HardenedBSD/hardenedbsd a906febsys/vm vm_unix.c

HBSD: Resolve merge conflict

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+0-5sys/vm/vm_unix.c
+0-51 files

HardenedBSD/hardenedbsd 887d9e4lib/libcasper/services/cap_sysctl cap_sysctl.c cap_sysctl.3, lib/libcasper/services/cap_sysctl/tests sysctl_test.c

Merge remote-tracking branch 'origin/freebsd/current/master' into hardened/current/master

Conflicts:
        sys/vm/vm_unix.c (unresolved)

HardenedBSD/hardenedbsd 6357299sys/arm64/linux Makefile, sys/compat/freebsd32 capabilities.conf

Merge remote-tracking branch 'origin/freebsd/12-stable/master' into 
hardened/12-stable/master

Conflicts:
        sys/i386/ibcs2/ibcs2_proto.h (deleted)
        sys/i386/ibcs2/ibcs2_syscall.h (deleted)
        sys/i386/ibcs2/ibcs2_sysent.c (deleted)

HardenedBSD/hardenedbsd f954706usr.sbin/periodic periodic.sh

Merge remote-tracking branch 'origin/hardened/11-stable/master' into 
hardened/11-stable/unstable

* origin/hardened/11-stable/master:
  MFC r351192, r351203

HardenedBSD/hardenedbsd 3c0c074usr.sbin/periodic periodic.sh

Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

* freebsd/11-stable/master:
  MFC r351192, r351203

HardenedBSD/hardenedbsd 2a20025lib/libpmc libpmc.c, sys/dev/hwpmc hwpmc_beri.c hwpmc_beri.h

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  truss: decode sysctl names.
  Add support for BERI statcounters.
  sysctl: use names instead of magic numbers.

HardenedBSD/hardenedbsd 4b9cebeusr.sbin/periodic periodic.sh

MFC r351192, r351203

r351192:
periodic: fix anticongestion for scripts run after security

Revision 316342, which introduced the anticongestion feature, failed to
consider that the periodic scripts are executed by a recursive invocation of
periodic.  The recursive invocation wrongly cleaned up a temporary file that
should've been cleaned up only by the original invocation.  The result is
that if the first script that requests an anticongestion sleep runs after
the security scripts, the sleep won't happen.

Fix this bug by delaying cleanup until the end of the original invocation.

PR:            236564
Submitted by:   Yasuhiro KIMURA <yasu at utahime.org>
Reviewed by:    imp

r351203:
periodic: replace "tty" with "test -t 0"

Apparently using tty for this purpose has been deprecated since 4.4 Lite.

Reviewed by:    cy
Differential Revision:  https://reviews.freebsd.org/D21318

HardenedBSD/hardenedbsd 02b1692usr.sbin/periodic periodic.sh

MFC r351192, r351203

r351192:
periodic: fix anticongestion for scripts run after security

Revision 316342, which introduced the anticongestion feature, failed to
consider that the periodic scripts are executed by a recursive invocation of
periodic.  The recursive invocation wrongly cleaned up a temporary file that
should've been cleaned up only by the original invocation.  The result is
that if the first script that requests an anticongestion sleep runs after
the security scripts, the sleep won't happen.

Fix this bug by delaying cleanup until the end of the original invocation.

PR:            236564
Submitted by:   Yasuhiro KIMURA <yasu at utahime.org>
Reviewed by:    imp

r351203:
periodic: replace "tty" with "test -t 0"

Apparently using tty for this purpose has been deprecated since 4.4 Lite.

Reviewed by:    cy
Differential Revision:  https://reviews.freebsd.org/D21318

HardenedBSD/hardenedbsd 14aef6dusr.bin/truss syscalls.c syscall.h

truss: decode sysctl names.

Submitted by:   Pawel Biernacki
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D21688

HardenedBSD/hardenedbsd 73477b0lib/libpmc libpmc.c, sys/conf files.mips

Add support for BERI statcounters.

BERI stands for Bluespec Extensible RISC Implementation, based on MIPS.

BERI has not implemented standard MIPS perfomance monitoring counters,
instead it provides statistical counters.

BERI statcounters have a several limitations:
- They can't be written
- They don't support start/stop operation
- None of hardware interrupt is provided on a counter overflow.

So make it separate to hwpmc_mips module and support process/system
counting mode only.

Sponsored by:   DARPA, AFRL

HardenedBSD/hardenedbsd 4e6c971lib/libc/gen sysctlnametomib.c, sys/kern kern_sysctl.c

sysctl: use names instead of magic numbers.

Replace magic numbers with symbols for internal sysctl operations.
Convert in-kernel and libc consumers.

Submitted by:   Pawel Biernacki
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D21693

HardenedBSD/hardenedbsd d990699sys/arm64/arm64 cpufunc_asm.S

MFC r349768
  Restructure cache_handle_range to avoid repeated barriers.  Specifically,
  restructure cache_handle_range so that all of the data cache operations are
  performed before any instruction cache operations.  Then, we only need one
  barrier between the data and instruction cache operations and one barrier
  after the instruction cache operations.

  On an Amazon EC2 a1.2xlarge instance, this simple change reduces the time
  for a "make -j8 buildworld" by 9%.

HardenedBSD/hardenedbsd 4783398sys/arm64/arm64 pmap.c

MFC r350546
  Because of AArch64's weak memory consistency model, we need to include a
  memory barrier between the stores for initializing a page table page and
  the store for adding that page to the page table.  Otherwise, a page table
  walk by another processor's MMU could see the page table page before it
  sees the initialized entries.

  Simplify pmap_growkernel().  In particular, eliminate an unnecessary TLB
  invalidation.

HardenedBSD/hardenedbsd 1d11013. Makefile.inc1, lib Makefile

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  Add the missing bits for LIBADD to properly function now that libarchive is linked to 
libzstd
  Add native support for zstd to libarchive

HardenedBSD/hardenedbsd 179034esys/compat/linuxkpi/common/include/linux interrupt.h, sys/compat/linuxkpi/common/src linux_work.c

Merge remote-tracking branch 'origin/hardened/11-stable/master' into 
hardened/11-stable/unstable

* origin/hardened/11-stable/master:
  MFC r352137: Callout drain does not have to be followed by a callout stop call. Fix 
bogus code.
  MFC r352207: Use true and false when dealing with bool type in the LinuxKPI. No 
functional change.
  MFC r352206: Fix synchronous work drain issue in the LinuxKPI.
  MFC r352205: Fix broken DECLARE_TASKLET() macro after r347852.

HardenedBSD/hardenedbsd b6d7adfsys/compat/linuxkpi/common/include/linux interrupt.h, sys/compat/linuxkpi/common/src linux_work.c

Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

* freebsd/11-stable/master:
  MFC r352137: Callout drain does not have to be followed by a callout stop call. Fix 
bogus code.
  MFC r352207: Use true and false when dealing with bool type in the LinuxKPI. No 
functional change.
  MFC r352206: Fix synchronous work drain issue in the LinuxKPI.
  MFC r352205: Fix broken DECLARE_TASKLET() macro after r347852.

HardenedBSD/hardenedbsd 2fa3479share/mk src.libnames.mk

Add the missing bits for LIBADD to properly function now that
libarchive is linked to libzstd

Pointy hat:     bapt
Reported by:    antoine

HardenedBSD/hardenedbsd cfd59e9. Makefile.inc1, lib Makefile

Add native support for zstd to libarchive

Note that old pkg will failed to build after this. A recent ports tree (one
providing pkg 1.12+) is required to build. Older already built pkg, should
continue working as expected

PR:            238797
Exp run by:     antoine
Reviewed by:    cem
Approved by:    cem
Differential Revision:  https://reviews.freebsd.org/D20752

HardenedBSD/hardenedbsd 939057bsys/net if_spppsubr.c

MFC r352137:
Callout drain does not have to be followed by a callout stop call.
Fix bogus code.

Sponsored by:   Mellanox Technologies

HardenedBSD/hardenedbsd ddd731dsys/net if_spppsubr.c

MFC r352137:
Callout drain does not have to be followed by a callout stop call.
Fix bogus code.

Sponsored by:   Mellanox Technologies

HardenedBSD/hardenedbsd 75c3025sys/compat/linuxkpi/common/src linux_work.c

MFC r352207:
Use true and false when dealing with bool type in the LinuxKPI.
No functional change.

Sponsored by:          Mellanox Technologies

HardenedBSD/hardenedbsd 44561edsys/compat/linuxkpi/common/src linux_work.c

MFC r352207:
Use true and false when dealing with bool type in the LinuxKPI.
No functional change.

Sponsored by:          Mellanox Technologies

HardenedBSD/hardenedbsd 59f5f59sys/compat/linuxkpi/common/src linux_work.c

MFC r352206:
Fix synchronous work drain issue in the LinuxKPI.

A work callback may restart itself. Loop in the drain function to see if the
work has been rescheduled and stop the subsequent reschedules, if any.

Sponsored by:          Mellanox Technologies

HardenedBSD/hardenedbsd 569a102sys/compat/linuxkpi/common/src linux_work.c

MFC r352206:
Fix synchronous work drain issue in the LinuxKPI.

A work callback may restart itself. Loop in the drain function to see if the
work has been rescheduled and stop the subsequent reschedules, if any.

Sponsored by:          Mellanox Technologies

HardenedBSD/hardenedbsd fa6eb68sys/amd64/amd64 pmap.c, sys/arm64/arm64 pmap.c

MFC r350463
  In pmap_advise(), when we encounter a superpage mapping, we first demote
  the mapping and then destroy one of the 4 KB page mappings so that there
  is a potential trigger for repromotion.  Currently, we destroy the first
  4 KB page mapping that falls within the (current) superpage mapping or the
  virtual address range [sva, eva).  However, I have found empirically that
  destroying the last 4 KB mapping produces slightly better results,
  specifically, more promotions and fewer failed promotion attempts.
  Accordingly, this revision changes pmap_advise() to destroy the last 4 KB
  page mapping.  It also replaces some nearby uses of boolean_t with bool.

HardenedBSD/hardenedbsd 122c53esys/compat/linuxkpi/common/include/linux interrupt.h

MFC r352205:
Fix broken DECLARE_TASKLET() macro after r347852.

Sponsored by:          Mellanox Technologies

HardenedBSD/hardenedbsd 2aa9973sys/arm64/arm64 gicv3_its.c

MFC r340602:

gitv3_its: fixes for multiple GIC ITS blocks

First pass of support for multiple GIC ITS blocks with ACPI.
Changes are to:
 * register the correct subset of interrupts with pic_register
   in case of ACPI.
 * initialize just the cpu interface for the first ITS, when
   domain information is not avialable. This has to be done
   until we split the per-CPU init to do LPI setup just once.
 * remove duplicate check for the GIC ITS domain, the sc_cpus
   are setup from domain, so the check again in per-CPU init
   seems unnecessary.

Reviewed by:    andrew
Differential Revision:  https://reviews.freebsd.org/D17841

HardenedBSD/hardenedbsd 8430965sys/compat/linuxkpi/common/include/linux interrupt.h

MFC r352205:
Fix broken DECLARE_TASKLET() macro after r347852.

Sponsored by:          Mellanox Technologies

HardenedBSD/hardenedbsd 20f6523sys/dev/acpica acpi.c acpi_resource.c, sys/dev/pci pci_host_generic_acpi.c pci_host_generic.c

MFC r340599-r340601

r340599:
acpica, pci_host_generic_acpi: redo pci_host_generic_acpi.c

This is a major update for pci_host_generic_acpi.c, the current
implementation has some gaps that are better fixed up in one go.
The changes are to:
 * Follow x86 method of not adding PCI resources to PCI host bridge in
   ACPI code. This has been moved to pci_host_generic_acpi.c, where we
   walk thru its resources of the host bridge and add them.
 * Fixup code in pci_host_generic_acpi.c to read all decoded ranges
   and update the 'ranges' property. This allows us to share most of
   the code with generic implementation (and the FDT one).
 * Parse and setup IO ranges and bus ranges when walking the resources
   above. Drop most of the changes related to this from acpica code.
 * Add the ECAM memory area as mem resource 0. Implement the logic to
   get the ECAM area from MCFG (using bus range which we now decode),
   or from _CBA (using _BBN/bus range). Drop aarch64 ifdefs from acpica
   code which did part of this.
 * Switch resource activation to similar code as FDT implementation,
   this can be moved into generic implementation in a later pass.
 * Drop the mechanism of using the 7th bit of bus number as the domain,
   this is not correct and will work only in very specific cases. Use
   _SEG as PCI domain and use the bus ranges of the host bridge to

    [27 lines not shown]

HardenedBSD/hardenedbsd 2d2d8c4sys/arm/arm generic_timer.c, sys/dev/acpica acpi_resource.c acpi_pcib.c

MFC r340598:

acpica: rework INTRNG interrupts

On arm64 (where INTRNG is enabled), the interrupts have to be mapped
with ACPI_BUS_MAP_INTR() before adding them as resources to devices.

The earlier code did the mapping before calling acpi_set_resource(),
which bypassed code that checked for PCI link interrupts.

To fix this, move the call to map interrupts into acpi_set_resource()
and that requires additional work to lookup interrupt properties.
The changes here are to:
 * extend acpi_lookup_irq_handler() to lookup an irq in the ACPI
   resources
 * create a helper function acpi_map_intr() which uses the updated
   acpi_lookup_irq_handler() to look up an irq, and then map it
   with ACPI_BUS_MAP_INTR()
 * use acpi_map_intr() in acpi_pcib_route_interrupt() to map
   pci link interrupts.

With these changes, we can drop the ifdefs in acpi_resource.c, and
we can also drop the call for mapping interrupts in generic_timer.c

Reviewed by:    andrew
Differential Revision:  https://reviews.freebsd.org/D17790

HardenedBSD/hardenedbsd 494e0d3sys/arm64/arm64 pmap.c

MFC r350347
  Implement pmap_advise().  (Without a working pmap_advise() implementation
  madvise(MADV_DONTNEED) and madvise(MADV_FREE) are NOPs.)
DeltaFile
+105-1sys/arm64/arm64/pmap.c
+105-11 files

HardenedBSD/hardenedbsd 9c0ed58sys/dev/pci pci_host_generic.c pci_host_generic_acpi.c

MFC r340595-r340597

r340595:
pci_host_generic: remove unneeded ThunderX2 quirk

The current quirk implementation writes a fixed address to the PCI BAR
to fix a firmware bug. The PCI BARs are allocated by firmware and will
change depending on PCI devices present. So using a fixed address here
is not correct.

This quirk worked around a firmware bug that programmed the MSI-X bar
of the SATA controller incorrectly. The newer firmware does not have
this issue, so it is better to drop this quirk altogether.

Reviewed by:    andrew
Differential Revision:  https://reviews.freebsd.org/D17655

r340596:
pci_host_generic: allocate resources against devices

Fix up pci_host_generic.c and pci_host_generic_fdt.c to allocate
resources against devices that requested them. Currently the
allocation happens against the pcib, which is incorrect.

This is needed for the upcoming changes for fixing up

    [15 lines not shown]

HardenedBSD/hardenedbsd 8c0df04share/man/man5 src.conf.5, share/mk src.opts.mk

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  src.conf(5): regenerate after r352465, r352466
  Add description for WITH_GOOGLETEST
  googletest: default-disable on all of MIPS for now
  mips: ubldr: use truncated load address for mips32

HardenedBSD/hardenedbsd 062772fshare/man/man5 src.conf.5

src.conf(5): regenerate after r352465, r352466

These changed the defaults for the GOOGLETEST knob and added a description
for WITH_GOOGLETEST.

HardenedBSD/hardenedbsd a1c40b8tools/build/options WITH_GOOGLETEST

Add description for WITH_GOOGLETEST

This is the logical negation of WITHOUT_GOOGLETEST, and helpful to have as
we now have different per-arch defaults for this option.

HardenedBSD/hardenedbsd bf614a9share/mk src.opts.mk

googletest: default-disable on all of MIPS for now

Parts of the fusefs tests trigger a bug in current versions of llvm: IR
representation of some routine for the MIPS targets is a function with a
large number of arguments. This then leads the compiler on an hour+ long
goose chase, which is OK if you build the current tree but less-so if you're
trying external toolchain or doing a universe build involving mips when it
eventually gets switched over to LLVM.

Better, accurate details can be found in LLVM PR43263.

HardenedBSD/hardenedbsd a7c4d00stand/mips/uboot Makefile

mips: ubldr: use truncated load address for mips32

BFD appears to silently truncate 0xffffffff80800000 when it processes the
ldscript for 32-bit mips, but LLD chokes on it as the linker script tries to
place elements above 32-bit range. It's unclear to me if silent truncation
is kosher or not and whether this patch is really what we want to do, but it
is one approach at least.

Reviewed by:    imp, mizhka
Differential Revision:  https://reviews.freebsd.org/D21487

HardenedBSD/hardenedbsd 7da6be8contrib/jemalloc/src jemalloc.c, lib/libc/sys open.2

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  Temporarily skip sys.netpfil.common.tos.pf_tos on i386 CI as it always fails
  Temporarily skip sys.netpfil.common.forward.pf_v4 on i386 CI as it always fails
  Use correct filename in newsyslog.conf
  log daemon.info to /var/log/daemon.log by default
  ifconfig: add report of the string from SIOCGIFDOWNREASON.
  Add SIOCGIFDOWNREASON.
  Further refine r352393, only call vnode_pager_setsize() outside the node lock when 
shrinking.
  realloc(x, 0) should not return NULL.
  Return EISDIR when directory is opened with O_CREAT without O_DIRECTORY.

HardenedBSD/hardenedbsd 8bc0e48tests/sys/netpfil/common tos.sh

Temporarily skip sys.netpfil.common.tos.pf_tos on i386 CI as it always fails

PR:            240086
Sponsored by:   The FreeBSD Foundation

HardenedBSD/hardenedbsd f94e2betests/sys/netpfil/common forward.sh

Temporarily skip sys.netpfil.common.forward.pf_v4 on i386 CI as it always fails

PR:            240085
Sponsored by:   The FreeBSD Foundation

HardenedBSD/hardenedbsd a6f0387usr.sbin/newsyslog newsyslog.conf

Use correct filename in newsyslog.conf

Approved by:           bapt (implicit)
Differential Revision:  https://reviews.freebsd.org/D21561

HardenedBSD/hardenedbsd f3228a1usr.sbin/newsyslog newsyslog.conf, usr.sbin/syslogd syslog.conf

log daemon.info to /var/log/daemon.log by default

log daemon facility now that daemon(8) has syslog support which defaults to
daemon facility, info priority

Reviewed by:           bapt
Approved by:           bapt
Differential Revision:  https://reviews.freebsd.org/D21561

HardenedBSD/hardenedbsd 7816badcddl/contrib/opensolaris/cmd/zfs zfs.8, cddl/contrib/opensolaris/lib/libzfs/common libzfs_sendrecv.c

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  loader: provide u> and xemit words if needed
  The VFS-level clustering code collects together sequential blocks by issuing 
delayed-writes (bdwrite()) until a non-sequential block is written or the maximum cluster 
size is reached. At that point it collects the delayed buffers together (using bread()) to 
write them in a single operation. The assumption was that since we just looked at them 
they will still be in memory so there is no need to check for a read error from bread(). 
Very occationally (apparently every 10-hours or so when being pounded by Peter Holm's 
tests) this assumption is wrong.
  loader: revert r352421
  vfs: apply r352437 to the fast path as well
  fixup up fallout from r352447 in libbe
  Temporarily skip flakey test case lib.libc.sys.stat_test.stat_socket
  MFZoL: Add -vnP support to 'zfs send' for bookmarks
  loader.efi: efipart needs to use ioalign
  loader: add memalign() to libsa
  loader: stand.h should define reallocf as Reallocf

HardenedBSD/hardenedbsd f02a2adsbin/ifconfig ifmedia.c

ifconfig: add report of the string from SIOCGIFDOWNREASON.

Sample output:
# ifconfig mce0
mce0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3ed07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWFILTER,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6,TXRTLMT,HWRXTSTMP>
        ether e4:1d:2d:e7:10:0a
        media: Ethernet autoselect <full-duplex,rxpause,txpause>
        status: no carrier (Negotiation failure)
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

Reviewed by:    hselasky, rrs
Sponsored by:   Mellanox Technologies
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D21527

HardenedBSD/hardenedbsd 465bfaesys/net if.h if.c, sys/sys sockio.h

Add SIOCGIFDOWNREASON.

The ioctl(2) is intended to provide more details about the cause of
the down for the link.

Eventually we might define a comprehensive list of codes for the
situations.  But interface also allows the driver to provide free-form
null-terminated ASCII string to provide arbitrary non-formalized
information.  Sample implementation exists for mlx5(4), where the
string is fetched from firmware controlling the port.

Reviewed by:    hselasky, rrs
Sponsored by:   Mellanox Technologies
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D21527

HardenedBSD/hardenedbsd 82f8cfdsys/fs/nfsclient nfs_clport.c

Further refine r352393, only call vnode_pager_setsize() outside the
node lock when shrinking.

This is similar to r252528, applied to the above commit.

Apparently there is a race which makes necessary at least to keep the
n_size and pager size consistent when extending.  Current suspect is
that iod threads perform vnode_pager_setsize() without taking the
vnode lock, which corrupts the file content.

Reported and tested by: Masachika ISHIZUKA <ish at amail.plala.or.jp>
Discussed with: rmacklem (related issues)
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week

HardenedBSD/hardenedbsd 53e898fcontrib/jemalloc/src jemalloc.c

realloc(x, 0) should not return NULL.

See http://www.open-std.org/jtc1/sc22/wg14/www/docs/summary.htm#dr_400.
Upstream jemalloc issue is opened by emaste at
https://github.com/jemalloc/jemalloc/issues/1629.

Reviewed by:    emaste
PR:     240456
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
DIfferential revision:  https://reviews.freebsd.org/D21632

HardenedBSD/hardenedbsd c4ddd57lib/libc/sys open.2, sys/kern vfs_vnops.c

Return EISDIR when directory is opened with O_CREAT without O_DIRECTORY.

Reviewed by:    bcr (man page), emaste (previous version)
PR:     240452
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
DIfferential revision:  https://reviews.freebsd.org/D21634

HardenedBSD/hardenedbsd 3929af9stand/forth loader.4th

loader: provide u> and xemit words if needed

We have external interpreter (userboot.so) which may be lagging behind
with updates and may be missing u> xemit words.

HardenedBSD/hardenedbsd 70e679bsys/kern vfs_cluster.c

The VFS-level clustering code collects together sequential blocks
by issuing delayed-writes (bdwrite()) until a non-sequential block
is written or the maximum cluster size is reached. At that point
it collects the delayed buffers together (using bread()) to write
them in a single operation. The assumption was that since we just
looked at them they will still be in memory so there is no need to
check for a read error from bread(). Very occationally (apparently
every 10-hours or so when being pounded by Peter Holm's tests)
this assumption is wrong.

The fix is to check for errors from bread() and fail the cluster
write thus falling back to the default individual flushing of any
still dirty buffers.

Reported by: Peter Holm and Chuck Silvers
Reviewed by: kib
MFC after:   3 days