gitweb.dragonflybsd.org Git

MFV f83ac37f1e66: libbsdxml (expat) 2.4.3.

cryptosoft: Avoid referencing end-of-buffer cursors

Once a crypto cursor has reached the end of its buffer, it is invalid to
call crypto_cursor_segment() for at least some crypto buffer types.
Reorganize loops to avoid this.

Fixes: cfb7b942bed7 ("cryptosoft: Use multi-block encrypt/decrypt for non-AEAD ciphers.")
Fixes: a221a8f4a0de ("cryptosoft: Use multi-block encrypt/decrypt for AES-GCM.")
Fixes: f8580fcaa1e1 ("cryptosoft: Use multi-block encrypt/decrypt for AES-CCM.")
Fixes: 5022c68732e6 ("cryptosoft: Use multi-block encrypt/decrypt for ChaCha20-Poly1305.")
Reported and tested by: madpilot
Discussed with: jhb
Sponsored by: The FreeBSD Foundation

security.7: Minor fixes for ASLR sysctl descriptions

Reviewed by: debdrup, danfe, emaste
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33908

copyin tests: Use the KERN_PROC_VM_LAYOUT sysctl to fetch layout info

... rather than using the KERN_PROC_PS_STRINGS value to derive the top
of the user address space.

Reviewed by: kib
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33708

proc: Add a sysctl to fetch virtual address space layout info

This provides information about fixed regions of the target process'
user memory map.

Reviewed by: kib
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33708

exec: Reimplement stack address randomization

The approach taken by the stack gap implementation was to insert a
random gap between the top of the fixed stack mapping and the true top
of the main process stack.  This approach was chosen so as to avoid
randomizing the previously fixed address of certain process metadata
stored at the top of the stack, but had some shortcomings.  In
particular, mlockall(2) calls would wire the gap, bloating the process'
memory usage, and RLIMIT_STACK included the size of the gap so small
(< several MB) limits could not be used.

There is little value in storing each process' ps_strings at a fixed
location, as only very old programs hard-code this address; consumers
were converted decades ago to use a sysctl-based interface for this
purpose.  Thus, this change re-implements stack address randomization by
simply breaking the convention of storing ps_strings at a fixed
location, and randomizing the location of the entire stack mapping.
This implementation is simpler and avoids the problems mentioned above,
while being unlikely to break compatibility anywhere the default ASLR
settings are used.

The kern.elfN.aslr.stack_gap sysctl is renamed to kern.elfN.aslr.stack,
and is re-enabled by default.

PR: 260303
Reviewed by: kib
Discussed with: emaste, mw
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33704

exec: Remove the stack gap implementation

ASLR stack randomization will reappear in a forthcoming commit. Rather
than inserting a random gap into the stack mapping, the entire stack
mapping itself will be randomized in the same way that other mappings
are when ASLR is enabled.

No functional change intended, as the stack gap implementation is
currently disabled by default.

Reviewed by: kib
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33704

exec: Introduce the PROC_PS_STRINGS() macro

Rather than fetching the ps_strings address directly from a process'
sysentvec, use this macro. With stack address randomization the
ps_strings address is no longer fixed.

Reviewed by: kib
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33704

setrlimit: Remove special handling for RLIMIT_STACK with a stack gap

This will not be required with a forthcoming reimplementation of ASLR
stack randomization. Moreover, this change was not sufficient to enable
the use of a stack size limit smaller than the stack gap itself.

PR: 260303
Reviewed by: kib
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33704

sysent: Add a sv_psstringssz field to struct sysentvec

The size of the ps_strings structure varies between ABIs, so this is
useful for computing the address of the ps_strings structure relative to
the top of the stack when stack address randomization is enabled.

Reviewed by: kib
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33704

Revert "kern_exec: Add kern.stacktop sysctl."

The current ASLR stack gap feature will be removed, and with that the
need for the kern.stacktop sysctl is gone. All consumers have been
removed.

This reverts commit a97d697122da2bfb0baae5f0939d118d119dae33.

Reviewed by: kib
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33704

Revert "libthr: Use kern.stacktop for thread stack calculation."

The current ASLR stack gap feature will be removed, and with that the
need for this change, and the kern.stactop sysctl, is gone. Moreover,
the approach taken in this revision does not provide compatibility for
old copies of libthr.so, and the revision should have also updated
__libc_map_stacks_exec().

This reverts commit 78df56ccfcb40013a3e6904bd6d39836220c3550.

Reviewed by: kib
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33704

posixshm: Report output buffer truncation from kern.ipc.posix_shm_list

PR: 240573
Reviewed by: kib
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33912

x86/xen: fallback when VCPUOP_send_nmi is not available

It has been reported that on some AWS instances VCPUOP_send_nmi
returns -38 (ENOSYS). The hypercall is only available for HVM guests
in Xen 4.7 and newer. Add a fallback to use the native NMI sending
procedure when VCPUOP_send_nmi is not available, so that the NMI is
not lost.

Reported and Tested by: avg
MFC after: 1 week
Fixes: b2802351c162 ('xen: fix dispatching of NMIs')
Sponsored by: Citrix Systems R&D

ifconfig: improve vlan options parsing

PR: 261136
Reported by: Daniel O'Connor
MFC after: 2 weeks

gitignore: ignore vim swap files & .rej/.orig

Reviewed by: cem, avg
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D33794

linux: add sysctl to pass untranslated interface names

Reviewed by: kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D33792

linux: fix linux_recvmsg() MSG_PEEK flag handling

Reviewed by: kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D33790

linux: Make compat.linux.preserve_vstatus default to 1

From a user point of view, this makes ^T work out of the box.

Reviewed By: debdrup (man page)
Sponsored By: EPSRC
Differential Revision: https://reviews.freebsd.org/D33842

Vendor import of expat 2.4.3.

net80211: ieee80211_dump_node() cosmetics

Printing %p does not need the 0x prefix and while here mark the
ieee80211_node_table argument unused given we do not need it in the
current incarnation of the function.

Sponsored by: The FreeBSD Foundation
MFC after: 3 days

fib_algo: shift / mask by constants in dxr_lookup()

Since trie configuration remains invariant during each DXR instance
lifetime, instead of shifting and masking lookup keys by values
computed at runtime, compile upfront several dxr_lookup()
configurations with hardcoded shift / mask constants, and choose the
apropriate lookup function version after each DXR instance rebuild.

In synthetic tests this yields small but measurable (5-10%) lookup
throughput improvement, depending on FIB size and prefix patterns.

MFC after: 3 days

LinuxKPI: 802.11 correct enum ieee80211_channel_flags

enum ieee80211_channel_flags are used as bit fields and not as 1..n.
Correct the values using BIT(n).

This is also hoped to fix problems with 7260 cards which come up and
panic due to an empty channel list as all channels are set disabled [1].
It will hopefully also fix the one or other oddity.

Reported by: ambrisko, Mike Tancsa (mike sentex.net) [1]
Sponsored by: The FreeBSD Foundation
MFC after: 3 days

- fix typo

Reported by: Glenn Tam

libc: correct SPDX tag on strstr.c

It was obtained from musl, and is MIT licensed.

MFC after: 3 days
Sponsored by: The FreeBSD Foundation

libc: fix misleading comment in strstr

Obtained from: musl c53e9b239418

pf tests: Provoke failure in pf_ioctl_addrule

MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")

pf: ensure we don't destroy an uninitialised lock

The new lock introduced in 5f5e32f1b3 needs to be initialised early so
that it can be safely destroyed if we error out.

Reported-by: syzbot+d76113e9a4ae0c0fcac2@syzkaller.appspotmail.com
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")

etdump: Fix the file name included in the could not open error message

If only one file is passed, this reads the terminating NULL and so
prints (null). If multiple files are passed then this always prints the
second file, which may or may not exist (and will be particularly
confusing if it does exist since the output will include the dump of the
second file).

MFC after: 1 week

stress2: Added a regression test

stress2: Added one more unionfs test

Fix inverse sleep logic in buf_daemon().

Before commit 3cec5c77d617 buf_daemon() went to longer 1s sleep if
numdirtybuffers <= lodirtybuffers. After that commit new condition
!BIT_EMPTY(BUF_DOMAINS, &bdlodirty) got opposite -- true when one
or more more domains is above lodirtybuffers. As result, on freshly
booted system with no dirty buffers buf_daemon() wakes up 10 times
per second and probably only 1 time per second when there is actual
work to do.

MFC after: 1 week
Reviewed by: kib, markj
Tested by: pho
Differential revision: https://reviews.freebsd.org/D33890

fread.c: fix undefined behavior

A case of undefined behavior in __fread() has been detected by UBSAN
and reported by Mark Millard:

/usr/main-src/lib/libc/stdio/fread.c:133:10: runtime error: applying
zero offset to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior in
/usr/main-src/lib/libc/stdio/fread.c:133:10

While being benign (the NULL pointer is later passed to memcpy() with
a length argument of 0), this issue causes in the order of 600 Kyua
test cases to fail on systems running a world built with WITH_UBSAN
and WITH_ASAN.

The undefined behavior can be prevented by skipping operations that
have no effect for r == 0. Mark Millard has suggested to only skip
this code segment if fp->_p == NULL, but I have verified that for the
case of r == 0 no further argument checking is performed on the
addresses passed to memcpy() and thus no bugs are hidden from the
sanitizers due to the simpler condition chosen.

Reported by: Mark Millard (marklmi@yahoo.com)
Tested by: Mark Millard (marklmi@yahoo.com)
Differential Revision: https://reviews.freebsd.org/D33903
MFC after: 2 weeks

LinuxKPI: 802.11 Refine/add DTIM/TSF handling

Correct data types related to delivery traffic indication map (DTIM)/
timing synchronization function (TSF) and implement/refine their
handling.  This information is used/needed by iwlwifi to set a station
as associated.  This will hopefully avoid more "no beacon heard"
time event failures.

The recording of the Linux specific sync_device_ts is done in the
receive path for now in case we do have the right information
available.  I need to investigate as to how-much it may make sense
to also migrate it into net80211 in the future depending on the
usage in other drivers (or how we did handle this in the past in
natively ported versions, e.g. iwm).

Sponsored by: The FreeBSD Foundation
MFC after: 3 days

LinuxKPI: 802.11 handle connection loss differently

Rather than just bouncing back to SCAN bounce to INIT on connection
loss. This is should be refined in the future as the comment already
indicates but we need to tie two different worlds together.

Sponsored by: The FreeBSD Foundation
MFC after: 3 days

ofw_pci: Fix incorrectly sized softc causing pci(4) out-of-bounds reads

We do not include sys/rman.h and so machine/resource.h ends up not being
included by the time pci_private.h is included. This means PCI_RES_BUS
is never defined, and so the sc_bus member of pci_softc is not present
when compiling ofw_pci, resulting in the wrong softc size being passed
to DEFINE_CLASS_1 and thus any attempts by pci(4) to access that member
are out-of-bounds reads or writes.

This is pretty fragile; arguably pci_private.h should be including
sys/rman.h, but this is the minimal needed change to fix the bug whilst
maintaining the status quo.

Found by: CHERI
Reported by: andrew

stress2: Added a new unionfs test scenario

Use CPUID leaf 0x40000010 for local APIC freq

Some VM systems announce the frequency of the local APIC via the
CPUID leaf 0x40000010. Using this allows us to boot slightly
faster by avoiding the need for timer calibration.

Reviewed by: markj
Sponsored by: https://www.patreon.com/cperciva

TSC: Use 0x40000010 CPUID leaf for all VM types

While this CPUID leaf was originally only used by VMWare, other
hypervisors now also use it to announce the TSC frequency to guests.

This speeds up the boot process by 100 ms in EC2 and other systems,
by allowing the early calibration DELAY to be skipped.

Reviewed by: markj
Sponsored by: https://www.patreon.com/cperciva

Detect CPU type before asking VMWare for TSC freq

This allows us to set tsc_is_invariant and select appropriately
fenced versions of RDTSC based on the CPU type.

Reviewed by: markj
Sponsored by: https://www.patreon.com/cperciva

cxgbe(4): Fix bad races between sysctl and driver detach.

The default sysctl context setup by newbus for a device is eventually
freed by device_sysctl_fini, which runs after the device driver's detach
routine. sysctl nodes associated with this context must not use any
resources (like driver locks, hardware access, counters, etc.) that are
released by driver detach.

There are a lot of sysctl nodes like this in cxgbe(4) and the fix is to
hang them off a context that is explicitly freed by the driver before it
releases any resource that might be used by a sysctl.

This fixes panics when running "sysctl dev.t6nex dev.cc" in a tight loop
and loading/unloading the driver in parallel.

Reported by: Suhas Lokesha
MFC after: 1 week
Sponsored by: Chelsio Communications

snd_hda: restore pin patch for headphones on Lenovo X1 7th Gen

Fixes: ef790cc7407e ("hdaa: update pin patch configurations")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33900

ata_xpt: Rename probe_softc to aprobe_softc

Since both scsi_xpt and ata_xpt use the same name for the softc, this
can lead to problems in gdb. Avoid the issue by renaming the ata
probe_softc to aprobe_softc as has been done for the aprobe in
0f280cbd0a3a9. This was overlooked at the time.

Sponsored by: Netflix
MFC After: 2 weeks

Ignore calcru: runtime went backwards for vm_guest

VM's have little control over CPU speed, don't make matters worse
by constantly spaming console.

Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D33902

cam: Optimize write protection MODE SENSE in da(4).

Before this change on every open da(4) driver read all mode pages to
use only one bit. It was done so to not depend on the list of pages
supported by the disk. But I've found that at least for SATL of LSI/
Broadcom HBAs with WD HDDs Power Condition mode page reading may take
significant amount of time, much more than any other mode page, that
visibly increased disk retaste time by GEOM.

Address that by using data returned by the first MODE SENSE request
to limit the following ones to only one (the first for now) mode page.

With the change simultaneous retaste of 39 SATA disks takes about 2.5s
instead of more than 4s before, and I no longer see "dareprobe" status
on GEOM event thread.

MFC after: 2 weeks
Sponsored by: iXsystems, Inc.

Allow downstream projects to easily add private and internal libs

Allow projects based on the FreeBSD tree to append to _PRIVATELIBS
and _INTERNALLIBS by simply maintaining their own lists of
LOCAL_PRIVATELIBS and LOCAL_INTERNALLIBS, respectively.

Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D33901

netmap: fix LOR in iflib_netmap_register

In iflib_device_register(), the CTX_LOCK is acquired first and then
IFNET_WLOCK is acquired by ether_ifattach(). However, in netmap_hw_reg()
we do the opposite: IFNET_RLOCK is acquired first, and then CTX_LOCK
is acquired by iflib_netmap_register(). Fix this LOR issue by wrapping
the CTX_LOCK/UNLOCK calls in iflib_device_register with an additional
IFNET_WLOCK. This is safe since the IFNET_WLOCK is recursive.

MFC after: 1 month

carp(4): Make regex additionally match on VLAN interfaces

This tiny change to the example makes devd capable of reacting to carp
status change events on VLAN interfaces.

Reported by: Thomas Steen Rasmussen (tykling) <thomas at gibfest.dk>

uma: Avoid polling for an invalid SMR sequence number

Buckets in an SMR-enabled zone can legitimately be tagged with
SMR_SEQ_INVALID. This effectively means that the zone destructor (if
any) was invoked on all items in the bucket, and the contained memory is
safe to reuse. If the first bucket in the full bucket list was tagged
this way, UMA would unnecessarily poll per-CPU state before attempting
to fetch a full bucket from the list.

MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation

vm_pageout: Print a more accurate message to the console before an OOM kill

Previously we'd always print "out of swap space." This can be
misleading, as there are other reasons an OOM kill can be triggered. In
particular, it's entirely possible to trigger an OOM kill on a system
with plenty of free swap space.

Reviewed by: kib
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33810

zone.9: Remove documentation of non-existent NUMA configuration flags

These configuration options were removed in commit dfe13344f557.

Some forthcoming work will update the UMA man page to describe its
current behaviour on NUMA systems.

MFC after: 1 week
Sponsored by: The FreeBSD Foundation

netbsd-tests: Fix the libc stat_socket test

The test tries to connect a socket to a closed port at 127.0.0.1. It
sets O_NONBLOCK on the socket first and expects to get EINPROGRESS from
connect(2), but this is not guaranteed, ECONNREFUSED is possible.
Handle both cases, and re-enable the test.

PR: 240621
MFC after: 1 week
Sponsored by: The FreeBSD Foundation

Revert "Disable flaky test lib.libc.sys.setrlimit_test.setrlimit_stack"

The stack gap implementation is disabled by default now, so the test
passes.

This reverts commit dad71022bd7a8f95ab2ba656bec61e2424a1c3c5.

PR: 259969
MFC after: 1 week
Sponsored by: The FreeBSD Foundation

bhyve: add nvlist functions for setting unset nodes

If an emulation uses those functions instead of set_config_value_node
or set_config_value, it allows the config values to get
overwritten. Introducing new functions is much more readable than
if else statements in the emulation code.

Reviewed by: khng
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33770

bhyve: add support for MTRR

Some guests or driver might depend on MTRR to work properly. E.g. the
nvidia gpu driver won't work without MTRR.

Reviewed by: markj
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33333

powerpc: Fix syntax atomic.h

Fixes: b5d227b0b27 powerpc: Add atomic_testand_{set,clear}_{int,long}

pkgbase: Remove runtime dependency on bootloader

It isn't needed and will cause problem when upgrading to a newer release.

Reviewed by: emaste
MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33878

pf: protect the rpool from races

The roundrobin pool stores its state in the rule, which could
potentially lead to invalid addresses being returned.

For example, thread A just executed PF_AINC(&rpool->counter) and
immediately afterwards thread B executes PF_ACPY(naddr, &rpool->counter)
(i.e. after the pf_match_addr() check of rpool->counter).

Lock the rpool with its own mutex to prevent these races. The
performance impact of this is expected to be low, as each rule has its
own lock, and the lock is also only relevant when state is being created
(so only for the initial packets of a connection, not for all traffic).

See also: https://redmine.pfsense.org/issues/12660
Reviewed by: glebius
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D33874

mana: Add RX fencing

RX fencing allows the driver to know that any prior change to the RQs has
finished, e.g. when the RQs are disabled/enabled or the hashkey/indirection
table are changed, RX fencing is required.

Remove the previous 'sleep' workaround and add the real support for
RX fencing as the PF driver supports the MANA_FENCE_RQ request now (any
old PF driver not supporting the request won't be used in production).

MFC after: 2 weeks
Sponsored by: Microsoft

powerpc64le: enable ISA_206_ATOMICS option

powerpc64le requires at minimum POWER8 hardware, so ISA 2.06 atomic
instructions are always available.

This isn't so for powerpc64 (BE), so isn't enabled by default there.

powerpc: Add atomic_testand_{set,clear}_{int,long}

Add machine-optimized implementations for the following:
* atomic_testandset_int
* atomic_testandclear_int
* atomic_testandset_long
* atomic_testandclear_long

This fixes the build with ISA_206_ATOMICS enabled.
Add the associated atomic_testandset_32, atomic_testandclear_32, so
that ice(4) can potentially build.

cam: Fix type of elm_idx in struct enc_element.

It is a global element index, so it may need more than one byte.
For now it is only a cosmetics, since the field is never read.

MFC after: 2 weeks

ia32_signal.h: Drop #ifdef's for old compat structures.

Requested by: kib

ia32: Rename a struct ia32_sigcontext3 -> struct ia32_osigcontext.

Fixes: bd7630ef6198 ia32: Sync signal context type names with i386.

Use G_ELI_IVKEYLEN as the size of IV in the user test code.

IVs are not the size of keys as a general case. Most often they are
the size of a single block.

Reviewed by: imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33885

geliboot: Use the correct IV length for AES-XTS.

- Use AES_XTS_IV_LEN instead of the key length as the IV length.
- Use G_ELI_IVKEYLEN as the size of the zeroed iv[] array in
g_eli_crypto_cipher() to match geli_io().

PR: 261172
Reported by: Malcolm Matalka <mmatalka@gmail.com>, mikael
Reviewed by: markj
Sponsored by: FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33884

Move struct freebsd4_ucontext to sys/i386/include/ucontext.h.

Requested by: kib
Reviewed by: brooks, imp, kib
Sponsored by: The University of Cambridge, Google Inc.
Differential Revision: https://reviews.freebsd.org/D33886

ia32: Sync signal context type names with i386.

- Use ia32_freebsd4_* instead of ia32_*4.
- Use ia32_o* instead of ia32_*3.

Reviewed by: brooks, imp, kib
Sponsored by: The University of Cambridge, Google Inc.
Differential Revision: https://reviews.freebsd.org/D33882

Rename struct sigframe4 to struct freebsd4_sigframe.

Reviewed by: brooks, imp, kib
Sponsored by: The University of Cambridge, Google Inc.
Differential Revision: https://reviews.freebsd.org/D33881

Rename struct mcontext4 to struct freebsd4_mcontext.

This matches the recent renaming of struct freebsd4_ucontext.

Reviewed by: brooks, imp, kib
Sponsored by: The University of Cambridge, Google Inc.
Differential Revision: https://reviews.freebsd.org/D33880

riscv64: enable ASAN and UBSAN

Differential review: https://reviews.freebsd.org/D33875
Approved by: dim, imp

atrtc: reads Century field from FADT table

The ACPI spec describes the FADT->Century field as:

    The RTC CMOS RAM index to the century of data value (hundred and
    thousand year decimals).  If this field contains a zero, then the
    RTC centenary feature is not supported.  If this field has a non-zero
    value, then this field contains an index into RTC RAM space that
    OSPM can use to program the centenary field.

Use this field to decide whether to program the CENTURY register
of the CMOS RTC device.

Reviewed by: akumar3@isilon.com, dab, vangyzen
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D33667

MFC after: 1 week
Sponsored by: Dell EMC Isilon

Remove usr/lib/libssp.a.

GNU's libssp installed this (in addition to libssp_nonshared.a), but
the libc-based libssp does not.

Reviewed by: kevans, emaste
Fixes: cd0d51baaa45 Provide libssp based on libc
Sponsored by: The University of Cambridge, Google Inc.
Differential Revision: https://reviews.freebsd.org/D33852

Remove lib32 versions of libl.

Reviewed by: imp, emaste
Fixes: eb61f7bdf266 Stop building libl and liby
Sponsored by: The University of Cambridge, Google Inc.
Differential Revision: https://reviews.freebsd.org/D33851

Remove a duplicate entry for libgpib_p.a.

Reviewed by: emaste
Sponsored by: The University of Cambridge, Google Inc.
Differential Revision: https://reviews.freebsd.org/D33850

cam: Fix wiring fence post error

If the last matching device entry partially matched in camperiphunit,
but then hit a continue case, we'd mistakenly think we had a match on
that entry. This lead to a number of problems downstream (usually a
belief that we had a duplicate wiring hint because unit = 0 is the
default). Fix this by using a for loop that does the assignment before
the loop termination test.

Sponsored by: Netflix
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D33873

tools/portconflicts/port_conflicts_check.lua: detect port conflicts

This tool can be used to detect install conflicts (ports/packages that
conflict with each other because of identically named files).

MFC after: 3 days

sesutil: Avoid setting reserved bits.

Weird side of SES specification is that some bits have different
meaning or semantics in status and control pages. This patch fixes
non-zero writes into reserved fields, that caused errors on some
enclosures when trying to control locate/fault LEDs, keeping other
bits unchanged.

MFC after: 2 weeks
Sposonred by: iXsystems, Inc.

tcp_usr_connect: report actual error code when stack requests drop

LRO: Don't merge ACK and non-ACK packets together

LRO was willing to merge ACK and non-ACK packets together. This
can cause incorrect th_ack values to be reported up the stack.
While non-ACKs are quite unlikely to appear in practice, LRO's
behaviour is against the spec. Make LRO unwilling to merge
packets with different TH_ACK flag values in order to fix the
issue.

Found by: Sysunit test
Differential Revision: https://reviews.freebsd.org/D33775
Reviewed by: rrs

LRO: Fix lost packets when merging 1 payload with an ACK

To check if it needed to regenerate a packet's header before
sending it up the stack, LRO was checking if more than one payload
had been merged into the packet. This failed in the case where
a single payload was merged with one or more pure ACKs. This
results in lost ACKs.

Fix this by precisely tracking whether header regeneration is
required instead of using an incorrect heuristic.

Found with: Sysunit test
Differential Revision: https://reviews.freebsd.org/D33774
Reviewed by: rrs

x86/madt: allow Xen guest to use x2APIC mode

The old bogus Xen versions that would deliver a GPF when writing to
the LAPIC MSR are likely retired, so it's safe to enable x2APIC
unconditionally now if available.

Tested by: avg
Reviewed by: kib
Sponsored by: Citrix Systems R&D
Differential revision: https://reviews.freebsd.org/D33877

Free UMA zones when a pass(4) instance goes away.

If the UMA zones are not freed, we get warnings about re-using the
sysctl variables associated with the UMA zones, and we're leaking
the other memory associated with the zone structures. e.g.:

sysctl_warn_reuse: can't re-use a leaf (vm.uma.pass44.size)!
sysctl_warn_reuse: can't re-use a leaf (vm.uma.pass44.flags)!
sysctl_warn_reuse: can't re-use a leaf (vm.uma.pass44.bucket_size)!
sysctl_warn_reuse: can't re-use a leaf (vm.uma.pass44.bucket_size_max)!
sysctl_warn_reuse: can't re-use a leaf (vm.uma.pass44.keg.name)!
sysctl_warn_reuse: can't re-use a leaf (vm.uma.pass44.keg.rsize)!
sysctl_warn_reuse: can't re-use a leaf (vm.uma.pass44.keg.ppera)!
sysctl_warn_reuse: can't re-use a leaf (vm.uma.pass44.keg.ipers)!

Also, correctly clear the PASS_FLAG_ZONE_INPROG flag in
passcreatezone(). The way it was previously done, it would have
had set the flag and cleared all other flags that were set at
that point.

MFC after: 1 week
Sponsored by: Spectra Logic

xen: use an hypercall for shutdown and reboot

When running as a Xen guest it's easier to use an hypercall in order
to do power management operations (power off, power cycle). Do this
for all supported guest types (HVM and PVH). Note that for HVM the
power operation could also be done using ACPI, but there's no reason
to differentiate between PVH and HVM.

While there fix the shutdown handler to properly differentiate between
power cycle and power off requests.

Reported by: Freddy DISSAUX
MFC: 1 week
Sponsored by: Citrix Systems R&D

Revert "Introduce MODULES_EXCLUDE"

This is already present as WITHOUT_MODULES

This reverts commit 8c0c5bdf9d5ebe08bb239633c16a567eb8a9f898.

Reported by: jrtc27

Introduce MODULES_EXCLUDE

It's sometimes easier to exclude some modules rather than listing all
possibly needed ones with MODULES_OVERRIDE.
So for this add MODULES_EXCLUDE which do exactly as one would guess, excludes
some modules from the build/install.

For example if one wants to exclude all modules which are only present in the
GENERIC config on amd64 :
export MODULES_EXCLUDE=$(grep -E '^device' sys/amd64/conf/GENERIC | awk '{print $2}' | tr '\n' ' ')

MFC after: 2 weeks
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D33443

qsort.c: prevent undefined behavior

Mark Milliard has detected a case of undefined behavior with the LLVM
UBSAN. The mandoc program called qsort with a==NULL and n==0, which is
allowed by the POSIX standard. The qsort() in FreeBSD did not attempt
to perform any accesses using the passed pointer for n==0, but it did
add an offset to the pointer value, which is undefined behavior in
case of a NULL pointer. This operation has no adverse effects on any
achitecture supported by FreeBSD, but could be caught in more strict
environments.

After some discussion in the freebsd-current mail list, it was
concluded that the case of a==NULL and n!=0 should still be caught by
UBSAN (or cause a program abort due to an illegal access) in order to
not hide errors in programs incorrectly invoking qsort().

Only the the case of a==NULL and n==0 should be fixed to not perform
the undefined operation on a NULL pointer.

This commit makes qsort() exit before reaching the point of
potentially undefined behvior for the case n==0, but does not test
the value of a, since the result will not depend on whether this
pointer is NULL or an actual pointer to an array if n==0.

The issue found by Mark Milliard in the whatis command has been
reported to the upstream (OpenBSD) and has already been patched
there.

MFC after: 1 week

mana: fix misc minor handlding issues when error happens.

- In mana_create_txq(), if test fails we must free some resources
  as in all the other handling paths of this function.
- In mana_gd_read_cqe(), add warning log in case of CQE read
  overflow, instead of failing silently.
- Fix error handling in mana_create_rxq() when
  cq->gdma_id >= gc->max_num_cqs.
- In mana_init_port(), use the correct port index rather than 0.
- In mana_hwc_create_wq(), If allocating the DMA buffer fails,
  mana_hwc_destroy_wq was called without previously storing the
  pointer to the queue. In order to avoid leaking the pointer to
  the queue, store it as soon as it is allocated.

MFC after: 2 weeks
Sponsored by: Microsoft

stress2: Updated the exclude list

stress2: Added two new tests

stress2: Added timeout to test. Added cleanup.

mana: Improve the HWC error handling

Currently when the HWC creation fails, the error handling is flawed,
e.g. if mana_hwc_create_channel() -> mana_hwc_establish_channel() fails,
the resources acquired in mana_hwc_init_queues() is not released.

Enhance mana_hwc_destroy_channel() to do the proper cleanup work and
call it accordingly.

MFC after: 2 weeks
Sponsored by: Microsoft

ixl(4): Remove unused function declaration

Signed-off-by: Eric Joyner <erj@FreeBSD.org>
Sponsored by: Intel Corporation

Revert "syscallarg_t: Add a type for system call arguments"

Missed issues in truss on at least armv7 and powerpcspe need to be
resolved before recommit.

This reverts commit 3889fb8af0b611e3126dc250ebffb01805152104.
This reverts commit 1544e0f5d1f1e3b8c10a64cb899a936976ca7ea4.

sysent: regen for syscallarg_t

syscallarg_t: Add a type for system call arguments

This more clearly differentiates system call arguments from integer
registers and return values. On current architectures it has no effect,
but on architectures where pointers are not integers (CHERI) and may
not even share registers (CHERI-MIPS) it is necessiary to differentiate
between system call arguments (syscallarg_t) and integer register values
(register_t).

Obtained from: CheriBSD

Reviewed by: imp, kib
Differential Revision: https://reviews.freebsd.org/D33780

ipfilter: Fixup comment

Fix comment documenting checksum block in ip_nat.c. Fastforward doesn't
perform checksum.

MFC after: 1 week

ipfilter: Fix IP header checksums post ftp proxy

Don't assume checksums will be calculated later in fastforward.

MFC after: 1 week

ipfilter: Fix whitespace errors

MFC after: 3 days

ipfilter: Correct function description

Correct the parameters descriptions for ipf_fix_outcksum and
ipf_fix_incksum.

MFC after: 3 days