OPNSense/src 953cd51lib/libc/gen syslog.c

libc: bump syslog line size to 8k

PR: https://github.com/opnsense/core/issues/3806

OPNSense/src 98c38c1lib/libc/gen syslog.c

libc: bump syslog line size to 8k

PR: https://github.com/opnsense/core/issues/3806

OPNSense/src b5d93c8. UPDATING, lib/csu/common crtbrand.c

- Switch releng/12.1 from RC2 to RELEASE.
- Add the anticipated 12.1-RELEASE date to UPDATING.
- Set a static __FreeBSD_version.

Approved by:    re (implicit)
Sponsored by:   Rubicon Communications, LLC (Netgate)

OPNSense/src 50d8f12sys/netinet tcp_usrreq.c, sys/netinet6 udp6_usrreq.c sctp6_usrreq.c

MFS r354090:

Ensure that the flags indicating IPv4/IPv6 are not changed by failing
bind() calls. This would lead to inconsistent state resulting in a panic.
A fix for stable/11 was committed in

Reported by:           syzbot+2609a378d89264ff5a42 at syzkaller.appspotmail.com
Obtained from:         jtl@
Sponsored by:          Netflix, Inc.
Approved by:           re (gjb@)

OPNSense/src e51738f. Makefile.libcompat

MFC r353776 (dim):
 Follow up on r351916 by also bumping the version suffix to 12.1 in

Approved by:    re (kib)
Sponsored by:   Rubicon Communications, LLC (Netgate)
+3-31 files

OPNSense/src 8913c5crelease/pkg_repos release-dvd.conf, sys/conf newvers.sh

- Update releng/12.1 from RC1 to RC2 as part of the 12.1-RELEASE
- Update the dvd1.iso pkg(8) configuration to use the release_1
  package set to populate the dvd.

Approved by:    re (implicit)
Sponsored by:   Rubicon Communications, LLC (Netgate)

OPNSense/src ff776f4sys/dev/ixgbe if_ix.c

MFC r353660: ixgbe: Disable EEE for backplane X550EM_X

This prevents a kernel panic when configuring EEE on X552 devices.

PR:            240320
Approved by:    re@ (gjb@)
Sponsored by:   Intel Corporation

OPNSense/src 7acf52csys/arm/ti ti_sdhci.c, sys/dev/sdhci sdhci.c

MFC r353675 from stable-12 (r353651-r353652 from head)...

Relax the sdhci(4) check that filters out the 1.8v voltage option unless
the slot is flagged as 'embedded'.

The features related to embedded and shared slots were added in v3.0 of
the sdhci spec.  Hardware prior to v3 sometimes supported 1.8v on non-
removable devices in embedded systems, but had no way to indicate that
via the standard sdhci registers (instead they use out of band metadata
such as FDT data).

This change adds the controller specification version to the check for
whether to filter out the 1.8v selection.  On older hardware, the 1.8v
option is allowed to remain.  On 3.0 or later it still requires the
embedded-slot flag to remain.

This is part of the fix for PR 241301 (eMMC not detected on Beaglebone).
Changes to the sdhci_ti driver are also needed for a full fix.

PR:           241301

Revert r351218 (by manu).  While the changes in r351218 appear to be (and
should be) correct, they lead to the eMMC on a Beaglebone failing to work

    [29 lines not shown]

OPNSense/src 1cd62c8sys/riscv/riscv pmap.c

MFS r353475, r353553:
Fix a couple of bugs around handling of PGA_WRITEABLE.

Approved by:    re (kib)

OPNSense/src c8097easys/netinet sctp_output.c

MFS r353563:

Ensure that local variables are reset to their initial value when
dealing with error cases in a loop over all remote addresses.
This issue was found and reported by OSS_Fuzz in:


MFS r353567:

Fix mergeinfo for r353563.

Approved by:           re(gjb)

OPNSense/src b5f4aeasys/kern uipc_usrreq.c

MFS r353554:
Fix handling of empty SCM_RIGHTS messages.

Approved by:    re (kib)

OPNSense/src 30b6f33lib/libucl Makefile

MFS r353450:
 MFC r353348:
  Connect the libucl(3) manual page to the build.

Approved by:    re (kib)
Sponsored by:   Rubicon Communications, LLC (Netgate)

OPNSense/src 30de4ebsys/netinet sctp_asconf.c sctp_indata.c

MFS r353395:

Add missing input validation. This could result in reading from
uninitialized memory.
The issue was found by OSS-Fuzz for usrsctp  and reported in

MFS r353396:

Cleanup sctp_asconf_error_response() and ensure that the parameter
is padded as required. This fixes the followig bug reported by
OSS-Fuzz for the usersctp stack:

MFS r353397:

When skipping the address parameter, take the padding into account.

MFS r353398:

Fix the adding of padding to COOKIE-ECHO chunks.

Thanks to Mark Wodrich who found this issue while fuzz testing the
usrsctp stack and reported the issue in

    [31 lines not shown]

OPNSense/src 2f51827stand/efi/libefi efipart.c devpath.c, stand/libsa zalloc.c zalloc_malloc.c

loader.efi: efipart needs to use ioalign

UEFI specification 2.7A, EFI_BLOCK_IO_PROTOCOL, page 566.

The ioalign property does define the alignment of data buffer.

If the alignment is required and our buffer is not aligned, or if
the data buffer is not multiple of Blocksize, we need to use bounce buffer
to perform the block IO. This is much like with BIOS version, except
there the INT13 needs buffer to be located in low memory.

MFS: r353501
MFC: r347195,350654-350656,351274,351630,351637,352421,352439,352443-352446,352451

Approved by:    re (gjb)

OPNSense/src 6fc9a3eusr.sbin/pkg Makefile

MFS r353409:
 MFC r353320:
  Rework the logic for installing the pkg(8) configuration.

  'quarterly' package sets do not exist for head, so explicitly
  install the 'latest' configuration file there.  Otherwise,
  fall back to the original conditional evaluation to determine
  if the 'latest' or 'quarterly' configuration file should be

Approved by:    re (kib)
Sponsored by:   Rubicon Communications, LLC (Netgate)

OPNSense/src 792adf8sys/conf newvers.sh

Update releng/12.1 to RC1 as part of the 12.1-RELEASE cycle.

Approved by:    re (implicit)
Sponsored by:   Rubicon Communications, LLC (Netgate)

OPNSense/src a1fb57cshare/man/man4 siftr.4, sys/netinet siftr.c

MFS r353402:

In r343587 a simple port filter as sysctl tunable was added to siftr.
The new sysctl was not added to the siftr.4 man page at the time.
This updates the man page, and removes one left over trailing whitespace.

Submitted by:          Richard Scheffenegger
Differential Revision:  https://reviews.freebsd.org/D21619
Reviewed by:           bcr@
Approved by:           re (gjb@)

OPNSense/src 7363eb3sys/fs/tmpfs tmpfs_subr.c

MFC r353065, MFS12 353385:
tmpfs_readdir(): unlock the locked node.

Approved by:    re (gjb)

OPNSense/src bc233a3sys/kern kern_descrip.c

MFS r353276:
Disallow fcntl(F_READAHEAD) when the vnode is not a regular file.

Approved by:    re (gjb)

OPNSense/src 2731fb5sys/dev/usb usb_transfer.c usb_bus.h, sys/dev/usb/controller xhci.c

MFS r353177:
Add quirk for XHCI(4) controllers to support USB control transfers
above 1Kbyte.  It might look like some XHCI(4) controllers do not
support when the USB control transfer is split using a link TRB. The
next NORMAL TRB after the link TRB is simply failing with XHCI error
code 4. The quirk ensures we allocate a 64Kbyte buffer so that the
data stage TRB is not broken with a link TRB.

Found at:       EuroBSDcon 2019
Sponsored by:   Mellanox Technologies
Approved by:    re (gjb)

OPNSense/src ed67602sys/dev/mlx5/mlx5_en en.h

MFS r353405:
Fix regression issue after r352989:

As noted by the commit message, callouts are now persistant
and should not be in the auto-zero section of the RQ's and SQ's.
This fixes an assert when using the TX completion event
factor feature with mlx5en(4).

Found by:       gallatin@
Sponsored by:   Mellanox Technologies
Approved by:    re (gjb)

OPNSense/src c99b4a1sys/dev/usb usb_ioctl.h

MFS r353173:
Increase the maximum user-space buffer size from 256kBytes to 32MBytes for
libusb. This is useful for speeding up large data transfers while reducing
the interrupt rate.

Found at:       EuroBSDcon 2019
Sponsored by:   Mellanox Technologies
Approved by:    re (gjb)

OPNSense/src d039e3csys/ofed/drivers/infiniband/ulp/ipoib ipoib_main.c ipoib_ib.c

MFS r353182:
Make sure the transmit loop doesn't get starved in ipoib.

When the software send queue gets filled up, callbacks to
if_transmit will stop. Make sure the transmit callback
routine checks the send queue and outputs any remaining
mbufs. Else the remaining mbufs may simply sit in the
output queue blocking the transmit path.

Sponsored by:   Mellanox Technologies
Approved by:    re (gjb)

OPNSense/src 3505de4sys/dev/usb/controller xhci.c

MFS r353169:
The maximum TD size is 31 and not 15.

Found at:       EuroBSDcon 2019
Sponsored by:   Mellanox Technologies
Approved by:    re (gjb)

OPNSense/src e29bb69sys/contrib/rdma/krping krping.c krping_dev.c

MFS r353180:
Notify all sleeping threads of device removal in krping.
Implement d_purge for krping_cdevsw.

Submitted by:   slavash@
Sponsored by:   Mellanox Technologies
Approved by:    re (gjb)

OPNSense/src a3ea08fsys/net if_tun.c

MFS r353157: tuntap(4): loosen up tunclose restrictions

Realistically, this cannot work. We don't allow the tun to be opened twice,
so it must be done via fd passing, fork, dup, some mechanism like these.
Applications demonstrably do not enforce strict ordering when they're
handing off tun devices, so the parent closing before the child will easily
leave the tun/tap device in a bad state where it can't be destroyed and a
confused user because they did nothing wrong.

Concede that we can't leave the tun/tap device in this kind of state because
of software not playing the TUNSIFPID game, but it is still good to find and
fix this kind of thing to keep ifconfig(8) up-to-date and help ensure good
discipline in tun handling.

Approved by:    re (gjb)
+14-71 files

OPNSense/src a73b19fsys/dev/mlx5/mlx5_core mlx5_fwdump_regmaps.c mlx5_main.c, sys/dev/mlx5/mlx5_en mlx5_en_ethtool.c mlx5_en_port_buffer.c

MFS r353184, r353186, r353188, r353190, r353192, r353194, r353196, r353198,
r353200, r353203, r353205, r353207, r353209, r353211, r353213, r353215,
r353217, r353219, r353221, r353223, r353225, r353227, r353229, r353231,
r353233, r353235, r353237, r353239, r353241, r353243, r353245, r353247,
r353249, r353251, r353253, r353255, r353257, r353259, r353261, r353263,
r353265 and r353267:

Update mlx5core, mlx5en(4) and mlx5ib(4).

Sponsored by:   Mellanox Technologies
Approved by:    re (gjb)

MFC r352956:
Fix reported max SGE calculation in mlx5ib.

Add the 512 bytes limit of RDMA READ and the size of remote address to the max
SGE calculation.

Linux commit:   288c01b746aa

MFC r352957:
Update warning and error print formats in mlx5ib.

MFC r352958:
Make sure the number of IRQ vectors doesn't exceed 256 in mlx5core.

    [179 lines not shown]

OPNSense/src bf9eb16usr.sbin/bsdinstall/scripts config

MFS12 r353047:
 MFC r353004, r353012:
  Explicitly add opensolaris_load="YES" to loader.conf through the
  installer when installing the system on a ZFS root filesystem.

  For arm64, zfs_load="YES" does not add opensolaris.ko as a kld
  dependency, so add it explicitly to prevent boot-time failures

  Add a comment explaining why the opensolaris_load line in loader.conf
  is explicitly added.

PR:            240478
Approved by:    re (kib)
Sponsored by:   Rubicon Communications, LLC (Netgate)

OPNSense/src 5020f55contrib/llvm/lib/Target/X86 X86FixupLEAs.cpp

Merge r353031 from stable/12:

Pull in r357528 from upstream llvm trunk (by Craig Topper):

  [X86] Check MI.isConvertibleTo3Addr() before calling
  convertToThreeAddress in X86FixupLEAs.

  X86FixupLEAs just assumes convertToThreeAddress will return nullptr
  for any instruction that isn't convertible.

  But the code in convertToThreeAddress for X86 assumes that any
  instruction coming in has at least 2 operands and that the second one
  is a register. But those properties aren't guaranteed of all
  instructions. We should check the instruction property first.

Pull in r365720 from upstream llvm trunk (by Craig Topper):

  [X86] Don't convert 8 or 16 bit ADDs to LEAs on Atom in FixupLEAPass.

  We use the functions that convert to three address to do the
  conversion, but changing an 8 or 16 bit will cause it to create a
  virtual register. This can't be done after register allocation where
  this pass runs.

  I've switched the pass completely to a white list of instructions

    [11 lines not shown]

OPNSense/src 9f0dbb4sys/dev/vmware/vmxnet3 if_vmx.c, sys/net iflib.c iflib.h

MFS r353051:

PR:            239118
Approved by:    re (gjb)

OPNSense/src 6563bb1sys/conf newvers.sh

Update releng/12.1 to BETA3 as part of the 12.1-RELEASE cycle.

Approved by:    re (implicit)
Sponsored by:   Rubicon Communications, LLC (Netgate)

OPNSense/src 06a14adsys/kern vfs_mount.c

MFS r353032:

Check the vfs option length is valid before accessing through

When a VFS option passed to nmount is present but NULL the kernel will
place an empty option in its internal list. This will have a NULL
pointer and a length of 0. When we come to read one of these the kernel
will try to load from the last address of virtual memory. This is
normally invalid so will fault resulting in a kernel panic.

Fix this by checking if the length is valid before dereferencing.

Approved by:    re (kib)
Sponsored by:   DARPA, AFRL

OPNSense/src 6b43a1csys/arm64/arm64 pmap.c, sys/arm64/include pmap.h

MFS r353106:
Implement pmap_page_is_mapped() correctly on arm64 and riscv.

Approved by:    re (kib)

OPNSense/src 17be869sys/netinet6 ip6_input.c

MFS r352672:

When processing an incoming IPv6 packet over the loopback interface which
contains Hop-by-Hop options, the mbuf chain is potentially changed in
ip6_hopopts_input(), called by ip6_input_hbh().
This can happen, because of the the use of IP6_EXTHDR_CHECK, which might
call m_pullup().
So provide the updated pointer back to the called of ip6_input_hbh() to
avoid using a freed mbuf chain inip6_input().

Approved by:           re (kib@)
Reviewed by:           markj@
Sponsored by:          Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D21664

OPNSense/src b276e4fsys/netinet tcp_output.c, sys/netinet/tcp_stacks rack.c

MFS r352673:

When the RACK stack computes the space for user data in a TCP segment,
it wasn't taking the IP level options into account. This patch fixes this.
In addition, it also corrects a KASSERT and adds protection code to assure
that the IP header chain and the TCP head fit in the first fragment as
required by RFC 7112.

MFS: r353035:

RFC 7112 requires a host to put the complete IP header chain
including the TCP header in the first IP packet.
Enforce this in tcp_output(). In addition make sure that at least
one byte payload fits in the TCP segement to allow making progress.
Without this check, a kernel with INVARIANTS will panic.
This issue was found by running an instance of syzkaller.

Approved by:           re (kib@)
Reviewed by:           rrs@ (r352673), jtl@ (r353035)
Sponsored by:          Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D21665
Differential Revision:  https://reviews.freebsd.org/D21666

OPNSense/src 8f4b034sys/dev/vt vt_core.c

MFS12 r352896: vt: fix problems with trying to switch to a closed VT

Approved by:    re (gjb)
+25-31 files

OPNSense/src 6cfb164sys/netinet sctp_indata.c sctputil.c

MFS r352509:

Only allow a SCTP-AUTH shared key to be updated by the application
if it is not deactivated and not used.
This avoids a use-after-free problem.

MFS r352674:

Fix the handling of invalid parameters in ASCONF chunks.
Thanks to Mark Wodrich from Google for reproting the issue in
for the userland stack.

MFS r352675:

Cleanup the RTO calculation and perform some consistency checks
before computing the RTO.
This should fix an overflow issue reported by Felix Weinrank in
for the userland stack and found by running a fuzz tester.

MFS r352676:

Don't hold the info lock when calling sctp_select_a_tag().
This avoids a double lock bug in the NAT colliding state processing

    [20 lines not shown]

OPNSense/src 743f118sys/dev/fdt fdt_slicer.c

MFS r353041: fdt_slicer: bump to SI_ORDER_THIRD following r347183

r347183 bumped GEOM classes to SI_ORDER_SECOND to resolve a race between
them and the initialization of devsoftc.mtx in devinit, but missed this
dependency on g_flashmap that may now lose the race against GEOM

There's a great comment that describes the situation that has also been
updated with the new ordering of GEOM classes.

Approved by:    re (kib)

OPNSense/src 24a2363lib/libkvm kvm_proc.c

MFC r352867: Add support for ps -H on corefiles in libkvm

Add support for kernel threads in kvm_getprocs() and the underlying
kvm_proclist() in libkvm when fetching from a kernel core file. This
has been missing/needed for several releases, when kernel threads became
normal threads.  The loop over the processes now contains a sub-loop for
threads, which iterates beyond the first thread only when threads are
requested.  Also set some fields such as tid that were previously

Approved by:    re (gjb)
Sponsored by:   Forcepoint LLC
+152-1071 files

OPNSense/src d310241cddl/contrib/opensolaris/cmd/zfs zfs.8 zfs_main.c, cddl/contrib/opensolaris/lib/libzfs/common libzfs_sendrecv.c libzfs.h

Merge from stable/12 r352595: Add -vnP support to 'zfs send' for bookmarks

Approved by:    re (gjb)

OPNSense/src 92d8229cddl/contrib/opensolaris/lib/libzfs/common libzfs_sendrecv.c

Fix a regression introduced in r344601, and work properly with the
-v and -n options.

PR:            240640
Reported by:    Andriy Gapon <avg at FreeBSD.org>
Reviewed by:    avg
Differential Revision:  https://reviews.freebsd.org/D21709
Approved by:    re

OPNSense/src aecf9adsys/cddl/contrib/opensolaris/uts/common/fs/zfs dsl_scan.c

Merge from stable/12 r352723: fix dsl_scan_ds_clone_swapped logic

PR:            239566
Approved by:    re (gjb)

OPNSense/src 0ea8b3asbin/fsck_msdosfs dir.c

MFS r352872: MFC r351802:

Correct overflow logic in fullpath().

Obtained from:  OpenBSD
Approved by:    re (gjb)

OPNSense/src 369ec2dcddl/contrib/opensolaris/lib/libzfs/common libzfs_sendrecv.c

MFS12 r352721: print summary line for space estimate of zfs send from bookmark

This should have been merged as a part of r352901 but I missed it.

Approved by:    re (gjb)

OPNSense/src d764781sys/dev/ixgbe if_ix.c ixgbe.h, sys/net iflib.c

MFC r352910 and r352911

MFC r352910: iflib: Remove redundant VLAN events deregistration
MFC r352911: ix/ixv: Read MSI-X bar from device config

These fix an issue with a kernel panic on unload with an iflib-using
driver and allow certain HP-branded Intel 10G cards to use MSI-X,

Approved by:    re@ (gjb@)
Sponsored by:   Intel Corporation

OPNSense/src 0aba0a5sys/netinet tcp_sack.c

MFS r352508:
Don't write to memory outside of the allocated array for SACK blocks.

PR:                   240837
Approved by:           re (delphij@)
Obtained from:         rrs@
Sponsored by:          Netflix, Inc.

OPNSense/src 41d2848sys/arm/freescale/imx imx6_machdep.c

MFC r352363:

Apply a runtime patch to the FDT data for imx6 to fix iomuxc problems.

The latest imported FDT data defines a node for an iomuxc-gpr device,
which we don't support (or need, right now) in addition to the usual
iomuxc device.  Unfortunately, the dts improperly assigns overlapping
ranges of mmio space to both devices.  The -gpr device is also a syscon
and simple_mfd device.

At runtime the simple_mfd driver attaches for the iomuxc-gpr node, then
when the real iomuxc driver comes along later, it fails to attach because
it tries to allocate its register space, and it's already partially in
use by the bogus instance of simple_mfd.

This change works around the problem by simply disabling the node for
the iomuxc-gpr device, since we don't need it for anything.

Approved by:    re@ (gjb)

OPNSense/src 514b9a9share/timedef zh_TW.Big5.src Makefile

MFC r349225:

Finsh readding Big5 in r317204, which was reverting r315568.  This commit
reverts r315569.

Reported by:    Ting-Wei Lan <lantw44 gmail com>
Discussed with: kevlo
Sponsored by:   The FreeBSD Foundation

Approved by:    re (delphij)

OPNSense/src 7a6f726lib/libthr/thread thr_mutex.c

MFC r352620, MFS12 r352892:
Fix destruction of the robust mutexes.

Approved by:    re (gjb)

OPNSense/src 9b5a0a8lib/msun/src s_erf.c s_cproj.c

MF stable/12 r352685:

libm: Include float.h to get LDBL_MANT_DIG

The long double aliases of double functions are only exposed as aliases
if LDBL_MANT_DIG is 53 (same as DBL_MANT_DIG).  Without float.h
included these files were not exposing weak aliases as expected,
leading to link failures if programs use the *l functions.  This should
fix editors/calligra on targets with 64-bit long double, which uses
erfl and erfcl.  Found on powerpc64.

Approved by:    re(delphij)