HardenedBSD/hardenedbsd a906febsys/vm vm_unix.c

HBSD: Resolve merge conflict

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+0-5sys/vm/vm_unix.c
+0-51 files

HardenedBSD/hardenedbsd 887d9e4lib/libcasper/services/cap_sysctl cap_sysctl.c cap_sysctl.3, lib/libcasper/services/cap_sysctl/tests sysctl_test.c

Merge remote-tracking branch 'origin/freebsd/current/master' into hardened/current/master

Conflicts:
        sys/vm/vm_unix.c (unresolved)

HardenedBSD/hardenedbsd bba7d13sys/dev/netmap netmap_freebsd.c netmap_generic.c

Merge remote-tracking branch 'origin/hardened/11-stable/master' into 
hardened/11-stable/unstable

* origin/hardened/11-stable/master:
  MFC r349581
  MFC r349966

HardenedBSD/hardenedbsd 66db4e1sys/dev/netmap netmap_generic.c netmap_freebsd.c

Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

* freebsd/11-stable/master:
  MFC r349581
  MFC r349966

HardenedBSD/hardenedbsd a6ae9aesys/dev/netmap netmap_freebsd.c netmap_generic.c

Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master

* freebsd/12-stable/master:
  MFC r349581
  MFC r349966

HardenedBSD/hardenedbsd 821fe7csys/dev/netmap netmap_freebsd.c

MFC r349581

netmap: fix two panics with emulated adapter

This patch fixes 2 panics. The first one is due to the current VNET not
being set in the emulated adapter transmission path. The second one
is caused by the M_PKTHDR flag not being set when preallocated mbufs
are recycled in the transmit path.

Submitted by:   aleksandr.fedorov at itglobal.com
Reviewed by:    vmaffione
Differential Revision:  https://reviews.freebsd.org/D20824

HardenedBSD/hardenedbsd 2672ab3sys/dev/netmap netmap_freebsd.c

MFC r349581

netmap: fix two panics with emulated adapter

This patch fixes 2 panics. The first one is due to the current VNET not
being set in the emulated adapter transmission path. The second one
is caused by the M_PKTHDR flag not being set when preallocated mbufs
are recycled in the transmit path.

Submitted by:   aleksandr.fedorov at itglobal.com
Reviewed by:    vmaffione
Differential Revision:  https://reviews.freebsd.org/D20824

HardenedBSD/hardenedbsd 4f772a7sys/dev/netmap netmap_generic.c

MFC r349966

netmap: fix bug introduced by r349752

r349752 introduced a NULL pointer reference bug
in the emulated netmap code.

Reported by:    lwhsu

HardenedBSD/hardenedbsd 82ca5bfsys/dev/netmap netmap_generic.c

MFC r349966

netmap: fix bug introduced by r349752

r349752 introduced a NULL pointer reference bug
in the emulated netmap code.

Reported by:    lwhsu

HardenedBSD/hardenedbsd b0ed769sys/arm64/arm64 pmap.c trap.c, sys/netinet sctp_output.c sctp_pcb.c

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  Implement software access and dirty bit management for arm64.
  pmap_clear_modify() needs to clear PTE_W.
  Fix reference counting in pmap_ts_referenced() on RISC-V.
  Remove duplicated device firmware entry in generic arm kernel config added in r333191
  Remove RELEASE_CRUNCH here. It's obsolete.
  Add support for MSG_EOR and MSG_EOF in sendmsg() for SCTP.
  Fix socket state handling when freeing an SCTP endpoint.
  Replace complicated expression to disable libedit when no libthr is being built with a 
simpler one.
  Remove all the RELEASE_CRUNCH instances that partially disable IPSEC

HardenedBSD/hardenedbsd cdc0469sys/arm64/arm64 pmap.c trap.c, sys/arm64/include pte.h

Implement software access and dirty bit management for arm64.

Previously the arm64 pmap did no reference or modification tracking;
all mappings were treated as referenced and all read-write mappings
were treated as dirty.  This change implements software management
of these attributes.

Dirty bit management is implemented to emulate ARMv8.1's optional
hardware dirty bit modifier management, following a suggestion from alc.
In particular, a mapping with ATTR_SW_DBM set is logically writeable and
is dirty if the ATTR_AP_RW_BIT bit is clear.  Mappings with
ATTR_AP_RW_BIT set are write-protected, and a write access will trigger
a permission fault.  pmap_fault() handles permission faults for such
mappings and marks the page dirty by clearing ATTR_AP_RW_BIT, thus
mapping the page read-write.

Reviewed by:    alc
MFC after:      1 month
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D20907

HardenedBSD/hardenedbsd c99cb2esys/riscv/riscv pmap.c

pmap_clear_modify() needs to clear PTE_W.

MFC after:      1 week
Sponsored by:   The FreeBSD Foundation

HardenedBSD/hardenedbsd c6d7448sys/riscv/riscv pmap.c

Fix reference counting in pmap_ts_referenced() on RISC-V.

pmap_ts_referenced() does not necessarily clear the access bit from
all accessed mappings of a given page.  Thus, if a scan of the mappings
needs to be restarted, we should be careful to avoid double-counting
accessed mappings whose access bits were not cleared in a previous
attempt.

Reported by:    alc
Reviewed by:    alc
MFC after:      1 week
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D20926
DeltaFile
+13-10sys/riscv/riscv/pmap.c
+13-101 files

HardenedBSD/hardenedbsd 0e4cff9sys/arm/conf GENERIC

Remove duplicated device firmware entry in generic arm kernel config added in r333191

Submitted by:   Daniel Engberg (daniel.engberg.lists at pyret.net)
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D20680

HardenedBSD/hardenedbsd d5ce8f1release/picobsd/bridge crunch.conf, release/picobsd/qemu crunch.conf

Remove RELEASE_CRUNCH here. It's obsolete.

Remove RELEASE_CRUNCH here. It's obsolete and hasn't worked in a while.  The
build options need to be revisited, since many older ones are listed, while
newer useful ones are not. But that rototilling I'll leave to others.

HardenedBSD/hardenedbsd eb56d92sys/netinet sctp_output.c

Add support for MSG_EOR and MSG_EOF in sendmsg() for SCTP.

This is an FreeBSD extension, not covered by Posix.

This issue was found by running syzkaller.

MFC after:             1 week

HardenedBSD/hardenedbsd e972541sys/netinet sctp_pcb.c

Fix socket state handling when freeing an SCTP endpoint.

This issue was found by runing syzkaller.

MFC after:             1 week

HardenedBSD/hardenedbsd 053e229usr.sbin/ngctl Makefile

Replace complicated expression to disable libedit when no libthr is being built
with a simpler one.

HardenedBSD/hardenedbsd 0119a1bsbin/ping Makefile, usr.bin/telnet Makefile

Remove all the RELEASE_CRUNCH instances that partially disable IPSEC

We remove IPSEC only in parts of the tree, and not others. RELEASE_CRUNCH to
disable it has not kept up with all its uses. Remove it. Should there be a real
need to disable IPSEC, one that hasn't shown up in the base system to date,
it can be re-added behind a WITHOUT_IPSEC build option.

HardenedBSD/hardenedbsd 1d5d26abin/ls Makefile, sys/kern kern_umtx.c

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  In do_lock_pi(), do not return prematurely.
  Correctly check for casueword(9) success in do_set_ceiling().
  MK_OPENSSL makes RELEASE_CRUNCH redundant here
  Now that we have MK_LS_COLORS, we don't need RELEASE_CRUNCH check here.

HardenedBSD/hardenedbsd 532d322share/man/man9 casuword.9

Merge remote-tracking branch 'origin/hardened/11-stable/master' into 
hardened/11-stable/unstable

* origin/hardened/11-stable/master:
  MFC r349950: Style: avoid long lines by using .Fo instead of .Fn.

HardenedBSD/hardenedbsd c38a6c9share/man/man9 casuword.9

Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

* freebsd/11-stable/master:
  MFC r349950: Style: avoid long lines by using .Fo instead of .Fn.

HardenedBSD/hardenedbsd 5f37734share/man/man9 casuword.9

Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master

* freebsd/12-stable/master:
  MFC r349950: Style: avoid long lines by using .Fo instead of .Fn.

HardenedBSD/hardenedbsd 163feb2sys/kern kern_umtx.c

In do_lock_pi(), do not return prematurely.

If umtxq_check_susp() indicates an exit, we should clean the resources
before returning.  Do it by breaking out of the loop and relying on
post-loop cleanup.

Reviewed by:    markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      12 days
Differential revision:  https://reviews.freebsd.org/D20949

HardenedBSD/hardenedbsd 97d74e0sys/kern kern_umtx.c

Correctly check for casueword(9) success in do_set_ceiling().

After r349951, the return code must be checked instead of old == new
comparision.

Reviewed by:    markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      12 days
Differential revision:  https://reviews.freebsd.org/D20949

HardenedBSD/hardenedbsd 072d690share/man/man9 casuword.9

MFC r349950:
Style: avoid long lines by using .Fo instead of .Fn.

HardenedBSD/hardenedbsd 95f2329share/man/man9 casuword.9

MFC r349950:
Style: avoid long lines by using .Fo instead of .Fn.

HardenedBSD/hardenedbsd f5ae3e4usr.sbin/ntp Makefile.inc, usr.sbin/wpa Makefile.crypto

MK_OPENSSL makes RELEASE_CRUNCH redundant here

Since these things are more completely controlled by the MK_OPENSSL knob, remove
RELEASE_CRUNCH here. It's no longer needed for the release and other users can
use the more proper knob if they so desire.

HardenedBSD/hardenedbsd 60b4b76bin/ls Makefile

Now that we have MK_LS_COLORS, we don't need RELEASE_CRUNCH check here.

The RELEASE_CRUNCH check is redundant here. We don't need it for releases
anymore, and picobsd can control this more directly without making it a special
case.
DeltaFile
+1-2bin/ls/Makefile
+1-21 files

HardenedBSD/hardenedbsd 04f59bcsys/kern uipc_socket.c, sys/x86/iommu intel_drv.c

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  Improve the input validation for l_linger. When using the SOL_SOCKET level socket option 
SO_LINGER, the structure struct linger is used as the option value. The component l_linger 
is of type int, but internally copied to the field so_linger of the structure struct 
socket. The type of so_linger is short, but it is assumed to be non-negative and the value 
is used to compute ticks to be stored in a variable of type int.
  PR:   239143 Reported and tested by: Wes Maag <jwmaag at gmail.com> Sponsored by:      The 
FreeBSD Foundation MFC after:      1 week

HardenedBSD/hardenedbsd ead2ed8sys/kern uipc_socket.c

Improve the input validation for l_linger.
When using the SOL_SOCKET level socket option SO_LINGER, the structure
struct linger is used as the option value. The component l_linger is of
type int, but internally copied to the field so_linger of the structure
struct socket. The type of so_linger is short, but it is assumed to be
non-negative and the value is used to compute ticks to be stored in a
variable of type int.

Therefore, perform input validation on l_linger similar to the one
performed by NetBSD and OpenBSD.

Thanks to syzkaller for making me aware of this issue.

Thanks to markj@ for pointing out that a similar check should be added
to so_linger_set().

Reviewed by:           markj@
MFC after:             2 weeks
Differential Revision:  https://reviews.freebsd.org/D20948

HardenedBSD/hardenedbsd 4aa27a3sys/x86/iommu intel_drv.c

PR:     239143
Reported and tested by: Wes Maag <jwmaag at gmail.com>
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week

HardenedBSD/hardenedbsd c1f7fa2sys/netinet tcp_sack.c sctp_usrreq.c, sys/netinet/tcp_stacks rack.c

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  This is the second in a number of patches needed to get BBRv1 into the tree. This fixes 
the DSACK bug but is also needed by BBR. We have yet to go two more one will be for the 
pacing code (tcp_ratelimit.c) and the second will be for the new updated LRO code that 
allows a transport to know the arrival times of packets and (tcp_lro.c). After that we 
should finally be able to get BBRv1 into head.
  When calling sctp_initialize_auth_params(), the inp must have at least a read lock. To 
avoid more complex locking dances, just call it in sctp_aloc_assoc() when the write lock 
is still held.

HardenedBSD/hardenedbsd 2bc1470sys/netinet tcp_sack.c tcp_output.c, sys/netinet/tcp_stacks rack.c

This is the second in a number of patches needed to
get BBRv1 into the tree. This fixes the DSACK bug but
is also needed by BBR. We have yet to go two more
one will be for the pacing code (tcp_ratelimit.c) and
the second will be for the new updated LRO code that
allows a transport to know the arrival times of packets
and (tcp_lro.c). After that we should finally be able
to get BBRv1 into head.

Sponsored by:   Netflix Inc
Differential Revision:  https://reviews.freebsd.org/D20908

HardenedBSD/hardenedbsd eabf786sys/netinet sctp_usrreq.c sctp_pcb.c, sys/netinet6 sctp6_usrreq.c

When calling sctp_initialize_auth_params(), the inp must have at
least a read lock. To avoid more complex locking dances, just
call it in sctp_aloc_assoc() when the write lock is still held.

Reported by:           syzbot+08a486f7e6966f1c3cfb at syzkaller.appspotmail.com
MFC after:             1 week

HardenedBSD/hardenedbsd 3344beflib/libthr/thread thr_info.c, sys/x86/x86 cpu_machdep.c

Merge remote-tracking branch 'origin/hardened/11-stable/master' into 
hardened/11-stable/unstable

* origin/hardened/11-stable/master:
  MFC r349913: Ensure that mds_handler always points to a valid method.
  MFC r349912: Restore ability to pass NULL name argument to pthread_set_name_np(3) to 
clear the thread name.

HardenedBSD/hardenedbsd 055ef5dlib/libthr/thread thr_info.c, sys/x86/x86 cpu_machdep.c

Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

* freebsd/11-stable/master:
  MFC r349913: Ensure that mds_handler always points to a valid method.
  MFC r349912: Restore ability to pass NULL name argument to pthread_set_name_np(3) to 
clear the thread name.

HardenedBSD/hardenedbsd dd1e863lib/libthr/thread thr_info.c, sys/x86/x86 cpu_machdep.c

Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master

* freebsd/12-stable/master:
  MFC r349913: Ensure that mds_handler always points to a valid method.
  MFC r349912: Restore ability to pass NULL name argument to pthread_set_name_np(3) to 
clear the thread name.

HardenedBSD/hardenedbsd 6e69514sys/contrib/ipfilter/netinet fil.c ip_state.c, sys/net ieee_oui.h

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  Fix a typo in r349969
  Calculate the offset of the interface name using FR_NAME rather than calclulating it "by 
hand". This improves consistency with the rest of the code and is in line with planned 
fixes and other work.
  Recycle the unused FR_CMPSIZ macro which became orphaned in ipfilter 5 prior to its 
import into FreeBSD. This macro calculates the size to be compared within the frentry 
structure. The ipfilter 4 version of the macro calculated the compare size based upon the 
static size of the frentry struct. Today it uses the ipfilter 5 method of calculating the 
size based upon the new to ipfilter 5 fr_size value found in the frentry struct itself.
  style(9)

HardenedBSD/hardenedbsd 12eab59sys/x86/x86 cpu_machdep.c

MFC r349913:
Ensure that mds_handler always points to a valid method.

HardenedBSD/hardenedbsd eed7daflib/libthr/thread thr_info.c

MFC r349912:
Restore ability to pass NULL name argument to pthread_set_name_np(3)
to clear the thread name.

PR:     239142

HardenedBSD/hardenedbsd c411b32sys/x86/x86 cpu_machdep.c

MFC r349913:
Ensure that mds_handler always points to a valid method.

HardenedBSD/hardenedbsd e93bff3lib/libthr/thread thr_info.c

MFC r349912:
Restore ability to pass NULL name argument to pthread_set_name_np(3)
to clear the thread name.

PR:     239142

HardenedBSD/hardenedbsd 905cf90sys/net ieee_oui.h

Fix a typo in r349969

OUI_FRREBSD_NVME_HIGH should have been OUI_FREEBSD_NVME_HIGH

Caught by:      Gary Jennejohn
DeltaFile
+1-1sys/net/ieee_oui.h
+1-11 files

HardenedBSD/hardenedbsd ce109c4sys/contrib/ipfilter/netinet ip_state.c

Calculate the offset of the interface name using FR_NAME rather than
calclulating it "by hand". This improves consistency with the rest of
the code and is in line with planned fixes and other work.

MFC after:      1 week

HardenedBSD/hardenedbsd 5ee1c5csys/contrib/ipfilter/netinet fil.c ip_fil.h

Recycle the unused FR_CMPSIZ macro which became orphaned in ipfilter 5
prior to its import into FreeBSD. This macro calculates the size to be
compared within the frentry structure. The ipfilter 4 version of the
macro calculated the compare size based upon the static size of the
frentry struct. Today it uses the ipfilter 5 method of calculating the
size based upon the new to ipfilter 5 fr_size value found in the
frentry struct itself.

No effective change in code is intended.

MFC after:      1 week

HardenedBSD/hardenedbsd 77f57f7sys/contrib/ipfilter/netinet fil.c

style(9)

MFC after:      3 days

HardenedBSD/hardenedbsd 3ffd9aacontrib/llvm/tools/lld/ELF SymbolTable.cpp, lib/libc/arm/gen arm_sync_icache.2 arm_drain_writebuf.2

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  Add an entry mentioning the permission/mode change to daily accounting files.
  Revert r349442, which was a workaround for bus errors caused by an errant TLB entry.  
Specifically, at the start of pmap_enter_quick_locked(), we would sometimes have a TLB 
entry for an invalid PTE, and we would need to issue a TLB invalidation before exiting 
pmap_enter_quick_locked().  However, we should never have a TLB entry for an invalid PTE.  
r349905 has addressed the root cause of the problem, and so we no longer need this 
workaround.
  Limit access to system accounting files.
  Remove a stale comment.
  Add arm_sync_icache() and arm_drain_writebuf() sysarch syscall wrappers.
  Pull in r365760 from upstream lld trunk (by Fangrui Song):
  bhyve: Create EUI64 for NVMe namespaces
  r348494 fixes a race in udp_output(). The same race exists in udp_output6(), therefore 
apply a similar patch to IPv6.

HardenedBSD/hardenedbsd 546145d. UPDATING, contrib/llvm/tools/clang/include/clang/AST Type.h DeclBase.h

Merge remote-tracking branch 'origin/hardened/11-stable/master' into 
hardened/11-stable/unstable

* origin/hardened/11-stable/master:
  MFC r349876:

HardenedBSD/hardenedbsd b438816. UPDATING, contrib/llvm/tools/clang/include/clang/AST Type.h DeclBase.h

Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

* freebsd/11-stable/master:
  MFC r349876: