@opntr opntr released this Apr 4, 2018 · 1943 commits to hardened/11-stable/master since this release

Assets 2

Highlights:

  • Implement mitigation for Spectre version 2 attacks on ARMv7.
  • Limit glyph count in vtfont_load to avoid integer overflow. (5966c5f) [CVE-2018-6917 FreeBSD-SA-18:04.vt]
  • Fix several leaks of kernel stack data through paddings. (6cbc066 5a4de6e) [FreeBSD-SA-Candidate]
  • MFC r328331: Support configuring arbitrary limits(1) for any rc.conf daemon (0f80140)
  • MFC r324673: mbuf(9): unbreak m_fragment() (db82dd0)
  • LLVM 6.0 (6cd0d33) [SA-18:03.speculative_execution]
  • Add an option called "random" that combined with "ether" can generate a random MAC address for an Ethernet interface. (8d44e96)
  • HBSD MFC r330880: Don't overflow the kernel struct mdio in the MDIOCLIST ioctl. (880d7e9) [FreeBSD-SA-Candidate]
  • MFC r315522: use INT3 instead of NOP for x86 binary padding (71918e8)
  • MFC r324560: allow posix_fallocate in capability mode (232a059)
  • MFC: r331627 Merge OpenSSL 1.0.2o. (54f770b) [CVE-2018-0739 FreeBSD-SA-Candidate]
  • Reject CAMIOGET and CAMIOQUEUE ioctl's on pass(4) in 32-bit compat mode. (afaab4b)
  • MFC r331333: Fix kernel memory disclosure in drm_infobufs (cb7bbdc) [FreeBSD-SA-Candidate]
  • MFC r331339: Correct signedness bug in drm_modeset_ctl (54cecb6) [FreeBSD-SA-Candidate]
  • MFC r325047: dma: fix use-after-free (f4c0052) [FreeBSD-SA-Candidate]
  • MFC r330745: Make root mount timeout logic work for filesystems other than ufs
  • Fix information leak in geli(8) integrity mode (c9ede81) [FreeBSD-SA-Candidate]
  • MFC r330034 Fix a memory leak in syslogd
  • MFC 328102: Save and restore guest debug registers. (5a911c6) [FreeBSD-SA-Candidate]
  • EFI updates
  • I2C updates
  • LinuxKPI updates
  • Raspberry PI updates
  • ZFS updates
  • indent updates
  • less updates
  • makefs updates
  • mlx4 updates
  • mlx5 updates
  • pf updates
  • syscons updates

Changelog

Oliver Pinter (10):
      HBSD MFC r328011: Provide some mitigation against CVE-2017-5715 by clearing registers upon returning from the guest which aren't immediately clobbered by the host.  This eradicates any remaining guest contents limiting their usefulness in an exploit gadget.
      HBSD MFC r302595: Remove assumptions in MI code that the BSP is CPU 0.
      HBSD MFC r329162: Provide further mitigation against CVE-2017-5715 by flushing the return stack buffer (RSB) upon returning from the guest.
      HBSD MFC r331640: Fix several leaks of kernel stack data through paddings.
      HBSD MFC r330821: Use the stack for temporary storage in OTIOCCONS.
      HBSD MFC r330880: Don't overflow the kernel struct mdio in the MDIOCLIST ioctl.
      HBSD MFC r331008: Restore the behavior of returning the total number of units by unconditionally incrementing i in the loop;
      HBSD MFC r324393: reapply random(4): Add missing source descriptions
      HBSD MFC r324394: reapply random(4): Gather entropy from Pure sources
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master

Oliver Pinter + (71):
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
      Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master

Shawn Webb (15):
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: Resolve merge conflict
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: Resolve merge conflict
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: Resolve merge conflict
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: Resolve merge conflict
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: Resolve merge conflict
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      Merge remote-tracking branch 'origin/freebsd/11-stable/master' into hardened/11-stable/master
      HBSD: Resolve merge conflict

ae (7):
      MFC r330536:   Define ethernet type 0x88A8 as ETHERTYPE_QINQ.
      MFC r330537:   Add mapping for several ethernet types used by Linux to FreeBSD   ethernet types.
      MFC r330792:   Do not try to reassemble IPv6 fragments in "reass" rule.
      MFC r330771:   Remove obsoleted and unused key_sendup() function.   Also remove declaration for nonexistend key_usrreq() function.
      MFC r330779:   Rework key_sendup_mbuf() a bit:
      MFC r330781:   Update pfkey_open() function to set socket's write buffer size to   128k and receive buffer size to 2MB. In case if system has bigger   default values, do not lower them.
      MFC r331203:   Remove note that `fwd tablearg` is supported only by IPv4. IPv6 is   supported too.

araujo (2):
      MFC r329817:
      MFC r305860, r306371

asomers (8):
      MFC r323314, r323338, r328849
      MFC r329067:
      MFC r329108:
      MFC r329174:
      MFC r328896, r329236
      MFC r329265, r329384
      MFC r329273, r329275, r329277, r329284, r329344
      MFC r329412:

avg (12):
      MFC r330338: db_nextframe/amd64: catch up with r328083 to recognize fast_syscall_common
      MFC r329714: MFV r329713: 8731 ASSERT3U(nui64s, <=, UINT16_MAX) fails for large blocks
      MFC r329719: MFV r329718: 8520 7198 lzc_rollback_to should support rolling back to origin
      MFC r329717: MFV r329715: 8997 ztest assertion failure in zil_lwb_write_issue
      MFC r330057: add ZFS_ENTER protection to .zfs/snapshot vnode operations that need it
      MFC r329823: another rework of getzfsvfs / getzfsvfs_impl code
      MFC r329363: read-behind / read-ahead support for zfs_getpages()
      MFC r330374: db_script_exec: use a saved script name when reporting commands executed
      MFC r330592: MFV r330591: 8984 fix for 6764 breaks ACL inheritance
      MFC r330793: fix r297857, do not modify CPU extension bits under virtual machines
      MFC r330974: MFV r330973: 9164 assert: newds == os->os_dsl_dataset
      MFC r327056: Use resume_cpus() instead of restart_cpus() to resume from ACPI suspension.

avos (1):
      MFC r324673: mbuf(9): unbreak m_fragment()

brooks (9):
      MFC r330527:
      MFC r330409:
      MFC r330819, r330885, r330934
      MFC r330820:
      MFC r330876, r330945
      MFC r330949:
      MFC r328522:
      fea(4) was removed in HEAD with the removal of EISA support.
      MFC r331830:

bryanv (2):
      MFC r329598:
      MFC r327958, r329601, r329602:

dab (4):
      MFC r330034
      MFC r330085:
      MFC r330245:
      MFC r331015:

delphij (1):
      MFC r316339,317396,317829,326010,329554: less v530.

dim (5):
      Repair obvious mismerge in r330897, resulting in misleading gcc error messages like "sys/net/if_fddisubr.c:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '-' token".
      Revert r330471 (MFC of r311861), since it results in compile errors like:
      Merge retpoline support from the upstream llvm, clang and lld 5.0 branches.  Upstream merge revisions:
      MFC r314568 (by emaste):
      Merge clang, llvm, lld, lldb, compiler-rt and libc++ 6.0.0 release, and several follow-up fixes.

eadler (131):
      Revert MFC of r330463 r330462 r330454 r330452 r330451:
      MFC r302779,r302807:
      MFC r327206:
      MFC r326820:
      MFC r318587:
      MFC r326283:
      MFC r309220:
      MFC r313544:
      MFC r303539:
      MFC r303540:
      MFC r323865:
      MFC r326651:
      MFC r327672:
      MFC r326599:
      MFC r316796:
      MFC r316797:
      Revert MFC of r323865
      MFC r330572:
      Revert r324434
      MFC r320805:
      MFC r304153:
      MFC r304161:
      MFC r304165,r304166:
      MFC r304164:
      MFC r304173,r304181,r304186:
      MFC r304758:
      MFC r304773,r304800:
      MFC r304804:
      Partial merge of the SPDX changes
      MFC r305010:
      MFC r305059:
      MFC r305060:
      MFC r305121,r305231:
      MFC r314641,r314646,r314997,r315390:
      MFC r315000:
      MFC r315003,r315065,r315066:
      MFC r315418,r315480,r316019:
      MFC r317174:
      MFC r315984:
      MFC r316136:
      MFC r316636,r316642,r316675,r316733,r316737,r316741,r316827,r316830,r316865,r316878:
      MFC r330834:
      MFC r322663:
      MFC r302509:
      MFC r302452:
      MFC r302525,r302526:
      MFC r302535:
      MFC r329102:
      MFC r327279,r327571:
      MFC r327580,r327581:
      MFC r302533:
      MFC r303063,r311852,r311930,r317040,r320506,r321301,r325162,r326759,r329004,:
      MFC r303036,r303038,r306822,r307923,:
      MFC r302485,r303203,r303341,r304025,r306133,r306518,r308576,r308686,r309019,r309059,r310024,r311853,r312793,r313033,r313577,r313741,r314692,r317772,r317939,r319674,r319923,r321392,r322979,r323222,r323222,r323398,r323502,r323602,r323767,r323767,r323958,r325220,r326172,r326253,r330652,r330761,r330762,r330763,r330765,:
      MFC r327474:
      MFC r327514,r327521,r327614,r327615,r327616,r327623:
      MFC r305139:
      MFC r305857,r305858,r305859:
      MFC r306135,r311859,r321763,r321764,r321766,r321767,r321768,r321769,r321771,r321774,r321776,r321783,r321784,r321785,r321786,r321787,r321788,r321789,r321793,r321796,r321797,r321801,r321802,r321804,r321814,r321817,r321818,r321834,r321835,r321853,r321857,r321860,r321866,r321885,r321886,r321889,r321890,r321892,r321893,r321897,r321939,r321966,r321974,r321982,r321989,r322035,r322093,r322108,r322314,r322330,r322335,r322350,r322353,r322365,r322416,r322471,r322484,r322638,r322649,r322881,r322886,r323972,r330768,:
      MFC r324441:
      MFC r305373,r312344,r318095,r319117,r320948,r320953,r328528:
      MFC r311106,r311109,r311110,r320579,r327063,r327064,:
      MFC r303041,r303320,r305905,r310087,r310346,r319368,r321879,r321923,r321979,r327554,r329124,r329210,:
      MFC r327344:
      MFC r330940:
      MFC r326959:
      MFC r328427:
      MFC r328428:
      MFC r328430,r328431:
      MFC r328959:
      MFC r328839:
      MFC r328831:
      MFC r327941:
      MFC r326387:
      MFC r317870:
      MFC r328509:
      MFC r330843:
      MFC r303452,r303482,r303483,r303484,r303485,r303487,r303489,r303498,r303499,r303502,r303523,r303525,r303570,r303571,r303588,r303596,r303597,r303598,r303599,r303600,r303601,r303625,r303629,r303718,r304651,r304684,r304686,r305983,r309217,r309219,r309341,r309342,r309343,r309382,r309415,r309417,r309418,r309419,r310863,r311141,r314613,r318471,r321382,r321383,r321396:
      MFC r319274:
      MFC r315190:
      MFC r325215,r325216:
      MFC r314955:
      MFC r303150:
      MFC r328525:
      MFC r326601:
      MFC r323135:
      MFC r322991:
      MFC r314052:
      MFC r304725:
      MFC r317570:
      MFC r317798:
      MFC r325091:
      MFC r303412:
      MFC r320210:
      MFC r326913:
      MFC r314622:
      MFC r326482:
      MFC r303812:
      MFC r326249:
      MFC r328636:
      MFC r328638:
      MFC r328640:
      MFC r312887:
      MFC r328785:
      MFC r328586:
      MFC r328162:
      MFC r328262:
      MFC r313264:
      MFC r305306:
      MFC r328300:
      MFC r327184:
      MFC r316422:
      MFC r326859:
      MFC r326437:
      MFC r326356:
      MFC r326183:
      MFC r325113:
      MFC r325112:
      MFC r313818:
      MFC r315986:
      MFC r320992,r320993:
      MFC r322013:
      MFC r320268,r320276:
      MFC r320178:
      MFC r322674:
      MFC r324806:
      MFC r324858:
      MFC r324860:
      MFC: r331285
      MFC: r331533
      Revert r330897:

emaste (29):
      MFC r322277 by jlh:
      MFC r322552 by jhb: Unconditionally install rwhod support scripts.
      MFC r330613: Disable LLD_BOOTSTRAP under WITHOUT_CROSS_COMPILER
      MFC r330667: asmc: update temperature sensor name/description
      MFC r329370, r330239: Rationalize license text on Linuxolator files
      MFC r328395: Install uefi.8 also on arm64
      MFC r319510: xz: set noexec stack flag on FreeBSD
      Fix kernel memory disclosure in svr4_sys_getdents64
      MFC r330668: bktr: correct Japan IF frequency
      MFC r325047: dma: fix use-after-free
      MFC r331339: Correct signedness bug in drm_modeset_ctl
      MFC r331333: Fix kernel memory disclosure in drm_infobufs
      MFC r331234: Rationalize license text on Linuxolator files
      MFC r331329: Fix kernel memory disclosure in ibcs2_getdents
      MFC Capsicum open(2) and openat(2) documentation
      MFC r324560: allow posix_fallocate in capability mode
      Regen *sysent.c after r331679 - posix_fallocate in capability mode
      MFC r325422: posix_fallocate.2: add an EINVAL errno case
      MFC r323623: rename(2): document capability mode errors
      MFC r315522: use INT3 instead of NOP for x86 binary padding
      MFC r324707: embed_mfs: add error handling, usage
      MFC r326992: embed_mfs: support embedding mfs into loader
      MFC kernel build-id support
      MFC r321417: enable filter lib linker feature flag for lld 5.0+
      MFC r329373: Correct module symbol export handling
      MFC r320695 (bdrewery): Fix out-of-tree kernel builds
      MFC r331426: Rationalize license text on Linuxolator files
      MFC r331433: linuxkpi whitespace cleanup
      MFC r321587: cc_cubic: restore braces around if-condition block

eugen (3):
      MFC r329105: ppp(8): fix code producing debugging logs
      MFC r329279: add support for user-supplied Host-Uniq tag to ng_pppoe(4).
      MFC r331630: Fix instructions in the zfsboot manual page.

garga (1):
      MFC r322281:

gjb (8):
      Document EN-18:01, EN-18:02, SA-18:01, SA-18:02.
      Document SA-18:03.speculative_execution.
      MFC r322794:  Use py-google-compute-engine instead for releasing Google Compute  Engine (GCE) images with an updated version of Google's tools.
      MFC r331364:  Remove google_accounts_manager from VM_RC_LIST in the GCE configuration  file, no longer needed.
      MFC r331559:  Escape trailing newlines in a long variable list for consistency.
      MFC r331562 (manu):  release: arm: Copy boot.scr from ports
      MFC r331696, r331697:
      MFC r331806:  Add logic for "families" for GCE images.

gonzo (18):
      MFC r316370-r316371
      Fix VERSATILEPB boot after r331402
      MFC r329832, r329926
      MFC r330309:
      MFC r330558:
      MFC r303100 by andrew:
      MFC r308533 by andrew:
      MFC r302498 by andrew:
      MFC r303035 by markm:
      MFC r305094, r305096-r305097
      MFC r304488, r304623
      MFC r306263, r306268
      MFC r306436-r306437, r306489, r306491
      MFC r314672, r315967, r324184, r325768
      MFC r325048:
      MFC r330727 (without optional dts part):
      MFC r307943-r307944, r308698
      MFC r312378 by andrew:

gordon (1):
      MFC r331981:

hselasky (101):
      MFC r330272: Implement wait_on_bit() function macro in the LinuxKPI.
      MFC r330273: Implement ktime_get_raw() function in the LinuxKPI.
      MFC r330274: Implement more lockdep stubs in the LinuxKPI.
      MFC r330349 and r330362: Allow pause_sbt() to catch signals during sleep by passing C_CATCH flag. Define pause_sig() function macro helper similarly to other kernel functions which catch signals. Update outdated function description.
      MFC r330352 and r330353: Implement msleep_interruptible() in the LinuxKPI. While at it use pause_sbt() instead of pause() in the msleep() function to avoid rounding errors when converting delay values forth and back. Add a guard for a delay value of zero milliseconds which is undefined.
      MFC r330344: Correct the return code from pause() during cold startup from zero to EWOULDBLOCK. This also matches the description in pause(9).
      MFC r330387 and r330396: Rename the SLAB_DESTROY_BY_RCU flag into SLAB_TYPESAFE_BY_RCU in the LinuxKPI to be compatible with Linux.
      MFC r330388: Implement GENMASK_ULL() function macro in the LinuxKPI.
      MFC r330389: Implement for_each_clear_bit() function macro in the LinuxKPI.
      MFC r330390: Define noinline and __maybe_unused macros in the LinuxKPI.
      MFC r330391: Implement writel_relaxed() in the LinuxKPI.
      MFC r330392 and r330408: Implement BUILD_BUG() function macro in the LinuxKPI.
      MFC r330393: Implement __MODULE_STRING() function macro in the LinuxKPI.
      MFC r330394: Implement pr_err_ratelimited() function macro in the LinuxKPI.
      MFC r330395: Implement DEFINE_WAIT_FUNC() function macro and default_wake_function() in the LinuxKPI.
      MFC r330398: Implement wait_event_lock_irq() macro function in the LinuxKPI.
      MFC r330399: Stub kernel_param_lock() and kernel_param_unlock() in the LinuxKPI.
      MFC r330689: Implement proper support for complete_all() in the LinuxKPI.
      MFC r330271: Rename callout member in struct timer_list to match the one in struct delayed_work in the LinuxKPI. This allows the timer_pending() function macro to be used with delayed work structures.
      MFC r325659: Add support for disabling and enabling RX and TX DMA rings in mlx5en(4). This is useful for supporting setups similar to Netmap.
      MFC r325660: Add support for configuring local multicast and unicast data traffic loopback in mlx5en(4) driver via the sysctl interface.
      MFC r325661: Expose the current hardware MTU in mlx5en(4) as a separate entry in the sysctl tree.
      MFC r330598: Use a macro in mlx5_command_str() instead of copying OP name.
      MFC r330599: Fix potential deadlock in command mode change in mlx5core.
      MFC r330600: Add timeout handle to commands with callback in mlx5core.
      MFC r330603: Make sure default VNET is set when adding a new interface in mlx5core.
      MFC r330604: Add log message for unsupported QSFPs in mlx5core.
      MFC r330606: Implement support for querying the current port rate in mlx5core. The mlx5ib(4) part will be merged separately.
      MFC r330607: Implement rate limit per traffic class in mlx5core.
      MFC r330608: Implement priority to traffic class mapping in mlx5core.
      MFC r330644 and r330714: Updates for PCI and health monitor recovery in mlx5core. This patch accumulates the following Linux commits:
      MFC r330645: Avoid calling sleeping function from the health poll thread in mlx5core.
      MFC r330646: Fix race between PCI error handlers and health work in mlx5core.
      MFC r330649: Add support for per priority flow control, PFC, to mlx5en(4).
      MFC r330650: Use device_printf() instead of printf() when printing warnings and errors to dmesg(8) in mlx5core.
      MFC r330651: Add vendor specific capability interface support in mlx5core.
      MFC r330653: Add kernel and userspace code to dump the firmware state of supported ConnectX-4/5 devices in mlx5core.
      MFC r330656: Use the device unit number for naming the ifnet interface in mlx5en(4).
      MFC r330657: Use vport rather than physical-port MTU in mlx5en(4).
      MFC r330658: Fix mlx5en(4) driver to properly call m_defrag().
      MFC r330659: Avoid more LFENCE/SFENCe on x86 in mlx5en(4), by using the FreeBSD native fences.
      MFC r330660: Add call to setup firmware data dump structure during device load in mlx5core.
      MFC r330670: Make mlx5 compilable on ILP32 arches.
      MFC r330654: Check that the address is specified in mlx5tool(8).
      Fix buildworld after r331586 by adapting the installation of dev/mlx5/mlx5io.h to the build system in FreeBSD 11-stable.
      MFC r303505, r303506, r303512, r303513, r303646, r320418, r323082, r326169, r326563, r326649, r326716, r326764, r326765 and r329222:
      MFC r331419: Allow the libusb20_dev_get_port_path() function to be called when the USB device is closed. This fixes a compatibility issue with upstream libusb.
      MFC r330490: Add missing FreeBSD tags and SVN properties to ibcore.
      MFC r330491: Do not add RoCEv2 default GID in ibcore when IPv6 is disabled to honor the networking stack's IPv6 disabled setting. Else the offload HCA can start using IPv6 packets for QPs.
      MFC r330492: Add support for IPv6 link local GIDs equal to the default GID for VLANs in ibcore.
      MFC r330493: Make deletion of RoCE GID entries synchronous in ibcore.
      MFC r330494: Select RoCEv2 by default in ibcore.
      MFC r330495: Map type of service, TOS, to IB or VLAN service level 1:1 in ibcore.
      MFC r330496: Need to check for IPv6 linklocal address inside rdma_resolve_addr() in ibcore.
      MFC r330501: Make sure to register the VLAN GIDs using the VLAN network interface and not the parent one in ibcore. Else looking up the VLAN GIDs will fail for VLAN IPs.
      MFC r330504: Add support for loopback in ibcore.
      MFC r330506: Pass valid if_index to rdma_addr_find_l2_eth_by_grh() in ibcore when possible.
      MFC r330507: Get correct network device when accepting incoming RDMA connections in ibcore.
      MFC r330508: Optimize ibcore RoCE address handle creation from user-space.
      MFC r330579: Fix for use-after-free when using delayed work structures in ibcore.
      MFC r330580: Make sure the IPv6 scope ID gets properly masked in ibcore.
      MFC r330581: Add IB_SPEED_HDR definition in ibcore.
      MFC r330583: Embed the IPv6 scope ID before calling rtalloc1() in ibcore. Else rtalloc1() will resolve to the loopback interface.
      MFC r330584: Recover IPv6 scope ID for multicast link-local addresses as well as unicast link-local addresses.
      MFC r330585: Define values instead of using hardcoding.
      MFC r330586: Make sure VNET is set when calling sa6_recoverscope() in ibcore.
      MFC r330594: Disable unsupported disassociate ucontext functionality in mlx4ib(4).
      MFC r330595: The mlx4ib(4) should not be loaded before the ibcore is initialized.
      MFC r330596: Bump version information in mlx4ib(4).
      MFC r330597: Disable unsupported disassociate ucontext functionality in mlx5ib(4).
      MFC r330662: Set correct SL in completion for RoCE in mlx5ib(4).
      MFC r330944: Fix compliancy of the kstrtoXXX() functions in the LinuxKPI, by skipping one newline character at the end, if any.
      MFC r331204: Remove redundant integer cast in ibcore. The "ref_count" field already has integer type.
      MFC r331355: Clear old MSIX IRQ numbers in the LinuxKPI.
      MFC r331357: The pci_disable_device() function is also expected to clear the PCI busmaster. This fixes LinuxKPI compliancy with Linux.
      MFC r331437: Create designated workqueue for each mlx5en(4) device instance.
      MFC r331438: Exit krping on device removal to avoid endless hang situation.
      MFC r330606: Implement missing query for current port rate in mlx5ib(4).
      MFC r330647: Use the autogenerated interface file for all commands in mlx5core.
      MFC r330648: Add support for explicit congestion notification, ECN, to mlx5ib(4).
      MFC r331443: Improve support for health recovery in mlx5core.
      MFC r331445: Add support for fast unload in shutdown flow in mlx5core.
      MFC r331446: Cancel delayed recovery work when unloading the mlx5core driver.
      MFC r331447: Hide verbose proclamation of error when forced in mlx5core.
      MFC r331449: Handle software reset of firmware in error flow in mlx5core.
      MFC r331451: Issue a software reset on firmware assert in mlx5core.
      MFC r331452: Add mutual exclusion mechanism for software reset of firmware in mlx5core.
      MFC r331453: Don't save PCI state when PCI error is detected in mlx5core.
      MFC r331455: Fix incorrect page count when mlx5core is in internal error.
      MFC r331456: Don't wait for completions when a mlx5en(4) device is in internal error state.
      MFC r331531: Remove redundant prototype to fix compilation with GCC.
      MFC r331819: Add missing newline character in print in mlx5core.
      MFC r331820: Properly check if crspace is supported in mlx5core.
      MFC r331821: Prepare for FW dump in error state in mlx5core.
      MFC r331822: Reorganize health recovery in mlx5core.
      MFC r331823: Collect firmware dump when mlx5core is in device error state.
      MFC r331824: Make sure Giant is locked when allocating bus resources in mlx5core.
      MFC r331825: Fix for use after free in mlx5core.
      MFC r331826: Bump mlx5core driver version.
      MFC r331827: Remove unused structure field in mlx5core.
      MFC r330655: Remove duplicate prototypes.

ian (25):
      MFC r330745:
      MFC r306657, r306673, r306726, r307737, r309366, r310135, r323990, r324414
      MFC r307656, r307659, r307674-r307675, r307679, r307683
      MFC r315051, r315101, r315103, r315107, r315180, r315197, r315293, r315319,     r315590, r315649, r315726, r315743, r315746-r315747, r315779, r315985,     r316002, r316639, r316959, r317187, r317194, r317205-r317207, r317381,     r319489, r319847, r321076-r321079, r321227, r326822
      To fix the powerpc build, back out r331184, which was this mfc:
      MFC r324186:
      MFC r327756-r327758
      MFC r306288, r314936, r325527, r327971, r328005, r328039, r328068-r328069,     r328301-r328303
      MFC r328307, r328311-r328312
      MFC r328345, r328349, r328405, r328407, r328442
      MFC r329125-r329126
      MFC r329479-r329480, r329483, r329506-r329507, r329526, r329529, r329536,     r329541, r329730, r329841, r329988, r330397
      MFC r329534-r329535
      MFC r325233, r328956, r329170, r329172-r329173, r329224, r330403-r330407,     r330411-r330412, r330416, r330430-r330431, r330433, r330528-r330529,     r330767
      MFC r329537:
      MFC r329642:
      MFC r310017, r310229, r312289, r327260, r329539, r329544-r329546, r329620,     r329729, r329911, r329999
      MFC r330361:
      MFC r330385:
      MFC r330437-r330438, r330440, r331045
      MFC r330050:
      MFC r330773, r330778, r330782, r330797
      MFC r331068:
      MFC r331123, r331126, r331129, r331132, r331136, r331138-r331139, r331141
      MFC r329989, r330044

imp (2):
      Direct commit to stable
      MFC: r331140

jhb (8):
      MFC 328102: Save and restore guest debug registers.
      MFC 328158,330708: Update kgdb for PTI.
      MFC 328909: Always give ELF brands a chance to veto a match.
      MFC 330872: Add a "jail" keyword to list the name of a jail rather than its ID.
      MFC 330711: Permit sysctl(8) to set an array of numeric values for a single node.
      MFC 329785: Move DDP PCB state into a helper structure.
      MFC 318387: Add support for child devices that aren't ports.
      MFC 331248: Set the proper vnet in IPsec callback functions.

jkim (1):
      MFC:	r331627

ken (1):
      MFC r331422:

kevans (26):
      MFC r329339: libsa: Consolidate tftp sendrecv into net.c sendrecv
      MFC r317191, r317195: Don't ignore "disabled" CPUs
      MFC r322287 (mw): Add support for "compatible" parameter in ofw_fdt_fixup
      MFC r322289: Enable uing ofw_bus_find_compatible in early platform code
      MFC r322359: Enable OF_setprop API function to add property in FDT
      MFC r326204: Do not bind to CPUs with SMT
      MFC r326310: Back out OF module installation in the event of failure.
      MFC r327391: Avoid use of the fdt_get_property_*() API
      MFC r329579: Set internal error returns [of some OF functions] to 0
      MFC r330019: ofw_fdt: Simplify parts with new libfdt methods
      MFC r317055,r317056 (glebius): Include sys/vmmeter.h as included
      MFC r322278,324177: EFIRT Improvements
      r322279: Don't create /dev/efi without EFI runtime
      MFC r324495: Support the EFI Runtime Services on arm64. As with amd64 we use the 1:1 mapping. This uses the new common code shared with amd64.
      Revert r331022: MFC of EFI Runtime Service support on aarch64
      MFC (partially) r326066, r326121: Add an EFI RTC Driver
      MFC r324191: Hide kernel stuff from userspace.
      MFC r330257: Add a function to retrieve the EFI realtime clock capabilities.
      MFC r330612: stand/ficl: Fix testmain
      MFC r330023, r330028: Add MAXWAIT for configuring pxeboot timeout
      MFC r330891: ubldr: Bump heap size from 512K to 1M
      MFC r330929: pkgbase: Fix post-install script for kernel packages
      MFC r331416, r331440: Loader consoles: Implement SGR 22, reste intensity
      MFC r330115: Add missing WITH_BSD_GREP_FASTMATCH description
      MFC r331475: loader consoles: Implement SGR 24, 25
      MFC r328331: Support configuring arbitrary limits(1) for any rc.conf daemon

kib (14):
      MFC r330285: Remove _Nonnull attributes from user addresses arguments for copyout(9) family.
      MFC r328087 (by fabient): Fix pmcstat exit from kernel introduced by r325275.
      MFC r331431: Update comment to match current field names.
      MFC r331247: Check for wrap-around in vm_phys_alloc_seg_contig().
      MFC r331374: Fixes for ptrace(PT_GETXSTATE_INFO) related to the padding in struct ptrace_xstate_info).
      MFC r331375: Do not send signals to init directly from shutdown_nice(9), do it from the task context.
      MFC r320872: Create libdl.so.1 as a filter for libc.so.7 which exports public dl* functions.
      MFC r331432: There is no need to disable interrupts around npxsave call.
      MFC r331486: Improve the lcall $7,$0 syscall emulation on amd64.
      MFC r331487: In vn_io_fault1(), reduce the scope where pagefaults are disabled.
      MFC r331489: For vm_zone_stats() sysctl handler, do not drain sbuf calling copyout(9) while owning zone lock.
      MFC r331490: Account the size of the vslock-ed memory by the thread.
      MFC r331557: Allow to specify for vm_fault_quick_hold_pages() that nofault mode should be honored.
      MFC r331640: Fix several leaks of kernel stack data through paddings.

kp (3):
      MFC r329950:
      MFC r330108:
      MFC 330105:

lidl (2):
      MFC r328861: improve blacklist-helper shell script
      Revert attempted MFC.  It included unwanted changes.

marius (6):
      MFC: 327314
      MFC: r327315
      MFC: r327339, r327924
      MFC: r327355, r327926
      MFC: r327929
      MFC: r328834

markj (12):
      MFC r331016: Add a space between a section number and a following comma.
      MFC r331425: Correct a couple of assertion messages in vm_page_reclaim_run().
      MFC r331222: Given hidden visibility to symbols referenced by the DOF section.
      MFC r331128: Have vm_page_replace() assert that the new page is not enqueued.
      MFC r331134: Fix an access of an uninitialized variable in dtrace_probe().
      MFC r331135: Use __syscall(2) rather than syscall(2) in syscall/tst.args.c.
      MFC r331260: Remove a lingering inaccuracy from mlock.2.
      Revert r331551. It is causing perl and tcl port build failures.
      MFC r331536: Use LIST_FOREACH_SAFE in sleepq_chains_remove_matching().
      MFC r331538: Clamp IFLIB_RX_COPY_THRESH to MHLEN in iflib_rxd_pkt_get().
      MFC r317567 (by cem): x86 MCA: Fix a deadlock in MCA exception processing
      MFC r324102 (by cem): netsmb: Fix buggy/racy smb_strdupin()

mav (26):
      MFC r328521 (by imp): Use atomic load and stores to ensure that the compiler doesn't optimize away these loops. Change boolean to int to match what atomic API supplies. Remove wmb() since the atomic_store_rel() on status.done ensure the prior writes to status. It also fixes the fact that there wasn't a rmb() before reading done. This should also be more efficient since wmb() is fairly heavy weight.
      MFC r330048:  Add sysctls/tunables for dbuf cache size.
      MFC r330121: Add support for Enhanced Gen 5 (16Gb) and Gen 6 (32Gb) QLogic FC HBAs.
      MFC r330963: Increase ABOUT FIRMWARE command timeout to 5s.
      MFC r329505: MFV r323911: 8502 illumos#7955 broke delegated datasets when libshare is not present
      MFC r329508: MFV r324198: 8081 Compiler warnings in zdb
      MFC r329623: MFV r302649: 7016 arc_available_memory is not 32-bit safe
      MFC r329625: MFV r307315: 7301 zpool export -f should be able to interrupt file freeing
      MFC r329628: MFC r316910: 7812 Remove gender specific language
      MFC r329657 (by asomers): Fix memory leaks in zdb introduced by r329508
      MFC r329658: MFV r316872: 7502 ztest should run zdb with -G (debug mode)
      MFC r329659: MFV r316873: 7233 dir_is_empty should open directory with CLOEXEC
      MFC r329661: MFV r316875: 7336 vfork and O_CLOEXEC causes zfs_mount EBUSY
      MFC r329663: MFV r316876: 7542 zfs_unmount failed with EZFS_UNSHARENFSFAILED
      MFC r329664: MFV r316893: 7604 if volblocksize property is the default, it displays as "-" rather than 8K
      MFC r329665: MFV r316901: 7730 libzfs`add_config() leaks config nvl when reading spare/l2cache devices
      MFC r329667: MFV r316902: 7745 print error if lzc_* is called before libzfs_core_init
      MFC r329668: MFV r316918: 7990 libzfs: snapspec_cb() does not need to call zfs_strdup()
      MFC r329681: MFV r318941: 7446 zpool create should support efi system partition
      MFC r329683: MFV r319736: 6396 remove SVM
      MFC r329690: MFV r319737: 6939 add sysevents to zfs core for commands
      MFC r329691: MFV r322231: 8430 dir_is_empty_readdir() doesn't properly handle error from fdopendir()
      MFC r329694: MFV r324198: 8081 Compiler warnings in zdb
      MFC r329738: MFV r329736: 8969 Cannot boot from RAIDZ with parity > 1
      MFC r330292: Update QLogic ISP 24xx/25xx chips firmware to 8.07.00.
      MFC r331228: Update mpr(4) driver from v15 to v18 from Broadcom site.

mjoras (1):
      MFC r325621, r325622, r331227

mmel (6):
      MFC r319896,r320054:
      MFC r309531,r309553,r309604:
      MFC r327827:
      MFC r330073:
      MFC r330074:
      MFC r328467:

np (1):
      MFC r322659 (by glebius): Fix cut and paste typo that prevented T5 firmware to be compiled in.

philip (1):
      MFC r331481: Import tzdata 2018d

rgrimes (1):
      MFC:		r331664

rpokala (2):
      MFC r330304: imcsmb(4): Intel integrated Memory Controller (iMC) SMBus controller driver
      MFC 331345:

sbruno (1):
      MFC r330675

sevan (4):
      MFC r331274
      MFC 321881
      MFC r316464
      MFC r322665

sjg (1):
      MFC bmake-20180222

smh (4):
      MFC r330950:
      MFC r330951:
      MFC r328321:
      MFC r320138:

tijl (1):
      MFC r314624:

truckman (1):
      MFC r329844 MFC r329875 (by kib)

tychon (1):
      MFC r328011,329162

ume (1):
      MFC r330681: Fix Bad file descriptor error.

Installer images: http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/ISO-IMAGES/HardenedBSD-11-STABLE-v1100055.1/

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v1100055.1-amd64-bootonly.iso) = d023527a8e385f69787b5e1e2a9f52849cc9a7b439c4180ca285c753412aa9352da21bd8286b0d60960b626d5d1856c0ba749a135f36f6e39a597455aeeb22e9
SHA512 (HardenedBSD-11-STABLE-v1100055.1-amd64-disc1.iso) = 871fa40b3963ccb31df94f8cc4a83ef931de0c1facc3a0eb1175435c9f996297678e8910968d82d98f0a0cf46391aed568c52ce5261fd5c646d40f3eb18b7107
SHA512 (HardenedBSD-11-STABLE-v1100055.1-amd64-memstick.img) = 1ef4ac1af66a6428550033849b91590f4ed8c6bb075ae8203e306b98d1f4c0b88cfa9c5b41373a580a46ece9f84148a144734f763f1064d9a0763ff262a080fe
SHA512 (HardenedBSD-11-STABLE-v1100055.1-amd64-mini-memstick.img) = 3be90dc646efa29e724324d2220c4616ba23ae28df038d0312750bea9463fc4cdd8385f5617da8b93a8d537e1e7b4134f0d124e723f503dd2656d927b986210d

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEu1M4jTvZiSgVy54wgZsRom/9GI0FAlrEsR8ACgkQgZsRom/9
GI2cBRAAl3GIIfyCrzGntsbsPJhB6CA6DsGLGrw6Y8m3PdvNLe7re5HXbHp3WkOA
6XzQ91+Ip7ZX7+CyLtdxAe/mUuqD4zdxRqHehrMCQgXgEeL3SndUrs46iDS0mXhv
rGi8a3mg5nX2JqWvhh4ALThWSf7gn/JqQTVHgvVXClr/ruVJJMfJlYOcQb96aN2g
sQSXnW27Zf8aauGC4SkDip4mRIFrEEVMRILCOeCUDWkDjecOGSZgKyFuV9299ln2
LTocbJBGuYPcj3xRtK8YgRIQ6v/b5gEiZUhUnonOC6OMOAm46fhjRIa5DpcFBOdT
/W4BLML5vKzlXutJKCMJGua+wRwvz348glj+hr5R+oedjNhb6K+EA6Fz3e205UY2
IRRrakEpXVagElp9fgLxc3n+sh3Rm1hsf7undgdslV4oN4+61xdrEEDIOux0OHtX
8/hFd9e3lBctwGl34Mx+d7FcF/CbFBdQjUuk3zp2NFSluk1o8yVLiUQG17Cq6VYd
MeNRL1RlSuAWuxjhL3N7mPwOVn71Z219lTJu84uaHuZn+nTRNS4gKk1I/qdPUuX9
/lY+4T6lqUzzjo3hS99jVwWgAjaunOHbjG0l2yDMeZceQ0PIt9MDAWEjiKnFnJj3
lOpHE0132ApHEmbl+SQDFSrpJaRFOmkbdVT2N4FtsPGNNdmsR6A=
=kv71
-----END PGP SIGNATURE-----

CHECKSUM.SHA512.txt
CHECKSUM.SHA512.asc.txt
shortlog-HardenedBSD-11-STABLE-v1100055.1.txt