HardenedBSD/hardenedbsd cf47970sys/vm vm_reserv.c vm_phys.h, sys/x86/x86 busdma_bounce.c busdma_machdep.c

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/unstable

* origin/hardened/current/master:
  freebsd-update.8: mandoc -Tlint fixes
  freebsd-update: Use BASEDIR when checking for src component
  i386/PAE busdma: allow more bounce pages.
  x86 busdma: fix mis-use of bus_addr_t where vm_paddr_t is assumed.
  MI VM: Make it possible to set size of superpage at boot instead of compile time.

HardenedBSD/hardenedbsd 101529esys/vm vm_reserv.c vm_phys.h, sys/x86/x86 busdma_bounce.c busdma_machdep.c

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  freebsd-update.8: mandoc -Tlint fixes
  freebsd-update: Use BASEDIR when checking for src component
  i386/PAE busdma: allow more bounce pages.
  x86 busdma: fix mis-use of bus_addr_t where vm_paddr_t is assumed.
  MI VM: Make it possible to set size of superpage at boot instead of compile time.

HardenedBSD/hardenedbsd 7eea9e2usr.sbin/freebsd-update freebsd-update.8

freebsd-update.8: mandoc -Tlint fixes

PR:            185389
Reported by:    bcr
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation

HardenedBSD/hardenedbsd ba040f8usr.sbin/freebsd-update freebsd-update.sh

freebsd-update: Use BASEDIR when checking for src component

src could potentially be installed under the based dir
and not under the root or vice versa.

PR:            224048
Submitted by:   Gerald Aryeetey <aryeeteygerald_rogers.com>
Reviewed by:    delphij
MFC after:      1 month
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D18849

HardenedBSD/hardenedbsd 3e765dcsys/dev/asmc asmcvar.h asmc.c

Merge remote-tracking branch 'origin/hardened/11-stable/master' into 
hardened/11-stable/unstable

* origin/hardened/11-stable/master:
  MFC r342822:
  MFC r342770:

HardenedBSD/hardenedbsd d0d83e6sys/dev/asmc asmcvar.h asmc.c

Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

* freebsd/11-stable/master:
  MFC r342822:
  MFC r342770:

HardenedBSD/hardenedbsd 999c74fsys/dev/asmc asmcvar.h asmc.c

Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master

* freebsd/12-stable/master:
  MFC r342822:
  MFC r342770:

HardenedBSD/hardenedbsd b703a03sys/dev/asmc asmcvar.h asmc.c

MFC r342822:

asmc: Add support for Mac mini 4,1 (Mid-2010)

HardenedBSD/hardenedbsd 9d5388fsys/dev/asmc asmcvar.h asmc.c

MFC r342822:

asmc: Add support for Mac mini 4,1 (Mid-2010)

HardenedBSD/hardenedbsd dc3ff82sys/dev/asmc asmcvar.h asmc.c

MFC r342770:

asmc: Patch to add MacBook Pro 9,2 support

PR:            211513
Submitted by:  William Theesfeld Jr <wtheesfeld at mailbox.org>
Reported by:   William Theesfeld Jr <wtheesfeld at mailbox.org>

HardenedBSD/hardenedbsd 243c293sys/dev/asmc asmcvar.h asmc.c

MFC r342770:

asmc: Patch to add MacBook Pro 9,2 support

PR:            211513
Submitted by:   William Theesfeld Jr <wtheesfeld at mailbox.org>
Reported by:    William Theesfeld Jr <wtheesfeld at mailbox.org>

HardenedBSD/hardenedbsd 23a6183sys/x86/x86 busdma_bounce.c

i386/PAE busdma: allow more bounce pages.

If i386 has more than 4G of memory, allow the same number of busdma
bounce pages as for amd64.  In fact, in this case bouncing sometimes
is much heavier than on amd64.

Reviewed by:    markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      2 weeks
Differential revision:  https://reviews.freebsd.org/D18854

HardenedBSD/hardenedbsd 687d725sys/x86/include busdma_impl.h, sys/x86/x86 busdma_bounce.c busdma_machdep.c

x86 busdma: fix mis-use of bus_addr_t where vm_paddr_t is assumed.

Right now bus_addr_t and vm_paddr_t are always aliased to the same
underlying integer type on x86, which makes the interchange hard to
detect.  Shortly, i386 kernel would use uint64_t for vm_paddr_t to
enable automatic use of PAE paging structures if hardware allows it,
while bus_addr_t would be extended to 64bit only when PAE option is
specified.

Fix all places that were identified as using bus_addr_t while page
address was assumed.  This was performed by testing the complete PAE
merging patch on machine with > 4G of RAM enabled.

Reviewed by:    markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      2 weeks
Differential revision:  https://reviews.freebsd.org/D18854

HardenedBSD/hardenedbsd db50300sys/vm vm_reserv.c vm_phys.h

MI VM: Make it possible to set size of superpage at boot instead of compile time.

In order to allow single kernel to use PAE pagetables on i386 if
hardware supports it, and fall back to classic two-level paging
structures if not, superpage code should be able to adopt to either 2M
or 4M superpages size.  There I make MI VM structures large enough to
track the biggest possible superpage, by allowing architecture to
define VM_NFREEORDER_MAX and VM_LEVEL_0_ORDER_MAX constants.
Corresponding VM_NFREEORDER and VM_LEVEL_0_ORDER symbols can be
defined as runtime values and must be less than the _MAX constants.
If architecture does not define _MAXs, it is assumed that _MAX ==
normal constant.

Reviewed by:    markj
Tested by:      pho (as part of the larger patch)
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D18853

HardenedBSD/hardenedbsd 97d9af5sys/dev/nvdimm nvdimm.c nvdimm_spa.c, sys/netpfil/pf if_pfsync.c

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/unstable

* origin/hardened/current/master:
  nvdimm: initialize SPA uuids statically.
  nvdimm: add a driver for the NVDIMM root device
  pf: fix pfsync breaking carp

HardenedBSD/hardenedbsd 65f0891sys/dev/nvdimm nvdimm.c nvdimm_spa.c, sys/netpfil/pf if_pfsync.c

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  nvdimm: initialize SPA uuids statically.
  nvdimm: add a driver for the NVDIMM root device
  pf: fix pfsync breaking carp

HardenedBSD/hardenedbsd 02fb177sys/dev/usb usb_hub.c usb_generic.c, sys/netinet6 ip6_output.c

Merge branch 'freebsd/10-stable/master' into hardened/10-stable/master

* freebsd/10-stable/master:
  MFC r342884: Fix loopback traffic when using non-lo0 link local IPv6 addresses.
  MFC r342778: Reduce timeout for reading the USB HUB port status to 1000ms and try to 
filter out dead USB HUB devices by implementing an error counter, so that the USB 
enumeration thread does not spend all its time reading from non-responding devices, 
blocking user-space access in the end.
  MFC r342730: Improve USB generic debug messages. Print process ID and name when opening 
and closing usb/ugenX.Y character device nodes.

HardenedBSD/hardenedbsd d3d7db7sys/dev/usb usb_hub.c usb_generic.c, sys/netinet6 ip6_output.c

Merge remote-tracking branch 'origin/hardened/11-stable/master' into 
hardened/11-stable/unstable

* origin/hardened/11-stable/master:
  MFC 342925:   Relax requirement to packet size of CARP protocol and remove version 
check.
  MFC r342884: Fix loopback traffic when using non-lo0 link local IPv6 addresses.
  MFC r342778: Reduce timeout for reading the USB HUB port status to 1000ms and try to 
filter out dead USB HUB devices by implementing an error counter, so that the USB 
enumeration thread does not spend all its time reading from non-responding devices, 
blocking user-space access in the end.
  MFC r342730: Improve USB generic debug messages. Print process ID and name when opening 
and closing usb/ugenX.Y character device nodes.

HardenedBSD/hardenedbsd 163b33csys/dev/usb usb_hub.c usb_generic.c, sys/netinet6 ip6_output.c

Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

* freebsd/11-stable/master:
  MFC 342925:   Relax requirement to packet size of CARP protocol and remove version 
check.
  MFC r342884: Fix loopback traffic when using non-lo0 link local IPv6 addresses.
  MFC r342778: Reduce timeout for reading the USB HUB port status to 1000ms and try to 
filter out dead USB HUB devices by implementing an error counter, so that the USB 
enumeration thread does not spend all its time reading from non-responding devices, 
blocking user-space access in the end.
  MFC r342730: Improve USB generic debug messages. Print process ID and name when opening 
and closing usb/ugenX.Y character device nodes.

HardenedBSD/hardenedbsd ff054c8sys/netinet6 ip6_output.c, usr.sbin/cpucontrol cpucontrol.c intel.c

Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master

* freebsd/12-stable/master:
  MFC r342925:   Relax requirement to packet size of CARP protocol and remove version 
check.
  MFC r340421 (by cem), r342934: cpucontrol(8): De-duplicate common update logic.
  MFC r342884: Fix loopback traffic when using non-lo0 link local IPv6 addresses.
  MFC r342778: Reduce timeout for reading the USB HUB port status to 1000ms and try to 
filter out dead USB HUB devices by implementing an error counter, so that the USB 
enumeration thread does not spend all its time reading from non-responding devices, 
blocking user-space access in the end.
  MFC r342730: Improve USB generic debug messages. Print process ID and name when opening 
and closing usb/ugenX.Y character device nodes.

HardenedBSD/hardenedbsd 9c01c68sys/dev/nvdimm nvdimm_spa.c nvdimm_var.h

nvdimm: initialize SPA uuids statically.

The SPA ids are published numbers, so it's safe (if not a bit
annoying) to copy them into a source file.

Submitted by:   D Scott Phillips <d.scott.phillips at intel.com>
Sponsored by:   Intel Corporation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D18733

HardenedBSD/hardenedbsd a2c54a9sys/dev/nvdimm nvdimm.c nvdimm_var.h

nvdimm: add a driver for the NVDIMM root device

The NVDIMM root device is parent to the individual ACPI NVDIMM
devices.  Add a driver for the NVDIMM root device that can own
enumeration of NVDIMM devices as well as NVDIMM SPA ranges that the
system has.

Submitted by:   D Scott Phillips <d.scott.phillips at intel.com>
Sponsored by:   Intel Corporation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D18346

HardenedBSD/hardenedbsd c5dfd88sys/netpfil/ipfw ip_fw2.c

MFC 342925:
  Relax requirement to packet size of CARP protocol and remove version check.

  CARP shares protocol number 112 with VRRP (RFC 5798). And the size of
  VRRP packet may be smaller than CARP. ipfw_chk() does m_pullup() to at
  least sizeof(struct carp_header) and can fail when packet is VRRP. This
  leads to packet drop and message about failed pullup attempt.
  Also, RFC 5798 defines version 3 of VRRP protocol, this version number
  also unsupported by CARP and such check leads to packet drop.

  carp_input() does its own checks for protocol version and packet size,
  so we can remove these checks to be able pass VRRP packets.

  PR:          234207

HardenedBSD/hardenedbsd 8f52cc3sys/netpfil/ipfw ip_fw2.c

MFC r342925:
  Relax requirement to packet size of CARP protocol and remove version check.

  CARP shares protocol number 112 with VRRP (RFC 5798). And the size of
  VRRP packet may be smaller than CARP. ipfw_chk() does m_pullup() to at
  least sizeof(struct carp_header) and can fail when packet is VRRP. This
  leads to packet drop and message about failed pullup attempt.
  Also, RFC 5798 defines version 3 of VRRP protocol, this version number
  also unsupported by CARP and such check leads to packet drop.

  carp_input() does its own checks for protocol version and packet size,
  so we can remove these checks to be able pass VRRP packets.

  PR:          234207

HardenedBSD/hardenedbsd d54deb3usr.sbin/cpucontrol cpucontrol.c intel.c

MFC r340421 (by cem), r342934:
cpucontrol(8): De-duplicate common update logic.

HardenedBSD/hardenedbsd 0962f56sys/netinet6 ip6_output.c

MFC r342884:
Fix loopback traffic when using non-lo0 link local IPv6 addresses.

The loopback interface can only receive packets with a single scope ID,
namely the scope ID of the loopback interface itself. To mitigate this
packets which use the scope ID are appearing as received by the real
network interface, see "origifp" in the patch. The current code would
drop packets which are designated for loopback which use a link-local
scope ID in the destination address or source address, because they
won't match the lo0's scope ID. To fix this restore the network
interface pointer from the scope ID in the destination address for
the problematic cases. See comments added in patch for a more detailed
description.

This issue was introduced with route caching by karels@ .

Reviewed by:           bz (network)
Differential Revision:  https://reviews.freebsd.org/D18769
Sponsored by:          Mellanox Technologies

HardenedBSD/hardenedbsd b9e76fbsys/netinet6 ip6_output.c

MFC r342884:
Fix loopback traffic when using non-lo0 link local IPv6 addresses.

The loopback interface can only receive packets with a single scope ID,
namely the scope ID of the loopback interface itself. To mitigate this
packets which use the scope ID are appearing as received by the real
network interface, see "origifp" in the patch. The current code would
drop packets which are designated for loopback which use a link-local
scope ID in the destination address or source address, because they
won't match the lo0's scope ID. To fix this restore the network
interface pointer from the scope ID in the destination address for
the problematic cases. See comments added in patch for a more detailed
description.

This issue was introduced with route caching by karels@ .

Reviewed by:           bz (network)
Differential Revision:  https://reviews.freebsd.org/D18769
Sponsored by:          Mellanox Technologies

HardenedBSD/hardenedbsd b7b39a1sys/netinet6 ip6_output.c

MFC r342884:
Fix loopback traffic when using non-lo0 link local IPv6 addresses.

The loopback interface can only receive packets with a single scope ID,
namely the scope ID of the loopback interface itself. To mitigate this
packets which use the scope ID are appearing as received by the real
network interface, see "origifp" in the patch. The current code would
drop packets which are designated for loopback which use a link-local
scope ID in the destination address or source address, because they
won't match the lo0's scope ID. To fix this restore the network
interface pointer from the scope ID in the destination address for
the problematic cases. See comments added in patch for a more detailed
description.

This issue was introduced with route caching by karels@ .

Reviewed by:           bz (network)
Differential Revision:  https://reviews.freebsd.org/D18769
Sponsored by:          Mellanox Technologies

HardenedBSD/hardenedbsd d017627sys/dev/usb usb_hub.c usb_request.c

MFC r342778:
Reduce timeout for reading the USB HUB port status to 1000ms and try to filter
out dead USB HUB devices by implementing an error counter, so that the USB
enumeration thread does not spend all its time reading from non-responding
devices, blocking user-space access in the end.

Tested by:      Matthias Apitz <guru at unixarea.de>
Sponsored by:   Mellanox Technologies

HardenedBSD/hardenedbsd 0d8408dsys/dev/usb usb_hub.c usb_request.c

MFC r342778:
Reduce timeout for reading the USB HUB port status to 1000ms and try to filter
out dead USB HUB devices by implementing an error counter, so that the USB
enumeration thread does not spend all its time reading from non-responding
devices, blocking user-space access in the end.

Tested by:      Matthias Apitz <guru at unixarea.de>
Sponsored by:   Mellanox Technologies

HardenedBSD/hardenedbsd b7beed4sys/dev/usb usb_hub.c usb_request.c

MFC r342778:
Reduce timeout for reading the USB HUB port status to 1000ms and try to filter
out dead USB HUB devices by implementing an error counter, so that the USB
enumeration thread does not spend all its time reading from non-responding
devices, blocking user-space access in the end.

Tested by:      Matthias Apitz <guru at unixarea.de>
Sponsored by:   Mellanox Technologies

HardenedBSD/hardenedbsd b433b23sys/dev/usb usb_generic.c

MFC r342730:
Improve USB generic debug messages. Print process ID and name when opening
and closing usb/ugenX.Y character device nodes.

Sponsored by:   Mellanox Technologies

HardenedBSD/hardenedbsd da1fd96sys/dev/usb usb_generic.c

MFC r342730:
Improve USB generic debug messages. Print process ID and name when opening
and closing usb/ugenX.Y character device nodes.

Sponsored by:   Mellanox Technologies

HardenedBSD/hardenedbsd c914c0dsys/dev/usb usb_generic.c

MFC r342730:
Improve USB generic debug messages. Print process ID and name when opening
and closing usb/ugenX.Y character device nodes.

Sponsored by:   Mellanox Technologies

HardenedBSD/hardenedbsd 9cbcdacsys/netpfil/pf if_pfsync.c

pf: fix pfsync breaking carp

Fix missing initialisation of sc_flags into a valid sync state on clone which
breaks carp in pfsync.

This regression was introduce by r342051.

PR:            235005
Submitted by:   smh at FreeBSD.org
Pointy hat to:  kp
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D18882

HardenedBSD/hardenedbsd 7265aeesys/cam/ata ata_da.c, tools/build/mk OptionalObsoleteFiles.inc

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/unstable

* origin/hardened/current/master:
  [ata] Add workaround for KingDian S200 SSD crash on receiving TRIM command
  Add ypldap to the list of conditional obsolete files
  Fix descriptor/memory leak in compress(1) code

HardenedBSD/hardenedbsd fdc7ff1sys/cam/ata ata_da.c, tools/build/mk OptionalObsoleteFiles.inc

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  [ata] Add workaround for KingDian S200 SSD crash on receiving TRIM command
  Add ypldap to the list of conditional obsolete files
  Fix descriptor/memory leak in compress(1) code

HardenedBSD/hardenedbsd 5ec2566sys/sys random.h param.h

Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master

* freebsd/12-stable/master:
  MFC r342398:

HardenedBSD/hardenedbsd 14fafbasys/cam/ata ata_da.c

[ata] Add workaround for KingDian S200 SSD crash on receiving TRIM command

- Add ADA_Q_NO_TRIM quirk to be used with the device that falsely advertise TRIM support
- Add ADA_Q_NO_TRIM entry for KingDian S200 SSD

PR:            222802
Submitted by:   Bertrand Petit <bsdpr at phoe.frmug.org>
MFC after:      1 week
DeltaFile
+16-2sys/cam/ata/ata_da.c
+16-21 files

HardenedBSD/hardenedbsd bf6434etools/build/mk OptionalObsoleteFiles.inc

Add ypldap to the list of conditional obsolete files

ypldap should be removed during delete-old if WITHOUT_NIS flag is enabled

PR:            230727
Submitted by:   Dmitry Wagin <dmitry.wagin at ya.ru>
MFC after:      1 week

HardenedBSD/hardenedbsd c94de54stand/libsa printf.c, sys/arm/allwinner if_awg.c

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/unstable

* origin/hardened/current/master:
  ioat(4): Set __result_use_check on ioat_acquire_reserve
  libsa: add asprintf()
  loader should ignore active multi_vdev_crash_dump feature on zpool
  freebsd-update: Clarify unsupported release upgrade error message
  Workaround for nscd(8) failure with large entries.
  Add definitions for AMD Spectre/Meltdown CPUID information
  Revert r343095
  Re-add new small tool trim(8) to delete contents for blocks on devices using 
wear-leveling algorithms as a few weeks passed after review and discussion of trim(8) 
ceased and we still have no utility to perform the job.

HardenedBSD/hardenedbsd d4316adusr.bin/compress compress.c

Fix descriptor/memory leak in compress(1) code

This is mostly a style fix since the code in question is not called multiple
times and doesn't have cummulative effect.

PR:            204953
Submitted by:   David Binderman <dcb314 at hotmail.com>
MFC after:      1 week

HardenedBSD/hardenedbsd f28b896stand/libsa printf.c, sys/arm/allwinner if_awg.c

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  ioat(4): Set __result_use_check on ioat_acquire_reserve
  libsa: add asprintf()
  loader should ignore active multi_vdev_crash_dump feature on zpool
  freebsd-update: Clarify unsupported release upgrade error message
  Workaround for nscd(8) failure with large entries.
  Add definitions for AMD Spectre/Meltdown CPUID information
  Revert r343095
  Re-add new small tool trim(8) to delete contents for blocks on devices using 
wear-leveling algorithms as a few weeks passed after review and discussion of trim(8) 
ceased and we still have no utility to perform the job.

HardenedBSD/hardenedbsd c00d18fsys/sys random.h param.h

MFC r342398:

Enable sys/random.h #include from C++

And bump __FreeBSD_version, just in case.

PR:            234180
Submitted by:   Ralf van der Enden <tremere AT cainites.net>

HardenedBSD/hardenedbsd 301370asys/dev/ioat ioat.h

ioat(4): Set __result_use_check on ioat_acquire_reserve

Even M_WAITOK callers must check for failure.  For example, if the device is
quiescing, either due to automatic error-recovery induced reset, or due to
administrative detach, the routine will return ENXIO and the acquire
reference will not be held.  So, there is no mode in which it is safe to
assume the routine succeeds without checking.

Sponsored by:   Dell EMC Isilon

HardenedBSD/tools cfa3254release/git release_new_stable_repo.csh update_meta.py

HBSD: simplify the release process

Add a helper script to fetch the metadata from the jenkins server.
The NOTES file still should be filled manually, but the formatting is
done with the newer update_meta.py stuff.

Signed-off-by: Oliver Pinter <oliver.pinter at hardenedbsd.org>

HardenedBSD/hardenedbsd e9b9f14stand/libsa printf.c stand.h

libsa: add asprintf()

asprintf() is a nice tool for string processing.

MFC after:      2 weeks

HardenedBSD/hardenedbsd faa109bstand/libsa/zfs zfsimpl.c

loader should ignore active multi_vdev_crash_dump feature on zpool

Since the loader zfs reader does not need to read the dump zvol, we can
just enable the feature.

illumos issue #9051 https://www.illumos.org/issues/9051

MFC after:      2 weeks

HardenedBSD/hardenedbsd bffa924usr.sbin/freebsd-update freebsd-update.sh

freebsd-update: Clarify unsupported release upgrade error message

Notify users that upgrading from -CURRENT or -STABLE is unsupported by
freebsd-update.

Also ensure --currently-running provides a correctly formatted release
(as done by -r).

PR:            234771
Submitted by:   Gerald Aryeetey <aryeeteygerald_rogers.com>
Reported by:    yuri
Reviewed by:    bcran
MFC after:      1 month
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D18803

HardenedBSD/hardenedbsd b336c7busr.sbin/nscd nscd.c

Workaround for nscd(8) failure with large entries.

It fixes a case where eg a 2KB group entry would take several seconds
to complete with cache enabled in nsswitch.conf.

MFC after:      2 weeks
Sponsored by:   Chalmers University of Technology
Differential Revision:  https://reviews.freebsd.org/D18392