc16sys/dev/asmc asmc.c

asmc: use symbolic names with the MacPro3,1 model

Use `ASMC_LIGHT_FUNCS_DISABLED` and `ASMC_SMS_FUNCS_DISABLED` instead of
the unrolled versions of the macros.

This makes it easier to adjust the underlying macros/fields for
`struct asmc_model`.

No functional change intended.

MFC after:      1 week
DeltaFile
+2-2sys/dev/asmc/asmc.c
+2-21 files

HardenedBSD/src 7b862cfsys/dev/asmc asmc.c

asmc: use `ASMC_FAN_FUNCS2` with the Macmini4,1

The Macmini4,1 model does not have "fansafespeed" support. This issue
typically manifests with messages like so:

```
asmc0: asmc_key_read for key F0Sf failed 10 times, giving up
```

Swap out `ASMC_FAN_FUNCS` with `ASMC_FAN_FUNCS2` to explicitly drop
"fansafespeed" checks in the driver for the model as it doesn't support
that hardware feature.

MFC after:      1 week
Reported by:    @probonopd
Closes:         https://github.com/helloSystem/ISO/issues/357
DeltaFile
+1-1sys/dev/asmc/asmc.c
+1-11 files

HardenedBSD/src afaf984sys/netpfil/ipfilter/netinet fil.c

ipfilter: Interface name must not extend beyond end of buffer

sifpidx (an interface name) cannot extend beyond the end of the
fr_names buffer.

We do the validation for fr_sifpidx here because it is a union that
contains an offset only when fr_sifpidx points to an interface name,
an offset into fr_names. The union is  an offset into fr_names in this
case only.

interr_tbl now becomes a static variable outside a function to facilitate
its use by two functions within fil.c

Note that sifpidx is only used in ipf_sync() which implments ipf -y.

Reported by:    Ilja Van Sprundel <ivansprundel at ioactive.com>
MFC after:      1 week

(cherry picked from commit 47fb51847fdea3f1cce841b5f2bbbcd6f8a04ee0)
DeltaFile
+21-2sys/netpfil/ipfilter/netinet/fil.c
+21-21 files

HardenedBSD/src dda404esys/netpfil/ipfilter/netinet fil.c

ipfilter: Fix possible overrun

The destination buffer is FR_GROUPLEN (16 bytes) in length. When
gname is created, the userspace utilities correctly use FR_GROUPLEN
as the buffer length. The kernel should also limit its copy operation to
FR_GROUPLEN bytes to avoid any user written code from exploiting this
vulnerability.

Reported by:    Ilja Van Sprundel <ivansprundel at ioactive.com>

(cherry picked from commit e40817302ebdf89df2f3bcd679fb7f2a18c244dc)
DeltaFile
+1-1sys/netpfil/ipfilter/netinet/fil.c
+1-11 files

HardenedBSD/src b4835c8sys/riscv/conf GENERIC, tools/build/mk OptionalObsoleteFiles.inc

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+54-22usr.sbin/bhyve/rfb.c
+17-9usr.sbin/bhyve/usb_mouse.c
+2-2tools/build/mk/OptionalObsoleteFiles.inc
+1-2usr.sbin/syslogd/tests/syslogd_format_test_common.sh
+1-0sys/riscv/conf/GENERIC
+75-355 files

HardenedBSD/src 670ba26sys/riscv/conf GENERIC, tools/build/mk OptionalObsoleteFiles.inc

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+54-22usr.sbin/bhyve/rfb.c
+17-9usr.sbin/bhyve/usb_mouse.c
+2-2tools/build/mk/OptionalObsoleteFiles.inc
+1-2usr.sbin/syslogd/tests/syslogd_format_test_common.sh
+1-0sys/riscv/conf/GENERIC
+75-355 files