600756af kib March 2, 2021, 6:16 p.m.
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D28907
2c26d77d nwhitehorn March 2, 2021, 4:49 p.m.
This had prevented the bootconfig step from determining if an ESP exists,
resulting in its unconditional setup. On BIOS-booted amd64, this wasn't
harmful, just unnecessary, but it resulted in failed installations on
non-EFI-supporting platforms like powerpc64.

MFC after:	3 days
955a3f9a arichardson March 2, 2021, 4:38 p.m.
This includes various fixes that I submitted recently such as updating the
pdkill() tests for the actual implemented behaviour
(https://github.com/google/capsicum-test/pull/53) and lots of changes to
avoid calling sleep() and replacing it with reliable synchronization
(pull requests 49,51,52,53,54). This should make the testsuite more reliable
when running on Jenkins. Additionally, process status is now retrieved using
libprocstat instead of running `ps` and parsing the output
(https://github.com/google/capsicum-test/pull/50). This fixes one previously
failing test and speeds up execution.

Overall, this update reduces the total runtime from ~60s to about 4-5 seconds.
c59f30a5 arichardson March 2, 2021, 4:22 p.m.
04019892 markj March 2, 2021, 3:21 p.m.
When searching for runs to reclaim, we need to ensure that the entire
run will be added to the buddy allocator as a single unit.  Otherwise,
it will not be visible to vm_phys_alloc_contig() as it is currently
implemented.  This is a problem for allocation requests that are not a
power of 2 in size, as with 9KB jumbo mbuf clusters.

Reported by:	alc
Reviewed by:	alc
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D28924
c883b6fd gjb March 2, 2021, 3:19 p.m.
MFC after:	3 days
MFC with:	80ab50e1de19, 0be274d37379
Sponsored by:	Rubicon Communications, LLC ("Netgate")
0be274d3 gjb March 2, 2021, 3:11 p.m.
In followup to 80ab50e1de19ca125f05a13937c796d48c4edd4a,
export UNAME_r in Makefile.inc1 instead of Makefile.vm.

MFC after:	3 days
MFC with:	80ab50e1de19
Sponsored by:	Rubicon Communications, LLC ("Netgate")
ee21ee15 freqlabs March 2, 2021, 12:26 p.m.
This PAM module allows unlocking encrypted user home datasets when
logging in (and changing passphrase when changing the account password),
see https://github.com/openzfs/zfs/pull/9903

Also supposed to unload the key when the last session for the user is
done, but there are EBUSY issues:

Submitted by:	Greg V <greg_unrelenting.technology>
Reviewed by:	mm
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D28018
99adf230 tuexen March 2, 2021, 11:32 a.m.
Obtained from:		rrs@
MFC after:		3 days
PR:			238741
Sponsored by:		Netlix, Inc.
a9f7eba9 ae March 2, 2021, 9:45 a.m.
MFC after:	1 week
Sponsored by:	Yandex LLC
43afeee2 philip March 2, 2021, 9:14 a.m.
The zero_region() kernel interface was previously undocumented.
Add a new zero_region(9) manual page to document it.

Submitted by:	Ka Ho Ng <khng@freebsdfoundation.org>
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D28914
95331c22 grehan March 2, 2021, 4:55 a.m.
Merge the following fixes from https://github.com/pfsense/FreeBSD-src
 1940e7d3  Save	address	of ingress packets to allow wg to work on HA
 8f5531f1  Fix connection to IPv6 endpoint
 825ed9ee  Fix tcpdump for wg IPv6 rx tunnel traffic
 2ec232d3  Fix issue with replying to INITIATION messages in server mode
 ec77593a  Return immediately in wg_init if in DETACH'd state
 0f0dde6f  Remove unnecessary wg debug printf on transmit
 2766dc94  Detect and fix case in wg_init() where sockets weren't cleaned up
 b62cc7ac  Close the UDP tunnel sockets when the interface has been stopped

Reviewed by:	kevans
Obtained from:	pfSense 2.5
MFC after:	3 days
Relnotes:	yes
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D28962
b85a67f5 mav March 2, 2021, 4:34 a.m.
Before m_cat() each time traversed through all the coalesced chain.

MFC after:	1 week
7f72497e emaste March 2, 2021, 2:09 a.m.
Parentheses added to HASZERO macro to avoid a GCC warning, and formatted
with clang-format as we have adopted these and don't consider them
'contrib' code.

Obtained from:	musl (snapshot at commit 4d0a82170a25)
Reviewed by:	kib (libc integration), mjg (both earlier)
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D17630
8742817b kib March 2, 2021, 12:19 a.m.
There are three issues with change that stopped truncating ea area before
write, and resulted in possible zero tail in the ea area:
- Truncate to zero checked i_ea_len after the reference was dropped,
  making the last drop effectively truncate to zero length always.
- Loop to fill uio for zeroing specified too large length, that triggered
  assert in normal situation.
- Integrity check could trip over the tail, instead we must allow
  partial header or header with zero length, and clamp ea image in
  memory at it.

Reported by:	arichardson
Tested by:	arichardson, pho
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
Fixup:	5e198e7646a27412c0541719f7bf1bbc0bd89223
Differential Revision:	https://reviews.freebsd.org/D28999