Displaying 1 50 of 272,466 commits (0.016s)

HardenedBSD — sys/amd64/amd64 pmap.c

Fix some uses of dmaplimit.

dmaplimit is the first byte after the end of DMAP.

Reported by:        "Johnson, Archna" <Archna.Johnson at netapp.com>
Reviewed by:        alc, markj
Approved by:        re (gjb)
MFC after:        1 week
Differential revision:        https://reviews.freebsd.org/D17318
Delta File
+2 -2 sys/amd64/amd64/pmap.c
+2 -2 1 file

HardenedBSD — sys/sys param.h

Bump __FreeBSD_version after r338871 introduced new media types
and a TCP checksum fix for ixl(4)

This is a direct commit.

Sponsored by:        Intel Corporation
Delta File
+1 -1 sys/sys/param.h
+1 -1 1 file

HardenedBSD — share/man/man4 cxgbe.4, sys/dev/cxgbe t4_main.c adapter.h

cxgbe(4): Link related changes.

- Switch to using 32b port/link capabilities in the driver.  The 32b
  format is used internally by firmwares > 1.16.45.0 and the driver will
  now interact with the firmware in its native format, whether it's 16b
  or 32b.  Note that the 16b format doesn't have room for 50G, 200G, or
  400G speeds.

- Add a bit in the pause_settings knobs to allow negotiated PAUSE
  settings to override manual settings.

- Ensure that manual link settings persist across an administrative
  down/up as well as transceiver unplug/replug.

- Remove unused is_*G_port() functions.

Approved by:        re@ (gjb@)
MFC after:        1 month
Sponsored by:        Chelsio Communications

HardenedBSD — sys/dev/random randomdev.c

Partial MFC of r338542:

random(4): Squash non-error timeout code from tsleep(9).

PR:                231181
Submitted by:        cem
Reported by:        lev
Reviewed by:        vangyzen, markm, delphij
Approved by:        secteam (delphij)
Differential Revision:        https://reviews.freebsd.org/D17049
Delta File
+4 -0 sys/dev/random/randomdev.c
+4 -0 1 file

HardenedBSD — sys/powerpc/ofw ofw_machdep.c

powerpc: Blacklist the top 64kB range of the lower 4GB PA space

The PHB4 host bridge used by the POWER9 uses a 64kB range in 32-bit
space at the address 0xffff0000-0xffffffff.  Reserve this range so that
DMA memory cannot be allocated within this range.  This fixes seemingly
random crashes on a POWER9 system.  Ideally this range will have been
reserved by the firmware, but as of now this is not the case.

Submitted by:        git_bdragon.rtk0.net
Reviewed by:        nwhitehorn
Approved by:        re(kib)
Differential Revision:        https://reviews.freebsd.org/D17183
Delta File
+37 -0 sys/powerpc/ofw/ofw_machdep.c
+37 -0 1 file

HardenedBSD — sys/dev/uart uart_bus_pci.c

Recognize the Amazon PCI serial device found in i3.metal EC2 instances
as an NS8250 UART.

Reviewed by:        sbruno, imp
Approved by:        re (delphij)
Sponsored by:        https://www.patreon.com/cperciva
Differential Revision:        https://reviews.freebsd.org/D17250
Delta File
+1 -0 sys/dev/uart/uart_bus_pci.c
+1 -0 1 file

HardenedBSD — sbin/sysctl sysctl.8

sysctl(8): Add a standard exit status section.

Reviewed by:        bcr
Approved by:        re (gjb), krion (mentor)
Differential Revision:        https://reviews.freebsd.org/D17147
Delta File
+3 -1 sbin/sysctl/sysctl.8
+3 -1 1 file

HardenedBSD — sys/sys vmmeter.h, sys/vm vm_domainset.c vm_page.c

Add more NUMA-specific low memory predicates.

Use these predicates instead of inline references to vm_min_domains.
Also add a global all_domains set, akin to all_cpus.

Reviewed by:        alc, jeff, kib
Approved by:        re (gjb)
Sponsored by:        The FreeBSD Foundation
Differential Revision:        https://reviews.freebsd.org/D17278

HardenedBSD — usr.sbin/pmccontrol pmccontrol.c

restore pmccontrol -L behavior on x86

When I updated counter definition handling for x86 I broke
'pmccontrol -L' listing counter names. This just changes
pmccontrol to call the library function on x86.

PR:        230984
Approved by:        re (kib@)
Delta File
+9 -0 usr.sbin/pmccontrol/pmccontrol.c
+9 -0 1 file

HardenedBSD — share/vt/fonts INDEX.fonts Makefile

MFC r338573: Add vt(4) INDEX.fonts

PR:                231237
Submitted by:        Martin <martin.jakob at gmx.com> (original version)

HardenedBSD — sys/vm vm_kern.c

Ensure that "domain" is initialized when vm_ndomains == 1.

Reported by:        alc
Approved by:        re (gjb)
Delta File
+3 -1 sys/vm/vm_kern.c
+3 -1 1 file

HardenedBSD — lib/libc Makefile

HBSD: Revert "HBSD: Revert "libc: require ifunc-capable linker for amd64/i386""

This reverts commit 208c75a6b2936449437cfd3d2babd97189e082a7. Ed Maste
has fixed the underlying issue upstream.

Signed-off-by:        Shawn Webb <shawn.webb at hardenedbsd.org>
Delta File
+5 -0 lib/libc/Makefile
+5 -0 1 file

HardenedBSD — sys/cddl/contrib/opensolaris/uts/common/fs/zfs vdev_geom.c

MFC r338724:
Fix an nvpair leak in vdev_geom_read_config().

PR:        230704

HardenedBSD — sys/kern kern_malloc.c, sys/sys malloc.h

Eliminate false sharing in malloc due to statistic collection

Currently stats are collected in a MAXCPU-sized array which is not
aligned and suffers enormous false-sharing. Fix the problem by
utilizing per-cpu allocation.

The counter(9) API is not used here as it is too incomplete and does
not provide a win over per-cpu zone sized for malloc stats struct. In
particular stats are being reported for each cpu separately by just
copying what is supposed to be an array element for given cpu.

This eliminates significant false-sharing during malloc-heavy tests
e.g. on Skylake. See the review for details.

Reviewed by:        markj
Approved by:        re (kib)
Differential Revision:        https://reviews.freebsd.org/D17289
Delta File
+27 -8 sys/kern/kern_malloc.c
+1 -1 sys/sys/malloc.h
+28 -9 2 files

HardenedBSD — sys/netinet tcp_syncache.c

Remove the unused parameter 'locked' from the function
syncache_respond(). There is no functional change. The
parameter became unused in r313330, but wasn't removed.

Approved by:                re (kib@)
MFC after:                1 month
Sponsored by:                Netflix, Inc.
Delta File
+5 -5 sys/netinet/tcp_syncache.c
+5 -5 1 file

HardenedBSD — sys/amd64/amd64 trap.c

MFC r338699:
Remove unneeded new line from the panic string.
Delta File
+1 -1 sys/amd64/amd64/trap.c
+1 -1 1 file

HardenedBSD — lib/libc Makefile

HBSD: Revert "libc: require ifunc-capable linker for amd64/i386"

This reverts commit ef8030831eccec4e481a1766fc1c67f7cadadac9, which
breaks building 12-CURRENT from 11-STABLE. I'm hoping this revert is
only temporary.

Signed-off-by:        Shawn Webb <shawn.webb at hardenedbsd.org>
Delta File
+0 -5 lib/libc/Makefile
+0 -5 1 file

HardenedBSD — sbin/devd devd.cc devd.hh

We don't need shell protection for when we're expanding matches.
Don't add it. This should fix when we do regepx matches against
variables we've set and fix wifi bring up.

PR: 231441
Approved by: re@ (kib)
Differential Revision: https://reviews.freebsd.org/D17267
Delta File
+3 -3 sbin/devd/devd.cc
+1 -1 sbin/devd/devd.hh
+4 -4 2 files

HardenedBSD — etc Makefile, lib/libwrap Makefile

Move hosts.allow to lib/libwrap/

This leverages CONFS to handle the install.

Approved by:        re (blanket, pkgbase), bapt (mentor)
Differential Revision:        https://reviews.freebsd.org/D17240
Delta File
+0 -1 etc/Makefile
+1 -0 lib/libwrap/Makefile
+1 -1 2 files

HardenedBSD — stand/lua password.lua

    Improve loader passwords:
    
    1. Be clear about which password is being requested
    2. Remove extraneous whitespace between the prompt and the cursor
    3. Move the twiddle to where the prompt is, instead of two characters to the right
    4. Fix erasing the 'incorrect password' message when retrying; previously it was 
erased partially
    5. Remove the unneeded exclamation mark
    
    Reviewed by:        kevans
    Approved by:        re (gjb)
    MFC after:        2 weeks
    Sponsored by:        DARPA, AFRL
    Differential Revision:        https://reviews.freebsd.org/D17236
Delta File
+9 -10 stand/lua/password.lua
+9 -10 1 file

HardenedBSD — sys/sys signalvar.h

vfs: __predict common case in VFS_EPILOGUE/PROLOGUE

NFS is the only in-tree filesystem using the feature, but all ops test
for it.

Currently the resulting sigdefer calls have to be jumped over in the
common case.

This is a bandaid, longer term fix will move this feature away.

Approved by:        re (kib)
Delta File
+2 -2 sys/sys/signalvar.h
+2 -2 1 file

HardenedBSD — sys/dev/cxgbe t4_l2t.c t4_filter.c

cxgbe(4): Reuse existing "switching" L2T entries when possible.

Approved by:        re@ (rgrimes@)
Sponsored by:        Chelsio Communications

HardenedBSD — sys/net iflib.h iflib.c

Revert MFC of r334231 in r338871.

It did not apply cleanly and was causing build errors.
Delta File
+1 -4 sys/net/iflib.h
+0 -4 sys/net/iflib.c
+1 -8 2 files

HardenedBSD — sys/net if_media.h iflib.c

MFC r334231, r334779, r335322, and r338208 to stable/11 from head

These include:
r334231: iflib: Add new shared flag: IFLIB_ADMIN_ALWAYS_RUN
r334779: iflib: Record TCP checksum info in iflib when TCP checksum is requested
r335322: iflib: Style fixes
r338208: if_media: Add new 2.5G/5G/25G/40G/50G/100G/200G/400G media types

Sponsored by:        Intel Corporation
Delta File
+168 -0 sys/net/if_media.h
+40 -27 sys/net/iflib.c
+60 -0 sys/net/ieee8023ad_lacp.c
+4 -1 sys/net/iflib.h
+272 -28 4 files

HardenedBSD — share/man/man5 src.conf.5

HBSD: Regen src.conf.5

Signed-off-by:        Shawn Webb <shawn.webb at hardenedbsd.org>
Sponsored-by:        SoldierX
Reported-by:        Oliver Pinter <oliver.pinter at hardenedbsd.org>
github-issue:        #343
Delta File
+5 -5 share/man/man5/src.conf.5
+5 -5 1 file

HardenedBSD — share/mk src.opts.mk

HBSD: Disable reproducible builds by default

I don't believe reproducible builds increase the security of a system.
Having version info is much more important.

Signed-off-by:        Shawn Webb <shawn.webb at hardenedbsd.org>
Sponsored-by:        SoldierX
Reported-by:        Oliver Pinter <oliver.pinter at hardenedbsd.org>
github-issue:        #343
Delta File
+1 -1 share/mk/src.opts.mk
+1 -1 1 file

HardenedBSD — usr.sbin/asf asf_kvm.c

Include stdbool.h so that we can use bool in linker.h.

As asf(8) is gone in head, this is a direct commit to stable/11.
Delta File
+1 -0 usr.sbin/asf/asf_kvm.c
+1 -0 1 file

HardenedBSD — sys/conf newvers.sh

HBSD: Resolve merge conflict

Signed-off-by:        Shawn Webb <shawn.webb at hardenedbsd.org>
Delta File
+1 -5 sys/conf/newvers.sh
+1 -5 1 file

HardenedBSD — sys/amd64/amd64 support.S

amd64: even up copyin/copyout with memcpy + other cleanup

- _fault handlers for both primitives are identical, provide just one
- change the copying scheme to match memcpy (in particular jump
avoidance for the most common case of multiply of 8)
- stop re-reading pcb address on exit, just store it locally (in r9)

Reviewed by:        kib
Approved by:        re (gjb)
Differential Revision:        https://reviews.freebsd.org/D17265
Delta File
+30 -26 sys/amd64/amd64/support.S
+30 -26 1 file

HardenedBSD — sys/dev/ffec if_ffec.c

Fix possible NULL pointer dereference in ffec_alloc_mbufcl().

PR:                231514
Approved by:        re (kib)
MFC after:        1 week
Delta File
+2 -1 sys/dev/ffec/if_ffec.c
+2 -1 1 file

HardenedBSD — sys/conf newvers.sh

Include kernel ident in uname

In non-reproducible mode we have the kernel ident as a side effect of
including the build directory.  Explicitly add it to the ident string in
reproducible mode.

Reported by:        mjg
Approved by:        re (gjb)
Sponsored by:        The FreeBSD Foundation
Delta File
+1 -1 sys/conf/newvers.sh
+1 -1 1 file

HardenedBSD — sys/kern sys_generic.c

select: stop doing zero-sized memsets

Approved by:        re (kib)
Delta File
+3 -2 sys/kern/sys_generic.c
+3 -2 1 file

HardenedBSD — sys/conf newvers.sh

remove double space between branch and version in kernel ident

Reported by:        dim
Approved by:        re (kib)
Sponsored by:        The FreeBSD Foundation
Delta File
+1 -1 sys/conf/newvers.sh
+1 -1 1 file

HardenedBSD — sys/amd64/amd64 support.S

amd64: check for small size in memmove, memcpy and memset

If the size is 15 bytes or less avoid spinning up rep just to copy the 8
bytes. In my tests on EPYC and old Intel microarchs without ERMS (like
Westmere) it provided a nice win over the current version (e.g. for EPYC
memset with 15 bytes of size goes from 59712651 ops/s to 70600095) all
while almost not pessimizing the other cases.

Data collected during package building shows that < 16 sizes are pretty
common.

Verified with the glibc test suite.

Approved by:        re (kib)
Delta File
+9 -0 sys/amd64/amd64/support.S
+9 -0 1 file

HardenedBSD — usr.sbin/bsdinstall/scripts hardening

Add an installer option to disable destructive dtrace.

Submitted by:                Jörg Pernfuß <code.jpe at gmail.com>
Approved by:                re (kib)
MFC after:                1 week
Differential Revision:        https://reviews.freebsd.org/D12474

HardenedBSD — share/man/man4 ddb.4

Mention setting $lines to 0 in ddb can disable paging

Reviewed by:        bcr (earlier version), markj
Approved by:        re (kib), markj (mentor)
MFC after:        3 days
Sponsored by:        The FreeBSD Foundation
Differential Revision:        https://reviews.freebsd.org/D17068
Delta File
+2 -1 share/man/man4/ddb.4
+2 -1 1 file

HardenedBSD — sys/net if_vlan.c if_var.h

fix vlan locking to permit sx acquisition in ioctl calls

- update vlan(9) to handle changes earlier this year in multicast locking

Tested by: np@, darkfiberu at gmail.com

PR:        230510
Reviewed by:        mjoras@, shurd@, sbruno@
Approved by:        re (gjb@)
Sponsored by:        Limelight Networks
Differential Revision:        https://reviews.freebsd.org/D16808
Delta File
+76 -143 sys/net/if_vlan.c
+1 -0 sys/net/if_var.h
+77 -143 2 files

HardenedBSD — sys/conf newvers.sh

Update head from ALPHA6 to ALPHA7 as part of the 12.0-RELEASE
cycle.

Approved by:        re (implicit)
Sponsored by:        The FreeBSD Foundation
Delta File
+1 -1 sys/conf/newvers.sh
+1 -1 1 file

HardenedBSD — sys/amd64/amd64 support.S

amd64: macroify copyin/copyout and provide erms variants, follow up

Fix a fat-fingered typo with a "funny" side-effect: when doing copyin on a
cpu without ERMS and with size being a multiply of 8 a page fault would be
triggered resulting in EFAULT.

Pointy hat: mjg
Approved by:        re (implicit)
Delta File
+1 -1 sys/amd64/amd64/support.S
+1 -1 1 file

HardenedBSD — sys/dev/e1000 if_em.c

Add IFCAP_TSO6 for igb

It seems igb supports TSO6, but the capability got lost in
the iflib update. Restore this capability.

PR:                231476
Reported by:        lev
Reviewed by:        erj
Approved by:        re (gjb)
Sponsored by:        Limelight Networks
Differential Revision:        https://reviews.freebsd.org/D17242
Delta File
+2 -1 sys/dev/e1000/if_em.c
+2 -1 1 file

HardenedBSD — sys/netinet ip_encap.h

Add new field max_hdrsize to struct encap_config.

It is currently unused and reserved for future use to keep KBI/KPI.
Also add several spare pointers to be able extend structure if it
will be needed.

Approved by:        re (gjb)
Delta File
+3 -0 sys/netinet/ip_encap.h
+3 -0 1 file

HardenedBSD — sys/net iflib.c

Fix capabilities handling for iflib drivers

Various capabilities were not being handled correctly in the
SIOCSIFCAP handler. Specifically:

IFCAP_RXCSUM and IFCAP_RXCSUM_IPV6 could be set even if not supported

It was impossible to disable IFCAP_RXCSUM and/or IFCAP_RXCSUM_IPV6 via
ifconfig since it does ioctl() per command-line flag rather than combine
them into a single call.

IFCAP_VLAN_HWCSUM could not be modified via the ioctl()

Setting any combination of the three IFCAP_WOL flags would set only
IFCAP_WOL_MCAST | IFCAP_WOL_MAGIC. For example, setting only
IFCAP_WOL_UCAST would result in both IFCAP_WOL_MCAST and IFCAP_WOL_MAGIC
being enabled, but IFCAP_WOL_UCAST would not be enabled.

Because if_vlancap() was called before if_togglecapenable(), vlan flags
were sometimes not applied correctly.

Interfaces were being unnecessarily stopped and restarted for WoL

PR:                231151
Submitted by:        Kaho Toshikazu <kaho at elam.kais.kyoto-u.ac.jp>

    [5 lines not shown]
Delta File
+26 -13 sys/net/iflib.c
+26 -13 1 file

HardenedBSD — sys/amd64/conf HARDENEDBSD

HBSD: Enable NUMA in the HARDENEDBSD amd64 kernel config

FreeBSD enabled NUMA in its GENERIC kernel config. This commit brings
the HARDENEDBSD kernel up-to-date with GENERIC with respect to NUMA.

Signed-off-by:        Shawn Webb <shawn.webb at hardenedbsd.org>
Sponsored-by:        SoldierX
Delta File
+1 -0 sys/amd64/conf/HARDENEDBSD
+1 -0 1 file

HardenedBSD — contrib/libarchive/libarchive archive_write_set_format_gnutar.c archive_write_set_format_pax.c

HBSD: Bring in libarchive/libarchive at c246ec5d058a3f70a2d3fb765f92fe9db77b25df

This fixes an out-of-bounds read vulnerability in libarchive.

Signed-off-by:        Shawn Webb <shawn.webb at hardenedbsd.org>
Sponsored-by:        SoldierX
MFC-to:                11-STABLE

HardenedBSD — secure/usr.bin/openssl Makefile

HBSD: Resolve merge conflict

Signed-off-by:        Shawn Webb <shawn.webb at hardenedbsd.org>
Sponsored-by:        SoldierX
Delta File
+0 -3 secure/usr.bin/openssl/Makefile
+0 -3 1 file

HardenedBSD — sys/netinet6 icmp6.c

In icmp6_rip6_input(), once we have a lock, make sure the inp is
not freed.  This can happen since the list traversal and locking
was converted to epoch(9).  If the inp is marked "freed", skip it.

This prevents a NULL pointer deref panic in ip6_savecontrol_v4()
trying to access the socket hanging off the inp, which was gone
by the time we got there.

Reported by:        andrew
Tested by:        andrew
Approved by:        re (gjb)
Delta File
+4 -0 sys/netinet6/icmp6.c
+4 -0 1 file

HardenedBSD — sys/vm vm_kern.c

Change the domain selection policy in kmem_back().

Ensure that pages backing the same virtual large page come from the
same physical domain, as kmem_malloc_domain() does.

PR:                231038
Reviewed by:        alc, kib
Approved by:        re (gjb)
Sponsored by:        The FreeBSD Foundation
Differential Revision:        https://reviews.freebsd.org/D17248
Delta File
+31 -14 sys/vm/vm_kern.c
+31 -14 1 file

HardenedBSD — sys/kern kern_descrip.c

fd: prevent inlining of _fdrop thorough kern_descrip.c

fdrop is used in several places in the file and almost never has to call
_fdrop. Thus inlining it is a pure waste of space.

Approved by:        re (kib)
Delta File
+4 -1 sys/kern/kern_descrip.c
+4 -1 1 file

HardenedBSD — sys/amd64/amd64 support.S

amd64: move fusufault after all users

A lot of function have the following check:
        cmpq    %rax,%rdi                       /* verify address is valid */
        ja      fusufault

The label is present earlier in kernel .text, which means this is a jump
backwards. Absent any information in branch predictor, the cpu predicts it
as taken. Since it is almost never taken in practice, this results in a
completely avoidable misprediction.

Move it past all consumers, so that it is predicted as not taken.

Approved by:        re (kib)
Delta File
+10 -10 sys/amd64/amd64/support.S
+10 -10 1 file

HardenedBSD — contrib/libarchive README.md, contrib/libarchive/libarchive archive_cryptor.c archive_acl.c

MFV r338797:
Sync libarchive with vendor.

Relevant vendor changes:
  PR #1019: Add allocation check for the zip_entry struct
  Oss-Fuzz #10192: Handle whitespace-only ACL fields correctly

Approved by:        re (kib)
MFC after:        1 week