HardenedBSD/hardenedbsd a906febsys/vm vm_unix.c

HBSD: Resolve merge conflict

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+0-5sys/vm/vm_unix.c
+0-51 files

HardenedBSD/hardenedbsd 887d9e4lib/libcasper/services/cap_sysctl cap_sysctl.c cap_sysctl.3, lib/libcasper/services/cap_sysctl/tests sysctl_test.c

Merge remote-tracking branch 'origin/freebsd/current/master' into hardened/current/master

Conflicts:
        sys/vm/vm_unix.c (unresolved)

HardenedBSD/hardenedbsd 0b86fb3contrib/ipfilter/man ipmon.8, contrib/ipfilter/tools ipmon.c

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  Return a return code scripts might expect. I missed this while reviewing and rewriting a 
patch in PR/238816.
  Update usage() to refect the current state of ipmon.
  Add the ipmon.5 man page.
  Fix a typo.

HardenedBSD/hardenedbsd 792bf48sys/amd64/vmm vmm_instruction_emul.c

Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master

* freebsd/12-stable/master:
  MFC: r347065 (by jhb) Emulate the "ADD reg, r/m" instruction (opcode 03H).

HardenedBSD/hardenedbsd 83060b2contrib/ipfilter/tools ipmon.c

Return a return code scripts might expect. I missed this while
reviewing and rewriting a patch in PR/238816.

PR:            238816
Reported by:    rgrimes@
Pointy hat to:  cy@
MFC after:      1 week
X-MFC with:     r349450

HardenedBSD/hardenedbsd a61d951contrib/ipfilter/tools ipmon.c

Update usage() to refect the current state of ipmon.

PR:            238816
MFC after:      1 week

HardenedBSD/hardenedbsd 5f37c68sbin/ipf/ipmon Makefile, tools/build/mk OptionalObsoleteFiles.inc

Add the ipmon.5 man page.

PR/238816 initially addressed updates to usage() however the PR has
morphed into a shopping list of updates to usage() and man pages.

PR:            238816 (I added to the list during discussion)
MFC after:      1 week

HardenedBSD/hardenedbsd d0c9a0dcontrib/ipfilter/man ipmon.8

Fix a typo.

PR/238816 initially addressed updates to usage() however it has now
become a shopping list of fixes to ipmon man pages and usage().

PR:            238816
MFC after:      3 days

HardenedBSD/hardenedbsd 6a1988dlib/libsecureboot vets.c readfile.c, lib/libsecureboot/openpgp opgp_key.c

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  libsecureboot: allow OpenPGP support to be dormant
  In get_fpcontext32() and set_fpcontext32(), we can't just use memcpy() to copy the VFP 
registers. arvm7 VFP uses 32 64bits fp registers (but those could be used in pairs to make 
16 128bits registers), while aarch64 uses 32 128bits fp registers, so we have to copy the 
value of each register.
  Revert one of the changes from r349323.  Specifically, undo the change that replaced a 
pmap_invalidate_page() with a dsb(ishst) in pmap_enter_quick_locked().  Even though this 
change is in principle correct, I am seeing occasional, spurious bus errors that are only 
reproducible without this pmap_invalidate_page().  (None of adding an isb, "upgrading" the 
dsb to wait on loads as well as stores, or disabling superpage mappings eliminates the bus 
errors.)  Add an XXX comment explaining why the pmap_invalidate_page() is being performed.
  Emulate the "TEST r/m{16,32,64}, imm{16,32,32}" instructions (opcode F7H).
  Free DHCP options with length zero.
  Avoid a divide-by-zero when bad checksum counters overflow.

HardenedBSD/hardenedbsd 10c90a3lib/libsecureboot vets.c readfile.c, lib/libsecureboot/h libsecureboot.h

libsecureboot: allow OpenPGP support to be dormant

Since we can now add OpenPGP trust anchors at runtime,
ensure the latent support is available.

Ensure we do not add duplicate keys to trust store.

Also allow reporting names of trust anchors added/revoked

We only do this for loader and only after initializing trust store.
Thus only changes to initial trust store will be logged.

Reviewed by:    stevek
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D20700

HardenedBSD/hardenedbsd dc912d9sys/amd64/vmm vmm_instruction_emul.c, usr.sbin/bhyve rfb.c

Merge remote-tracking branch 'origin/hardened/11-stable/master' into 
hardened/11-stable/unstable

* origin/hardened/11-stable/master:
  MFC: r347065 (by jhb) Emulate the "ADD reg, r/m" instruction (opcode 03H).
  MFC r349196: Make zlib encoding messages idempotent.

HardenedBSD/hardenedbsd fecbc2esys/amd64/vmm vmm_instruction_emul.c, usr.sbin/bhyve rfb.c

Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

* freebsd/11-stable/master:
  MFC: r347065 (by jhb) Emulate the "ADD reg, r/m" instruction (opcode 03H).
  MFC r349196: Make zlib encoding messages idempotent.

HardenedBSD/hardenedbsd 09c76d4share/man/man4 pwmc.4, sys/arm/allwinner aw_pwm.c

Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master

* freebsd/12-stable/master:
  MFC r349196: Make zlib encoding messages idempotent.
  MFC r343826, r346698, r349057-r349060, r349073-r349077, r349080-r349086, r349088,     
r349091-r349097, r349115, r349119, r349130-r349132, r349143-r349145,     r349164-r349168, 
r349174, r349269-r349273
  MFC r340130, r340134:
  MFC r341268, r342003-r342007, r342087-r342088, r342091

HardenedBSD/hardenedbsd f180571sys/arm64/arm64 freebsd32_machdep.c

In get_fpcontext32() and set_fpcontext32(), we can't just use memcpy() to
copy the VFP registers.
arvm7 VFP uses 32 64bits fp registers (but those could be used in pairs to
make 16 128bits registers), while aarch64 uses 32 128bits fp registers, so
we have to copy the value of each register.

HardenedBSD/hardenedbsd 14c1f92sys/amd64/vmm vmm_instruction_emul.c

MFC: r347065 (by jhb) Emulate the "ADD reg, r/m" instruction (opcode 03H).

OVMF's flash variable storage is using add instructions when indexing
the variable store bootrom location.

HardenedBSD/hardenedbsd c65d8aesys/amd64/vmm vmm_instruction_emul.c

MFC: r347065 (by jhb) Emulate the "ADD reg, r/m" instruction (opcode 03H).

OVMF's flash variable storage is using add instructions when indexing
the variable store bootrom location.

HardenedBSD/hardenedbsd 8646c1fsys/arm64/arm64 pmap.c

Revert one of the changes from r349323.  Specifically, undo the change
that replaced a pmap_invalidate_page() with a dsb(ishst) in
pmap_enter_quick_locked().  Even though this change is in principle
correct, I am seeing occasional, spurious bus errors that are only
reproducible without this pmap_invalidate_page().  (None of adding an
isb, "upgrading" the dsb to wait on loads as well as stores, or
disabling superpage mappings eliminates the bus errors.)  Add an XXX
comment explaining why the pmap_invalidate_page() is being performed.

Discussed with:      andrew, markj

HardenedBSD/hardenedbsd 4195948sys/amd64/vmm vmm_instruction_emul.c

Emulate the "TEST r/m{16,32,64}, imm{16,32,32}" instructions (opcode F7H).

This adds emulation for:
        test r/m16, imm16
        test r/m32, imm32
        test r/m64, imm32 sign-extended to 64

OpenBSD guests compiled with clang 8.0.0 use TEST directly against a
Local APIC register instead of separate read via MOV followed by a
TEST against the register.

PR:            238794
Submitted by:   jhb
Reported by:    Jason Tubnor jason at tubnor.net
Tested by:      Jason Tubnor jason at tubnor.net
Reviewed by:    markj, Patrick Mooney patrick.mooney at joyent.com
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D20755

HardenedBSD/hardenedbsd 27b6247sbin/dhclient options.c

Free DHCP options with length zero.

Otherwise they are leaked, allowing an attacker to trigger memory
exhaustion.

This is options.c rev. 1.70 from OpenBSD.

admbugs:        552
Obtained from:  OpenBSD
MFC after:      3 days

HardenedBSD/hardenedbsd 5df3bbcsbin/dhclient packet.c

Avoid a divide-by-zero when bad checksum counters overflow.

A mixture of IP or UDP packets with valid and invalid checksum could
cause {ip,udp}_packets_bad_checksum to wrap around to 0, resulting
in a division by zero.

This is packet.c rev. 1.27 from OpenBSD.

admbugs:        552
Obtained from:  OpenBSD
MFC after:      3 days

HardenedBSD/hardenedbsd 6599e6econtrib/elftoolchain/elfcopy sections.c, contrib/elftoolchain/libelftc elftc_string_table.c

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  fix up r349428, fix a typo made during "fdt" removal
  Add a return value to vm_page_remove().
  owc_gpiobus: clean / fix up the driver module things
  amd64 pmap: Fix pkru handling in pmap_remove().
  Fix debugging of 32bits arm binaries on arm64.
  libdwarf: Use the cached strtab pointer when reading string attributes.
  elfcopy: Provide a size hint when creating the section string table.
  libelftc: Fix the documented prototype for elftc_string_table_destroy().
  libelftc: Consistently use size_t for string table offsets and sizes.
  libelftc: Micro-optimize string table insertion.
  Remove references to splbio in ffs_softdep.c.
  Fix qlxgbe(4) static build.
  Use rtld_putstr() instead of write() for the rtld msg() macro
  Fix -Wsign-compare warnings in realpath.c
  o In iflib_txq_drain():   - Remove desc_used, which is only ever written to.   - Remove 
a dead store to reclaimed.   - Don't recycle avail.   - Sort variables according to 
style(9).   These changes will make a subsequent commit easier to read. o In 
iflib_tx_credits_update(), don't bother checking whether the   ift_txd_credits_update 
method pointer is NULL; _iflib_pre_assert()   asserts upfront that this method has been 
assigned and functions   like iflib_{fast_intr_rxtx,netmap_timer_adjust,txq_can_drain}()   
and _task_fn_tx() were already unconditionally relying on the   method being callable.
  Only call libusb_hotplug_enumerate() once from libusb_hotplug_register_callback(). Else 
when registering multiple filters the same USB device may appear twice in the list.

HardenedBSD/hardenedbsd f752b20usr.sbin/bhyve rfb.c

MFC r349196:
Make zlib encoding messages idempotent.

PR:     238333

HardenedBSD/hardenedbsd 7cc45d5usr.sbin/bhyve rfb.c

MFC r349196:
Make zlib encoding messages idempotent.

PR:     238333

HardenedBSD/hardenedbsd cfe0b15sys/dev/ow owc_gpiobus.c

fix up r349428, fix a typo made during "fdt" removal

Reported by:    ian
MFC after:      11 days

HardenedBSD/hardenedbsd 8f237dbsys/amd64/sgx sgx.c, sys/dev/drm2/ttm ttm_bo_vm.c

Add a return value to vm_page_remove().

Use it to indicate whether the page may be safely freed following
its removal from the object.  Also change vm_page_remove() to assume
that the page's object pointer is non-NULL, and have callers perform
this check instead.

This is a step towards an implementation of an atomic reference counter
for each physical page structure.

Reviewed by:    alc, dougm, kib
MFC after:      1 week
Sponsored by:   Netflix
Differential Revision:  https://reviews.freebsd.org/D20758

HardenedBSD/hardenedbsd 15be7f3share/man/man4 pwmc.4, sys/arm/ti/am335x am335x_ehrpwm.c

MFC r343826, r346698, r349057-r349060, r349073-r349077, r349080-r349086, r349088,
    r349091-r349097, r349115, r349119, r349130-r349132, r349143-r349145,
    r349164-r349168, r349174, r349269-r349273

r343826 by yuripv:
pwm.8: fix markup in synopsis, add -f description

r346698 by manu:
arm: allwinner: aw_pwm: compile it as module too

r349057:
Allow pwm(9) components to be selected individually, while 'device pwm'
still includes it all.

r349058:
In detach(), check for failure of bus_generic_detach(), only release
resources if they got allocated (because detach() gets called from attach()
to handle various failures), and delete the pwmbus child if it got created.

r349059:
Don't call pwmbus_attach_bus(), because it may not be present if this
driver is compiled into the kernel but pwmbus will be loaded as a module
when needed (and because of that, pwmbus_attach_bus() is going away in
the near future).  Instead, just directly do what that function did:
register the fdt xfef handle, and attach the pwmbus.

    [222 lines not shown]

HardenedBSD/hardenedbsd c68f917sys/dev/ow owc_gpiobus.c

owc_gpiobus: clean / fix up the driver module things

"fdt" is removed from the driver module name as the driver does not
require FDT and can work very well on hints based systems.

A module dependency is added for gpiobus.  Without that owc cannot
resolve symbols in gpiobus if both are loaded as kernel modules.

Finally, a driver module module version is added.

Reviewed by:    imp
MFC after:      11 days

HardenedBSD/hardenedbsd a28460bsys/amd64/amd64 pmap.c

amd64 pmap: Fix pkru handling in pmap_remove().

When pmap_pkru_on_remove() is called, the sva argument value was
advanced.  Clear PKRU earlier when sva still specifies the start of
the region.

Noted and reviewed by:  alc
Sponsored by:   The FreeBSD Foundation
MFC after:      3 days

HardenedBSD/hardenedbsd 4c6e442sys/netpfil/ipfw/nat64 nat64lsn.c

Merge remote-tracking branch 'origin/hardened/11-stable/master' into 
hardened/11-stable/unstable

* origin/hardened/11-stable/master:
  Fix the uninitialized use of source IPv6 address in NAT64LSN.

HardenedBSD/hardenedbsd dff664asys/arm64/arm64 machdep.c

Fix debugging of 32bits arm binaries on arm64.

In set_regs32()/fill_regs32(), we have to get/set SP and LR from/to
tf_x[13] and tf_x[14].
set_regs() and fill_regs() may be called for a 32bits process, if the process
is ptrace'd from a 64bits debugger. So, in set_regs() and fill_regs(), get
or set PC and SPSR from where the debugger expects it, from tf_x[15] and
tf_x[16].

HardenedBSD/hardenedbsd 2b49f96sys/netpfil/ipfw/nat64 nat64lsn.c

Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

* freebsd/11-stable/master:
  Fix the uninitialized use of source IPv6 address in NAT64LSN.

HardenedBSD/hardenedbsd 23c16f8lib/libcapsicum capsicum_helpers.3 capsicum_helpers.h

MFC r340130, r340134:

r340130: (by oshogbo)

libcapsicum: Introduce caph_{rights,ioctls,fcntls}_limit

The idea behind those functions is not to force consumers to remember that there
is a need to check errno on failure. We already have a caph_enter(3) function
which does the same for cap_enter(2).

r340134: (by oshogbo)

Fix a recusive call introduce in the r340130.

HardenedBSD/hardenedbsd 5d0da7acontrib/elftoolchain/libdwarf libdwarf_attr.c

libdwarf: Use the cached strtab pointer when reading string attributes.

Previously we would perform a linear search of the DWARF section
list for ".debug_str".  However, libdwarf always caches a pointer to
the strtab image in its debug descriptor.  Using it gives a modest
performance improvement when iterating over the attributes of each
DIE.

Reviewed by:    emaste
MFC after:      1 week
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D20759

HardenedBSD/hardenedbsd da2dec8contrib/elftoolchain/elfcopy sections.c

elfcopy: Provide a size hint when creating the section string table.

Use the input file's .shstrtab size as the hint if it exists.  This
gives a small performance improvement when processing files with
many sections.

Reviewed by:    emaste
MFC after:      1 week
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D20544

HardenedBSD/hardenedbsd 0385136contrib/elftoolchain/libelftc elftc_string_table_create.3

libelftc: Fix the documented prototype for elftc_string_table_destroy().

MFC after:      1 week
Sponsored by:   The FreeBSD Foundation

HardenedBSD/hardenedbsd 363facecontrib/elftoolchain/libelftc elftc_string_table.c elftc_string_table_create.3

libelftc: Consistently use size_t for string table offsets and sizes.

Reviewed by:    emaste
MFC after:      1 week
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D20702

HardenedBSD/hardenedbsd c98f0e0contrib/elftoolchain/libelftc elftc_string_table.c

libelftc: Micro-optimize string table insertion.

The string's length is already known, so use memcpy() instead of
strcpy() to add it to the string table image.

Reviewed by:    emaste
MFC after:      1 week
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D20760

HardenedBSD/hardenedbsd 944c67fsys/ufs/ffs ffs_softdep.c

Remove references to splbio in ffs_softdep.c.

Assert that the per-mountpoint softdep mutex is held in modified
functions that do not already have this assertion.  No functional
change intended.

Reviewed by:    kib, mckusick (previous version)
MFC after:      1 week
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D20741

HardenedBSD/hardenedbsd 1116825sys/conf files.amd64

Fix qlxgbe(4) static build.

MFC after:      2 weeks

HardenedBSD/hardenedbsd 56e633alibexec/rtld-elf debug.h rtld_printf.h

Use rtld_putstr() instead of write() for the rtld msg() macro

This removes an unnecessary libc dependency from rtld.
See https://reviews.freebsd.org/D20663 for more details.

HardenedBSD/hardenedbsd 7f9d2a2lib/libc/stdlib realpath.c

Fix -Wsign-compare warnings in realpath.c

This is needed in order to build realpath.c as part of rtld.

HardenedBSD/hardenedbsd 03c5114sys/arm/allwinner aw_pwm.c, sys/dev/pwm pwmbus.c pwmc.c

MFC r341268, r342003-r342007, r342087-r342088, r342091

r341268 by manu:
arm64: allwinner: Add a dtbo to have cpu operating points

This enables cpufreq on A64 boards.

r342003 by manu:
Add a pwm subsystem so we can configure pwm controller from kernel and userland.

The pwm subsystem consist of API for PWM controllers, pwmbus to register them
and a pwm(8) utility to talk to them from userland.

Reviewed by:    oshgobo (capsicum), bcr (manpage), 0mp (manpage)
Differential Revision:  https://reviews.freebsd.org/D17938

r342004 by manu:
arm64: allwinner: Add pwm driver

Add a pwm driver for Allwinner PWM
Add pwm and aw_pwm to the GENERIC kernel

r342005 by manu:
arm64: allwinner: Add DTSO for pwm and r_pwm


    [28 lines not shown]

HardenedBSD/hardenedbsd 730b157sys/net iflib.c

o In iflib_txq_drain():
  - Remove desc_used, which is only ever written to.
  - Remove a dead store to reclaimed.
  - Don't recycle avail.
  - Sort variables according to style(9).
  These changes will make a subsequent commit easier to read.
o In iflib_tx_credits_update(), don't bother checking whether the
  ift_txd_credits_update method pointer is NULL; _iflib_pre_assert()
  asserts upfront that this method has been assigned and functions
  like iflib_{fast_intr_rxtx,netmap_timer_adjust,txq_can_drain}()
  and _task_fn_tx() were already unconditionally relying on the
  method being callable.
DeltaFile
+7-12sys/net/iflib.c
+7-121 files

HardenedBSD/hardenedbsd 87144ccsys/netpfil/ipfw/nat64 nat64lsn.c

Fix the uninitialized use of source IPv6 address in NAT64LSN.

This code is already refactored in head/, but due to the missing
epoch(9) support it is impossible to merge. So, it is direct commit to
stable/11.

Reported by:    Patrick M. Hausen <hausen punkt de>
Tested by:      Patrick M. Hausen <hausen punkt de>
MFC after:      3 days

HardenedBSD/hardenedbsd af08991lib/libusb libusb10_hotplug.c libusb10.h, share/man/man4 gpio.4 owc.4

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  Fix support for LIBUSB_HOTPLUG_ENUMERATE in libusb. Currently all devices are enumerated 
regardless of of the LIBUSB_HOTPLUG_ENUMERATE flag. Make sure when the flag is not 
specified no arrival events are generated for currently enumerated devices.
  gpio.4: document device hints common to all devices on gpiobus
  fix up r349406, add missing .El
  owc.4: document how to set up the 1-wire bus on a device.hints system

HardenedBSD/hardenedbsd e698cd2lib/libusb libusb10_hotplug.c

Only call libusb_hotplug_enumerate() once from libusb_hotplug_register_callback().
Else when registering multiple filters the same USB device may appear twice in
the list.

MFC after:      3 days
Sponsored by:   Mellanox Technologies

HardenedBSD/hardenedbsd 57256calib/libusb libusb10_hotplug.c libusb10.h

Fix support for LIBUSB_HOTPLUG_ENUMERATE in libusb. Currently all
devices are enumerated regardless of of the LIBUSB_HOTPLUG_ENUMERATE
flag. Make sure when the flag is not specified no arrival events are
generated for currently enumerated devices.

MFC after:      3 days
Sponsored by:   Mellanox Technologies

HardenedBSD/hardenedbsd 14e63f8share/man/man4 gpio.4

gpio.4: document device hints common to all devices on gpiobus

"at" keyword is documented in device.hints(5) for all buses, but it does
hurt to add another reference to it.
"pins" keyword is specific to gpiobus.
At least these two hints should be configured for any gpiobus device on
a hints based system.

MFC after:      10 days
DeltaFile
+27-2share/man/man4/gpio.4
+27-21 files

HardenedBSD/hardenedbsd c2c8cc0share/man/man4 owc.4

fix up r349406, add missing .El

MFC after:      1 week

HardenedBSD/hardenedbsd b3f68feshare/man/man4 owc.4

owc.4: document how to set up the 1-wire bus on a device.hints system

MFC after:      1 week
DeltaFile
+18-1share/man/man4/owc.4
+18-11 files