HardenedBSD/hardenedbsd 156a372lib/libc/arm/gen _setjmp.S setjmp.S, lib/libc/stdio freopen.c local.h

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/unstable

HardenedBSD/hardenedbsd a9a0936lib/libc/arm/gen _setjmp.S setjmp.S, lib/libc/stdio freopen.c local.h

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/segvguard-ng

HardenedBSD/hardenedbsd dfd0adblib/libc/arm/gen _setjmp.S setjmp.S, lib/libc/stdio freopen.c local.h

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/log

HardenedBSD/hardenedbsd 1335e4alib/libc/arm/gen _setjmp.S setjmp.S, lib/libc/stdio freopen.c local.h

Merge branch 'freebsd/current/master' into hardened/current/master

HardenedBSD/hardenedbsd 660ba43sys/compat/linux linux_file.c

Merge remote-tracking branch 'origin/hardened/11-stable/master' into 
hardened/11-stable/unstable

HardenedBSD/hardenedbsd 35564d2sys/compat/linux linux_file.c

Merge remote-tracking branch 'origin/hardened/11-stable/master' into 
hardened/11-stable/master-libressl

HardenedBSD/hardenedbsd d47875asys/compat/linux linux_file.c

Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

HardenedBSD/hardenedbsd f4d10a4lib/libc/stdio freopen.c local.h

Make stdio deferred cancel-safe.

If used with fopen(3)/fdopen(3)-ed FILEs, stdio accurately uses
non-cancellable internal versions of the functions, i.e. it seems to
be fine with regard to cancellation.  But if the funopen(3) and
f{r,w}open(3) functions were used to open the FILE, and corresponding
user functions create cancellation points (they typically have no
other choice), then stdio code at least leaks FILE' lock.

The change installs cleanup handler which unlocks FILE.  Some minimal
restructuring of the code was required to make it use common return
place to satisfy hand-rolled pthread_cleanup_pop() requirements.

Noted by:       eugen
Reviewed by:    eugen, vangyzen
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      2 weeks
Differential revision:  https://reviews.freebsd.org/D11246

HardenedBSD/hardenedbsd f855d50sys/kern kern_event.c

Do not cast struct kevent_args or struct freebsd11_kevent_args to
struct g_kevent_args.

On some architectures, e.g. PowerPC, there is additional padding in uap.

Reported and tested by: andreast
Sponsored by:   The FreeBSD Foundation
DeltaFile
+18-2sys/kern/kern_event.c
+18-21 files

HardenedBSD/hardenedbsd b5b198blib/libc/arm/gen _setjmp.S setjmp.S

Start to remove _libc_arm_fpu_present checks. We don't support the VFP on
ARMv4 or ARMv5, and only support it when it's present on ARMv6 and later.
As such always store the VFP register in setjmp and restore them in
longjmp when building for armv6.

Reviewed by:    mmel
Sponsored by:   DARPA, AFRL
Differential Revision:  https://reviews.freebsd.org/D11393

HardenedBSD/hardenedbsd ee49cfesys/compat/linux linux_file.c

MFC r320353: linux_getdents, linux_readdir: fix mismatch between malloc and free tags

Approved by:    re (gjb)

HardenedBSD/hardenedbsd 6324b61

Merge remote-tracking branch 'origin/hardened/current/log' into hardened/current/unstable
DeltaFile
+0-00 files

HardenedBSD/hardenedbsd 16afd1a

Merge remote-tracking branch 'origin/hardened/current/segvguard-ng' into 
hardened/current/unstable
DeltaFile
+0-00 files

HardenedBSD/hardenedbsd bef0aaclib/libstand gzipfs.c bzipfs.c, sys/boot/i386/libi386 libi386.h

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/unstable

HardenedBSD/hardenedbsd 0da5c18lib/libstand gzipfs.c bzipfs.c, sys/boot/i386/libi386 libi386.h

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/segvguard-ng

HardenedBSD/hardenedbsd 92c620elib/libstand bzipfs.c gzipfs.c, sys/boot/i386/libi386 libi386.h

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/log

HardenedBSD/hardenedbsd a65a6d2lib/libstand gzipfs.c bzipfs.c, sys/boot/i386/libi386 libi386.h

Merge branch 'freebsd/current/master' into hardened/current/master

HardenedBSD/hardenedbsd aa07ca6lib/libstand gzipfs.c bzipfs.c

Don't bother to set target for SEEK_END.

While there also collapase SEEK_END into default case in lseek.

MFC after:      2 weeks

HardenedBSD/hardenedbsd fde83cdsys/boot/i386/libi386 libi386.h, sys/boot/i386/loader chain.c

loader: chain load relocate data declaration is bad

The implementation is using fixed size array allocated in asm module,
need to use proper array declaration for C source.

CID:           1376405
Reported by:    Coverity, cem
Reviewed by:    cem
Differential Revision:  https://reviews.freebsd.org/D11321

HardenedBSD/hardenedbsd 6806589sys/dev/ath ah_osdep.c

[ath_hal] if building with ALQ, ensure we actually depend upon ALQ.

HardenedBSD/hardenedbsd 48b4146sys/mips/conf std.AR_MIPS_BASE

[mips] [ar71xx] Since the wlan/ath drivers use ALQ, ensure we build the module
here otherwise we can't load said module.

HardenedBSD/hardenedbsd 36e5f34sys/mips/conf DIR-825C1

[mips] make this compile again after all of the config changes.

HardenedBSD/hardenedbsd 6667f6b

Merge remote-tracking branch 'origin/hardened/current/log' into hardened/current/unstable
DeltaFile
+0-00 files

HardenedBSD/hardenedbsd 26bc1c0

Merge remote-tracking branch 'origin/hardened/current/segvguard-ng' into 
hardened/current/unstable
DeltaFile
+0-00 files

HardenedBSD/hardenedbsd 69cc22fsys/arm/freescale/imx imx_i2c.c, sys/dev/iicbus iic_recover_bus.c iic_recover_bus.h

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/unstable

HardenedBSD/hardenedbsd f595414sys/arm/freescale/imx imx_i2c.c, sys/dev/iicbus iic_recover_bus.c iic_recover_bus.h

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/segvguard-ng

HardenedBSD/hardenedbsd b892613sys/arm/freescale/imx imx_i2c.c, sys/dev/iicbus iic_recover_bus.c iic_recover_bus.h

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/log

HardenedBSD/hardenedbsd 44a510asys/arm/freescale/imx imx_i2c.c, sys/conf files

Merge branch 'freebsd/current/master' into hardened/current/master

HardenedBSD/hardenedbsd c2b197bsys/amd64/amd64 pmap.c, sys/i386/i386 pmap.c

Merge remote-tracking branch 'origin/hardened/11-stable/master' into 
hardened/11-stable/unstable

HardenedBSD/hardenedbsd df01a42sys/amd64/amd64 pmap.c, sys/i386/i386 pmap.c

Merge remote-tracking branch 'origin/hardened/11-stable/master' into 
hardened/11-stable/master-libressl

HardenedBSD/hardenedbsd 440cb2esys/hardenedbsd hbsd_pax_noexec.c

Merge remote-tracking branch 'origin/hardened/10-stable/master' into 
hardened/10-stable/unstable

HardenedBSD/hardenedbsd 8f91a95sys/hardenedbsd hbsd_pax_noexec.c

Merge remote-tracking branch 'origin/hardened/10-stable/master' into 
hardened/10-stable/master-libressl

HardenedBSD/hardenedbsd a36965bsys/conf files

Add iic_recover_bus.c.  Should have been part of r320461.
DeltaFile
+1-0sys/conf/files
+1-01 files

HardenedBSD/hardenedbsd b492b76sys/arm/freescale/imx imx_i2c.c

Add bus recovery handling to the imx5/imx6 i2c driver.

HardenedBSD/hardenedbsd 0e6af7bsys/dev/iicbus iic_recover_bus.c iic_recover_bus.h

Add iic_recover_bus(), a helper function that can be used by any i2c driver
which is able to manipulate the clock and data lines directly.

When an i2c bus is hung by a slave device stuck in the middle of a
transaction that didn't complete properly, this function manipulates the
clock and data lines in a sequence known to reliably reset slave devices.
The most common cause of a hung i2c bus is a system reboot in the middle of
an i2c transfer (so it doesnt' happen often, but now there is a way other
than power cycling to recover from it).

HardenedBSD/hardenedbsd f8ce30esys/dev/iicbus iiconf.c

If an i2c transfer ends due to error, issue a stop on the bus even if the
nostop option is set, if a start was issued.

The nostop option doesn't mean "never issue a stop" it means "only issue
a stop after the last in a series of transfers".  If the transfer ends
due to error, then that was the last transfer in the series, and a stop
is required.

Before this change, any error during a transfer when nostop is set would
effectively hang the bus, because sc->started would never get cleared,
and that caused all future calls to iicbus_start() to return an error
because it looked like the bus was already active.  (Unrelated errors in
handling the nostop option, to be addressed separately, could lead to
this bus hang condition even on busses that don't set the nostop option.)

HardenedBSD/hardenedbsd 0b95123sys/hardenedbsd hbsd_pax_noexec.c

HBSD: fix broken pax_mprotect transitions

The previous implementation don't care about the prot flags,
when calculedted the maxprot flags, and this caused incompatibilities
between prot and maxprot. To resolve this issue, take prot flags into
the condition of maxprot flags calculation.

The old expression in pax_mprotect was:

        if ((*maxprot & (VM_PROT_WRITE|VM_PROT_EXECUTE)) != VM_PROT_EXECUTE)
                *maxprot &= ~VM_PROT_EXECUTE;
        else
                *maxprot &= ~VM_PROT_WRITE;

While the new code in pax_mprotect is the following:

        if ((*maxprot & (VM_PROT_WRITE|VM_PROT_EXECUTE)) != VM_PROT_EXECUTE &&
            (*prot & VM_PROT_EXECUTE) != VM_PROT_EXECUTE)
                *maxprot &= ~VM_PROT_EXECUTE;
        else
                *maxprot &= ~VM_PROT_WRITE;

In a more detailed this table describes where the errors occures
(the convention is {prot, maxprot}, P means pax_pageexec phase,
M means pax_mprotect phase):

    [226 lines not shown]

HardenedBSD/hardenedbsd 1904c84sys/hardenedbsd hbsd_pax_noexec.c

HBSD: fix broken pax_mprotect transitions

The previous implementation don't care about the prot flags,
when calculedted the maxprot flags, and this caused incompatibilities
between prot and maxprot. To resolve this issue, take prot flags into
the condition of maxprot flags calculation.

The old expression in pax_mprotect was:

        if ((*maxprot & (VM_PROT_WRITE|VM_PROT_EXECUTE)) != VM_PROT_EXECUTE)
                *maxprot &= ~VM_PROT_EXECUTE;
        else
                *maxprot &= ~VM_PROT_WRITE;

While the new code in pax_mprotect is the following:

        if ((*maxprot & (VM_PROT_WRITE|VM_PROT_EXECUTE)) != VM_PROT_EXECUTE &&
            (*prot & VM_PROT_EXECUTE) != VM_PROT_EXECUTE)
                *maxprot &= ~VM_PROT_EXECUTE;
        else
                *maxprot &= ~VM_PROT_WRITE;

In a more detailed this table describes where the errors occures
(the convention is {prot, maxprot}, P means pax_pageexec phase,
M means pax_mprotect phase):

    [225 lines not shown]

HardenedBSD/hardenedbsd 33780cesys/kern imgact_elf.c

HBSD: fix merge conflict in sys/kern/imgact_elf.c after recent upstream changes

Signed-off-by: Oliver Pinter <oliver.pinter at hardenedbsd.org>
DeltaFile
+5-13sys/kern/imgact_elf.c
+5-131 files

HardenedBSD/hardenedbsd 22f2630sys/amd64/amd64 pmap.c, sys/i386/i386 pmap.c

Merge remote-tracking branch 'origin/freebsd/11-stable/master' into 
hardened/11-stable/master

 Conflicts:
        sys/kern/imgact_elf.c (not resolved)

Signed-off-by: Oliver Pinter <oliver.pinter at hardenedbsd.org>

HardenedBSD/hardenedbsd 9161ed8sys/hardenedbsd hbsd_pax_noexec.c

HBSD: fix broken pax_mprotect transitions

The previous implementation don't care about the prot flags,
when calculedted the maxprot flags, and this caused incompatibilities
between prot and maxprot. To resolve this issue, take prot flags into
the condition of maxprot flags calculation.

The old expression in pax_mprotect was:

        if ((*maxprot & (VM_PROT_WRITE|VM_PROT_EXECUTE)) != VM_PROT_EXECUTE)
                *maxprot &= ~VM_PROT_EXECUTE;
        else
                *maxprot &= ~VM_PROT_WRITE;

While the new code in pax_mprotect is the following:

        if ((*maxprot & (VM_PROT_WRITE|VM_PROT_EXECUTE)) != VM_PROT_EXECUTE &&
            (*prot & VM_PROT_EXECUTE) != VM_PROT_EXECUTE)
                *maxprot &= ~VM_PROT_EXECUTE;
        else
                *maxprot &= ~VM_PROT_WRITE;

In a more detailed this table describes where the errors occures
(the convention is {prot, maxprot}, P means pax_pageexec phase,
M means pax_mprotect phase):

    [224 lines not shown]

HardenedBSD/hardenedbsd 78dc895

Merge remote-tracking branch 'origin/hardened/current/log' into hardened/current/unstable
DeltaFile
+0-00 files

HardenedBSD/hardenedbsd e26e359

Merge remote-tracking branch 'origin/hardened/current/segvguard-ng' into 
hardened/current/unstable
DeltaFile
+0-00 files

HardenedBSD/hardenedbsd 445189ccontrib/ipfilter/lib hostname.c portname.c, sys/ufs/ffs ffs_alloc.c ffs_snapshot.c

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/unstable

HardenedBSD/hardenedbsd 0ac8344contrib/ipfilter/lib hostname.c portname.c, sys/ufs/ffs ffs_alloc.c ffs_snapshot.c

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/segvguard-ng

HardenedBSD/hardenedbsd ea473a8contrib/ipfilter/lib hostname.c portname.c, sys/ufs/ffs ffs_alloc.c ffs_snapshot.c

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/log

HardenedBSD/hardenedbsd dca66c1contrib/ipfilter/lib hostname.c portname.c, sys/ufs/ffs ffs_alloc.c ffs_snapshot.c

Merge branch 'freebsd/current/master' into hardened/current/master

HardenedBSD/hardenedbsd af2d380sys/fs/nfsclient nfs_clport.c

Fix an NFSv3 client case that probably never happens.

If an NFSv3 server were to reply with weak cache consistency attributes,
but not post operation attributes, the client would use garbage attributes
from memory. This was spotted during work on the code for the NFSv4.1 client.
I have never seen evidence that this happens and it wouldn't make sense
for an NFSv3 server to do this, so this patch is basically "theoretical",
but does fix the problem if a server were to do the above.

PR:            219552
MFC after:      2 weeks

HardenedBSD/hardenedbsd c036ae9sys/netinet sctp_auth.c sctp_pcb.c

MFC r320263:
Use a longer buffer for messages in ERROR chunks.

MFC r320264:
Check the length of a COOKIE chunk before accessing fields in it.

MFC r320300:
Handle sctp_get_next_param() in a consistent way.

Approved by:    re (marius@)

HardenedBSD/hardenedbsd 6a56f29sys/arm/freescale/imx imx_gpio.c

Implement gpio input by reading the pad state register, not the data register.

When a pin is set for input the value in the DR will be the same as the PSR.

When a pin is set for output the value in the DR is the value output to the
pad, and the value in the PSR is the actual electrical level sensed on the
pad, and they can be different if the pad is configured for open-drain mode
and some other entity on the board is driving the line low.