Stable release: HardenedBSD-stable 11-STABLE v1100055.1

HardenedBSD-11-STABLE-v1100055.1 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Highlights:

  • Implement mitigation for Spectre version 2 attacks on ARMv7.
  • Limit glyph count in vtfont_load to avoid integer overflow. (5966c5fc6c1941b9d936ad21eb8c8ca9e37a0ec0) [CVE-2018-6917 FreeBSD-SA-18:04.vt]
  • Fix several leaks of kernel stack data through paddings. (6cbc066578e9d120086a39fffc9fb76f3a2ae3b1 5a4de6ef78e289193b2b14c0e68ad00443323813) [FreeBSD-SA-Candidate]
  • MFC r328331: Support configuring arbitrary limits(1) for any rc.conf daemon (0f8014018211d7891dfa72334526a4c5d7201490)
  • MFC r324673: mbuf(9): unbreak m_fragment() (db82dd0a6a9de84e8678be871ebd8821c9802628)
  • LLVM 6.0 (6cd0d336d6427448ee7e76d16538cd3420c27526) [SA-18:03.speculative_execution]
  • Add an option called "random" that combined with "ether" can generate a random MAC address for an Ethernet interface. (8d44e96c549ac602b1bca95375e9c2acffeb5f1d)
  • HBSD MFC r330880: Don't overflow the kernel struct mdio in the MDIOCLIST ioctl. (880d7e96cdd88fdeae5e631ae86db42d2665fa81) [FreeBSD-SA-Candidate]
  • MFC r315522: use INT3 instead of NOP for x86 binary padding (71918e8f61597def8a0205b9b259f791777bbdc9)
  • MFC r324560: allow posix_fallocate in capability mode (232a0597ebf908a011544eb3ca776206859ab837)
  • MFC: r331627 Merge OpenSSL 1.0.2o. (54f770b796bd94590b148914cf8fb487a5e7d885) [CVE-2018-0739 FreeBSD-SA-Candidate]
  • Reject CAMIOGET and CAMIOQUEUE ioctl's on pass(4) in 32-bit compat mode. (afaab4bdf5993f92b5013cb423c5c34216bd1319)
  • MFC r331333: Fix kernel memory disclosure in drm_infobufs (cb7bbdc0771f4360d3d1c58982075bd522ff7079) [FreeBSD-SA-Candidate]
  • MFC r331339: Correct signedness bug in drm_modeset_ctl (54cecb661544f1a1541a1ee37b8b97df6c5eebb1) [FreeBSD-SA-Candidate]
  • MFC r325047: dma: fix use-after-free (f4c0052c8e6632871a26af73b98acafe10d1c9c1) [FreeBSD-SA-Candidate]
  • MFC r330745: Make root mount timeout logic work for filesystems other than ufs
  • Fix information leak in geli(8) integrity mode (c9ede81c61b5d300b5acb89d4167b11f917be4c4) [FreeBSD-SA-Candidate]
  • MFC r330034 Fix a memory leak in syslogd
  • MFC 328102: Save and restore guest debug registers. (5a911c66c42eba7c480f5f566edcabad716ddbe8) [FreeBSD-SA-Candidate]
  • EFI updates
  • I2C updates
  • LinuxKPI updates
  • Raspberry PI updates
  • ZFS updates
  • indent updates
  • less updates
  • makefs updates
  • mlx4 updates
  • mlx5 updates
  • pf updates
  • syscons updates

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100055.1-amd64-bootonly.iso) = d023527a8e385f69787b5e1e2a9f52849cc9a7b439c4180ca285c753412aa9352da21bd8286b0d60960b626d5d1856c0ba749a135f36f6e39a597455aeeb22e9
SHA512 (HardenedBSD-11-STABLE-v1100055.1-amd64-disc1.iso) = 871fa40b3963ccb31df94f8cc4a83ef931de0c1facc3a0eb1175435c9f996297678e8910968d82d98f0a0cf46391aed568c52ce5261fd5c646d40f3eb18b7107
SHA512 (HardenedBSD-11-STABLE-v1100055.1-amd64-memstick.img) = 1ef4ac1af66a6428550033849b91590f4ed8c6bb075ae8203e306b98d1f4c0b88cfa9c5b41373a580a46ece9f84148a144734f763f1064d9a0763ff262a080fe
SHA512 (HardenedBSD-11-STABLE-v1100055.1-amd64-mini-memstick.img) = 3be90dc646efa29e724324d2220c4616ba23ae28df038d0312750bea9463fc4cdd8385f5617da8b93a8d537e1e7b4134f0d124e723f503dd2656d927b986210d

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlrEsR8ACgkQgZsRom/9
GI2cBRAAl3GIIfyCrzGntsbsPJhB6CA6DsGLGrw6Y8m3PdvNLe7re5HXbHp3WkOA
6XzQ91+Ip7ZX7+CyLtdxAe/mUuqD4zdxRqHehrMCQgXgEeL3SndUrs46iDS0mXhv
rGi8a3mg5nX2JqWvhh4ALThWSf7gn/JqQTVHgvVXClr/ruVJJMfJlYOcQb96aN2g
sQSXnW27Zf8aauGC4SkDip4mRIFrEEVMRILCOeCUDWkDjecOGSZgKyFuV9299ln2
LTocbJBGuYPcj3xRtK8YgRIQ6v/b5gEiZUhUnonOC6OMOAm46fhjRIa5DpcFBOdT
/W4BLML5vKzlXutJKCMJGua+wRwvz348glj+hr5R+oedjNhb6K+EA6Fz3e205UY2
IRRrakEpXVagElp9fgLxc3n+sh3Rm1hsf7undgdslV4oN4+61xdrEEDIOux0OHtX
8/hFd9e3lBctwGl34Mx+d7FcF/CbFBdQjUuk3zp2NFSluk1o8yVLiUQG17Cq6VYd
MeNRL1RlSuAWuxjhL3N7mPwOVn71Z219lTJu84uaHuZn+nTRNS4gKk1I/qdPUuX9
/lY+4T6lqUzzjo3hS99jVwWgAjaunOHbjG0l2yDMeZceQ0PIt9MDAWEjiKnFnJj3
lOpHE0132ApHEmbl+SQDFSrpJaRFOmkbdVT2N4FtsPGNNdmsR6A=
=kv71
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter (10):

  • HBSD MFC r328011: Provide some mitigation against CVE-2017-5715 by clearing registers upon returning from the guest which aren't immediately clobbered by the host. This eradicates any remaining guest contents limiting their usefulness in an exploit gadget.
  • HBSD MFC r302595: Remove assumptions in MI code that the BSP is CPU 0.
  • HBSD MFC r329162: Provide further mitigation against CVE-2017-5715 by flushing the return stack buffer (RSB) upon returning from the guest.
  • HBSD MFC r331640: Fix several leaks of kernel stack data through paddings.
  • HBSD MFC r330821: Use the stack for temporary storage in OTIOCCONS.
  • HBSD MFC r330880: Don't overflow the kernel struct mdio in the MDIOCLIST ioctl.
  • HBSD MFC r331008: Restore the behavior of returning the total number of units by unconditionally incrementing i in the loop;
  • HBSD MFC r324393: reapply random(4): Add missing source descriptions
  • HBSD MFC r324394: reapply random(4): Gather entropy from Pure sources
  • Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master


Oliver Pinter + (71):

  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master


Shawn Webb (15):

  • Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
  • HBSD: Resolve merge conflict
  • Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
  • HBSD: Resolve merge conflict
  • Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
  • HBSD: Resolve merge conflict
  • Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
  • Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
  • Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
  • HBSD: Resolve merge conflict
  • Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
  • HBSD: Resolve merge conflict
  • Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
  • Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
  • HBSD: Resolve merge conflict


ae (7):

  • MFC r330536: Define ethernet type 0x88A8 as ETHERTYPE_QINQ.
  • MFC r330537: Add mapping for several ethernet types used by Linux to FreeBSD ethernet types.
  • MFC r330792: Do not try to reassemble IPv6 fragments in "reass" rule.
  • MFC r330771: Remove obsoleted and unused key_sendup() function. Also remove declaration for nonexistend key_usrreq() function.
  • MFC r330779: Rework key_sendup_mbuf() a bit:
  • MFC r330781: Update pfkey_open() function to set socket's write buffer size to 128k and receive buffer size to 2MB. In case if system has bigger default values, do not lower them.
  • MFC r331203: Remove note that `fwd tablearg` is supported only by IPv4. IPv6 is supported too.


araujo (2):

  • MFC r329817:
  • MFC r305860, r306371


asomers (8):

  • MFC r323314, r323338, r328849
  • MFC r329067:
  • MFC r329108:
  • MFC r329174:
  • MFC r328896, r329236
  • MFC r329265, r329384
  • MFC r329273, r329275, r329277, r329284, r329344
  • MFC r329412:


avg (12):

  • MFC r330338: db_nextframe/amd64: catch up with r328083 to recognize fast_syscall_common
  • MFC r329714: MFV r329713: 8731 ASSERT3U(nui64s, <=, UINT16_MAX) fails for large blocks
  • MFC r329719: MFV r329718: 8520 7198 lzc_rollback_to should support rolling back to origin
  • MFC r329717: MFV r329715: 8997 ztest assertion failure in zil_lwb_write_issue
  • MFC r330057: add ZFS_ENTER protection to .zfs/snapshot vnode operations that need it
  • MFC r329823: another rework of getzfsvfs / getzfsvfs_impl code
  • MFC r329363: read-behind / read-ahead support for zfs_getpages()
  • MFC r330374: db_script_exec: use a saved script name when reporting commands executed
  • MFC r330592: MFV r330591: 8984 fix for 6764 breaks ACL inheritance
  • MFC r330793: fix r297857, do not modify CPU extension bits under virtual machines
  • MFC r330974: MFV r330973: 9164 assert: newds == os->os_dsl_dataset
  • MFC r327056: Use resume_cpus() instead of restart_cpus() to resume from ACPI suspension.


avos (1):

  • MFC r324673: mbuf(9): unbreak m_fragment()


brooks (9):

  • MFC r330527:
  • MFC r330409:
  • MFC r330819, r330885, r330934
  • MFC r330820:
  • MFC r330876, r330945
  • MFC r330949:
  • MFC r328522:
  • fea(4) was removed in HEAD with the removal of EISA support.
  • MFC r331830:


bryanv (2):

  • MFC r329598:
  • MFC r327958, r329601, r329602:


dab (4):

  • MFC r330034
  • MFC r330085:
  • MFC r330245:
  • MFC r331015:


delphij (1):

  • MFC r316339,317396,317829,326010,329554: less v530.


dim (5):

  • Repair obvious mismerge in r330897, resulting in misleading gcc error messages like "sys/net/if_fddisubr.c:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '-' token".
  • Revert r330471 (MFC of r311861), since it results in compile errors like:
  • Merge retpoline support from the upstream llvm, clang and lld 5.0 branches. Upstream merge revisions:
  • MFC r314568 (by emaste):
  • Merge clang, llvm, lld, lldb, compiler-rt and libc++ 6.0.0 release, and several follow-up fixes.


eadler (131):

  • Revert MFC of r330463 r330462 r330454 r330452 r330451:
  • MFC r302779,r302807:
  • MFC r327206:
  • MFC r326820:
  • MFC r318587:
  • MFC r326283:
  • MFC r309220:
  • MFC r313544:
  • MFC r303539:
  • MFC r303540:
  • MFC r323865:
  • MFC r326651:
  • MFC r327672:
  • MFC r326599:
  • MFC r316796:
  • MFC r316797:
  • Revert MFC of r323865
  • MFC r330572:
  • Revert r324434
  • MFC r320805:
  • MFC r304153:
  • MFC r304161:
  • MFC r304165,r304166:
  • MFC r304164:
  • MFC r304173,r304181,r304186:
  • MFC r304758:
  • MFC r304773,r304800:
  • MFC r304804:
  • Partial merge of the SPDX changes
  • MFC r305010:
  • MFC r305059:
  • MFC r305060:
  • MFC r305121,r305231:
  • MFC r314641,r314646,r314997,r315390:
  • MFC r315000:
  • MFC r315003,r315065,r315066:
  • MFC r315418,r315480,r316019:
  • MFC r317174:
  • MFC r315984:
  • MFC r316136:
  • MFC r316636,r316642,r316675,r316733,r316737,r316741,r316827,r316830,r316865,r316878:
  • MFC r330834:
  • MFC r322663:
  • MFC r302509:
  • MFC r302452:
  • MFC r302525,r302526:
  • MFC r302535:
  • MFC r329102:
  • MFC r327279,r327571:
  • MFC r327580,r327581:
  • MFC r302533:
  • MFC r303063,r311852,r311930,r317040,r320506,r321301,r325162,r326759,r329004,:
  • MFC r303036,r303038,r306822,r307923,:
  • MFC r302485,r303203,r303341,r304025,r306133,r306518,r308576,r308686,r309019,r309059,r310024,r311853,r312793,r313033,r313577,r313741,r314692,r317772,r317939,r319674,r319923,r321392,r322979,r323222,r323222,r323398,r323502,r323602,r323767,r323767,r323958,r325220,r326172,r326253,r330652,r330761,r330762,r330763,r330765,:
  • MFC r327474:
  • MFC r327514,r327521,r327614,r327615,r327616,r327623:
  • MFC r305139:
  • MFC r305857,r305858,r305859:
  • MFC r306135,r311859,r321763,r321764,r321766,r321767,r321768,r321769,r321771,r321774,r321776,r321783,r321784,r321785,r321786,r321787,r321788,r321789,r321793,r321796,r321797,r321801,r321802,r321804,r321814,r321817,r321818,r321834,r321835,r321853,r321857,r321860,r321866,r321885,r321886,r321889,r321890,r321892,r321893,r321897,r321939,r321966,r321974,r321982,r321989,r322035,r322093,r322108,r322314,r322330,r322335,r322350,r322353,r322365,r322416,r322471,r322484,r322638,r322649,r322881,r322886,r323972,r330768,:
  • MFC r324441:
  • MFC r305373,r312344,r318095,r319117,r320948,r320953,r328528:
  • MFC r311106,r311109,r311110,r320579,r327063,r327064,:
  • MFC r303041,r303320,r305905,r310087,r310346,r319368,r321879,r321923,r321979,r327554,r329124,r329210,:
  • MFC r327344:
  • MFC r330940:
  • MFC r326959:
  • MFC r328427:
  • MFC r328428:
  • MFC r328430,r328431:
  • MFC r328959:
  • MFC r328839:
  • MFC r328831:
  • MFC r327941:
  • MFC r326387:
  • MFC r317870:
  • MFC r328509:
  • MFC r330843:
  • MFC r303452,r303482,r303483,r303484,r303485,r303487,r303489,r303498,r303499,r303502,r303523,r303525,r303570,r303571,r303588,r303596,r303597,r303598,r303599,r303600,r303601,r303625,r303629,r303718,r304651,r304684,r304686,r305983,r309217,r309219,r309341,r309342,r309343,r309382,r309415,r309417,r309418,r309419,r310863,r311141,r314613,r318471,r321382,r321383,r321396:
  • MFC r319274:
  • MFC r315190:
  • MFC r325215,r325216:
  • MFC r314955:
  • MFC r303150:
  • MFC r328525:
  • MFC r326601:
  • MFC r323135:
  • MFC r322991:
  • MFC r314052:
  • MFC r304725:
  • MFC r317570:
  • MFC r317798:
  • MFC r325091:
  • MFC r303412:
  • MFC r320210:
  • MFC r326913:
  • MFC r314622:
  • MFC r326482:
  • MFC r303812:
  • MFC r326249:
  • MFC r328636:
  • MFC r328638:
  • MFC r328640:
  • MFC r312887:
  • MFC r328785:
  • MFC r328586:
  • MFC r328162:
  • MFC r328262:
  • MFC r313264:
  • MFC r305306:
  • MFC r328300:
  • MFC r327184:
  • MFC r316422:
  • MFC r326859:
  • MFC r326437:
  • MFC r326356:
  • MFC r326183:
  • MFC r325113:
  • MFC r325112:
  • MFC r313818:
  • MFC r315986:
  • MFC r320992,r320993:
  • MFC r322013:
  • MFC r320268,r320276:
  • MFC r320178:
  • MFC r322674:
  • MFC r324806:
  • MFC r324858:
  • MFC r324860:
  • MFC: r331285
  • MFC: r331533
  • Revert r330897:


emaste (29):

  • MFC r322277 by jlh:
  • MFC r322552 by jhb: Unconditionally install rwhod support scripts.
  • MFC r330613: Disable LLD_BOOTSTRAP under WITHOUT_CROSS_COMPILER
  • MFC r330667: asmc: update temperature sensor name/description
  • MFC r329370, r330239: Rationalize license text on Linuxolator files
  • MFC r328395: Install uefi.8 also on arm64
  • MFC r319510: xz: set noexec stack flag on FreeBSD
  • Fix kernel memory disclosure in svr4_sys_getdents64
  • MFC r330668: bktr: correct Japan IF frequency
  • MFC r325047: dma: fix use-after-free
  • MFC r331339: Correct signedness bug in drm_modeset_ctl
  • MFC r331333: Fix kernel memory disclosure in drm_infobufs
  • MFC r331234: Rationalize license text on Linuxolator files
  • MFC r331329: Fix kernel memory disclosure in ibcs2_getdents
  • MFC Capsicum open(2) and openat(2) documentation
  • MFC r324560: allow posix_fallocate in capability mode
  • Regen *sysent.c after r331679 - posix_fallocate in capability mode
  • MFC r325422: posix_fallocate.2: add an EINVAL errno case
  • MFC r323623: rename(2): document capability mode errors
  • MFC r315522: use INT3 instead of NOP for x86 binary padding
  • MFC r324707: embed_mfs: add error handling, usage
  • MFC r326992: embed_mfs: support embedding mfs into loader
  • MFC kernel build-id support
  • MFC r321417: enable filter lib linker feature flag for lld 5.0+
  • MFC r329373: Correct module symbol export handling
  • MFC r320695 (bdrewery): Fix out-of-tree kernel builds
  • MFC r331426: Rationalize license text on Linuxolator files
  • MFC r331433: linuxkpi whitespace cleanup
  • MFC r321587: cc_cubic: restore braces around if-condition block


eugen (3):

  • MFC r329105: ppp(8): fix code producing debugging logs
  • MFC r329279: add support for user-supplied Host-Uniq tag to ng_pppoe(4).
  • MFC r331630: Fix instructions in the zfsboot manual page.


garga (1):

  • MFC r322281:


gjb (8):

  • Document EN-18:01, EN-18:02, SA-18:01, SA-18:02.
  • Document SA-18:03.speculative_execution.
  • MFC r322794: Use py-google-compute-engine instead for releasing Google Compute Engine (GCE) images with an updated version of Google's tools.
  • MFC r331364: Remove google_accounts_manager from VM_RC_LIST in the GCE configuration file, no longer needed.
  • MFC r331559: Escape trailing newlines in a long variable list for consistency.
  • MFC r331562 (manu): release: arm: Copy boot.scr from ports
  • MFC r331696, r331697:
  • MFC r331806: Add logic for "families" for GCE images.


gonzo (18):

  • MFC r316370-r316371
  • Fix VERSATILEPB boot after r331402
  • MFC r329832, r329926
  • MFC r330309:
  • MFC r330558:
  • MFC r303100 by andrew:
  • MFC r308533 by andrew:
  • MFC r302498 by andrew:
  • MFC r303035 by markm:
  • MFC r305094, r305096-r305097
  • MFC r304488, r304623
  • MFC r306263, r306268
  • MFC r306436-r306437, r306489, r306491
  • MFC r314672, r315967, r324184, r325768
  • MFC r325048:
  • MFC r330727 (without optional dts part):
  • MFC r307943-r307944, r308698
  • MFC r312378 by andrew:


gordon (1):

  • MFC r331981:


hselasky (101):

  • MFC r330272: Implement wait_on_bit() function macro in the LinuxKPI.
  • MFC r330273: Implement ktime_get_raw() function in the LinuxKPI.
  • MFC r330274: Implement more lockdep stubs in the LinuxKPI.
  • MFC r330349 and r330362: Allow pause_sbt() to catch signals during sleep by passing C_CATCH flag. Define pause_sig() function macro helper similarly to other kernel functions which catch signals. Update outdated function description.
  • MFC r330352 and r330353: Implement msleep_interruptible() in the LinuxKPI. While at it use pause_sbt() instead of pause() in the msleep() function to avoid rounding errors when converting delay values forth and back. Add a guard for a delay value of zero milliseconds which is undefined.
  • MFC r330344: Correct the return code from pause() during cold startup from zero to EWOULDBLOCK. This also matches the description in pause(9).
  • MFC r330387 and r330396: Rename the SLAB_DESTROY_BY_RCU flag into SLAB_TYPESAFE_BY_RCU in the LinuxKPI to be compatible with Linux.
  • MFC r330388: Implement GENMASK_ULL() function macro in the LinuxKPI.
  • MFC r330389: Implement for_each_clear_bit() function macro in the LinuxKPI.
  • MFC r330390: Define noinline and __maybe_unused macros in the LinuxKPI.
  • MFC r330391: Implement writel_relaxed() in the LinuxKPI.
  • MFC r330392 and r330408: Implement BUILD_BUG() function macro in the LinuxKPI.
  • MFC r330393: Implement __MODULE_STRING() function macro in the LinuxKPI.
  • MFC r330394: Implement pr_err_ratelimited() function macro in the LinuxKPI.
  • MFC r330395: Implement DEFINE_WAIT_FUNC() function macro and default_wake_function() in the LinuxKPI.
  • MFC r330398: Implement wait_event_lock_irq() macro function in the LinuxKPI.
  • MFC r330399: Stub kernel_param_lock() and kernel_param_unlock() in the LinuxKPI.
  • MFC r330689: Implement proper support for complete_all() in the LinuxKPI.
  • MFC r330271: Rename callout member in struct timer_list to match the one in struct delayed_work in the LinuxKPI. This allows the timer_pending() function macro to be used with delayed work structures.
  • MFC r325659: Add support for disabling and enabling RX and TX DMA rings in mlx5en(4). This is useful for supporting setups similar to Netmap.
  • MFC r325660: Add support for configuring local multicast and unicast data traffic loopback in mlx5en(4) driver via the sysctl interface.
  • MFC r325661: Expose the current hardware MTU in mlx5en(4) as a separate entry in the sysctl tree.
  • MFC r330598: Use a macro in mlx5_command_str() instead of copying OP name.
  • MFC r330599: Fix potential deadlock in command mode change in mlx5core.
  • MFC r330600: Add timeout handle to commands with callback in mlx5core.
  • MFC r330603: Make sure default VNET is set when adding a new interface in mlx5core.
  • MFC r330604: Add log message for unsupported QSFPs in mlx5core.
  • MFC r330606: Implement support for querying the current port rate in mlx5core. The mlx5ib(4) part will be merged separately.
  • MFC r330607: Implement rate limit per traffic class in mlx5core.
  • MFC r330608: Implement priority to traffic class mapping in mlx5core.
  • MFC r330644 and r330714: Updates for PCI and health monitor recovery in mlx5core. This patch accumulates the following Linux commits:
  • MFC r330645: Avoid calling sleeping function from the health poll thread in mlx5core.
  • MFC r330646: Fix race between PCI error handlers and health work in mlx5core.
  • MFC r330649: Add support for per priority flow control, PFC, to mlx5en(4).
  • MFC r330650: Use device_printf() instead of printf() when printing warnings and errors to dmesg(8) in mlx5core.
  • MFC r330651: Add vendor specific capability interface support in mlx5core.
  • MFC r330653: Add kernel and userspace code to dump the firmware state of supported ConnectX-4/5 devices in mlx5core.
  • MFC r330656: Use the device unit number for naming the ifnet interface in mlx5en(4).
  • MFC r330657: Use vport rather than physical-port MTU in mlx5en(4).
  • MFC r330658: Fix mlx5en(4) driver to properly call m_defrag().
  • MFC r330659: Avoid more LFENCE/SFENCe on x86 in mlx5en(4), by using the FreeBSD native fences.
  • MFC r330660: Add call to setup firmware data dump structure during device load in mlx5core.
  • MFC r330670: Make mlx5 compilable on ILP32 arches.
  • MFC r330654: Check that the address is specified in mlx5tool(8).
  • Fix buildworld after r331586 by adapting the installation of dev/mlx5/mlx5io.h to the build system in FreeBSD 11-stable.
  • MFC r303505, r303506, r303512, r303513, r303646, r320418, r323082, r326169, r326563, r326649, r326716, r326764, r326765 and r329222:
  • MFC r331419: Allow the libusb20_dev_get_port_path() function to be called when the USB device is closed. This fixes a compatibility issue with upstream libusb.
  • MFC r330490: Add missing FreeBSD tags and SVN properties to ibcore.
  • MFC r330491: Do not add RoCEv2 default GID in ibcore when IPv6 is disabled to honor the networking stack's IPv6 disabled setting. Else the offload HCA can start using IPv6 packets for QPs.
  • MFC r330492: Add support for IPv6 link local GIDs equal to the default GID for VLANs in ibcore.
  • MFC r330493: Make deletion of RoCE GID entries synchronous in ibcore.
  • MFC r330494: Select RoCEv2 by default in ibcore.
  • MFC r330495: Map type of service, TOS, to IB or VLAN service level 1:1 in ibcore.
  • MFC r330496: Need to check for IPv6 linklocal address inside rdma_resolve_addr() in ibcore.
  • MFC r330501: Make sure to register the VLAN GIDs using the VLAN network interface and not the parent one in ibcore. Else looking up the VLAN GIDs will fail for VLAN IPs.
  • MFC r330504: Add support for loopback in ibcore.
  • MFC r330506: Pass valid if_index to rdma_addr_find_l2_eth_by_grh() in ibcore when possible.
  • MFC r330507: Get correct network device when accepting incoming RDMA connections in ibcore.
  • MFC r330508: Optimize ibcore RoCE address handle creation from user-space.
  • MFC r330579: Fix for use-after-free when using delayed work structures in ibcore.
  • MFC r330580: Make sure the IPv6 scope ID gets properly masked in ibcore.
  • MFC r330581: Add IB_SPEED_HDR definition in ibcore.
  • MFC r330583: Embed the IPv6 scope ID before calling rtalloc1() in ibcore. Else rtalloc1() will resolve to the loopback interface.
  • MFC r330584: Recover IPv6 scope ID for multicast link-local addresses as well as unicast link-local addresses.
  • MFC r330585: Define values instead of using hardcoding.
  • MFC r330586: Make sure VNET is set when calling sa6_recoverscope() in ibcore.
  • MFC r330594: Disable unsupported disassociate ucontext functionality in mlx4ib(4).
  • MFC r330595: The mlx4ib(4) should not be loaded before the ibcore is initialized.
  • MFC r330596: Bump version information in mlx4ib(4).
  • MFC r330597: Disable unsupported disassociate ucontext functionality in mlx5ib(4).
  • MFC r330662: Set correct SL in completion for RoCE in mlx5ib(4).
  • MFC r330944: Fix compliancy of the kstrtoXXX() functions in the LinuxKPI, by skipping one newline character at the end, if any.
  • MFC r331204: Remove redundant integer cast in ibcore. The "ref_count" field already has integer type.
  • MFC r331355: Clear old MSIX IRQ numbers in the LinuxKPI.
  • MFC r331357: The pci_disable_device() function is also expected to clear the PCI busmaster. This fixes LinuxKPI compliancy with Linux.
  • MFC r331437: Create designated workqueue for each mlx5en(4) device instance.
  • MFC r331438: Exit krping on device removal to avoid endless hang situation.
  • MFC r330606: Implement missing query for current port rate in mlx5ib(4).
  • MFC r330647: Use the autogenerated interface file for all commands in mlx5core.
  • MFC r330648: Add support for explicit congestion notification, ECN, to mlx5ib(4).
  • MFC r331443: Improve support for health recovery in mlx5core.
  • MFC r331445: Add support for fast unload in shutdown flow in mlx5core.
  • MFC r331446: Cancel delayed recovery work when unloading the mlx5core driver.
  • MFC r331447: Hide verbose proclamation of error when forced in mlx5core.
  • MFC r331449: Handle software reset of firmware in error flow in mlx5core.
  • MFC r331451: Issue a software reset on firmware assert in mlx5core.
  • MFC r331452: Add mutual exclusion mechanism for software reset of firmware in mlx5core.
  • MFC r331453: Don't save PCI state when PCI error is detected in mlx5core.
  • MFC r331455: Fix incorrect page count when mlx5core is in internal error.
  • MFC r331456: Don't wait for completions when a mlx5en(4) device is in internal error state.
  • MFC r331531: Remove redundant prototype to fix compilation with GCC.
  • MFC r331819: Add missing newline character in print in mlx5core.
  • MFC r331820: Properly check if crspace is supported in mlx5core.
  • MFC r331821: Prepare for FW dump in error state in mlx5core.
  • MFC r331822: Reorganize health recovery in mlx5core.
  • MFC r331823: Collect firmware dump when mlx5core is in device error state.
  • MFC r331824: Make sure Giant is locked when allocating bus resources in mlx5core.
  • MFC r331825: Fix for use after free in mlx5core.
  • MFC r331826: Bump mlx5core driver version.
  • MFC r331827: Remove unused structure field in mlx5core.
  • MFC r330655: Remove duplicate prototypes.


ian (25):

  • MFC r330745:
  • MFC r306657, r306673, r306726, r307737, r309366, r310135, r323990, r324414
  • MFC r307656, r307659, r307674-r307675, r307679, r307683
  • MFC r315051, r315101, r315103, r315107, r315180, r315197, r315293, r315319, r315590, r315649, r315726, r315743, r315746-r315747, r315779, r315985, r316002, r316639, r316959, r317187, r317194, r317205-r317207, r317381, r319489, r319847, r321076-r321079, r321227, r326822
  • To fix the powerpc build, back out r331184, which was this mfc:
  • MFC r324186:
  • MFC r327756-r327758
  • MFC r306288, r314936, r325527, r327971, r328005, r328039, r328068-r328069, r328301-r328303
  • MFC r328307, r328311-r328312
  • MFC r328345, r328349, r328405, r328407, r328442
  • MFC r329125-r329126
  • MFC r329479-r329480, r329483, r329506-r329507, r329526, r329529, r329536, r329541, r329730, r329841, r329988, r330397
  • MFC r329534-r329535
  • MFC r325233, r328956, r329170, r329172-r329173, r329224, r330403-r330407, r330411-r330412, r330416, r330430-r330431, r330433, r330528-r330529, r330767
  • MFC r329537:
  • MFC r329642:
  • MFC r310017, r310229, r312289, r327260, r329539, r329544-r329546, r329620, r329729, r329911, r329999
  • MFC r330361:
  • MFC r330385:
  • MFC r330437-r330438, r330440, r331045
  • MFC r330050:
  • MFC r330773, r330778, r330782, r330797
  • MFC r331068:
  • MFC r331123, r331126, r331129, r331132, r331136, r331138-r331139, r331141
  • MFC r329989, r330044


imp (2):

  • Direct commit to stable
  • MFC: r331140


jhb (8):

  • MFC 328102: Save and restore guest debug registers.
  • MFC 328158,330708: Update kgdb for PTI.
  • MFC 328909: Always give ELF brands a chance to veto a match.
  • MFC 330872: Add a "jail" keyword to list the name of a jail rather than its ID.
  • MFC 330711: Permit sysctl(8) to set an array of numeric values for a single node.
  • MFC 329785: Move DDP PCB state into a helper structure.
  • MFC 318387: Add support for child devices that aren't ports.
  • MFC 331248: Set the proper vnet in IPsec callback functions.


jkim (1):

  • MFC: r331627


ken (1):

  • MFC r331422:


kevans (26):

  • MFC r329339: libsa: Consolidate tftp sendrecv into net.c sendrecv
  • MFC r317191, r317195: Don't ignore "disabled" CPUs
  • MFC r322287 (mw): Add support for "compatible" parameter in ofw_fdt_fixup
  • MFC r322289: Enable uing ofw_bus_find_compatible in early platform code
  • MFC r322359: Enable OF_setprop API function to add property in FDT
  • MFC r326204: Do not bind to CPUs with SMT
  • MFC r326310: Back out OF module installation in the event of failure.
  • MFC r327391: Avoid use of the fdt_get_property_*() API
  • MFC r329579: Set internal error returns [of some OF functions] to 0
  • MFC r330019: ofw_fdt: Simplify parts with new libfdt methods
  • MFC r317055,r317056 (glebius): Include sys/vmmeter.h as included
  • MFC r322278,324177: EFIRT Improvements
  • r322279: Don't create /dev/efi without EFI runtime
  • MFC r324495: Support the EFI Runtime Services on arm64. As with amd64 we use the 1:1 mapping. This uses the new common code shared with amd64.
  • Revert r331022: MFC of EFI Runtime Service support on aarch64
  • MFC (partially) r326066, r326121: Add an EFI RTC Driver
  • MFC r324191: Hide kernel stuff from userspace.
  • MFC r330257: Add a function to retrieve the EFI realtime clock capabilities.
  • MFC r330612: stand/ficl: Fix testmain
  • MFC r330023, r330028: Add MAXWAIT for configuring pxeboot timeout
  • MFC r330891: ubldr: Bump heap size from 512K to 1M
  • MFC r330929: pkgbase: Fix post-install script for kernel packages
  • MFC r331416, r331440: Loader consoles: Implement SGR 22, reste intensity
  • MFC r330115: Add missing WITH_BSD_GREP_FASTMATCH description
  • MFC r331475: loader consoles: Implement SGR 24, 25
  • MFC r328331: Support configuring arbitrary limits(1) for any rc.conf daemon


kib (14):

  • MFC r330285: Remove _Nonnull attributes from user addresses arguments for copyout(9) family.
  • MFC r328087 (by fabient): Fix pmcstat exit from kernel introduced by r325275.
  • MFC r331431: Update comment to match current field names.
  • MFC r331247: Check for wrap-around in vm_phys_alloc_seg_contig().
  • MFC r331374: Fixes for ptrace(PT_GETXSTATE_INFO) related to the padding in struct ptrace_xstate_info).
  • MFC r331375: Do not send signals to init directly from shutdown_nice(9), do it from the task context.
  • MFC r320872: Create libdl.so.1 as a filter for libc.so.7 which exports public dl* functions.
  • MFC r331432: There is no need to disable interrupts around npxsave call.
  • MFC r331486: Improve the lcall $7,$0 syscall emulation on amd64.
  • MFC r331487: In vn_io_fault1(), reduce the scope where pagefaults are disabled.
  • MFC r331489: For vm_zone_stats() sysctl handler, do not drain sbuf calling copyout(9) while owning zone lock.
  • MFC r331490: Account the size of the vslock-ed memory by the thread.
  • MFC r331557: Allow to specify for vm_fault_quick_hold_pages() that nofault mode should be honored.
  • MFC r331640: Fix several leaks of kernel stack data through paddings.


kp (3):

  • MFC r329950:
  • MFC r330108:
  • MFC 330105:


lidl (2):

  • MFC r328861: improve blacklist-helper shell script
  • Revert attempted MFC. It included unwanted changes.


marius (6):

  • MFC: 327314
  • MFC: r327315
  • MFC: r327339, r327924
  • MFC: r327355, r327926
  • MFC: r327929
  • MFC: r328834


markj (12):

  • MFC r331016: Add a space between a section number and a following comma.
  • MFC r331425: Correct a couple of assertion messages in vm_page_reclaim_run().
  • MFC r331222: Given hidden visibility to symbols referenced by the DOF section.
  • MFC r331128: Have vm_page_replace() assert that the new page is not enqueued.
  • MFC r331134: Fix an access of an uninitialized variable in dtrace_probe().
  • MFC r331135: Use __syscall(2) rather than syscall(2) in syscall/tst.args.c.
  • MFC r331260: Remove a lingering inaccuracy from mlock.2.
  • Revert r331551. It is causing perl and tcl port build failures.
  • MFC r331536: Use LIST_FOREACH_SAFE in sleepq_chains_remove_matching().
  • MFC r331538: Clamp IFLIB_RX_COPY_THRESH to MHLEN in iflib_rxd_pkt_get().
  • MFC r317567 (by cem): x86 MCA: Fix a deadlock in MCA exception processing
  • MFC r324102 (by cem): netsmb: Fix buggy/racy smb_strdupin()


mav (26):

  • MFC r328521 (by imp): Use atomic load and stores to ensure that the compiler doesn't optimize away these loops. Change boolean to int to match what atomic API supplies. Remove wmb() since the atomic_store_rel() on status.done ensure the prior writes to status. It also fixes the fact that there wasn't a rmb() before reading done. This should also be more efficient since wmb() is fairly heavy weight.
  • MFC r330048: Add sysctls/tunables for dbuf cache size.
  • MFC r330121: Add support for Enhanced Gen 5 (16Gb) and Gen 6 (32Gb) QLogic FC HBAs.
  • MFC r330963: Increase ABOUT FIRMWARE command timeout to 5s.
  • MFC r329505: MFV r323911: 8502 illumos#7955 broke delegated datasets when libshare is not present
  • MFC r329508: MFV r324198: 8081 Compiler warnings in zdb
  • MFC r329623: MFV r302649: 7016 arc_available_memory is not 32-bit safe
  • MFC r329625: MFV r307315: 7301 zpool export -f should be able to interrupt file freeing
  • MFC r329628: MFC r316910: 7812 Remove gender specific language
  • MFC r329657 (by asomers): Fix memory leaks in zdb introduced by r329508
  • MFC r329658: MFV r316872: 7502 ztest should run zdb with -G (debug mode)
  • MFC r329659: MFV r316873: 7233 dir_is_empty should open directory with CLOEXEC
  • MFC r329661: MFV r316875: 7336 vfork and O_CLOEXEC causes zfs_mount EBUSY
  • MFC r329663: MFV r316876: 7542 zfs_unmount failed with EZFS_UNSHARENFSFAILED
  • MFC r329664: MFV r316893: 7604 if volblocksize property is the default, it displays as "-" rather than 8K
  • MFC r329665: MFV r316901: 7730 libzfs`add_config() leaks config nvl when reading spare/l2cache devices
  • MFC r329667: MFV r316902: 7745 print error if lzc_* is called before libzfs_core_init
  • MFC r329668: MFV r316918: 7990 libzfs: snapspec_cb() does not need to call zfs_strdup()
  • MFC r329681: MFV r318941: 7446 zpool create should support efi system partition
  • MFC r329683: MFV r319736: 6396 remove SVM
  • MFC r329690: MFV r319737: 6939 add sysevents to zfs core for commands
  • MFC r329691: MFV r322231: 8430 dir_is_empty_readdir() doesn't properly handle error from fdopendir()
  • MFC r329694: MFV r324198: 8081 Compiler warnings in zdb
  • MFC r329738: MFV r329736: 8969 Cannot boot from RAIDZ with parity > 1
  • MFC r330292: Update QLogic ISP 24xx/25xx chips firmware to 8.07.00.
  • MFC r331228: Update mpr(4) driver from v15 to v18 from Broadcom site.


mjoras (1):

  • MFC r325621, r325622, r331227


mmel (6):

  • MFC r319896,r320054:
  • MFC r309531,r309553,r309604:
  • MFC r327827:
  • MFC r330073:
  • MFC r330074:
  • MFC r328467:


np (1):

  • MFC r322659 (by glebius): Fix cut and paste typo that prevented T5 firmware to be compiled in.


philip (1):

  • MFC r331481: Import tzdata 2018d


rgrimes (1):

  • MFC: r331664


rpokala (2):

  • MFC r330304: imcsmb(4): Intel integrated Memory Controller (iMC) SMBus controller driver
  • MFC 331345:


sbruno (1):

  • MFC r330675


sevan (4):

  • MFC r331274
  • MFC 321881
  • MFC r316464
  • MFC r322665


sjg (1):

  • MFC bmake-20180222


smh (4):

  • MFC r330950:
  • MFC r330951:
  • MFC r328321:
  • MFC r320138:


tijl (1):

  • MFC r314624:


truckman (1):

  • MFC r329844 MFC r329875 (by kib)


tychon (1):

  • MFC r328011,329162


ume (1):

  • MFC r330681: Fix Bad file descriptor error.

Uploads: