HardenedBSD/hardenedbsd 8c72154sys/arm/mv mv_spi.c, sys/compat/freebsd32 capabilities.conf

Merge remote-tracking branch 'origin/hardened/current/master' into 
hardened/current/unstable

* origin/hardened/current/master: (47 commits)
  Remove trailing white space in advance of other changes.
  Clear RX completion queue state veriables in iflib_stop()
  Initialize compatibility epoch tracker for thread0. Fixes panics for drivers that call 
if_maddr_lock() during startup.
  mountd has no way to configure the listen queue depth; rather than add a new option, we 
pass -1 down to listen, which causes it to use the kern.ipc.soacceptqueue sysctl.
  Revert r332735 and fix MSI-X to properly fail allocations when full.
  Fix typo introduced in r340439 - s/ETN/ETC/
  Fix /etc/ntp permissions. According to mtree it must be 0700
  Hook mac_ntpd.4 up to the build.
  Fix the path to malloc_domain.9.
  vtnet: fix netmap support
  Prevent POLA violation with TSO/CSUM offload
  Fix leaks caused by ifc_nhwtxqs never being initialized
  smbutil(1): Improve mdoc formatting.
  Fixup spacing for style
  Now that there is jail support for bhyve vms, this check needs to ensure it is not 
running in a jail, as kldstat will not pick this up.
  Add the driver for the SPI controller on ARMADA38X.
  Add d_off support for multiple filesystems.
  HBSD: Resolve merge conflict

    [3 lines not shown]

HardenedBSD/hardenedbsd 63a395esys/cam/ata ata_da.c, sys/cam/scsi scsi_da.c

Merge branch 'freebsd/current/master' into hardened/current/master

* freebsd/current/master:
  Remove trailing white space in advance of other changes.
  Clear RX completion queue state veriables in iflib_stop()
  Initialize compatibility epoch tracker for thread0. Fixes panics for drivers that call 
if_maddr_lock() during startup.
  mountd has no way to configure the listen queue depth; rather than add a new option, we 
pass -1 down to listen, which causes it to use the kern.ipc.soacceptqueue sysctl.
  Revert r332735 and fix MSI-X to properly fail allocations when full.
  Fix typo introduced in r340439 - s/ETN/ETC/

HardenedBSD/hardenedbsd 8b6735f. UPDATING, sys/dev/amdsmn amdsmn.c

Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master

* freebsd/12-stable/master:
  MFC r340426 (by cem)
  MFC r340425 (by cem)
  MFC S340428: Prepare move of ctm from base to a port (misc/ctm) by: - Adding a note to 
UPDATING - Adding a note to the history section of the manpage ctm.1 - Adding a message 
printed to STDERR to the ctm program

HardenedBSD/hardenedbsd a18b083sys/cam/ata ata_da.c, sys/cam/scsi scsi_da.c

Remove trailing white space in advance of other changes.

HardenedBSD/hardenedbsd 46e61d7sys/dev/amdtemp amdtemp.c

MFC r340426 (by cem)

amdtemp(4): Fix temperature reporting on AMD 2990WX

Update the AMD family 17h temperature reporting based on AMD Tech Doc 56255
OSRR, section 4.2.1.

For CPUS w/CUR_TEMP_RANGE_SEL set, scale the reported temperature into the
range -49..206; i.e., subtract 49°C.

Submitted by:   gallatin@
Reported by:    bcran@
Reviewed by:    cem (long ago)
Approved by:    re (kib)
Relnotes:       yes
Differential Revision:  https://reviews.freebsd.org/D16855

HardenedBSD/hardenedbsd 72fdf55sys/dev/amdsmn amdsmn.c, sys/dev/amdtemp amdtemp.c

MFC r340425 (by cem)

amdsmn(4)/amdtemp(4): Attach to Ryzen 2 hostbridges

As reported, tested, and patch supplied by Johannes.

There may be future work to do to support multiple sensors, but for now, any
sensor at all is a strict improvement for Ryzen 2 systems.

PR:            228480
Submitted by:   Johannes Lundberg <johalun0 AT gmail.com> (earlier version)
Reported by:    deischen@, Johannes, and numerous others
Early MFC approved by:  cem
Approved by:    re (kib)
Relnotes:       yes

HardenedBSD/hardenedbsd 65fbea0sys/net iflib.c

Clear RX completion queue state veriables in iflib_stop()

iflib_stop() was not resetting the rxq completion queue state variables.
This meant that for any driver that has receive completion queues, after a
reinit, iflib would start asking what's available on the rx side starting at
whatever the completion queue index was prior to the stop, instead of at 0.

Submitted by:   pkelsey
Reported by:    pkelsey
MFC after:      3 days
Sponsored by:   Limelight Networks
DeltaFile
+1-0sys/net/iflib.c
+1-01 files

HardenedBSD/hardenedbsd 8b3d739. UPDATING, usr.sbin/ctm/ctm ctm.1 ctm.c

MFC S340428: Prepare move of ctm from base to a port (misc/ctm) by:
- Adding a note to UPDATING
- Adding a note to the history section of the manpage ctm.1
- Adding a message printed to STDERR to the ctm program

This version is meant for release in FreeBSD-12.0 and should remain in
FreeBSD-12 over its life-time.

A follow-up commit will remove ctm from -CURRENT after the MFC to 12
has happened.

Approved by:    re
Relnotes:       yes
Differential Revision:  https://reviews.freebsd.org/D17969

HardenedBSD/hardenedbsd 45d396csys/kern init_main.c

Initialize compatibility epoch tracker for thread0. Fixes
panics for drivers that call if_maddr_lock() during startup.

Reported by:    cy

HardenedBSD/hardenedbsd 2ca9bd5usr.sbin/mountd mountd.c

mountd has no way to configure the listen queue depth; rather than add a new
option, we pass -1 down to listen, which causes it to use the
kern.ipc.soacceptqueue sysctl.

Approved by:    mav
MFC after:      2 weeks
Sponsored by:   iXsystems Inc

HardenedBSD/hardenedbsd a7fd918sys/x86/x86 msi.c

Revert r332735 and fix MSI-X to properly fail allocations when full.

The off-by-one errors in 332735 weren't actual errors and were
preventing the last MSI interrupt source from being used.  Instead,
the issue is that when all MSI interrupt sources were allocated, the
loop in msix_alloc() would terminate with 'msi' still set to non-null.
The only check for 'i' overflowing was in the 'msi' == NULL case, so
msix_alloc() would try to reuse the last MSI interrupt source instead
of failing.

Fix by moving the check for all sources being in use to just after the
loop.

Reviewed by:    kib, markj
MFC after:      1 month
Differential Revision:  https://reviews.freebsd.org/D17976
DeltaFile
+7-6sys/x86/x86/msi.c
+7-61 files

HardenedBSD/hardenedbsd cff682fusr.sbin/ntp/ntpd Makefile

Fix typo introduced in r340439 - s/ETN/ETC/

Reported by:    jhb, yuripv
Approved by:    eugen
MFC after:      3 days
X-MFC-With:     340439
Sponsored by:   Rubicon Communications, LLC (Netgate)

HardenedBSD/hardenedbsd ad3b113usr.sbin/ntp/ntpd Makefile

Fix /etc/ntp permissions. According to mtree it must be 0700

Reviewed by:    imp
Approved by:    imp
MFC after:      3 days
Sponsored by:   Rubicon Communications, LLC (Netgate)
Differential Revision:  https://reviews.freebsd.org/D17973

HardenedBSD/hardenedbsd a98efddshare/man/man4 Makefile

Hook mac_ntpd.4 up to the build.

PR:            232757
Submitted by:   Yasuhiro KIMURA <yasu at utahime.org>
MFC after:      3 days

HardenedBSD/hardenedbsd 0c3e626. ObsoleteFiles.inc

Fix the path to malloc_domain.9.

Reported by:    yuripv
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation
DeltaFile
+1-1ObsoleteFiles.inc
+1-11 files

HardenedBSD/hardenedbsd f890a80sys/dev/netmap if_vtnet_netmap.h, sys/dev/virtio/network if_vtnet.c if_vtnetvar.h

vtnet: fix netmap support

netmap(4) support for vtnet(4) was incomplete and had multiple bugs.
This commit fixes those bugs to bring netmap on vtnet in a functional state.

Changelist:
  - handle errors returned by virtqueue_enqueue() properly (they were
    previously ignored)
  - make sure netmap XOR rest of the kernel access each virtqueue.
  - compute the number of netmap slots for TX and RX separately, according to
    whether indirect descriptors are used or not for a given virtqueue.
  - make sure sglist are freed according to their type (mbufs or netmap
    buffers)
  - add support for mulitiqueue and netmap host (aka sw) rings.
  - intercept VQ interrupts directly instead of intercepting them in txq_eof
    and rxq_eof. This simplifies the code and makes it easier to make sure
    taskqueues are not running for a VQ while it is in netmap mode.
  - implement vntet_netmap_config() to cope with changes in the number of queues.

Reviewed by:    bryanv
Approved by:    gnn (mentor)
MFC after:      3 days
Sponsored by:   Sunny Valley Networks
Differential Revision:  https://reviews.freebsd.org/D17916

HardenedBSD/hardenedbsd 07ad6a8sys/net iflib.c

Prevent POLA violation with TSO/CSUM offload

Ensure that any time CSUM_IP_TSO or CSUM_IP6_TSO is set that the corresponding
CSUM_IP6?_TCP / CSUM_IP flags are also set.

Rather than requireing drivers to bake-in an understanding that TSO implies
checksum offloads, make it explicit.

This change requires us to move the IFLIB_NEED_ZERO_CSUM implementation to
ensure it's zeroed for TSO.

Reported by:    Jacob Keller <jacob.e.keller at intel.com>
MFC after:      1 week
Sponsored by:   Limelight Networks
Differential Revision:  https://reviews.freebsd.org/D17801
DeltaFile
+8-6sys/net/iflib.c
+8-61 files

HardenedBSD/hardenedbsd 9635092sys/net iflib.c

Fix leaks caused by ifc_nhwtxqs never being initialized

r333502 removed initialization of ifc_nhwtxqs, and it's not clear
there's a need to copy it into the struct iflib_ctx at all. Use
ctx->ifc_sctx->isc_ntxqs instead.

Further, iflib_stop() did not clear the last ring in the case where
isc_nfl != isc_nrxqs (such as when IFLIB_HAS_RXCQ is set). Use
ctx->ifc_sctx->isc_nrxqs here instead of isc_nfl.

Reported by:    pkelsey
Reviewed by:    pkelsey
MFC after:      3 days
Sponsored by:   Limelight Networks
Differential Revision:  https://reviews.freebsd.org/D17979
DeltaFile
+8-7sys/net/iflib.c
+8-71 files

HardenedBSD/hardenedbsd 213cb44contrib/smbfs/smbutil smbutil.1

smbutil(1): Improve mdoc formatting.

Also, make the path to the example configuration file absolute.

Reviewed by:    bcr
Approved by:    krion (mentor, implicit), mat (mentor, implicit)
Differential Revision:  https://reviews.freebsd.org/D17985

HardenedBSD/hardenedbsd 85cd821share/examples/bhyve vmrun.sh

Fixup spacing for style

(cherry picked from commit ed9f3558cc5795227b18aeb782620f2d80ff74f0)
Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
Submitted-by:   Michael Shirk (@shirkdog)
MFC-to:        12-STABLE
X-MFC-with:     c69204956caffe00dc7e96f95f8591a46a540b67

HardenedBSD/hardenedbsd c692049share/examples/bhyve vmrun.sh

Now that there is jail support for bhyve vms, this check needs to ensure it is not running 
in a jail, as kldstat will not pick this up.

(cherry picked from commit d4e4dd101c2c74ddc5b8ef926908c7139ad2afab)
Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
Submitted-by:   Michael Shirk (@shirkdog)
MFC-to:        12-STABLE

HardenedBSD/hardenedbsd 17aa0f3sys/arm/conf ARMADA38X GENERIC, sys/arm/mv mv_spi.c files.arm7

Add the driver for the SPI controller on ARMADA38X.

Tested on Clearfog (Pro) and SG-3100.

Sponsored by:   Rubicon Communications, LLC (Netgate)

HardenedBSD/hardenedbsd 7d33ec3lib/libc/sys getdirentries.2, share/man/man5 dir.5

Add d_off support for multiple filesystems.

The d_off field has been added to the dirent structure recently.
Currently filesystems don't support this feature.  Support has been
added and tested for zfs, ufs, ext2fs, fdescfs, msdosfs and unionfs.
A stub implementation is available for cd9660, nandfs, udf and
pseudofs but hasn't been tested.

Motivation for this feature: our usecase is for a userspace nfs server
(nfs-ganesha) with zfs.  At the moment we cache direntry offsets by
calling lseek once per entry, with this patch we can get the offset
directly from getdirentries(2) calls which provides a significant
speedup.

Submitted by:   Jack Halford <jack at gandi.net>
Reviewed by:    mckusick, pfg, rmacklem (previous versions)
Sponsored by:   Gandi.net
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D17917

HardenedBSD/hardenedbsd 36af381release/scripts make-manifest.sh

HBSD: Resolve merge conflict

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
Sponsored-by:   SoldierX

HardenedBSD/hardenedbsd 4a153ccsys/arm/mv mv_spi.c, sys/compat/freebsd32 capabilities.conf

Merge remote-tracking branch 'origin/freebsd/current/master' into hardened/current/master

Conflicts:
        release/scripts/make-manifest.sh (unresolved)

HardenedBSD/hardenedbsd cfdbbc8contrib/jemalloc/src extent.c

Pick 57553c3b1a5592dc4c03f3c6831d9b794e523865 from upstream:

    Avoid touching all pages in extent_recycle for debug build.

    We may have a large number of pages with *zero set (since they are populated on
    demand).  Only check the first page to avoid paging in all of them.

This makes it easy to compare performance with and without 'retain:true'.

Discussed with: jasone
Obtained from:  Qi Wang <interwq at gwu dot edu>
MFC after:      2 weeks
Sponsored by:   DARPA, AFRL

HardenedBSD/hardenedbsd 837db48lib/libc/locale c32rtomb.c c16rtomb.c

Fix WITHOUT_ICONV build after r340276.

Reported by:    olivier
Approved by:    kib (mentor, implicit)

HardenedBSD/hardenedbsd 16c7496. UPDATING, usr.sbin/ctm/ctm ctm.1 ctm.c

Prepare move of ctm from base to a port (misc/ctm) by:
- Adding a note to UPDATING
- Adding a note to the history section of the manpage ctm.1
- Adding a message printed to STDERR to the ctm program

This version is meant for release in FreeBSD-12.0 and should remain in
FreeBSD-12 over its life-time.

A follow-up commit will remove ctm from -CURRENT after the MFC to 12
has happened.

Approved by:    imp, rgrimes, bcr (man-page)
MFC after:      3 days
Relnotes:       yes
Differential Revision:  https://reviews.freebsd.org/D17969

HardenedBSD/hardenedbsd 840ae51sys/dev/amdtemp amdtemp.c

amdtemp(4): Fix temperature reporting on AMD 2990WX

Update the AMD family 17h temperature reporting based on AMD Tech Doc 56255
OSRR, section 4.2.1.

For CPUS w/CUR_TEMP_RANGE_SEL set, scale the reported temperature into the
range -49..206; i.e., subtract 49°C.

Submitted by:   gallatin@
Reported by:    bcran@
Reviewed by:    me (long ago)
MFC after:      22.57 seconds
Relnotes:       yea
Differential Revision:  https://reviews.freebsd.org/D16855

HardenedBSD/hardenedbsd d6e2f5fsys/dev/amdsmn amdsmn.c, sys/dev/amdtemp amdtemp.c

amdsmn(4)/amdtemp(4): Attach to Ryzen 2 hostbridges

As reported, tested, and patch supplied by Johannes.

There may be future work to do to support multiple sensors, but for now, any
sensor at all is a strict improvement for Ryzen 2 systems.

PR:            228480
Submitted by:   Johannes Lundberg <johalun0 AT gmail.com> (earlier version)
Reported by:    deischen@, Johannes, and numerous others
MFC after:      3.72 days

HardenedBSD/hardenedbsd d696b58sys/compat/freebsd32 capabilities.conf Makefile, sys/kern makesyscalls.sh

Use the main capabilities.conf for freebsd32.

Allow the location of capabilities.conf to be configured.

Also allow a per-abi syscall prefix to be configured with the
abi_func_prefix syscalls.conf variable and check syscalls against
entries in capabilities.conf with and without the prefix amended.

Take advantage of these two features to allow use shared capabilities.conf
between the default syscall vector and the freebsd32 compatability
layer.  We've been inconsistent about keeping the two in sync as
evidenced by the bugs fixed in r340294.  This eliminates that problem
going forward.

Reviewed by:    kib
Obtained from:  CheriBSD
Sponsored by:   DARPA, AFRL
Differential Revision:  https://reviews.freebsd.org/D17932

HardenedBSD/hardenedbsd 90bd0c6sys/kern kern_thread.c

Fix build on some architectures after r340413. On amd64 epoch.h
appeared to be included implicitly.

HardenedBSD/hardenedbsd 030cd8esbin/dump traverse.c main.c

Fix build break from dump incompatibility I introduced in -r340411

Pointy-hat to: mckusick

HardenedBSD/hardenedbsd e2f5b08usr.sbin/cpucontrol cpucontrol.c intel.c

cpucontrol(8): De-duplicate common update logic

Every µcode-updater must open the cpucontrol devfs node RDWR, open a
firmware file, validate the FW file has a positive length, mmap it, etc.
De-duplicate that identical logic between every individual platform.

Also, constify references to the readonly-mapped firmware files while here.

Sponsored by:   Dell EMC Isilon

HardenedBSD/hardenedbsd e1aba31sys/kern subr_epoch.c

epoch(9) revert r340097 - no longer a need for multiple sections per cpu

I spoke with Samy Bahra and recent changes to CK to make ck_epoch_call and
ck_epoch_poll not modify the record have eliminated the need for this.
DeltaFile
+9-11sys/kern/subr_epoch.c
+9-111 files

HardenedBSD/hardenedbsd 9d29c24sys/kern subr_epoch.c

style(9), mostly adjusting overly long lines.
DeltaFile
+30-24sys/kern/subr_epoch.c
+30-241 files

HardenedBSD/hardenedbsd 3adcbdfsys/dev/tws tws_cam.c tws_services.h

Remove support for versions prior to FreeBSD 7.0 from twa(4)

This was for pre-7.0 CAM support. Neither the CAM nor the busdma
changes over the years have not been ifdef'd. The code cannot build
on 6.x anymore. Support for 6.4 ended in 2010, so remove them.

HardenedBSD/hardenedbsd 64b7bc9sys/kern subr_epoch.c genoffset.c

With epoch not inlined, there is no point in using _lite KPI. While here,
remove some unnecessary casts.

HardenedBSD/hardenedbsd d57682asbin/dump traverse.c main.c

Plug build break after r340411.

HardenedBSD/hardenedbsd 587fc56share/man/man9 contigmalloc.9, sys/dev/hwpmc hwpmc_mod.c

Merge branch 'freebsd/12-stable/master' into hardened/12-stable/master

* freebsd/12-stable/master:
  MFC r339927: Add malloc_domainset(9) and _domainset variants to other allocator KPIs.
  MFC r340331: Re-apply r336984, reverting r339934.
  MFC r340313: Ensure that IP fragments do not extend beyond IP_MAXPACKET.

HardenedBSD/hardenedbsd db99058sys/kern subr_epoch.c, sys/sys epoch.h

The dualism between epoch_tracker and epoch_thread is fragile and
unnecessary. So, expose CK types to kernel and use a single normal
structure for epoch_tracker.

Reviewed by:    jtl, gallatin

HardenedBSD/hardenedbsd 6cdb791sys/amd64/conf NOTES

Add ZFS to amd64 NOTES to catch future breakage of static linking

HardenedBSD/hardenedbsd 56a943fsys/dev/mpr mpr_pci.c, sys/dev/mps mps_pci.c

Merge remote-tracking branch 'origin/hardened/11-stable/master' into 
hardened/11-stable/unstable

* origin/hardened/11-stable/master:
  Fix a regression from prior to 11.2 that caused MSI (not MSI-X) interrupt allocation to 
fail.  While here, refactor the code so that it's more clear and less likely to break in 
the future.  This is not an MFC due to the code in 12/head being very different, but it 
follows the latter's structure more closely than before.

HardenedBSD/hardenedbsd 4508d14sys/kern subr_epoch.c kern_thread.c, sys/net if.c if_var.h

For compatibility KPI functions like if_addr_rlock() that used to have
mutexes but now are converted to epoch(9) use thread-private epoch_tracker.
Embedding tracker into ifnet(9) or ifnet derived structures creates a non
reentrable function, that will fail miserably if called simultaneously from
two different contexts.
A thread private tracker will provide a single tracker that would allow to
call these functions safely. It doesn't allow nested call, but this is not
expected from compatibility KPIs.

Reviewed by:    markj

HardenedBSD/hardenedbsd 8a9060esys/dev/mpr mpr_pci.c, sys/dev/mps mps_pci.c

Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

* freebsd/11-stable/master:
  Fix a regression from prior to 11.2 that caused MSI (not MSI-X) interrupt allocation to 
fail.  While here, refactor the code so that it's more clear and less likely to break in 
the future.  This is not an MFC due to the code in 12/head being very different, but it 
follows the latter's structure more closely than before.

HardenedBSD/hardenedbsd ed13206sys/dev/nvme nvme_ns.c

Use atomic_load_acq_int() here too to poll done, ala r328521

HardenedBSD/hardenedbsd 80199cdlib/libufs getinode.3, sbin/ffsinfo ffsinfo.c

In preparation for adding inode check-hashes, clean up and
document the libufs interface for fetching and storing inodes.
The undocumented getino / putino interface has been replaced
with a new getinode / putinode interface.

Convert the utilities that had been using the undocumented
interface to use the new documented interface.

No functional change (as for now the libufs library does not
do inode check-hashes).

Reviewed by:  kib
Tested by:    Peter Holm
Sponsored by: Netflix

HardenedBSD/hardenedbsd da67d66sys/kern kern_rwlock.c kern_mutex.c

locks: plug warnings about unitialized variables

They only showed up after I redefined LOCKSTAT_ENABLED to 0.

doing_lockprof in mutex.c is a real (but harmless) bug. Should the
value be non-zero it will do checks for lock profiling which would
otherwise be skipped.

state in rwlock.c is a wart from the compiler, the value can't be
used if lock profiling is not enabled.

Sponsored by:   The FreeBSD Foundation

HardenedBSD/hardenedbsd 0b1c6c1sys/kern kern_sx.c kern_rwlock.c

Make no assertions about lock state when the scheduler is stopped.

Change the assert paths in rm, rw, and sx locks to match the lock
and unlock paths.  I did this for mutexes in r306346.

Reported by:    Travis Lane <tlane at isilon.com>
MFC after:      2 weeks
Sponsored by:   Dell EMC Isilon

HardenedBSD/hardenedbsd 1c1781clib/libnv common_impl.h msgio.c, lib/libnv/tests nvlist_send_recv_test.c

Ensure that libnv can be used when kern.trap_enotcap=1.

libnv used fcntl(fd, F_GETFL) to test whether fd is a valid file
descriptor.  Aside from being racy, this check requires CAP_FCNTL
rights on fd.  Instead, use fcntl(fd, F_GETFD), which does not require
any capability rights.

Also remove some redundant fd_is_valid() checks to avoid extra system
calls; in many cases we were performing this check immediately before
dup()ing the descriptor.

Reviewed by:    cem, oshogbo (previous version)
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D17963