HardenedBSD/hardenedbsd a906febsys/vm vm_unix.c

HBSD: Resolve merge conflict

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+0-5sys/vm/vm_unix.c
+0-51 files

HardenedBSD/hardenedbsd 887d9e4lib/libcasper/services/cap_sysctl cap_sysctl.c cap_sysctl.3, lib/libcasper/services/cap_sysctl/tests sysctl_test.c

Merge remote-tracking branch 'origin/freebsd/current/master' into hardened/current/master

Conflicts:
        sys/vm/vm_unix.c (unresolved)

HardenedBSD/hardenedbsd dd0f9ebsys/cddl/contrib/opensolaris/uts/common/fs/zfs zfs_rlock.c vdev_indirect.c, sys/dev/nctgpio nctgpio.c

Merge remote-tracking branch 'freebsd/stable/12' into hardened/12-stable/master

HardenedBSD/hardenedbsd 878f67bsys/riscv/riscv elf_machdep.c

HBSD: Resolve merge conflict

Keep FreeBSD's ASR disabled for RISC-V.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>

HardenedBSD/hardenedbsd 657ef51share/man/man4 superio.4, share/man/man9 superio.9

Merge remote-tracking branch 'origin/freebsd/12-stable/master' into 
hardened/12-stable/master

Conflicts:
        sys/riscv/riscv/elf_machdep.c (unresolved)

HardenedBSD/hardenedbsd 6357299sys/amd64/linux32 Makefile, sys/compat/freebsd32 capabilities.conf

Merge remote-tracking branch 'origin/freebsd/12-stable/master' into 
hardened/12-stable/master

Conflicts:
        sys/i386/ibcs2/ibcs2_proto.h (deleted)
        sys/i386/ibcs2/ibcs2_syscall.h (deleted)
        sys/i386/ibcs2/ibcs2_sysent.c (deleted)

HardenedBSD/hardenedbsd d87ba0fshare/man/man5 src.conf.5, sys/compat/cloudabi64 cloudabi64_module.c

HBSD: Resolve merge conflicts

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>

HardenedBSD/hardenedbsd c81e2dalibexec/flua luaconf.h, libexec/flua/modules lfs.c

Merge remote-tracking branch 'upstream/master' into hardened/current/master

Conflicts:
        share/man/man5/src.conf.5 (unresolved)
        sys/compat/cloudabi64/cloudabi64_module.c (unresolved)
        sys/vm/vm_map.c (unresolved)

HardenedBSD/hardenedbsd 5f126ffetc/mtree BSD.root.dist, share/man/man7 hier.7

Standardize EFI's ESP mount point.

Mount the UEFI ESP on /boot/efi. No current system uses this by default, but
there are many ad-hoc schemes that do this in /efi or /esp or /uefi and adding a
new directory at the top-level would have a much higher likelihood of
collision. Document this in /etc/mtree/BSD.root.mtree and create EFIDIR and
related variables in bsd.own.mk.

Differential Revision: https://reviews.freebsd.org/D21344

HardenedBSD/hardenedbsd f1c3864sys/cam/scsi scsi_all.c

Set handling for some "Logical unit not ready" errors.

MFC after:      2 weeks
Sponsored by:   iXsystems, Inc.
DeltaFile
+23-17sys/cam/scsi/scsi_all.c
+23-171 files

HardenedBSD/hardenedbsd 33a315asys/dev/random ivy.c

random/ivy: Trivial refactoring

It is clearer to me to return success/error (true/false) instead of some
retry count linked to the inline assembly implementation.

No functional change.

Approved by:    core(csprng) => csprng(markm)
Differential Revision:  https://reviews.freebsd.org/D22454

HardenedBSD/hardenedbsd c250b34contrib/netbsd-tests/usr.bin/unifdef t_basic.sh, usr.bin/unifdef unifdef.c

Re-apply fixed r354847

unifdef(1): Improve worst-case bound on symbol resolution

Use RB_TREE to make some algorithms O(lg N) and O(N lg N) instead of O(N)
and O(N^2).

While here, remove arbitrarily limit on number of macros understood.

Reverts r354877 and r354878, which disabled the (correct) test.

PR:            242095
Reported by:    lwhsu

HardenedBSD/hardenedbsd 2c58a72usr.bin/unifdef unifdef.c

Revert r354847 for now

It was broken.

PR:            242095
Reported by:    lwhsu

HardenedBSD/hardenedbsd 60ea49b. UPDATING

Fix typo: deprected -> deprecated.
DeltaFile
+1-1UPDATING
+1-11 files

HardenedBSD/hardenedbsd 0f4a614. UPDATING, share/mk bsd.opts.mk

Make the warning for deprecated NO_ variables an error.

Support for NO_CTF, NO_DEBUG_FILES, NO_INSTALLLIB, NO_MAN, NO_PROFILE,
and NO_WARNS as deprecated in 2014 with a warning added for each one
found. Turn these into error in preperation for removal of compatability
support before FreeBSD 13.

Reviewed by:    imp
Relnotes:       yes
Sponsored by:   DARPA, AFRL
Differential Revision:  https://reviews.freebsd.org/D22448

HardenedBSD/hardenedbsd efc509blib/clang/libclang Makefile, lib/clang/libllvm Makefile

Add explanatory comments for the different SRCS_xxx variables used in
the Makefiles for libllvm and libclang.  While here, cleanup a commented
out SRCS entry in libllvmminimal's Makefile.

MFC after:      3 days

HardenedBSD/hardenedbsd 1855df7sys/vm vm_page.c

As with r354905 use uint16_t to store aflags on the stack and as function
arguments as the aflags size in vm_page_t has increased.

Sponsored by:   DARPA, AFRL
DeltaFile
+3-3sys/vm/vm_page.c
+3-31 files

HardenedBSD/hardenedbsd c3303edshare/man/man5 src.conf.5

src.conf.5: regen for several recent changes

r354289 armv6: Switch to LLD by default
r354290 Take arm.arm (armv5) out of universe
r354348 armv6, armv7: Switch to llvm-libunwind by default
r354660 Enable the RISC-V LLVM backend by default.

as well as lib32 changes

Sponsored by:   The FreeBSD Foundation

HardenedBSD/hardenedbsd 8723357sys/vm vm_page.c

Use atomic_load_16 to load aflags as it's a uint16_t after r354820.

Sponsored by:   DARPA, AFRL
DeltaFile
+2-2sys/vm/vm_page.c
+2-21 files

HardenedBSD/hardenedbsd dfc2021share/man/man5 src.conf.5

src.conf.5: regen after r354902, WITHOUT_AMD by default

HardenedBSD/hardenedbsd 7cb8ba0tools/build/options WITH_AMD

Add description for WITH_AMD

WITHOUT_AMD is now the default as of r354902.

Sponsored by:   The FreeBSD Foundation

HardenedBSD/hardenedbsd cba137e. UPDATING, share/mk src.opts.mk

disable amd(8) by default

As of FreeBSD 10.1 the autofs(5) is available for automounting, and the
amd man page has indicated that the in-tree copy of amd is obsolete.
Disable it by default for now, with the expectation that it will be
removed before FreeBSD 13.0.

Reviewed by:    kevans
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D22460

HardenedBSD/hardenedbsd 7779043usr.bin/xinstall xinstall.c Makefile

Allow boostrapping xinstall on Linux

Linux does not have st_flags so we have to avoid using it there.

Reviewed By:    emaste, imp
Differential Revision: https://reviews.freebsd.org/D22446

HardenedBSD/hardenedbsd d5e1f75usr.sbin/jail Makefile

Use the correct variable, also limit the scope to bfd

PR:            242109
Reported by:    jhb
Sponsored by:   The FreeBSD Foundation

HardenedBSD/hardenedbsd 8414de6usr.sbin/jail Makefile

Limit the workaround to riscv only

PR:            242109
Sponsored by:   The FreeBSD Foundation

HardenedBSD/hardenedbsd 2b8635asys/arm64/arm64 pmap.c

Until every possible root cause for an "invalid ASID" assertion failure is
resolved, assign every pmap a valid ASID when it is first initialized.

HardenedBSD/hardenedbsd 43e49b6crypto/openssh monitor.c

sshd: make getpwclass wrapper MON_ISAUTH not MON_AUTH

In r339216 a privsep wrapper was added for login_getpwclass to address
PR 231172.  Unfortunately the change used the MON_AUTH flag in the
wrapper, and MON_AUTH includes MON_AUTHDECIDE which triggers an
auth_log() on each invocation.  getpwclass() does not participate in the
authentication decision, so should be MON_ISAUTH instead.

PR:            234793
Submitted by:   Henry Hu
Reviewed by:    Yuichiro NAITO
MFC after:      1 week

HardenedBSD/hardenedbsd 1776053usr.sbin/jail Makefile

Workaround riscv64 build when using binutils 2.33.1

PR:            242109
Reviewed by:    bapt
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D22457

HardenedBSD/hardenedbsd 66596a3sys/security/mac mac_process.c, sys/vm vm_map.c vm_map.h

Instead of looking up a predecessor or successor to the current map
entry, when that entry has been seen already, keep the
already-looked-up value in a variable and use that instead of looking
it up again.

Approved by: alc, markj (earlier version), kib (earlier version)
Differential Revision: https://reviews.freebsd.org/D22348

HardenedBSD/hardenedbsd b2251a4sys/kern subr_csan.c, sys/sys csan.h

Import the NetBSD Kernel Concurrency Sanitizer (KCSAN) runtime.

KCSAN is a tool to find concurrent memory access that may race each other.
After a determined number of memory accesses a cell is created, this
describes the current access. It will then delay for a short period
to allow other CPUs a chance to race. If another CPU performs a memory
access to an overlapping region during this delay the race is reported.

This is a straight import of the NetBSD code, it will be adapted to
FreeBSD in a future commit.

Sponsored by:   DARPA, AFRL

HardenedBSD/hardenedbsd 5f4e2edsys/kern vfs_cache.c

cache: minor stat cleanup

Remove duplicated stats and move numcachehv from debug to vfs.cache.

HardenedBSD/hardenedbsd 41890desys/kern vfs_subr.c

vfs: perform a more racy check in vfs_notify_upper

Locking mp does not buy anything interms of correctness and only contributes to
contention.

HardenedBSD/hardenedbsd 788b844sys/compat/linux linux_file.c

linux: avoid overhead of P_CONTROLT checks if possible

Sponsored by:   The FreeBSD Foundation

HardenedBSD/hardenedbsd b1e239esys/fs/devfs devfs_vnops.c, sys/kern vfs_subr.c vfs_syscalls.c

vfs: change si_usecount management to count used vnodes

Currently si_usecount is effectively a sum of usecounts from all associated
vnodes. This is maintained by special-casing for VCHR every time usecount is
modified. Apart from complicating the code a little bit, it has a scalability
impact since it forces a read from a cacheline shared with said count.

There are no consumers of the feature in the ports tree. In head there are only
2: revoke and devfs_close. Both can get away with a weaker requirement than the
exact usecount, namely just the count of active vnodes. Changing the meaning to
the latter means we only need to modify it on 0<->1 transitions, avoiding the
check plenty of times (and entirely in something like vrefact).

Reviewed by:    kib, jeff
Tested by:      pho
Differential Revision:  https://reviews.freebsd.org/D22202

HardenedBSD/hardenedbsd edd82c4sys/amd64/amd64 mp_machdep.c exception.S

amd64: in double fault handler, do not rely on sane gsbase value.

Typical reasons for doublefault faults are either kernel stack
overflow or bugs in the code that manipulates protection CPU state.
The later code is the code which often has to set up gsbase for
kernel.  Switching to explicit load of GSBASE MSR in the fault handler
makes it more probable to output a useful information.

Now all IST handlers have nmi_pcpu structure on top of their stacks.

It would be even more useful to save gsbase value at the moment of the
fault.  I did not this because I do not want to modify PCB layout now.

Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week

HardenedBSD/hardenedbsd 5fb301ecddl/contrib/opensolaris/cmd/zpool zpool.8

zpool.8: remove a paragraph about quorum disks

FreeBSD has no such thing.
illumos and ZoL manuals do not talk about quorum disks either.
Only Oracle ZFS mentions them.

MFC after:      1 week

HardenedBSD/hardenedbsd b4e24cdcddl/contrib/opensolaris/cmd/zpool zpool.8

fix up r354804, resolve merge conflicts in zpool.8

Somehow I managed to commit the manual page with unresolved conflicts in
it.

While here, I also replaced .sp with .Pp.

MFC after:      3 weeks
X-MFC with:     r354804

HardenedBSD/hardenedbsd 43af250contrib/netbsd-tests/usr.bin/unifdef t_basic.sh

Only skip failing test case in CI.

PR:            242095
Sponsored by:   The FreeBSD Foundation

HardenedBSD/hardenedbsd cc1c2a7contrib/netbsd-tests/usr.bin/unifdef t_basic.sh

Temporarily skip the failing test case usr.bin.unifdef.basic_test.basic

PR:            242095
Sponsored by:   The FreeBSD Foundation

HardenedBSD/hardenedbsd f0fdec0sys/arm/broadcom/bcm2835 bcm2835_vcbus.h

bcm2835_vcbus: add compatibility name for ^/sys/contrib/vchiq

It's unclear how this didn't get caught in my last iteration, but the fix is
easy- the interface is still compatible, it was just gratuituously renamed
to match my arbitrary definition of consistency... VCBUS, the BCM2835 name,
represents an address on the VideoCore CPU Bus.

In a similar fashion, while it is a physical address, the ARMC portion
represents that these are addresses as seen by the ARM CPU.

To make things even more fun, the BCM2711 peripheral documentation describes
not virtual address space vs. physical address space, but instead the 32-bit
address map vs. the address map in "Low Peripheral" mode. The latter of
these is what the *ARMC* macros translate to/from.

HardenedBSD/hardenedbsd 37b5ca7sys/arm/broadcom/bcm2835 bcm2835_vcbus.c bcm2835_vcbus.h

bcm2835: push address mapping conversion for DMA/mailbox to runtime

We could maintain the static conversions for the !AArch64 Raspberry Pis, but
I'm not sure it's worth it -- we'll traverse the platform list exactly once
(of which there are only two for armv7), then every conversion there-after
traverses the memory map listing of which there are at-most two entries for
these boards: sdram and peripheral space.

Detecting this at runtime is necessary for the AArch64 SOC, though, because
of the distinct IO windows being otherwise not discernible just from support
compiled into the kernel. We currently select the correct window based on
/compatible in the FDT.

We also use a similar mechanism to describe the DMA restrictions- the RPi 4
can have up to 4GB of RAM while the DMA controller and mailbox mechanism can
technically, kind of, only access the lowest 1GB. See the comment in
bcm2835_vcbus.h for a fun description/clarification of this.

Differential Revision:  https://reviews.freebsd.org/D22301

HardenedBSD/hardenedbsd 65c224fsys/vm uma_core.c

When we set OFFPAGE to limit fragmentation we should also set VTOSLAB
so that we avoid the hashtables.  The hashtable is now only required if
a zone is created with OFFPAGE specified initially, not internally.  This
flag signals to UMA that it can't touch the allocated memory and so
can't store a slab pointer in the containing page.

Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D22453
DeltaFile
+10-3sys/vm/uma_core.c
+10-31 files

HardenedBSD/hardenedbsd 7b5cc68sys/sys buf.h

White space cleanup. No functional change.

Sponsored by: Netflix
DeltaFile
+2-2sys/sys/buf.h
+2-21 files

HardenedBSD/hardenedbsd 5576e8csys/ufs/ffs ffs_softdep.c

Add some KASSERTs. Reacquire a mutex after a kernel printf rather
than holding it during the printf. White space cleanup.

Sponsored by: Netflix

HardenedBSD/hardenedbsd 24f2461sys/vm vm_object.c vm_object.h

Only keep anonymous objects on shadow lists.  This eliminates locking of
globally visible objects when they are part of a backing chain.

Reviewed by:    kib, markj
Differential Revision:  https://reviews.freebsd.org/D22423

HardenedBSD/hardenedbsd 83848ecsys/vm vnode_pager.c vm_page.c

Remove unnecessary object locking from the vnode pager.  Recent changes to
busy/valid/dirty locking make these acquires redundant.

Reviewed by:    kib, markj
Differential Revision:  https://reviews.freebsd.org/D22186

HardenedBSD/hardenedbsd be1b482sys/kern uipc_shm.c sysv_shm.c, sys/vm vm_object.c vm_reserv.c

Simplify anonymous memory handling with an OBJ_ANON flag.  This eliminates
reudundant complicated checks and additional locking required only for
anonymous memory.  Introduce vm_object_allocate_anon() to create these
objects.  DEFAULT and SWAP objects now have the correct settings for
non-anonymous consumers and so individual consumers need not modify the
default flags to create super-pages and avoid ONEMAPPING/NOSPLIT.

Reviewed by:    alc, dougm, kib, markj
Tested by:      pho
Differential Revision:  https://reviews.freebsd.org/D22119

HardenedBSD/hardenedbsd 91df212sys/arm/broadcom/bcm2835 bcm2835_sdhci.c

bcm2835_sdhci: various refactoring of DMA path

This round of refactoring is mostly about streamlining the interrupt handler
to make it easier to verify and reason about operations taking place while
trying to bring FreeBSD up on the RPi4.

HardenedBSD/hardenedbsd 5eaf402sys/net netmap_user.h

netmap: check if we already ran mmap before we attempt it

Submitted by:   neel at neelc.org
Reviewed by:    vmaffione
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D22390

HardenedBSD/hardenedbsd fb644c4sys/netinet6 in6.c

in6: move include

Move the include for sysctl.h out of the middle of the file to the
includes at the beginning.  This is will make it easier to add new
sysctls.

No functional changes.

MFC after:      3 weeks
Sponsored by:   Netflix
DeltaFile
+1-2sys/netinet6/in6.c
+1-21 files