New stable version: HardenedBSD-stable 11-CURRENT v46.2

HardenedBSD-11-CURRENT-v46.2 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

UPDATE TO THIS RELEASE IS STRONGLY ADVISED!

This release fixes two locally exploitable security issue, namely the followings:
https://security.freebsd.org/advisories/FreeBSD-SA-16:19.sendmsg.asc
https://security.freebsd.org/advisories/FreeBSD-SA-16:18.atkbd.asc

Oliver Pinter (5):
Merge remote-tracking branch 'origin/freebsd/current/master' into hardened/current/master
HBSD: fix merge conflict in etc/rc.d/Makefile
HBSD: add build instructions after PIEified base system
HBSD: fix SETFKEY FreeBSD kernel vulnerability
HBSD: fix sockargs FreeBSD kernel heap overflow

Oliver Pinter + (51):
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master
Merge branch 'freebsd/current/master' into hardened/current/master

Shawn Webb (4):
Merge remote-tracking branch 'origin/freebsd/current/master' into hardened/current/master
HBSD: Fix merge conflict
HBSD: Enable HardenedBSD exploit mitigations on RISC-V.
HBSD: Add QEMU-HARDENEDBSD RISC-V kernel config

adrian (90):
[bwn] ensure the fallback rate stays in the same PHY mode.
[bwn] accurately(ish) account transmit/recieve failures for rate control.
[bwn] fix rate control feedback.
s/struct device /device_t/g
s/struct device */device_t/g
s/struct device */device_t/g
s/struct device */device_t/g
s/struct device */device_t/g
[net80211] add extra debugging around negotiated A-MPDU parameters.
s/struct device */device_t/g
s/struct device */device_t/g
[bwn] [bhnd] initial support for using bhnd for if_bwn devices.
[bhnd] add missing bus file.
[bwn] implement firmware tx/rx versioning and fix RSSI calculation.
[bhnd] handle unknown port type.
[bhnd] quieten gcc warning.
[bwn] fix signed-ness of the rssi parameter.
[bhnd] handle unknown bhnd port type.
[bhnd] default to BUS_PROBE_DEFAULT for unknown BHND classes.
[bhnd] don't use anonymous unions.
.. delete this; I don't know why this was here. oops!
[bhnd] Replace is_hostb_device() with a more general find_hostb_device()
[bhnd] Add bhnd_resource support for the bus_(read|write)(multi)stream_ functions.
[bhnd] Add support for matching on chip identifiers.
[bhnd] Initial bhnd(4) SPROM/NVRAM support.
[bwn] add opt_bwi.h and BWN_DEBUG.
[bwn] oops. typo.
[siba] add FEM variables from the r8 SPROM layout.
[siba] add 2GHz/5GHz FEM parameter fetching and accessor methods.
[bhnd] fix incorrect typing.
[bhnd] fix bcma resource allocation for regions; EROM work around.
[siba] migrate siba.c to siba_mips.c
Rename siba -> siba_s5, to specifically reference that it's for the legacy siba sentry5 cpu glue.
[siba] add r4 and r8 sprom formats for core_pwr_info.
[siba] add extra methods for chipcommon access and PLL configuration.
[siba] add TX power index entry parsing.
[siba] add more MCS tx power offset decoding.
[bwn] add N-PHY related register defintions.
[bwn] migrate sqrt and add another couple of util routines.
[bwn] add more debugging bits.
[bwn] add BCMA chip identifiers.
[bwn] add Q52 macros.
[bwn] begin migrating PHY common routines into if_bwn_phy_common.[ch].
[bwn] add in the new phy common and utils files.
[bwn] disable bgscan for now.
[bwn] use the shared bwn_sqrt() routine.
[bwn] implement reset improvements in preparation for PHY-N support
[bwn] add in new microcode and phy initval information.
[bwn] TX logging / completion fixes
[bwn] add an implementation of "cordic" and imaginary math.
[bwn] add new types, prepare for PHY-N; prepare for rev 5xx firmware.
[bwn] missed commit!
[bwn] Explicitly only work for SIBA parts; add some placeholder debugging.
[bwn] debugging changes.
[bwn] use the new enum type.
[bwn] decode the RX RSSI for PHY-N.
[bwn] make rf-kill work for PHY-N.
[bwn] disable writing slottime timing out to improve performance.
[bwn] set the 5ghz transmit flag for 5ghz transmit.
[bwn] fill out phyctl_1 fields for N-PHY (and later, eventually.)
[bwn] disable 11na channel setup for now, since we definitely, positively don't do 11na yet.
[bwn] handle core rev 12, we can mostly do that new.
[bwn] add the full suite of SPROM flags
[bwn] commit the N-PHY register set.
[bwn] add DUALPHY; this may be useful for PHY-N and later dual-phy probing.
[bwn] remove N-PHY registers for now.
[bwn] use contigmalloc to allocate descriptors.
[siba] make the debug code somewhat useful again.
[siba] add SIBA_DEBUG option.
[siba] fix up debugging.
[bwn] check DUALPHY; add BCM4322 to the don't-override list.
[bwn] switch to ieee80211_add_channel()
[bwn] add opt_wlan.h and opt_bwn.h so we can enable bwn debugging as appropriate.
[bwn] add opt_wlan.h / opt_bwn.h for build-time control
[bhnd] Add support for matching of MIPS & ARM cores
[bhnd] Add logging macros to BHND.
[mips/broadcom] Add initial code for interrupts on the Broadcom MIPS processor
[mips] Improve MIPS trampoline code
[mips/broadcom] Add initial support for Broadcom MIPS processor
[bhnd] Centralize fetching of board information
[mips] add urtwn and otus NIC modules.
[mips] also add otus/urtwn USB modules.
[bhnd] Finish bhnd(4) PCI/PCIe-G1 hostb support.
[bwn] add initial bwn(4) N-PHY code, ported from Linux b43.
[bwn] add the BWN_GPL_PHY option.
[bwn] add PHY-N glue.
[bwn] Add PHY-N call hooks.
[bwn] add in bwn n-phy linking.
[bwn] always allocate maximum size txhdr entries; prepare for fw 598
[bwn] print out a very obvious notice that GPLv2 code is compiled in if it is.

ae (6):
Rename find_name_tlv_type() to ipfw_find_name_tlv_type() and make it global. Use it in ip_fw_table.c instead of find_name_tlv() to reduce duplicated code.
Change the type of objhash_cb_t callback function to be able return an error code. Use it to interrupt the loop in ipfw_objhash_foreach().
Fix memory leak possible in error case. Use free_rule() instead of free(), it will also release memory allocated for rule counters.
Make named objects set-aware. Now it is possible to create named objects with the same name in different sets.
Make ipfw internal olist output more user friendly. Print object type as string for known types.
Call RO_RTFREE() when we have detected the change of destination address, otherwise the old route will be used with new destination.

alc (2):
Explain why pmap_copy(), pmap_enter_pde(), and pmap_enter_quick_locked() call pmap_invalidate_page() even though they are not destroying a leaf- level page table entry.
Eliminate an unused #include. For a brief period of time, _unrhdr.h was used to implement PCID support on amd64.

allanjude (1):
bsdinstall/zfsboot: Do not mirror swap when swapsize is 0

andrew (20):
Check malloc succeeded in pic_create, with M_NOWAIT it may return NULL.
Push the logic to talk with the MSI/MSI-X interrupt controller to the FDT attachment. This is where it will live when we import intrng as it will need to look at either the msi-parent or msi-map FDT properties.
Add data barriers to the arm64 bus_dmamap_sync function. We need these to ensure ordering between the CPU and device. As the CPU and DMA target may be in different shareability domains they need to be full system barriers.
On arm64 always create a bus_dmamap_t object. This will be use to hold the list of memory that the kernel will need to sync when operating with a non-cache coherent DMA engine.
Add a new get_id interface to pci and pcib. This will allow us to both detect failures, and get different PCI IDs.
Call busdma_swi from swi_vm as is done from other architectures.
Restrict the memory barriers in bus_dmamap_sync to just the operations where it's needed.
Rename the internal BUC_DMA_* flags to BF_* so they won't conflict with the flags in sys/bus_dma.h.
Add DMA sync operations around accessing the dwmmc descriptor ring. Even with it maps as cache-coherent we still need to call bus_dmamap_sync.
Add support to the arm64 busdma to handle the cache. For now this is disabled, however when we enable it it will default to assume memory is not cache-coherent, unless either the tag was created or the parent was marked as cache-coherent.
Introduce MSI and MSI-X support to intrng. This adds a new msi device interface with 5 methods to mirror the 5 MSI/MSI-X methods in the pcib interface. The pcib driver will need to perform a device specific lookup to find the MSI controller and pass this to intrng as the xref. Intrng will finally find the controller and have it handle the requested operation.
Re-commit r299467 having fixed the build:
Add a pcib interface for use by interrupt controllers that need to translate the pci rid to a controller ID. The translation could be based on the 'msi-map' OFW property, a similar ACPI option, or hard-coded for hardware lacking the above options.
Teach the ThunderX PCI PEM driver about intrng. This will be used later when arm64 is supported by intrng.
Add support for intrng to arm64. As the GICv3 drivers will need to be updated, and until further testing can be done, this is disabled for now.
Move the call to intr_pic_init_secondary to the same place as in the non-intrng case.
Call ofw_bus_msimap to find the parent MSI controller, it may not use the msi-parent property.
Add intrng support to the GICv3 driver. It lacks ITS support so won't handle MSI or MSI-X interrupts, however this is enought to boot FreeBSD under the ARM Foundation Model with a GICv3 interrupt controller.
Clean up the GICv3 intrng code: * In gic_v3_attach free the correct data on failure. * Implement gic_v3_teardown_intr. * Update the panic string when enabling/disabling an invalid interrupt.
Add an arm64 kernel config to help testing intrng. It is expected this config will only last a few weeks until we switch to this interrupt framework.

araujo (8):
Use imin() macro from sys/libkern.h.
For pointers use NULL instead of 0.
For pointers use NULL instead of 0.
For pointers use NULL instead of 0.
Use NULL instead of 0 for pointers.
Use NULL instead of 0 for pointers.
When a group contains a non-existent user, make the warning message more helpful by mentioning the group name.
Simplify overengineered and buggy code that looked like as if it did some kind of UTF-8 validation, but actually didn't, but instead, for malformed UTF-8 input, caused buffer overruns in some cases and caused skipping of valid ASCII characters in other cases.

arybchik (95):
sfxge(4): remove unused efx_nic_pcie_extended_sync()
sfxge(4): Siena no longer supports EFSYS_OPT_PCIE_TUNE
sfxge(4): cleanup: fix obsolete EFSYS_OPT_PHY_BIST option
sfxge(4): disable common code support for Falcon
sfxge(4): remove EFSYS_OPT_PCIE_TUNE
sfxge(4): restructure TLV buffer validation
sfxge(4): add TLV item manipulation functions to common code
sfxge(4): remove EFSYS_OPT_FALCON
sfxge(4): remove EFSYS_OPT_FALCON_NIC_CFG_OVERRIDE
sfxge(4): remove EFSYS_OPT_MAC_FALCON_GMAC
sfxge(4): remove EFSYS_OPT_MAC_FALCON_XMAC
sfxge(4): remove EFSYS_OPT_MON_LM87
sfxge(4): remove EFSYS_OPT_MON_MAX6647
sfxge(4): remove EFSYS_OPT_MON_NULL
sfxge(4): remove EFSYS_OPT_FALCON_BOOTROM
sfxge(4): remove EFSYS_OPT_NVRAM_SFT9001
sfxge(4): remove EFSYS_OPT_NVRAM_SFX7101
sfxge(4): remove EFSYS_OPT_PHY_NULL
sfxge(4): remove EFSYS_OPT_PHY_QT2022C2
sfxge(4): remove EFSYS_OPT_PHY_QT2025C
sfxge(4): remove EFSYS_OPT_PHY_SFT9001
sfxge(4): remove EFSYS_OPT_PHY_SFX7101
sfxge(4): remove EFSYS_OPT_PHY_TXC43128
sfxge(4): cleanup efx_check.h comments and error messages
sfxge(4): cleanup: fix typos
sfxge(4): cleanup: remove obsolete common code module
sfxge(4): cleanup: remove unused efx_infer_family()
sfxge(4): cleanup: remove unneeded include files
sfxge(4): cleanup: fix typo
sfxge(4): add TLV format buffer manipulation functions for V3 licensing
sfxge(4): remove Falcon-specific code paths from common code
sfxge(4): remove Falcon specific EV_GLOBAL support
sfxge(4): simplify efx_mac_select
sfxge(4): add new Emerald board sensors to common code
sfxge(4): make efx_sram_test Siena-only
sfxge(4): fix efx_filter_reconfigure parameter type
sfxge(4): update unicast filter insertion algorithm
sfxge(4): cleanup: constify common code method tables
sfxge(4): update multicast filter insertion algorithm
sfxge(4): avoid duplicate delivery of packets when changing multicast mode with multicast chaining enabled
sfxge(4): comment on when we assume multicast chaining is available
sfxge(4): move ef10_ev_* to ef10_ev.c
sfxge(4): move ef10_filter_* to ef10_filter.c
sfxge(4): move ef10_intr_* to ef10_intr.c
sfxge(4): move ef10_mac_* to ef10_mac.c
sfxge(4): move ef10_mcdi_* to ef10_mcdi.c
sfxge(4): move ef10_nic_* to ef10_nic.c
sfxge(4): move ef10_nvram_* to ef10_nvram.c
sfxge(4): move ef10_phy_* to ef10_phy.c
sfxge(4): move ef10_rx_* to ef10_rx.c
sfxge(4): move ef10_tx_* to ef10_tx.c
sfxge(4): move ef10_vpd_* to ef10_vpd.c
sfxge(4): rename falconsiena_ev_*
sfxge(4): rename falconsiena_intr_*
sfxge(4): rename falconsiena_mac_*
sfxge(4): rename falconsiena_rx_*
sfxge(4): rename falconsiena_tx_*
sfxge(4): rename falconsiena_filter_*
sfxge(4): rename falconsiena_filter types
sfxge(4): prepare for moving EF10 definitions to ef10_impl.h
sfxge(4): move ef10 definitions to ef10_impl.h
sfxge(4): remove PHY property method stubs
sfxge(4): remove obsolete EFSYS_OPT_PHY_PROPS option and APIs
sfxge(4): import TLV layout from firmwaresrc
sfxge(4): remove unimplemented EFX PHY methods
sfxge(4): cleanup: remove unused variable flags
sfxge(4): cleanup: remove unused define EFX_EVQ_FALCON_TIMER_QUANTUM_NS
sfxge(4): remove unimplemented MAC reset method
sfxge(4): fix build with -Werror=pointer-sign
sfxge(4): remove unimplemented sensor reset method
sfxge(4): remove unimplemented sensor reconfigure method
sfxge(4): remove obsolete EFX_MON types
sfxge(4): remove unused EFX PHY symbols
sfxge(4): restructure efx_lic to support V3 licensing
sfxge(4): cleanup: make licensing function quieter
sfxge(4): cleanup: make VPD lookups quieter
sfxge(4): cleanup: make TLV scans quieter
sfxge(4): improve PCIe link speed and width check
sfxge(4): fix V1 licensing MCDI operations
sfxge(4): increase maximum size of license keys
sfxge(4): regenerate MCDI headers from firmwaresrc .yml
sfxge(4): fix license validation check for V3 licenses
sfxge(4): improve TX/RX queue error messages
sfxge(4): set TSOv2 feature flag on Medford
fxge(4): cleanup: run genfwdef to propogate prior changes to TLV headers
sfxge(4): translate MC_CMD_ERR_EEXIST to host errno value
sfxge(4): cleanup: simplify ef10_ev_qcreate
sfxge(4): cleanup: make MCDI license queries quieter in common code
sfxge(4): cleanup: remove misnamed function declaration
sfxge(4): cleanup: quieten more common code MCDI handlers
sfxge(4): store licensing state in efx_lic
sfxge(4): query and use current MTU if setting the MTU fails
sfxge(4): fix Medford timer quantum calculation in common code
sfxge(4): restore clearing of MCDI new epoch flag in common code
sfxge(4): only raise an exception after MC assert or reboot in the common code

asomers (5):
Allow setextattr(8) to take attribute values from stdin
Fix "getextattr -x" with non-ascii attribute values
Improve performance and functionality of the bitstring(3) api
mpr(4) and mps(4) shouldn't indefinitely retry for "terminated ioc" errors
Speed up vdev_geom_open_by_guids

avg (15):
zfsctl: fix several problems with reference counts
mount_snapshot: consolidate all error handling
add zfs_vptocnp with special handling for snapshots under .zfs
zfsctl_snapdir_lookup: always clear VV_ROOT flag of snapshot's root VV_ROOT
dounmount: do not call mountcheckdirs() for mounts with MNT_IGNORE
zfsctl_ops_snapshot: remove methods should never be called
vfs_read_dirent: increment ncookies after adding a cookie
fix up r299902: mount_snapshot requires that the covered vnode is locked
fix a vnode reference leak caused by illumos compat traverse()
avoid deadlock between zfsctl_snapdir_lookup and zfsctl_snapshot_reclaim
gfs_lookup_dot() does not have to acquire any locks
fix locking in zfsctl_root_lookup
try to recycle "snap" vnodes as soon as possible
do not destroy 'snapdir' when it becomes inactive
zfs_ioc_rename: fix a reversed condition

avos (11):
iwn: fix device reset after watchdog timeout.
net80211: do not hardcode size of ic_modecaps field.
wi: fix a comment (0x1fff has 13 bits set).
net80211: restore 'iflladdr_event' event handler.
iwn: fix comments for iwn_read_eeprom_channels().
ifconfig: fix check for 40 MHz channels while applying country/regdomain.
net80211: drop some unused variables / local macros
rtwn: fix double free in raw xmit path.
urtwn: add support for hardware multicast filter setup.
net80211: unbreak 'show all vaps(/a)' ddb command
mwl: drop unneeded NULL pointer check.

bapt (19):
Print the fchmodat mode in human readable fashion
Replace fparseln(3) with getline(3)
Directly call the editor if needed instead of spawning /bin/sh
Only use EDITOR as a variable to specify which text editor to use
Revert r299218 VISUAL is actually a perfecly valid env to specify an editor
Only one program is build in usr.bin/sdiff use the right include
Replace fparseln(3) with getline(3) to remove dependency on libutil
Some style(9) fixes
Rationalize license numbering
Rename dprintf into dbg_printf to avoid collision with dprintf(3)
rename getline into zgetline to avoid collision with getline(3)
Rename dprintf into dbg_printf to avoid collision with dprintf(3)
Rename getline with get_line to avoid collision with getline(3)
Rename getline with get_line to avoid collision with getline(3)
Rename getline with get_line to avoid collision with getline(3)
Rename getline with get_line to avoid collision with getline(3)
Rename getline with get_line to avoid collision with getline(3)
Directly set the NONBLOCK flags when creating the socket
Rename getline with get_line to avoid collision with getline(3)

bcr (1):
Capitalize "LDAP" in the description field of the _ypldap entry.

bdrewery (5):
DIRDEPS_BUILD: Exclude secure/lib* libraries for host builds.
DIRDEPS_BUILD: Update dependencies.
DIRDEPS_BUILD: Run the staged bootstrap-tools version of build-tools.
DIRDEPS_BUILD: Exclude host tools for Makefile.depend.host as well.
Support libsoft for restage.

br (1):
Implement FBT provider (MD part) for DTrace on MIPS. Tested on MIPS64.

bz (17):
The ARM generic timer keeps ticking even if disabled or it expired. In case of updating it with a very low value it might expire again after writing the tval but before updating ctrl. In that case we do lose the status bit saying that the timer expired and we will consequently not get an interrupt for it, leaving the timer in a "dead" state.
The virtual timer is optional on ARM64. Properly handle that condition. [1] In case we do not have an interrupt assignment for the virtual timer, force the physical timer. Also skip resource allocation for any timer we do not have an interrupt assignment for.
While gem5 is not qemu, we treat it as "simulators" or "virtual environments". Add the needed hardcoded gem5 attachments for the UART there, re-using all the other bits.
siba depends on bhndbus; add the device to the kernel config. This gets us past compiling and now only linking is failing on builtins.
Allow orm(4) to be disabled from probing/attaching by a hints entry: hint.orm.0.disabled=1
When using IOPORT with pci_host_generic we are missing setting the rman_end() which leads to end being before start and thus a signed extended very large number of size later on, which kva_alloc() will fail upon and we will panic. Add the missing call.
We already turn the AMD erratum383 workaround on for certain VM_GUEST_VM if specific CPU features are not present. Some simulation environments, e.g. gem5, have been found to require more TLB management from the kernel in certain setups. It is currently unclear why. Turning on the workaround_erratum383 seems to help and make problems (panics) go away. Given this is a fairly uncommon environment so far, allowing the workaround to be manually enabled from loader in order to make debugging and comparing traces easier, but also to allow gem5 run FreeBSD in X86 timing mode, seems to be the least intrusive option for now until the issue if fully understood.
Remove the extra _RD as _RDTUN already includes it.
hunt_ev.c was deleted with r299596. Remove it from the files list to (hopefully) unbreak amd64 LINT kernels.
Remove more files from sfxge(4) which are no longer in the tree in order to make the universe a more happy place.
Revert parts of r299575 in order to make more MIPS kernels build again hopefully. Rather than blindly removing a supposedly unused variable as reported by the Clang Static Analyzer, inspect the code and hide them with proper #ifdefs as they are used in certain conditional parts of the code.
Update file list for sfgxe(4) again and hey, my amd64 kernels compile again.
Blind long shot. Add ofw_gpiobus.c to the SRCS list in the hope to make the remaining MIPS kernels compile which set MODULES_OVERRIDE="gpio..."
Revert r299739. That did not make it better. Instead disconnect gpiokeys from the build until it's fixed and buildable; the SUBDIR list was not ordered properly anyway ;-)
Add HWPMC_HOOKS to std.armv6 to make them available so the module could be loaded.
Mark the unused arguments of various SYSINIT functions __unused.
The GIC (v2 at least) has a bit in the TYPER register to indicate whether the GIC supports the Security Extensions or not. This bit is not the same as the CPU one. Currently we are not checking for either before trying to write to the special registers. This can lead to problems on hardware or simulators that do not provide the security extensions. Add the missing checks. Their interactions with the CPU flag is not entirely clear to me but using a macro will make it easier to quickly adjust the condition once the CPU bits are sorted as well.

cem (36):
efipart: Support an arbitrary number of partitions
sdiff(1): Fix potential NULL deref in cleanup path
netipsec: Fix minor style nit
libc: Add fopencookie(3) wrapper around funopen(3)
Fix buffer overrun in gcore(1) NT_PRPSINFO
compat/opensolaris: Don't redefined off64_t if already defined
fsck_ffs: Don't overrun mount device buffer
ffs_bswap: Copy one UFS dinode member at a time
bsnmp: Don't overrun privkey buffer by copying wrong size
bsnmpd: Fix size of trapsink::comm to match other community arrays
mixer(8): Style: Tag no-return usage() as __dead2
whois(1): Pull out async multiple host connection code into a routine
whois(1): Fix potential double-close and logic mistakes
random(6): Fix double-close
camcontrol(8): Fix trival double-free
camcontrol(8): Fix another trivial double-free
route6d(8): Fix potential double-free
Revert r299467 to fix the kernel build.
subr_vmem: Fix double-free in error case of vmem_create
libkrb5: Fix potential double-free
atf map: Fix double-free in low memory error path
nss/gethostby_test: fix broken vector iteration of gethostbyaddr h_aliases
snd_hda(4): Don't pass bogus sizeof()s to unused sysctl arg2 parameter
snd_hda(4): Don't pass bogus sizeof()s to unused sysctl arg2 parameter (again)
rtadvd(8): Fix a typo in full msg receive logic
kern_descrip_test: Fix trivial buffer overrun with readlink(2)
rpcgen(1): Tag crash() routine as __dead2 for static analyzers
libmp: Fix trivial buffer overrun
print_positional_test: Fix misuse of wchar APIs
dhclient: Fix some trivial buffer overruns
rtadvd(8): Don't use-after-free
nfsd: Fix use-after-free in NFS4 lock test service
rtadvd(8): Fix use-after-close in cm_handler_client
Pollute more places with off64_t and add __off64_t
libc: Actually export fopencookie(3)
stdio.h: Fix function-type typedef style and use _types.h __ssize_t

cy (1):
Make subsequent code reachable.

dchagin (1):
Add a forgotten in r283424 .eh_frame section with CFI & FDE records to allow stack unwinding through signal handler.

delphij (4):
Apply upstream commit 6e06b1c8 (partial, by kientzle):
MFV r299233: Apply upstream fix 11edb37a71851b5bcbd4e51ca6ad3dcbf57e9761:
MFV r299237: apply two upstream revisions to address upstream bug PR/540.
MFV r299716: file 5.27

dim (6):
Import c812a07cd2f95c1403baf0bbe0366e7618d1d6d3 of libcxxrt:
Import libcxxrt master 00bc29eb6513624824a6d7db2ebc768a4216a604.
Import libcxxrt master 1cb607e89f6135bbc10f3d3b6fba1f983e258dcc.
Since contrib/libcxxrt's ancestry was never correct, subversion 1.8 and higher cannot merge to it from the vendor area.
Import libcxxrt master 516a65c109eb0a01e5e95fbef455eb3215135cef.
After r299241, which added bhnd(4), use sh to run the shell scripts for generating nvram maps, to allow a noexec-mounted source directory.

eadler (1):
Don't repeat the the word 'the'

emaste (13):
Import libcxxrt master e64e93fe5bba67a6d52cbe5a97f8770c054bfa65
bhnd: fix build on gcc architectures
Add explicit cast to fix mips and powerpc build after r299090
bhnd: another build fix for GCC-using architectures
Limit Options.inc generation to desired targets
Make libcrypto position independent on i386
Revert r299139: these are generated files
Add nid_namelen bounds check to nfssvc system call
libcrypto: add "Do not modify" comment to generated source files
Deorbit ALLOW_SHARED_TEXTREL
exec.h: Move PS_STRINGS define to kernel-only section
Remove sh accidentally added to dependency lines in r299684
Use awk to run bhnd's awk script, to allow noexec src dir

erj (11):
ixl: Update to 1.4.5-k.
ixl: Update to 1.4.6-k.
ixl: Update to 1.4.7-k.
ixl: Update to 1.4.9-k.
ixl: Update to 1.4.12-k.
ixl: Update to 1.4.13-k.
ixl: Update to 1.4.17-k.
ixl: Update to 1.4.20-k.
ixl: Update to 1.4.24-k.
ixl: Update to 1.4.27-k.
ixl: Re-add a change to TC0 setup made in D5203.

garga (1):
Add missing parameters -N and -l to reroot and halt usage()

gjb (4):
Add (commented) 'vital' flag to the runtime packages. Support for it is expected in pkg-1.8.0, which will cause 'pkg del -afy' to not destroy a system by forcefully removing everything.
Combine the 'reinstall' and 'restage' targets, which appears to have been a mismerge.
Update share/examples/* to properly install /usr/share/examples.
Revert r299292, which was not a mismerge. It has an additional horrible side effect of replacing /etc/{master.,}passwd and /etc/group.

glebius (1):
Make it possible to override NO_INSTALLEXTRAKERNELS.

gnn (3):
Kill off ReiserFS as it is no longer supported, for obvious reasons.
Finish cleaning up after killing ReiserFS.
Final nit in ReiserFS removal.

gonzo (16):
Pass device tree node as a part of gpio_pin_get_by_ofw_XXX API
Use GPIO pin management API in gpiobacklight
Use DEVMETHOD_END instead of its value to indicate end of methods table
Add gpiokeys driver
Add OF_prop_free function as a counterpart for OF_*prop_alloc
Add gpiobus_release_pin function to release mapped pin
Properly release mapped pin in gpio_pin_release
Fix detach routine for gpiokeys
Add loadable module for gpiokeys
Use OF_prop_free instead of direct call to free(9)
Use OF_prop_free instead of direct call to free(9)
Use OF_prop_free instead of direct call to free(9)
Use OF_prop_free instead of direct call to free(9)
Use OF_prop_free instead of direct call to free(9)
Use OF_prop_free instead of direct call to free(9)
Use OF_prop_free instead of direct call to free(9)

grog (1):
Correct use of incorrect grammar.

hiren (1):
Add an option to use rfc6675 based pipe/inflight bytes calculation in htcp.

hselasky (32):
Extend the UQ_NO_STRINGS quirk to also cover the USB language string descriptor. This fixes enumeration of some older Samsung Galaxy S3 phones.
Fix file polling bug.
Allow the argument for the cpu_to_xxxp() and xxx_to_cpup() macros to point to a constant.
Add missing semicolon and properly wrap macro argument.
Use function macros when possible to avoid stray substitutions.
Add more LinuxKPI I/O functions.
Fix kernel LINT build after r299363.
Implement ioremap_wt() and use that in the MEMREMAP_WT case for i386 and amd64.
Ensure waiting loops terminate during cold boot. This fixes boot with MacBookPro and i915kms_load="YES" in /boot/loader.conf.
Add more atomic LinuxKPI functions.
Add missing destruction of mutex.
Factor out common code into "idr_find_layer_locked()" and fix inverted bitmap test for free entry in "idr_replace()".
Add more IDR and IDA related functions to the LinuxKPI.
Return a proper error code instead of panicing when an I/O vector having the wrong number of entries is detected.
The idr_for_each() function is now part of the LinuxKPI. Use the LinuxKPI's idr_for_each() function instead of the local one to avoid compilation issues.
Match Linux behaviour and iterate the IDR tree unlocked. The caller is responsible the IDR tree stays unmodified while iterating.
Resolve LINT linking issue by renaming ida_init() to ida_setup(). The ida_init() symbol name is now taken for use by the LinuxKPI.
Create a dummy "task_struct" on the stack which is returned by "current" inside all LinuxKPI file operation callbacks. The "current" is frequently used for various debug prints, printing the thread name and thread ID for example.
Remove redundant "task_struct_set()". This is done by the "linux_kthread_fn()".
Fix handling of IOCTLs in the LinuxKPI.
The Linux error defines should all be positive, else frequently used error code checks might fail. ERESTART is in the BSD world defined as -1. While at it add more Linux error codes.
Add more Linux defines. Improve some existing ones.
Implement nsecs_to_jiffies() in the LinuxKPI and while at it streamline the rest of the xxx_to_jiffies() functions to have a constant 64-bit argument and use identical range checks for the result.
Add unlikely() statement to optimise the IS_ERR_VALUE() macro.
Define _IOC_SIZE() in the LinuxKPI.
Implement "old_encode_dev()" for the LinuxKPI.
Add more PAGE related defines to the LinuxKPI. Move the definition of "pgprot_t" to "linux/page.h" similar to what Linux does.
Handle case of class being set, but not parent when calling device_register() in the LinuxKPI.
Properly implement "cpu_has_clflush" macro.
Don't dereference parent pointer when it is NULL.
Implement more Linux device related functions in the LinuxKPI. While at it use NULL for some pointer checks.
Only lock Giant when needed in the LinuxKPI.

imp (5):
Document g_reset_bio(). This is long overdue. g_reset_bio will reset the bio to a pristine state should you wish to re-use it for another I/O without freeing it. In the bast, a simple bzero was done to do this, but that may not be sufficient in the future when the bio may contain state that's not part of the documented API. Besides, it makes the code clearer as to the intent...
Bump date. Forgotten in r299312.
Minor space tweak to make things consistent.
It sure would be nice to use printf with wide strings. Implement %S to do that. The C_WIDEOUT flag indicates that the console supports it. Mark the EFI console as supporting this.
Per Ravi Pokala's suggestion, rewrite the g_reset_bio description to be clearer. It also describes it with more nuance. Add missing MLINKS noticed by trasz@. Bump the date.

jasone (2):
Update jemalloc to 4.2.0.
Work around invalid gcc warning (explicit cast apparently lost).

jhb (20):
Use the correct location of the SRIOV capability when enabling ARI.
Save and restore SRIOV-related config registers.
Fix the acpi attachment to always start the worker thread.
Fix and to not require .
Native PCI-express HotPlug support.
Restore name=value format of PCI location strings.
Set the correct vnet in TOE event handlers.
Use DDP to implement zerocopy TCP receive with aio_read().
Forward declare 'struct cpl_set_tcb_rpl' before including t4_tom.h.
Add a new bus method to fetch device-specific CPU sets.
Forward declare 'struct cpl_set_tcb_rpl' before including t4_tom.h.
Don't store generated firmware object files in the source directory.
Add a missing section to a cross-reference.
Move vm_domain_rr_selectdomain() under #ifdef VM_NUMA_ALLOC.
Change the default installation directory for modules to /boot/modules.
Add an EARLY_AP_STARTUP option to start APs earlier during boot.
Use polling spin loops for timeouts during early boot.
Remove the reiserfs(5) manpage and an example of loading the kernel module.
Document the formatting requirements of location and pnpinfo strings.
Rework managing hotplug commands with command completions.

jhibbits (1):
Don't mark the initial portal registers as fully mapped.

jilles (4):
install: Add some tests.
install: When preserving timestamps, also copy the nanoseconds part.
install: Revert utimensat usage (r299850).
libthr(3): Fix xref to _umtx_op(2) now that we have it.

jkim (7):
Fix build without "options PCI_IOV".
Fix intmax_t to uintptr_t casting on 32-bit platforms. Found by GCC.
Make libcrypto.so position independent on i386.
Enable linker error if libcrypto.so contains a relocation against text. It is position independent on all platforms since r299389.
Refine comments to add its origin.
Set CC environment variable for Perl scripts. This is for detecting assembler/compiler capabilities, e.g., AVX instructions.
Regen x86 assembly files for r299480.

jmcneill (16):
Add driver for Allwinner A83T/H3/A64 Gigabit Ethernet.
Add support for the Allwinner A83T (sun8iw6p1) SoC.
Update comment at top of file to mention all currently supported Allwinner SoCs. Previously mentioned A20 and A31, added A31S, A83T, and H3.
Add allwinner,sun8i-a83t-i2c to the list of compatible devices.
Add DTS files for the Allwinner A83T SoC and the Sinovoip BananaPi BPI-M3 development board.
Add node for A83T NMI interrupt controller.
Add a driver for the Allwinner Reduced Serial Bus (RSB).
Add a basic driver for X-Powers AXP813 and AXP818 power management ICs.
Add and enable Allwinner RSB and AXP81x power management IC drivers.
Add pmic (AXP813) child node to r_rsb for Sinovoip BananaPi BPI-M3.
Allow RSB to be used from interrupt handlers.
Add support for the AXP813/AXP818 power key and GPIO pins.
Add gpio-leds for Sinovoip BananaPi BPI-M3.
Reduce complexity of RSB by always using polling mode. Unfortunately gpiobus methods can be called with non-sleepable locks held.
Enable SATA power regulator at boot on Sinovoip BananaPi BPI-M3.
Add Allwinner A83T thermal sensor controller support.

kadesai (7):
There was no ERROR handling for firmware command TIMEOUT. This patch takes care of any firmware command timeout scenarios by initiating OCR.
Similar to RAID map for Logical Drives, now JBOD map has been introduced for JBODs. Driver has to sync the JBOD map with firmware and use sequence number as a reference for JBOD FastPath I/O's.
This patch implements driver support for 1MB IO size.
Implemented interrupt Config Hook in mrsas(4) to defer some of the tasks, like: riegistering AEN, creating cdev.
Added supprot for Avago Intruder controller.
Following bugs fixed as part of this patch: .Kernel panic while collecting kdump (reported by Doug A.) .NULL pointer dereference at sertain places .Removed dead codes
Version update patch.

kan (1):
Fix nvram2env after bus_space_fdt removal.

kevlo (2):
Follow-up r298818: hide size of 'bands' array behind a macro.
The EEPROM is lying about antennas. Don't hardcode things based on the chip version which is not what the vendor driver happens to do.

kib (14):
Do not leak THR_FLAGS_SUSPENDED from the previous suspend/resume cycle. The flag currently is cleared by the resumed thread. If next suspend request comes before the thread was able to clean the flag, in which case suspender skip the thread.
Warn about consequences of suspending threads in arbitrary state of execution.
Add locking annotations to amd64 struct md_page members.
Style: wrap long lines.
Add vfs_hash_ref(9) function, which finds a vnode by the hash value and returns it referenced.
Use vfs_hash_ref(9) to eliminate LK_EXCLOTHER kludge. As a consequence, the nfs client override of VOP_LOCK1() is no longer needed.
Typo in comment.
Document the non-obsoleted kernel interfaces used by libthr.
Add thr*.2 and _umtx_op.2 manpages to the build.
Eliminate pvh_global_lock from the amd64 pmap.
Fix typo in the message.
Fix comments.
Add SUSv4 reference macro to our groff mdoc. mdocml already supports it.
Add implementation of robust mutexes, hopefully close enough to the intention of the POSIX IEEE Std 1003.1TM-2008/Cor 1-2013.

kp (1):
vtnet: fix panic on unload

manu (5):
Merge a20_mp_start_ap and a31_mp_start_ap into one function. This function works with all smp non-multicluster allwinner SoC (A20, A31, A31S and H3).
When PLATFORM_SMP is enabled, check if tunable hw.ncpu is set and valid (>= 1 and <= real ncores) and set mp_ncpus to it.
Add support for Allwinner H3 SoC. For now clocks, GPIO, Pinmux, UART, MMC, EHCI is supported. Tested on OrangePi-One
Allow arm generic_timer code to be included even if not present in the SoC.
Add driver for "generic-ohci" as defined by FDT. If platform support EXT_RESOURCES, clocks and resets are handled out of the box. If not driver can be subclassed using the generic_usb interface. generic_usb name was choosed because at one point I'll add generic-ehci FDT driver.

markj (10):
Remove two useless local variables from prelist_update().
Clean up callers of nd6_prelist_add().
Remove obsolescent comments from nd6_purge().
Fix DTrace test ATF wrapper generation.
Fix a bug in r298340: "sim" was referenced after being unset.
Remove an always-false error check in the AIFADDR_IN6 handler.
Add sysctl descriptions for net.inet6.ip6 and net.inet6.icmp6.
Fix a few style issues in the ICMP sysctl descriptions.
Use Node Information flag names instead of hard-coding their values.
opt_kdtrace.h is not needed for SDT probes as of r258541.

mav (19):
Improve validation of some POPULATE TOKEN parameters.
More XCOPY parameters validation.
Validate XCOPY range offsets and lengths.
Fix previous commit to report proper error code.
Allow sleepable allocations in enclosure daemon threads.
MFV r299434: 6841 Undirty freed spill blocks
MFV r299436: 6843 Make xattr dir truncate and remove in one tx
MFV r299438: 6842 Fix empty xattr dir causing lockup
MFV r299440: 6736 ZFS per-vdev ZAPs
MFV r299442: 6762 POSIX write should imply DELETE_CHILD on directories - and some additional considerations
MFV r299449: 6763 aclinherit=restricted masks inherited permissions by group perms (groupmask)
MFV r299451: 6764 zfs issues with inheritance flags during chmod(2) with aclmode=passthrough
MFV r299453: 6765 zfs_zaccess_delete() comments do not accurately reflect delete permissions for ACLs
Fix FCP_CMD LENGTH mask in ATIO7 IOCB.
No need to check login status for ZOMBIE ports.
Reduce verbosity of "now sending synthesized status" message.
Completely remove broken now autologin port flag.
Make RQCS_PORT_LOGGED_OUT for ZOMBIE ports retriable.
Fix NULL-dereference panic if VESA reports zero modes.

maxim (1):
o Stop to mention the slowstart_flightsize sysctl in the tuning(7).

mjg (1):
fd: assert dropped filedesc lock in fdcloseexec

mm (6):
Trim libarchive/dist using FREEBSD-Xlist
Keep full libarchive distribution in vendor branch (prep for 3.2.0 update)
Update vendor/libarchive/dist to git commit 61c56e5 (post 3.2.0)
MFV r299425:
Fix broken cpio behavior. Suggested upstream as PR #704.
Revert r299576 and MFV r299895:

mmel (5):
OFWGPIOBUS: Make ofwgpiobus_devclass externaly visible. It's needed for binding of gpio controllers.
TEGRA: Don't use common name 'gpio' for tegra specific GPIO driver. Using commn name for different drivers breaks generic kernel creation.
OFWIICBUS: Make ofwiicbus_devclass externaly visible. It's needed for binding of iic controllers.
TEGRA: Don't use common name 'iicb' for tegra specific IIC driver. Using commn name for different drivers breaks generic kernel creation.
TEGRA: Also attach gpioc to tegra_gpio driver. Forgotten in r299854.

n_hibma (2):
Allow silencing of 'promiscuous mode enabled/disabled' messages.
Add myself to the list of src committers. I've never been added it seems.

ngie (57):
Use DEVMETHOD_END ({ NULL, NULL }) instead of hardcoding { 0, 0 }
Default NO_INSTALLEXTRAKERNELS to "no" to unbreak the build
Default NO_INSTALLEXTRAKERNELS to yes, not no
Merge ^/user/ngie/release-pkg-fix-tests to unbreak how test files are installed after r298107
Revert r299096
Only install NIS section 8 manpages if MK_NIS != no
Fix r299162
Only install etc/rc.d/{rfcomm_pppd_server,sdpd} if MK_BLUETOOTH != no
Read the contents of the snapshot files properly
Add missing prototype for getchar(..)
Include arpa/inet.h to get the htonl(3) definition
Remove unused const variable
Put slba and elba under LOADER_GELI_SUPPORT ifdef to mute warning about them being unused in the non-GELI case
Add geliboot_crypt(..) definition to geliboot.h to mute a -Wimplicit-function-declaration warning
Fix a -Wformat warning by using %d, not %ld for md_iterations
Remove NO_WERROR from libbsnmp/Makefile.inc
Move _bsnmptools_debug extern from bsnmpmap.c to bsnmptools.h
Staticize global variables only used in bsnmpimport.c to fix -Wmissing-variable-declarations warnings
Fold two malloc + memset(.., 0, ..) calls into equivalent calloc calls
Fix some trivial clang/gcc warnings in bsnmptc.c
Use calloc instead of memset(.., 0, ..) + malloc
Sort variables in parse_ascii(..) per style(9)
parse_ascii: make count size_t to mute a -Wsign-compare issue
Mark snmptoolctx unused in parse_authentication(..), parse_privacy(..), parse_context(..), and parse_user_security(..).
Mute -Wstrlcpy-strlcat-size warning by using nitems with the size of the buffer
Use the size of the destination buffer, not the source buffer.
Fix theoretical buffer overflow issues in snmp_oid2asn_oid
Fix logically dead code pointed out by clang/Coverity
Mute sign compare warning by casting rc to u_int to match nbindings' type
Use the size of the destination buffer instead of the malloc size, repeated, in order to mute a -Wstrlcpy-strlcat-size warning
Fix up r299764
Do minimal work necessary to cure a -Wunused-but-set-variable warning from gcc
Use a consistent errno save/restore pattern before running strtoul
Convert tok from enum tok to int32_t in function calls
Fix up both r299764 and r299770
Replace malloc + memset(.., 0, ..) with calloc calls
Fix up r299769
Bump WARNS to 6
Replace QUADFMT with %ju and QUADXFMT with %jx and cast values with uintmax_t
Use sizeof(..)s for the destination buffers instead of hardcoded values corresponding to the destination buffer sizes
Correct function names that failed in error messages
Use strdup instead of malloc + strlcpy
Replace malloc + memset(.., 0, ..) with calloc calls
Remove NO_WERROR.clang from this Makefile
Use SNMPD_INPUT_FAILED instead of SNMP_CODE_FAILED
Fix -Wcast-align warnings
Remove NO_WERROR and add WARNS?= 6
Remove trailing whitespace in license tort
Fix fully canonicalized example for myvariable.27...
Fix .Dd
Reduce redundancy after release-pkg merge to head in r298107
Make FILESYSTEMS, dumpon, and var not depend on zfs and zvol
Conditionalize etc/rc.d/{zfs,zvol} install on MK_ZFS != no
Remove etc/rc.d/{zfs,zvol} if MK_ZFS != no
Conditionalize installing etc/rc.d/atm{1,2,3}
Fix broken dependency with routed when MK_ROUTED != no
Make hostid_save depend on hostid

np (1):
cxgbe(4): Update T5 and T4 firmwares to 1.15.37.0.

peter (1):
Attempt to fix r299660: slba is used only for the GPT case. elba is used if either GPT or LOADER_GELI_SUPPORT is enabled.

pfg (56):
sys/isa: minor spelling fixes.
Misc. build: minor spelling fixes.
kgssapi: insignificant spelling fix.
vmm(4): Small spelling fixes.
sys/amd64: Small spelling fixes.
pmcstudy.8: minor "efficiency" fix.
sys/arm: Minor spelling fixes.
sys/sparc64: minor spelling fixes.
tools: minor spelling fix in locales template.
dev/pms: minor spelling fixes for the FreeBSD-specific part.
fsck_msdosfs: Adjust a check.
sys/rpc: minor spelling fixes.
nvmecontrol.8: minor spelling fix.
dev/usb: unsigned some loop indexes.
sys/cam/scsi: unsigned some loop indexes.
ofed/drivers: minor spelling fixes.
sys/cam/scsi: unsigned some loop indexes.
sys/ofed: minor spelling fix.
libc/xdr: unsign some loop indexes.
cam/scsi: Remove mostly unused scsi_quirk_table_size.
sys/security: minor spelling fixes.
Revert r298938: Change x/a to work similar to gdb.
dev/e1000,ixgbe: minor spelling fixes.
sys/opencrypto: minor spelling fixes.
nfsserver: minor spelling fix in comment.
sed: rewrite the main loop.
Simplify redundant malloc'ing in sed -e.
otus: minor catchup with OpenBSD.
Revert r299279: Simplify redundant malloc'ing in sed -e.
aic7xxx: minor spelling fixes.
sed.1: Correction for the case insensitive case.
librpcsec_gss: remove redundant code.
sys/boot/common: use of spaces vs. TAB.
chat(8): use NULL instead of zero for initializing a pointer.
traceroute6(8): use NULL instead of zero for initializing a pointer.
i2c(8): uninitialized variable (UNINIT).
bhyve: replace uninitialized variable "offset".
bhyve: consider the bogus case of a negative bar idx.
i2c(8): uninitialized variable (UNINIT).
timed(8): use NULL instead of zero for pointers.
timed(8): Use stronger random number generator.
timed(8): Use strlcpy() for bounds checking.
Undo the bogus gethostname() change from r299709.
routed(8): use NULL instead of zero for pointers.
routed: Fix use after free.
routed(8): Use arc4random.
Avoid NULL de-references.
routed(8): Avoid NULL de-reference and two possible memory leaks.
routed(8): Dereference before null check.
routed(8): Misc. cleanups to squelch Coverity.
routed(8): Use arc4random_uniform instead of arc4random.
Add a small set of logical operators to DDB command language.
libefi: Tag an unreachable switch default.
dev/ow: Tag an unreachable switch default.
makefs(8): use NULL instead of zero for pointers.
makefs(1): use all the random(3) range.

rmacklem (6):
Give mountd -S priority over outstanding RPC requests when suspending the nfsd.
Don't increment srvrpccnt[] for the NFSv4.1 operations.
Make "-S" a default option for mountd.
Fix fuse to use DIRECT_IO when required.
Fix fuse so that stale buffer cache data isn't read.
Fix fuse for "cp" of a mode 0444 file to the file system.

royger (6):
rtc: fix inverted resolution check
xen/pvclock: set the correct resolution for the Xen PV clock
bitset: introduce helpers to allocate a bitset at runtime
xen/privcmd: fix integer truncation in IOCTL_PRIVCMD_MMAPBATCH
xen/resume: only send BITMAP IPIs if CPUs > 1
xen-netfront: fix feature detection

rrs (1):
This small change adopts the excellent suggestion for using named structures in the add of a new tcp-stack that came in late to me via email after the last commit. It also makes it so that a new stack may optionally get a callback during a retransmit timeout. This allows the new stack to clear specific state (think sack scoreboards or other such structures).

sbruno (2):
If ALTQ is defined in the kern conf, switch to Legacy Mode.
Since igb_detach() cleans up all the data structures that will be free'd by the functions following its call, we can simply return instead of crashing and burning in the event of igb_detach() failing.

scottl (2):
Move mutex initialization from PCI probe to PCI attach. Drivers are not allowed to create any persistent state in their probe routine because it's not guaranteed that they'll win the election and be allowed to attach.
Don't jam the softc in the device_probe routine. The softc isn't owned by the driver here, so it shouldn't be accessed, let alone written to. Remove the nearby debug line, it's the only thing that depended on the softc, and it depended on it in a way that couldn't work in this part of the code.

sephe (11):
kern: Factor out function to convert hash flags to malloc(9) flags
tcp/syncache: Add comment for syncache_respond
hyperv/hn: Extract RSS hash value and type.
hyperv/stor: Enable INQUIRY result check only on WIN10 like host systems
mxge: Setup mbuf flowid before calling tcp_lro_rx().
hyperv/hn: Combine per-packet-information parsing.
hyperv/vmbus: Simplify event processing
hyperv/vmbus: Simplify event processing
hyperv/vmbus: Fix event processing loop indentation.
atomic: Add testandclear on i386/amd64
hyperv/vmbus: Use atomic_testandclear

sgalabov (6):
mtk_gpio fixes
mtk_spi cleanup commented printfs
Introduce basic etherswitch support for Ralink SoCs
Fix issues with mt762x etherswitch driver
Import LEDE dts files for Ralink/Mediatek
Add proper PCIe init for MT7628/MT7688 SoCs

sjg (2):
Allow -f - to read from stdin.
Use != 0 to be clear

skra (9):
Remove superfluous check. The pic_dev member of struct pic is never NULL on PIC found by pic_lookup().
INTRNG - redefine struct intr_map_data to avoid headers pollution. Each struct associated with some type defined in enum intr_map_data_type must have struct intr_map_data on the top of its own definition now. When such structs are used, correct type and size must be filled in.
Set correct size to the size member of struct intr_map_data when initialized. As the size member is not used at the present, it did not break anything.
INTRNG - use gpio interrupt modes definitions added in r298738 and implement also GPIO_INTR_EDGE_BOTH mode. All reasonable interrupt modes are supported now.
INTRNG - support new interrupt mapping type INTR_MAP_DATA_GPIO introduced in r298738.
INTRNG - use gpio interrupt modes definitions added in r298738 and implement also GPIO_INTR_EDGE_BOTH mode. All reasonable interrupt modes are supported now.
INTRNG - support new interrupt mapping type INTR_MAP_DATA_GPIO introduced in r298738.
INTRNG - update gpio pin capabilities according to r299166.
INTRNG - update gpio pin capabilities according to r299198.

skreuzer (2):
Document r298695, ntp updated to 4.2.8p7.
Document r296633, OpenSSH updated to 7.2p2.

slm (12):
Update MPI headers to version 42.
Several style changes and add copyrights for 2016.
Add support for the Broadcom (Avago/LSI) 9305 16 and 24 port HBA's.
No log bit in IOCStatus and endian-safe changes.
Change logging level for a debug string to use MPR_LOG instead of MPR_INFO.
Fix possible use of invalid pointer.
No need to set the MPRSAS_SHUTDOWN flag because it's never used.
Use callout_reset_sbt() instead of callout_reset() if FreeBSD ver is >= 1000029
done_ccb pointer can be used if it is NULL.
Disks can go missing until a reboot is done in some cases.
Bump version of mpr driver to 13.00.00.00-fbsd
Updates to mpr driver man page.

sobomax (1):
Add missing include "opt_geom.h" to make GEOM_UZIP_DEBUG option working, also rename enum member so it does not conflict with GEOM_UZIP option name.

theraven (3):
Imported new libcxxrt (one-line fix).
Import new libcxxrt into vendor branch.
Imported newer libcxxrt into vendor branch.

trasz (25):
Document the "Protocol" field of iscsi.conf(5).
Add the "-r" flag to iscsictl(8).
Refactor the root mount hold code and add the wait to etc/rc.d/fsck. This fixes mounting (non-root) USB drives on boot with fsck enabled (with non-zero 'Pass#' field in fstab(5)).
Remove NULL checks after M_WAITOK allocations from firewire.
Remove NULL check after M_WAITOK allocations from mfi(4).
Remove misc NULL checks after M_WAITOK allocations.
Remove NULL checks after M_WAITOK allocations from mps(4).
Remove NULL checks after M_WAITOK allocations from mpr(4).
Add "camcontrol reprobe" subcommand, and implement it for da(4). This makes it possible to manually force updating capacity data after the disk got resized. Without it it might be neccessary to reboot before FreeBSD notices updated disk size under eg VMWare.
Update the example growfs(8) manual page to include information on how to make the system "notice" the updated disk size.
Make sdhci(4) work after suspend/resume for chipsets that require the frequency quirk. This makes it work on eg ThinkPad T420.
Cosmetic fixes for growfs(8) - remove unneeded capitalization and a spurious newline, clarify a message.
When rerooting, ignore ESRCH returned from kill(2). I couldn't reproduce this by myself, but apparently it sometimes happens when rerooting from single user mode.
Remove NULL checks after M_WAITOK allocations from sys/mips/.
When rerooting, take the init(8) path from argv[0] instead of fetching it via kern.proc.pathname sysctl(2). In some cases - booting from NFS or rerooting after replacing the init binary with a new one - the sysctl would fail. In other cases - after upgrading, which moves the old init to /sbin/init.bak - it would return /sbin/init.bak, which is the actual path of the running init, instead of /sbin/init.
Stop hiding errors that result in failure to mount /dev. Otherwise, missing /dev directory makes one end up with a completely deaf (init without stdout/stderr) system with no hints on the console, unless you've booted up with bootverbose.
Make it possible to reroot into NFS. This means one can have eg an NFSv4 root over WiFi: boot from md_root (small rootfs image preloaded by loader(8)), setup WiFi, and then reroot into the actual root, over NFS.
Remove NULL checks after M_WAITOK allocations from isp(4).
Add initial support for negotiating iSER parameters to iscsid(8). Some rework might be needed to support asymetrical limits, but this should be ok for now.
Make ICL_KERNEL_PROXY compilable.
Extend the ICL interface to include the PDU pointer in the task_setup method. This is required for upcoming iSER support.
Add icl_conn_connect() ICL method, required for iSER.
Make iscsi_ioctl_daemon_send() actually work by adding missing locking.
Silence down the "insmntque() failed" autofs error; it happens on shutdown and is perfectly normal.
Rename icl_proxy.c to icl_soft_proxy.c, to make it clear it's a part of software ICL backend.

truckman (44):
Check for socket creation success before calling bind().
Use strlcpy() instead of strncpy() to copy the string returned by setlocale() so that static analyzers know that the string is NUL terminated. This was causing a false positive in Coverity even though the longest string returned by setlocale() is ENCODING_LEN (31) and we are copying into a 64 byte buffer. This change is also a bit of an optimization since we don't need the strncpy() feature of padding the rest of the destination buffer with NUL characters.
Use strlcpy() instead of strncpy() when copying the encoding value to ensure that the destination is NUL terminated. Length truncation of one more character should not be an issue since encoding values that long are not supported by libc. The destination string is treated as a NUL terminated string, but it is only passed to strcmp() for comparison to a set of shorter, fixed length strings, so this is not a serious problem.
Use strlcpy() instead of strncpy() when copying date and subj to ensure that these are properly NUL terminated since they are passed to printf().
Use strlcpy() instead of strncpy() when copying to dom_domain to ensure that the latter is NUL terminated since it is passed as an argument to printf().
Avoid Coverity NUL termination warning about strncpy() by using memcpy() instead. It's probably a bit more optimal in this case anyway. [1]
If fchdir() fails, call err() instead of warn().
Use strlcpy() instead of strncpy() to ensure that qup->fsname is NUL terminated. Don't bother checking for truncation since the subsequent quota_read() should detect that and fail.
Use strlcpy() instead of strncpy() to ensure that ret->name is NUL terminated. The source and destination buffers are the same size and the source *should be NUL terminated, but be paranoid.
Use strlcpy() instead of strncpy() to ensure that qf->fsname is NUL terminated. Don't bother checking for truncation since the subsequent stat() call should detect that and fail.
Simplify some overly complex code so that both humans and Coverity have a better chance of understanding it.
Avoid indexing an array with a negative value.
Mark usage() as __dead2 so that Coverity doesn't think that execution continues after the call and uses a negative array subscript.
Declare line[] in the outermost scope of retrieve() instead of declaring it in an inner scope and then using it via a pointer in the outer scope.
Revert r299584: Mark usage() as __dead2 so that Coverity doesn't think that execution continues after the call and uses a negative array subscript.
Instead of ignoring the EEXIST from link(), unconditionally unlink the terget before calling link(). This should prevent links to an old copy of the file from being retained.
Always return either a dynamically allocated string or NULL from expand(). Never return the name parameter, which could be a the buf[] buffer which is allocated on the stack by getdeadletter() and which would then be used after getdeadletter() has returned.
Move a call to cam_freeccb() to avoid a use after free error and a later double free.
Properly compute the size argument to pass to malloc().
Another attempt at resolving CID 1305629. The test of cmd == -1 may make Coverity think that other negative values of cmd (used as an index) are possible. Testing < 0 is a more common idiom in any case.
When handling SIOCSIFNAME ensure that the new interface name is NUL terminated. Reject the rename attempt if the name is too long.
Use strlcpy() instead of strncpy() when copying ifname to ensure that it is NUL terminated. Additional NUL padding is not required for short names.
Use strlcpy() instead of strncpy() when copying ifname to ensure that it is NUL terminated. Additional NUL padding is not required for short names.
Use strlcpy() instead of strncpy() when copying ifname to ensure that it is NUL terminated. Additional NUL padding is not required for short names.
Use strlcpy() instead of strncpy() when copying ifname to ensure that it is NUL terminated. Additional NUL padding is not required for short names.
Use strlcpy() instead of strncpy() when copying ifname to ensure that it is NUL terminated. Additional NUL padding is not required for short names.
Likely a false positive ... but make sure that -1 can't be used as an array index by splitting up a test.
Since rdata is only used as an argument to the immediately following call to res_nopt_rdata(), revert r299879 and fix CID 603941 by moving rdata = &buf[n]; inside the if block.
Don't free fnamebuf before we calling cfgfile_add(). This changes a use-after-free error into a minor memory leak.
pdu_delete(request) frees request, so move the call after login_new_response(request) to avoid a use-after-free error
NULL releasedfl after calling deallocate_file_lock() which frees it to avoid a use-after-free error in the debuglog() call at the top of the loop.
Add an assertion to catch a potential underflow in an array index calculation, though this should not happen in the current code.
Don't call free_addrselectpolicy(&policyhead) before policyhead has been initialized.
Hoist the getpwnam() call outside the first if/else block in pam_sm_chauthtok(). Set user = getlogin() inside the true branch so that it is initialized for the following PAM_LOG() call. This is how it is done in pam_sm_authenticate().
Set retval in the empty password case to avoid a path through the code that fails to set retval before falling through to the final return().
Fix off by one error in index limit calculation
Increase size of argv[] array to avoid running off the end.
Fix an off by one error to avoid overflowing rp[].
Fix off by one error that overflowed the rep_len array when doing the final NUL termination.
Actually use the loop interation limit so carefully computed on the previous line to prevent buffer overflow. This turns out to not be important because the upstream xdr code already capped the object size at the proper value. Using the correct limit here looks a lot less scary and should please Coverity.
Set ai2 to NULL in in find_host() before the loop and after calling freeaddrinfo() on it to indicate that it doesn't point to a valid addrinfo list. This fixes this Coverity issues: 1006368 Uninitialized pointer read 1018506 Double free 1305590 Resource leak that can be triggered in the hp->hostname[0] != '\0' case.
Don't walk off the end of the array when proto isn't explicitly listed above. Instead update the catch-all "Others" bucket.
When clearing rtmsg, pass &rtmsg to bzero() instead of the address of just the header
swprintf() and apparently wcsftime() want the their output buffer size specified in terms of the the number of wide characters and not sizeof(buffer).

tuexen (6):
Cleanup a comment.
Use a format string in snprintf() for consistency.
Enable SACK Immediately per default.
Retire net.inet.sctp.strict_sacks and net.inet.sctp.strict_data_order sysctl's, since they where only there to interop with non-conformant implementations. This should not be a problem anymore.
Fix a bug introduced by the implementation of I-DATA support. There was the requirement that two structures are in sync, which is not valid anymore. Therefore don't rely on this in the code anymore. Thanks to Radek Malcic for reporting the issue. He found this when using the userland stack.
Fix a locking bug which only shows up on Mac OS X.

vangyzen (3):
Work around (ignore) broken SRAT tables
sh: Handle empty hostname and $PWD when building prompt
iconvctl(3): remove superfluous NULL pointer tests

woodsb02 (2):
Add myself (woodsb02) as ports committer, and update mentor/mentee relationships
Add myself (woodsb02) to the calendar.freebsd file

zbb (6):
Fix GICv3 build after r299090
Bind CQ interrupts and tasks to separate CPUs in VNIC
Add HW RSS support to VNIC driver
Fix I/O coherence issues on ThunderX when SMP is disabled
Fix deadlock in VNIC when using single CPU only
Add support for MTU chaning and Jumbo frames to VNIC

zeising (1):
Fix kernel build with parallel make.