MFC Tracker

02af91c5	arichardson	Feb. 17, 2021, 9:54 a.m.	Fix crossbuild bootstrap tools build with Clang 12 Clang 12 no longer allows re-defining a weak symbol as non-weak. This happed here because we compile err.c with _err defined to err. To fix this, use the same approach as the libc namespace.h cgit
8a439f32	kp	Feb. 17, 2021, 8:15 a.m.	pf: Remove unused return value from (de)hook_pf() These functions always return 0, which is good, because the code calling them doesn't handle this error gracefully. As the functions always succeed remove their return value, and the code handling their errors (because it was never executed anyway). MFC after: 1 week Sponsored by: Rubicon Communications, LLC (“Netgate”’) cgit
6b7e592c	jkim	Feb. 17, 2021, 7:22 a.m.	lex: Do not let input() return 0 when end-of-file is reached Importing flex 2.6.4 has introduced a regression: input() now returns 0 instead of EOF to indicate that the end of input was reached, just like traditional AT&T and POSIX lex. Note the behavior contradicts flex(1). See "INCOMPATIBILITIES WITH LEX AND POSIX" section for information. This incompatibility traces back to the original version and documented in its manual page by the Vern Paxson. Apparently, it has been reported in a few places, e.g., https://github.com/westes/flex/issues/448 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911415 Unfortunately, this also breaks the scanner used by libdtrace and dtrace is unable to resolve some probe argument types as a result. See PR253440 for more information. Note the regression was introduced by the following upstream commit without any explanation or documentation change: https://github.com/westes/flex/commit/f863c9490e6912ffcaeb12965fb3a567a10745ff Now we restore the traditional flex behavior unless lex-compatibility mode is set with "-l" option because I believe the author originally wanted to make it more lex and POSIX compatible. PR: 253440 Reported by: markj cgit
3396647c	jkim	Feb. 17, 2021, 5:35 a.m.	OpenSSL: Regen assembly files for OpenSSL 1.1.1j cgit
b8408160	jkim	Feb. 17, 2021, 3:53 a.m.	OpenSSL: Remove obsolete include directory This directory was deprecated since OpenSSL 1.1.1e. https://github.com/openssl/openssl/pull/9681 cgit
294e62be	mav	Feb. 17, 2021, 2:15 a.m.	cxgbe(4): Save proper zone index on low memory in refill_fl(). When refill_fl() fails to allocate large (9/16KB) mbuf cluster, it falls back to safe (4KB) ones. But it still saved into sd->zidx the original fl->zidx instead of fl->safe_zidx. It caused problems with the later use of that cluster, including memory and/or data corruption. While there, make refill_fl() to use the safe zone for all following clusters for the call, since it is unlikely that large succeed. MFC after: 3 days Sponsored by: iXsystems, Inc. Reviewed by: np, jhb Differential Revision: https://reviews.freebsd.org/D28716 cgit
aa5fef60	markj	Feb. 16, 2021, 10:07 p.m.	linux: Update the i386/linux vdso deinitialization routine This was missed in commit 0fc8a796722 ("linux: Unmap the VDSO page when unloading"). Reported by: Mark Millard MFC with: 0fc8a796722 cgit
e25db73f	jkim	Feb. 16, 2021, 10:05 p.m.	OpenSSL: Regen manual pages for OpenSSL 1.1.1j. cgit
88e852c0	jkim	Feb. 16, 2021, 10 p.m.	OpenSSL: Merge OpenSSL 1.1.1j Merge commit '4f55bd5321b72491d4eff396e4928e9ab0706735' cgit
a4513bac	melifaro	Feb. 16, 2021, 9:49 p.m.	Fix NOINET6 build broken by 2fe5a79425c7. Reported by: mjg cgit
2fe5a794	melifaro	Feb. 16, 2021, 8:30 p.m.	Fix dst/netmask handling in routing socket code. Traditionally routing socket code did almost zero checks on the input message except for the most basic size checks. This resulted in the unclear KPI boundary for the routing system code (`rtrequest` and now `rib_action()`) w.r.t message validness. Multiple potential problems and nuances exists: Host bits in RTAX_DST sockaddr. Existing applications do send prefixes with hostbits uncleared. Even `route(8)` does this, as they hope the kernel would do the job of fixing it. Code inside `rib_action()` needs to handle it on its own (see `rt_maskedcopy()` ugly hack). * There are multiple way of adding the host route: it can be DST without netmask or DST with /32(/128) netmask. Also, RTF_HOST has to be set correspondingly. Currently, these 2 options create 2 DIFFERENT routes in the kernel. * no sockaddr length/content checking for the "secondary" fields exists: nothing stops rtsock application to send sockaddr_in with length of 25 (instead of 16). Kernel will accept it, install to RIB as is and propagate to all rtsock consumers, potentially triggering bugs in their code. Same goes for sin_port, sin_zero, etc. The goal of this change is to make rtsock verify all sockaddr and prefix consistency. Said differently, `rib_action()` or internals should NOT require to change any of the sockaddrs supplied by `rt_addrinfo` structure due to incorrectness. To be more specific, this change implements the following: * sockaddr cleanup/validation check is added immediately after getting sockaddrs from rtm. * Per-family dst/netmask checks clears host bits in dst and zeros all dst/netmask "secondary" fields. * The same netmask checking code converts /32(/128) netmasks to "host" route case (NULL netmask, RTF_HOST), removing the dualism. * Instead of allowing ANY "known" sockaddr families (0<..<AF_MAX), allow only actually supported ones (inet, inet6, link). * Automatically convert `sockaddr_sdl` (AF_LINK) gateways to `sockaddr_sdl_short`. Reported by: Guy Yur <guyyur at gmail.com> Reviewed By: donner Differential Revision: https://reviews.freebsd.org/D28668 MFC after: 3 days cgit
600eade2	melifaro	Feb. 16, 2021, 8:14 p.m.	Add ifa_try_ref() to simplify ifa handling inside epoch. More and more code migrates from lock-based protection to the NET_EPOCH umbrella. It requires some logic changes, including, notably, refcount handling. When we have an `ifa` pointer and we're running inside epoch we're guaranteed that this pointer will not be freed. However, the following case can still happen: * in thread 1 we drop to 0 refcount for ifa and schedule its deletion. * in thread 2 we use this ifa and reference it * destroy callout kicks in * unhappy user reports bug To address it, new `ifa_try_ref()` function is added, allowing to return failure when we try to reference `ifa` with 0 refcount. Additionally, existing `ifa_ref()` is enforced with `KASSERT` to provide cleaner error in such scenarious. Reviewed By: rstone, donner Differential Revision: https://reviews.freebsd.org/D28639 MFC after: 1 week cgit
9fdbf7ee	melifaro	Feb. 16, 2021, 8 p.m.	Make in_localip_more() fib-aware. It fixes loopback route installation for the interfaces in the different fibs using the same prefix. Reviewed By: donner PR: 189088 Differential Revision: https://reviews.freebsd.org/D28673 MFC after: 1 week cgit
cc7b7306	jamie	Feb. 16, 2021, 7:19 p.m.	jail: Handle a possible race between jail_remove(2) and fork(2) jail_remove(2) includes a loop that sends SIGKILL to all processes in a jail, but skips processes in PRS_NEW state. Thus it is possible the a process in mid-fork(2) during jail removal can survive the jail being removed. Add a prison flag PR_REMOVE, which is checked before the new process returns. If the jail is being removed, the process will then exit. Also check this flag in jail_attach(2) which has a similar issue. Reported by: trasz Approved by: kib MFC after: 3 days cgit
922cf8ac	allanjude	Feb. 16, 2021, 7:02 p.m.	Use iflib_if_init_locked() during media change instead of iflib_init_locked(). iflib_init_locked() assumes that iflib_stop() has been called, however, it is not called for media changes. iflib_if_init_locked() calls stop then init, so fixes the problem. PR: 253473 MFC after: 3 days Reviewed by: markj Sponsored by: Juniper Networks, Inc., Klara, Inc. Differential Revision: https://reviews.freebsd.org/D28667 cgit