HardenedBSD/hardenedbsd a906febsys/vm vm_unix.c

HBSD: Resolve merge conflict

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+0-5sys/vm/vm_unix.c
+0-51 files

HardenedBSD/hardenedbsd 887d9e4lib/libcasper/services/cap_sysctl cap_sysctl.c cap_sysctl.3, lib/libcasper/services/cap_sysctl/tests sysctl_test.c

Merge remote-tracking branch 'origin/freebsd/current/master' into hardened/current/master

Conflicts:
        sys/vm/vm_unix.c (unresolved)

HardenedBSD/hardenedbsd f613ee8lib/libjail jail_getid.c, sbin/bectl bectl.8

Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master

* freebsd/12-stable/master:
  MFC r348215, r348219: fix bectl(8) jail w/ numeric BE names
  MFC r348127: bectl(8): add description for create subcommand

HardenedBSD/hardenedbsd 5ce222flib/libjail jail_getid.c, sbin/bectl/tests bectl_test.sh

MFC r348215, r348219: fix bectl(8) jail w/ numeric BE names

r348215:
jail_getid(3): validate jid string input

Currently, if jail_getid(3) is passed in a numeric string, it assumes that
this is a jid string and passes it back converted to an int without checking
that it's a valid/existing jid. This breaks consumers that might use
jail_getid(3) to see if it can trivially grab a jid from a name if that name
happens to be numeric but not actually the name/jid of the jail. Instead of
returning -1 for the jail not existing, it'll return the int version of the
input and the consumer will not fallback to trying other methods.

Pass the numeric input to jail_get(2) as the jid for validation, rather than
the name. This works well- the kernel enforces that jid=name if name is
numeric, so doing the safe thing and checking numeric input as a jid will
still DTRT based on the description of jail_getid.

r348219:
bectl(8): Add a test for jail/unjail of numeric BE names

Fixed by r348215, bectl ujail first attempts the trivial fetch of a jid by
passing the first argument to 'ujail' to jail_getid(3) in case a jid/name
have been passed in instead of a BE name. For numerically named BEs, this
was doing the wrong thing: instead of failing to locate the jid specified

    [6 lines not shown]

HardenedBSD/hardenedbsd 86aa1basbin/bectl bectl.8

MFC r348127: bectl(8): add description for create subcommand

In commit r345845, a portion of documentation for the create subcommand was
removed. Specifically, for creating a snapshot of an existing boot
environment. bectl even has a test-case for this functionality.

Removing the sub-command description was discussed in PR 235850.

This patch brings back the second "create" description that was originally
in place. Albeit, with a few wording/clarifying changes.
DeltaFile
+15-1sbin/bectl/bectl.8
+15-11 files

HardenedBSD/hardenedbsd d91ab44sys/arm64/arm64 nexus.c

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/unstable

* origin/hardened/current/master:
  arm64 nexus: remove incorrect warning

HardenedBSD/hardenedbsd 58a6416sys/arm64/arm64 nexus.c

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  arm64 nexus: remove incorrect warning

HardenedBSD/hardenedbsd fdfda49sys/arm64/arm64 nexus.c

arm64 nexus: remove incorrect warning

acpi_config_intr() will be called when an arm64 system booted with ACPI.
We do the interrupt mapping for ACPI interrupts in nexus_acpi_map_intr()
on arm64, so acpi_config_intr() has to just return success without
printing this error message.

Reviewed by:    andrew
Differential Revision:  https://reviews.freebsd.org/D19432

HardenedBSD/hardenedbsd 5d85acbsys/netinet sctputil.c sctp_usrreq.c

Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master

* freebsd/12-stable/master:
  MFC r347975: Improve input validation for the IPPROTO_SCTP level socket options 
SCTP_CONNECT_X and SCTP_CONNECT_X_DELAYED.

HardenedBSD/hardenedbsd 80b110ccontrib/llvm/lib/CodeGen/SelectionDAG LegalizeVectorTypes.cpp, share/man/man4 ipheth.4

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/unstable

* origin/hardened/current/master:
  When an ACK segment as the third message of the three way handshake is received and 
support for time stamps was negotiated in the SYN/SYNACK exchange, perform the PAWS check 
and only expand the syn cache entry if the check is passed. Without this check, endpoints 
may get stuck on the incomplete queue.
  Pull in r361696 from upstream llvm trunk (by Sanjay Patel):
  ipheth.4: Explain how to manually configure USB tethering on Apple devices
  Fix two errors reported by PVS Studio: V646 Consider inspecting the application's logic. 
 It's possible that 'else' keyword is missing.

HardenedBSD/hardenedbsd d017602contrib/llvm/lib/CodeGen/SelectionDAG LegalizeVectorTypes.cpp, share/man/man4 ipheth.4

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  When an ACK segment as the third message of the three way handshake is received and 
support for time stamps was negotiated in the SYN/SYNACK exchange, perform the PAWS check 
and only expand the syn cache entry if the check is passed. Without this check, endpoints 
may get stuck on the incomplete queue.
  Pull in r361696 from upstream llvm trunk (by Sanjay Patel):
  ipheth.4: Explain how to manually configure USB tethering on Apple devices
  Fix two errors reported by PVS Studio: V646 Consider inspecting the application's logic. 
 It's possible that 'else' keyword is missing.

HardenedBSD/hardenedbsd 6901687sys/netinet tcp_syncache.c

When an ACK segment as the third message of the three way handshake is
received and support for time stamps was negotiated in the SYN/SYNACK
exchange, perform the PAWS check and only expand the syn cache entry if
the check is passed.
Without this check, endpoints may get stuck on the incomplete queue.

Reviewed by:           jtl@
MFC after:             3 days
Sponsored by:          Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D20374

HardenedBSD/hardenedbsd d1bd24esys/netinet sctputil.c sctp_usrreq.c

MFC r347975:
Improve input validation for the IPPROTO_SCTP level socket options
SCTP_CONNECT_X and SCTP_CONNECT_X_DELAYED.

MFC r347976:
Allow sending on demand SCTP HEARTBEATS only in the ESTABLISHED state.
This issue was found by running syzkaller.

HardenedBSD/hardenedbsd b9ba849contrib/llvm/lib/CodeGen/SelectionDAG LegalizeVectorTypes.cpp

Pull in r361696 from upstream llvm trunk (by Sanjay Patel):

  [SelectionDAG] soften assertion when legalizing narrow vector FP ops

  The test based on PR42010:
  https://bugs.llvm.org/show_bug.cgi?id=42010

  ...may show an inaccuracy for PPC's target defs, but we should not be
  so aggressive with an assert here. There's no telling what
  out-of-tree targets look like.

This fixes an assertion when building the graphics/mesa-dri port for
PowerPC64.

Reported by:    Mark Millard <marklmi26-fbsd at yahoo.com>
PR:            238082
MFC after:      3 days

HardenedBSD/hardenedbsd c69673cshare/man/man4 ipheth.4

ipheth.4: Explain how to manually configure USB tethering on Apple devices

Reviewed by:    danfe, hselasky
Approved by:    src (hselasky)
Differential Revision:  https://reviews.freebsd.org/D20353

HardenedBSD/hardenedbsd 3cd9abdsys/dev/ctau ctddk.c, sys/dev/cxgbe t4_main.c

Fix two errors reported by PVS Studio: V646 Consider inspecting the
application's logic.  It's possible that 'else' keyword is missing.

Reviewed by:    gallatin, np, pfg
Approved by:    pfg
Differential Revision:  https://reviews.freebsd.org/D20396

HardenedBSD/hardenedbsd 9662c25sys/i386/i386 pmap.c, sys/netpfil/pf pf.c

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/unstable

* origin/hardened/current/master:
  Remove an uneeded indentation introduced in r223637 to silence gcc warnging
  Remove pmap_pid_dump() from the i386 pmap.

HardenedBSD/hardenedbsd 3400757sys/i386/i386 pmap.c, sys/netpfil/pf pf.c

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  Remove an uneeded indentation introduced in r223637 to silence gcc warnging
  Remove pmap_pid_dump() from the i386 pmap.

HardenedBSD/hardenedbsd e8c008ashare/man/man5 devfs.conf.5, usr.sbin/pw pw_user.c

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/unstable

* origin/hardened/current/master:
  Remove an uneeded indentation introduced in r286196 to silence gcc warnging
  We don't really need two entries to describe how to deal with optical drives in 
devfs.conf(5).

HardenedBSD/hardenedbsd c86f984share/man/man5 devfs.conf.5, usr.sbin/pw pw_user.c

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  Remove an uneeded indentation introduced in r286196 to silence gcc warnging
  We don't really need two entries to describe how to deal with optical drives in 
devfs.conf(5).

HardenedBSD/hardenedbsd 2de191fsys/netpfil/pf pf.c

Remove an uneeded indentation introduced in r223637 to silence gcc warnging

MFC after:      3 days
Sponsored by:   The FreeBSD Foundation

HardenedBSD/hardenedbsd 2bf2d89sys/i386/i386 pmap.c

Remove pmap_pid_dump() from the i386 pmap.

It has not been compilable in a long time and doesn't seem very useful.

Suggested by:   kib
MFC after:      1 week
DeltaFile
+0-61sys/i386/i386/pmap.c
+0-611 files

HardenedBSD/hardenedbsd d647770sys/compat/lindebugfs lindebugfs.c, sys/compat/linuxkpi/common/include/linux seq_file.h debugfs.h

Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master

* freebsd/12-stable/master:
  LinuxKPI: Revert MFC of r347892
  MFC r344385: PFS: Bump NAMELEN and don't require clients to be sleepable
  MFC r344384: Add non-sleepable strdup variant strdup_flags
  MFC r347892: LinuxKPI: Finalize import of seq_file.
  MFC r344486: Change seq_read to seq_load to avoid namespace conflicts with lkpi
  LinuxKPI: Register new linuxkpi and lindebugfs source files.
  MFC r344485: import linux debugfs support

HardenedBSD/hardenedbsd b7a1c75usr.sbin/pw pw_user.c

Remove an uneeded indentation introduced in r286196 to silence gcc warnging

MFC after:      3 days
Sponsored by:   The FreeBSD Foundation

HardenedBSD/hardenedbsd c070a13sys/compat/linuxkpi/common/include/linux seq_file.h, sys/modules/linuxkpi Makefile

LinuxKPI: Revert MFC of r347892

Revert until we can figure out how to keep compatibility with drm-kmod
ports between 12.0 and 12-STABLE/12.1.

HardenedBSD/hardenedbsd d144ab7sys/fs/pseudofs pseudofs.c pseudofs.h

MFC r344385:
PFS: Bump NAMELEN and don't require clients to be sleepable

- debugfs consumers expect to be able to export names more than 48 characters

- debugfs consumers expect to be able to hold locks across calls and are able
  to handle allocation failures

Reviewed by:    hps@
Sponsored by:   iX Systems
Differential Revision:  https://reviews.freebsd.org/D19256

HardenedBSD/hardenedbsd 2b18cbcsys/libkern strdup.c, sys/sys libkern.h

MFC r344384:
Add non-sleepable strdup variant strdup_flags

debugfs expects to do non-sleepable allocations

Reviewed by:    hps@
Sponsored by:   iX Systems
Differential Revision:  https://reviews.freebsd.org/D19259

HardenedBSD/hardenedbsd 3e5e614sys/compat/linuxkpi/common/include/linux seq_file.h, sys/modules/linuxkpi Makefile

MFC r347892:
LinuxKPI: Finalize import of seq_file.

seq_file.h and linux_seq_file.c was imported form ports earlier but
linux_seq_file.c was never compiled in with the module. With this
commit base seq_file will replace ports seq_file and it required a
few modifications to not break functionality and build.

Reviewed by:    hps
Approved by:    imp (mentor), hps

HardenedBSD/hardenedbsd bffcda4sys/kern kern_descrip.c, sys/sys seq.h

MFC r344486:
Change seq_read to seq_load to avoid namespace conflicts with lkpi

Sponsored by:   iX Systems

HardenedBSD/hardenedbsd f48c8d9sys/conf files

LinuxKPI: Register new linuxkpi and lindebugfs source files.

This change is a partial MFC of r344487.

Reviewed by:    hps
Approved by:    imp (mentor), hps
Obtained from:  mmacy
DeltaFile
+5-0sys/conf/files
+5-01 files

HardenedBSD/hardenedbsd fb61027share/man/man5 devfs.conf.5

We don't really need two entries to describe how to deal with
optical drives in devfs.conf(5).

MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation

HardenedBSD/hardenedbsd 3c765aasys/compat/lindebugfs lindebugfs.c, sys/compat/linuxkpi/common/include/linux seq_file.h debugfs.h

MFC r344485:
import linux debugfs support

Reviewed by:    hps@
Sponsored by:   iX Systems
Differential Revision:  https://reviews.freebsd.org/D19258

HardenedBSD/hardenedbsd 6eb0550sys/amd64/vmm vmm.c vmm_dev.c, sys/amd64/vmm/amd svm.c

Merge remote-tracking branch 'origin/hardened/11-stable/master' into 
hardened/11-stable/unstable

* origin/hardened/11-stable/master:
  MFC: r346714: Add accessor function for vm->maxcpus
  MFC: r346717: Make bhyve SMBIOS table topology aware

HardenedBSD/hardenedbsd b3639absys/amd64/vmm vmm.c vmm_dev.c, sys/amd64/vmm/intel vmx.c

Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

* freebsd/11-stable/master:
  MFC: r346714: Add accessor function for vm->maxcpus
  MFC: r346717: Make bhyve SMBIOS table topology aware

HardenedBSD/hardenedbsd 26e8a3alibexec/bootpd bootpd.c, sys/conf files.amd64

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/unstable

* origin/hardened/current/master:
  Correctly align usage: output
  Add an AESNI-optimized version of the CCM/CBC cryptographic and authentication code.  
The primary client of this is probably going to be ZFS encryption.

HardenedBSD/hardenedbsd 3b3da06libexec/bootpd bootpd.c, sys/conf files.amd64

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  Correctly align usage: output
  Add an AESNI-optimized version of the CCM/CBC cryptographic and authentication code.  
The primary client of this is probably going to be ZFS encryption.

HardenedBSD/hardenedbsd ed66cf9sys/amd64/vmm vmm.c vmm_dev.c, sys/amd64/vmm/amd svm.c

MFC: r346714: Add accessor function for vm->maxcpus

Replace most VM_MAXCPU constant useses with an accessor function to
vm->maxcpus which for now is initialized and kept at the value of
VM_MAXCPUS.

This is a rework of Fabian Freyer (fabian.freyer_physik.tu-berlin.de)
work from D10070 to adjust it for the cpu topology changes that
occured in r332298

Approved by:           re (kib)

HardenedBSD/hardenedbsd 4616fcdlibexec/bootpd bootpd.c

Correctly align usage: output

HardenedBSD/hardenedbsd fa58253usr.sbin/bhyve smbiostbl.c bhyverun.h

MFC: r346717: Make bhyve SMBIOS table topology aware

When the CPU Topology was added to bhyve in r332298 the SMBIOS table was
missed, this table passes topology information to the system and was still
using the old concept of each vCPU is a socket with 1 core and 1 thread.
This code did not even try to use the old sysctl information to adjust
this data.

Correct that by building a proper SMBios table, mapping the > 254 cases to
0 per the SMBios 2.6 specification that is claimed by the structure.

Approved by:           re (kib)

HardenedBSD/hardenedbsd d0d13d2sys/conf files.i386 files.amd64, sys/crypto/aesni aesni_ccm.c aesni.c

Add an AESNI-optimized version of the CCM/CBC cryptographic and authentication
code.  The primary client of this is probably going to be ZFS encryption.

Reviewed by:    jhb, cem
Sponsored by:   iXsystems Inc, Kithrup Enterprises
Differential Revision:  https://reviews.freebsd.org/D19298

HardenedBSD/hardenedbsd dc066c1sys/dev/virtio/pci virtio_pci.c, sys/geom/nop g_nop.c

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/unstable

* origin/hardened/current/master:
  powerpc64/pmap: Reapply r334235 to OEA64 pmap, clearing HID0_RADIX
  virtio_pci(4): Fix typo in read_ivar method
  When using the destroy option to shut down a nop GEOM module, I/O operations already in 
its queue were not being properly drained. The GEOM framework does the queue draining, but 
the module needs to wait for the draining to happen. The waiting is done by adding a 
g_nop_providergone() function to wait for the I/O operations to finish up. This change is 
similar to change -r345758 made to the memory-disk driver.

HardenedBSD/hardenedbsd 733aa40sys/dev/virtio/pci virtio_pci.c, sys/geom/nop g_nop.c

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  powerpc64/pmap: Reapply r334235 to OEA64 pmap, clearing HID0_RADIX
  virtio_pci(4): Fix typo in read_ivar method
  When using the destroy option to shut down a nop GEOM module, I/O operations already in 
its queue were not being properly drained. The GEOM framework does the queue draining, but 
the module needs to wait for the draining to happen. The waiting is done by adding a 
g_nop_providergone() function to wait for the I/O operations to finish up. This change is 
similar to change -r345758 made to the memory-disk driver.

HardenedBSD/hardenedbsd b50a1f8contrib/zlib deflate.c zlib.h, sys/contrib/zlib deflate.c zlib.h

Merge remote-tracking branch 'origin/hardened/11-stable/master' into 
hardened/11-stable/unstable

* origin/hardened/11-stable/master:
  MFC r347244:
  MFC of 348074

HardenedBSD/hardenedbsd b8fe78acontrib/zlib deflate.c zlib.h, sys/contrib/zlib deflate.c zlib.h

Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

* freebsd/11-stable/master:
  MFC r347244:
  MFC of 348074

HardenedBSD/hardenedbsd adb9054sys/powerpc/aim moea64_native.c

powerpc64/pmap: Reapply r334235 to OEA64 pmap, clearing HID0_RADIX

This was lost in the re-merger of ISA3 MMU into moea64_native.

HardenedBSD/hardenedbsd 9b8705asbin/fsck_ffs dir.c

Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master

* freebsd/12-stable/master:
  MFC of 348074
DeltaFile
+106-101sbin/fsck_ffs/dir.c
+106-1011 files

HardenedBSD/hardenedbsd 5b32304sys/dev/virtio/pci virtio_pci.c

virtio_pci(4): Fix typo in read_ivar method

Prior to this revision, vtpci's BUS_READ_IVAR method on VIRTIO_IVAR_SUBVENDOR
accidentally returned the PCI subdevice.

The typo seems to have been introduced with the original commit adding
VIRTIO_IVAR_{{SUB,}DEVICE,{SUB,}VENDOR} to virtio_pci.  The commit log and code
strongly suggest that the ivar was intended to return the subvendor rather than
the subdevice; it was likely just a copy/paste mistake.

Go ahead and rectify that.

HardenedBSD/hardenedbsd 59b235dcontrib/zlib deflate.c zlib.h, sys/contrib/zlib deflate.c zlib.h

MFC r347244:

Move contrib/zlib to sys/contrib/zlib so that we can use it in kernel.
This is a prerequisite of unifying kernel zlib instances.

Submitted by:   Yoshihiro Ota <ota at j.email.ne.jp>
Approved by:    re (kib)

HardenedBSD/hardenedbsd 5b110c1sys/dev/cxgbe t4_sge.c, sys/net if_lagg.c if_vlan.c

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/unstable

* origin/hardened/current/master:
  Fix too loose assert in pmap_large_unmap().
  Add PG_PS_PDP_FRAME symbol.
  Disable intr_storm_threshold mechanism by default
  Restructure mbuf send tags to provide stronger guarantees.
  Add initial support for 'qSupported' to the debug server.
  HBSD: Enable NUMA by default on arm64
  Remove "struct ucred*" argument from vtruncbuf
  Add snd_hda(4) to GENERIC64 used by powerpc64.
  ficl pfopen: verify file
  Make options MD_ROOT_MEM default on PPC64

HardenedBSD/hardenedbsd e21ef45sys/dev/cxgbe t4_sge.c, sys/net if_lagg.c if_vlan.c

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  Fix too loose assert in pmap_large_unmap().
  Add PG_PS_PDP_FRAME symbol.
  Disable intr_storm_threshold mechanism by default
  Restructure mbuf send tags to provide stronger guarantees.
  Add initial support for 'qSupported' to the debug server.
  Remove "struct ucred*" argument from vtruncbuf
  Add snd_hda(4) to GENERIC64 used by powerpc64.
  ficl pfopen: verify file
  Make options MD_ROOT_MEM default on PPC64