GitLab

MFC after:	3 days

HBSD: include std.nodebug in HARDENEDBSD-NODEBUG

See merge request !72

Using "std.nodebug" is like adding this to the old configuration file:
nooptions	DEBUG_VFS_LOCKS
nooptions	IEEE80211_DEBUG
nooptions	USB_DEBUG
nooptions	HID_DEBUG
nooptions	CAMDEBUG
nooptions	CAM_DEBUG_FLAGS
Signed-off-by: Loic <loic.f@hardenedbsd.org>

Reviewed by:		markj
Differential revision:	https://reviews.freebsd.org/D35318

When a NFSv4.1/4.2 session to the NFS server (not a pNFS DS) is
replaced, the old session should always be marked defunct by
nfsess_defunct being set non-zero.

However, the hang reported by the PR suggests that this might
be the case.

This patch adds a printf() to indicate this has somehow happened.

PR:	260011
MFC after: 	2 weeks

The NFSERR_BADSESSION reply from a NFSv4.1/4.2 server
is handled by newnfs_request().  It should not be handled
separately after newnfs_request() has returned.

These two cases were spotted during code inspection.
One of them should only redo what newnfs_request() already
did by the same "nfscl" thread.  The other might have
resulted in recovery being done twice, but the code is
only used for "pnfs" mounts, so that would be rare.
Also, since NFSERR_BADSESSION should only be replied by
a server after the server reboots, this would be extremely
rare.

MFC after: 	2 weeks

Fix:

tests/sys/kern/unix_passfd_test.c:414:24: error: comparison of integers
of different signs: 'int' and 'unsigned int' [-Werror,-Wsign-compare]
        ATF_REQUIRE(getnfds() == nfds + MAXFDS);
        ~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~
powerpc.powerpc/tmp/usr/include/atf-c/macros.h:144:15: note: expanded
from macro 'ATF_REQUIRE'
        if (!(expression)) \
              ^~~~~~~~~~
1 error generated.
--- unix_passfd_test.o ---

Historically only minimal checks were made of a superblock when it
was read in as it was assumed that fsck would have been run to
correct any errors before attempting to use the filesystem. Recently
several bug reports have been submitted reporting kernel panics
that can be triggered by deliberately corrupting filesystem superblocks,
see Bug 263979 - [meta] UFS / FFS / GEOM crash (panic) tracking
which is tracking the reported corruption bugs.

This change upgrades the checks that are performed. These additional
checks should prevent panics from a corrupted superblock. Although
it appears in only one place, the new code will apply to the kernel
modules and (through libufs) user applications that read in superblocks.

Reported by:  Robert Morris and Neeraj
Reviewed by:  kib
Tested by:    Peter Holm
PR:           263979
MFC after:    1 month
Differential Revision: https://reviews.freebsd.org/D35219

Merge commit 30baa5d2a450 from llvm git (by Richard Smith):

  PR45879: Fix assert when constant evaluating union assignment.

  Consider the form of the first operand of a class assignment not the
  second operand when implicitly starting the lifetimes of union members.
  Also add a missing check that the assignment call actually came from a
  syntactic assignment, not from a direct call to `operator=`.

PR:		264280
Reported by:	bapt
MFC after:	3 days

Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

Conflicts:
	release/scripts/pkg-stage.sh (unresolved)

With M_EXTPG mbufs these two counters already do not represent the
reality.  As we are moving towards protocol independent socket buffers,
which may not even use mbufs at all, the counters become less and less
relevant.  The only userland seeing them was 'netstat -x'.

PR:			264181 (exp-run)
Reviewed by:		markj
Differential revision:	https://reviews.freebsd.org/D35334

I assume the original reason for Subversion's inclusion was to checkout
the base system.  But now we use git for that.

Reviewed by:	gjb
Sponsored by:	Axcient
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D35329

If the ZFSBOOT_DISKS variable is set to one or more disk names, then
those disks should be preselected in the disk menu.  However, the code
wasn't correctly setting the variable, leaving all disks unselected.

MFC after:	2 weeks
Sponsored by:	Axcient
Reviewed by:	dteske
Differential Revision: https://reviews.freebsd.org/D35331

Provide sticky ARP flag for network interface which marks it as the
"sticky" one similarly to what we have for bridges. Once interface is
marked sticky, any address resolved using the ARP will be saved as a
static one in the ARP table. Such functionality may be used to prevent
ARP spoofing or to decrease latencies in Ethernet networks.

The drawbacks include potential limitations in usage of ARP-based
load-balancers and high-availability solutions such as carp(4).

The implemented option is disabled by default, therefore should not
impact the default behaviour of the networking stack.

Sponsored by:		Conclusive Engineering sp. z o.o.
Reviewed By:		melifaro, pauamma_gundo.com
Differential Revision: https://reviews.freebsd.org/D35314
MFC after:		2 weeks

MFC after:	1 month

Round down the maximim ISO payload by the current MSS.  Otherwise the
round up by MSS when calculating the 16-bit maximum payload len passed
along in the FLOWC work request can overflow.

Discussed with:	np
Sponsored by:	Chelsio Communications

Pointy hat to:	glebius
Fixes:		4682ac69

PR:		264226
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation

This tests both both normal (untagged), and pcp tagged (VLAN 0)
networks which are now common for fiber ISPs.

Reviewed by: markj, kp
Differential Revision: https://reviews.freebsd.org/D35178

Similar to the change in 1a04446f, use
cat to overwrite the contents of the existing file rather than cp so
that metadata of the existing file such as permissions and ownership
is preserved.

PR:		255514
Reported by:	uqs
MFC after:	1 week

When performing a dry run, remove the temporary tree created rather
than rotating the trees.  Rotating the trees meant that etcupdate
thought the latest changes were already merged and would not merge
them on the next real run.

PR:		260281
Reported by:	Tomoaki AOKI <junchoon@dec.sakura.ne.jp>
Fixes:		0611aec3 etcupdate: Always extract to a temporary tree.
MFC after:	1 week

In this function we always work with mbufs that we previously
created ourselves in unp_internalize().  They must be valid.

Reviewed by:		markj
Differential revision:	https://reviews.freebsd.org/D35319

Now that we call sbcreatecontrol() with M_WAITOK, we are expected to
pass a valid size.  Return same error code, we are returning for an
oversized control from sockargs().

Reviewed by:		markj
Differential revision:	https://reviews.freebsd.org/D35317

Specification doesn't list an explicit error code for the control
size specified by msg_control being too large.  But it does list
EMSGSIZE as error code for "message is too large to be sent all at
once (as the socket requires)".  It also lists EINVAL as code for
the "The sum of the iov_len values overflows an ssize_t."  Given
how generic and uninformative EINVAL is, the EMSGSIZE is more
appropriate.

https://pubs.opengroup.org/onlinepubs/9699919799/functions/sendmsg.html

Reviewed by:		markj
Differential revision:	https://reviews.freebsd.org/D35316

o Exercise bounds checking when sending large set of file descriptors,
  that can't fit into single control mbuf.
o Exercise resource limits checks when receiving a large sets.
o Check that socket isn't left in a completely stuck state when we can't
  receive SCM_RIGHTS due to limits.  Current SOCK_STREAM socket would
  free the control, but leave the data in.  This seems to be a legit
  behavior for a stream socket, as we don't want holes in the data.

PR:			239250
Reviewed by:		markj
Differential revision:	https://reviews.freebsd.org/D35315

External events can cause the backlight level to change (AC adapter
plug/unplug for example) so cache the value there too.

PR:		257796
Sponsored by:	Beckhoff Automation GmbH & Co. KG
MFC after:	1 week

Add help and version flags. Exit values in these paths are set to match
the behaviour of gnu diff3.