Merge remote-tracking branch 'origin/freebsd/current/main' into harde…

…ned/current/master

include/netdb.h

@@ -161,26 +161,29 @@ struct addrinfo {
 /*
  * Error return codes from gai_strerror(3), see RFC 3493.
  */
-#if 0
-/* Obsoleted on RFC 3493 */
+#if __BSD_VISIBLE	/* not in POSIX */
+/* EAI_ADDRFAMILY was obsoleted by RFC 3493, used as extension */
 #define	EAI_ADDRFAMILY	 1	/* address family for hostname not supported */
 #endif
 #define	EAI_AGAIN	 2	/* name could not be resolved at this time */
 #define	EAI_BADFLAGS	 3	/* flags parameter had an invalid value */
 #define	EAI_FAIL	 4	/* non-recoverable failure in name resolution */
 #define	EAI_FAMILY	 5	/* address family not recognized */
 #define	EAI_MEMORY	 6	/* memory allocation failure */
-#if 0
-/* Obsoleted on RFC 3493 */
+#if __BSD_VISIBLE	/* not in POSIX */
+/* EAI_NODATA was obsoleted by RFC 3493, retained here as extension */
 #define	EAI_NODATA	 7	/* no address associated with hostname */
 #endif
 #define	EAI_NONAME	 8	/* name does not resolve */
 #define	EAI_SERVICE	 9	/* service not recognized for socket type */
 #define	EAI_SOCKTYPE	10	/* intended socket type was not recognized */
 #define	EAI_SYSTEM	11	/* system error returned in errno */
+#if __BSD_VISIBLE	/* not in POSIX */
+/* The following 3 are not in RFC 3493 or POSIX, retained for compatibility */
 #define	EAI_BADHINTS	12	/* invalid value for hints */
 #define	EAI_PROTOCOL	13	/* resolved protocol is unknown */
 #define	EAI_OVERFLOW	14	/* argument buffer overflow */
+#endif
 #define	EAI_MAX		15
 
 /*

include/nsswitch.h

@@ -53,6 +53,7 @@
 #define	NS_NOTFOUND	(1<<2)		/* source responded 'no such entry' */
 #define	NS_TRYAGAIN	(1<<3)		/* source busy, may respond to retry */
 #define NS_RETURN	(1<<4)		/* stop search, e.g. for ERANGE */
+#define NS_ADDRFAMILY	(1<<5)		/* no addr for fam, getaddrinfo only */
 #define NS_TERMINATE	(NS_SUCCESS|NS_RETURN) /* flags that end search */
 #define	NS_STATUSMASK	0x000000ff	/* bitmask to get the status flags */
 

kerberos5/include/config.h

@@ -1290,7 +1290,7 @@ static /**/const char *const rcsid[] = { (const char *)rcsid, "@(#)" msg }
 #define HAVE___PROGNAME 1
 
 /* have __sync_add_and_fetch */
-#if defined(__FreeBSD__) && (defined(__arm__) || defined(__mips__))
+#if defined(__FreeBSD__) && defined(__arm__)
 #undef HAVE___SYNC_ADD_AND_FETCH	/* Not supported on FreeBSD/arm */
 #else
 #define HAVE___SYNC_ADD_AND_FETCH 1

lib/libc/net/gai_strerror.3

@@ -18,7 +18,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 23, 2018
+.Dd November 2, 2022
 .Dt GAI_STRERROR 3
 .Os
 .Sh NAME
@@ -42,7 +42,9 @@ or
 The following error codes and their meaning are defined in
 .In netdb.h :
 .Pp
-.Bl -tag -width ".Dv EAI_BADFLAGS" -offset indent -compact
+.Bl -tag -width ".Dv EAI_ADDRFAMILY" -offset indent -compact
+.It Dv EAI_ADDRFAMILY
+Address family for hostname not supported
 .It Dv EAI_AGAIN
 Name could not be resolved at this time
 .It Dv EAI_BADFLAGS
@@ -56,6 +58,8 @@ Non-recoverable failure in name resolution
 Address family was not recognized
 .It Dv EAI_MEMORY
 Memory allocation failure
+.It Dv EAI_NODATA
+No address associated with hostname
 .It Dv EAI_NONAME
 Name does not resolve
 .It Dv EAI_OVERFLOW
@@ -83,7 +87,14 @@ is out of range, an implementation-specific error message string is returned.
 .Xr getaddrinfo 3 ,
 .Xr getnameinfo 3
 .Sh STANDARDS
-.Bl -tag -width ".It RFC 2743"
+.Bl -tag -width ".It RFC 3493"
 .It RFC 3493
 Basic Socket Interface Extensions for IPv6
 .El
+.Pp
+EAI_ADDRFAMILY and EAI_NODATA were in previous RFCs, but not in RFC 3493.
+They are not in POSIX (IEEE Std 1003.1-2017).
+They were in
+.Fx
+before 5.2, and were re-added for 14.0.
+EAI_BADHINTS, EAI_OVERFLOW, and EAI_PROTOCOL are not in RFC 3493 or POSIX.

lib/libc/net/gai_strerror.c

@@ -44,17 +44,19 @@ __FBSDID("$FreeBSD$");
 #endif
 #include "un-namespace.h"
 
-/* Entries EAI_ADDRFAMILY (1) and EAI_NODATA (7) are obsoleted, but left */
-/* for backwards compatibility with userland code prior to RFC2553bis-02 */
+/*
+ * Entries EAI_ADDRFAMILY (1) and EAI_NODATA (7) were omitted from RFC 3493,
+ * but are or may be used as extensions or in old code.
+ */
 static const char *ai_errlist[] = {
 	"Success",					/* 0 */
-	"Address family for hostname not supported",	/* 1: Obsolete */
+	"Address family for hostname not supported",	/* EAI_ADDRFAMILY */
 	"Name could not be resolved at this time",	/* EAI_AGAIN */
 	"Flags parameter had an invalid value",		/* EAI_BADFLAGS */
 	"Non-recoverable failure in name resolution",	/* EAI_FAIL */
 	"Address family not recognized",		/* EAI_FAMILY */
 	"Memory allocation failure", 			/* EAI_MEMORY */
-	"No address associated with hostname",		/* 7: Obsolete*/
+	"No address associated with hostname",		/* EAI_NODATA*/
 	"Name does not resolve",			/* EAI_NONAME */
 	"Service was not recognized for socket type",	/* EAI_SERVICE */
 	"Intended socket type was not recognized",	/* EAI_SOCKTYPE */

lib/libc/net/getaddrinfo.c

@@ -1953,6 +1953,9 @@ explore_fqdn(const struct addrinfo *pai, const char *hostname,
 	case NS_NOTFOUND:
 		error = EAI_NONAME;
 		goto free;
+	case NS_ADDRFAMILY:
+		error = EAI_ADDRFAMILY;
+		goto free;
 	case NS_SUCCESS:
 		error = 0;
 		for (cur = result; cur; cur = cur->ai_next) {
@@ -2341,7 +2344,9 @@ _dns_getaddrinfo(void *rv, void *cb_data, va_list ap)
 	if (res_searchN(hostname, &q, res) < 0) {
 		free(buf);
 		free(buf2);
-		return NS_NOTFOUND;
+		if (res->res_h_errno == NO_DATA)
+			return (NS_ADDRFAMILY);
+		return (NS_NOTFOUND);
 	}
 	/* prefer IPv6 */
 	if (q.next) {
@@ -2363,15 +2368,16 @@ _dns_getaddrinfo(void *rv, void *cb_data, va_list ap)
 	if (sentinel.ai_next == NULL)
 		switch (res->res_h_errno) {
 		case HOST_NOT_FOUND:
+			return (NS_NOTFOUND);
 		case NO_DATA:
-			return NS_NOTFOUND;
+			return (NS_ADDRFAMILY);
 		case TRY_AGAIN:
-			return NS_TRYAGAIN;
+			return (NS_TRYAGAIN);
 		default:
-			return NS_UNAVAIL;
+			return (NS_UNAVAIL);
 		}
 	*((struct addrinfo **)rv) = sentinel.ai_next;
-	return NS_SUCCESS;
+	return (NS_SUCCESS);
 }
 
 static void

lib/libc/sys/getsockopt.2

@@ -214,14 +214,14 @@ This option permits multiple instances of a program to each
 receive UDP/IP multicast or broadcast datagrams destined for the bound port.
 .Pp
 .Dv SO_REUSEPORT_LB
-allows completely duplicate bindings by multiple processes
+allows completely duplicate bindings by multiple sockets
 if they all set
 .Dv SO_REUSEPORT_LB
 before binding the port.
-Incoming TCP and UDP connections are distributed among the sharing
-processes based on a hash function of local port number, foreign IP
+Incoming TCP and UDP connections are distributed among the participating
+listening sockets based on a hash function of local port number, and foreign IP
 address and port number.
-A maximum of 256 processes can share one socket.
+A maximum of 256 sockets can be bound to the same load-balancing group.
 .Pp
 .Dv SO_KEEPALIVE
 enables the

lib/libc/sys/ktrace.2

@@ -28,7 +28,7 @@
 .\"     @(#)ktrace.2	8.1 (Berkeley) 6/4/93
 .\" $FreeBSD$
 .\"
-.Dd March 30, 2020
+.Dd November 2, 2022
 .Dt KTRACE 2
 .Os
 .Sh NAME
@@ -96,6 +96,7 @@ generate much output).
 .It KTRFAC_CAPFAIL Ta "Trace capability failures."
 .It KTRFAC_FAULT Ta "Trace page faults."
 .It KTRFAC_FAULTEND Ta "Trace the end of page faults."
+.It KTRFAC_STRUCT_ARRAY Ta "Trace arrays of certain data structures."
 .It KTRFAC_INHERIT Ta "Inherit tracing to future children."
 .El
 .Pp

lib/libfetch/common.c

@@ -67,12 +67,15 @@ __FBSDID("$FreeBSD$");
  * Error messages for resolver errors
  */
 static struct fetcherr netdb_errlist[] = {
+#ifdef EAI_ADDRFAMILY
+	{ EAI_ADDRFAMILY, FETCH_RESOLV, "Address family for host not supported" },
+#endif
 #ifdef EAI_NODATA
-	{ EAI_NODATA,	FETCH_RESOLV,	"Host not found" },
+	{ EAI_NODATA,	FETCH_RESOLV,	"No address for host" },
 #endif
 	{ EAI_AGAIN,	FETCH_TEMP,	"Transient resolver failure" },
 	{ EAI_FAIL,	FETCH_RESOLV,	"Non-recoverable resolver failure" },
-	{ EAI_NONAME,	FETCH_RESOLV,	"No address record" },
+	{ EAI_NONAME,	FETCH_RESOLV,	"Host does not resolve" },
 	{ -1,		FETCH_UNKNOWN,	"Unknown resolver error" }
 };
 

lib/libsysdecode/mktables

@@ -137,7 +137,7 @@ gen_table "sigtrapcode"     "TRAP_[A-Z]+[[:space:]]+[0-9]+"                "sys/
 gen_table "sockdomain"      "PF_[[:alnum:]]+[[:space:]]+"                  "sys/socket.h"
 gen_table "sockfamily"      "AF_[[:alnum:]]+[[:space:]]+"                  "sys/socket.h"
 gen_table "sockipproto"     "IPPROTO_[[:alnum:]]+[[:space:]]+"             "netinet/in.h"
-gen_table "sockopt"         "SO_[A-Z]+[[:space:]]+0x[0-9]+"                "sys/socket.h"
+gen_table "sockopt"         "SO_[A-Z_]+[[:space:]]+0x[0-9]+"               "sys/socket.h"
 gen_table "sockoptip"       "(IP_[[:alnum:]_]+|MCAST_[[:alnum:]_]+_GROUP)[[:space:]]+" "netinet/in.h" "IP_DEFAULT|IP_MIN|IP_MAX|IP_PORTRANGE"
 gen_table "sockoptipv6"     "IPV6_[[:alnum:]_]+[[:space:]]+[0-9]+"         "netinet6/in6.h"     "IPV6_ADDR_|IPV6_TAG_DIRECT|IPV6_OPTIONS|IPV6_RECVOPTS|IPV6_RECVRETOPTS|IPV6_RECVDSTADDR|IPV6_RETOPTS|IPV6_2292|IPV6_RECVRTHDRDSTOPTS|IPV6_REACHCONF|IPV6_PKTOPTIONS"
 gen_table "sockoptsctp"     "SCTP_[[:alnum:]_]+[[:space:]]+[0-9]+"         "netinet/sctp.h"

share/man/man9/crypto_request.9

@@ -30,7 +30,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd January 4, 2022
+.Dd November 2, 2022
 .Dt CRYPTO_REQUEST 9
 .Os
 .Sh NAME
@@ -441,17 +441,12 @@ the callback is invoked synchronously if the request was processed by a
 software driver or asynchronously if the request was processed by a
 hardware driver.
 .Pp
-If a request was scheduled to the taskqueue via
-.Dv CRYPTO_F_ASYNC ,
+If a request was scheduled to the taskqueue with
+.Dv CRYPTO_ASYNC_ORDERED ,
 callbacks are always invoked asynchronously ignoring
 .Dv CRYPTO_F_CBIMM
 and
 .Dv CRYPTO_F_CBIFSYNC .
-In this case,
-.Dv CRYPTO_F_ASYNC_KEEPORDER
-may be set to ensure that callbacks for requests on a given session are
-invoked in the same order that requests were queued to the session via
-.Fn crypto_dispatch .
 This flag is used by IPsec to ensure that decrypted network packets are
 passed up the network stack in roughly the same order they were received.
 .Ss Other Request Fields

sys/arm64/arm64/trap.c

@@ -246,7 +246,6 @@ data_abort(struct thread *td, struct trapframe *frame, uint64_t esr,
     uint64_t far, int lower)
 {
 	struct vm_map *map;
-	struct proc *p;
 	struct pcb *pcb;
 	vm_prot_t ftype;
 	int error, sig, ucode;
@@ -268,28 +267,44 @@ data_abort(struct thread *td, struct trapframe *frame, uint64_t esr,
 	}
 #endif
 
-	pcb = td->td_pcb;
-	p = td->td_proc;
-	if (lower)
-		map = &p->p_vmspace->vm_map;
-	else {
-		intr_enable();
-
+	if (lower) {
+		map = &td->td_proc->p_vmspace->vm_map;
+	} else if (!ADDR_IS_CANONICAL(far)) {
 		/* We received a TBI/PAC/etc. fault from the kernel */
-		if (!ADDR_IS_CANONICAL(far)) {
-			error = KERN_INVALID_ADDRESS;
-			goto bad_far;
+		error = KERN_INVALID_ADDRESS;
+		goto bad_far;
+	} else if (ADDR_IS_KERNEL(far)) {
+		/*
+		 * Handle a special case: the data abort was caused by accessing
+		 * a thread structure while its mapping was being promoted or
+		 * demoted, as a consequence of the break-before-make rule.  It
+		 * is not safe to enable interrupts or dereference "td" before
+		 * this case is handled.
+		 *
+		 * In principle, if pmap_klookup() fails, there is no need to
+		 * call pmap_fault() below, but avoiding that call is not worth
+		 * the effort.
+		 */
+		if (ESR_ELx_EXCEPTION(esr) == EXCP_DATA_ABORT) {
+			switch (esr & ISS_DATA_DFSC_MASK) {
+			case ISS_DATA_DFSC_TF_L0:
+			case ISS_DATA_DFSC_TF_L1:
+			case ISS_DATA_DFSC_TF_L2:
+			case ISS_DATA_DFSC_TF_L3:
+				if (pmap_klookup(far, NULL))
+					return;
+				break;
+			}
 		}
-
-		/* The top bit tells us which range to use */
-		if (ADDR_IS_KERNEL(far)) {
+		intr_enable();
+		map = kernel_map;
+	} else {
+		intr_enable();
+		map = &td->td_proc->p_vmspace->vm_map;
+		if (map == NULL)
 			map = kernel_map;
-		} else {
-			map = &p->p_vmspace->vm_map;
-			if (map == NULL)
-				map = kernel_map;
-		}
 	}
+	pcb = td->td_pcb;
 
 	/*
 	 * Try to handle translation, access flag, and permission faults.
@@ -334,11 +349,11 @@ data_abort(struct thread *td, struct trapframe *frame, uint64_t esr,
 	/* Fault in the page. */
 	error = vm_fault_trap(map, far, ftype, VM_FAULT_NORMAL, &sig, &ucode);
 	if (error != KERN_SUCCESS) {
-bad_far:
 		if (lower) {
 			call_trapsignal(td, sig, ucode, (void *)far,
 			    ESR_ELx_EXCEPTION(esr));
 		} else {
+bad_far:
 			if (td->td_intr_nesting_level == 0 &&
 			    pcb->pcb_onfault != 0) {
 				frame->tf_x[0] = error;

sys/ddb/db_command.c

@@ -126,15 +126,15 @@ static struct db_command db_cmds[] = {
 	DB_CMD("set",		db_set_cmd,		CS_OWN|DB_CMD_MEMSAFE),
 	DB_CMD("write",		db_write_cmd,		CS_MORE|CS_SET_DOT),
 	DB_CMD("w",		db_write_cmd,		CS_MORE|CS_SET_DOT),
-	DB_CMD("delete",	db_delete_cmd,		DB_CMD_MEMSAFE),
-	DB_CMD("d",		db_delete_cmd,		DB_CMD_MEMSAFE),
+	DB_CMD("delete",	db_delete_cmd,		0),
+	DB_CMD("d",		db_delete_cmd,		0),
 	DB_CMD("dump",		db_dump,		DB_CMD_MEMSAFE),
-	DB_CMD("break",		db_breakpoint_cmd,	DB_CMD_MEMSAFE),
-	DB_CMD("b",		db_breakpoint_cmd,	DB_CMD_MEMSAFE),
-	DB_CMD("dwatch",	db_deletewatch_cmd,	DB_CMD_MEMSAFE),
-	DB_CMD("watch",		db_watchpoint_cmd,	CS_MORE|DB_CMD_MEMSAFE),
-	DB_CMD("dhwatch",	db_deletehwatch_cmd,	DB_CMD_MEMSAFE),
-	DB_CMD("hwatch",	db_hwatchpoint_cmd,	DB_CMD_MEMSAFE),
+	DB_CMD("break",		db_breakpoint_cmd,	0),
+	DB_CMD("b",		db_breakpoint_cmd,	0),
+	DB_CMD("dwatch",	db_deletewatch_cmd,	0),
+	DB_CMD("watch",		db_watchpoint_cmd,	CS_MORE),
+	DB_CMD("dhwatch",	db_deletehwatch_cmd,	0),
+	DB_CMD("hwatch",	db_hwatchpoint_cmd,	0),
 	DB_CMD("step",		db_single_step_cmd,	DB_CMD_MEMSAFE),
 	DB_CMD("s",		db_single_step_cmd,	DB_CMD_MEMSAFE),
 	DB_CMD("continue",	db_continue_cmd,	DB_CMD_MEMSAFE),

sys/kern/kern_thread.c

@@ -513,7 +513,6 @@ threadinit(void)
 {
 	u_long i;
 	lwpid_t tid0;
-	uint32_t flags;
 
 	/*
 	 * Place an upper limit on threads which can be allocated.
@@ -541,20 +540,9 @@ threadinit(void)
 	if (tid0 != THREAD0_TID)
 		panic("tid0 %d != %d\n", tid0, THREAD0_TID);
 
-	flags = UMA_ZONE_NOFREE;
-#ifdef __aarch64__
-	/*
-	 * Force thread structures to be allocated from the direct map.
-	 * Otherwise, superpage promotions and demotions may temporarily
-	 * invalidate thread structure mappings.  For most dynamically allocated
-	 * structures this is not a problem, but translation faults cannot be
-	 * handled without accessing curthread.
-	 */
-	flags |= UMA_ZONE_CONTIG;
-#endif
 	thread_zone = uma_zcreate("THREAD", sched_sizeof_thread(),
 	    thread_ctor, thread_dtor, thread_init, thread_fini,
-	    32 - 1, flags);
+	    32 - 1, UMA_ZONE_NOFREE);
 	tidhashtbl = hashinit(maxproc / 2, M_TIDHASH, &tidhash);
 	tidhashlock = (tidhash + 1) / 64;
 	if (tidhashlock > 0)