FreeBSD/src 350005head/sys/kern kern_umtx.c

In do_sem2_wait(), balance umtx_key_get() with umtx_key_release() on retry.

Reported by:    ler
Bisected and reviewed by:       markj
Sponsored by:   The FreeBSD Foundation
MFC after:      12 days

FreeBSD/src 350004head/sys/arm64/arm64 pmap.c trap.c, head/sys/arm64/include pte.h

Implement software access and dirty bit management for arm64.

Previously the arm64 pmap did no reference or modification tracking;
all mappings were treated as referenced and all read-write mappings
were treated as dirty.  This change implements software management
of these attributes.

Dirty bit management is implemented to emulate ARMv8.1's optional
hardware dirty bit modifier management, following a suggestion from alc.
In particular, a mapping with ATTR_SW_DBM set is logically writeable and
is dirty if the ATTR_AP_RW_BIT bit is clear.  Mappings with
ATTR_AP_RW_BIT set are write-protected, and a write access will trigger
a permission fault.  pmap_fault() handles permission faults for such
mappings and marks the page dirty by clearing ATTR_AP_RW_BIT, thus
mapping the page read-write.

Reviewed by:    alc
MFC after:      1 month
Sponsored by:   The FreeBSD Foundation
Differential Revision:

FreeBSD/src 350003head/sys/riscv/riscv pmap.c

pmap_clear_modify() needs to clear PTE_W.

MFC after:      1 week
Sponsored by:   The FreeBSD Foundation

FreeBSD/src 350002head/sys/riscv/riscv pmap.c

Fix reference counting in pmap_ts_referenced() on RISC-V.

pmap_ts_referenced() does not necessarily clear the access bit from
all accessed mappings of a given page.  Thus, if a scan of the mappings
needs to be restarted, we should be careful to avoid double-counting
accessed mappings whose access bits were not cleared in a previous

Reported by:    alc
Reviewed by:    alc
MFC after:      1 week
Sponsored by:   The FreeBSD Foundation
Differential Revision:

FreeBSD/src 350001head/sys/arm/conf GENERIC

Remove duplicated device firmware entry in generic arm kernel config added in r333191

Submitted by:   Daniel Engberg (daniel.engberg.lists at
MFC after:      3 days
Differential Revision:

FreeBSD/src 350000head/release/picobsd/bridge crunch.conf, head/release/picobsd/qemu crunch.conf

Remove RELEASE_CRUNCH here. It's obsolete.

Remove RELEASE_CRUNCH here. It's obsolete and hasn't worked in a while.  The
build options need to be revisited, since many older ones are listed, while
newer useful ones are not. But that rototilling I'll leave to others.

FreeBSD/src 349999head/sys/netinet sctp_output.c

Add support for MSG_EOR and MSG_EOF in sendmsg() for SCTP.

This is an FreeBSD extension, not covered by Posix.

This issue was found by running syzkaller.

MFC after:             1 week

FreeBSD/src 349998head/sys/netinet sctp_pcb.c

Fix socket state handling when freeing an SCTP endpoint.

This issue was found by runing syzkaller.

MFC after:             1 week

FreeBSD/src 349997head/usr.sbin/ngctl Makefile

Replace complicated expression to disable libedit when no libthr is being built
with a simpler one.

FreeBSD/src 349996head/sbin/ping Makefile, head/usr.bin/telnet Makefile

Remove all the RELEASE_CRUNCH instances that partially disable IPSEC

We remove IPSEC only in parts of the tree, and not others. RELEASE_CRUNCH to
disable it has not kept up with all its uses. Remove it. Should there be a real
need to disable IPSEC, one that hasn't shown up in the base system to date,
it can be re-added behind a WITHOUT_IPSEC build option.

FreeBSD/src 349995head/sys/kern kern_umtx.c

In do_lock_pi(), do not return prematurely.

If umtxq_check_susp() indicates an exit, we should clean the resources
before returning.  Do it by breaking out of the loop and relying on
post-loop cleanup.

Reviewed by:    markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      12 days
Differential revision:

FreeBSD/src 349994head/sys/kern kern_umtx.c

Correctly check for casueword(9) success in do_set_ceiling().

After r349951, the return code must be checked instead of old == new

Reviewed by:    markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      12 days
Differential revision:

FreeBSD/src 349993stable 11, stable/11/share/man/man9 casuword.9

MFC r349950:
Style: avoid long lines by using .Fo instead of .Fn.

FreeBSD/src 349992stable 12, stable/12/share/man/man9 casuword.9

MFC r349950:
Style: avoid long lines by using .Fo instead of .Fn.

FreeBSD/src 349991head/usr.sbin/ntp, head/usr.sbin/wpa Makefile.crypto

MK_OPENSSL makes RELEASE_CRUNCH redundant here

Since these things are more completely controlled by the MK_OPENSSL knob, remove
RELEASE_CRUNCH here. It's no longer needed for the release and other users can
use the more proper knob if they so desire.

FreeBSD/src 349990head/bin/ls Makefile

Now that we have MK_LS_COLORS, we don't need RELEASE_CRUNCH check here.

The RELEASE_CRUNCH check is redundant here. We don't need it for releases
anymore, and picobsd can control this more directly without making it a special

FreeBSD/src 349989head/sys/kern uipc_socket.c

Improve the input validation for l_linger.
When using the SOL_SOCKET level socket option SO_LINGER, the structure
struct linger is used as the option value. The component l_linger is of
type int, but internally copied to the field so_linger of the structure
struct socket. The type of so_linger is short, but it is assumed to be
non-negative and the value is used to compute ticks to be stored in a
variable of type int.

Therefore, perform input validation on l_linger similar to the one
performed by NetBSD and OpenBSD.

Thanks to syzkaller for making me aware of this issue.

Thanks to markj@ for pointing out that a similar check should be added
to so_linger_set().

Reviewed by:           markj@
MFC after:             2 weeks
Differential Revision:

FreeBSD/src 349988head/sys/x86/iommu intel_drv.c

PR:     239143
Reported and tested by: Wes Maag <jwmaag at>
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week

FreeBSD/src 349987head/sys/netinet tcp_sack.c tcp_output.c, head/sys/netinet/tcp_stacks rack.c

This is the second in a number of patches needed to
get BBRv1 into the tree. This fixes the DSACK bug but
is also needed by BBR. We have yet to go two more
one will be for the pacing code (tcp_ratelimit.c) and
the second will be for the new updated LRO code that
allows a transport to know the arrival times of packets
and (tcp_lro.c). After that we should finally be able
to get BBRv1 into head.

Sponsored by:   Netflix Inc
Differential Revision:

FreeBSD/src 349986head/sys/netinet sctp_usrreq.c sctp_pcb.c, head/sys/netinet6 sctp6_usrreq.c

When calling sctp_initialize_auth_params(), the inp must have at
least a read lock. To avoid more complex locking dances, just
call it in sctp_aloc_assoc() when the write lock is still held.

Reported by:           syzbot+08a486f7e6966f1c3cfb at
MFC after:             1 week

FreeBSD/src 349985stable 11, stable/11/sys/x86/x86 cpu_machdep.c

MFC r349913:
Ensure that mds_handler always points to a valid method.

FreeBSD/src 349984stable 11, stable/11/lib/libthr/thread thr_info.c

MFC r349912:
Restore ability to pass NULL name argument to pthread_set_name_np(3)
to clear the thread name.

PR:     239142

FreeBSD/src 349983stable 12, stable/12/sys/x86/x86 cpu_machdep.c

MFC r349913:
Ensure that mds_handler always points to a valid method.

FreeBSD/src 349982stable 12, stable/12/lib/libthr/thread thr_info.c

MFC r349912:
Restore ability to pass NULL name argument to pthread_set_name_np(3)
to clear the thread name.

PR:     239142

FreeBSD/src 349981head/sys/net ieee_oui.h

Fix a typo in r349969


Caught by:      Gary Jennejohn

FreeBSD/src 349980head/sys/contrib/ipfilter/netinet ip_state.c

Calculate the offset of the interface name using FR_NAME rather than
calclulating it "by hand". This improves consistency with the rest of
the code and is in line with planned fixes and other work.

MFC after:      1 week

FreeBSD/src 349979head/sys/contrib/ipfilter/netinet fil.c ip_fil.h

Recycle the unused FR_CMPSIZ macro which became orphaned in ipfilter 5
prior to its import into FreeBSD. This macro calculates the size to be
compared within the frentry structure. The ipfilter 4 version of the
macro calculated the compare size based upon the static size of the
frentry struct. Today it uses the ipfilter 5 method of calculating the
size based upon the new to ipfilter 5 fr_size value found in the
frentry struct itself.

No effective change in code is intended.

MFC after:      1 week

FreeBSD/src 349978head/sys/contrib/ipfilter/netinet fil.c


MFC after:      3 days

FreeBSD/src 349977projects/fuse2/sys/fs/fuse fuse_file.c fuse_internal.c

fusefs: fix the build with some NODEBUG kernels

systm.h needs to be included before counter.h

Sponsored by:   The FreeBSD Foundation

FreeBSD/src 349976head UPDATING

Add an entry mentioning the permission/mode change to daily accounting files.
+8-01 files

FreeBSD/src 349975head/sys/arm64/arm64 pmap.c

Revert r349442, which was a workaround for bus errors caused by an errant
TLB entry.  Specifically, at the start of pmap_enter_quick_locked(), we
would sometimes have a TLB entry for an invalid PTE, and we would need to
issue a TLB invalidation before exiting pmap_enter_quick_locked().  However,
we should never have a TLB entry for an invalid PTE.  r349905 has addressed
the root cause of the problem, and so we no longer need this workaround.

X-MFC after:    r349905

FreeBSD/src 349974head/libexec/rc/rc.d accounting

Limit access to system accounting files.

In 2013 the security chapter of the Handbook was updated in r42501 to
suggest limiting access to the system accounting file [*1] by creating the
initial file with a mode of 0600. This was in part based on a discussion in
the forums [*2]. Unfortunately, this advice is overridden by the fact that a
new file is created as part of periodic daily processing, and the file mode
is set by the rc.d/accounting script.

These changes update the accounting script to create the directory with mode
0750 if it doesn't already exist, and to create the daily file with mode
0640. This limits write access to root only, read access to root and members
of wheel, and eliminates world access completely. For admins who want to
prevent even members of wheel from accessing the files, the mode of the
/var/account directory can be manually changed to 0700, because the script
never creates or changes that directory if it already exists.

The accounting_rotate_log() function now also handles the error cases of no
existing log file to rotate, and attempting to rotate the file multiple
times (.0 file already exists).

Another small change here eliminates the complexity of the mktemp/chmod/mv
sequence for creating a new acct file by using install(1) with the flags
needed to directly create the file with the desired ownership and
modes. That allows coalescing two separate if checkyesno accounting_enable

    [9 lines not shown]

FreeBSD/src 349973head/sys/i386/i386 pmap.c

Remove a stale comment.

Reported by:    markj
MFC after:      1 week

FreeBSD/src 349972head/lib/libc/arm, head/lib/libc/arm/gen arm_sync_icache.2 arm_drain_writebuf.2

Add arm_sync_icache() and arm_drain_writebuf() sysarch syscall wrappers.

NetBSD and OpenBSD have libc wrapper functions for the ARM_SYNC_ICACHE and
ARM_DRAIN_WRITEBUF sysarch operations. This change adds compatible functions
to our library. This should make it easier for various upstream sources to
support *BSD operating systems with a single variation of cache maintence
code in tools like interpreters and JIT compilers.

I consider the argument types passed to arm_sync_icache() to be especially
unfortunate, but this is intended to match the other BSDs.

Differential Revision:

FreeBSD/src 349971head/contrib/llvm/tools/lld/ELF SymbolTable.cpp SymbolTable.h

Pull in r365760 from upstream lld trunk (by Fangrui Song):

  [ELF] Handle non-glob patterns before glob patterns in version
  scripts & fix a corner case of --dynamic-list

  This fixes PR38549, which is silently accepted by ld.bfd.
  This seems correct because it makes sense to let non-glob patterns
  take precedence over glob patterns.

  lld issues an error because
  `assignWildcardVersion(ver, VER_NDX_LOCAL);` is processed before

  Move all assignWildcardVersion() calls after assignExactVersion()
  calls to fix this.

  Also, move handleDynamicList() to the bottom. computeBinding() called
  by includeInDynsym() has this cryptic rule:

      if (versionId == VER_NDX_LOCAL && isDefined() && !isPreemptible)
        return STB_LOCAL;

  Before the change:

  * foo's version is set to VER_NDX_LOCAL due to `local: *`

    [25 lines not shown]

FreeBSD/src 349970projects/fuse2/sys/fs/fuse fuse_main.c, projects/fuse2/tests/sys/fs/fusefs

projects/fuse2: build fixes

* Fix the kernel build with gcc by removing a redundant extern declaration
* In the tests, fix a printf format specifier that assumed LP64

Sponsored by:   The FreeBSD Foundation

FreeBSD/src 349969head/sys/net ieee_oui.h, head/usr.sbin/bhyve pci_nvme.c

bhyve: Create EUI64 for NVMe namespaces

Accept an IEEE Extended Unique Identifier (EUI-64) from the command
line for each NVMe namespace. If one isn't provided, it will create one
based on the CRC16 of:
 - the FreeBSD IEEE OUI
 - PCI bus, device/slot, function values
 - Namespace ID

Reviewed by:    imp, araujo, jhb, rgrimes
Approved by:    imp (mentor), jhb (maintainer)
MFC after:      2 weeks
Differential Revision:

FreeBSD/src 349968head/sys/netinet6 udp6_usrreq.c

r348494 fixes a race in udp_output(). The same race exists in
udp_output6(), therefore apply a similar patch to IPv6.

Reported by:           syzbot+c5ffbc8f14294c7b0e54 at
Reviewed by:           bz@, markj@
MFC after:             2 weeks
Sponsored by:          Netflix, Inc.
Differential Revision:

FreeBSD/src 349967stable 11, stable/11 UPDATING

MFC r349876:

Apply a workaround to be able to build clang 8.0.0 headers with clang
3.4.1, which is still in the stable/10 branch.

It looks like clang 3.4.1 implements static_asserts by instantiating a
temporary static object, and if those are in an anonymous union, it
results in "error: anonymous union can only contain non-static data

To work around this implementation limitation, move the static_asserts
in question out of the anonymous unions.

This should make building the latest stable/11 from stable/10 possible

Reported by:    Mike Tancsa <mike at>

FreeBSD/src 349966head/sys/dev/netmap netmap_generic.c

netmap: fix bug introduced by r349752

r349752 introduced a NULL pointer reference bug
in the emulated netmap code.

Reported by:    lwhsu
MFC after:      3 days

FreeBSD/src 349965head/sys/powerpc/aim mmu_oea64.c

powerpc64/pmap: No need for moea64_pvo_remove_from_page_locked() wrapper

The only consumer of moea64_pvo_remove_from_page_locked() already has the
page in hand, so there is no need to search for the page while holding the
lock.  Drop the wrapper, and rename _moea64_pvo_remove_from_page_locked().

Reported by:    alc

FreeBSD/src 349964head/sbin/camcontrol camcontrol.c camcontrol.h

Add device type NVME and device type MMCSD to get_device_type

For completeness, add nvme and mmc/sd devices to the list of device
types we know.

FreeBSD/src 349963head/sys/powerpc/aim mmu_oea64.c

powerpc64/pmap: Reduce scope of PV_LOCK in remove path

Since the 'page pv' lock is one of the most highly contended locks, we
need to try to do as much work outside of the lock as we can.  The
moea64_pvo_remove_from_page() path is a low hanging fruit, where we can
do some heavy work (PHYS_TO_VM_PAGE()) outside of the lock if needed.
In one path, moea64_remove_all(), the PV lock is already held and can't
be swizzled, so we provide two ways to perform the locked operation, one
that can call PHYS_TO_VM_PAGE outside the lock, and one that calls with
the lock already held.

Reviewed By: luporl
Differential Revision:

FreeBSD/src 349962stable 11 12, stable/11/sys/amd64/vmm x86.c

MFC 347238: vmm(4): Pass through RDSEED feature bit to guests

FreeBSD/src 349961stable/12/usr.sbin/bhyve pci_passthru.c consport.c

MFC 343068:
Use capsicum_helpers(3) that allow us to simplify the code and its functions
will return success when the kernel is built without support of
the capability mode.

It is important to note, that I'm taking a more conservative approach
with these changes and it will be done in small steps.

FreeBSD/src 349960head/sys/powerpc/aim mmu_oea64.c

Set pcpu curpmap for powerpc64

If an illegal instruction is encountered on a process running on a
powerpc64 kernel it would attempt to sync the cache before retrying the
instruction "just in case".  However, since curpmap is not set, when
moea64_sync_icache() attempts to lock the pmap, it's locking on a NULL pointer,
triggering a panic.  Fix this by adding a (assumed unnecessary) fallback to
curthread's pmap in moea64_sync_icache().

Reported by:
Reviewed by:    luporl,
Differential Revision:

FreeBSD/src 349959stable/11/usr.sbin/bhyve pci_virtio_console.c

Add Capsicumification of the virtio_console device model.

This is a direct commit to stable/11.  This change was missed when
merging virtio_console to 11 because the capsicum change and
virtio_console changes were merged in the opposite order of the
changes in head.

FreeBSD/src 349958stable/11/sys/amd64/vmm x86.c x86.h, stable/11/sys/amd64/vmm/amd svm_msr.c

MFC 339911,339936,343075,343166,348592: Various AMD CPU-specific fixes.

Emulate machine check related MSR_EXTFEATURES to allow guest OSes to
boot on AMD FX Series.

Merge cases with upper block.
This is a cosmetic change only to simplify code.

vmm(4): Take steps towards multicore bhyve AMD support

vmm's CPUID emulation presented Intel topology information to the guest, but
disabled AMD topology information and in some cases passed through garbage.
I.e., CPUID leaves 0x8000_001[de] were passed through to the guest, but
guest CPUs can migrate between host threads, so the information presented
was not consistent.  This could easily be observed with 'cpucontrol -i 0xfoo

Slightly improve this situation by enabling the AMD topology feature flag
and presenting at least the CPUID fields used by FreeBSD itself to probe
topology on more modern AMD64 hardware (Family 15h+).  Older stuff is
probably less interesting.  I have not been able to empirically confirm it
is sufficient, but it should not regress anything either.

    [23 lines not shown]

FreeBSD/src 349957head/usr.bin/top top.1

Fix layout.  -C needs to be styled as a flag here, not as a new list item.

MFC after:      2 weeks

FreeBSD/src 349956head/sys/dev/cxgbe/common t4_hw.c

cxgbe(4): Completely ignore all top level interrupts that are not enabled.

The driver used to log any non-zero cause and when running with a single
line interrupt it would spam the console/logs with reports of interrupts
that are of no interest to anyone.

MFC after:      1 week
Sponsored by:   Chelsio Communications