8babb558 mhorne Oct. 7, 2021, 9:12 p.m.
There are two issues with the checks against VM_MAXUSER_ADDRESS. First,
the comparison should consider the values as unsigned, otherwise
addresses with the high bit set will fail to branch. Second, the value
of VM_MAXUSER_ADDRESS is, by convention, one larger than the maximum
mappable user address and invalid itself. Thus, use the bgeu instruction
for these comparisons.

Add a regression test case for copyin(9).

PR:		257193
Reported by:	Robert Morris <rtm@lcs.mit.edu>
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D31209
4a9f2f8b mhorne Oct. 7, 2021, 9:12 p.m.
When handling a kernel page fault, check explicitly that stval resides
in either the user or kernel address spaces, and make the page fault
fatal if not. Otherwise, a properly crafted address may appear to
pmap_fault() as a valid and present page in the kernel map, causing the
page fault to be retried continuously. This is mainly due to the fact
that the upper bits of virtual addresses are not validated by most of
the pmap code.

Faults of this nature should only occur due to some kind of bug in the
kernel, but it is best to handle them gracefully when they do.

Handle user page faults in the same way, sending a SIGSEGV immediately
when a malformed address is encountered.

Add an assertion to pmap_l1(), which should help catch other bugs of
this kind that make it this far.

Reviewed by:	jrtc27, markj
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D31208
76c2e71c kp Oct. 7, 2021, 5:50 p.m.
The 'match' field is only used in the userspace version of the struct

MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
90dedf0f kp Oct. 7, 2021, 5:50 p.m.
MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
824bbb9a oshogbo Oct. 7, 2021, 3:07 p.m.
Obtained from:	OpenBSD
MFC after:	1 week
67bceb38 rew Oct. 7, 2021, 5:56 a.m.
Recognize the '-o' option when processing command line arguments.

Fixes:  9c10d00bf8cd ("i2c(8): Add interpreted mode for batch/scripted...")
PR:     258572
4d7876aa kevans Oct. 7, 2021, 3:03 a.m.
This mirrors the SUBDIR_DEPEND in lib/ncurses/Makefile.

Reported by:	jenkins (e.g., riscv64 build #23984)
Fixes:	396851c20aeb ("ncurses: split libtinfo from libncurses")
3f66b96d kbowling Oct. 7, 2021, 1:45 a.m.
Leftovers from DPDK sync

Reviewed by:	grehan
Obtained from:	DPDK
MFC after:	5 days
Differential Revision:	https://reviews.freebsd.org/D31621
224a95f1 emaste Oct. 7, 2021, 1:40 a.m.
Cherry-picked from libfido2 upstream f20a735c0a6f:

iso7816: Avoid storing pointers in a packed structure

On CHERI, and thus Arm's experimental Morello prototype architecture,
pointers are represented as capabilities, which are unforgeable bounded
pointers, providing always-on fine-grained spatial memory safety. The
unforgeability is enforced through the use of tagged memory, with one
validity tag bit per capability-sized-and-aligned word in memory. This
means that storing a pointer to an unaligned location, which is not
guaranteed to work per the C standard, either traps or results in the
capability losing its tag (and thus never being dereferenceable again),
depending on how exactly the store is done (specifically, whether a
capability store or memcpy is used).

However, iso7816 itself does not need to be packed, and doing so likely
causes inefficiencies on existing architectures. The iso7816_header_t
member is packed, and the flexible payload array is a uint8_t (which by
definition has no padding bits and is exactly 8 bits in size and, since
CHAR_BITS must be at least 8, its existence implies that it has the same
representation as unsigned char, and that it has size and alignment 1)
so there will never be any padding inserted between header and payload
(but payload may overlap with padding at the end of the struct due to
how flexible arrays work, which means we need to be careful about our

Co-authored-by: pedro martelletto <pedro@yubico.com>
0afa8e06 emaste Oct. 7, 2021, 1:29 a.m.
git-subtree-dir: contrib/libfido2
git-subtree-mainline: d586c978b9b4216869e589daa5bbcc33225a0e35
git-subtree-split: a58dee945a5da64d0e97f35a508928e0d17c9cc7
d586c978 kevans Oct. 7, 2021, 1:23 a.m.
Pass the ivlen along through, and just drop this KASSERT() if we're
building _STANDALONE for the time being.

Fixes:	1833d6042c9a ("crypto: Permit variable-sized IVs ...")
10ff414c emaste Oct. 7, 2021, 12:26 a.m.
git-subtree-dir: contrib/libcbor
git-subtree-mainline: 293663f4da9e8b8aeb106ce3b73a8ed2aa2a8a90
git-subtree-split: 5b2defbd2a1aa991bd0a2855eef8e15107572747
293663f4 kbowling Oct. 6, 2021, 11:25 p.m.
This is useful for diagnosing problems. In particular, the errata
sheets identify the EEPROM version for many fixes.

Reviewed by:	gallatin
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D32333
9b3e252e kbowling Oct. 6, 2021, 11:20 p.m.
Otherwise results in KASSERT with debug kernels because we rely on the
iflib CTX lock to implement the software serialization to the NVM model

Reviewed by:	gallatin
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D32333
a30efc5c se Oct. 6, 2021, 9:30 p.m.
Merge commit '6f49f5cdde1c62c4e5a743e895f3afe592b5c0e5'