HardenedBSD/src c49b85csys/dev/mlx5/mlx5_core mlx5_main.c, sys/dev/pci pci_iov_schema.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+61-0sys/dev/pci/pci_iov_schema.c
+26-0sys/dev/mlx5/mlx5_core/mlx5_main.c
+25-0usr.sbin/iovctl/parse.c
+6-0usr.sbin/iovctl/iovctl.c
+4-1usr.sbin/iovctl/iovctl.conf.5
+2-1sys/sys/iov_schema.h
+124-21 files not shown
+126-27 files

HardenedBSD/src 7deadeasys/dev/mlx5/mlx5_core mlx5_main.c

mlx5: handle vlan PF restrictions

Reviewed by:    kib
MFC after:      2 weeks
Sponsored by:   Orange Business Services
Differential Revision:  https://reviews.freebsd.org/D45427
DeltaFile
+26-0sys/dev/mlx5/mlx5_core/mlx5_main.c
+26-01 files

HardenedBSD/src c57c261sys/dev/pci pci_iov_schema.c, sys/sys iov_schema.h iov.h

iovctl: allow vlan restrictions to be passed to the driver

Allow iovctl to create VFs that are restricted to specific VLAN IDs.

Reviewed by:    kib, np
MFC after:      2 weeks
Sponsored by:   Orange Business Services
Differential Revision:  https://reviews.freebsd.org/D45402
DeltaFile
+61-0sys/dev/pci/pci_iov_schema.c
+25-0usr.sbin/iovctl/parse.c
+6-0usr.sbin/iovctl/iovctl.c
+4-1usr.sbin/iovctl/iovctl.conf.5
+2-1sys/sys/iov_schema.h
+2-0sys/sys/iov.h
+100-26 files

HardenedBSD/src 2208d87sys/crypto/via padlock.c, sys/dev/bce if_bce.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+77-41usr.sbin/cxgbetool/cxgbetool.c
+40-17sys/dev/cxgbe/t4_main.c
+2-19sys/crypto/via/padlock.c
+1-16sys/dev/jedec_dimm/jedec_dimm.c
+1-11sys/dev/bce/if_bce.c
+1-10sys/dev/bxe/bxe.c
+122-11428 files not shown
+183-18634 files

HardenedBSD/src 0b6995flibexec/rc rc.subr, libexec/rc/rc.d devd

Merge branch 'freebsd/14-stable/main' into hardened/14-stable/master
DeltaFile
+21-4libexec/rc/rc.subr
+3-4libexec/rc/rc.d/devd
+4-3sys/netpfil/pf/if_pflog.c
+3-3sys/netpfil/pf/if_pfsync.c
+2-4sys/net/bpf.h
+3-1share/man/man8/rc.subr.8
+36-192 files not shown
+38-218 files

HardenedBSD/src 9414110libexec/rc rc.subr, libexec/rc/rc.d devd

Merge branch 'freebsd/13-stable/main' into hardened/13-stable/master
DeltaFile
+21-4libexec/rc/rc.subr
+3-4libexec/rc/rc.d/devd
+4-3sys/netpfil/pf/if_pflog.c
+3-3sys/netpfil/pf/if_pfsync.c
+2-4sys/net/bpf.h
+3-1share/man/man8/rc.subr.8
+36-191 files not shown
+37-207 files

HardenedBSD/src 61d4333libexec/rc rc.subr, libexec/rc/rc.d devd

rc.subr(8): MFC: introduce ${name}_offcmd

New variable ${name}_offcmd may be used to supply commands
executed if named service is not enabled. Previously start_precmd
could be used for such a task but now rc.subr(8) does not call it
if a service is not enabled.

Fix devd startup script to use it instead of start_precmd.

PR:             279198
Reported by:    Dmitry S. Lukhtionov
Tested by:      Dmitry S. Lukhtionov

(cherry picked from commit 32a579e4fc69a65e8901111ad5f65ec56a97dfab)
(cherry picked from commit c2db3a0c7d31116028b38b426a9b139d26cbc7e5)
DeltaFile
+21-4libexec/rc/rc.subr
+3-4libexec/rc/rc.d/devd
+3-1share/man/man8/rc.subr.8
+27-93 files

HardenedBSD/src efb1717libexec/rc rc.subr, libexec/rc/rc.d devd

rc.subr(8): MFC: introduce ${name}_offcmd

New variable ${name}_offcmd may be used to supply commands
executed if named service is not enabled. Previously start_precmd
could be used for such a task but now rc.subr(8) does not call it
if a service is not enabled.

Fix devd startup script to use it instead of start_precmd.

PR:             279198
Reported by:    Dmitry S. Lukhtionov
Tested by:      Dmitry S. Lukhtionov

(cherry picked from commit 32a579e4fc69a65e8901111ad5f65ec56a97dfab)
(cherry picked from commit c2db3a0c7d31116028b38b426a9b139d26cbc7e5)
DeltaFile
+21-4libexec/rc/rc.subr
+3-4libexec/rc/rc.d/devd
+3-1share/man/man8/rc.subr.8
+27-93 files

HardenedBSD/src 0dddcc6sys/netpfil/pf if_pfsync.c

pfsync: Correctly check if bpf peers are present

On creating the pfsync(4) interface, pfsync_clone_create() does an
unconditional bpfattach(). Use bpf_peers_present() which was introduced
in commit 16d878cc99ef [1] to check the presence of bpf peers.

This will save a little CPU cycles and memory usage when the
synchronisation interface is not configured and there is no bpf peers
present. There should be no functional change.

1. 16d878cc99ef Fix the following bpf(4) race condition which can result in a panic

Reviewed by:    kp
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D45533

(cherry picked from commit 2671bde99295d9e01d10316d0f3fb8b6d21f0f4d)
(cherry picked from commit f14b540dc4c17f6b60e23274153985fb7a2f0cb7)
DeltaFile
+3-3sys/netpfil/pf/if_pfsync.c
+3-31 files

HardenedBSD/src cbea6b6sys/netpfil/pf if_pflog.c

pflog: Correctly check if bpf peers are present

On creating the pflog(4) interface, pflog_clone_create() does an
unconditional bpfattach(). Use bpf_peers_present() which was introduced
in commit 16d878cc99ef [1] to check the presence of bpf peers.

This will save a little CPU cycles when no bpf peers present. There
should be no functional change.

1. 16d878cc99ef Fix the following bpf(4) race condition which can result in a panic

Reviewed by:    kp
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D45532

(cherry picked from commit ebc2bab04823c24c524f913457d6b88dc7ea9fac)
(cherry picked from commit 954e548b7e88b7490aa5b23d16df7972c407bef1)
DeltaFile
+4-3sys/netpfil/pf/if_pflog.c
+4-31 files

HardenedBSD/src d271498sys/net bpf.h

bpf: Make bpf_peers_present a boolean inline function

This function was introduced in commit [1] and is actually used as a
boolean function although it was not defined as so.

No functional change intended.

1. 16d878cc99ef Fix the following bpf(4) race condition which can result in a panic

Reviewed by:    markj, kp, #network
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D45509

(cherry picked from commit 0dfd11abc4bd0dcb96a6d287cc4e52e8f59b64c1)
(cherry picked from commit 6ad2e347fcf8fa6aa9ebd84cfa4c71a1af90b4dd)
DeltaFile
+2-4sys/net/bpf.h
+2-41 files

HardenedBSD/src 43bb355sys/net if_enc.c

if_enc(4): Prefer the boolean form when calling bpf_peers_present()

No functional change intended.

MFC after:      1 week

(cherry picked from commit 215a18d502cba2cf57251e82a84484219f2c432a)
(cherry picked from commit a674f992a135728648908874034408d43b3d1903)
DeltaFile
+1-1sys/net/if_enc.c
+1-11 files

HardenedBSD/src f14b540sys/netpfil/pf if_pfsync.c

pfsync: Correctly check if bpf peers are present

On creating the pfsync(4) interface, pfsync_clone_create() does an
unconditional bpfattach(). Use bpf_peers_present() which was introduced
in commit 16d878cc99ef [1] to check the presence of bpf peers.

This will save a little CPU cycles and memory usage when the
synchronisation interface is not configured and there is no bpf peers
present. There should be no functional change.

1. 16d878cc99ef Fix the following bpf(4) race condition which can result in a panic

Reviewed by:    kp
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D45533

(cherry picked from commit 2671bde99295d9e01d10316d0f3fb8b6d21f0f4d)
DeltaFile
+3-3sys/netpfil/pf/if_pfsync.c
+3-31 files

HardenedBSD/src 954e548sys/netpfil/pf if_pflog.c

pflog: Correctly check if bpf peers are present

On creating the pflog(4) interface, pflog_clone_create() does an
unconditional bpfattach(). Use bpf_peers_present() which was introduced
in commit 16d878cc99ef [1] to check the presence of bpf peers.

This will save a little CPU cycles when no bpf peers present. There
should be no functional change.

1. 16d878cc99ef Fix the following bpf(4) race condition which can result in a panic

Reviewed by:    kp
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D45532

(cherry picked from commit ebc2bab04823c24c524f913457d6b88dc7ea9fac)
DeltaFile
+4-3sys/netpfil/pf/if_pflog.c
+4-31 files

HardenedBSD/src 6ad2e34sys/net bpf.h

bpf: Make bpf_peers_present a boolean inline function

This function was introduced in commit [1] and is actually used as a
boolean function although it was not defined as so.

No functional change intended.

1. 16d878cc99ef Fix the following bpf(4) race condition which can result in a panic

Reviewed by:    markj, kp, #network
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D45509

(cherry picked from commit 0dfd11abc4bd0dcb96a6d287cc4e52e8f59b64c1)
DeltaFile
+2-4sys/net/bpf.h
+2-41 files

HardenedBSD/src a674f99sys/net if_enc.c

if_enc(4): Prefer the boolean form when calling bpf_peers_present()

No functional change intended.

MFC after:      1 week

(cherry picked from commit 215a18d502cba2cf57251e82a84484219f2c432a)
DeltaFile
+1-1sys/net/if_enc.c
+1-11 files

HardenedBSD/src 049b3c9usr.sbin/bhyve tpm_ppi_qemu.c

bhyve: avoid side effect in assertion

An assert() was setting the error variable instead of checking it.

Reported by:    Coverity Scan
CID:            1521431
Reviewed by:    jhb
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://github.com/freebsd/freebsd-src/pull/1244

(cherry picked from commit f7d45c5443edc99857fdda19c68301b5ec4a8971)
DeltaFile
+1-1usr.sbin/bhyve/tpm_ppi_qemu.c
+1-11 files

HardenedBSD/src d72db09sys/dev/cxgbe t4_main.c

cxgbe(4): Do not issue an L1CFG command from a VF.

It is pointless to attempt an operation that is not permitted.  It spams
the firmware devlog with "insufficient caps" errors that distract from
real errors.

78 2463625358 ERR CORE insufficient caps to process mailbox cmd: pfn 0x0 vfn 0x1; r_caps 0x86 wx_caps 0x82 required r_caps 0x81 w_caps 0x5

MFC after:      1 week
Sponsored by:   Chelsio Communications
DeltaFile
+19-17sys/dev/cxgbe/t4_main.c
+19-171 files

HardenedBSD/src e827b61usr.sbin/cxgbetool cxgbetool.c

cxgbetool(8): Be flexible about the nexus name.

Use the name as-is but perform cxgbe specific ioctls on the device to
make sure that it is a Terminator device nexus.  Determine the chip
type, pf/vf, etc. from the device registers rather than the nexus name.

This allows cxgbetool to work with the VF driver.

MFC after:      1 week
Sponsored by:   Chelsio Communications
DeltaFile
+77-41usr.sbin/cxgbetool/cxgbetool.c
+77-411 files

HardenedBSD/src ba95b4asys/dev/cxgbe t4_main.c t4_vf.c

cxgbe(4): New knob to limit driver to the specified types of doorbells.

hw.cxgbe.doorbells_allowed="0xf"

The adapter's doorbells bitmap is clipped to the value specified in the
tunable, which is meant for debug and workarounds only.  There is no
change in default behavior.

MFC after:      1 week
Sponsored by:   Chelsio Communications
DeltaFile
+21-0sys/dev/cxgbe/t4_main.c
+4-0sys/dev/cxgbe/t4_vf.c
+1-0sys/dev/cxgbe/adapter.h
+26-03 files

HardenedBSD/src d0fdafdsys/dev/cxgbe/common t4vf_hw.c

cxgbev(4): Use the correct source pf for T6 in the VF driver.

MFC after:      1 week
Sponsored by:   Chelsio Communications
DeltaFile
+4-1sys/dev/cxgbe/common/t4vf_hw.c
+4-11 files

HardenedBSD/src 0dc98b5sys/kern vfs_subr.c vfs_bio.c, sys/sys bufobj.h

getblk: track "non-sterile" bufobj to avoid bo lock on miss if sterile

This is a scheme to avoid taking the bufobj lock and doing a second
lookup in the case where in getblk we do an unlocked lookup and find no
buf.  Was there really no buf, or were we in the middle of a reassignbuf
race?  By tracking any use of reassignbuf with a flag, we can know if
there can't have been a race because there has been no reassignbuf.
Because this scheme is spoiled on the first use of reassignbuf, it is
mostly only beneficial for cases where a certain vnode is never expected
to use dirty bufs at all.

Reviewed by:    kib
Sponsored by:   Dell EMC Isilon
Differential Revision:  https://reviews.freebsd.org/D45571
DeltaFile
+10-0sys/kern/vfs_subr.c
+7-1sys/kern/vfs_bio.c
+1-0sys/sys/bufobj.h
+18-13 files

HardenedBSD/src a96a957sys/i386/pci pci_pir.c

pir: Use device_set_descf()

No functional change intended.

MFC after:      1 week
DeltaFile
+1-4sys/i386/pci/pci_pir.c
+1-41 files

HardenedBSD/src 443f334sys/dev/msk if_msk.c

msk: Use device_set_descf()

No functional change intended.

MFC after:      1 week
DeltaFile
+1-3sys/dev/msk/if_msk.c
+1-31 files

HardenedBSD/src aaa878esys/powerpc/mpc85xx fsl_sata.c

mpc85xx: Use device_set_desc()

No functional change intended.

MFC after:      1 week
DeltaFile
+1-1sys/powerpc/mpc85xx/fsl_sata.c
+1-11 files

HardenedBSD/src 50505c8sys/dev/bge if_bge.c

bge: Use device_set_descf()

No functional change intended.

MFC after:      1 week
DeltaFile
+1-3sys/dev/bge/if_bge.c
+1-31 files

HardenedBSD/src 48ef9cfsys/dev/amdsmn amdsmn.c

amdsmn: Use device_set_descf()

No functional change intended.

MFC after:      1 week
DeltaFile
+1-3sys/dev/amdsmn/amdsmn.c
+1-31 files

HardenedBSD/src c704b87sys/dev/oce oce_if.c

oce: Use device_set_descf()

No functional change intended.

MFC after:      1 week
DeltaFile
+3-4sys/dev/oce/oce_if.c
+3-41 files

HardenedBSD/src 1794a0asys/dev/liquidio lio_main.c

liquidio: Use device_set_descf()

No functional change intended.

MFC after:      1 week
DeltaFile
+2-4sys/dev/liquidio/lio_main.c
+2-41 files

HardenedBSD/src 131c8eesys/crypto/via padlock.c

padlock: Use device_set_descf()

No functional change intended.

MFC after:      1 week
DeltaFile
+2-19sys/crypto/via/padlock.c
+2-191 files