HardenedBSD/src 04a0523lib/libc/aarch64 static_tls.h, lib/libc/amd64 static_tls.h

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+78-9share/man/man4/linprocfs.4
+0-46lib/libc/riscv/static_tls.h
+0-45lib/libc/arm/static_tls.h
+0-44lib/libthr/arch/powerpc/include/pthread_tls.h
+0-44lib/libc/aarch64/static_tls.h
+0-44lib/libc/amd64/static_tls.h
+78-23227 files not shown
+176-66833 files

HardenedBSD/src 4adb40dlib/libc/aarch64 static_tls.h, lib/libc/amd64 static_tls.h

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+78-9share/man/man4/linprocfs.4
+0-46lib/libc/riscv/static_tls.h
+0-45lib/libc/arm/static_tls.h
+0-44lib/libthr/arch/riscv/include/pthread_tls.h
+0-44lib/libc/aarch64/static_tls.h
+0-44lib/libc/amd64/static_tls.h
+78-23227 files not shown
+176-66833 files

HardenedBSD/src 18378efcrypto/openssl/crypto/http http_client.c

OSSL_HTTP_get(): Reset redirection_url in each iteration

Also remove some dead assignments.

Obtained from:  openssl (e78c8b791c0e03e750ef7196bc7bfee8e5bd00a0)

MFC after:      2 weeks
Requested by:   Phillip Sabatino
Sponsored by:   Dell, Inc.
DeltaFile
+7-7crypto/openssl/crypto/http/http_client.c
+7-71 files

HardenedBSD/src 48fd084libexec/rtld-elf rtld.c rtld.h

rtld-elf: Pass TCB to allocate_module_tls to avoid re-getting

The only caller already has the current TCB to hand, so just pass it
down rather than get it again. This also makes it clear in the caller
that it depends on the (current) TCB, rather than being storage that
could be assigned to any thread (concurrency issues aside).

Reviewed by:    kib
Differential Revision:  https://reviews.freebsd.org/D50594
DeltaFile
+4-4libexec/rtld-elf/rtld.c
+1-1libexec/rtld-elf/rtld.h
+5-52 files

HardenedBSD/src 250b2edlib/libc/amd64 static_tls.h, lib/libc/arm static_tls.h

libc, libthr: Ditch MD __pthread_distribute_static_tls helpers

_libc_get_static_tls_base() is just _tcb_get() followed by adding (for
Variant I) or subtracting (for Variant II) the offset, so just inline
that as the implementation (like we do in rtld-elf) rather than having
another copy (or equivalent) of _tcb_get()'s assembly.

_get_static_tls_base() doesn't even have any MD assembly as it's
reading thr->tcb, the only difference is whether to add or subtract, so
again just inline that.

Whilst here add some missing blank lines to comply with style(9) for
elf_utils.c's includes, and use a pointer type rather than uintptr_t to
reduce the need to cast, as is done in rtld-elf.

Reviewed by:    kib
Differential Revision:  https://reviews.freebsd.org/D50592
DeltaFile
+0-46lib/libc/riscv/static_tls.h
+0-45lib/libc/arm/static_tls.h
+0-44lib/libc/amd64/static_tls.h
+0-44lib/libc/i386/static_tls.h
+0-44lib/libc/powerpc/static_tls.h
+0-44lib/libc/powerpc64/static_tls.h
+0-2679 files not shown
+28-58915 files

HardenedBSD/src 960f40blibexec/rtld-elf rtld.c, libexec/rtld-elf/aarch64 reloc.c

rtld-elf: Pass struct tcb * around rather than struct dtv **

When this code was first written we didn't have even a struct tcb, so to
make it MI a pointer to the DTV pointer in the TCB was passed around.
Now that we have a struct tcb we can simplify the code by instead
passing around a pointer to that, and the MI code can access the tcb_dtv
member wherever it happens to be in the layout. This reduces boilerplate
in all the various callers of tls_get_addr_common/slow and makes it
clearer that tls_get_addr_common/slow are operating on the TCB, rather
than obfuscating it slightly through the double pointer.

Whilst here, clarify the comments in aarch64's TLSDESC dynamic resolver,
which were using tp without clarifying what this was for (previously a
pointer to the DTV pointer, now a pointer to the TCB, which happen to be
the same thing for Variant I TLS, and in the case of AArch64 are what
TPIDR_EL0 point to directly, with no offset/bias).

Reviewed by:    kib
Differential Revision:  https://reviews.freebsd.org/D50591
DeltaFile
+8-11libexec/rtld-elf/rtld.c
+2-8libexec/rtld-elf/i386/reloc.c
+1-4libexec/rtld-elf/powerpc/reloc.c
+1-4libexec/rtld-elf/powerpc64/reloc.c
+1-4libexec/rtld-elf/riscv/reloc.c
+1-4libexec/rtld-elf/aarch64/reloc.c
+14-354 files not shown
+19-4610 files

HardenedBSD/src 1d193b1share/man/man4 linprocfs.4

Update linprocfs.4

Add documentation for missing files and directories.
Also reorganize a bit.

Approved by:            gbe@, ziaee@ (manpages)
Differential Revision:  https://reviews.freebsd.org/D50408
DeltaFile
+78-9share/man/man4/linprocfs.4
+78-91 files

HardenedBSD/src 9997693sys/kern sys_process.c

PT_CONTINUE: undo transparent attach consequences

PR:     287050
Reported and tested by: Paul Floyd <pjfloyd at wanadoo.fr>
Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D50556
DeltaFile
+22-0sys/kern/sys_process.c
+22-01 files

HardenedBSD/src def0c05sys/kern sys_process.c

PT_CONTINUE: if pc is set, mark the thread state as modified by user

Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differrential revision: https://reviews.freebsd.org/D50556
DeltaFile
+1-0sys/kern/sys_process.c
+1-01 files

HardenedBSD/src b57eb80sys/kern kern_sig.c, sys/sys signalvar.h

kern_sig.c: make pt_attach_transparent global

Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differrential revision: https://reviews.freebsd.org/D50556
DeltaFile
+1-1sys/kern/kern_sig.c
+1-0sys/sys/signalvar.h
+2-12 files

HardenedBSD/src 58b2bd3sys/sys namei.h

namei: clear internal flags in NDREINIT()

same as it is done for NDRESTART()

Fixes:  e05e33041c252
Reported and tested by: pho
Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
DeltaFile
+1-0sys/sys/namei.h
+1-01 files

HardenedBSD/src 82c41c9sys/dev/usb/net if_umb.c

umb: avoid wild pointer dereference in umb_decap()

When processing messages produced by the USB device, umb_decap() trusts
ptroff and later dlen and doff with pointer arithmetic, without
sufficient sanity checks. The resulting pointer address may be outside
of the valid boundary, causing the wrong memory to be copied or a page
fault.

This fix from Gerhard Roth was obtained after coordination upstream with
OpenBSD. It converts the variables to 64-bit integers, which should
mitigate the risk of overflows.

PR:             284920
Reported by:    Robert Morris <rtm at lcs.mit.edu>
Approved by:    philip (mentor)
Sponsored by:   The FreeBSD Foundation
DeltaFile
+4-2sys/dev/usb/net/if_umb.c
+4-21 files

HardenedBSD/src 152bb8esys/dev/usb/net if_umb.c

umb: avoid buffer overflow in umb_getinfobuf()

umb_getinfobuf() is called with offs and size taken from messages sent
by the USB device. The sanity check is not sufficient, due to a possible
integer wrap. This can allow a broken or malicious USB device, or
possibly the network operator, to cause a buffer overflow.

This fix from Gerhard Roth was obtained after coordination upstream with
OpenBSD. It converts the variables to 64-bit integers, which should
mitigate the risk of overflows.

PR:             284906
Reported by:    Robert Morris <rtm at lcs.mit.edu>
Approved by:    philip (mentor)
Sponsored by:   The FreeBSD Foundation
DeltaFile
+2-3sys/dev/usb/net/if_umb.c
+2-31 files

HardenedBSD/src 5ed36e2sys/dev/usb/net if_umb.c

umb: avoid buffer overflow in umb_in_len2mask()

len comes from ipv4elem.prefixlen in a MBIM_CID_IP_CONFIGURATION message
from the USB device, and should not be trusted, as it could be any
uint32_t value. Without this extra check, a potential buffer overflow
could subsequently occur in umb_in_len2mask().

Fix from Gerhard Roth, after coordination upstream with OpenBSD.

PR:             284904
Reported by:    Robert Morris <rtm at lcs.mit.edu>
Approved by:    philip (mentor)
Sponsored by:   The FreeBSD Foundation
DeltaFile
+2-1sys/dev/usb/net/if_umb.c
+2-11 files

HardenedBSD/src 0ddcecfsbin/pfctl pfctl.c, sys/dev/sound dummy.c

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+34-56sbin/pfctl/pfctl.c
+29-38sys/dev/sound/pcm/sound.c
+19-14sys/dev/sound/pcm/dsp.c
+15-2sys/dev/sound/dummy.c
+2-2tests/sys/netpfil/pf/sctp.sh
+0-3sys/net/pfvar.h
+99-1154 files not shown
+103-11510 files

HardenedBSD/src ab1ca98sbin/pfctl pfctl.c, sys/dev/sound dummy.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+34-56sbin/pfctl/pfctl.c
+29-38sys/dev/sound/pcm/sound.c
+19-14sys/dev/sound/pcm/dsp.c
+15-2sys/dev/sound/dummy.c
+2-2tests/sys/netpfil/pf/sctp.sh
+0-3sys/net/pfvar.h
+99-1154 files not shown
+103-11510 files

HardenedBSD/src 7f81f87sys/netpfil/pf pf_norm.c

pf: remove unused 'dir' argument in pf_reassemble()

pf_reassemble() only uses it to pass to pf_ip2key(), which also does not use it.

Sponsored by:   Rubicon Communications, LLC ("Netgate")
DeltaFile
+5-5sys/netpfil/pf/pf_norm.c
+5-51 files

HardenedBSD/src f6430bcsys/dev/sound/pcm dsp.c

sound: Terminate stream properly when closing vchans

When a channel is closed, dsp_close() either calls vchan_destroy() on vchans,
or chn_abort()/chn_flush() on primary channels. However, the problem with this
is that, when closing a vchan, we end up not terminating the stream properly.

The call sequence we are interested in is the following:

        vchan_destroy(vchan) -> chn_kill(vchan) -> chn_trigger(vchan) ->
        vchan_trigger(vchan) -> chn_notify(parent)

Even though chn_notify() contains codepaths which call chn_abort(parent),
apparently we do not execute any of those codepaths in this case, so the
DMA remains unterminated, hence why we keep seeing the primary
channel(s) being interrupted even once the application has exited:

root at freebsd:~ # sndctl interrupts
dsp0.play.0.interrupts=1139
dsp0.record.0.interrupts=0

    [106 lines not shown]
DeltaFile
+19-14sys/dev/sound/pcm/dsp.c
+19-141 files

HardenedBSD/src 0432b21sys/dev/sound dummy.c

snd_dummy: Make callout stopping more robust

If the callout gets rescheduled during detach, we might access freed
pcm_channel resources in dummy_chan_io(), which will cause a panic
similar to this:

panic: ASan: Invalid access, 8-byte read at 0xfffffe00479f65d8, UMAUseAfterFree(fd)
cpuid = 1
time = 1747433047
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xa5/frame 0xfffffe0046a8d730
kdb_backtrace() at kdb_backtrace+0xc6/frame 0xfffffe0046a8d890
vpanic() at vpanic+0x226/frame 0xfffffe0046a8da30
panic() at panic+0xb5/frame 0xfffffe0046a8db00
kasan_code_name() at kasan_code_name/frame 0xfffffe0046a8dbd0
__mtx_lock_flags() at __mtx_lock_flags+0xd3/frame 0xfffffe0046a8dcc0
chn_intr() at chn_intr+0x3d/frame 0xfffffe0046a8dce0
dummy_chan_io() at dummy_chan_io+0x9c/frame 0xfffffe0046a8dd10
softclock_call_cc() at softclock_call_cc+0x2bb/frame 0xfffffe0046a8de80

    [6 lines not shown]
DeltaFile
+15-2sys/dev/sound/dummy.c
+15-21 files

HardenedBSD/src a946852sys/dev/sound/pcm sound.c

sound: Merge pcm_sysinit() with pcm_register()

There is no need for a separate function here. No functional change
intended.

Sponsored by:   The FreeBSD Foundation
MFC after:      1 day
Reviewed by:    adrian, markj
Differential Revision:  https://reviews.freebsd.org/D50409
DeltaFile
+29-38sys/dev/sound/pcm/sound.c
+29-381 files

HardenedBSD/src 781a630sys/arm/annapurna/alpine alpine_machdep.c, sys/arm/freescale/vybrid vf_machdep.c

Restore #include <sys/devmap.h>

Partial revert https://reviews.freebsd.org/D50017
These files still use devmap_add_entry() and needs sys/devmap.h

Reviewed by: andrew
Approved by: manu (mentor)
Differential revision: https://reviews.freebsd.org/D50574
DeltaFile
+1-0sys/arm/annapurna/alpine/alpine_machdep.c
+1-0sys/arm/freescale/vybrid/vf_machdep.c
+1-0sys/arm/qualcomm/ipq4018_machdep.c
+1-0sys/arm/ti/ti_machdep.c
+4-04 files

HardenedBSD/src 4607299tests/sys/netpfil/pf sctp.sh

pf tests: make sctp:related_icmp test more robust

Send more data (i.e. more than one large packet) to the SCTP server so rtr2
generates more than one ICMP error message.

Sponsored by:   Rubicon Communications, LLC ("Netgate")
DeltaFile
+2-2tests/sys/netpfil/pf/sctp.sh
+2-21 files

HardenedBSD/src dd06ff7sbin/pfctl pfctl.c

pfctl: void functions discarding ret values

Transform the following functions (which never return anything other than 0, and
whose return value is never used) to void:
  pfctl_clear_stats, pfctl_get_skip_ifaces, pfctl_check_skip_ifaces,
  pfctl_adjust_skip_ifaces, pfctl_clear_interface_flags, pfctl_flush_eth_rules,
  pfctl_flush_rules, pfctl_flush_nat, pfctl_clear_src_nodes,
  pfctl_clear_iface_states, pfctl_kill_src_nodes, pfctl_net_kill_states,
  pfctl_gateway_kill_states, pfctl_label_kill_states, pfctl_id_kill_states and
  pfctl_key_kill_states

Submitted by rain1 (thanks!) with additional credit to:
 - mikeb@ for pointing out we can void all _clear_ functions
 - ghostyy for pointing out all _kill_ functions can be voided

OK tb@, mikeb@

Obtained from:  OpenBSD, awolk <awolk at openbsd.org>, 7363dae4f9
Sponsored by:   Rubicon Communications, LLC ("Netgate")
DeltaFile
+33-55sbin/pfctl/pfctl.c
+33-551 files

HardenedBSD/src 0ad26d4sys/net pfvar.h

pf: remove XXX from the comments marking "holes" in the ioctls

I see very very little value in these comments at all, but the XXX is just wrong
and in the way when looking for real XXXs. phessler agrees

Obtained from:  OpenBSD, henning <henning at openbsd.org>, a44a24888a
Sponsored by:   Rubicon Communications, LLC ("Netgate")
DeltaFile
+0-3sys/net/pfvar.h
+0-31 files

HardenedBSD/src 562b1e7sbin/pfctl pfctl.c

pfctl: fix a comment

Obtained from:  OpenBSD, henning <henning at openbsd.org>, a135ce1ad3
Sponsored by:   Rubicon Communications, LLC ("Netgate")
DeltaFile
+1-1sbin/pfctl/pfctl.c
+1-11 files

HardenedBSD/src c8833f5contrib/ts ts.c ts.1, sys/arm64/arm64 mp_machdep.c

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+337-0tests/sys/kern/tty/test_sti.c
+171-0contrib/ts/ts.c
+133-0tests/sys/kern/jail_lookup_root.c
+112-0contrib/ts/ts.1
+67-36sys/arm64/arm64/mp_machdep.c
+75-0sys/netinet/tcp_usrreq.c
+895-36107 files not shown
+1,517-382113 files

HardenedBSD/src 215ff87lib/libpam/modules/pam_xdg pam_xdg.8, share/man/man4 rtsx.4 axge.4

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+41-0tests/sys/netpfil/pf/utils.py
+20-15sys/netpfil/pf/pf.c
+10-12share/man/man4/rtsx.4
+14-5lib/libpam/modules/pam_xdg/pam_xdg.8
+17-1share/man/man4/axge.4
+1-16tests/sys/netpfil/pf/tcp.py
+103-4920 files not shown
+177-14426 files

HardenedBSD/src 19fb56bcontrib/netbsd-tests/lib/libc/net/getaddrinfo t_getaddrinfo.sh, lib/libc/tests/net/getaddrinfo getaddrinfo.c

Revert "Mark several getaddrinfo tests as XFAIL"

This change was unreviewed and should not have been committed to :main.

This reverts commit 9b37d84c87e69dabc69d818aa4d2fea718bd8b74.
DeltaFile
+0-18contrib/netbsd-tests/lib/libc/net/getaddrinfo/t_getaddrinfo.sh
+0-6lib/libc/tests/net/getaddrinfo/getaddrinfo.c
+0-242 files

HardenedBSD/src 5c6ad1acontrib/libarchive FREEBSD-upgrade

libarchive: update documentation for suggested `git pull`

Replace git:// with https:// . The git:// protocol URL might not be
available, depending on firewall rules, as git:// is commonly blocked by
ISPs.

MFC after:      1 month
Differential Revision:  https://reviews.freebsd.org/D50470
DeltaFile
+1-1contrib/libarchive/FREEBSD-upgrade
+1-11 files

HardenedBSD/src 9b37d84contrib/netbsd-tests/lib/libc/net/getaddrinfo t_getaddrinfo.sh, lib/libc/tests/net/getaddrinfo getaddrinfo.c

Mark several getaddrinfo tests as XFAIL

These tests were recently enabled on main and have failed consistently
since they were enabled.

- lib.libc.net.getaddrinfo.getaddrinfo.basic
- lib.libc.net.getaddrinfo.getaddrinfo.nofamily
- lib.libc.net.getaddrinfo.getaddrinfo_test.basic
- lib.libc.net.getaddrinfo.getaddrinfo_test.empty_servname
- lib.libc.net.getaddrinfo.getaddrinfo_test.sock_raw

Mark them as expected failures so they no longer count as failures in
Jenkins CI.

PR:             285826
MFC with:       5313457780, 0b773a94ab
DeltaFile
+18-0contrib/netbsd-tests/lib/libc/net/getaddrinfo/t_getaddrinfo.sh
+6-0lib/libc/tests/net/getaddrinfo/getaddrinfo.c
+24-02 files