Skip to content

Instantly share code, notes, and snippets.

@lattera

lattera/conflict.patch.txt

Created December 3, 2020 15:49
Show Gist options
  • Save lattera/5ba615915c349a8da304523cac4d2cea to your computer and use it in GitHub Desktop.
Save lattera/5ba615915c349a8da304523cac4d2cea to your computer and use it in GitHub Desktop.
Download ZIP
Raw
conflict.patch.txt
diff --cc .gitignore
index 244a353fabf4,5a022fb8f837..000000000000
mode 100644,100644..100755
--- a/.gitignore
+++ b/.gitignore
@@@ -1,5 -1,3 +1,8 @@@
++<<<<<<< HEAD
+.clang_complete
+.snap
++=======
++>>>>>>> upstream/main
_.tinderbox.*
_.universe-toolchain
_.amd64.*
@@@ -17,6 -15,5 +20,9 @@@ GPAT
GRTAGS
GTAGS
ID
++<<<<<<< HEAD
+.tags
++=======
++>>>>>>> upstream/main
cscope.out
?cscope.out
diff --cc Makefile
index 8f70df6984c5,90549cadba08..000000000000
mode 100644,100644..100755
--- a/Makefile
+++ b/Makefile
@@@ -513,7 -513,7 +513,11 @@@ EXTRA_ARCHES_mips+= mipsn3
# powerpcspe excluded from main list until clang fixed
EXTRA_ARCHES_powerpc= powerpcspe powerpc64le
.endif
++<<<<<<< HEAD
+TARGETS?=amd64 arm arm64 mips powerpc riscv
++=======
+ TARGETS?=amd64 arm arm64 i386 mips powerpc riscv
++>>>>>>> upstream/main
_UNIVERSE_TARGETS= ${TARGETS}
TARGET_ARCHES_arm?= armv6 armv7
TARGET_ARCHES_arm64?= aarch64
diff --cc Makefile.inc1
index 90cf986e8e5d,175caeaef0bc..000000000000
mode 100644,100644..100755
--- a/Makefile.inc1
+++ b/Makefile.inc1
@@@ -144,6 -144,7 +144,10 @@@ KNOWN_ARCHES?= aarch64/arm64
amd64 \
armv6/arm \
armv7/arm \
++<<<<<<< HEAD
++=======
+ i386 \
++>>>>>>> upstream/main
mips \
mipsel/mips \
mips64el/mips \
@@@ -731,10 -732,9 +735,16 @@@ BSARGS= DESTDIR=
MK_HTML=no NO_LINT=yes MK_MAN=no MK_MAN_UTILS=yes \
-DNO_PIC MK_PROFILE=no -DNO_SHARED \
-DNO_CPU_CFLAGS MK_WARNS=no MK_CTF=no \
++<<<<<<< HEAD
+ MK_CLANG_EXTRAS=yes MK_CLANG_FULL=no \
+ MK_LLDB=no MK_TESTS=no \
+ MK_INCLUDES=yes MK_CFI=no MK_RETPOLINE=no \
+ MK_CLANG_FORMAT=no
++=======
+ MK_CLANG_EXTRAS=no MK_CLANG_FORMAT=no MK_CLANG_FULL=no \
+ MK_LLDB=no MK_RETPOLINE=no MK_TESTS=no \
+ MK_INCLUDES=yes
++>>>>>>> upstream/main
BMAKE= \
${BMAKEENV} ${MAKE} ${WORLD_FLAGS} -f Makefile.inc1 \
@@@ -753,9 -753,8 +763,14 @@@ TMAKE=
SSP_CFLAGS= \
-DNO_LINT \
-DNO_CPU_CFLAGS MK_WARNS=no MK_CTF=no \
++<<<<<<< HEAD
+ MK_CLANG_EXTRAS=yes MK_CLANG_FULL=no \
+ MK_LLDB=no MK_TESTS=no MK_CFI=no MK_RETPOLINE=no \
+ MK_CLANG_FORMAT=no
++=======
+ MK_CLANG_EXTRAS=no MK_CLANG_FORMAT=no MK_CLANG_FULL=no \
+ MK_LLDB=no MK_RETPOLINE=no MK_TESTS=no
++>>>>>>> upstream/main
# cross-tools stage
# TOOLS_PREFIX set in BMAKE
@@@ -781,8 -780,7 +796,12 @@@ KTMAKE=
SSP_CFLAGS= \
MK_HTML=no -DNO_LINT MK_MAN=no \
-DNO_PIC MK_PROFILE=no -DNO_SHARED \
++<<<<<<< HEAD
+ -DNO_CPU_CFLAGS MK_WARNS=no MK_CTF=no MK_CFI=no \
+ MK_RETPOLINE=no
++=======
+ -DNO_CPU_CFLAGS MK_RETPOLINE=no MK_WARNS=no MK_CTF=no
++>>>>>>> upstream/main
# world stage
WMAKEENV= ${CROSSENV} \
@@@ -1596,9 -1594,13 +1615,19 @@@ KERNCONF=${KERNFAST
.endif
.endif
.if ${TARGET_ARCH} == "powerpc64"
++<<<<<<< HEAD
+KERNCONF?= HARDENEDBSD64
+.else
+KERNCONF?= HARDENEDBSD
++=======
+ KERNCONF?= GENERIC64
+ .elif ${TARGET_ARCH} == "powerpc64le"
+ KERNCONF?= GENERIC64LE
+ .elif ${TARGET_ARCH} == "powerpcspe"
+ KERNCONF?= MPC85XXSPE
+ .else
+ KERNCONF?= GENERIC
++>>>>>>> upstream/main
.endif
INSTKERNNAME?= kernel
@@@ -1628,6 -1630,7 +1657,10 @@@ INSTALLKERNEL= ${_kernel
_cleankernobj_fast_depend_hack: .PHONY
# 20191009 r353340 removal of opensolaris_atomic.S (also r353381)
++<<<<<<< HEAD
++=======
+ .if ${MACHINE} != i386
++>>>>>>> upstream/main
.for f in opensolaris_atomic
.for m in opensolaris zfs
@if [ -e "${KRNLOBJDIR}/${KERNCONF}/modules${SRCTOP}/sys/modules/${m}/.depend.${f}.o" ] && \
@@@ -1637,6 -1640,7 +1670,10 @@@
fi
.endfor
.endfor
++<<<<<<< HEAD
++=======
+ .endif
++>>>>>>> upstream/main
${WMAKE_TGTS:N_worldtmp:Nbuild${libcompat}} ${.ALLTARGETS:M_*:N_worldtmp}: .MAKE .PHONY
@@@ -2503,7 -2507,8 +2540,12 @@@ _libmagic=lib/libmagi
.endif
.if ${MK_PMC} != "no" && \
++<<<<<<< HEAD
+ (${TARGET_ARCH} == "aarch64" || ${TARGET_ARCH} == "amd64")
++=======
+ (${TARGET_ARCH} == "aarch64" || ${TARGET_ARCH} == "amd64" || \
+ ${TARGET_ARCH} == "i386")
++>>>>>>> upstream/main
_jevents=lib/libpmc/pmu-events
.endif
@@@ -2550,7 -2555,7 +2592,11 @@@ kernel-tools: .PHON
# to begin building the target binaries.
#
.if ${TARGET_ARCH} != ${MACHINE_ARCH} || ${BUILD_WITH_STRICT_TMPPATH} != 0
++<<<<<<< HEAD
+.if ${TARGET_ARCH} == "amd64"
++=======
+ .if ${TARGET_ARCH} == "amd64" || ${TARGET_ARCH} == "i386"
++>>>>>>> upstream/main
_btxld= usr.sbin/btxld
.endif
.endif
@@@ -2719,7 -2724,7 +2765,11 @@@ NXBMAKEARGS+=
-DNO_PIC \
SSP_CFLAGS= \
MK_CASPER=no \
++<<<<<<< HEAD
+ MK_CLANG_EXTRAS=yes \
++=======
+ MK_CLANG_EXTRAS=no \
++>>>>>>> upstream/main
MK_CLANG_FORMAT=no \
MK_CLANG_FULL=no \
MK_CTF=no \
diff --cc Makefile.libcompat
index 47163c8f1506,3f23a33aa19b..000000000000
mode 100644,100644..100755
--- a/Makefile.libcompat
+++ b/Makefile.libcompat
@@@ -27,20 -27,13 +27,28 @@@ LIBCOMPATWMAKEFLAGS+= CC="${XCC} ${LIBC
-DNO_CPU_CFLAGS \
MK_CTF=no \
-DNO_LINT \
++<<<<<<< HEAD
+ MK_CFI=no \
+ MK_SAFESTACK=no \
+ MK_SPECTREV1_FIX=no \
+ MK_RETPOLINE=no \
++=======
++>>>>>>> upstream/main
MK_TESTS=no
LIBCOMPATWMAKE+= ${LIBCOMPATWMAKEENV} ${MAKE} ${LIBCOMPATWMAKEFLAGS} \
OBJTOP=${LIBCOMPAT_OBJTOP} \
OBJROOT='$${OBJTOP}/' \
MAKEOBJDIRPREFIX= \
++<<<<<<< HEAD
+ MK_MAN=no MK_HTML=no \
+ MK_RETPOLINE=no
+LIBCOMPATIMAKE+= ${LIBCOMPATWMAKE:NINSTALL=*:NDESTDIR=*} \
+ MK_TOOLCHAIN=no \
+ MK_RETPOLINE=no \
++=======
+ MK_MAN=no MK_HTML=no
+ LIBCOMPATIMAKE+= ${LIBCOMPATWMAKE:NINSTALL=*:NDESTDIR=*} \
++>>>>>>> upstream/main
${IMAKE_INSTALL} \
-DLIBRARIES_ONLY
diff --cc ObsoleteFiles.inc
index 38d5ccde4369,dbec41b688e9..000000000000
mode 100644,100644..100755
--- a/ObsoleteFiles.inc
+++ b/ObsoleteFiles.inc
@@@ -45,6 -45,7 +45,10 @@@ OLD_FILES+=usr/tests/sbin/ping6/ping6_t
OLD_DIRS+=usr/tests/sbin/ping6
# 20201025: Remove cal data files
++<<<<<<< HEAD
++=======
+ OLD_FILES+=usr/share/calendar/calendar.all
++>>>>>>> upstream/main
OLD_FILES+=usr/share/calendar/calendar.australia
OLD_FILES+=usr/share/calendar/calendar.birthday
OLD_FILES+=usr/share/calendar/calendar.brazilian
@@@ -67,7 -68,6 +71,10 @@@ OLD_FILES+=usr/share/calendar/calendar.
OLD_FILES+=usr/share/calendar/calendar.usholiday
OLD_FILES+=usr/share/calendar/calendar.world
OLD_FILES+=usr/share/calendar/de_AT.ISO_8859-15/calendar.feiertag
++<<<<<<< HEAD
+OLD_DIRS+=usr/share/calendar/de_AT.ISO_8859-15
++=======
++>>>>>>> upstream/main
OLD_FILES+=usr/share/calendar/de_DE.ISO8859-1/calendar.all
OLD_FILES+=usr/share/calendar/de_DE.ISO8859-1/calendar.feiertag
OLD_FILES+=usr/share/calendar/de_DE.ISO8859-1/calendar.geschichte
@@@ -75,51 -75,40 +82,77 @@@ OLD_FILES+=usr/share/calendar/de_DE.ISO
OLD_FILES+=usr/share/calendar/de_DE.ISO8859-1/calendar.literatur
OLD_FILES+=usr/share/calendar/de_DE.ISO8859-1/calendar.musik
OLD_FILES+=usr/share/calendar/de_DE.ISO8859-1/calendar.wissenschaft
++<<<<<<< HEAD
+OLD_DIRS+=usr/share/calendar/de_DE.ISO8859-1
+OLD_FILES+=usr/share/calendar/de_DE.ISO8859-15
++=======
++>>>>>>> upstream/main
OLD_FILES+=usr/share/calendar/fr_FR.ISO8859-1/calendar.all
OLD_FILES+=usr/share/calendar/fr_FR.ISO8859-1/calendar.fetes
OLD_FILES+=usr/share/calendar/fr_FR.ISO8859-1/calendar.french
OLD_FILES+=usr/share/calendar/fr_FR.ISO8859-1/calendar.jferies
OLD_FILES+=usr/share/calendar/fr_FR.ISO8859-1/calendar.proverbes
++<<<<<<< HEAD
+OLD_DIRS+=usr/share/calendar/fr_FR.ISO8859-1
+OLD_FILES+=usr/share/calendar/fr_FR.ISO8859-15
OLD_FILES+=usr/share/calendar/hr_HR.ISO8859-2/calendar.all
OLD_FILES+=usr/share/calendar/hr_HR.ISO8859-2/calendar.praznici
+OLD_DIRS+=usr/share/calendar/hr_HR.ISO8859-2
OLD_FILES+=usr/share/calendar/hu_HU.ISO8859-2/calendar.all
OLD_FILES+=usr/share/calendar/hu_HU.ISO8859-2/calendar.nevnapok
OLD_FILES+=usr/share/calendar/hu_HU.ISO8859-2/calendar.unnepek
+OLD_DIRS+=usr/share/calendar/hu_HU.ISO8859-2
++=======
++OLD_FILES+=usr/share/calendar/hr_HR.ISO8859-2/calendar.all
++OLD_FILES+=usr/share/calendar/hr_HR.ISO8859-2/calendar.praznici
++OLD_FILES+=usr/share/calendar/hu_HU.ISO8859-2/calendar.all
++OLD_FILES+=usr/share/calendar/hu_HU.ISO8859-2/calendar.nevnapok
++OLD_FILES+=usr/share/calendar/hu_HU.ISO8859-2/calendar.unnepek
++>>>>>>> upstream/main
OLD_FILES+=usr/share/calendar/pt_BR.ISO8859-1/calendar.all
OLD_FILES+=usr/share/calendar/pt_BR.ISO8859-1/calendar.commemorative
OLD_FILES+=usr/share/calendar/pt_BR.ISO8859-1/calendar.holidays
OLD_FILES+=usr/share/calendar/pt_BR.ISO8859-1/calendar.mcommemorative
++<<<<<<< HEAD
+OLD_DIRS+=usr/share/calendar/pt_BR.ISO8859-1
++=======
++>>>>>>> upstream/main
OLD_FILES+=usr/share/calendar/pt_BR.UTF-8/calendar.all
OLD_FILES+=usr/share/calendar/pt_BR.UTF-8/calendar.commemorative
OLD_FILES+=usr/share/calendar/pt_BR.UTF-8/calendar.holidays
OLD_FILES+=usr/share/calendar/pt_BR.UTF-8/calendar.mcommemorative
++<<<<<<< HEAD
+OLD_DIRS+=usr/share/calendar/pt_BR.UTF-8
++=======
++>>>>>>> upstream/main
OLD_FILES+=usr/share/calendar/ru_RU.KOI8-R/calendar.all
OLD_FILES+=usr/share/calendar/ru_RU.KOI8-R/calendar.common
OLD_FILES+=usr/share/calendar/ru_RU.KOI8-R/calendar.holiday
OLD_FILES+=usr/share/calendar/ru_RU.KOI8-R/calendar.military
OLD_FILES+=usr/share/calendar/ru_RU.KOI8-R/calendar.orthodox
OLD_FILES+=usr/share/calendar/ru_RU.KOI8-R/calendar.pagan
++<<<<<<< HEAD
+OLD_DIRS+=usr/share/calendar/ru_RU.KOI8-R
++=======
++>>>>>>> upstream/main
OLD_FILES+=usr/share/calendar/ru_RU.UTF-8/calendar.all
OLD_FILES+=usr/share/calendar/ru_RU.UTF-8/calendar.common
OLD_FILES+=usr/share/calendar/ru_RU.UTF-8/calendar.holiday
OLD_FILES+=usr/share/calendar/ru_RU.UTF-8/calendar.military
OLD_FILES+=usr/share/calendar/ru_RU.UTF-8/calendar.orthodox
OLD_FILES+=usr/share/calendar/ru_RU.UTF-8/calendar.pagan
++<<<<<<< HEAD
+OLD_DIRS+=usr/share/calendar/ru_RU.UTF-8
++=======
++>>>>>>> upstream/main
OLD_FILES+=usr/share/calendar/uk_UA.KOI8-U/calendar.all
OLD_FILES+=usr/share/calendar/uk_UA.KOI8-U/calendar.holiday
OLD_FILES+=usr/share/calendar/uk_UA.KOI8-U/calendar.misc
OLD_FILES+=usr/share/calendar/uk_UA.KOI8-U/calendar.orthodox
++<<<<<<< HEAD
+OLD_DIRS+=usr/share/calendar/uk_UA.KOI8-U
++=======
++>>>>>>> upstream/main
# 20201004: logo files renamed to type-agnostic gfx-*.lua
OLD_FILES+=boot/lua/logo-beastie.lua
@@@ -2517,7 -2506,6 +2550,10 @@@ OLD_FILES+=usr/lib/clang/8.0.0/lib/free
OLD_FILES+=usr/lib/clang/8.0.0/lib/freebsd/libclang_rt.asan-x86_64.so
OLD_FILES+=usr/lib/clang/8.0.0/lib/freebsd/libclang_rt.asan_cxx-i386.a
OLD_FILES+=usr/lib/clang/8.0.0/lib/freebsd/libclang_rt.asan_cxx-x86_64.a
++<<<<<<< HEAD
+OLD_FILES+=usr/lib/clang/8.0.0/lib/freebsd/libclang_rt.cfi-x86_64.a
++=======
++>>>>>>> upstream/main
OLD_FILES+=usr/lib/clang/8.0.0/lib/freebsd/libclang_rt.msan-x86_64.a
OLD_FILES+=usr/lib/clang/8.0.0/lib/freebsd/libclang_rt.msan_cxx-x86_64.a
OLD_FILES+=usr/lib/clang/8.0.0/lib/freebsd/libclang_rt.profile-arm.a
@@@ -2704,7 -2692,6 +2740,10 @@@ OLD_FILES+=usr/lib/clang/7.0.1/lib/free
OLD_FILES+=usr/lib/clang/7.0.1/lib/freebsd/libclang_rt.asan-x86_64.a
OLD_FILES+=usr/lib/clang/7.0.1/lib/freebsd/libclang_rt.asan-x86_64.so
OLD_FILES+=usr/lib/clang/7.0.1/lib/freebsd/libclang_rt.asan_cxx-i386.a
++<<<<<<< HEAD
+OLD_FILES+=usr/lib/clang/7.0.1/lib/freebsd/libclang_rt.cfi-x86_64.a
++=======
++>>>>>>> upstream/main
OLD_FILES+=usr/lib/clang/7.0.1/lib/freebsd/libclang_rt.asan_cxx-x86_64.a
OLD_FILES+=usr/lib/clang/7.0.1/lib/freebsd/libclang_rt.msan-x86_64.a
OLD_FILES+=usr/lib/clang/7.0.1/lib/freebsd/libclang_rt.msan_cxx-x86_64.a
@@@ -2887,7 -2874,6 +2926,10 @@@ OLD_FILES+=usr/lib/clang/6.0.1/lib/free
OLD_FILES+=usr/lib/clang/6.0.1/lib/freebsd/libclang_rt.asan-x86_64.so
OLD_FILES+=usr/lib/clang/6.0.1/lib/freebsd/libclang_rt.asan_cxx-i386.a
OLD_FILES+=usr/lib/clang/6.0.1/lib/freebsd/libclang_rt.asan_cxx-x86_64.a
++<<<<<<< HEAD
+OLD_FILES+=usr/lib/clang/6.0.1/lib/freebsd/libclang_rt.cfi-x86_64.a
++=======
++>>>>>>> upstream/main
OLD_FILES+=usr/lib/clang/6.0.1/lib/freebsd/libclang_rt.profile-arm.a
OLD_FILES+=usr/lib/clang/6.0.1/lib/freebsd/libclang_rt.profile-armhf.a
OLD_FILES+=usr/lib/clang/6.0.1/lib/freebsd/libclang_rt.profile-i386.a
@@@ -3317,7 -3303,6 +3359,10 @@@ OLD_FILES+=usr/lib/clang/6.0.0/lib/free
OLD_FILES+=usr/lib/clang/6.0.0/lib/freebsd/libclang_rt.asan-x86_64.so
OLD_FILES+=usr/lib/clang/6.0.0/lib/freebsd/libclang_rt.asan_cxx-i386.a
OLD_FILES+=usr/lib/clang/6.0.0/lib/freebsd/libclang_rt.asan_cxx-x86_64.a
++<<<<<<< HEAD
+OLD_FILES+=usr/lib/clang/6.0.0/lib/freebsd/libclang_rt.cfi-x86_64.a
++=======
++>>>>>>> upstream/main
OLD_FILES+=usr/lib/clang/6.0.0/lib/freebsd/libclang_rt.profile-arm.a
OLD_FILES+=usr/lib/clang/6.0.0/lib/freebsd/libclang_rt.profile-armhf.a
OLD_FILES+=usr/lib/clang/6.0.0/lib/freebsd/libclang_rt.profile-i386.a
@@@ -3691,6 -3676,7 +3736,10 @@@ OLD_FILES+=etc/casper/system.rando
OLD_FILES+=etc/casper/system.sysctl
OLD_DIRS+=etc/casper
# 20171116: lint(1) removal
++<<<<<<< HEAD
++=======
+ OLD_FILES+=usr/bin/lint
++>>>>>>> upstream/main
OLD_FILES+=usr/libexec/lint1
OLD_FILES+=usr/libexec/lint2
OLD_FILES+=usr/libdata/lint/llib-lposix.ln
@@@ -4913,8 -4899,6 +4962,11 @@@ OLD_LIBS+=usr/lib/libbsnmptools.so.
OLD_LIBS+=usr/lib/libbsnmptools.so
# 20170102: sysdecode_getfsstat_flags() renamed to sysdecode_getfsstat_mode()
OLD_FILES+=usr/share/man/man3/sysdecode_getfsstat_flags.3.gz
++<<<<<<< HEAD
+# 20170102: librt move to /lib
+OLD_LIBS+=usr/lib/librt.so.1
++=======
++>>>>>>> upstream/main
# 20161230: libarchive ACL pax test renamed to test_acl_pax_posix1e.tar.uu
OLD_FILES+=usr/tests/lib/libarchive/test_acl_pax.tar.uu
# 20161229: Three files from gnop tests consolidated into one
@@@ -5613,8 -5597,6 +5665,11 @@@ OLD_DIRS+=usr/lib/clang/3.7.0/li
OLD_DIRS+=usr/lib/clang/3.7.0
# 20151130: libelf moved from /usr/lib to /lib (libkvm dependency in r291406)
OLD_LIBS+=usr/lib/libelf.so.2
++<<<<<<< HEAD
+# 20151120: remove unused pkg repo public key
+OLD_FILES+=usr/share/keys/pkg/trusted/hardenedbsd.crt.2014-09-04
++=======
++>>>>>>> upstream/main
# 20151115: Fox bad upgrade scheme
OLD_FILES+=usr/share/locale/zh_CN.GB18030/zh_Hans_CN.GB18030
OLD_FILES+=usr/share/locale/zh_CN.GB2312/zh_Hans_CN.GB2312
@@@ -6853,10 -6835,6 +6908,13 @@@ OLD_FILES+=usr/tests/usr.sbin/pw/pw_mod
# 20141202: update to mandoc CVS 20141201
OLD_FILES+=usr.bin/preconv
OLD_FILES+=share/man/man1/preconv.1.gz
++<<<<<<< HEAD
+# 20141204 ibcs support removal
+OLD_FILES+=etc/rc.d/archdep
+OLD_FILES+=shate/examples/ibcs2/README
+OLD_FILES+=shate/examples/ibcs2/hello.uu
++=======
++>>>>>>> upstream/main
# 20141129: mrouted rc.d scripts removed from base
OLD_FILES+=etc/rc.d/mrouted
# 20141126: convert sbin/mdconfig/tests to ATF format tests
diff --cc bin/setfacl/setfacl.c
index b93aca6a034d,7b0d617812dc..000000000000
mode 100644,100644..100755
--- a/bin/setfacl/setfacl.c
+++ b/bin/setfacl/setfacl.c
@@@ -34,7 -34,6 +34,10 @@@ __FBSDID("$FreeBSD$")
#include <err.h>
#include <errno.h>
#include <fts.h>
++<<<<<<< HEAD
+#include <signal.h>
++=======
++>>>>>>> upstream/main
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
@@@ -61,7 -60,6 +64,10 @@@ struct sf_entry
};
static TAILQ_HEAD(, sf_entry) entrylist;
++<<<<<<< HEAD
+
++=======
++>>>>>>> upstream/main
bool have_mask;
bool have_stdin;
bool n_flag;
@@@ -71,20 -69,11 +77,26 @@@ static bool L_flag
static bool R_flag;
static bool need_mask;
static acl_type_t acl_type = ACL_TYPE_ACCESS;
++<<<<<<< HEAD
+static volatile sig_atomic_t siginfo;
++=======
++>>>>>>> upstream/main
static int handle_file(FTS *ftsp, FTSENT *file);
static acl_t clear_inheritance_flags(acl_t acl);
static char **stdin_files(void);
static void usage(void);
++<<<<<<< HEAD
+static void siginfo_handler(int signo __unused);
+
+static void
+siginfo_handler(int signo __unused)
+{
+
+ siginfo++;
+}
++=======
++>>>>>>> upstream/main
static void
usage(void)
@@@ -190,11 -179,6 +202,14 @@@ handle_file(FTS *ftsp, FTSENT *file
struct sf_entry *entry;
bool follow_symlink;
++<<<<<<< HEAD
+ if (siginfo) {
+ puts(file->fts_path);
+ siginfo = 0;
+ }
+
++=======
++>>>>>>> upstream/main
local_error = 0;
switch (file->fts_info) {
case FTS_D:
@@@ -378,7 -362,6 +393,10 @@@ main(int argc, char *argv[]
have_mask = have_stdin = n_flag = false;
TAILQ_INIT(&entrylist);
++<<<<<<< HEAD
+ signal(SIGINFO, siginfo_handler);
++=======
++>>>>>>> upstream/main
while ((ch = getopt(argc, argv, "HLM:PRX:a:bdhkm:nx:")) != -1)
switch(ch) {
diff --cc bin/sh/Makefile
index b0567be321d7,b074121d0ecd..000000000000
mode 100644,100644..100755
--- a/bin/sh/Makefile
+++ b/bin/sh/Makefile
@@@ -21,9 -21,6 +21,12 @@@ GENSRCS= builtins.c nodes.c syntax.
GENHDRS= builtins.h nodes.h syntax.h token.h
SRCS= ${SHSRCS} ${GENSRCS} ${GENHDRS}
++<<<<<<< HEAD
+MK_SPECTREV1_FIX= no
+MK_SAFESTACK= no
+
++=======
++>>>>>>> upstream/main
# MLINKS for Shell built in commands for which there are no userland
# utilities of the same name are handled with the associated manpage,
# builtin.1 in share/man/man1/.
diff --cc contrib/less/command.c
index c215e14253bb,8e0ae4b34d67..000000000000
mode 100644,100644..100755
--- a/contrib/less/command.c
+++ b/contrib/less/command.c
@@@ -892,7 -892,7 +892,11 @@@ getcc_repl(orig, repl, gr_getc, gr_unge
LWCHAR keys[16];
int ki = 0;
++<<<<<<< HEAD
+ c = gr_getc();
++=======
+ c = (*gr_getc)();
++>>>>>>> upstream/main
if (orig == NULL || orig[0] == '\0')
return c;
for (;;)
@@@ -913,12 -913,12 +917,20 @@@
* Return the repl sequence. */
ki = strlen(repl)-1;
while (ki > 0)
++<<<<<<< HEAD
+ gr_ungetc(repl[ki--]);
++=======
+ (*gr_ungetc)(repl[ki--]);
++>>>>>>> upstream/main
return repl[0];
}
/* We've received a partial orig sequence (ki chars of it).
* Get next char and see if it continues to match orig. */
++<<<<<<< HEAD
+ c = gr_getc();
++=======
+ c = (*gr_getc)();
++>>>>>>> upstream/main
}
}
diff --cc contrib/libarchive/libarchive/archive_openssl_evp_private.h
index df828cb4ed40,ebb06702d0c5..000000000000
mode 100644,100644..100755
--- a/contrib/libarchive/libarchive/archive_openssl_evp_private.h
+++ b/contrib/libarchive/libarchive/archive_openssl_evp_private.h
@@@ -33,7 -33,7 +33,11 @@@
#include <openssl/evp.h>
#include <openssl/opensslv.h>
++<<<<<<< HEAD
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || ( defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L )
++=======
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
++>>>>>>> upstream/main
#include <stdlib.h> /* malloc, free */
#include <string.h> /* memset */
static inline EVP_MD_CTX *EVP_MD_CTX_new(void)
diff --cc contrib/libarchive/libarchive/archive_write_disk_posix.c
index ac84e5f43c4e,a6da9cdabfb1..000000000000
mode 100644,100644..100755
--- a/contrib/libarchive/libarchive/archive_write_disk_posix.c
+++ b/contrib/libarchive/libarchive/archive_write_disk_posix.c
@@@ -4481,7 -4481,6 +4481,10 @@@ set_xattrs(struct archive_write_disk *a
if (errno != ENOTSUP && errno != ENOSYS)
fail = 1;
}
++<<<<<<< HEAD
+
++=======
++>>>>>>> upstream/main
}
}
diff --cc contrib/llvm-project/clang/lib/Driver/SanitizerArgs.cpp
index 281dd3d56703,bcc9ffc7ff8f..000000000000
mode 100644,100644..100755
--- a/contrib/llvm-project/clang/lib/Driver/SanitizerArgs.cpp
+++ b/contrib/llvm-project/clang/lib/Driver/SanitizerArgs.cpp
@@@ -159,6 -159,10 +159,13 @@@ static void addDefaultBlacklists(const
llvm::sys::path::append(Path, "share", BL.File);
if (D.getVFS().exists(Path))
BlacklistFiles.push_back(std::string(Path.str()));
++<<<<<<< HEAD
++=======
+ else if (BL.Mask == SanitizerKind::CFI)
+ // If cfi_blacklist.txt cannot be found in the resource dir, driver
+ // should fail.
+ D.Diag(clang::diag::err_drv_no_such_file) << Path;
++>>>>>>> upstream/main
}
validateSpecialCaseListFormat(
D, BlacklistFiles, clang::diag::err_drv_malformed_sanitizer_blacklist);
diff --cc contrib/llvm-project/compiler-rt/lib/cfi/cfi.cpp
index a4e46d6c4975,fd48f71643b6..000000000000
mode 100644,100644..100755
--- a/contrib/llvm-project/compiler-rt/lib/cfi/cfi.cpp
+++ b/contrib/llvm-project/compiler-rt/lib/cfi/cfi.cpp
@@@ -22,10 -22,6 +22,13 @@@
#include <stdlib.h>
#include <sys/mman.h>
++<<<<<<< HEAD
+#ifdef __FreeBSD__
+#define ElfW __ElfN
+#endif
+
++=======
++>>>>>>> upstream/main
#if SANITIZER_LINUX
typedef ElfW(Phdr) Elf_Phdr;
typedef ElfW(Ehdr) Elf_Ehdr;
@@@ -204,33 -200,6 +207,36 @@@ void ShadowBuilder::Install()
CHECK_EQ(shadow_, GetShadow());
}
}
++<<<<<<< HEAD
+#elif SANITIZER_FREEBSD
+void ShadowBuilder::Install() {
+ unsigned char *dst, *src, t;
+ size_t sz;
+ sz = GetShadowSize();
+ MprotectReadOnly(shadow_, sz);
+ uptr main_shadow = GetShadow();
+ if (main_shadow) {
+ // Update.
+ dst = (unsigned char *)main_shadow;
+ src = (unsigned char *)shadow_;
+
+ while ((dst - (unsigned char *)shadow_) < sz) {
+ t = *src++;
+ *dst++ = t;
+ }
+ UnmapOrDie((void *)shadow_, sz);
+ } else {
+ // Initial setup.
+ CHECK_EQ(kCfiShadowLimitsStorageSize, GetPageSizeCached());
+ CHECK_EQ(0, GetShadow());
+ cfi_shadow_limits_storage.limits.start = shadow_;
+ MprotectReadOnly((uptr)&cfi_shadow_limits_storage,
+ sizeof(cfi_shadow_limits_storage));
+ CHECK_EQ(shadow_, GetShadow());
+ }
+}
++=======
++>>>>>>> upstream/main
#else
#error not implemented
#endif
@@@ -452,11 -421,9 +458,17 @@@ static void EnsureInterceptorsInitializ
// We could insert a high-priority constructor into the library, but that would
// not help with the uninstrumented libraries.
INTERCEPTOR(void*, dlopen, const char *filename, int flag) {
++<<<<<<< HEAD
+ void *(*rdlo)(const char *, int);
+ EnsureInterceptorsInitialized();
+ EnterLoader();
+ rdlo = REAL(dlopen);
+ void *handle = rdlo(filename, flag);
++=======
+ EnsureInterceptorsInitialized();
+ EnterLoader();
+ void *handle = REAL(dlopen)(filename, flag);
++>>>>>>> upstream/main
ExitLoader();
return handle;
}
diff --cc contrib/ntp/include/libssl_compat.h
index 88171b856312,2a3697c55cd9..000000000000
mode 100644,100644..100755
--- a/contrib/ntp/include/libssl_compat.h
+++ b/contrib/ntp/include/libssl_compat.h
@@@ -37,7 -37,7 +37,11 @@@
#endif
/* ----------------------------------------------------------------- */
++<<<<<<< HEAD
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++=======
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
++>>>>>>> upstream/main
/* ----------------------------------------------------------------- */
# include <openssl/objects.h>
diff --cc contrib/ntp/libntp/libssl_compat.c
index 449aa2e251f0,5527682b34f9..000000000000
mode 100644,100644..100755
--- a/contrib/ntp/libntp/libssl_compat.c
+++ b/contrib/ntp/libntp/libssl_compat.c
@@@ -26,8 -26,7 +26,12 @@@
/* ----------------------------------------------------------------- */
/* ----------------------------------------------------------------- */
++<<<<<<< HEAD
+#if (defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L) \
+ || defined(LIBRESSL_VERSION_NUMBER)
++=======
+ #if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
++>>>>>>> upstream/main
/* ----------------------------------------------------------------- */
#include "libssl_compat.h"
diff --cc contrib/telnet/telnet/commands.c
index 8f07ef6cd890,21e973209d9b..000000000000
mode 100644,100644..100755
--- a/contrib/telnet/telnet/commands.c
+++ b/contrib/telnet/telnet/commands.c
@@@ -51,7 -51,6 +51,10 @@@ __FBSDID("$FreeBSD$")
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
++<<<<<<< HEAD
+#include <sysexits.h>
++=======
++>>>>>>> upstream/main
#include <unistd.h>
#include <arpa/telnet.h>
@@@ -1655,10 -1654,8 +1658,15 @@@ env_init(void
gethostname(hbuf, sizeof(hbuf));
hbuf[sizeof(hbuf)-1] = '\0';
++<<<<<<< HEAD
+ cp = NULL;
+ asprintf(&cp, "%s%s", hbuf, cp2);
+ if (cp == NULL)
+ errx(EX_OSERR, "Unable to allocate memory.");
++=======
+ asprintf(&cp, "%s%s", hbuf, cp2);
+ assert(cp != NULL);
++>>>>>>> upstream/main
free(ep->value);
ep->value = (unsigned char *)cp;
}
diff --cc etc/mtree/BSD.usr.dist
index 86655548b170,b9329600c231..000000000000
mode 100644,100644..100755
--- a/etc/mtree/BSD.usr.dist
+++ b/etc/mtree/BSD.usr.dist
@@@ -34,6 -34,8 +34,11 @@@
..
..
lib
++<<<<<<< HEAD
++=======
+ aout
+ ..
++>>>>>>> upstream/main
clang
11.0.0
include
@@@ -58,6 -60,10 +63,13 @@@
..
..
..
++<<<<<<< HEAD
++=======
+ compat
+ aout
+ ..
+ ..
++>>>>>>> upstream/main
dtrace
..
engines
@@@ -277,8 -283,6 +289,11 @@@
..
flua
..
++<<<<<<< HEAD
+ hardenedbsd
+ ..
++=======
++>>>>>>> upstream/main
hast
..
hostapd
@@@ -449,12 -453,6 +464,15 @@@
..
..
keys
++<<<<<<< HEAD
+ hbsd-update
+ revoked
+ ..
+ trusted
+ ..
+ ..
++=======
++>>>>>>> upstream/main
pkg
revoked tags=package=runtime
..
@@@ -1201,8 -1199,6 +1219,11 @@@
man5
..
man7
++<<<<<<< HEAD
+ ..
+ man8
++=======
++>>>>>>> upstream/main
..
..
..
diff --cc gnu/usr.bin/binutils/Makefile.inc0
index c2c96e7bb09c,c624a1b9f2b1..000000000000
mode 100644,100644..100755
--- a/gnu/usr.bin/binutils/Makefile.inc0
+++ b/gnu/usr.bin/binutils/Makefile.inc0
@@@ -6,8 -6,6 +6,11 @@@
VERSION= "2.17.50 [FreeBSD] 2007-07-03"
++<<<<<<< HEAD
+CFI_OVERRIDE=-fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.if defined(TARGET_ARCH)
TARGET_CPUARCH=${TARGET_ARCH:${__TO_CPUARCH}}
.else
diff --cc gnu/usr.bin/gdb/gdb/Makefile
index 5a6bba44c595,3cf15f6a24a1..000000000000
mode 100644,100644..100755
--- a/gnu/usr.bin/gdb/gdb/Makefile
+++ b/gnu/usr.bin/gdb/gdb/Makefile
@@@ -3,9 -3,10 +3,16 @@@
PROG= gdb${GDB_SUFFIX}
SRCS= gdb.c
++<<<<<<< HEAD
+BULIBS= ${OBJ_BU}/libbfd/libbfd.a ${OBJ_BU}/libopcodes/libopcodes.a \
+ ${OBJ_BU}/libiberty/libiberty.a
+GDBLIBS= ${OBJ_GDB}/libgdb/libgdb.a
++=======
+ BULIBS= ${OBJ_BU}/libbfd/libbfd${PIE_SUFFIX}.a \
+ ${OBJ_BU}/libopcodes/libopcodes${PIE_SUFFIX}.a \
+ ${OBJ_BU}/libiberty/libiberty${PIE_SUFFIX}.a
+ GDBLIBS= ${OBJ_GDB}/libgdb/libgdb${PIE_SUFFIX}.a
++>>>>>>> upstream/main
# libthread_db.so calls back into gdb for the proc services. Make all the
# global symbols visible.
diff --cc gnu/usr.bin/gdb/kgdb/Makefile
index 2796109a8d52,8fb781eca917..000000000000
mode 100644,100644..100755
--- a/gnu/usr.bin/gdb/kgdb/Makefile
+++ b/gnu/usr.bin/gdb/kgdb/Makefile
@@@ -4,9 -4,10 +4,16 @@@ PROG= kgdb${GDB_SUFFIX
SRCS= main.c kld.c kthr.c trgt.c trgt_${TARGET_CPUARCH}.c
WARNS?= 2
++<<<<<<< HEAD
+BULIBS= ${OBJ_BU}/libbfd/libbfd.a ${OBJ_BU}/libopcodes/libopcodes.a \
+ ${OBJ_BU}/libiberty/libiberty.a
+GDBLIBS= ${OBJ_GDB}/libgdb/libgdb.a
++=======
+ BULIBS= ${OBJ_BU}/libbfd/libbfd${PIE_SUFFIX}.a \
+ ${OBJ_BU}/libopcodes/libopcodes${PIE_SUFFIX}.a \
+ ${OBJ_BU}/libiberty/libiberty${PIE_SUFFIX}.a
+ GDBLIBS= ${OBJ_GDB}/libgdb/libgdb${PIE_SUFFIX}.a
++>>>>>>> upstream/main
DPADD= ${GDBLIBS} ${BULIBS}
LDADD= ${GDBLIBS} ${BULIBS}
diff --cc gnu/usr.bin/grep/Makefile
index ba8d7ab020f6,98c8cec401f0..000000000000
mode 100644,100644..100755
--- a/gnu/usr.bin/grep/Makefile
+++ b/gnu/usr.bin/grep/Makefile
@@@ -2,8 -2,6 +2,11 @@@
.include <src.opts.mk>
++<<<<<<< HEAD
+MK_CFI= no
+
++=======
++>>>>>>> upstream/main
GREP_LIBZ=YES
.if ${MK_BSD_GREP} != "yes"
diff --cc kerberos5/libexec/digest-service/Makefile
index 3d07f3d41130,7b888f5481cd..000000000000
mode 100644,100644..100755
--- a/kerberos5/libexec/digest-service/Makefile
+++ b/kerberos5/libexec/digest-service/Makefile
@@@ -12,8 -12,6 +12,11 @@@ CFLAGS+= -I${KRB5DIR}/kdc
LIBADD= hdb kdc heimipcs krb5 roken asn1 crypto vers heimntlm
LDFLAGS=${LDAPLDFLAGS}
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
.PATH: ${KRB5DIR}/kdc
diff --cc kerberos5/libexec/hprop/Makefile
index 4965b3dd1341,1c5d4b20e1bf..000000000000
mode 100644,100644..100755
--- a/kerberos5/libexec/hprop/Makefile
+++ b/kerberos5/libexec/hprop/Makefile
@@@ -16,8 -16,6 +16,11 @@@ DPADD= ${LDAPDPADD
LDADD= ${LDAPLDADD}
LDFLAGS=${LDAPLDFLAGS}
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
.PATH: ${KRB5DIR}/kdc
diff --cc kerberos5/libexec/hpropd/Makefile
index c24c7c942775,56a598f08312..000000000000
mode 100644,100644..100755
--- a/kerberos5/libexec/hpropd/Makefile
+++ b/kerberos5/libexec/hpropd/Makefile
@@@ -9,8 -9,6 +9,11 @@@ DPADD= ${LDAPDPADD
LDADD= ${LDAPLDADD}
LDFLAGS=${LDAPLDFLAGS}
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
.PATH: ${KRB5DIR}/kdc
diff --cc kerberos5/libexec/ipropd-master/Makefile
index b0506b2cf63a,9f0bddbae4fd..000000000000
mode 100644,100644..100755
--- a/kerberos5/libexec/ipropd-master/Makefile
+++ b/kerberos5/libexec/ipropd-master/Makefile
@@@ -10,8 -10,6 +10,11 @@@ DPADD= ${LDAPDPADD
LDADD= ${LDAPLDADD}
LDFLAGS=${LDAPLDFLAGS}
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
.PATH: ${KRB5DIR}/lib/kadm5
diff --cc kerberos5/libexec/ipropd-slave/Makefile
index ed24a1d4cdde,cae84aa5ffb5..000000000000
mode 100644,100644..100755
--- a/kerberos5/libexec/ipropd-slave/Makefile
+++ b/kerberos5/libexec/ipropd-slave/Makefile
@@@ -10,8 -10,6 +10,11 @@@ DPADD= ${LDAPDPADD
LDADD= ${LDAPLDADD}
LDFLAGS=${LDAPLDFLAGS}
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
.PATH: ${KRB5DIR}/lib/kadm5
diff --cc kerberos5/libexec/kadmind/Makefile
index d99ee4cbcaea,b2f3f71cc1e8..000000000000
mode 100644,100644..100755
--- a/kerberos5/libexec/kadmind/Makefile
+++ b/kerberos5/libexec/kadmind/Makefile
@@@ -7,8 -7,6 +7,11 @@@ SRCS= rpc.c
kadmind.c \
kadm_conn.c
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
CFLAGS+=-I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken \
-I${SRCTOP}/contrib/com_err ${LDAPCFLAGS}
LIBADD= kadm5srv gssapi hdb krb5 roken vers
diff --cc kerberos5/libexec/kcm/Makefile
index 617c7b3fcb64,fa7a0cfce9cf..000000000000
mode 100644,100644..100755
--- a/kerberos5/libexec/kcm/Makefile
+++ b/kerberos5/libexec/kcm/Makefile
@@@ -17,8 -17,6 +17,11 @@@ SRCS= acl.c
sessions.c \
renew.c
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
CFLAGS+=-I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken \
-I${KRB5DIR}/kcm -I${KRB5DIR}/lib/ipc ${LDAPCFLAGS}
LIBADD= krb5 roken heimntlm heimipcs crypto
diff --cc kerberos5/libexec/kdc/Makefile
index 4c6d0d8bcd77,338a508de20b..000000000000
mode 100644,100644..100755
--- a/kerberos5/libexec/kdc/Makefile
+++ b/kerberos5/libexec/kdc/Makefile
@@@ -8,8 -8,6 +8,11 @@@ SRCS= config.c
announce.c \
main.c
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
CFLAGS+=-I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/roken \
-I${KRB5DIR}/kdc -I${SRCTOP}/contrib/com_err ${LDAPCFLAGS}
LIBADD= kdc hdb krb5 roken crypt vers
diff --cc kerberos5/libexec/kdigest/Makefile
index 688a26ec1f25,5f3fb2450646..000000000000
mode 100644,100644..100755
--- a/kerberos5/libexec/kdigest/Makefile
+++ b/kerberos5/libexec/kdigest/Makefile
@@@ -10,8 -10,6 +10,11 @@@ SRCS= kdigest.c
kdigest-commands.c \
kdigest-commands.h
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
CLEANFILES= kdigest-commands.h kdigest-commands.c
kdigest-commands.h: kdigest-commands.in
diff --cc kerberos5/libexec/kfd/Makefile
index cecb2fb77285,82df3adbb6da..000000000000
mode 100644,100644..100755
--- a/kerberos5/libexec/kfd/Makefile
+++ b/kerberos5/libexec/kfd/Makefile
@@@ -6,8 -6,6 +6,11 @@@ CFLAGS+= -I${KRB5DIR}/lib/asn1
-I${KRB5DIR}/lib/roken
LIBADD= krb5 roken vers
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
.PATH: ${KRB5DIR}/appl/kf
diff --cc kerberos5/libexec/kimpersonate/Makefile
index 46afc3e01a7a,3c94db6857d0..000000000000
mode 100644,100644..100755
--- a/kerberos5/libexec/kimpersonate/Makefile
+++ b/kerberos5/libexec/kimpersonate/Makefile
@@@ -8,8 -8,6 +8,11 @@@ CFLAGS+= -I${KRB5DIR}/lib/hx509
-I${KRB5DIR}/lib/sl -I.
LIBADD= krb5 roken asn1 vers
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
.PATH: ${KRB5DIR}/kuser
diff --cc kerberos5/libexec/kpasswdd/Makefile
index eb21037b62f1,ec36c24fc034..000000000000
mode 100644,100644..100755
--- a/kerberos5/libexec/kpasswdd/Makefile
+++ b/kerberos5/libexec/kpasswdd/Makefile
@@@ -8,8 -8,6 +8,11 @@@ DPADD= ${LDAPDPADD
LDADD= ${LDAPLDADD}
LDFLAGS=${LDAPLDFLAGS}
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
.PATH: ${KRB5DIR}/kpasswd
diff --cc kerberos5/tools/asn1_compile/Makefile
index 68715facfcbd,5e9cbfa5ea45..000000000000
mode 100644,100644..100755
--- a/kerberos5/tools/asn1_compile/Makefile
+++ b/kerberos5/tools/asn1_compile/Makefile
@@@ -6,6 -6,7 +6,10 @@@ LIBROKEN_A= ${.OBJDIR:H:H}/lib/libroken
LIBADD= vers
LDADD= ${LIBROKEN_A}
DPADD= ${LIBROKEN_A}
++<<<<<<< HEAD
++=======
+ MK_PIE:= no
++>>>>>>> upstream/main
SRCS= \
asn1parse.y \
diff --cc kerberos5/tools/slc/Makefile
index 34092a566443,df64d829d080..000000000000
mode 100644,100644..100755
--- a/kerberos5/tools/slc/Makefile
+++ b/kerberos5/tools/slc/Makefile
@@@ -6,6 -6,7 +6,10 @@@ LIBADD= ver
LDADD= ${LIBROKEN_A}
DPADD= ${LIBROKEN_A}
MAN=
++<<<<<<< HEAD
++=======
+ MK_PIE:= no
++>>>>>>> upstream/main
SRCS= roken.h \
slc-gram.y \
diff --cc kerberos5/usr.bin/hxtool/Makefile
index b54cb82c7266,7cec9ee729b1..000000000000
mode 100644,100644..100755
--- a/kerberos5/usr.bin/hxtool/Makefile
+++ b/kerberos5/usr.bin/hxtool/Makefile
@@@ -11,8 -11,6 +11,11 @@@ CFLAGS+= -I${KRB5DIR}/lib/hx509
LIBADD= hx509 roken asn1 crypto sl vers edit
SRCS= hxtool.c hxtool-commands.c hxtool-commands.h
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
CLEANFILES= hxtool-commands.h hxtool-commands.c
hxtool-commands.h: hxtool-commands.in
diff --cc kerberos5/usr.bin/kadmin/Makefile
index 2eb69b551215,729b9f7f418e..000000000000
mode 100644,100644..100755
--- a/kerberos5/usr.bin/kadmin/Makefile
+++ b/kerberos5/usr.bin/kadmin/Makefile
@@@ -24,8 -24,6 +24,11 @@@ SRCS= add_enctype.c
stash.c \
util.c
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
CFLAGS+=-I${KRB5DIR}/lib/asn1 -I${KRB5DIR}/lib/krb5 -I${KRB5DIR}/lib/roken \
-I${KRB5DIR}/lib/sl -I${SRCTOP}/contrib/com_err -I. ${LDAPCFLAGS}
LIBADD= kadm5clnt kadm5srv hdb krb5 roken vers sl asn1 crypto edit
diff --cc kerberos5/usr.bin/kcc/Makefile
index 135a89012b01,7c4b7ab3962a..000000000000
mode 100644,100644..100755
--- a/kerberos5/usr.bin/kcc/Makefile
+++ b/kerberos5/usr.bin/kcc/Makefile
@@@ -16,8 -16,6 +16,11 @@@ SRCS= kcc.c
kswitch.c \
copy_cred_cache.c
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
CLEANFILES= kcc-commands.h kcc-commands.c
kcc-commands.h: kcc-commands.in
diff --cc kerberos5/usr.bin/kdestroy/Makefile
index be67e2c1b9d4,23e90237c658..000000000000
mode 100644,100644..100755
--- a/kerberos5/usr.bin/kdestroy/Makefile
+++ b/kerberos5/usr.bin/kdestroy/Makefile
@@@ -5,8 -5,6 +5,11 @@@ CFLAGS+=-I${KRB5DIR}/lib/roke
LIBADD= kafs5 krb5 roken vers
MAN= kdestroy.1
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
.PATH: ${KRB5DIR}/kuser
diff --cc kerberos5/usr.bin/kf/Makefile
index 39fb9519bc01,44d91830baaf..000000000000
mode 100644,100644..100755
--- a/kerberos5/usr.bin/kf/Makefile
+++ b/kerberos5/usr.bin/kf/Makefile
@@@ -6,8 -6,6 +6,11 @@@ CFLAGS+= -I${KRB5DIR}/lib/asn1
-I${KRB5DIR}/lib/roken
LIBADD= krb5 roken vers
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
.PATH: ${KRB5DIR}/appl/kf
diff --cc kerberos5/usr.bin/kgetcred/Makefile
index 645d150e6de2,1451154f9cf8..000000000000
mode 100644,100644..100755
--- a/kerberos5/usr.bin/kgetcred/Makefile
+++ b/kerberos5/usr.bin/kgetcred/Makefile
@@@ -5,8 -5,6 +5,11 @@@ CFLAGS+= -I${KRB5DIR}/lib/asn1
-I${KRB5DIR}/lib/roken
LIBADD= krb5 roken asn1 vers
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
.PATH: ${KRB5DIR}/kuser
diff --cc kerberos5/usr.bin/kinit/Makefile
index f0e7f4ac0aa1,7622b8da956e..000000000000
mode 100644,100644..100755
--- a/kerberos5/usr.bin/kinit/Makefile
+++ b/kerberos5/usr.bin/kinit/Makefile
@@@ -4,8 -4,6 +4,11 @@@ PROG= kini
CFLAGS+=-I${KRB5DIR}/lib/roken
LIBADD= kafs5 krb5 heimntlm roken crypto vers
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
.PATH: ${KRB5DIR}/kuser
diff --cc kerberos5/usr.bin/kpasswd/Makefile
index 709af79d36c3,05e07dddc03d..000000000000
mode 100644,100644..100755
--- a/kerberos5/usr.bin/kpasswd/Makefile
+++ b/kerberos5/usr.bin/kpasswd/Makefile
@@@ -5,8 -5,6 +5,11 @@@ CFLAGS+=-I${KRB5DIR}/lib/roke
LIBADD= hdb krb5 roken vers crypto
LDFLAGS=${LDAPLDFLAGS}
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
.PATH: ${KRB5DIR}/kpasswd
diff --cc kerberos5/usr.bin/ksu/Makefile
index afd14bf1b00a,ebd39c677b54..000000000000
mode 100644,100644..100755
--- a/kerberos5/usr.bin/ksu/Makefile
+++ b/kerberos5/usr.bin/ksu/Makefile
@@@ -10,8 -10,6 +10,11 @@@ SRCS= su.
CFLAGS+=-I${KRB5DIR}/lib/roken
LIBADD= kafs5 krb5 roken vers crypto crypt
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
.PATH: ${KRB5DIR}/appl/su
diff --cc kerberos5/usr.bin/string2key/Makefile
index 50aac077edf4,129d12cbcf0d..000000000000
mode 100644,100644..100755
--- a/kerberos5/usr.bin/string2key/Makefile
+++ b/kerberos5/usr.bin/string2key/Makefile
@@@ -10,8 -10,6 +10,11 @@@ CFLAGS+= -I${KRB5DIR}/kdc
-I${SRCTOP}/contrib/com_err
LIBADD= krb5 roken crypto vers
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
.PATH: ${KRB5DIR}/kdc
diff --cc kerberos5/usr.bin/verify_krb5_conf/Makefile
index dba890add8be,372870c1ecc9..000000000000
mode 100644,100644..100755
--- a/kerberos5/usr.bin/verify_krb5_conf/Makefile
+++ b/kerberos5/usr.bin/verify_krb5_conf/Makefile
@@@ -6,8 -6,6 +6,11 @@@ CFLAGS+=-I${KRB5DIR}/lib/asn1 -I${KRB5D
-I${SRCTOP}/contrib/com_err
LIBADD= krb5 roken vers
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
.PATH: ${KRB5DIR}/lib/krb5
diff --cc kerberos5/usr.sbin/iprop-log/Makefile
index 9caad47475f9,1f71f9b2a400..000000000000
mode 100644,100644..100755
--- a/kerberos5/usr.sbin/iprop-log/Makefile
+++ b/kerberos5/usr.sbin/iprop-log/Makefile
@@@ -11,8 -11,6 +11,11 @@@ CFLAGS+= -I${KRB5DIR}/lib/kadm5
LIBADD= kadm5srv hdb krb5 roken edit sl vers
LDFLAGS=${LDAPLDFLAGS}
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
CLEANFILES= iprop-commands.h iprop-commands.c
iprop-commands.h: iprop-commands.in
diff --cc kerberos5/usr.sbin/kstash/Makefile
index 604e82f1347e,1eec313766d3..000000000000
mode 100644,100644..100755
--- a/kerberos5/usr.sbin/kstash/Makefile
+++ b/kerberos5/usr.sbin/kstash/Makefile
@@@ -9,8 -9,6 +9,11 @@@ DPADD= ${LDAPDPADD
LDADD= ${LDAPLDADD}
LDFLAGS=${LDAPLDFLAGS}
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
.PATH: ${KRB5DIR}/kdc
diff --cc kerberos5/usr.sbin/ktutil/Makefile
index e4034e2ade54,c79d09e6d94d..000000000000
mode 100644,100644..100755
--- a/kerberos5/usr.sbin/ktutil/Makefile
+++ b/kerberos5/usr.sbin/ktutil/Makefile
@@@ -16,8 -16,6 +16,11 @@@ SRCS= add.c
remove.c \
rename.c
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
CFLAGS+=-I${KRB5DIR}/lib/roken -I${KRB5DIR}/lib/sl -I.
LIBADD= kadm5clnt krb5 roken crypto edit sl vers
diff --cc lib/Makefile
index ea9c1af8db37,5d7caa6b9423..000000000000
mode 100644,100644..100755
--- a/lib/Makefile
+++ b/lib/Makefile
@@@ -166,7 -166,6 +166,10 @@@ SUBDIR.${MK_DIALOG}+= libdp
SUBDIR.${MK_FILE}+= libmagic
SUBDIR.${MK_GPIO}+= libgpio
SUBDIR.${MK_GSSAPI}+= libgssapi librpcsec_gss
++<<<<<<< HEAD
+SUBDIR.${MK_HBSDCONTROL}+= libhbsdcontrol
++=======
++>>>>>>> upstream/main
SUBDIR.${MK_ICONV}+= libiconv_modules
SUBDIR.${MK_KERBEROS_SUPPORT}+= libcom_err
SUBDIR.${MK_LDNS}+= libldns
diff --cc lib/clang/Makefile.inc
index 5fcdaf5313fd,6500e91eaac1..000000000000
mode 100644,100644..100755
--- a/lib/clang/Makefile.inc
+++ b/lib/clang/Makefile.inc
@@@ -2,6 -2,8 +2,11 @@@
.include <bsd.compiler.mk>
++<<<<<<< HEAD
++=======
+ MK_PIE:= no # Explicit libXXX.a references
+
++>>>>>>> upstream/main
.if ${COMPILER_TYPE} == "clang"
DEBUG_FILES_CFLAGS= -gline-tables-only
.else
diff --cc lib/clang/liblldb/Makefile
index 618538383bd3,97deef784dc5..000000000000
mode 100644,100644..100755
--- a/lib/clang/liblldb/Makefile
+++ b/lib/clang/liblldb/Makefile
@@@ -376,9 -376,7 +376,13 @@@ SRCS+= Plugins/Language/CPlusPlus/LibS
SRCS+= Plugins/Language/CPlusPlus/MSVCUndecoratedNameParser.cpp
SRCS+= Plugins/Language/ClangCommon/ClangHighlighter.cpp
SRCS+= Plugins/Language/ObjC/CF.cpp
++<<<<<<< HEAD
+SRCS+= Plugins/Language/ObjC/CFBasicHash.cpp
SRCS+= Plugins/Language/ObjC/Cocoa.cpp
+SRCS+= Plugins/Language/ObjC/CoreMedia.cpp
++=======
++SRCS+= Plugins/Language/ObjC/Cocoa.cpp
++>>>>>>> upstream/main
SRCS+= Plugins/Language/ObjC/NSArray.cpp
SRCS+= Plugins/Language/ObjC/NSDictionary.cpp
SRCS+= Plugins/Language/ObjC/NSError.cpp
@@@ -390,18 -388,11 +394,26 @@@ SRCS+= Plugins/Language/ObjC/ObjCLangu
SRCS+= Plugins/LanguageRuntime/CPlusPlus/ItaniumABI/ItaniumABILanguageRuntime.cpp
SRCS+= Plugins/LanguageRuntime/CPlusPlus/CPPLanguageRuntime.cpp
SRCS+= Plugins/LanguageRuntime/ObjC/AppleObjCRuntime/AppleObjCRuntime.cpp
++<<<<<<< HEAD
+SRCS+= Plugins/LanguageRuntime/ObjC/AppleObjCRuntime/AppleObjCRuntimeV1.cpp
+SRCS+= Plugins/LanguageRuntime/ObjC/AppleObjCRuntime/AppleObjCRuntimeV2.cpp
+SRCS+= Plugins/LanguageRuntime/ObjC/AppleObjCRuntime/AppleObjCClassDescriptorV2.cpp
+SRCS+= Plugins/LanguageRuntime/ObjC/AppleObjCRuntime/AppleObjCDeclVendor.cpp
+SRCS+= Plugins/LanguageRuntime/ObjC/AppleObjCRuntime/AppleObjCTrampolineHandler.cpp
+SRCS+= Plugins/LanguageRuntime/ObjC/AppleObjCRuntime/AppleObjCTypeEncodingParser.cpp
+SRCS+= Plugins/LanguageRuntime/ObjC/AppleObjCRuntime/AppleThreadPlanStepThroughObjCTrampoline.cpp
+SRCS+= Plugins/LanguageRuntime/ObjC/ObjCLanguageRuntime.cpp
+SRCS+= Plugins/LanguageRuntime/RenderScript/RenderScriptRuntime/RenderScriptScriptGroup.cpp
+SRCS+= Plugins/LanguageRuntime/RenderScript/RenderScriptRuntime/RenderScriptRuntime.cpp
+SRCS+= Plugins/LanguageRuntime/RenderScript/RenderScriptRuntime/RenderScriptExpressionOpts.cpp
+SRCS+= Plugins/LanguageRuntime/RenderScript/RenderScriptRuntime/RenderScriptx86ABIFixups.cpp
++=======
+ SRCS+= Plugins/LanguageRuntime/ObjC/AppleObjCRuntime/AppleObjCTrampolineHandler.cpp
+ SRCS+= Plugins/LanguageRuntime/ObjC/AppleObjCRuntime/AppleThreadPlanStepThroughObjCTrampoline.cpp
+ SRCS+= Plugins/LanguageRuntime/ObjC/ObjCLanguageRuntime.cpp
+ SRCS+= Plugins/LanguageRuntime/RenderScript/RenderScriptRuntime/RenderScriptRuntime.cpp
+ SRCS+= Plugins/LanguageRuntime/RenderScript/RenderScriptRuntime/RenderScriptExpressionOpts.cpp
++>>>>>>> upstream/main
SRCS+= Plugins/MemoryHistory/asan/MemoryHistoryASan.cpp
SRCS+= Plugins/ObjectContainer/BSD-Archive/ObjectContainerBSDArchive.cpp
SRCS+= Plugins/ObjectFile/Breakpad/BreakpadRecords.cpp
diff --cc lib/clang/libllvm/Makefile
index 613a41465b1c,e831de64cdb6..000000000000
mode 100644,100644..100755
--- a/lib/clang/libllvm/Makefile
+++ b/lib/clang/libllvm/Makefile
@@@ -444,7 -444,6 +444,10 @@@ SRCS_MIN+= DebugInfo/CodeView/RecordSer
SRCS_MIN+= DebugInfo/CodeView/SimpleTypeSerializer.cpp
SRCS_EXT+= DebugInfo/CodeView/StringsAndChecksums.cpp
SRCS_MIN+= DebugInfo/CodeView/SymbolDumper.cpp
++<<<<<<< HEAD
+SRCS_MIN+= DebugInfo/CodeView/SymbolRecordHelpers.cpp
++=======
++>>>>>>> upstream/main
SRCS_MIN+= DebugInfo/CodeView/SymbolRecordMapping.cpp
SRCS_EXT+= DebugInfo/CodeView/SymbolSerializer.cpp
SRCS_MIN+= DebugInfo/CodeView/TypeDumpVisitor.cpp
@@@ -819,7 -818,7 +822,11 @@@ SRCS_MIN+= Object/RecordStreamer.cp
SRCS_MIW+= Object/RelocationResolver.cpp
SRCS_MIW+= Object/SymbolSize.cpp
SRCS_MIN+= Object/SymbolicFile.cpp
++<<<<<<< HEAD
+SRCS_MIN+= Object/TapiFile.cpp
++=======
+ SRCS_MIW+= Object/TapiFile.cpp
++>>>>>>> upstream/main
SRCS_MIW+= Object/TapiUniversal.cpp
SRCS_MIN+= Object/WasmObjectFile.cpp
SRCS_MIW+= Object/WindowsMachineFlag.cpp
diff --cc lib/clang/llvm.build.mk
index 486595a1925a,ef271e85bf3f..000000000000
mode 100644,100644..100755
--- a/lib/clang/llvm.build.mk
+++ b/lib/clang/llvm.build.mk
@@@ -107,8 -107,6 +107,11 @@@ CXXFLAGS+= -fno-exception
CXXFLAGS+= -fno-rtti
CXXFLAGS.clang+= -stdlib=libc++
++<<<<<<< HEAD
+NOCFI= yes
+
++=======
++>>>>>>> upstream/main
.if ${MACHINE_ARCH:Mmips64}
STATIC_CFLAGS+= -mxgot
STATIC_CXXFLAGS+= -mxgot
diff --cc lib/libc/gen/setproctitle.c
index b389167efc42,b975fd72b649..000000000000
mode 100644,100644..100755
--- a/lib/libc/gen/setproctitle.c
+++ b/lib/libc/gen/setproctitle.c
@@@ -32,6 -32,26 +32,29 @@@ __FBSDID("$FreeBSD$")
#include "libc_private.h"
++<<<<<<< HEAD
++=======
+ /*
+ * Older FreeBSD 2.0, 2.1 and 2.2 had different ps_strings structures and
+ * in different locations.
+ * 1: old_ps_strings at the very top of the stack.
+ * 2: old_ps_strings at SPARE_USRSPACE below the top of the stack.
+ * 3: ps_strings at the very top of the stack.
+ * We only support a kernel providing #3 style ps_strings.
+ *
+ * For historical purposes, a definition of the old ps_strings structure
+ * and location is preserved below:
+ struct old_ps_strings {
+ char *old_ps_argvstr;
+ int old_ps_nargvstr;
+ char *old_ps_envstr;
+ int old_ps_nenvstr;
+ };
+ #define OLD_PS_STRINGS ((struct old_ps_strings *) \
+ (USRSTACK - SPARE_USRSPACE - sizeof(struct old_ps_strings)))
+ */
+
++>>>>>>> upstream/main
#include <stdarg.h>
#define SPT_BUFSIZE 2048 /* from other parts of sendmail */
diff --cc lib/libc/stdlib/memory.3
index a32c6c92d4d5,b78ddae8aab0..000000000000
mode 100644,100644..100755
--- a/lib/libc/stdlib/memory.3
+++ b/lib/libc/stdlib/memory.3
@@@ -50,8 -50,6 +50,11 @@@
.Ft void *
.Fn realloc "void *ptr" "size_t size"
.Ft void *
++<<<<<<< HEAD
+.Fn reallocarray "void *ptr" "size_t nmbr" "size_t size"
+.Ft void *
++=======
++>>>>>>> upstream/main
.Fn calloc "size_t nelem" "size_t elsize"
.Ft void *
.Fn alloca "size_t size"
@@@ -70,7 -68,6 +73,10 @@@ individual manual pages
.Xr free 3 ,
.Xr malloc 3 ,
.Xr realloc 3
++<<<<<<< HEAD
+.Xr reallocarray 3
++=======
++>>>>>>> upstream/main
.Sh STANDARDS
These functions, with the exception of
.Fn alloca
diff --cc lib/libc/tests/stdlib/Makefile
index edf2c1940dcb,da152159f8a8..000000000000
mode 100644,100644..100755
--- a/lib/libc/tests/stdlib/Makefile
+++ b/lib/libc/tests/stdlib/Makefile
@@@ -14,7 -14,6 +14,10 @@@ ATF_TESTS_C+= tsearch_tes
.if ${COMPILER_FEATURES:Mc++11}
ATF_TESTS_CXX+= cxa_thread_atexit_test
ATF_TESTS_CXX+= cxa_thread_atexit_nothr_test
++<<<<<<< HEAD
+NOPIE= yes
++=======
++>>>>>>> upstream/main
.endif
# All architectures on FreeBSD have fenv.h
diff --cc lib/libc/tests/tls/Makefile
index 11042169743d,3cfaaadce590..000000000000
mode 100644,100644..100755
--- a/lib/libc/tests/tls/Makefile
+++ b/lib/libc/tests/tls/Makefile
@@@ -30,6 -30,4 +30,9 @@@ LIBADD.tls_dynamic_test+= pthrea
LIBADD.tls_dlopen_test+= pthread
LDFLAGS.tls_dlopen_test+= -Wl,-rpath,${TESTSDIR} -Wl,-export-dynamic
++<<<<<<< HEAD
+NOPIE= yes
+
++=======
++>>>>>>> upstream/main
.include <bsd.test.mk>
diff --cc lib/libclang_rt/Makefile
index 9bd3b20abf96,c1c72299bdf7..000000000000
mode 100644,100644..100755
--- a/lib/libclang_rt/Makefile
+++ b/lib/libclang_rt/Makefile
@@@ -6,13 -6,11 +6,21 @@@ SUBDIR+= asa
SUBDIR+= asan-preinit
SUBDIR+= asan_cxx
SUBDIR+= asan_dynamic
++<<<<<<< HEAD
+SUBDIR+= safestack
+SUBDIR+= stats
+SUBDIR+= stats_client
+.if ${MACHINE_CPUARCH} == "amd64"
+SUBDIR+= cfi
+SUBDIR+= cfi_diag
+.endif
++=======
+ SUBDIR+= cfi
+ SUBDIR+= cfi_diag
+ SUBDIR+= safestack
+ SUBDIR+= stats
+ SUBDIR+= stats_client
++>>>>>>> upstream/main
SUBDIR+= ubsan_minimal
SUBDIR+= ubsan_standalone
SUBDIR+= ubsan_standalone_cxx
diff --cc lib/libclang_rt/cfi/Makefile
index 1ba1f2d4dcbd,b6febc861e89..000000000000
mode 100644,100644..100755
--- a/lib/libclang_rt/cfi/Makefile
+++ b/lib/libclang_rt/cfi/Makefile
@@@ -36,10 -36,4 +36,13 @@@ SRCS+= sanitizer_common/sanitizer_thre
SRCS+= sanitizer_common/sanitizer_tls_get_addr.cpp
SRCS+= sanitizer_common/sanitizer_type_traits.cpp
++<<<<<<< HEAD
+.if ${MK_LLD_IS_LD} != "no" && ${MK_CLANG_IS_CC} != "no" # && ${MK_CROSS_DSO_CFI} == "no"
+CFLAGS+= -flto
+CXXFLAGS+= -flto
+LDFLAGS+= -flto
+.endif
+
++=======
++>>>>>>> upstream/main
.include <bsd.lib.mk>
diff --cc lib/libclang_rt/safestack/Makefile
index 3801d770fe1c,4f3d2fa2aa68..000000000000
mode 100644,100644..100755
--- a/lib/libclang_rt/safestack/Makefile
+++ b/lib/libclang_rt/safestack/Makefile
@@@ -2,8 -2,6 +2,11 @@@
.include <bsd.init.mk>
++<<<<<<< HEAD
+NOCFI= yes
+
++=======
++>>>>>>> upstream/main
LIB= clang_rt.safestack-${CRTARCH}
SRCS+= interception/interception_linux.cpp
diff --cc lib/libexecinfo/Makefile
index 99a7bc84fa4d,cc7b5a406638..000000000000
mode 100644,100644..100755
--- a/lib/libexecinfo/Makefile
+++ b/lib/libexecinfo/Makefile
@@@ -1,7 -1,5 +1,10 @@@
# $FreeBSD$
++<<<<<<< HEAD
+SHLIBDIR?= /lib
+
++=======
++>>>>>>> upstream/main
PACKAGE=lib${LIB}
.include <src.opts.mk>
diff --cc lib/librt/Makefile
index 872008a50d22,389e0280a6bc..000000000000
mode 100644,100644..100755
--- a/lib/librt/Makefile
+++ b/lib/librt/Makefile
@@@ -1,7 -1,5 +1,10 @@@
# $FreeBSD$
++<<<<<<< HEAD
+SHLIBDIR?= /lib
+
++=======
++>>>>>>> upstream/main
.include <src.opts.mk>
LIB=rt
diff --cc lib/libthr/thread/thr_stack.c
index c5618f2d98a3,b08bafdd9417..000000000000
mode 100644,100644..100755
--- a/lib/libthr/thread/thr_stack.c
+++ b/lib/libthr/thread/thr_stack.c
@@@ -41,11 -41,6 +41,14 @@@ __FBSDID("$FreeBSD$")
#include "thr_private.h"
++<<<<<<< HEAD
+/* DELTA_PAGES: Maximum number of pages to shift the stack address */
+#ifndef DELTA_PAGES
+#define DELTA_PAGES 24
+#endif
+
++=======
++>>>>>>> upstream/main
/* Spare thread stack. */
struct stack {
LIST_ENTRY(stack) qe; /* Stack queue linkage. */
@@@ -202,7 -197,6 +205,10 @@@ _thr_stack_alloc(struct pthread_attr *a
size_t stacksize;
size_t guardsize;
char *stackaddr;
++<<<<<<< HEAD
+ uint32_t delta;
++=======
++>>>>>>> upstream/main
/*
* Round up stack size to nearest multiple of _thr_page_size so
@@@ -258,26 -252,12 +264,35 @@@
* Allocate a stack from or below usrstack, depending
* on the LIBPTHREAD_BIGSTACK_MAIN env variable.
*/
++<<<<<<< HEAD
+ if (last_stack == NULL) {
+ last_stack = _usrstack - _thr_stack_initial -
+ _thr_guard_default;
+ delta = arc4random_uniform(DELTA_PAGES);
+ last_stack -= (getpagesize() * delta);
+ }
+
+ /*
+ * Allocate a new stack.
+ *
+ * HardenedBSD note: Normally, one would subtract the
+ * delta from the stack address. Doing so here can
+ * cause the stack to be placed incredibly low. The
+ * virtual memory subsystem can deal with finding out
+ * the best place to map this to, so providing a hint
+ * that may be above another stack is okay.
+ */
+ stackaddr = last_stack - stacksize - guardsize;
+ delta = arc4random_uniform(DELTA_PAGES);
+ stackaddr += (getpagesize() * delta);
++=======
+ if (last_stack == NULL)
+ last_stack = _usrstack - _thr_stack_initial -
+ _thr_guard_default;
+
+ /* Allocate a new stack. */
+ stackaddr = last_stack - stacksize - guardsize;
++>>>>>>> upstream/main
/*
* Even if stack allocation fails, we don't want to try to
@@@ -286,7 -266,7 +301,11 @@@
* likely reason for an mmap() error is a stack overflow of
* the adjacent thread stack.
*/
++<<<<<<< HEAD
+ last_stack = stackaddr;
++=======
+ last_stack -= (stacksize + guardsize);
++>>>>>>> upstream/main
/* Release the lock before mmap'ing it. */
THREAD_LIST_UNLOCK(curthread);
@@@ -298,13 -278,6 +317,16 @@@
-1, 0)) != MAP_FAILED &&
(guardsize == 0 ||
mprotect(stackaddr, guardsize, PROT_NONE) == 0)) {
++<<<<<<< HEAD
+ /*
+ * Update last_stack to be the new stack
+ * address in order to catch any
+ * HardenedBSD-provided ASLR delta
+ * application.
+ */
+ last_stack = stackaddr;
++=======
++>>>>>>> upstream/main
stackaddr += guardsize;
} else {
if (stackaddr != MAP_FAILED)
diff --cc lib/libvmmapi/vmmapi.c
index bec75403c44a,b36ad1c84423..000000000000
mode 100644,100644..100755
--- a/lib/libvmmapi/vmmapi.c
+++ b/lib/libvmmapi/vmmapi.c
@@@ -410,8 -410,8 +410,13 @@@ vm_setup_memory(struct vmctx *ctx, size
ptr = mmap(NULL, len, PROT_NONE, MAP_GUARD | MAP_ALIGNED_SUPER, -1, 0);
if (ptr == MAP_FAILED)
return (-1);
++<<<<<<< HEAD
+ baseaddr = ptr + VM_MMAP_GUARD_SIZE;
+
++=======
+
+ baseaddr = ptr + VM_MMAP_GUARD_SIZE;
++>>>>>>> upstream/main
if (ctx->highmem > 0) {
gpa = 4*GB;
len = ctx->highmem;
diff --cc libexec/rc/rc.conf
index 59fbcb6f8782,d8c24853225f..000000000000
mode 100644,100644..100755
--- a/libexec/rc/rc.conf
+++ b/libexec/rc/rc.conf
@@@ -411,10 -411,6 +411,13 @@@ ntp_leapfile_expiry_days=30 # Check fo
# expiry.
ntp_leapfile_fetch_verbose="NO" # Be verbose during NTP leapfile fetch
++<<<<<<< HEAD
+### OpenNTPd-based Network Time Services options: ###
+local_openntpd_enable="NO"
+local_openntpd_flags="-s"
+
++=======
++>>>>>>> upstream/main
# Network Information Services (NIS) options: All need rpcbind_enable="YES" ###
nis_client_enable="NO" # We're an NIS client (or NO).
nis_client_flags="" # Flags to ypbind (if enabled).
diff --cc libexec/rc/rc.d/Makefile
index fd6f59ed84ec,7e0e63dae414..000000000000
mode 100644,100644..100755
--- a/libexec/rc/rc.d/Makefile
+++ b/libexec/rc/rc.d/Makefile
@@@ -13,6 -13,7 +13,10 @@@ CONFS= DAEMON
SERVERS \
addswap \
adjkerntz \
++<<<<<<< HEAD
++=======
+ archdep \
++>>>>>>> upstream/main
bgfsck \
${_blacklistd} \
bridge \
diff --cc libexec/rc/rc.d/dmesg
index 48cfa51ca131,3da6196b6ff5..000000000000
--- a/libexec/rc/rc.d/dmesg
+++ b/libexec/rc/rc.d/dmesg
@@@ -20,15 -20,7 +20,19 @@@ stop_cmd=":
do_dmesg()
{
rm -f ${dmesg_file}
++<<<<<<< HEAD
+
+ case `/sbin/sysctl -n security.bsd.unprivileged_read_msgbuf` in
+ 1)
+ ( umask 022 ; /sbin/dmesg $rc_flags > ${dmesg_file} )
+ ;;
+ *)
+ ( umask 077 ; /sbin/dmesg $rc_flags > ${dmesg_file} )
+ ;;
+ esac
++=======
+ ( umask 022 ; /sbin/dmesg $rc_flags > ${dmesg_file} )
++>>>>>>> upstream/main
}
load_rc_config $name
diff --cc libexec/rc/rc.d/motd
index dd65d01a0aaf,e63973945f9d..000000000000
--- a/libexec/rc/rc.d/motd
+++ b/libexec/rc/rc.d/motd
@@@ -19,7 -19,6 +19,10 @@@ COMPAT_MOTD="/etc/motd
TARGET="/var/run/motd"
TEMPLATE="/etc/motd.template"
PERMS="644"
++<<<<<<< HEAD
+MOTD_FILE="/etc/motd"
++=======
++>>>>>>> upstream/main
motd_start()
{
@@@ -47,7 -46,7 +50,11 @@@
T=`mktemp -t motd`
uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,' > ${T}
++<<<<<<< HEAD
+ awk '{if (NR == 1) {if ($1 == "FreeBSD" || $1 == "HardenedBSD") {next} else {print "\n"$0}} else {print}}' < ${MOTD_FILE} >> ${T}
++=======
+ cat "${TEMPLATE}" >> ${T}
++>>>>>>> upstream/main
install -C -o root -g wheel -m "${PERMS}" "$T" "${TARGET}"
rm -f "$T"
diff --cc libexec/rtld-elf/Makefile
index ed7d31e4b61a,c61477c68236..000000000000
mode 100644,100644..100755
--- a/libexec/rtld-elf/Makefile
+++ b/libexec/rtld-elf/Makefile
@@@ -8,8 -8,8 +8,13 @@@ RTLD_ELF_DIR:= ${.PARSEDIR
.include <src.opts.mk>
PACKAGE= clibs
++<<<<<<< HEAD
+MK_SSP= no
+MK_CFI= no
++=======
+ MK_PIE= no # Always position independent using local rules
+ MK_SSP= no
++>>>>>>> upstream/main
CONFS= libmap.conf
PROG?= ld-elf.so.1
@@@ -82,12 -82,6 +87,15 @@@ HAS_TESTS
SUBDIR.${MK_TESTS}+= tests
.endif
++<<<<<<< HEAD
+.if ${MK_SHLIBRANDOM} != "no"
+CFLAGS+= -DSHLIBRANDOM
+.endif
+
+NOPIE= yes
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
${PROG_FULL}: ${VERSION_MAP}
.include <bsd.symver.mk>
diff --cc libexec/rtld-elf/aarch64/rtld_machdep.h
index 46ac64be2226,0824219c00c2..000000000000
mode 100644,100644..100755
--- a/libexec/rtld-elf/aarch64/rtld_machdep.h
+++ b/libexec/rtld-elf/aarch64/rtld_machdep.h
@@@ -88,8 -88,8 +88,13 @@@ typedef struct
extern void *__tls_get_addr(tls_index *ti);
++<<<<<<< HEAD
+#define RTLD_DEFAULT_STACK_PF_EXEC 0
+#define RTLD_DEFAULT_STACK_EXEC 0
++=======
+ #define RTLD_DEFAULT_STACK_PF_EXEC PF_X
+ #define RTLD_DEFAULT_STACK_EXEC PROT_EXEC
++>>>>>>> upstream/main
#define md_abi_variant_hook(x)
diff --cc libexec/rtld-elf/amd64/Makefile.inc
index 12190db269a1,9a4df6e7b648..000000000000
mode 100644,100644..100755
--- a/libexec/rtld-elf/amd64/Makefile.inc
+++ b/libexec/rtld-elf/amd64/Makefile.inc
@@@ -1,5 -1,3 +1,8 @@@
# $FreeBSD$
++<<<<<<< HEAD
+MK_BIND_NOW= no
+
++=======
++>>>>>>> upstream/main
CFLAGS+= ${CFLAGS_NO_SIMD} -msoft-float -fvisibility=hidden
diff --cc libexec/rtld-elf/amd64/rtld_machdep.h
index 48fded2d30d5,86027a04788f..000000000000
mode 100644,100644..100755
--- a/libexec/rtld-elf/amd64/rtld_machdep.h
+++ b/libexec/rtld-elf/amd64/rtld_machdep.h
@@@ -68,8 -68,8 +68,13 @@@ typedef struct
void *__tls_get_addr(tls_index *ti) __exported;
++<<<<<<< HEAD
+#define RTLD_DEFAULT_STACK_PF_EXEC 0
+#define RTLD_DEFAULT_STACK_EXEC 0
++=======
+ #define RTLD_DEFAULT_STACK_PF_EXEC PF_X
+ #define RTLD_DEFAULT_STACK_EXEC PROT_EXEC
++>>>>>>> upstream/main
#define md_abi_variant_hook(x)
diff --cc libexec/rtld-elf/rtld-libc/Makefile.inc
index 863dff68fe35,74ac3668f1ad..000000000000
mode 100644,100644..100755
--- a/libexec/rtld-elf/rtld-libc/Makefile.inc
+++ b/libexec/rtld-elf/rtld-libc/Makefile.inc
@@@ -33,12 -33,10 +33,19 @@@ SRCS+= reallocf.c realpath.c getenv.c m
CFLAGS.merge.c+=-Wno-error=null-pointer-arithmetic
.endif
.PATH: ${LIBC_SRCTOP}/gen
++<<<<<<< HEAD
+SRCS+= errlst.c getcwd.c getprogname.c raise.c sigsetops.c \
+ sysctlbyname.c sysctlnametomib.c \
+ __xuname.c
+# errlst.c needs the errlst.h header from libc:
+CFLAGS.errlst.c+=-I${LIBC_SRCTOP}/include
+CFLAGS.sysctlbyname.c+=-I${LIBC_SRCTOP}/include
++=======
+ SRCS+= errlst.c getcwd.c getprogname.c raise.c sigsetops.c sysctlnametomib.c \
+ __xuname.c
+ # errlst.c needs the errlst.h header from libc:
+ CFLAGS.errlst.c+=-I${LIBC_SRCTOP}/include
++>>>>>>> upstream/main
# Use the string and memory .o files from libc instead of rebuilding them (they
# might be using optimized assembly and duplicating that logic here is awkward).
@@@ -51,8 -49,7 +58,12 @@@ _libc_other_objects= sigsetjmp lstat st
sysarch __sysctl issetugid __getcwd utrace getpid \
thr_self thr_kill pread mmap lseek _exit _fstat _fstatat _fstatfs \
getdirentries _getdirentries _close _fcntl _open _openat _read \
++<<<<<<< HEAD
+ _sigprocmask _write readlink __realpathat _setjmp setjmp setjmperr \
+ __sysctlbyname
++=======
+ _sigprocmask _write readlink __realpathat _setjmp setjmp setjmperr
++>>>>>>> upstream/main
# Finally add additional architecture-dependent libc dependencies
diff --cc libexec/rtld-elf/rtld.c
index e378060079e9,c6cd285c71d0..000000000000
mode 100644,100644..100755
--- a/libexec/rtld-elf/rtld.c
+++ b/libexec/rtld-elf/rtld.c
@@@ -44,9 -44,6 +44,12 @@@ __FBSDID("$FreeBSD$")
#include <sys/param.h>
#include <sys/mount.h>
#include <sys/mman.h>
++<<<<<<< HEAD
+#ifdef HARDENEDBSD
+#include <sys/pax.h>
+#endif
++=======
++>>>>>>> upstream/main
#include <sys/stat.h>
#include <sys/sysctl.h>
#include <sys/uio.h>
@@@ -78,18 -75,13 +81,25 @@@
typedef void (*func_ptr_type)(void);
typedef void * (*path_enum_proc) (const char *path, size_t len, void *arg);
++<<<<<<< HEAD
+#ifdef HARDENEDBSD
+struct integriforce_so_check {
+ char isc_path[MAXPATHLEN];
+ int isc_result;
+};
+#endif
++=======
++>>>>>>> upstream/main
/* Variables that cannot be static: */
extern struct r_debug r_debug; /* For GDB */
extern int _thread_autoinit_dummy_decl;
extern void (*__cleanup)(void);
++<<<<<<< HEAD
++=======
+
++>>>>>>> upstream/main
/*
* Function declarations.
*/
@@@ -126,9 -118,6 +136,12 @@@ static void linkmap_add(Obj_Entry *)
static void linkmap_delete(Obj_Entry *);
static void load_filtees(Obj_Entry *, int flags, RtldLockState *);
static void unload_filtees(Obj_Entry *, RtldLockState *);
++<<<<<<< HEAD
+#if defined(HARDENEDBSD) && defined(SHLIBRANDOM)
+static void randomize_neededs(Obj_Entry *obj, int flags);
+#endif
++=======
++>>>>>>> upstream/main
static int load_needed_objects(Obj_Entry *, int);
static int load_preload_objects(void);
static Obj_Entry *load_object(const char *, int fd, const Obj_Entry *, int);
@@@ -230,10 -219,6 +243,13 @@@ static Obj_Entry obj_rtld; /* The dynam
static unsigned int obj_count; /* Number of objects in obj_list */
static unsigned int obj_loads; /* Number of loads of objects (gen count) */
++<<<<<<< HEAD
+#ifdef HARDENEDBSD
+static Elf_Word pax_flags = 0; /* PaX / HardenedBSD flags */
+#endif
+
++=======
++>>>>>>> upstream/main
static Objlist list_global = /* Objects dlopened with RTLD_GLOBAL */
STAILQ_HEAD_INITIALIZER(list_global);
static Objlist list_main = /* Objects loaded at program startup */
@@@ -466,14 -451,6 +482,17 @@@ _rtld(Elf_Addr *sp, func_ptr_type *exit
(aux_info[AT_BSDFLAGS]->a_un.a_val & ELF_BSDF_SIGFASTBLK) != 0)
ld_fast_sigblock = true;
++<<<<<<< HEAD
+#ifdef HARDENEDBSD
+ /* Load PaX flags */
+ if (aux_info[AT_PAXFLAGS] != NULL) {
+ pax_flags = aux_info[AT_PAXFLAGS]->a_un.a_val;
+ aux_info[AT_PAXFLAGS]->a_un.a_val = 0;
+ }
+#endif
+
++=======
++>>>>>>> upstream/main
trust = !issetugid();
direct_exec = false;
@@@ -641,10 -618,6 +660,13 @@@
dbg("initializing thread locks");
lockdflt_init();
++<<<<<<< HEAD
+ if (aux_info[AT_STACKPROT] != NULL &&
+ aux_info[AT_STACKPROT]->a_un.a_val != 0)
+ stack_prot = aux_info[AT_STACKPROT]->a_un.a_val;
+
++=======
++>>>>>>> upstream/main
/*
* Load the main program, or process its program header if it is
* already loaded.
@@@ -656,9 -629,6 +678,12 @@@
if (obj_main == NULL)
rtld_die();
max_stack_flags = obj_main->stack_flags;
++<<<<<<< HEAD
+ if ((max_stack_flags & PF_X) == PF_X)
+ if ((stack_prot & PROT_EXEC) == 0)
+ max_stack_flags &= ~(PF_X);
++=======
++>>>>>>> upstream/main
} else { /* Main program already loaded. */
dbg("processing main program's program header");
assert(aux_info[AT_PHDR] != NULL);
@@@ -691,6 -661,10 +716,13 @@@
dbg("obj_main path %s", obj_main->path);
obj_main->mainprog = true;
++<<<<<<< HEAD
++=======
+ if (aux_info[AT_STACKPROT] != NULL &&
+ aux_info[AT_STACKPROT]->a_un.a_val != 0)
+ stack_prot = aux_info[AT_STACKPROT]->a_un.a_val;
+
++>>>>>>> upstream/main
#ifndef COMPAT_32BIT
/*
* Get the actual dynamic linker pathname from the executable if
@@@ -1107,7 -1081,7 +1139,11 @@@ digest_dynamic1(Obj_Entry *obj, int ear
const Elf_Hashelt *hashtab;
const Elf32_Word *hashval;
Elf32_Word bkt, nmaskwords;
++<<<<<<< HEAD
+ unsigned int bloom_size32;
++=======
+ int bloom_size32;
++>>>>>>> upstream/main
int plttype = DT_REL;
*dyn_rpath = NULL;
@@@ -1526,7 -1500,7 +1562,11 @@@ digest_phdr(const Elf_Phdr *phdr, int p
break;
}
++<<<<<<< HEAD
+ obj->stack_flags = PF_R | PF_W;
++=======
+ obj->stack_flags = PF_X | PF_R | PF_W;
++>>>>>>> upstream/main
for (ph = phdr; ph < phlimit; ph++) {
switch (ph->p_type) {
@@@ -2205,23 -2179,12 +2245,30 @@@ parse_rtld_phdr(Obj_Entry *obj
const Elf_Phdr *ph;
Elf_Addr note_start, note_end;
++<<<<<<< HEAD
+#ifdef HARDENEDBSD
+ obj->stack_flags = PF_R | PF_W;
+#else
obj->stack_flags = PF_X | PF_R | PF_W;
+#endif
++=======
++ obj->stack_flags = PF_X | PF_R | PF_W;
++>>>>>>> upstream/main
for (ph = obj->phdr; (const char *)ph < (const char *)obj->phdr +
obj->phsize; ph++) {
switch (ph->p_type) {
case PT_GNU_STACK:
obj->stack_flags = ph->p_flags;
++<<<<<<< HEAD
+#ifdef HARDENEDBSD
+ /*
+ * XXX Shared objects that set RWX stack can
+ * die in a fire
+ */
+ obj->stack_flags &= ~(PF_X);
+#endif
++=======
++>>>>>>> upstream/main
break;
case PT_GNU_RELRO:
obj->relro_page = obj->relocbase +
@@@ -2489,56 -2452,6 +2536,59 @@@ process_needed(Obj_Entry *obj, Needed_E
return (0);
}
++<<<<<<< HEAD
+#if defined(HARDENEDBSD) && defined(SHLIBRANDOM)
+static void
+randomize_neededs(Obj_Entry *obj, int flags)
+{
+ Needed_Entry **needs=NULL, *need=NULL;
+ unsigned int i, j, nneed;
+ size_t sz = sizeof(unsigned int);
+ int mib[2];
+
+ if (!(obj->needed) || (flags & RTLD_LO_FILTEES))
+ return;
+
+ mib[0] = CTL_KERN;
+ mib[1] = KERN_ARND;
+
+ for (nneed = 0, need = obj->needed; need != NULL; need = need->next)
+ nneed++;
+
+ if (nneed > 1) {
+ needs = xcalloc(nneed, sizeof(Needed_Entry **));
+ for (i = 0, need = obj->needed; i < nneed; i++, need = need->next)
+ needs[i] = need;
+
+ for (i=0; i < nneed; i++) {
+ do {
+ if (sysctl(mib, 2, &j, &sz, NULL, 0))
+ goto err;
+
+ j %= nneed;
+ } while (j == i);
+
+ need = needs[i];
+ needs[i] = needs[j];
+ needs[j] = need;
+ }
+
+ for (i=0; i < nneed; i++)
+ needs[i]->next = i + 1 < nneed ? needs[i + 1] : NULL;
+
+ obj->needed = needs[0];
+ }
+
+err:
+ if (needs != NULL)
+ free(needs);
+
+ return;
+}
+#endif
+
++=======
++>>>>>>> upstream/main
/*
* Given a shared object, traverse its list of needed objects, and load
* each of them. Returns 0 on success. Generates an error message and
@@@ -2552,11 -2465,6 +2602,14 @@@ load_needed_objects(Obj_Entry *first, i
for (obj = first; obj != NULL; obj = TAILQ_NEXT(obj, next)) {
if (obj->marker)
continue;
++<<<<<<< HEAD
+#if defined(HARDENEDBSD) && defined(SHLIBRANDOM)
+ if ((pax_flags & (PAX_HARDENING_NOSHLIBRANDOM | PAX_HARDENING_SHLIBRANDOM)) !=
+ PAX_HARDENING_NOSHLIBRANDOM)
+ randomize_neededs(obj, flags);
+#endif
++=======
++>>>>>>> upstream/main
if (process_needed(obj, obj->needed, flags) == -1)
return (-1);
}
@@@ -2698,11 -2606,6 +2751,14 @@@ do_load_object(int fd, const char *name
{
Obj_Entry *obj;
struct statfs fs;
++<<<<<<< HEAD
+#ifdef HARDENEDBSD
+ struct integriforce_so_check check;
+ int res, err;
+ size_t sz;
+#endif
++=======
++>>>>>>> upstream/main
/*
* but first, make sure that environment variables haven't been
@@@ -2718,24 -2621,6 +2774,27 @@@
return NULL;
}
}
++<<<<<<< HEAD
+#ifdef HARDENEDBSD
+ if (path != NULL) {
+ sz = sizeof(int);
+ err = sysctlbyname("kern.features.integriforce",
+ &res, &sz, NULL, 0);
+ if (err == 0 && res == 1) {
+ strlcpy(check.isc_path, path, MAXPATHLEN);
+ check.isc_result = 0;
+ sz = sizeof(struct integriforce_so_check);
+ err = sysctlbyname("hardening.secadm.integriforce_so",
+ &check, &sz, &check, sizeof(struct integriforce_so_check));
+ if (err == 0 && check.isc_result != 0) {
+ _rtld_error("Integriforce validation failed on %s. Aborting.\n", path);
+ return (NULL);
+ }
+ }
+ }
+#endif
++=======
++>>>>>>> upstream/main
dbg("loading \"%s\"", printable_path(path));
obj = map_object(fd, printable_path(path), sbp);
if (obj == NULL)
@@@ -2770,9 -2655,6 +2829,12 @@@
obj_loads++;
linkmap_add(obj); /* for GDB & dlinfo() */
max_stack_flags |= obj->stack_flags;
++<<<<<<< HEAD
+ if ((max_stack_flags & PF_X) == PF_X)
+ if ((stack_prot & PROT_EXEC) == 0)
+ max_stack_flags &= ~(PF_X);
++=======
++>>>>>>> upstream/main
dbg(" %p .. %p: %s", obj->mapbase,
obj->mapbase + obj->mapsize - 1, obj->path);
diff --cc release/Makefile
index ab994bdf43ed,2e828469ed21..000000000000
mode 100644,100644..100755
--- a/release/Makefile
+++ b/release/Makefile
@@@ -40,7 -40,6 +40,10 @@@ WORLDDIR?= ${.CURDIR}/.
PORTSDIR?= /usr/ports
DOCDIR?= /usr/doc
RELNOTES_LANG?= en_US.ISO8859-1
++<<<<<<< HEAD
+KERNCONF?= HARDENEDBSD
++=======
++>>>>>>> upstream/main
.if !defined(TARGET) || empty(TARGET)
TARGET= ${MACHINE}
@@@ -72,7 -71,7 +75,11 @@@ VOLUME_LABEL= ${REVISION:C/[.-]/_/g}_${
.endif
.if !defined(VOLUME_LABEL) || empty(VOLUME_LABEL)
++<<<<<<< HEAD
+VOLUME_LABEL= HardenedBSD_Install
++=======
+ VOLUME_LABEL= FreeBSD_Install
++>>>>>>> upstream/main
.endif
.if !exists(${DOCDIR})
@@@ -143,8 -142,7 +150,12 @@@ base.txz
kernel.txz:
mkdir -p ${DISTDIR}
++<<<<<<< HEAD
+ cd ${WORLDDIR} && ${IMAKE} distributekernel packagekernel \
+ DISTDIR=${.OBJDIR}/${DISTDIR} KERNCONF=${KERNCONF}
++=======
+ cd ${WORLDDIR} && ${IMAKE} distributekernel packagekernel DISTDIR=${.OBJDIR}/${DISTDIR}
++>>>>>>> upstream/main
mv ${DISTDIR}/kernel*.txz .
src.txz:
@@@ -207,10 -205,6 +218,13 @@@ disc1: packagesyste
echo vfs.mountroot.timeout=\"10\" >> ${.TARGET}/boot/loader.conf
echo kernels_autodetect=\"NO\" >> ${.TARGET}/boot/loader.conf
cp ${.CURDIR}/rc.local ${.TARGET}/etc
++<<<<<<< HEAD
+ # XXXOP - try to work around installer lockup on random dev in a virtual machine
+ dd if=/dev/random of=${.TARGET}/boot/entropy bs=4k count=1
+ chown 0:0 ${.TARGET}/boot/entropy
+ chmod 0600 ${.TARGET}/boot/entropy
++=======
++>>>>>>> upstream/main
touch ${.TARGET}
bootonly: packagesystem
@@@ -239,10 -233,6 +253,13 @@@
echo vfs.mountroot.timeout=\"10\" >> ${.TARGET}/boot/loader.conf
echo kernels_autodetect=\"NO\" >> ${.TARGET}/boot/loader.conf
cp ${.CURDIR}/rc.local ${.TARGET}/etc
++<<<<<<< HEAD
+ # XXXOP - try to work around installer lockup on random dev in a virtual machine
+ dd if=/dev/random of=${.TARGET}/boot/entropy bs=4k count=1
+ chown 0:0 ${.TARGET}/boot/entropy
+ chmod 0600 ${.TARGET}/boot/entropy
++=======
++>>>>>>> upstream/main
dvd: packagesystem
# Install system
@@@ -268,10 -258,6 +285,13 @@@
echo vfs.mountroot.timeout=\"10\" >> ${.TARGET}/boot/loader.conf
echo kernels_autodetect=\"NO\" >> ${.TARGET}/boot/loader.conf
cp ${.CURDIR}/rc.local ${.TARGET}/etc
++<<<<<<< HEAD
+ # XXXOP - try to work around installer lockup on random dev in a virtual machine
+ dd if=/dev/random of=${.TARGET}/boot/entropy bs=4k count=1
+ chown 0:0 ${.TARGET}/boot/entropy
+ chmod 0600 ${.TARGET}/boot/entropy
++=======
++>>>>>>> upstream/main
touch ${.TARGET}
release.iso: disc1.iso
diff --cc release/amd64/make-memstick.sh
index 6b4e7a67b008,c0e405c3a976..000000000000
--- a/release/amd64/make-memstick.sh
+++ b/release/amd64/make-memstick.sh
@@@ -11,8 -11,6 +11,11 @@@
#
set -e
++<<<<<<< HEAD
+# XXXOP - be more verbose
+set -x
++=======
++>>>>>>> upstream/main
scriptdir=$(dirname $(realpath $0))
. ${scriptdir}/../../tools/boot/install-boot.sh
@@@ -35,9 -33,9 +38,15 @@@ if [ -e ${2} ]; the
exit 1
fi
++<<<<<<< HEAD
+echo '/dev/ufs/HardenedBSD_Install / ufs ro,noatime 1 1' > ${1}/etc/fstab
+echo 'root_rw_mount="NO"' > ${1}/etc/rc.conf.local
+makefs -B little -o label=HardenedBSD_Install -o version=2 ${2}.part ${1}
++=======
+ echo '/dev/ufs/FreeBSD_Install / ufs ro,noatime 1 1' > ${1}/etc/fstab
+ echo 'root_rw_mount="NO"' > ${1}/etc/rc.conf.local
+ makefs -B little -o label=FreeBSD_Install -o version=2 ${2}.part ${1}
++>>>>>>> upstream/main
rm ${1}/etc/fstab
rm ${1}/etc/rc.conf.local
diff --cc release/amd64/mkisoimages.sh
index d6313bcda983,1a1440fa1983..000000000000
mode 100644,100644..100755
--- a/release/amd64/mkisoimages.sh
+++ b/release/amd64/mkisoimages.sh
@@@ -24,8 -24,6 +24,11 @@@
# into base-bits-dir as part of making the image.
set -e
++<<<<<<< HEAD
+# XXXOP - be more verbose
+set -x
++=======
++>>>>>>> upstream/main
scriptdir=$(dirname $(realpath $0))
. ${scriptdir}/../../tools/boot/install-boot.sh
@@@ -68,7 -66,7 +71,11 @@@ f
LABEL=`echo "$1" | tr '[:lower:]' '[:upper:]'`; shift
NAME="$1"; shift
++<<<<<<< HEAD
+publisher="The HardenedBSD Project. https://www.HardenedBSD.org/"
++=======
+ publisher="The FreeBSD Project. https://www.FreeBSD.org/"
++>>>>>>> upstream/main
echo "/dev/iso9660/$LABEL / cd9660 ro 0 0" > "$BASEBITSDIR/etc/fstab"
$MAKEFS -t cd9660 $bootable -o rockridge -o label="$LABEL" -o publisher="$publisher" "$NAME" "$@"
rm -f "$BASEBITSDIR/etc/fstab"
diff --cc release/arm64/make-memstick.sh
index 35be4edfa9f6,0cde77b018b8..000000000000
--- a/release/arm64/make-memstick.sh
+++ b/release/arm64/make-memstick.sh
@@@ -33,9 -33,9 +33,15 @@@ if [ -e ${2} ]; the
exit 1
fi
++<<<<<<< HEAD
+echo '/dev/ufs/HardenedBSD_Install / ufs ro,noatime 1 1' > ${1}/etc/fstab
+echo 'root_rw_mount="NO"' > ${1}/etc/rc.conf.local
+makefs -B little -o label=HardenedBSD_Install -o version=2 ${2}.part ${1}
++=======
+ echo '/dev/ufs/FreeBSD_Install / ufs ro,noatime 1 1' > ${1}/etc/fstab
+ echo 'root_rw_mount="NO"' > ${1}/etc/rc.conf.local
+ makefs -B little -o label=FreeBSD_Install -o version=2 ${2}.part ${1}
++>>>>>>> upstream/main
rm ${1}/etc/fstab
rm ${1}/etc/rc.conf.local
diff --cc release/packages/Makefile.package
index b8baf013250f,ee48bdb47534..000000000000
mode 100644,100644..100755
--- a/release/packages/Makefile.package
+++ b/release/packages/Makefile.package
@@@ -40,8 -40,6 +40,11 @@@ gdb_COMMENT= GDB Utilitie
gdb_DESC= GDB Utilities
groff_COMMENT= Groff Utilities
groff_DESC= Groff Utilities
++<<<<<<< HEAD
+hardenedbsd_COMMENT= HardenedBSD Utilities
+hardenedbsd_DESC= HardenedBSD Utilities
++=======
++>>>>>>> upstream/main
hast_COMMENT= Highly Available Storage daemon
hast_DESC= Highly Available Storage daemon
hostapd_COMMENT= 802.11 Access Point Daemon an Utilities
diff --cc release/pkg_repos/release-dvd.conf
index b908b720ed9b,95413592b719..000000000000
mode 100644,100644..100755
--- a/release/pkg_repos/release-dvd.conf
+++ b/release/pkg_repos/release-dvd.conf
@@@ -1,6 -1,6 +1,10 @@@
# $FreeBSD$
release: {
++<<<<<<< HEAD
+ url: "pkg+http://pkgs.HardenedBSD.org/HardenedBSD/pkg/${ABI}",
++=======
+ url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
++>>>>>>> upstream/main
mirror_type: "srv",
signature_type: "fingerprints",
fingerprints: "/usr/share/keys/pkg",
diff --cc release/rc.local
index 2cbbff7fc45d,8162cd1efff6..000000000000
--- a/release/rc.local
+++ b/release/rc.local
@@@ -33,7 -33,7 +33,11 @@@ if [ $? -eq 0 ]; the
else
# Serial or other console
echo
++<<<<<<< HEAD
+ echo "Welcome to HardenedBSD!"
++=======
+ echo "Welcome to FreeBSD!"
++>>>>>>> upstream/main
echo
echo "Please choose the appropriate terminal type for your system."
echo "Common console types are:"
@@@ -50,15 -50,15 +54,26 @@@ export TER
if [ -f /etc/installerconfig ]; then
if bsdinstall script /etc/installerconfig; then
++<<<<<<< HEAD
+ dialog --backtitle "HardenedBSD Installer" --title "Complete" --no-cancel --ok-label "Reboot" --pause "Installation of HardenedBSD complete! Rebooting in 10 seconds" 10 30 10
+ reboot
+ else
+ dialog --backtitle "HardenedBSD Installer" --title "Error" --textbox /tmp/bsdinstall_log 0 0
++=======
+ dialog --backtitle "FreeBSD Installer" --title "Complete" --no-cancel --ok-label "Reboot" --pause "Installation of FreeBSD complete! Rebooting in 10 seconds" 10 30 10
+ reboot
+ else
+ dialog --backtitle "FreeBSD Installer" --title "Error" --textbox /tmp/bsdinstall_log 0 0
++>>>>>>> upstream/main
fi
exit
fi
++<<<<<<< HEAD
+dialog --backtitle "HardenedBSD Installer" --title "Welcome" --extra-button --extra-label "Shell" --ok-label "Install" --cancel-label "Live CD" --yesno "Welcome to HardenedBSD! Would you like to begin an installation or use the live CD?" 0 0
++=======
+ dialog --backtitle "FreeBSD Installer" --title "Welcome" --extra-button --extra-label "Shell" --ok-label "Install" --cancel-label "Live CD" --yesno "Welcome to FreeBSD! Would you like to begin an installation or use the live CD?" 0 0
++>>>>>>> upstream/main
case $? in
$DIALOG_OK) # Install
@@@ -71,7 -71,7 +86,11 @@@
trap true SIGINT # Ignore cntrl-C here
bsdinstall
if [ $? -eq 0 ]; then
++<<<<<<< HEAD
+ dialog --backtitle "HardenedBSD Installer" --title "Complete" --yes-label "Reboot" --no-label "Live CD" --yesno "Installation of HardenedBSD complete! Would you like to reboot into the installed system now?" 0 0 && reboot
++=======
+ dialog --backtitle "FreeBSD Installer" --title "Complete" --yes-label "Reboot" --no-label "Live CD" --yesno "Installation of FreeBSD complete! Would you like to reboot into the installed system now?" 0 0 && reboot
++>>>>>>> upstream/main
else
. /etc/rc.local
fi
diff --cc release/release.sh
index 3dd967b9202c,6e76b0cb37d1..000000000000
--- a/release/release.sh
+++ b/release/release.sh
@@@ -208,7 -208,7 +208,11 @@@ env_check()
${CONF_FILES}"
RELEASE_KMAKEFLAGS="${MAKE_FLAGS} ${KERNEL_FLAGS} \
KERNCONF=\"${KERNEL}\" ${ARCH_FLAGS} ${CONF_FILES}"
++<<<<<<< HEAD
+ RELEASE_RMAKEFLAGS="${ARCH_FLAGS} ${OSRELEASE} \
++=======
+ RELEASE_RMAKEFLAGS="${ARCH_FLAGS} \
++>>>>>>> upstream/main
KERNCONF=\"${KERNEL}\" ${CONF_FILES} ${SRCDOCPORTS} \
WITH_DVD=${WITH_DVD} WITH_VMIMAGES=${WITH_VMIMAGES} \
WITH_CLOUDWARE=${WITH_CLOUDWARE} XZ_THREADS=${XZ_THREADS}"
diff --cc release/scripts/pkg-stage.sh
index 685d62bcafa6,6dd9f2b62f27..000000000000
--- a/release/scripts/pkg-stage.sh
+++ b/release/scripts/pkg-stage.sh
@@@ -13,9 -13,9 +13,15 @@@ export PKGCMD="/usr/sbin/pkg -d
export PORTSDIR="${PORTSDIR:-/usr/ports}"
_DVD_PACKAGES="archivers/unzip
++<<<<<<< HEAD
+devel/git
+devel/subversion
+devel/subversion-static
++=======
+ devel/subversion
+ devel/subversion-static
+ emulators/linux_base-c6
++>>>>>>> upstream/main
graphics/drm-legacy-kmod
graphics/drm-stable-kmod
misc/freebsd-doc-all
diff --cc rescue/librescue/Makefile
index 0a054d35b24e,2116219dc746..000000000000
mode 100644,100644..100755
--- a/rescue/librescue/Makefile
+++ b/rescue/librescue/Makefile
@@@ -46,6 -46,4 +46,9 @@@ CFLAGS+= -DHESIO
.endif
CFLAGS+= -I${SRCTOP}/lib/libc/include
++<<<<<<< HEAD
+NOPIE= yes
+
++=======
++>>>>>>> upstream/main
.include <bsd.lib.mk>
diff --cc rescue/rescue/Makefile
index 20cd910691d4,7352828a822c..000000000000
mode 100644,100644..100755
--- a/rescue/rescue/Makefile
+++ b/rescue/rescue/Makefile
@@@ -6,7 -6,7 +6,11 @@@
PACKAGE=rescue
MAN=
MK_SSP= no
++<<<<<<< HEAD
+MK_CFI= no
++=======
+ NO_SHARED= yes
++>>>>>>> upstream/main
PROG= rescue
BINDIR?=/rescue
@@@ -233,7 -233,5 +237,10 @@@ CRUNCH_PROGS_usr.bin+= iscsict
CRUNCH_PROGS_usr.sbin+= iscsid
.endif
++<<<<<<< HEAD
+NOPIE= yes
+
++=======
++>>>>>>> upstream/main
.include <bsd.crunchgen.mk>
.include <bsd.prog.mk>
diff --cc sbin/devd/Makefile
index f3b1b0de7e53,8120126807ce..000000000000
mode 100644,100644..100755
--- a/sbin/devd/Makefile
+++ b/sbin/devd/Makefile
@@@ -32,9 -32,7 +32,13 @@@ PROG_CXX=dev
SRCS= devd.cc token.l parse.y y.tab.h
MAN= devd.8 devd.conf.5
++<<<<<<< HEAD
+.if ${MK_DEVD_PIE} == "no"
NO_SHARED?=YES
+.endif
++=======
++NO_SHARED?=YES
++>>>>>>> upstream/main
LIBADD= util
diff --cc sbin/devd/devd.conf
index 40b637445f35,dba7d41402d7..000000000000
mode 100644,100644..100755
--- a/sbin/devd/devd.conf
+++ b/sbin/devd/devd.conf
@@@ -315,12 -315,12 +315,21 @@@ notify 100
# automated debugging session after the core dump is generated.
# Replace action with a proper coredump handler, but be aware that
# it will run with elevated privileges.
++<<<<<<< HEAD
+#notify 10 {
+# match "system" "kernel";
+# match "subsystem" "signal";
+# match "type" "coredump";
+# action "logger $comm $core";
+#};
++=======
+ notify 10 {
+ match "system" "kernel";
+ match "subsystem" "signal";
+ match "type" "coredump";
+ action "logger $comm $core";
+ };
++>>>>>>> upstream/main
# Let the init(8) know there's a new USB serial interface it might
# want to run getty(8) for. This includes device-side tty created
diff --cc sbin/geom/Makefile
index 9641763afa4b,0c6e6e2b95c8..000000000000
mode 100644,100644..100755
--- a/sbin/geom/Makefile
+++ b/sbin/geom/Makefile
@@@ -11,8 -11,6 +11,11 @@@ MAN= geom.
CFLAGS+= -I${.CURDIR} -I${.CURDIR}/core
CFLAGS+= -DGEOM_CLASS_DIR=\"${GEOM_CLASS_DIR}\"
++<<<<<<< HEAD
+NOCFI= yes
+
++=======
++>>>>>>> upstream/main
LIBADD= geom util
.if defined(RESCUE)
diff --cc sbin/init/Makefile
index dc70771cd842,3c242617fe7a..000000000000
mode 100644,100644..100755
--- a/sbin/init/Makefile
+++ b/sbin/init/Makefile
@@@ -22,8 -22,6 +22,11 @@@ CONFTTYS+= ttys.${MACHINE_CPUARCH
.error MACHINE.ttys missing
.endif
++<<<<<<< HEAD
+NOCFI= yes
+
++=======
++>>>>>>> upstream/main
# Needed for getmntopts.c
MOUNT= ${SRCTOP}/sbin/mount
CFLAGS+=-I${MOUNT}
diff --cc sbin/init/ttys.aarch64
index 3f04160d50dd,7412f97fee0b..000000000000
mode 100644,100644..100755
--- a/sbin/init/ttys.aarch64
+++ b/sbin/init/ttys.aarch64
@@@ -27,7 -27,7 +27,11 @@@
#
# If console is marked "insecure", then init will ask for the root password
# when going to single-user mode.
++<<<<<<< HEAD
+console none unknown off insecure
++=======
+ console none unknown off secure
++>>>>>>> upstream/main
#
ttyv0 "/usr/libexec/getty Pc" xterm onifexists secure
# Virtual terminals
diff --cc sbin/init/ttys.amd64
index bdf77175557b,b8392780ac9a..000000000000
mode 100644,100644..100755
--- a/sbin/init/ttys.amd64
+++ b/sbin/init/ttys.amd64
@@@ -27,7 -27,7 +27,11 @@@
#
# If console is marked "insecure", then init will ask for the root password
# when going to single-user mode.
++<<<<<<< HEAD
+console none unknown off insecure
++=======
+ console none unknown off secure
++>>>>>>> upstream/main
#
ttyv0 "/usr/libexec/getty Pc" xterm onifexists secure
# Virtual terminals
diff --cc sbin/init/ttys.arm
index 270e77bcaee7,8bbb4883fbd6..000000000000
mode 100644,100644..100755
--- a/sbin/init/ttys.arm
+++ b/sbin/init/ttys.arm
@@@ -27,7 -27,7 +27,11 @@@
#
# If console is marked "insecure", then init will ask for the root password
# when going to single-user mode.
++<<<<<<< HEAD
+console none unknown off insecure
++=======
+ console none unknown off secure
++>>>>>>> upstream/main
#
ttyv0 "/usr/libexec/getty Pc" xterm onifexists secure
# Virtual terminals
diff --cc sbin/init/ttys.i386
index bdf77175557b,b8392780ac9a..000000000000
mode 100644,100644..100755
--- a/sbin/init/ttys.i386
+++ b/sbin/init/ttys.i386
@@@ -27,7 -27,7 +27,11 @@@
#
# If console is marked "insecure", then init will ask for the root password
# when going to single-user mode.
++<<<<<<< HEAD
+console none unknown off insecure
++=======
+ console none unknown off secure
++>>>>>>> upstream/main
#
ttyv0 "/usr/libexec/getty Pc" xterm onifexists secure
# Virtual terminals
diff --cc sbin/init/ttys.mips
index f59fa94c102a,21bb9325f3bf..000000000000
mode 100644,100644..100755
--- a/sbin/init/ttys.mips
+++ b/sbin/init/ttys.mips
@@@ -27,7 -27,7 +27,11 @@@
#
# If console is marked "insecure", then init will ask for the root password
# when going to single-user mode.
++<<<<<<< HEAD
+console none unknown off insecure
++=======
+ console none unknown off secure
++>>>>>>> upstream/main
# Serial terminals
# The 'dialup' keyword identifies dialin lines to login, fingerd etc.
ttyu0 "/usr/libexec/getty 3wire" vt100 onifconsole secure
diff --cc sbin/init/ttys.powerpc
index ad39728252b5,b0722e4522dd..000000000000
mode 100644,100644..100755
--- a/sbin/init/ttys.powerpc
+++ b/sbin/init/ttys.powerpc
@@@ -27,7 -27,7 +27,11 @@@
#
# If console is marked "insecure", then init will ask for the root password
# when going to single-user mode.
++<<<<<<< HEAD
+console none unknown off insecure
++=======
+ console none unknown off secure
++>>>>>>> upstream/main
#
ttyv0 "/usr/libexec/getty Pc" xterm onifexists secure
# Virtual terminals
diff --cc sbin/ldconfig/Makefile
index 0d0e33003a5a,8360a3f6648e..000000000000
mode 100644,100644..100755
--- a/sbin/ldconfig/Makefile
+++ b/sbin/ldconfig/Makefile
@@@ -1,7 -1,5 +1,10 @@@
# $FreeBSD$
++<<<<<<< HEAD
+.include <src.opts.mk>
+
++=======
++>>>>>>> upstream/main
PACKAGE=runtime
PROG= ldconfig
SRCS= elfhints.c ldconfig.c shlib.c support.c
diff --cc sbin/md5/Makefile
index 1f4c0be90edc,dcbd94dcd381..000000000000
mode 100644,100644..100755
--- a/sbin/md5/Makefile
+++ b/sbin/md5/Makefile
@@@ -4,8 -4,6 +4,11 @@@
PACKAGE=runtime
PROG= md5
++<<<<<<< HEAD
+CFI_OVERRIDE=-fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
LINKS= ${BINDIR}/md5 ${BINDIR}/rmd160 \
${BINDIR}/md5 ${BINDIR}/sha1 \
${BINDIR}/md5 ${BINDIR}/sha224 \
diff --cc sbin/mount_nfs/Makefile
index 3c16ba942058,a896edef898f..000000000000
mode 100644,100644..100755
--- a/sbin/mount_nfs/Makefile
+++ b/sbin/mount_nfs/Makefile
@@@ -11,8 -11,6 +11,11 @@@ MOUNT= ${.CURDIR:H}/moun
UMNTALL= ${SRCTOP}/usr.sbin/rpc.umntall
CFLAGS+= -DNFS -I${MOUNT} -I${UMNTALL}
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.PATH: ${MOUNT} ${UMNTALL}
.include <bsd.prog.mk>
diff --cc share/examples/Makefile
index 37941825b0e7,f4273d2266f0..000000000000
mode 100644,100644..100755
--- a/share/examples/Makefile
+++ b/share/examples/Makefile
@@@ -17,7 -17,6 +17,10 @@@ LDIRS= BSD_daemon
etc \
find_interface \
flua \
++<<<<<<< HEAD
+ hardenedbsd \
++=======
++>>>>>>> upstream/main
indent \
ipfw \
jails \
@@@ -113,9 -112,6 +116,12 @@@ SUBDIR+= ipfilte
SE_DIRS+= ipfw
SE_IPFW= change_rules.sh
++<<<<<<< HEAD
+SE_DIRS+= hardenedbsd
+SE_HARDENEDBSD= hbsdcontrol.sh
+
++=======
++>>>>>>> upstream/main
SE_DIRS+= jails
SE_JAILS= \
README \
diff --cc share/examples/bhyve/vmrun.sh
index 03d932451c61,607597015e62..000000000000
--- a/share/examples/bhyve/vmrun.sh
+++ b/share/examples/bhyve/vmrun.sh
@@@ -63,7 -63,7 +63,11 @@@ usage()
echo " [-L <VNC IP for UEFI framebuffer>]"
echo " [-m <memsize>]" \
"[-n <network adapter emulation type>]"
++<<<<<<< HEAD
+ echo " [-P <port>] [-s password] [-t <tapdev>] <vmname>"
++=======
+ echo " [-P <port>] [-t <tapdev>] <vmname>"
++>>>>>>> upstream/main
echo ""
echo " -h: display this help message"
echo " -a: force memory mapped local APIC access"
@@@ -90,7 -90,6 +94,10 @@@
echo " -p: pass-through a host PCI device at bus/slot/func" \
"(e.g. 10/0/0)"
echo " -P: UEFI GOP VNC port (default: ${DEFAULT_VNCPORT})"
++<<<<<<< HEAD
+ echo " -s: UEFI GOP VNC password"
++=======
++>>>>>>> upstream/main
echo " -t: tap device for virtio-net (default: $DEFAULT_TAPDEV)"
echo " -T: Enable tablet device (for UEFI GOP)"
echo " -u: RTC keeps UTC time"
@@@ -106,13 -105,10 +113,20 @@@ if [ `id -u` -ne 0 ]; the
exit 1
fi
++<<<<<<< HEAD
+JAIL_TEST=`sysctl -n security.jail.jailed`
+if [ $JAIL_TEST == 0 ]; then
+ kldstat -n vmm > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ errmsg "vmm.ko is not loaded"
+ exit 1
+ fi
++=======
+ kldstat -n vmm > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ errmsg "vmm.ko is not loaded"
+ exit 1
++>>>>>>> upstream/main
fi
force_install=0
@@@ -133,13 -129,12 +147,20 @@@ pass_total=
efi_mode=0
efi_firmware="/usr/local/share/uefi-firmware/BHYVE_UEFI.fd"
vncwait=""
++<<<<<<< HEAD
+vncpassword=""
++=======
++>>>>>>> upstream/main
vnchost=${DEFAULT_VNCHOST}
vncport=${DEFAULT_VNCPORT}
vncsize=${DEFAULT_VNCSIZE}
tablet=""
++<<<<<<< HEAD
+while getopts aAc:C:d:e:Ef:F:g:hH:iI:l:L:m:n:p:P:s:t:Tuvw c ; do
++=======
+ while getopts aAc:C:d:e:Ef:F:g:hH:iI:l:L:m:n:p:P:t:Tuvw c ; do
++>>>>>>> upstream/main
case $c in
a)
bhyverun_opt="${bhyverun_opt} -a"
@@@ -203,9 -198,6 +224,12 @@@
P)
vncport="${OPTARG}"
;;
++<<<<<<< HEAD
+ s)
+ vncpassword=",password=${OPTARG}"
+ ;;
++=======
++>>>>>>> upstream/main
t)
eval "tap_dev${tap_total}=\"${OPTARG}\""
tap_total=$(($tap_total + 1))
@@@ -369,7 -361,7 +393,11 @@@ while [ 1 ]; d
efiargs=""
if [ ${efi_mode} -gt 0 ]; then
efiargs="-s 29,fbuf,tcp=${vnchost}:${vncport},"
++<<<<<<< HEAD
+ efiargs="${efiargs}${vncsize}${vncwait}${vncpassword}"
++=======
+ efiargs="${efiargs}${vncsize}${vncwait}"
++>>>>>>> upstream/main
efiargs="${efiargs} -l bootrom,${efi_firmware}"
efiargs="${efiargs} ${tablet}"
fi
diff --cc share/keys/Makefile
index 41b740797d9a,d685b064ccd3..000000000000
mode 100644,100644..100755
--- a/share/keys/Makefile
+++ b/share/keys/Makefile
@@@ -1,11 -1,5 +1,16 @@@
# $FreeBSD$
++<<<<<<< HEAD
+.include <src.opts.mk>
+
+SUBDIR= pkg
+
+.if ${MK_HBSD_UPDATE} != "no"
+SUBDIR+= hbsd-update
+.endif
+
++=======
+ SUBDIR= pkg
+
++>>>>>>> upstream/main
.include <bsd.subdir.mk>
diff --cc share/keys/pkg/trusted/Makefile
index f95b3369a0eb,2da13d579e82..000000000000
mode 100644,100644..100755
--- a/share/keys/pkg/trusted/Makefile
+++ b/share/keys/pkg/trusted/Makefile
@@@ -2,7 -2,7 +2,11 @@@
PACKAGE= utilities
++<<<<<<< HEAD
+FILES= pkg.freebsd.org.2013102301 pkg.hardenedbsd.org.2014-09-04
++=======
+ FILES= pkg.freebsd.org.2013102301
++>>>>>>> upstream/main
FILESDIR= ${SHAREDIR}/keys/pkg/trusted
FILESMODE= 644
diff --cc share/man/man4/Makefile
index 7fc6d7600347,f453a8340428..000000000000
mode 100644,100644..100755
--- a/share/man/man4/Makefile
+++ b/share/man/man4/Makefile
@@@ -51,7 -51,6 +51,10 @@@ MAN= aac.4
${_aout.4} \
${_apic.4} \
arcmsr.4 \
++<<<<<<< HEAD
+ aslr.4 \
++=======
++>>>>>>> upstream/main
${_asmc.4} \
at45d.4 \
ata.4 \
@@@ -180,7 -179,6 +183,10 @@@
gpioths.4 \
gre.4 \
h_ertt.4 \
++<<<<<<< HEAD
+ hardening.4 \
++=======
++>>>>>>> upstream/main
hifn.4 \
hme.4 \
hpet.4 \
diff --cc share/man/man5/Makefile
index 65dacf018b97,2083993b0795..000000000000
mode 100644,100644..100755
--- a/share/man/man5/Makefile
+++ b/share/man/man5/Makefile
@@@ -27,8 -27,6 +27,11 @@@ MAN= acct.5
fstab.5 \
fusefs.5 \
group.5 \
++<<<<<<< HEAD
+ hbsd-update.conf.5 \
+ hbsd-update-build.conf.5 \
++=======
++>>>>>>> upstream/main
hosts.5 \
hosts.equiv.5 \
hosts.lpd.5 \
diff --cc share/man/man5/src.conf.5
index 179f83351d2a,ab78b6dbc7ff..000000000000
mode 100644,100644..100755
--- a/share/man/man5/src.conf.5
+++ b/share/man/man5/src.conf.5
@@@ -178,11 -178,11 +178,19 @@@ an
.Xr bhyvectl 8 .
.Pp
This option only affects amd64/amd64.
++<<<<<<< HEAD
+.It Va WITHOUT_BIND_NOW
+Do not build all binaries with the
+.Dv DF_BIND_NOW
+flag set.
+Run-time relocation processing will be performed on demand.
++=======
+ .It Va WITH_BIND_NOW
+ Build all binaries with the
+ .Dv DF_BIND_NOW
+ flag set to indicate that the run-time loader should perform all relocation
+ processing at process startup rather than on demand.
++>>>>>>> upstream/main
.It Va WITHOUT_BLACKLIST
Set this if you do not want to build
.Xr blacklistd 8
@@@ -314,16 -314,6 +322,19 @@@ When set, it enforces these options
.It
.Va WITHOUT_ZFS
.El
++<<<<<<< HEAD
+.It Va WITHOUT_CFI
+Set to build without Control-Flow Integrity (CFI)
+.Pp
+This is a default setting on
+arm/armv6, arm/armv7, mips/mips, mips/mips64, powerpc/powerpc, powerpc/powerpc64, riscv/riscv64 and riscv/riscv64sf.
+.It Va WITH_CFI
+Set to build with Control-Flow Integrity (CFI)
+.Pp
+This is a default setting on
+amd64/amd64 and arm64/aarch64.
++=======
++>>>>>>> upstream/main
.It Va WITHOUT_CLANG
Set to not build the Clang C/C++ compiler during the regular phase of the build.
When set, it enforces these options:
@@@ -337,8 -327,6 +348,11 @@@
.Va WITHOUT_CLANG_FULL
.It
.Va WITHOUT_LLVM_COV
++<<<<<<< HEAD
+.It
+.Va WITHOUT_SAFESTACK
++=======
++>>>>>>> upstream/main
.El
.It Va WITHOUT_CLANG_BOOTSTRAP
Set to not build the Clang C/C++ compiler during the bootstrap phase of
@@@ -348,9 -336,6 +362,12 @@@ enabled unless an alternate compiler i
.It Va WITH_CLANG_EXTRAS
Set to build additional clang and llvm tools, such as bugpoint and
clang-format.
++<<<<<<< HEAD
+.Pp
+This is a default setting on
+amd64/amd64 and arm64/aarch64.
++=======
++>>>>>>> upstream/main
.It Va WITH_CLANG_FORMAT
Set to build clang-format.
.It Va WITHOUT_CLANG_FULL
@@@ -384,15 -369,11 +401,21 @@@ When set, it enforces these options
.Pp
.Bl -item -compact
.It
++<<<<<<< HEAD
+.Va WITHOUT_CFI
+.It
++=======
++>>>>>>> upstream/main
.Va WITHOUT_CLANG_BOOTSTRAP
.It
.Va WITHOUT_ELFTOOLCHAIN_BOOTSTRAP
.It
.Va WITHOUT_LLD_BOOTSTRAP
++<<<<<<< HEAD
+.It
+.Va WITHOUT_RETPOLINE
++=======
++>>>>>>> upstream/main
.El
.It Va WITHOUT_CRYPT
Set to not build any crypto code.
@@@ -450,7 -431,7 +473,11 @@@ Set to buil
.Xr cxgbetool 8
.Pp
This is a default setting on
++<<<<<<< HEAD
+amd64/amd64, arm64/aarch64 and powerpc/powerpc64.
++=======
+ amd64/amd64, arm64/aarch64, i386/i386 and powerpc/powerpc64.
++>>>>>>> upstream/main
.It Va WITHOUT_CXX
Set to not build
.Xr c++ 1
@@@ -477,24 -458,11 +504,30 @@@ When set, it enforces these options
.It
.Va WITHOUT_LLVM_COV
.It
++<<<<<<< HEAD
+.Va WITHOUT_SAFESTACK
+.It
++=======
++>>>>>>> upstream/main
.Va WITHOUT_TESTS
.El
.It Va WITHOUT_DEBUG_FILES
Set to avoid building or installing standalone debug files for each
executable binary and shared library.
++<<<<<<< HEAD
+.It Va WITH_DEVD_PIE
+Enable building
+.Xr devd 8
+as a Position-Independent Executable (PIE).
+.Pp
+This option should be used with extreme caution.
+.Pp
+.Sy Warning :
+DO NOT USE
+this option if /usr is NOT on the same filesystem
+as /.
++=======
++>>>>>>> upstream/main
.It Va WITHOUT_DIALOG
Set to not build
.Xr dialog 1 ,
@@@ -628,7 -596,7 +661,11 @@@ an
.Xr efivar 8 .
.Pp
This is a default setting on
++<<<<<<< HEAD
+amd64/amd64, arm/armv6, arm/armv7, arm64/aarch64, riscv/riscv64 and riscv/riscv64sf.
++=======
+ amd64/amd64, arm/armv6, arm/armv7, arm64/aarch64, i386/i386, riscv/riscv64 and riscv/riscv64sf.
++>>>>>>> upstream/main
.It Va WITHOUT_ELFTOOLCHAIN_BOOTSTRAP
Set to not build ELF Tool Chain tools
(addr2line, nm, size, strings and strip)
@@@ -678,8 -646,8 +715,13 @@@ Set to build bootloaders without Forth
Set to build
.Nm libc
without floating-point support.
++<<<<<<< HEAD
+.It Va WITH_FREEBSD_UPDATE
+Set to build
++=======
+ .It Va WITHOUT_FREEBSD_UPDATE
+ Set to not build
++>>>>>>> upstream/main
.Xr freebsd-update 8 .
.It Va WITHOUT_FTP
Set to not build or install
@@@ -699,7 -667,7 +741,11 @@@ Set to buil
.Xr gdb 1 .
.Pp
This is a default setting on
++<<<<<<< HEAD
+amd64/amd64, arm/armv6, arm/armv7, mips/mips, mips/mips64, powerpc/powerpc and powerpc/powerpc64.
++=======
+ amd64/amd64, arm/armv6, arm/armv7, i386/i386, mips/mips, mips/mips64, powerpc/powerpc and powerpc/powerpc64.
++>>>>>>> upstream/main
.It Va WITHOUT_GH_BC
Set to not build and install the enhanced
.Xr bc 1
@@@ -731,7 -699,7 +777,11 @@@ Set to build and instal
and dependent tests.
.Pp
This is a default setting on
++<<<<<<< HEAD
+amd64/amd64, arm/armv6, arm/armv7, arm64/aarch64, powerpc/powerpc, powerpc/powerpc64, riscv/riscv64 and riscv/riscv64sf.
++=======
+ amd64/amd64, arm/armv6, arm/armv7, arm64/aarch64, i386/i386, powerpc/powerpc, powerpc/powerpc64, riscv/riscv64 and riscv/riscv64sf.
++>>>>>>> upstream/main
.It Va WITHOUT_GPIO
Set to not build
.Xr gpioctl 8
@@@ -742,18 -710,6 +792,21 @@@ Set to not build libgssapi
Set to not build
.Xr hastd 8
and related utilities.
++<<<<<<< HEAD
+.It Va WITHOUT_HBSDCONTROL
+.\" $HardenedBSD$
+Set to not build
+.Xr hbsdcontrol 8
+and
+.Xr libhbsdcontrol 3 .
+.It Va WITHOUT_HBSD_UPDATE
+.\" $HardenedBSD$
+Set to not build
+.Xr hbsd-update 8
+and
+.Xr hbsd-update-build 8 .
++=======
++>>>>>>> upstream/main
.It Va WITH_HESIOD
Set to build Hesiod support.
.It Va WITHOUT_HTML
@@@ -767,7 -723,7 +820,11 @@@ arm/armv6, arm/armv7, arm64/aarch64, mi
Set to build or install HyperV utilities.
.Pp
This is a default setting on
++<<<<<<< HEAD
+amd64/amd64.
++=======
+ amd64/amd64 and i386/i386.
++>>>>>>> upstream/main
.It Va WITHOUT_ICONV
Set to not build iconv as part of libc.
.It Va WITHOUT_INCLUDES
@@@ -801,6 -757,15 +858,18 @@@ Set to not buil
.Xr inetd 8 .
.It Va WITHOUT_INET_SUPPORT
Set to build libraries, programs, and kernel modules without IPv4 support.
++<<<<<<< HEAD
++=======
+ .It Va WITH_INIT_ALL_PATTERN
+ Set to build the base system or kernel with stack variables initialized to
+ .Pq compiler defined
+ debugging patterns on function entry.
+ This option requires the clang compiler.
+ .It Va WITH_INIT_ALL_ZERO
+ Set to build the base system or kernel with stack variables initialized
+ to zero on function entry.
+ This option requires that the clang compiler be used.
++>>>>>>> upstream/main
.It Va WITHOUT_INSTALLLIB
Set this to not install optional libraries.
For example, when creating a
@@@ -863,6 -828,9 +932,12 @@@ Set to build some programs without Kerb
.Xr sshd 8 ,
and
.Xr telnetd 8 .
++<<<<<<< HEAD
++=======
+ .It Va WITH_KERNEL_RETPOLINE
+ Set to enable the "retpoline" mitigation for CVE-2017-5715 in the kernel
+ build.
++>>>>>>> upstream/main
.It Va WITHOUT_KERNEL_SYMBOLS
Set to not install kernel symbol files.
.Bf -symbolic
@@@ -907,10 -875,13 +982,20 @@@ Set to not build programs that support
.Xr kbdcontrol 1
and
.Xr vidcontrol 1 .
++<<<<<<< HEAD
+.It Va WITH_LIB32
+On 64-bit platforms, set to build 32-bit library set and a
+.Nm ld-elf32.so.1
+runtime linker.
++=======
+ .It Va WITHOUT_LIB32
+ On 64-bit platforms, set to not build 32-bit library set and a
+ .Nm ld-elf32.so.1
+ runtime linker.
+ .Pp
+ This is a default setting on
+ arm/armv6, arm/armv7, arm64/aarch64, i386/i386, mips/mips, powerpc/powerpc, riscv/riscv64 and riscv/riscv64sf.
++>>>>>>> upstream/main
.It Va WITHOUT_LIBCPLUSPLUS
Set to avoid building libcxxrt and libc++.
.It Va WITHOUT_LIBPTHREAD
@@@ -943,30 -914,14 +1028,39 @@@ arm/armv6, arm/armv7, mips/mips, mips/m
Set to build the LLDB debugger.
.Pp
This is a default setting on
++<<<<<<< HEAD
+amd64/amd64 and arm64/aarch64.
++=======
+ amd64/amd64, arm64/aarch64 and i386/i386.
++>>>>>>> upstream/main
.It Va WITHOUT_LLD_BOOTSTRAP
Set to not build the LLD linker during the bootstrap phase of
the build.
To be able to build the system, either Binutils or LLD bootstrap must be
enabled unless an alternate linker is provided via XLD.
++<<<<<<< HEAD
+When set, it enforces these options:
+.Pp
+.Bl -item -compact
+.It
+.Va WITHOUT_CFI
+.It
+.Va WITHOUT_RETPOLINE
+.El
.It Va WITHOUT_LLD_IS_LD
Set to use GNU binutils ld as the system linker, instead of LLVM's LLD.
+When set, it enforces these options:
+.Pp
+.Bl -item -compact
+.It
+.Va WITHOUT_CFI
+.It
+.Va WITHOUT_RETPOLINE
+.El
++=======
++.It Va WITHOUT_LLD_IS_LD
++Set to use GNU binutils ld as the system linker, instead of LLVM's LLD.
++>>>>>>> upstream/main
.It Va WITHOUT_LLVM_ASSERTIONS
Set to disable debugging assertions in LLVM.
.It Va WITHOUT_LLVM_COV
@@@ -1054,7 -1009,7 +1148,11 @@@ powerpc/powerpc and powerpc/powerpc64
Set to build GELI bootloader support.
.Pp
This is a default setting on
++<<<<<<< HEAD
+amd64/amd64, arm/armv6, arm/armv7, arm64/aarch64, mips/mips, mips/mips64, riscv/riscv64 and riscv/riscv64sf.
++=======
+ amd64/amd64, arm/armv6, arm/armv7, arm64/aarch64, i386/i386, mips/mips, mips/mips64, riscv/riscv64 and riscv/riscv64sf.
++>>>>>>> upstream/main
.It Va WITHOUT_LOADER_LUA
Set to not build LUA bindings for the boot loader.
.Pp
@@@ -1064,12 -1019,12 +1162,20 @@@ powerpc/powerpc and powerpc/powerpc64
Set to build LUA bindings for the boot loader.
.Pp
This is a default setting on
++<<<<<<< HEAD
+amd64/amd64, arm/armv6, arm/armv7, arm64/aarch64, mips/mips, mips/mips64, riscv/riscv64 and riscv/riscv64sf.
++=======
+ amd64/amd64, arm/armv6, arm/armv7, arm64/aarch64, i386/i386, mips/mips, mips/mips64, riscv/riscv64 and riscv/riscv64sf.
++>>>>>>> upstream/main
.It Va WITHOUT_LOADER_OFW
Disable building of openfirmware bootloader components.
.Pp
This is a default setting on
++<<<<<<< HEAD
+amd64/amd64, arm/armv6, arm/armv7, arm64/aarch64, mips/mips, mips/mips64, riscv/riscv64 and riscv/riscv64sf.
++=======
+ amd64/amd64, arm/armv6, arm/armv7, arm64/aarch64, i386/i386, mips/mips, mips/mips64, riscv/riscv64 and riscv/riscv64sf.
++>>>>>>> upstream/main
.It Va WITH_LOADER_OFW
Set to build openfirmware bootloader components.
.Pp
@@@ -1079,7 -1034,7 +1185,11 @@@ powerpc/powerpc and powerpc/powerpc64
Disable building of ubldr.
.Pp
This is a default setting on
++<<<<<<< HEAD
+amd64/amd64, arm64/aarch64, riscv/riscv64 and riscv/riscv64sf.
++=======
+ amd64/amd64, arm64/aarch64, i386/i386, riscv/riscv64 and riscv/riscv64sf.
++>>>>>>> upstream/main
.It Va WITH_LOADER_UBOOT
Set to build ubldr.
.Pp
@@@ -1257,7 -1212,7 +1367,11 @@@ Set to buil
.Xr mlx5tool 8
.Pp
This is a default setting on
++<<<<<<< HEAD
+amd64/amd64, arm64/aarch64 and powerpc/powerpc64.
++=======
+ amd64/amd64, arm64/aarch64, i386/i386 and powerpc/powerpc64.
++>>>>>>> upstream/main
.It Va WITHOUT_NDIS
Set to not build programs and libraries
related to NDIS emulation support.
@@@ -1327,7 -1282,7 +1441,11 @@@ arm/armv6, arm/armv7, mips/mips, mips/m
Set to build nvme related tools and kernel modules.
.Pp
This is a default setting on
++<<<<<<< HEAD
+amd64/amd64, arm64/aarch64 and powerpc/powerpc64.
++=======
+ amd64/amd64, arm64/aarch64, i386/i386 and powerpc/powerpc64.
++>>>>>>> upstream/main
.It Va WITH_OFED
Set to build the
.Dq "OpenFabrics Enterprise Distribution"
@@@ -1347,7 -1302,7 +1465,11 @@@ arm/armv6, arm/armv7, mips/mips, mips/m
Set to build LLVM's OpenMP runtime.
.Pp
This is a default setting on
++<<<<<<< HEAD
+amd64/amd64, arm64/aarch64 and powerpc/powerpc64.
++=======
+ amd64/amd64, arm64/aarch64, i386/i386 and powerpc/powerpc64.
++>>>>>>> upstream/main
.It Va WITHOUT_OPENSSH
Set to not build OpenSSH.
.It Va WITHOUT_OPENSSL
@@@ -1413,6 -1368,9 +1535,12 @@@ When set, it enforces these options
.It
.Va WITHOUT_AUTHPF
.El
++<<<<<<< HEAD
++=======
+ .It Va WITH_PIE
+ Build dynamically linked binaries as
+ Position-Independent Executable (PIE).
++>>>>>>> upstream/main
.It Va WITHOUT_PKGBOOTSTRAP
Set to not build
.Xr pkg 7
@@@ -1421,8 -1379,8 +1549,13 @@@ bootstrap tool
Set to not build
.Xr pmccontrol 8
and related programs.
++<<<<<<< HEAD
+.It Va WITH_PORTSNAP
+Set to build or install
++=======
+ .It Va WITHOUT_PORTSNAP
+ Set to not build or install
++>>>>>>> upstream/main
.Xr portsnap 8
and related files.
.It Va WITHOUT_PPP
@@@ -1440,7 -1398,7 +1573,11 @@@ Set to build profiled libraries for us
.Xr gprof 8 .
.Pp
This is a default setting on
++<<<<<<< HEAD
+amd64/amd64, arm/armv6, arm/armv7, arm64/aarch64, mips/mips, powerpc/powerpc, powerpc/powerpc64, riscv/riscv64 and riscv/riscv64sf.
++=======
+ amd64/amd64, arm/armv6, arm/armv7, arm64/aarch64, i386/i386, mips/mips, powerpc/powerpc, powerpc/powerpc64, riscv/riscv64 and riscv/riscv64sf.
++>>>>>>> upstream/main
.It Va WITHOUT_QUOTAS
Set to not build
.Xr quota 1
@@@ -1472,18 -1430,9 +1609,24 @@@ bit-for-bit identical output
.It Va WITHOUT_RESCUE
Set to not build
.Xr rescue 8 .
++<<<<<<< HEAD
+.It Va WITHOUT_RETPOLINE
+Do not build the base system with the retpoline speculative execution
+vulnerability mitigation.
+.Pp
+This is a default setting on
+arm/armv6, arm/armv7, arm64/aarch64, mips/mips, mips/mips64, powerpc/powerpc, powerpc/powerpc64, riscv/riscv64 and riscv/riscv64sf.
+.It Va WITH_RETPOLINE
+Set to build the base system with the retpoline speculative execution
+vulnerability mitigation for CVE-2017-5715.
+.Pp
+This is a default setting on
+amd64/amd64.
++=======
+ .It Va WITH_RETPOLINE
+ Set to build the base system with the retpoline speculative execution
+ vulnerability mitigation for CVE-2017-5715.
++>>>>>>> upstream/main
.It Va WITHOUT_ROUTED
Set to not build
.Xr routed 8
@@@ -1492,16 -1441,6 +1635,19 @@@ utility
Set to build
.Xr rpcbind 8
with warmstart support.
++<<<<<<< HEAD
+.It Va WITHOUT_SAFESTACK
+Set to compile world without SafeStack.
+.Pp
+This is a default setting on
+arm/armv6, arm/armv7, arm64/aarch64, mips/mips, mips/mips64, powerpc/powerpc, powerpc/powerpc64, riscv/riscv64 and riscv/riscv64sf.
+.It Va WITH_SAFESTACK
+Set to compile with SafeStack.
+.Pp
+This is a default setting on
+amd64/amd64.
++=======
++>>>>>>> upstream/main
.It Va WITHOUT_SENDMAIL
Set to not build
.Xr sendmail 8
@@@ -1540,9 -1479,6 +1686,12 @@@ When set, it enforces these options
Set to not build kernel modules that include sourceless native code for host CPU.
.It Va WITHOUT_SOURCELESS_UCODE
Set to not build kernel modules that include sourceless microcode.
++<<<<<<< HEAD
+.It Va WITH_SPECTREV1_FIX
+Build the base system with speculative load hardening, a SpectreV1
+vulnerability mitigation.
++=======
++>>>>>>> upstream/main
.It Va WITHOUT_SSP
Set to not build world with propolice stack smashing protection.
.Pp
@@@ -1552,7 -1488,7 +1701,11 @@@ mips/mips and mips/mips64
Set to build world with propolice stack smashing protection.
.Pp
This is a default setting on
++<<<<<<< HEAD
+amd64/amd64, arm/armv6, arm/armv7, arm64/aarch64, powerpc/powerpc, powerpc/powerpc64, riscv/riscv64 and riscv/riscv64sf.
++=======
+ amd64/amd64, arm/armv6, arm/armv7, arm64/aarch64, i386/i386, powerpc/powerpc, powerpc/powerpc64, riscv/riscv64 and riscv/riscv64sf.
++>>>>>>> upstream/main
.It Va WITH_STAGING
Enable staging of files to a stage tree.
This can be best thought of as auto-install to
@@@ -1720,8 -1656,6 +1873,11 @@@ When set, it enforces these options
.Va WITHOUT_LLDB
.It
.Va WITHOUT_LLVM_COV
++<<<<<<< HEAD
+.It
+.Va WITHOUT_SAFESTACK
++=======
++>>>>>>> upstream/main
.El
.It Va WITHOUT_UNBOUND
Set to not build
diff --cc share/man/man9/sysctl.9
index e5354e61f965,2720932446c1..000000000000
mode 100644,100644..100755
--- a/share/man/man9/sysctl.9
+++ b/share/man/man9/sysctl.9
@@@ -891,10 -891,6 +891,13 @@@ Any user or process can write to this s
A process in capability mode can read from this sysctl.
.It Dv CTLFLAG_CAPWR
A process in capability mode can write to this sysctl.
++<<<<<<< HEAD
+.It Dv CTLFLAG_ROOTONLY
+Protect this sysctl by only allowing the non-jailed root user to
+access it.
+This flag is specific to HardenedBSD.
++=======
++>>>>>>> upstream/main
.It Dv CTLFLAG_SECURE
This sysctl can be written to only if the effective securelevel of the
process is \[<=] 0.
@@@ -1086,8 -1082,6 +1089,11 @@@ Compatibility layer information
Debugging information.
Various name spaces exist under
.Va debug .
++<<<<<<< HEAD
+.It Va hardening
+Kernel level hardening.
++=======
++>>>>>>> upstream/main
.It Va hw
Hardware and device driver information.
.It Va kern
diff --cc share/mk/Makefile
index 92864f2aab6a,786dae482ea4..000000000000
mode 100644,100644..100755
--- a/share/mk/Makefile
+++ b/share/mk/Makefile
@@@ -29,7 -29,6 +29,10 @@@ FILES=
bsd.dtb.mk \
bsd.endian.mk \
bsd.files.mk \
++<<<<<<< HEAD
+ bsd.hardenedbsd.mk \
++=======
++>>>>>>> upstream/main
bsd.incs.mk \
bsd.info.mk \
bsd.init.mk \
diff --cc share/mk/bsd.compiler.mk
index 0345ab9395ed,8253669fe279..000000000000
mode 100644,100644..100755
--- a/share/mk/bsd.compiler.mk
+++ b/share/mk/bsd.compiler.mk
@@@ -24,6 -24,7 +24,10 @@@
# - c++11: supports full (or nearly full) C++11 programming environment.
# - retpoline: supports the retpoline speculative execution vulnerability
# mitigation.
++<<<<<<< HEAD
++=======
+ # - init-all: supports stack variable initialization.
++>>>>>>> upstream/main
#
# These variables with an X_ prefix will also be provided if XCC is set.
#
@@@ -214,7 -215,7 +218,11 @@@ ${X_}COMPILER_FEATURES= c++11 c++1
${X_}COMPILER_FEATURES+= c++17
.endif
.if ${${X_}COMPILER_TYPE} == "clang"
++<<<<<<< HEAD
+${X_}COMPILER_FEATURES+= retpoline
++=======
+ ${X_}COMPILER_FEATURES+= retpoline init-all
++>>>>>>> upstream/main
.endif
.else
diff --cc share/mk/bsd.crunchgen.mk
index 477689b51c16,6d775ce9af05..000000000000
mode 100644,100644..100755
--- a/share/mk/bsd.crunchgen.mk
+++ b/share/mk/bsd.crunchgen.mk
@@@ -113,7 -113,6 +113,10 @@@ CRUNCHGEN?= crunchge
CRUNCHENV+= MK_TESTS=no \
UPDATE_DEPENDFILE=no \
_RECURSING_CRUNCH=1
++<<<<<<< HEAD
+CRUNCHENV+= MK_SAFESTACK=no MK_CFI=no
++=======
++>>>>>>> upstream/main
.ORDER: ${OUTPUTS} objs
${OUTPUTS:[1]}: .META
${OUTPUTS:[2..-1]}: .NOMETA
diff --cc share/mk/bsd.init.mk
index 8e6f59387a06,30eeb0b2a15b..000000000000
mode 100644,100644..100755
--- a/share/mk/bsd.init.mk
+++ b/share/mk/bsd.init.mk
@@@ -19,7 -19,6 +19,10 @@@ __<bsd.init.mk>__
.if exists(${.CURDIR}/../Makefile.inc)
.include "${.CURDIR}/../Makefile.inc"
.endif
++<<<<<<< HEAD
+.sinclude <src.opts.mk>
++=======
++>>>>>>> upstream/main
.include <bsd.own.mk>
.MAIN: all
diff --cc share/mk/bsd.lib.mk
index 336242d7ac84,3d429a6b5b8a..000000000000
mode 100644,100644..100755
--- a/share/mk/bsd.lib.mk
+++ b/share/mk/bsd.lib.mk
@@@ -71,6 -71,39 +71,42 @@@ TAGS+= package=${PACKAGE:Uutilities
TAG_ARGS= -T ${TAGS:[*]:S/ /,/g}
.endif
++<<<<<<< HEAD
++=======
+ # ELF hardening knobs
+ .if ${MK_BIND_NOW} != "no"
+ LDFLAGS+= -Wl,-znow
+ .endif
+ .if ${MK_RETPOLINE} != "no"
+ .if ${COMPILER_FEATURES:Mretpoline} && ${LINKER_FEATURES:Mretpoline}
+ CFLAGS+= -mretpoline
+ CXXFLAGS+= -mretpoline
+ LDFLAGS+= -Wl,-zretpolineplt
+ .else
+ .warning Retpoline requested but not supported by compiler or linker
+ .endif
+ .endif
+
+ # Initialize stack variables on function entry
+ .if ${MK_INIT_ALL_ZERO} == "yes"
+ .if ${COMPILER_FEATURES:Minit-all}
+ CFLAGS+= -ftrivial-auto-var-init=zero \
+ -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+ CXXFLAGS+= -ftrivial-auto-var-init=zero \
+ -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+ .else
+ .warning InitAll (zeros) requested but not support by compiler
+ .endif
+ .elif ${MK_INIT_ALL_PATTERN} == "yes"
+ .if ${COMPILER_FEATURES:Minit-all}
+ CFLAGS+= -ftrivial-auto-var-init=pattern
+ CXXFLAGS+= -ftrivial-auto-var-init=pattern
+ .else
+ .warning InitAll (pattern) requested but not support by compiler
+ .endif
+ .endif
+
++>>>>>>> upstream/main
.if ${MK_DEBUG_FILES} != "no" && empty(DEBUG_FLAGS:M-g) && \
empty(DEBUG_FLAGS:M-gdwarf*)
CFLAGS+= ${DEBUG_FILES_CFLAGS}
@@@ -93,42 -126,12 +129,51 @@@ CFLAGS += -mno-rela
# prefer .s to a .c, add .po, remove stuff not used in the BSD libraries
# .pico used for PIC object files
# .nossppico used for NOSSP PIC object files
++<<<<<<< HEAD
+.SUFFIXES: .out .o .bc .ll .po .pico .nossppico .S .asm .s .c .cc .cpp .cxx .C .f .y .l .ln
+
+.if !defined(PICFLAG)
+PICFLAG=-fPIC
+.endif
+
+.if defined(MK_RETPOLINE) && ${MK_RETPOLINE} != "no"
+CFLAGS+= -mretpoline
+CXXFLAGS+= -mretpoline
+.endif
+
+.if defined(MK_PIE)
+# Ports will not have MK_PIE defined and the following logic requires
+# it be defined.
+
+.if !defined(NO_PIC)
+.if ${MK_PIE} != "no"
+.if !defined(NOPIE)
+CFLAGS+= ${PICFLAG}
+.endif
+.endif
+.endif
+.endif
+
+.if defined(MK_RELRO)
+.if ${MK_RELRO} != "no"
+LDFLAGS+= -Wl,-z,relro
+.endif
+
+.if ${MK_BIND_NOW} != "no"
+LDFLAGS+= -Wl,-z,now
+.endif
+.endif
+
+.if defined(MK_SPECTREV1_FIX) && ${MK_SPECTREV1_FIX} != "no"
+CFLAGS+= -mspeculative-load-hardening
++=======
+ # .pieo used for PIE object files
+ .SUFFIXES: .out .o .bc .ll .po .pico .nossppico .pieo .S .asm .s .c .cc .cpp .cxx .C .f .y .l .ln
+
+ .if !defined(PICFLAG)
+ PICFLAG=-fpic
+ PIEFLAG=-fpie
++>>>>>>> upstream/main
.endif
PO_FLAG=-pg
@@@ -145,6 -148,10 +190,13 @@@
${CC} ${PICFLAG} -DPIC ${SHARED_CFLAGS:C/^-fstack-protector.*$//} ${CFLAGS:C/^-fstack-protector.*$//} -c ${.IMPSRC} -o ${.TARGET}
${CTFCONVERT_CMD}
++<<<<<<< HEAD
++=======
+ .c.pieo:
+ ${CC} ${PIEFLAG} -DPIC ${SHARED_CFLAGS} ${CFLAGS} -c ${.IMPSRC} -o ${.TARGET}
+ ${CTFCONVERT_CMD}
+
++>>>>>>> upstream/main
.cc.po .C.po .cpp.po .cxx.po:
${CXX} ${PO_FLAG} ${STATIC_CXXFLAGS} ${PO_CXXFLAGS} -c ${.IMPSRC} -o ${.TARGET}
@@@ -154,6 -161,9 +206,12 @@@
.cc.nossppico .C.nossppico .cpp.nossppico .cxx.nossppico:
${CXX} ${PICFLAG} -DPIC ${SHARED_CXXFLAGS:C/^-fstack-protector.*$//} ${CXXFLAGS:C/^-fstack-protector.*$//} -c ${.IMPSRC} -o ${.TARGET}
++<<<<<<< HEAD
++=======
+ .cc.pieo .C.pieo .cpp.pieo .cxx.pieo:
+ ${CXX} ${PIEFLAG} ${SHARED_CXXFLAGS} ${CXXFLAGS} -c ${.IMPSRC} -o ${.TARGET}
+
++>>>>>>> upstream/main
.f.po:
${FC} -pg ${FFLAGS} -o ${.TARGET} -c ${.IMPSRC}
${CTFCONVERT_CMD}
@@@ -166,7 -176,7 +224,11 @@@
${FC} ${PICFLAG} -DPIC ${FFLAGS:C/^-fstack-protector.*$//} -o ${.TARGET} -c ${.IMPSRC}
${CTFCONVERT_CMD}
++<<<<<<< HEAD
+.s.po .s.pico .s.nossppico:
++=======
+ .s.po .s.pico .s.nossppico .s.pieo:
++>>>>>>> upstream/main
${AS} ${AFLAGS} -o ${.TARGET} ${.IMPSRC}
${CTFCONVERT_CMD}
@@@ -185,6 -195,11 +247,14 @@@
${CFLAGS:C/^-fstack-protector.*$//} ${ACFLAGS} -c ${.IMPSRC} -o ${.TARGET}
${CTFCONVERT_CMD}
++<<<<<<< HEAD
++=======
+ .asm.pieo:
+ ${CC:N${CCACHE_BIN}} -x assembler-with-cpp ${PIEFLAG} -DPIC \
+ ${CFLAGS} ${ACFLAGS} -c ${.IMPSRC} -o ${.TARGET}
+ ${CTFCONVERT_CMD}
+
++>>>>>>> upstream/main
.S.po:
${CC:N${CCACHE_BIN}} -DPROF ${PO_CFLAGS} ${ACFLAGS} -c ${.IMPSRC} \
-o ${.TARGET}
@@@ -200,6 -215,11 +270,14 @@@
-c ${.IMPSRC} -o ${.TARGET}
${CTFCONVERT_CMD}
++<<<<<<< HEAD
++=======
+ .S.pieo:
+ ${CC:N${CCACHE_BIN}} ${PIEFLAG} -DPIC ${CFLAGS} ${ACFLAGS} \
+ -c ${.IMPSRC} -o ${.TARGET}
+ ${CTFCONVERT_CMD}
+
++>>>>>>> upstream/main
_LIBDIR:=${LIBDIR}
_SHLIBDIR:=${SHLIBDIR}
@@@ -358,6 -378,19 +436,22 @@@ lib${LIB_PRIVATE}${LIB}_nossp_pic.a: ${
.endif # !defined(INTERNALLIB)
++<<<<<<< HEAD
++=======
+ .if defined(INTERNALLIB) && ${MK_PIE} != "no"
+ PIEOBJS+= ${OBJS:.o=.pieo}
+ DEPENDOBJS+= ${PIEOBJS}
+ CLEANFILES+= ${PIEOBJS}
+
+ _LIBS+= lib${LIB_PRIVATE}${LIB}_pie.a
+
+ lib${LIB_PRIVATE}${LIB}_pie.a: ${PIEOBJS}
+ @${ECHO} building pie ${LIB} library
+ @rm -f ${.TARGET}
+ ${AR} ${ARFLAGS} ${.TARGET} ${PIEOBJS} ${ARADD}
+ .endif
+
++>>>>>>> upstream/main
.if defined(_SKIP_BUILD)
all:
.else
diff --cc share/mk/bsd.opts.mk
index 401ebec4b68c,d0e7f1cb00ba..000000000000
mode 100644,100644..100755
--- a/share/mk/bsd.opts.mk
+++ b/share/mk/bsd.opts.mk
@@@ -68,9 -68,14 +68,20 @@@ __DEFAULT_YES_OPTIONS =
WARNS
__DEFAULT_NO_OPTIONS = \
++<<<<<<< HEAD
+ CCACHE_BUILD \
+ CTF \
+ INSTALL_AS_USER \
++=======
+ BIND_NOW \
+ CCACHE_BUILD \
+ CTF \
+ INIT_ALL_PATTERN \
+ INIT_ALL_ZERO \
+ INSTALL_AS_USER \
+ PIE \
+ RETPOLINE \
++>>>>>>> upstream/main
STALE_STAGED
__DEFAULT_DEPENDENT_OPTIONS = \
@@@ -79,8 -84,13 +90,18 @@@
STAGING_PROG/STAGING \
STALE_STAGED/STAGING \
++<<<<<<< HEAD
++.include <bsd.mkopt.mk>
++
++=======
+
.include <bsd.mkopt.mk>
+ .if ${MK_INIT_ALL_PATTERN} == "yes" && ${MK_INIT_ALL_ZERO} == "yes"
+ .warning WITH_INIT_ALL_PATTERN and WITH_INIT_ALL_ZERO are mutually exclusive.
+ .endif
+
++>>>>>>> upstream/main
#
# Supported NO_* options (if defined, MK_* will be forced to "no",
# regardless of user's setting).
diff --cc share/mk/bsd.prog.mk
index b10b9f55d43d,401915b3f525..000000000000
mode 100644,100644..100755
--- a/share/mk/bsd.prog.mk
+++ b/share/mk/bsd.prog.mk
@@@ -35,6 -35,50 +35,53 @@@ PROG= ${PROG_CXX
MK_DEBUG_FILES= no
.endif
++<<<<<<< HEAD
++=======
+ # ELF hardening knobs
+ .if ${MK_BIND_NOW} != "no"
+ LDFLAGS+= -Wl,-znow
+ .endif
+ .if ${MK_PIE} != "no"
+ # Static PIE is not yet supported/tested.
+ .if !defined(NO_SHARED) || ${NO_SHARED:tl} == "no"
+ CFLAGS+= -fPIE
+ CXXFLAGS+= -fPIE
+ LDFLAGS+= -pie
+ .endif
+ .endif
+ .if ${MK_RETPOLINE} != "no"
+ .if ${COMPILER_FEATURES:Mretpoline} && ${LINKER_FEATURES:Mretpoline}
+ CFLAGS+= -mretpoline
+ CXXFLAGS+= -mretpoline
+ # retpolineplt is broken with static linking (PR 233336)
+ .if !defined(NO_SHARED) || ${NO_SHARED:tl} == "no"
+ LDFLAGS+= -Wl,-zretpolineplt
+ .endif
+ .else
+ .warning Retpoline requested but not supported by compiler or linker
+ .endif
+ .endif
+
+ # Initialize stack variables on function entry
+ .if ${MK_INIT_ALL_ZERO} == "yes"
+ .if ${COMPILER_FEATURES:Minit-all}
+ CFLAGS+= -ftrivial-auto-var-init=zero \
+ -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+ CXXFLAGS+= -ftrivial-auto-var-init=zero \
+ -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+ .else
+ .warning InitAll (zeros) requested but not support by compiler
+ .endif
+ .elif ${MK_INIT_ALL_PATTERN} == "yes"
+ .if ${COMPILER_FEATURES:Minit-all}
+ CFLAGS+= -ftrivial-auto-var-init=pattern
+ CXXFLAGS+= -ftrivial-auto-var-init=pattern
+ .else
+ .warning InitAll (pattern) requested but not support by compiler
+ .endif
+ .endif
+
++>>>>>>> upstream/main
.if ${MACHINE_CPUARCH} == "riscv" && ${LINKER_FEATURES:Mriscv-relaxations} == ""
CFLAGS += -mno-relax
.endif
@@@ -60,65 -104,10 +107,72 @@@ TAGS+= package=${PACKAGE:Uutilities
TAG_ARGS= -T ${TAGS:[*]:S/ /,/g}
.endif
++<<<<<<< HEAD
+.if defined(NO_SHARED) && (${NO_SHARED} != "no" && ${NO_SHARED} != "NO")
+LDFLAGS+= -static
+.endif
+
+.if defined(MK_PIE)
+# Ports will not have MK_PIE defined and the following logic requires
+# it be defined.
+
+.if ${LDFLAGS:M-static}
+NOPIE=yes
+.endif
+
+.if !defined(NOPIE)
+.if ${MK_PIE} != "no"
+
+CFLAGS+= -fPIC -fPIE
+CXXFLAGS+= -fPIC -fPIE
+LDFLAGS+= -pie
+
+# Only toggle SafeStack for PIE binaries. SafeStack requires ASLR in
+# order to be effective.
+.if !defined(NOSAFESTACK)
+.if ${MK_SAFESTACK} != "no"
+CFLAGS+= -fsanitize=safe-stack
+CXXFLAGS+= -fsanitize=safe-stack
+LDFLAGS+= -fsanitize=safe-stack
+.endif # ${MK_SAFESTACK} != "no"
+.endif # !defined(NOSAFESTACK)
+
+.endif # ${MK_PIE} != no
+.endif # !defined(NOPIE)
+.endif # defined(MK_PIE)
+
+.if !defined(NOCFI) && defined(MK_CFI)
+.if ${MK_CFI} != "no"
+.if ${MK_LLD_IS_LD} == "no"
+.error WITH_CFI requires WITH_LLD_IS_LD
+.endif
+
+CFLAGS+= -fsanitize=cfi -fvisibility=hidden -flto ${CFI_OVERRIDE}
+CXXFLAGS+= -fsanitize=cfi -fvisibility=hidden -flto ${CFI_OVERRIDE}
+LDFLAGS+= -fsanitize=cfi -fvisibility=hidden -flto ${CFI_OVERRIDE}
+.endif
+.endif
+
+.if defined(MK_RETPOLINE) && ${MK_RETPOLINE} != "no"
+CFLAGS+= -mretpoline
+CXXFLAGS+= -mretpoline
+.endif
+
+.if defined(MK_BIND_NOW) && ${MK_BIND_NOW} != "no"
+LDFLAGS+= -Wl,-z,now
+.endif
+
+.if defined(MK_SPECTREV1_FIX) && ${MK_SPECTREV1_FIX} != "no"
+CFLAGS+= -mspeculative-load-hardening
+.endif
+
+#
++=======
+ .if defined(NO_SHARED) && ${NO_SHARED:tl} != "no"
+ LDFLAGS+= -static
+ .endif
+
++>>>>>>> upstream/main
# clang currently defaults to dynamic TLS for mips64 binaries
.if ${MACHINE_ARCH:Mmips64*} && ${COMPILER_TYPE} == "clang"
CFLAGS+= -ftls-model=initial-exec
diff --cc share/mk/bsd.test.mk
index 0b312e806d1f,588cfbcb45ed..000000000000
mode 100644,100644..100755
--- a/share/mk/bsd.test.mk
+++ b/share/mk/bsd.test.mk
@@@ -10,9 -10,6 +10,12 @@@
__<bsd.test.mk>__:
++<<<<<<< HEAD
+# HBSDTODO: Research why compiling the tests fail with SafeStack.
+NOSAFESTACK= yes
+
++=======
++>>>>>>> upstream/main
# Third-party software (kyua, etc) prefix.
LOCALBASE?= /usr/local
diff --cc share/mk/src.libnames.mk
index b3f4f3a33083,aa2ab42da62b..000000000000
mode 100644,100644..100755
--- a/share/mk/src.libnames.mk
+++ b/share/mk/src.libnames.mk
@@@ -213,12 -213,6 +213,15 @@@ _LIBRARIES+=
.endif
++<<<<<<< HEAD
+.if ${MK_HBSDCONTROL} != "no"
+_LIBRARIES+= \
+ hbsdcontrol \
+
+.endif
+
++=======
++>>>>>>> upstream/main
.if ${MK_OFED} != "no"
_LIBRARIES+= \
cxgb4 \
@@@ -267,7 -261,6 +270,10 @@@ _DP_archive+= m
.endif
_DP_sqlite3= pthread
_DP_ssl= crypto
++<<<<<<< HEAD
+_DP_tls= crypto ssl
++=======
++>>>>>>> upstream/main
_DP_ssh= crypto crypt z
.if ${MK_LDNS} != "no"
_DP_ssh+= ldns
@@@ -292,9 -285,6 +298,12 @@@ _DP_cap_grp= n
_DP_cap_pwd= nv
_DP_cap_sysctl= nv
_DP_cap_syslog= nv
++<<<<<<< HEAD
+.if ${MK_HBSDCONTROL} != "no"
+_DP_hbsdcontrol= sbuf
+.endif
++=======
++>>>>>>> upstream/main
.if ${MK_OFED} != "no"
_DP_pcap= ibverbs mlx5
.endif
@@@ -442,6 -432,10 +451,13 @@@ LDADD_gtest_main= -lprivategtest_mai
LIB${_l:tu}?= ${LIBDESTDIR}${LIBDIR_BASE}/libprivate${_l}.a
.endfor
++<<<<<<< HEAD
++=======
+ .if ${MK_PIE} != "no"
+ PIE_SUFFIX= _pie
+ .endif
+
++>>>>>>> upstream/main
.for _l in ${_LIBRARIES}
.if ${_INTERNALLIBS:M${_l}} || !defined(SYSROOT)
LDADD_${_l}_L+= -L${LIB${_l:tu}DIR}
@@@ -449,12 -443,14 +465,21 @@@
DPADD_${_l}?= ${LIB${_l:tu}}
.if ${_PRIVATELIBS:M${_l}}
LDADD_${_l}?= -lprivate${_l}
++<<<<<<< HEAD
++=======
+ .elif ${_INTERNALLIBS:M${_l}}
+ LDADD_${_l}?= ${LDADD_${_l}_L} -l${_l:S/${PIE_SUFFIX}//}${PIE_SUFFIX}
++>>>>>>> upstream/main
.else
LDADD_${_l}?= ${LDADD_${_l}_L} -l${_l}
.endif
# Add in all dependencies for static linkage.
.if defined(_DP_${_l}) && (${_INTERNALLIBS:M${_l}} || \
++<<<<<<< HEAD
+ (defined(NO_SHARED) && (${NO_SHARED} != "no" && ${NO_SHARED} != "NO")))
++=======
+ (defined(NO_SHARED) && ${NO_SHARED:tl} != "no"))
++>>>>>>> upstream/main
.for _d in ${_DP_${_l}}
DPADD_${_l}+= ${DPADD_${_d}}
LDADD_${_l}+= ${LDADD_${_d}}
@@@ -502,7 -498,7 +527,11 @@@ LDADD+= ${LDADD_${_l}
_LIB_OBJTOP?= ${OBJTOP}
# INTERNALLIB definitions.
LIBELFTCDIR= ${_LIB_OBJTOP}/lib/libelftc
++<<<<<<< HEAD
+LIBELFTC?= ${LIBELFTCDIR}/libelftc.a
++=======
+ LIBELFTC?= ${LIBELFTCDIR}/libelftc${PIE_SUFFIX}.a
++>>>>>>> upstream/main
LIBKYUA_CLIDIR= ${_LIB_OBJTOP}/lib/kyua/cli
LIBKYUA_CLI?= ${LIBKYUA_CLIDIR}/libkyua_cli${PIE_SUFFIX}.a
@@@ -529,78 -525,73 +558,147 @@@ LIBLUTOKDIR= ${_LIB_OBJTOP}/lib/libluto
LIBLUTOK?= ${LIBLUTOKDIR}/liblutok${PIE_SUFFIX}.a
LIBPEDIR= ${_LIB_OBJTOP}/lib/libpe
++<<<<<<< HEAD
+LIBPE?= ${LIBPEDIR}/libpe.a
+
+LIBOPENBSDDIR= ${_LIB_OBJTOP}/lib/libopenbsd
+LIBOPENBSD?= ${LIBOPENBSDDIR}/libopenbsd.a
+
+LIBSMDIR= ${_LIB_OBJTOP}/lib/libsm
+LIBSM?= ${LIBSMDIR}/libsm.a
+
+LIBSMDBDIR= ${_LIB_OBJTOP}/lib/libsmdb
+LIBSMDB?= ${LIBSMDBDIR}/libsmdb.a
+
+LIBSMUTILDIR= ${_LIB_OBJTOP}/lib/libsmutil
+LIBSMUTIL?= ${LIBSMUTILDIR}/libsmutil.a
+
+LIBNETBSDDIR?= ${_LIB_OBJTOP}/lib/libnetbsd
+LIBNETBSD?= ${LIBNETBSDDIR}/libnetbsd.a
+
+LIBVERSDIR?= ${_LIB_OBJTOP}/kerberos5/lib/libvers
+LIBVERS?= ${LIBVERSDIR}/libvers.a
+
+LIBSLDIR= ${_LIB_OBJTOP}/kerberos5/lib/libsl
+LIBSL?= ${LIBSLDIR}/libsl.a
+
+LIBIFCONFIGDIR= ${_LIB_OBJTOP}/lib/libifconfig
+LIBIFCONFIG?= ${LIBIFCONFIGDIR}/libifconfig.a
+
+LIBIPFDIR= ${_LIB_OBJTOP}/sbin/ipf/libipf
+LIBIPF?= ${LIBIPFDIR}/libipf.a
+
+LIBTELNETDIR= ${_LIB_OBJTOP}/lib/libtelnet
+LIBTELNET?= ${LIBTELNETDIR}/libtelnet.a
+
+LIBCRONDIR= ${_LIB_OBJTOP}/usr.sbin/cron/lib
+LIBCRON?= ${LIBCRONDIR}/libcron.a
+
+LIBNTPDIR= ${_LIB_OBJTOP}/usr.sbin/ntp/libntp
+LIBNTP?= ${LIBNTPDIR}/libntp.a
+
+LIBNTPEVENTDIR= ${_LIB_OBJTOP}/usr.sbin/ntp/libntpevent
+LIBNTPEVENT?= ${LIBNTPEVENTDIR}/libntpevent.a
+
+LIBOPTSDIR= ${_LIB_OBJTOP}/usr.sbin/ntp/libopts
+LIBOPTS?= ${LIBOPTSDIR}/libopts.a
+
+LIBPARSEDIR= ${_LIB_OBJTOP}/usr.sbin/ntp/libparse
+LIBPARSE?= ${LIBPARSEDIR}/libparse.a
+
+LIBLPRDIR= ${_LIB_OBJTOP}/usr.sbin/lpr/common_source
+LIBLPR?= ${LIBLPRDIR}/liblpr.a
+
+LIBFIFOLOGDIR= ${_LIB_OBJTOP}/usr.sbin/fifolog/lib
+LIBFIFOLOG?= ${LIBFIFOLOGDIR}/libfifolog.a
+
+LIBBSNMPTOOLSDIR= ${_LIB_OBJTOP}/usr.sbin/bsnmpd/tools/libbsnmptools
+LIBBSNMPTOOLS?= ${LIBBSNMPTOOLSDIR}/libbsnmptools.a
+
+LIBAMUDIR= ${_LIB_OBJTOP}/usr.sbin/amd/libamu
+LIBAMU?= ${LIBAMUDIR}/libamu.a
+
+LIBBE?= ${LIBBEDIR}/libbe.a
+
+LIBPMCSTATDIR= ${_LIB_OBJTOP}/lib/libpmcstat
+LIBPMCSTAT?= ${LIBPMCSTATDIR}/libpmcstat.a
++=======
+ LIBPE?= ${LIBPEDIR}/libpe${PIE_SUFFIX}.a
+
+ LIBOPENBSDDIR= ${_LIB_OBJTOP}/lib/libopenbsd
+ LIBOPENBSD?= ${LIBOPENBSDDIR}/libopenbsd${PIE_SUFFIX}.a
+
+ LIBSMDIR= ${_LIB_OBJTOP}/lib/libsm
+ LIBSM?= ${LIBSMDIR}/libsm${PIE_SUFFIX}.a
+
+ LIBSMDBDIR= ${_LIB_OBJTOP}/lib/libsmdb
+ LIBSMDB?= ${LIBSMDBDIR}/libsmdb${PIE_SUFFIX}.a
+
+ LIBSMUTILDIR= ${_LIB_OBJTOP}/lib/libsmutil
+ LIBSMUTIL?= ${LIBSMUTILDIR}/libsmutil${PIE_SUFFIX}.a
+
+ LIBNETBSDDIR?= ${_LIB_OBJTOP}/lib/libnetbsd
+ LIBNETBSD?= ${LIBNETBSDDIR}/libnetbsd${PIE_SUFFIX}.a
+
+ LIBVERSDIR?= ${_LIB_OBJTOP}/kerberos5/lib/libvers
+ LIBVERS?= ${LIBVERSDIR}/libvers${PIE_SUFFIX}.a
+
+ LIBSLDIR= ${_LIB_OBJTOP}/kerberos5/lib/libsl
+ LIBSL?= ${LIBSLDIR}/libsl${PIE_SUFFIX}.a
+
+ LIBIFCONFIGDIR= ${_LIB_OBJTOP}/lib/libifconfig
+ LIBIFCONFIG?= ${LIBIFCONFIGDIR}/libifconfig${PIE_SUFFIX}.a
+
+ LIBIPFDIR= ${_LIB_OBJTOP}/sbin/ipf/libipf
+ LIBIPF?= ${LIBIPFDIR}/libipf${PIE_SUFFIX}.a
+
+ LIBTELNETDIR= ${_LIB_OBJTOP}/lib/libtelnet
+ LIBTELNET?= ${LIBTELNETDIR}/libtelnet${PIE_SUFFIX}.a
+
+ LIBCRONDIR= ${_LIB_OBJTOP}/usr.sbin/cron/lib
+ LIBCRON?= ${LIBCRONDIR}/libcron${PIE_SUFFIX}.a
+
+ LIBNTPDIR= ${_LIB_OBJTOP}/usr.sbin/ntp/libntp
+ LIBNTP?= ${LIBNTPDIR}/libntp${PIE_SUFFIX}.a
+
+ LIBNTPEVENTDIR= ${_LIB_OBJTOP}/usr.sbin/ntp/libntpevent
+ LIBNTPEVENT?= ${LIBNTPEVENTDIR}/libntpevent${PIE_SUFFIX}.a
+
+ LIBOPTSDIR= ${_LIB_OBJTOP}/usr.sbin/ntp/libopts
+ LIBOPTS?= ${LIBOPTSDIR}/libopts${PIE_SUFFIX}.a
+
+ LIBPARSEDIR= ${_LIB_OBJTOP}/usr.sbin/ntp/libparse
+ LIBPARSE?= ${LIBPARSEDIR}/libparse${PIE_SUFFIX}.a
+
+ LIBLPRDIR= ${_LIB_OBJTOP}/usr.sbin/lpr/common_source
+ LIBLPR?= ${LIBLPRDIR}/liblpr${PIE_SUFFIX}.a
+
+ LIBFIFOLOGDIR= ${_LIB_OBJTOP}/usr.sbin/fifolog/lib
+ LIBFIFOLOG?= ${LIBFIFOLOGDIR}/libfifolog${PIE_SUFFIX}.a
+
+ LIBBSNMPTOOLSDIR= ${_LIB_OBJTOP}/usr.sbin/bsnmpd/tools/libbsnmptools
+ LIBBSNMPTOOLS?= ${LIBBSNMPTOOLSDIR}/libbsnmptools${PIE_SUFFIX}.a
+
+ LIBAMUDIR= ${_LIB_OBJTOP}/usr.sbin/amd/libamu
+ LIBAMU?= ${LIBAMUDIR}/libamu${PIE_SUFFIX}.a
+
+ LIBBE?= ${LIBBEDIR}/libbe${PIE_SUFFIX}.a
+
+ LIBPMCSTATDIR= ${_LIB_OBJTOP}/lib/libpmcstat
+ LIBPMCSTAT?= ${LIBPMCSTATDIR}/libpmcstat${PIE_SUFFIX}.a
++>>>>>>> upstream/main
LIBC_NOSSP_PICDIR= ${_LIB_OBJTOP}/lib/libc
LIBC_NOSSP_PIC?= ${LIBC_NOSSP_PICDIR}/libc_nossp_pic.a
++<<<<<<< HEAD
+.if ${MK_HBSDCONTROL} != "no"
+LIBHBSDCONTROLDIR= ${OBJTOP}/lib/libhbsdcontrol
+LIBHBSDCONTROL?= ${LIBHBSDCONTROLDIR}/libhbsdcontrol.a
+.endif
+
++=======
++>>>>>>> upstream/main
# Define a directory for each library. This is useful for adding -L in when
# not using a --sysroot or for meta mode bootstrapping when there is no
# Makefile.depend. These are sorted by directory.
@@@ -687,7 -678,6 +785,10 @@@ LIBSPLDIR= ${OBJTOP}/cddl/lib/libsp
LIBSSHDIR= ${OBJTOP}/secure/lib/libssh
LIBSSLDIR= ${OBJTOP}/secure/lib/libssl
LIBTEKENDIR= ${OBJTOP}/sys/teken/libteken
++<<<<<<< HEAD
+LIBTLSDIR= ${OBJTOP}/secure/lib/libtls
++=======
++>>>>>>> upstream/main
LIBEGACYDIR= ${OBJTOP}/tools/build
LIBLNDIR= ${OBJTOP}/usr.bin/lex/lib
diff --cc share/mk/src.opts.mk
index f0ef5edd11ed,205a71bc39d0..000000000000
mode 100644,100644..100755
--- a/share/mk/src.opts.mk
+++ b/share/mk/src.opts.mk
@@@ -62,7 -62,6 +62,10 @@@ __DEFAULT_YES_OPTIONS =
AUTHPF \
AUTOFS \
BHYVE \
++<<<<<<< HEAD
+ BIND_NOW \
++=======
++>>>>>>> upstream/main
BLACKLIST \
BLUETOOTH \
BOOT \
@@@ -103,6 -102,7 +106,10 @@@
FMTREE \
FORTH \
FP_LIBC \
++<<<<<<< HEAD
++=======
+ FREEBSD_UPDATE \
++>>>>>>> upstream/main
FTP \
GAMES \
GDB \
@@@ -112,8 -112,6 +119,11 @@@
GOOGLETEST \
GPIO \
HAST \
++<<<<<<< HEAD
+ HBSD_UPDATE \
+ HBSDCONTROL \
++=======
++>>>>>>> upstream/main
HTML \
HYPERV \
ICONV \
@@@ -159,11 -157,13 +169,19 @@@
NS_CACHING \
NTP \
NVME \
++<<<<<<< HEAD
++=======
+ OFED \
++>>>>>>> upstream/main
OPENSSL \
PAM \
PF \
PKGBOOTSTRAP \
PMC \
++<<<<<<< HEAD
++=======
+ PORTSNAP \
++>>>>>>> upstream/main
PPP \
QUOTAS \
RADIUS_SUPPORT \
@@@ -175,7 -175,6 +193,10 @@@
SETUID_LOGIN \
SHARED_TOOLCHAIN \
SHAREDOCS \
++<<<<<<< HEAD
+ SHLIBRANDOM \
++=======
++>>>>>>> upstream/main
SOURCELESS \
SOURCELESS_HOST \
SOURCELESS_UCODE \
@@@ -205,28 -204,22 +226,46 @@@ __DEFAULT_NO_OPTIONS =
BEARSSL \
BHYVE_SNAPSHOT \
BSD_GREP \
++<<<<<<< HEAD
+ DEVD_PIE \
+ CLANG_FORMAT \
+ DTRACE_TESTS \
+ EXPERIMENTAL \
+ FREEBSD_UPDATE \
+ GNU_GREP_COMPAT \
+ HESIOD \
+ LIB32 \
+ LIBSOFT \
+ HTTPD \
++=======
+ CLANG_EXTRAS \
+ CLANG_FORMAT \
+ DTRACE_TESTS \
+ EXPERIMENTAL \
+ GNU_GREP_COMPAT \
+ HESIOD \
+ LIBSOFT \
++>>>>>>> upstream/main
LOADER_FIREWIRE \
LOADER_VERBOSE \
LOADER_VERIEXEC_PASS_MANIFEST \
MALLOC_PRODUCTION \
++<<<<<<< HEAD
+ OFED \
OFED_EXTRA \
OPENLDAP \
+ PORTSNAP \
REPRODUCIBLE_BUILD \
RPCBIND_WARMSTART_SUPPORT \
SORT_THREADS \
+ SPECTREV1_FIX \
++=======
++ OFED_EXTRA \
++ OPENLDAP \
++ REPRODUCIBLE_BUILD \
++ RPCBIND_WARMSTART_SUPPORT \
++ SORT_THREADS \
++>>>>>>> upstream/main
SVN \
ZONEINFO_LEAPSECONDS_SUPPORT \
@@@ -309,6 -302,12 +348,15 @@@ __DEFAULT_YES_OPTIONS+=LLD
.else
__DEFAULT_NO_OPTIONS+=LLDB
.endif
++<<<<<<< HEAD
++=======
+ # LIB32 is supported on amd64, mips64, and powerpc64
+ .if (${__T} == "amd64" || ${__T:Mmips64*} || ${__T} == "powerpc64")
+ __DEFAULT_YES_OPTIONS+=LIB32
+ .else
+ BROKEN_OPTIONS+=LIB32
+ .endif
++>>>>>>> upstream/main
# Only doing soft float API stuff on armv6 and armv7
.if ${__T} != "armv6" && ${__T} != "armv7"
BROKEN_OPTIONS+=LIBSOFT
@@@ -325,41 -324,6 +373,44 @@@ BROKEN_OPTIONS+=GOOGLETEST SS
.if ${__T:Mmips*} || ${__T:Mpowerpc*}
BROKEN_OPTIONS+=EFI
.endif
++<<<<<<< HEAD
+
+.if ${__T} == "amd64" || ${__T} == "i386" || ${__T} == "aarch64"
+__DEFAULT_YES_OPTIONS+=PIE
+.else
+__DEFAULT_NO_OPTIONS+=PIE
+.endif
+
+.if ${__T} == "armv6"
+__DEFAULT_NO_OPTIONS+=SHARED_TOOLCHAIN
+.else
+__DEFAULT_YES_OPTIONS+=SHARED_TOOLCHAIN
+.endif
+
+.if ${__T} == "amd64"
+__DEFAULT_YES_OPTIONS+=SAFESTACK
+__DEFAULT_YES_OPTIONS+=RETPOLINE
+.else
+__DEFAULT_NO_OPTIONS+=SAFESTACK
+__DEFAULT_NO_OPTIONS+=RETPOLINE
+.endif
+
+.if ${__T} == "amd64" || ${__T} == "aarch64"
+__DEFAULT_YES_OPTIONS+=CFI
+__DEFAULT_YES_OPTIONS+=CLANG_EXTRAS
+__DEFAULT_YES_OPTIONS+=LLVM_AR_IS_AR
+__DEFAULT_YES_OPTIONS+=LLVM_NM_IS_NM
+__DEFAULT_YES_OPTIONS+=LLVM_OBJDUMP_IS_OBJDUMP
+.else
+__DEFAULT_NO_OPTIONS+=CFI
+__DEFAULT_NO_OPTIONS+=CLANG_EXTRAS
+__DEFAULT_NO_OPTIONS+=LLVM_AR_IS_AR
+__DEFAULT_NO_OPTIONS+=LLVM_NM_IS_NM
+__DEFAULT_NO_OPTIONS+=LLVM_OBJDUMP_IS_OBJDUMP
+.endif
+
++=======
++>>>>>>> upstream/main
# OFW is only for powerpc, exclude others
.if ${__T:Mpowerpc*} == ""
BROKEN_OPTIONS+=LOADER_OFW
@@@ -529,12 -493,6 +580,15 @@@ MK_CLANG_EXTRAS:= n
MK_CLANG_FORMAT:= no
MK_CLANG_FULL:= no
MK_LLVM_COV:= no
++<<<<<<< HEAD
+MK_SAFESTACK:= no
+.endif
+
+.if ${MK_LLD_IS_LD} == "no" || ${MK_LLD_BOOTSTRAP} == "no"
+MK_CFI:= no
+MK_RETPOLINE:= no
++=======
++>>>>>>> upstream/main
.endif
.if ${MK_LOADER_VERIEXEC} == "no"
diff --cc share/mk/sys.mk
index c794209ddedc,8f456b28593a..000000000000
mode 100644,100644..100755
--- a/share/mk/sys.mk
+++ b/share/mk/sys.mk
@@@ -146,25 -146,14 +146,34 @@@ NO_META_IGNORE_HOST_HEADERS=
.SUFFIXES: .out .a .o .bco .llo .c .cc .cpp .cxx .C .m .F .f .e .r .y .l .S .asm .s .cl .p .h .sh
.endif
++<<<<<<< HEAD
+_TEST_AR= /usr/bin/ar
AR ?= ar
+.if ${_TEST_AR:tA} == "/usr/bin/llvm-ar"
+.if defined(%POSIX)
+ARFLAGS ?= rv
+.else
+ARFLAGS ?= rcv
+.endif
+.else
++=======
++AR ?= ar
++>>>>>>> upstream/main
.if defined(%POSIX)
ARFLAGS ?= -rv
.else
ARFLAGS ?= -crsD
.endif
++<<<<<<< HEAD
+.endif
+
+_TEST_RANLIB= /usr/bin/ranlib
+RANLIB ?= ranlib
+.if !defined(%POSIX) && ${_TEST_RANLIB:tA} != "/usr/bin/llvm-ar"
++=======
+ RANLIB ?= ranlib
+ .if !defined(%POSIX)
++>>>>>>> upstream/main
RANLIBFLAGS ?= -D
.endif
@@@ -354,5 -343,3 +363,8 @@@ __MAKE_SHELL?=/bin/s
.endif
.endif # ! Posix
++<<<<<<< HEAD
+
+.include <bsd.hardenedbsd.mk>
++=======
++>>>>>>> upstream/main
diff --cc stand/defaults/loader.conf
index 9523be44ccea,55f9983dfc8b..000000000000
mode 100644,100644..100755
--- a/stand/defaults/loader.conf
+++ b/stand/defaults/loader.conf
@@@ -165,10 -165,6 +165,13 @@@ module_blacklist="drm drm2 radeonkms i9
#debug.ktr.mask="0x1200" # Bitmask of KTR events to enable
#debug.ktr.verbose="1" # Enable console dump of KTR events
++<<<<<<< HEAD
+
+### HardenedBSD settings #####################################
+loader_version="HardenedBSD 13-CURRENT"
+
++=======
++>>>>>>> upstream/main
### Module loading syntax example ##########################
#module_load="YES" # loads module "module"
#module_name="realname" # uses "realname" instead of "module"
diff --cc stand/defs.mk
index c21e28f2a48f,54b7a7250c48..000000000000
mode 100644,100644..100755
--- a/stand/defs.mk
+++ b/stand/defs.mk
@@@ -10,7 -10,6 +10,10 @@@ __BOOT_DEFS_MK__=${MFILE
MK_CTF= no
MK_SSP= no
MK_PROFILE= no
++<<<<<<< HEAD
+MK_SPECTREV1_FIX= no
++=======
++>>>>>>> upstream/main
MAN=
.if !defined(PIC)
NO_PIC=
@@@ -50,9 -49,6 +53,12 @@@ BINDIR?= /boo
LUAPATH?= /boot/lua
FLUASRC?= ${SRCTOP}/libexec/flua
++<<<<<<< HEAD
+MK_SAFESTACK= no
+MK_CFI= no
+
++=======
++>>>>>>> upstream/main
LIBSA= ${BOOTOBJ}/libsa/libsa.a
.if ${MACHINE} == "i386"
LIBSA32= ${LIBSA}
diff --cc stand/efi/libefi/Makefile
index 415bb77741f0,8006893d0cbe..000000000000
mode 100644,100644..100755
--- a/stand/efi/libefi/Makefile
+++ b/stand/efi/libefi/Makefile
@@@ -42,7 -42,6 +42,10 @@@ CWARNFLAGS.efipart.c+= -Wno-forma
CWARNFLAGS.env.c+= -Wno-format
.if ${MACHINE_CPUARCH} == "aarch64"
++<<<<<<< HEAD
+NOPIE= 1
++=======
++>>>>>>> upstream/main
CFLAGS+= -mgeneral-regs-only
.endif
.if ${MACHINE_ARCH} == "amd64"
diff --cc stand/efi/loader/Makefile
index 559bb891ee84,a0e7f95b8200..000000000000
mode 100644,100644..100755
--- a/stand/efi/loader/Makefile
+++ b/stand/efi/loader/Makefile
@@@ -13,10 -13,6 +13,13 @@@ PROG= ${LOADER}.sy
INTERNALPROG=
WARNS?= 3
++<<<<<<< HEAD
+.if ${MACHINE_CPUARCH} == "aarch64"
+NOPIE= 1
+.endif
+
++=======
++>>>>>>> upstream/main
# architecture-specific loader code
SRCS= autoload.c \
bootinfo.c \
diff --cc stand/efi/loader/arch/arm64/Makefile.inc
index 786415c069d7,9978d9c4ea9c..000000000000
mode 100644,100644..100755
--- a/stand/efi/loader/arch/arm64/Makefile.inc
+++ b/stand/efi/loader/arch/arm64/Makefile.inc
@@@ -11,5 -11,3 +11,8 @@@ CFLAGS+=-I${BOOTSRC}/arm64/libarm6
SRCS+= cache.c
CFLAGS+= -mgeneral-regs-only
++<<<<<<< HEAD
+
+NOPIE= 1
++=======
++>>>>>>> upstream/main
diff --cc stand/fdt/Makefile
index 2cf53969ff4c,3eee143a9433..000000000000
mode 100644,100644..100755
--- a/stand/fdt/Makefile
+++ b/stand/fdt/Makefile
@@@ -17,8 -17,4 +17,11 @@@ CFLAGS+= -I${SYSDIR}/contrib/libfdt/ -I
CFLAGS+= -Wformat -Wall
++<<<<<<< HEAD
+.if ${MACHINE_CPUARCH} == "aarch64"
+NOPIE= 1
+.endif
+
++=======
++>>>>>>> upstream/main
.include <bsd.lib.mk>
diff --cc stand/ficl/Makefile
index b2b30ea5f268,35730851d884..000000000000
mode 100644,100644..100755
--- a/stand/ficl/Makefile
+++ b/stand/ficl/Makefile
@@@ -4,10 -4,6 +4,13 @@@
.include <bsd.init.mk>
.include "${BOOTSRC}/ficl.mk"
++<<<<<<< HEAD
+.if ${MACHINE_CPUARCH} == "aarch64"
+NOPIE= 1
+.endif
+
++=======
++>>>>>>> upstream/main
.PATH: ${FICLSRC} ${FICLSRC}/${FICL_CPUARCH}
BASE_SRCS= dict.c ficl.c fileaccess.c float.c loader.c math64.c \
diff --cc stand/ficl32/Makefile
index e575400cf34d,09499464ac89..000000000000
mode 100644,100644..100755
--- a/stand/ficl32/Makefile
+++ b/stand/ficl32/Makefile
@@@ -2,6 -2,4 +2,9 @@@
DO32=1
++<<<<<<< HEAD
+MK_SPECTREV1_FIX=no
+
++=======
++>>>>>>> upstream/main
.include "${.CURDIR}/../ficl/Makefile"
diff --cc stand/forth/Makefile
index 4908ca1b6cf5,a21661d01934..000000000000
mode 100644,100644..100755
--- a/stand/forth/Makefile
+++ b/stand/forth/Makefile
@@@ -15,7 -15,6 +15,10 @@@ MAN+= beastie.4th.8
FILES+= beastie.4th
FILES+= brand.4th
FILES+= brand-fbsd.4th
++<<<<<<< HEAD
+FILES+= brand-hbsd.4th
++=======
++>>>>>>> upstream/main
FILES+= check-password.4th
FILES+= color.4th
FILES+= delay.4th
@@@ -25,8 -24,6 +28,11 @@@ FILES+= loader.4t
FILES+= logo-beastie.4th
FILES+= logo-beastiebw.4th
FILES+= logo-fbsdbw.4th
++<<<<<<< HEAD
+FILES+= logo-hardenedbsd.4th
+FILES+= logo-hardenedbsdbw.4th
++=======
++>>>>>>> upstream/main
FILES+= logo-orb.4th
FILES+= logo-orbbw.4th
FILES+= menu.4th
diff --cc stand/forth/beastie.4th
index 695deda32801,752cce22a4ff..000000000000
mode 100644,100644..100755
--- a/stand/forth/beastie.4th
+++ b/stand/forth/beastie.4th
@@@ -64,9 -64,9 +64,15 @@@ variable logo
s" loader_logo" getenv dup -1 = over 0= or if
dup 0= if 2drop else drop then \ getenv result unused
loader_color? if
++<<<<<<< HEAD
+ s" try-include /boot/logo-hardenedbsd.4th"
+ else
+ s" try-include /boot/logo-hardenedbsdbw.4th"
++=======
+ s" try-include /boot/logo-orb.4th"
+ else
+ s" try-include /boot/logo-orbbw.4th"
++>>>>>>> upstream/main
then
else
2drop ( c-addr/u -- ) \ getenv result unused
diff --cc stand/forth/brand.4th
index 05ffd1889ea6,39a9bfae753c..000000000000
mode 100644,100644..100755
--- a/stand/forth/brand.4th
+++ b/stand/forth/brand.4th
@@@ -58,7 -58,7 +58,11 @@@ variable brand
drop ( xt = 0 ) \ cruft
s" loader_brand" getenv dup -1 = over 0= or if
dup 0= if 2drop else drop then \ getenv result unused
++<<<<<<< HEAD
+ s" try-include /boot/brand-hbsd.4th"
++=======
+ s" try-include /boot/brand-fbsd.4th"
++>>>>>>> upstream/main
else
2drop ( c-addr/u -- ) \ getenv result unused
s" try-include /boot/brand-${loader_brand}.4th"
diff --cc stand/forth/menu.4th
index 7b3670e30b0c,ca166c6d934b..000000000000
mode 100644,100644..100755
--- a/stand/forth/menu.4th
+++ b/stand/forth/menu.4th
@@@ -470,7 -470,7 +470,11 @@@ also menu-infrastructure definition
\ Print the frame caption at (x,y)
s" loader_menu_title" getenv dup -1 = if
++<<<<<<< HEAD
+ drop s" Welcome to HardenedBSD"
++=======
+ drop s" Welcome to FreeBSD"
++>>>>>>> upstream/main
then
TRUE ( use default alignment )
s" loader_menu_title_align" getenv dup -1 <> if
diff --cc stand/i386/Makefile.inc
index b907702052bf,119f8a37162f..000000000000
mode 100644,100644..100755
--- a/stand/i386/Makefile.inc
+++ b/stand/i386/Makefile.inc
@@@ -7,6 -7,7 +7,10 @@@
LOADER_ADDRESS?=0x200000
LDFLAGS+= -nostdlib
LDFLAGS.lld+= -Wl,--no-rosegment
++<<<<<<< HEAD
++=======
+ MK_PIE:= no
++>>>>>>> upstream/main
# BTX components
BTXDIR= ${BOOTOBJ}/i386/btx
@@@ -14,7 -15,6 +18,10 @@@ BTXLDR= ${BTXDIR}/btxldr/btxld
BTXKERN= ${BTXDIR}/btx/btx
BTXCRT= ${BTXDIR}/lib/crt0.o
++<<<<<<< HEAD
+NOPIE= yes
++=======
++>>>>>>> upstream/main
BTXSRC= ${BOOTSRC}/i386/btx
BTXLIB= ${BTXSRC}/lib
diff --cc stand/liblua32/Makefile
index cc85c0d9df3b,4e09f1b05178..000000000000
mode 100644,100644..100755
--- a/stand/liblua32/Makefile
+++ b/stand/liblua32/Makefile
@@@ -2,6 -2,4 +2,9 @@@
DO32=1
++<<<<<<< HEAD
+MK_SPECTREV1_FIX=no
+
++=======
++>>>>>>> upstream/main
.include "${.CURDIR}/../liblua/Makefile"
diff --cc stand/libsa32/Makefile
index e7befc2d0dd6,eba6c00bd891..000000000000
mode 100644,100644..100755
--- a/stand/libsa32/Makefile
+++ b/stand/libsa32/Makefile
@@@ -4,8 -4,6 +4,11 @@@ DO32=
.include <bsd.init.mk>
++<<<<<<< HEAD
+MK_SPECTREV1_FIX=no
+
++=======
++>>>>>>> upstream/main
LIB=sa32
LIBSA_CPUARCH=${MACHINE_CPUARCH:C/amd64/i386/}
diff --cc stand/loader.mk
index 0b7107cbc18c,f6341052ab71..000000000000
mode 100644,100644..100755
--- a/stand/loader.mk
+++ b/stand/loader.mk
@@@ -13,7 -13,6 +13,10 @@@ SRCS+= load_elf32.c load_elf32_obj.c re
SRCS+= load_elf64.c load_elf64_obj.c reloc_elf64.c
.elif ${MACHINE_CPUARCH} == "aarch64"
SRCS+= load_elf64.c reloc_elf64.c
++<<<<<<< HEAD
+NOPIE= 1
++=======
++>>>>>>> upstream/main
.elif ${MACHINE_CPUARCH} == "arm"
SRCS+= load_elf32.c reloc_elf32.c
.elif ${MACHINE_CPUARCH} == "powerpc"
diff --cc stand/lua/Makefile
index dec741f51fe6,fe6fd6f63c8e..000000000000
mode 100644,100644..100755
--- a/stand/lua/Makefile
+++ b/stand/lua/Makefile
@@@ -20,8 -20,6 +20,11 @@@ FILES= cli.lua
drawer.lua \
hook.lua \
loader.lua \
++<<<<<<< HEAD
+ logo-hardenedbsd.lua \
+ logo-hardenedbsdbw.lua \
++=======
++>>>>>>> upstream/main
gfx-beastie.lua \
gfx-beastiebw.lua \
gfx-fbsdbw.lua \
diff --cc stand/lua/drawer.lua
index a8f9d9d95610,32483f1b424e..000000000000
mode 100644,100644..100755
--- a/stand/lua/drawer.lua
+++ b/stand/lua/drawer.lua
@@@ -37,7 -37,6 +37,10 @@@ local screen = require("screen"
local drawer = {}
local fbsd_brand
++<<<<<<< HEAD
+local hbsd_brand
++=======
++>>>>>>> upstream/main
local none
local menu_name_handlers
@@@ -251,7 -250,7 +254,11 @@@ local function drawbox(
end
local menu_header = loader.getenv("loader_menu_title") or
++<<<<<<< HEAD
+ " Welcome to HardenedBSD "
++=======
+ "Welcome to FreeBSD"
++>>>>>>> upstream/main
local menu_header_align = loader.getenv("loader_menu_title_align")
local menu_header_x
@@@ -343,14 -342,6 +350,17 @@@ fbsd_brand =
" | | | | | | || | | |",
" |_| |_| \\___|\\___||____/|_____/|_____/ "
}
++<<<<<<< HEAD
+hbsd_brand = {
+" _ _ _ _ ____ _____ _____ ",
+" | | | | | | | | _ \\ / ____| __ \\ ",
+" | |__| | __ _ _ __ __| | ___ _ __ ___ __| | |_) | (___ | | | |",
+" | __ |/ _` | '__/ _` |/ _ \\ '_ \\ / _ \\/ _` | _ < \\___ \\| | | |",
+" | | | | (_| | | | (_| | __/ | | | __/ (_| | |_) |____) | |__| |",
+" |_| |_|\\__,_|_| \\__,_|\\___|_| |_|\\___|\\__,_|____/|_____/|_____/ "
+}
++=======
++>>>>>>> upstream/main
none = {""}
menu_name_handlers = {
@@@ -388,9 -379,6 +398,12 @@@ branddefs =
["fbsd"] = {
graphic = fbsd_brand,
},
++<<<<<<< HEAD
+ ["hbsd"] = {
+ graphic = hbsd_brand,
+ },
++=======
++>>>>>>> upstream/main
["none"] = {
graphic = none,
},
@@@ -412,7 -400,7 +425,11 @@@ logodefs =
},
}
++<<<<<<< HEAD
+brand_position = {x = 7, y = 1}
++=======
+ brand_position = {x = 2, y = 1}
++>>>>>>> upstream/main
logo_position = {x = 46, y = 4}
menu_position = {x = 5, y = 10}
frame_size = {w = 42, h = 13}
@@@ -420,9 -408,9 +437,15 @@@ default_shift = {x = 0, y = 0
shift = default_shift
-- Module exports
++<<<<<<< HEAD
+drawer.default_brand = 'hbsd'
+drawer.default_color_logodef = 'hardenedbsd'
+drawer.default_bw_logodef = 'hardenedbsdbw'
++=======
+ drawer.default_brand = 'fbsd'
+ drawer.default_color_logodef = 'orb'
+ drawer.default_bw_logodef = 'orbbw'
++>>>>>>> upstream/main
-- For when things go terribly wrong; this def should be present here in the
-- drawer module in case it's a filesystem issue.
drawer.default_fallback_logodef = 'none'
diff --cc stand/usb/Makefile
index 7f10d9b79dfe,ab14a6d002a3..000000000000
mode 100644,100644..100755
--- a/stand/usb/Makefile
+++ b/stand/usb/Makefile
@@@ -46,9 -46,6 +46,12 @@@ CFLAGS+= -m3
.if ${MACHINE_CPUARCH} == "mips"
CFLAGS+= -mno-abicalls
.endif
++<<<<<<< HEAD
+.if ${MACHINE_CPUARCH} == "aarch64"
+NOPIE= 1
+.endif
++=======
++>>>>>>> upstream/main
.include "usbcore.mk"
diff --cc sys/amd64/amd64/elf_machdep.c
index 798d26fcda82,a3fb1184bb05..000000000000
mode 100644,100644..100755
--- a/sys/amd64/amd64/elf_machdep.c
+++ b/sys/amd64/amd64/elf_machdep.c
@@@ -28,15 -28,12 +28,21 @@@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/kernel.h>
#include <sys/systm.h>
#include <sys/exec.h>
#include <sys/imgact.h>
#include <sys/linker.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/sysent.h>
#include <sys/imgact_elf.h>
@@@ -68,13 -65,13 +74,21 @@@ struct sysentvec elf64_freebsd_sysvec_l
.sv_maxuser = VM_MAXUSER_ADDRESS_LA48,
.sv_usrstack = USRSTACK_LA48,
.sv_psstrings = PS_STRINGS_LA48,
++<<<<<<< HEAD
+ .sv_stackprot = VM_PROT_READ | VM_PROT_WRITE,
++=======
+ .sv_stackprot = VM_PROT_ALL,
++>>>>>>> upstream/main
.sv_copyout_auxargs = __elfN(freebsd_copyout_auxargs),
.sv_copyout_strings = exec_copyout_strings,
.sv_setregs = exec_setregs,
.sv_fixlimit = NULL,
.sv_maxssiz = NULL,
++<<<<<<< HEAD
+ .sv_flags = SV_ABI_FREEBSD | SV_LP64 | SV_SHP |
++=======
+ .sv_flags = SV_ABI_FREEBSD | SV_ASLR | SV_LP64 | SV_SHP |
++>>>>>>> upstream/main
SV_TIMEKEEP | SV_RNG_SEED_VER,
.sv_set_syscall_retval = cpu_set_syscall_retval,
.sv_fetch_syscall_args = cpu_fetch_syscall_args,
@@@ -84,10 -81,7 +98,14 @@@
.sv_schedtail = NULL,
.sv_thread_detach = NULL,
.sv_trap = NULL,
++<<<<<<< HEAD
+ .sv_pax_aslr_init = pax_aslr_init_vmspace,
+#if !defined(PAX_ASLR)
+ .sv_stackgap = elf64_stackgap,
+#endif
++=======
+ .sv_stackgap = elf64_stackgap,
++>>>>>>> upstream/main
};
struct sysentvec elf64_freebsd_sysvec_la57 = {
diff --cc sys/amd64/amd64/initcpu.c
index 0846eb9a812b,44a294da205a..000000000000
mode 100644,100644..100755
--- a/sys/amd64/amd64/initcpu.c
+++ b/sys/amd64/amd64/initcpu.c
@@@ -63,37 -63,6 +63,40 @@@ SYSCTL_INT(_hw, OID_AUTO, lower_amd64_s
*/
static int hw_clflush_disable = -1;
++<<<<<<< HEAD
+/*
+ * -1: SDBG not supported (default)
+ * 0: disabled SDBG
+ * 1: enabled SDBG
+ */
+static int hw_sdbg_status = -1;
+SYSCTL_INT(_hw, OID_AUTO, intel_sdbg, CTLFLAG_RD,
+ &hw_sdbg_status, 0, "Intel Silicon Debug Interface status");
+
+static void
+init_intel(void)
+{
+ uint64_t msr;
+
+ if ((cpu_feature2 & CPUID2_SDBG) && !(cpu_feature2 & CPUID2_HV)) {
+ msr = rdmsr(MSR_IA32_DEBUG_INTERFACE);
+ if ((msr & IA32_DEBUG_INTERFACE_EN) != 0 &&
+ (msr & IA32_DEBUG_INTERFACE_LOCK) == 0) {
+ msr &= IA32_DEBUG_INTERFACE_MASK;
+ msr |= IA32_DEBUG_INTERFACE_LOCK;
+ wrmsr(MSR_IA32_DEBUG_INTERFACE, msr);
+ }
+
+ /*
+ * Reread the status after applied quirk.
+ */
+ msr = rdmsr(MSR_IA32_DEBUG_INTERFACE);
+ hw_sdbg_status = (msr & IA32_DEBUG_INTERFACE_EN) ? 1 : 0;
+ }
+}
+
++=======
++>>>>>>> upstream/main
static void
init_amd(void)
{
@@@ -333,9 -302,6 +336,12 @@@ initializecpu(void
amd64_syscall_ret_flush_l1d_recalc();
x86_rngds_mitg_recalculate(false);
switch (cpu_vendor_id) {
++<<<<<<< HEAD
+ case CPU_VENDOR_INTEL:
+ init_intel();
+ break;
++=======
++>>>>>>> upstream/main
case CPU_VENDOR_AMD:
case CPU_VENDOR_HYGON:
init_amd();
diff --cc sys/amd64/amd64/machdep.c
index 918aada3c2bb,a21a93610e51..000000000000
mode 100644,100644..100755
--- a/sys/amd64/amd64/machdep.c
+++ b/sys/amd64/amd64/machdep.c
@@@ -443,7 -443,7 +443,11 @@@ sendsig(sig_t catcher, ksiginfo_t *ksi
}
regs->tf_rsp = (long)sfp;
++<<<<<<< HEAD
+ regs->tf_rip = p->p_sigcode_base;
++=======
+ regs->tf_rip = p->p_sysent->sv_sigcode_base;
++>>>>>>> upstream/main
regs->tf_rflags &= ~(PSL_T | PSL_D);
regs->tf_cs = _ucodesel;
regs->tf_ds = _udatasel;
@@@ -2063,15 -2063,6 +2067,18 @@@ in
ptrace_set_pc(struct thread *td, unsigned long addr)
{
++<<<<<<< HEAD
+ /*
+ * DragonflyBSD's safety towards:
+ * enforce canonical addresses - this should
+ * fix SYSRET's potential issue handling
+ */
+ if (addr & 0x0000800000000000LLU)
+ addr = addr | 0xFFFF000000000000LLU;
+ else
+ addr = addr & 0x0000FFFFFFFFFFFFLLU;
++=======
++>>>>>>> upstream/main
td->td_frame->tf_rip = addr;
set_pcb_flags(td->td_pcb, PCB_FULL_IRET);
return (0);
diff --cc sys/amd64/amd64/pmap.c
index fc7903eb00a4,b325dbe8ef7a..000000000000
mode 100644,100644..100755
--- a/sys/amd64/amd64/pmap.c
+++ b/sys/amd64/amd64/pmap.c
@@@ -108,7 -108,6 +108,10 @@@ __FBSDID("$FreeBSD$")
*/
#include "opt_ddb.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include "opt_pmap.h"
#include "opt_vm.h"
@@@ -511,12 -510,7 +514,16 @@@ int invpcid_works = 0
SYSCTL_INT(_vm_pmap, OID_AUTO, invpcid_works, CTLFLAG_RD, &invpcid_works, 0,
"Is the invpcid instruction available ?");
++<<<<<<< HEAD
+#ifdef PAX
+/* The related part of code is in x86/identcpu.c - see pti_get_default() */
+int __read_frequently pti = 1;
+#else
+int __read_frequently pti = 0;
+#endif
++=======
+ int __read_frequently pti = 0;
++>>>>>>> upstream/main
SYSCTL_INT(_vm_pmap, OID_AUTO, pti, CTLFLAG_RDTUN | CTLFLAG_NOFETCH,
&pti, 0,
"Page Table Isolation enabled");
@@@ -2589,7 -2583,6 +2596,10 @@@ pmap_cache_mask(pmap_t pmap, boolean_t
return (mask);
}
++<<<<<<< HEAD
+#ifndef PAX_HARDENING
++=======
++>>>>>>> upstream/main
static int
pmap_pat_index(pmap_t pmap, pt_entry_t pte, bool is_pde)
{
@@@ -2624,7 -2617,6 +2634,10 @@@
return (pat_idx);
}
++<<<<<<< HEAD
+#endif /* !PAX_HARDENING */
++=======
++>>>>>>> upstream/main
bool
pmap_ps_enabled(pmap_t pmap)
@@@ -11029,7 -11021,6 +11042,10 @@@ pmap_pkru_clear(pmap_t pmap, vm_offset_
return (error);
}
++<<<<<<< HEAD
+#ifndef PAX_HARDENING
++=======
++>>>>>>> upstream/main
/*
* Track a range of the kernel's virtual address space that is contiguous
* in various mapping attributes.
@@@ -11295,10 -11286,9 +11311,16 @@@ restart
return (error);
}
SYSCTL_OID(_vm_pmap, OID_AUTO, kernel_maps,
++<<<<<<< HEAD
+ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE | CTLFLAG_ROOTONLY,
+ NULL, 0, sysctl_kmaps, "A",
+ "Dump kernel address layout");
+#endif /* !PAX_HARDENING */
++=======
+ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE,
+ NULL, 0, sysctl_kmaps, "A",
+ "Dump kernel address layout");
++>>>>>>> upstream/main
#ifdef DDB
DB_SHOW_COMMAND(pte, pmap_print_pte)
diff --cc sys/amd64/cloudabi64/cloudabi64_sysvec.c
index 9c194209d6a9,34ad0aedfe8b..000000000000
mode 100644,100644..100755
--- a/sys/amd64/cloudabi64/cloudabi64_sysvec.c
+++ b/sys/amd64/cloudabi64/cloudabi64_sysvec.c
@@@ -26,12 -26,9 +26,18 @@@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
++<<<<<<< HEAD
+#include "opt_pax.h"
+
+#include <sys/param.h>
+#include <sys/imgact.h>
+#include <sys/kernel.h>
+#include <sys/pax.h>
++=======
+ #include <sys/param.h>
+ #include <sys/imgact.h>
+ #include <sys/kernel.h>
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/sysent.h>
@@@ -211,7 -208,6 +217,10 @@@ static struct sysentvec cloudabi64_elf_
.sv_fetch_syscall_args = cloudabi64_fetch_syscall_args,
.sv_syscallnames = cloudabi64_syscallnames,
.sv_schedtail = cloudabi64_schedtail,
++<<<<<<< HEAD
+ .sv_pax_aslr_init = pax_aslr_init_vmspace,
++=======
++>>>>>>> upstream/main
};
INIT_SYSENTVEC(elf_sysvec, &cloudabi64_elf_sysvec);
diff --cc sys/amd64/conf/NOTES
index 33c800ffef06,8504bfa68c36..000000000000
mode 100644,100644..100755
--- a/sys/amd64/conf/NOTES
+++ b/sys/amd64/conf/NOTES
@@@ -617,6 -617,9 +617,12 @@@ options EFIR
# Enable 32-bit runtime support for FreeBSD/i386 binaries.
options COMPAT_FREEBSD32
++<<<<<<< HEAD
++=======
+ # Enable (32-bit) a.out binary support
+ options COMPAT_AOUT
+
++>>>>>>> upstream/main
# Enable 32-bit runtime support for CloudABI binaries.
options COMPAT_CLOUDABI32
diff --cc sys/amd64/ia32/ia32_signal.c
index 7ce206f5b18c,51dd1f38090f..000000000000
mode 100644,100644..100755
--- a/sys/amd64/ia32/ia32_signal.c
+++ b/sys/amd64/ia32/ia32_signal.c
@@@ -418,7 -418,7 +418,11 @@@ ia32_osendsig(sig_t catcher, ksiginfo_
}
regs->tf_rsp = (uintptr_t)fp;
++<<<<<<< HEAD
+ regs->tf_rip = p->p_psstrings - sz_ia32_osigcode;
++=======
+ regs->tf_rip = p->p_sysent->sv_psstrings - sz_ia32_osigcode;
++>>>>>>> upstream/main
regs->tf_rflags &= ~(PSL_T | PSL_D);
regs->tf_cs = _ucode32sel;
regs->tf_ds = _udatasel;
@@@ -529,7 -529,7 +533,11 @@@ freebsd4_ia32_sendsig(sig_t catcher, ks
}
regs->tf_rsp = (uintptr_t)sfp;
++<<<<<<< HEAD
+ regs->tf_rip = p->p_sigcode_base + sz_ia32_sigcode -
++=======
+ regs->tf_rip = p->p_sysent->sv_sigcode_base + sz_ia32_sigcode -
++>>>>>>> upstream/main
sz_freebsd4_ia32_sigcode;
regs->tf_rflags &= ~(PSL_T | PSL_D);
regs->tf_cs = _ucode32sel;
@@@ -672,7 -672,7 +680,11 @@@ ia32_sendsig(sig_t catcher, ksiginfo_t
}
regs->tf_rsp = (uintptr_t)sfp;
++<<<<<<< HEAD
+ regs->tf_rip = p->p_sigcode_base;
++=======
+ regs->tf_rip = p->p_sysent->sv_sigcode_base;
++>>>>>>> upstream/main
regs->tf_rflags &= ~(PSL_T | PSL_D);
regs->tf_cs = _ucode32sel;
regs->tf_ss = _udatasel;
diff --cc sys/amd64/ia32/ia32_syscall.c
index ba4cb2b6cb4d,6c9399d1a52f..000000000000
mode 100644,100644..100755
--- a/sys/amd64/ia32/ia32_syscall.c
+++ b/sys/amd64/ia32/ia32_syscall.c
@@@ -260,7 -260,7 +260,11 @@@ setup_lcall_gate(void
bzero(&uap, sizeof(uap));
uap.start = 0;
uap.num = 1;
++<<<<<<< HEAD
+ lcall_addr = curproc->p_psstrings - sz_lcall_tramp;
++=======
+ lcall_addr = curproc->p_sysent->sv_psstrings - sz_lcall_tramp;
++>>>>>>> upstream/main
bzero(&desc, sizeof(desc));
desc.sd_type = SDT_MEMERA;
desc.sd_dpl = SEL_UPL;
diff --cc sys/amd64/include/vmparam.h
index 849868ed68b1,c7ffb218dd4a..000000000000
mode 100644,100644..100755
--- a/sys/amd64/include/vmparam.h
+++ b/sys/amd64/include/vmparam.h
@@@ -64,7 -64,7 +64,11 @@@
#define DFLSSIZ (8UL*1024*1024) /* initial stack size limit */
#endif
#ifndef MAXSSIZ
++<<<<<<< HEAD
+#define MAXSSIZ (1UL*1024*1024*1024) /* max stack size */
++=======
+ #define MAXSSIZ (512UL*1024*1024) /* max stack size */
++>>>>>>> upstream/main
#endif
#ifndef SGROWSIZ
#define SGROWSIZ (128UL*1024) /* amount to grow stack */
@@@ -195,17 -195,16 +199,28 @@@
#define VM_MAXUSER_ADDRESS_LA48 UVADDR(0, NUP4ML4E, 0, 0, 0)
#define VM_MAXUSER_ADDRESS VM_MAXUSER_ADDRESS_LA57
++<<<<<<< HEAD
+#define SHAREDPAGE_GUARD (4 * PAGE_SIZE)
+#define SHAREDPAGE_LA57 (VM_MAXUSER_ADDRESS_LA57 - PAGE_SIZE)
+#define SHAREDPAGE_LA48 (VM_MAXUSER_ADDRESS_LA48 - PAGE_SIZE)
+#define USRSTACK_LA57 (SHAREDPAGE_LA57 - SHAREDPAGE_GUARD)
+#define USRSTACK_LA48 (SHAREDPAGE_LA48 - SHAREDPAGE_GUARD)
++=======
+ #define SHAREDPAGE_LA57 (VM_MAXUSER_ADDRESS_LA57 - PAGE_SIZE)
+ #define SHAREDPAGE_LA48 (VM_MAXUSER_ADDRESS_LA48 - PAGE_SIZE)
+ #define USRSTACK_LA57 SHAREDPAGE_LA57
+ #define USRSTACK_LA48 SHAREDPAGE_LA48
++>>>>>>> upstream/main
#define USRSTACK USRSTACK_LA48
#define PS_STRINGS_LA57 (USRSTACK_LA57 - sizeof(struct ps_strings))
#define PS_STRINGS_LA48 (USRSTACK_LA48 - sizeof(struct ps_strings))
#define VM_MAX_ADDRESS UPT_MAX_ADDRESS
++<<<<<<< HEAD
+#define VM_MIN_ADDRESS (65536)
++=======
+ #define VM_MIN_ADDRESS (0)
++>>>>>>> upstream/main
/*
* XXX Allowing dmaplimit == 0 is a temporary workaround for vt(4) efifb's
diff --cc sys/amd64/linux/linux_sysvec.c
index 03fef1f2ee41,dbfc650a916e..000000000000
mode 100644,100644..100755
--- a/sys/amd64/linux/linux_sysvec.c
+++ b/sys/amd64/linux/linux_sysvec.c
@@@ -34,8 -34,6 +34,11 @@@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#define __ELF_WORD_SIZE 64
#include <sys/param.h>
@@@ -50,7 -48,6 +53,10 @@@
#include <sys/malloc.h>
#include <sys/module.h>
#include <sys/mutex.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/resourcevar.h>
#include <sys/signalvar.h>
@@@ -266,7 -263,7 +272,11 @@@ linux_copyout_auxargs(struct image_para
issetugid = p->p_flag & P_SUGID ? 1 : 0;
AUXARGS_ENTRY(pos, LINUX_AT_SYSINFO_EHDR,
++<<<<<<< HEAD
+ imgp->proc->p_shared_page_base);
++=======
+ imgp->proc->p_sysent->sv_shared_page_base);
++>>>>>>> upstream/main
AUXARGS_ENTRY(pos, LINUX_AT_HWCAP, cpu_feature);
AUXARGS_ENTRY(pos, LINUX_AT_CLKTCK, stclohz);
AUXARGS_ENTRY(pos, AT_PHDR, args->phdr);
@@@ -337,7 -334,7 +347,11 @@@ linux_copyout_strings(struct image_para
execpath_len = 0;
p = imgp->proc;
++<<<<<<< HEAD
+ arginfo = (struct ps_strings *)p->p_psstrings;
++=======
+ arginfo = (struct ps_strings *)p->p_sysent->sv_psstrings;
++>>>>>>> upstream/main
destp = (uintptr_t)arginfo;
if (execpath_len != 0) {
@@@ -768,7 -765,7 +782,11 @@@ struct sysentvec elf_linux_sysvec =
.sv_maxuser = VM_MAXUSER_ADDRESS_LA48,
.sv_usrstack = USRSTACK_LA48,
.sv_psstrings = PS_STRINGS_LA48,
++<<<<<<< HEAD
+ .sv_stackprot = VM_PROT_READ | VM_PROT_WRITE,
++=======
+ .sv_stackprot = VM_PROT_ALL,
++>>>>>>> upstream/main
.sv_copyout_auxargs = linux_copyout_auxargs,
.sv_copyout_strings = linux_copyout_strings,
.sv_setregs = linux_exec_setregs,
@@@ -783,7 -780,6 +801,10 @@@
.sv_schedtail = linux_schedtail,
.sv_thread_detach = linux_thread_detach,
.sv_trap = linux_vsyscall,
++<<<<<<< HEAD
+ .sv_pax_aslr_init = pax_aslr_init_vmspace,
++=======
++>>>>>>> upstream/main
.sv_onexec = linux_on_exec,
.sv_onexit = linux_on_exit,
.sv_ontdexit = linux_thread_dtor,
diff --cc sys/amd64/linux32/linux32_sysvec.c
index 77f69e02f5ad,d06a1fb17d9b..000000000000
mode 100644,100644..100755
--- a/sys/amd64/linux32/linux32_sysvec.c
+++ b/sys/amd64/linux32/linux32_sysvec.c
@@@ -36,7 -36,6 +36,10 @@@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#ifndef COMPAT_FREEBSD32
#error "Unable to compile Linux-emulator due to missing COMPAT_FREEBSD32 option!"
@@@ -55,7 -54,6 +58,10 @@@
#include <sys/malloc.h>
#include <sys/module.h>
#include <sys/mutex.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/resourcevar.h>
#include <sys/signalvar.h>
@@@ -202,7 -200,7 +208,11 @@@ linux_copyout_auxargs(struct image_para
issetugid = imgp->proc->p_flag & P_SUGID ? 1 : 0;
AUXARGS_ENTRY(pos, LINUX_AT_SYSINFO_EHDR,
++<<<<<<< HEAD
+ imgp->proc->p_shared_page_base);
++=======
+ imgp->proc->p_sysent->sv_shared_page_base);
++>>>>>>> upstream/main
AUXARGS_ENTRY(pos, LINUX_AT_SYSINFO, linux32_vsyscall);
AUXARGS_ENTRY(pos, LINUX_AT_HWCAP, cpu_feature);
@@@ -750,7 -748,7 +760,11 @@@ linux_copyout_strings(struct image_para
else
execpath_len = 0;
++<<<<<<< HEAD
+ arginfo = (struct linux32_ps_strings *)(imgp->proc->p_psstrings);
++=======
+ arginfo = (struct linux32_ps_strings *)LINUX32_PS_STRINGS;
++>>>>>>> upstream/main
destp = (uintptr_t)arginfo;
if (execpath_len != 0) {
@@@ -912,7 -910,7 +926,11 @@@ struct sysentvec elf_linux_sysvec =
.sv_maxuser = LINUX32_MAXUSER,
.sv_usrstack = LINUX32_USRSTACK,
.sv_psstrings = LINUX32_PS_STRINGS,
++<<<<<<< HEAD
+ .sv_stackprot = VM_PROT_READ | VM_PROT_WRITE,
++=======
+ .sv_stackprot = VM_PROT_ALL,
++>>>>>>> upstream/main
.sv_copyout_auxargs = linux_copyout_auxargs,
.sv_copyout_strings = linux_copyout_strings,
.sv_setregs = linux_exec_setregs,
@@@ -926,8 -924,7 +944,12 @@@
.sv_shared_page_len = PAGE_SIZE,
.sv_schedtail = linux_schedtail,
.sv_thread_detach = linux_thread_detach,
++<<<<<<< HEAD
+ .sv_trap = NULL,
+ .sv_pax_aslr_init = pax_aslr_init_vmspace32,
++=======
+ .sv_trap = NULL,
++>>>>>>> upstream/main
.sv_onexec = linux_on_exec,
.sv_onexit = linux_on_exit,
.sv_ontdexit = linux_thread_dtor,
diff --cc sys/amd64/vmm/x86.c
index c2099bd427f9,a4a9c8203fc5..000000000000
mode 100644,100644..100755
--- a/sys/amd64/vmm/x86.c
+++ b/sys/amd64/vmm/x86.c
@@@ -375,11 -375,6 +375,14 @@@ x86_emulate_cpuid(struct vm *vm, int vc
regs[2] &= ~CPUID2_TSCDLT;
/*
++<<<<<<< HEAD
+ * Hide the Silicon Debug functionality.
+ */
+ regs[2] &= ~(CPUID2_SDBG);
+
+ /*
++=======
++>>>>>>> upstream/main
* Hide thermal monitoring
*/
regs[3] &= ~(CPUID_ACPI | CPUID_TM);
diff --cc sys/arm/arm/elf_machdep.c
index 5832e3b1eaeb,d32dbb5baf90..000000000000
mode 100644,100644..100755
--- a/sys/arm/arm/elf_machdep.c
+++ b/sys/arm/arm/elf_machdep.c
@@@ -28,8 -28,6 +28,11 @@@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/kernel.h>
#include <sys/systm.h>
@@@ -38,7 -36,6 +41,10 @@@
#include <sys/linker.h>
#include <sys/sysent.h>
#include <sys/imgact_elf.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/syscall.h>
#include <sys/signalvar.h>
@@@ -88,7 -85,7 +94,11 @@@ struct sysentvec elf32_freebsd_sysvec
.sv_fixlimit = NULL,
.sv_maxssiz = NULL,
.sv_flags =
++<<<<<<< HEAD
+ SV_SHP | SV_TIMEKEEP | SV_RNG_SEED_VER |
++=======
+ SV_ASLR | SV_SHP | SV_TIMEKEEP | SV_RNG_SEED_VER |
++>>>>>>> upstream/main
SV_ABI_FREEBSD | SV_ILP32,
.sv_set_syscall_retval = cpu_set_syscall_retval,
.sv_fetch_syscall_args = cpu_fetch_syscall_args,
@@@ -98,7 -95,6 +108,10 @@@
.sv_schedtail = NULL,
.sv_thread_detach = NULL,
.sv_trap = NULL,
++<<<<<<< HEAD
+ .sv_pax_aslr_init = pax_aslr_init_vmspace,
++=======
++>>>>>>> upstream/main
.sv_hwcap = &elf_hwcap,
.sv_hwcap2 = &elf_hwcap2,
};
diff --cc sys/arm/arm/machdep.c
index 82cc3d1b17e0,3296adaaa44b..000000000000
mode 100644,100644..100755
--- a/sys/arm/arm/machdep.c
+++ b/sys/arm/arm/machdep.c
@@@ -46,7 -46,6 +46,10 @@@
#include "opt_ddb.h"
#include "opt_kstack_pages.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include "opt_platform.h"
#include "opt_sched.h"
@@@ -66,7 -65,6 +69,10 @@@ __FBSDID("$FreeBSD$")
#include <sys/ktr.h>
#include <sys/linker.h>
#include <sys/msgbuf.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/physmem.h>
#include <sys/reboot.h>
#include <sys/rwlock.h>
@@@ -615,9 -613,9 +621,15 @@@ sendsig(catcher, ksi, mask
tf->tf_usr_sp = (register_t)fp;
sysent = p->p_sysent;
if (sysent->sv_sigcode_base != 0)
++<<<<<<< HEAD
+ tf->tf_usr_lr = (register_t)p->p_sigcode_base;
+ else
+ tf->tf_usr_lr = (register_t)(p->p_psstrings -
++=======
+ tf->tf_usr_lr = (register_t)sysent->sv_sigcode_base;
+ else
+ tf->tf_usr_lr = (register_t)(sysent->sv_psstrings -
++>>>>>>> upstream/main
*(sysent->sv_szsigcode));
/* Set the mode to enter in the signal handler */
#if __ARM_ARCH >= 7
diff --cc sys/arm64/arm64/elf_machdep.c
index aa6bf4eac211,cd12d40c37df..000000000000
mode 100644,100644..100755
--- a/sys/arm64/arm64/elf_machdep.c
+++ b/sys/arm64/arm64/elf_machdep.c
@@@ -31,8 -31,6 +31,11 @@@
* SUCH DAMAGE.
*/
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
@@@ -42,7 -40,6 +45,10 @@@
#include <sys/exec.h>
#include <sys/imgact.h>
#include <sys/linker.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/sysent.h>
#include <sys/imgact_elf.h>
@@@ -84,7 -81,7 +90,11 @@@ static struct sysentvec elf64_freebsd_s
.sv_fixlimit = NULL,
.sv_maxssiz = NULL,
.sv_flags = SV_SHP | SV_TIMEKEEP | SV_ABI_FREEBSD | SV_LP64 |
++<<<<<<< HEAD
+ SV_RNG_SEED_VER,
++=======
+ SV_ASLR | SV_RNG_SEED_VER,
++>>>>>>> upstream/main
.sv_set_syscall_retval = cpu_set_syscall_retval,
.sv_fetch_syscall_args = cpu_fetch_syscall_args,
.sv_syscallnames = syscallnames,
@@@ -95,7 -92,6 +105,10 @@@
.sv_trap = NULL,
.sv_hwcap = &elf_hwcap,
.sv_hwcap2 = &elf_hwcap2,
++<<<<<<< HEAD
+ .sv_pax_aslr_init = pax_aslr_init_vmspace,
++=======
++>>>>>>> upstream/main
};
INIT_SYSENTVEC(elf64_sysvec, &elf64_freebsd_sysvec);
diff --cc sys/arm64/arm64/machdep.c
index 3e4255628477,b48c833d6a23..000000000000
mode 100644,100644..100755
--- a/sys/arm64/arm64/machdep.c
+++ b/sys/arm64/arm64/machdep.c
@@@ -807,9 -807,9 +807,15 @@@ sendsig(sig_t catcher, ksiginfo_t *ksi
tf->tf_sp = (register_t)fp;
sysent = p->p_sysent;
if (sysent->sv_sigcode_base != 0)
++<<<<<<< HEAD
+ tf->tf_lr = (register_t)p->p_sigcode_base;
+ else
+ tf->tf_lr = (register_t)(p->p_psstrings -
++=======
+ tf->tf_lr = (register_t)sysent->sv_sigcode_base;
+ else
+ tf->tf_lr = (register_t)(sysent->sv_psstrings -
++>>>>>>> upstream/main
*(sysent->sv_szsigcode));
CTR3(KTR_SIG, "sendsig: return td=%p pc=%#x sp=%#x", td, tf->tf_elr,
diff --cc sys/arm64/arm64/pmap.c
index 0e71cb37bb06,98734cd12cc0..000000000000
mode 100644,100644..100755
--- a/sys/arm64/arm64/pmap.c
+++ b/sys/arm64/arm64/pmap.c
@@@ -105,7 -105,6 +105,10 @@@ __FBSDID("$FreeBSD$")
* and to when physical maps must be made correct.
*/
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include "opt_vm.h"
#include <sys/param.h>
@@@ -6964,7 -6963,6 +6967,10 @@@ pmap_is_valid_memattr(pmap_t pmap __unu
return (mode >= VM_MEMATTR_DEVICE && mode <= VM_MEMATTR_WRITE_THROUGH);
}
++<<<<<<< HEAD
+#ifndef PAX_HARDENING
++=======
++>>>>>>> upstream/main
/*
* Track a range of the kernel's virtual address space that is contiguous
* in various mapping attributes.
@@@ -7170,7 -7168,6 +7176,13 @@@ sysctl_kmaps(SYSCTL_HANDLER_ARGS
return (error);
}
SYSCTL_OID(_vm_pmap, OID_AUTO, kernel_maps,
++<<<<<<< HEAD
+ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE | CTLFLAG_ROOTONLY,
+ NULL, 0, sysctl_kmaps, "A",
+ "Dump kernel address layout");
+#endif /* !PAX_HARDENING */
++=======
+ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE,
+ NULL, 0, sysctl_kmaps, "A",
+ "Dump kernel address layout");
++>>>>>>> upstream/main
diff --cc sys/arm64/linux/linux_sysvec.c
index 5c8f1d0c5102,366fe7c2dc44..000000000000
mode 100644,100644..100755
--- a/sys/arm64/linux/linux_sysvec.c
+++ b/sys/arm64/linux/linux_sysvec.c
@@@ -29,8 -29,6 +29,11 @@@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/cdefs.h>
@@@ -42,7 -40,6 +45,10 @@@
#include <sys/lock.h>
#include <sys/module.h>
#include <sys/mutex.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/signalvar.h>
#include <sys/sysctl.h>
@@@ -167,7 -164,7 +173,11 @@@ linux_copyout_auxargs(struct image_para
issetugid = p->p_flag & P_SUGID ? 1 : 0;
AUXARGS_ENTRY(pos, LINUX_AT_SYSINFO_EHDR,
++<<<<<<< HEAD
+ imgp->proc->p_shared_page_base);
++=======
+ imgp->proc->p_sysent->sv_shared_page_base);
++>>>>>>> upstream/main
#if 0 /* LINUXTODO: implement arm64 LINUX_AT_HWCAP */
AUXARGS_ENTRY(pos, LINUX_AT_HWCAP, cpu_feature);
#endif
@@@ -237,7 -234,7 +247,11 @@@ linux_copyout_strings(struct image_para
execpath_len = 0;
p = imgp->proc;
++<<<<<<< HEAD
+ arginfo = (struct ps_strings *)p->p_psstrings;
++=======
+ arginfo = (struct ps_strings *)p->p_sysent->sv_psstrings;
++>>>>>>> upstream/main
destp = (uintptr_t)arginfo;
if (execpath_len != 0) {
@@@ -422,7 -419,6 +436,10 @@@ struct sysentvec elf_linux_sysvec =
.sv_schedtail = linux_schedtail,
.sv_thread_detach = linux_thread_detach,
.sv_trap = linux_vsyscall,
++<<<<<<< HEAD
+ .sv_pax_aslr_init = pax_aslr_init_vmspace,
++=======
++>>>>>>> upstream/main
.sv_onexec = linux_on_exec,
.sv_onexit = linux_on_exit,
.sv_ontdexit = linux_thread_dtor,
diff --cc sys/compat/cloudabi64/cloudabi64_module.c
index f085275e45ea,ed0c85b4aba5..000000000000
mode 100644,100644..100755
--- a/sys/compat/cloudabi64/cloudabi64_module.c
+++ b/sys/compat/cloudabi64/cloudabi64_module.c
@@@ -55,7 -55,7 +55,11 @@@ cloudabi64_copyout_strings(struct image
/* Copy out program arguments. */
args = imgp->args;
len = exec_args_get_begin_envv(args) - args->begin_argv;
++<<<<<<< HEAD
+ begin = rounddown2(imgp->proc->p_usrstack - len, sizeof(register_t));
++=======
+ begin = rounddown2(imgp->sysent->sv_usrstack - len, sizeof(register_t));
++>>>>>>> upstream/main
*stack_base = begin;
return (copyout(args->begin_argv, (void *)begin, len));
}
@@@ -129,7 -129,7 +133,11 @@@ cloudabi64_fixup(uintptr_t *stack_base
VAL(CLOUDABI_AT_PHNUM, args->phnum),
PTR(CLOUDABI_AT_PID, pid),
PTR(CLOUDABI_AT_SYSINFO_EHDR,
++<<<<<<< HEAD
+ imgp->proc->p_shared_page_base),
++=======
+ imgp->proc->p_sysent->sv_shared_page_base),
++>>>>>>> upstream/main
VAL(CLOUDABI_AT_TID, td->td_tid),
#undef VAL
#undef PTR
diff --cc sys/compat/freebsd32/freebsd32_misc.c
index c3a67ba1acb8,d0489919718f..000000000000
mode 100644,100644..100755
--- a/sys/compat/freebsd32/freebsd32_misc.c
+++ b/sys/compat/freebsd32/freebsd32_misc.c
@@@ -32,7 -32,6 +32,10 @@@ __FBSDID("$FreeBSD$")
#include "opt_inet.h"
#include "opt_inet6.h"
#include "opt_ktrace.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#define __ELF_WORD_SIZE 32
@@@ -62,7 -61,6 +65,10 @@@
#include <sys/mount.h>
#include <sys/mutex.h>
#include <sys/namei.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/procctl.h>
#include <sys/ptrace.h>
@@@ -484,7 -482,10 +490,14 @@@ freebsd32_mprotect(struct thread *td, s
int prot;
prot = uap->prot;
++<<<<<<< HEAD
+
++=======
+ #if defined(__amd64__)
+ if (i386_read_exec && (prot & PROT_READ) != 0)
+ prot |= PROT_EXEC;
+ #endif
++>>>>>>> upstream/main
return (kern_mprotect(td, (uintptr_t)PTRIN(uap->addr), uap->len,
prot));
}
@@@ -495,6 -496,10 +508,13 @@@ freebsd32_mmap(struct thread *td, struc
int prot;
prot = uap->prot;
++<<<<<<< HEAD
++=======
+ #if defined(__amd64__)
+ if (i386_read_exec && (prot & PROT_READ))
+ prot |= PROT_EXEC;
+ #endif
++>>>>>>> upstream/main
return (kern_mmap(td, (uintptr_t)uap->addr, uap->len, prot,
uap->flags, uap->fd, PAIR32TO64(off_t, uap->pos)));
@@@ -508,6 -513,10 +528,13 @@@ freebsd6_freebsd32_mmap(struct thread *
int prot;
prot = uap->prot;
++<<<<<<< HEAD
++=======
+ #if defined(__amd64__)
+ if (i386_read_exec && (prot & PROT_READ))
+ prot |= PROT_EXEC;
+ #endif
++>>>>>>> upstream/main
return (kern_mmap(td, (uintptr_t)uap->addr, uap->len, prot,
uap->flags, uap->fd, PAIR32TO64(off_t, uap->pos)));
@@@ -3351,16 -3360,13 +3378,26 @@@ freebsd32_copyout_strings(struct image_
execpath_len = strlen(imgp->execpath) + 1;
else
execpath_len = 0;
++<<<<<<< HEAD
+ arginfo = (struct freebsd32_ps_strings *)curproc->p_psstrings;
+ imgp->ps_strings = arginfo;
+ if (imgp->proc->p_sigcode_base == 0)
+ szsigcode = *(imgp->proc->p_sysent->sv_szsigcode);
+#ifdef PAX_ASLR
+ pax_aslr_vdso(imgp->proc, &(imgp->proc->p_sigcode_base));
+#endif
+ else {
+ szsigcode = 0;
+ }
++=======
+ arginfo = (struct freebsd32_ps_strings *)curproc->p_sysent->
+ sv_psstrings;
+ imgp->ps_strings = arginfo;
+ if (imgp->proc->p_sysent->sv_sigcode_base == 0)
+ szsigcode = *(imgp->proc->p_sysent->sv_szsigcode);
+ else
+ szsigcode = 0;
++>>>>>>> upstream/main
destp = (uintptr_t)arginfo;
/*
diff --cc sys/compat/ia32/ia32_sysvec.c
index a7478e794730,f5a2c1200fc6..000000000000
mode 100644,100644..100755
--- a/sys/compat/ia32/ia32_sysvec.c
+++ b/sys/compat/ia32/ia32_sysvec.c
@@@ -30,8 -30,6 +30,11 @@@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#define __ELF_WORD_SIZE 32
#include <sys/param.h>
@@@ -44,7 -42,6 +47,10 @@@
#include <sys/mutex.h>
#include <sys/mman.h>
#include <sys/namei.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/procfs.h>
#include <sys/resourcevar.h>
@@@ -130,10 -127,7 +136,14 @@@ struct sysentvec ia32_freebsd_sysvec =
.sv_schedtail = NULL,
.sv_thread_detach = NULL,
.sv_trap = NULL,
++<<<<<<< HEAD
+ .sv_pax_aslr_init = pax_aslr_init_vmspace32,
+#if !defined(PAX_ASLR)
+ .sv_stackgap = elf32_stackgap,
+#endif
++=======
+ .sv_stackgap = elf32_stackgap,
++>>>>>>> upstream/main
};
INIT_SYSENTVEC(elf_ia32_sysvec, &ia32_freebsd_sysvec);
diff --cc sys/compat/linprocfs/linprocfs.c
index 609bcf8a64a6,79ffc4dfd5aa..000000000000
mode 100644,100644..100755
--- a/sys/compat/linprocfs/linprocfs.c
+++ b/sys/compat/linprocfs/linprocfs.c
@@@ -1342,9 -1342,9 +1342,15 @@@ linprocfs_doprocmaps(PFS_FILL_ARGS
ino = vat.va_fileid;
vput(vp);
} else if (SV_PROC_ABI(p) == SV_ABI_LINUX) {
++<<<<<<< HEAD
+ if (e_start == p->p_shared_page_base)
+ name = vdso_str;
+ if (e_end == p->p_usrstack)
++=======
+ if (e_start == p->p_sysent->sv_shared_page_base)
+ name = vdso_str;
+ if (e_end == p->p_sysent->sv_usrstack)
++>>>>>>> upstream/main
name = stack_str;
}
} else {
diff --cc sys/compat/linux/linux_mmap.c
index 8dd44d83bf17,1b4b0b78280c..000000000000
mode 100644,100644..100755
--- a/sys/compat/linux/linux_mmap.c
+++ b/sys/compat/linux/linux_mmap.c
@@@ -178,7 -178,7 +178,11 @@@ linux_mmap_common(struct thread *td, ui
* mmap's return value.
*/
PROC_LOCK(p);
++<<<<<<< HEAD
+ vms->vm_maxsaddr = (char *)p->p_usrstack -
++=======
+ vms->vm_maxsaddr = (char *)p->p_sysent->sv_usrstack -
++>>>>>>> upstream/main
lim_cur_proc(p, RLIMIT_STACK);
PROC_UNLOCK(p);
}
diff --cc sys/conf/NOTES
index da4995fb769f,e10e9401e853..000000000000
mode 100644,100644..100755
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@@@ -2809,20 -2809,6 +2809,23 @@@ options IMAGACT_BINMIS
# This enables support for compressed core dumps.
options GZIO
++<<<<<<< HEAD
+# PAX and HardenedBSD related knobs
+options PAX # Enable the PAX framework
+options PAX_CONTROL_ACL # PaX MAC framework, required for secadm
+options PAX_CONTROL_ACL_OVERRIDE_SUPPORT # Allow to override hbsdcontrol settings with ACLs
+options PAX_CONTROL_EXTATTR # extattr based control framework for hbsdcontrol
+options PAX_ASLR # Address Space Layout Randomization
+options PAX_HARDENING # Other hardening features
+options PAX_NOEXEC # Remove WX pages from user-space and enforce W^X
+options PAX_SEGVGUARD # Track and ban failing process
+options PAX_SYSCTLS # Run-time settings for PAX and Hardening
+options PAX_JAIL_SUPPORT # Allow to override PAX settings per jail
+options PAX_INSECURE_MODE # Allow to override INVARIANTS enforcements
+options HBSD_DEBUG
+
++=======
++>>>>>>> upstream/main
# zstd support
# This enables support for Zstd compressed core dumps, GEOM_UZIP images,
# and is required by zfs if statically linked.
diff --cc sys/conf/files
index 2e45c8250d3c,4198c3290196..000000000000
mode 100644,100644..100755
--- a/sys/conf/files
+++ b/sys/conf/files
@@@ -3747,15 -3747,6 +3747,18 @@@ fs/ext2fs/ext2_subr.c optional ext2f
fs/ext2fs/ext2_vfsops.c optional ext2fs
fs/ext2fs/ext2_vnops.c optional ext2fs
#
++<<<<<<< HEAD
+hardenedbsd/hbsd_pax_common.c optional pax
+hardenedbsd/hbsd_pax_log.c optional pax
+hardenedbsd/hbsd_pax_aslr.c optional pax pax_aslr
+hardenedbsd/hbsd_pax_hardening.c optional pax pax_hardening
+hardenedbsd/hbsd_pax_noexec.c optional pax pax_noexec
+hardenedbsd/hbsd_pax_segvguard.c optional pax pax_segvguard
+hardenedbsd/hbsd_control_acl.c optional pax pax_control_acl
+hardenedbsd/hbsd_control_extattr.c optional pax pax_control_extattr
+#
++=======
++>>>>>>> upstream/main
isa/isa_if.m standard
isa/isa_common.c optional isa
isa/isahint.c optional isa
@@@ -5021,7 -5012,6 +5024,10 @@@ security/mac/mac_cred.c optional ma
security/mac/mac_framework.c optional mac
security/mac/mac_inet.c optional mac inet | mac inet6
security/mac/mac_inet6.c optional mac inet6
++<<<<<<< HEAD
+security/mac/mac_jail.c optional mac pax_control_acl
++=======
++>>>>>>> upstream/main
security/mac/mac_label.c optional mac
security/mac/mac_net.c optional mac
security/mac/mac_pipe.c optional mac
diff --cc sys/conf/files.i386
index 559c8dd8d1f1,e668f9ff02d9..000000000000
mode 100644,100644..100755
--- a/sys/conf/files.i386
+++ b/sys/conf/files.i386
@@@ -211,7 -211,7 +211,11 @@@ i386/pci/pci_cfgreg.c optional pc
i386/pci/pci_pir.c optional pci
isa/syscons_isa.c optional sc
isa/vga_isa.c optional vga
++<<<<<<< HEAD
+kern/kern_clocksource.c standard
++=======
+ kern/imgact_aout.c optional compat_aout
++>>>>>>> upstream/main
kern/subr_sfbuf.c standard
libkern/divdi3.c standard
libkern/ffsll.c standard
diff --cc sys/conf/kern.mk
index 89e9909b5240,a162c018d9cf..000000000000
mode 100644,100644..100755
--- a/sys/conf/kern.mk
+++ b/sys/conf/kern.mk
@@@ -219,11 -219,33 +219,40 @@@ CFLAGS+= -fwrap
CFLAGS+= -fstack-protector
.endif
++<<<<<<< HEAD
+.if defined(MK_RETPOLINE) && ${MK_RETPOLINE} != "no"
++=======
+ #
+ # Retpoline speculative execution vulnerability mitigation (CVE-2017-5715)
+ #
+ .if defined(COMPILER_FEATURES) && ${COMPILER_FEATURES:Mretpoline} != "" && \
+ ${MK_KERNEL_RETPOLINE} != "no"
++>>>>>>> upstream/main
CFLAGS+= -mretpoline
.endif
#
++<<<<<<< HEAD
++=======
+ # Initialize stack variables on function entry
+ #
+ .if ${MK_INIT_ALL_ZERO} == "yes"
+ .if ${COMPILER_FEATURES:Minit-all}
+ CFLAGS+= -ftrivial-auto-var-init=zero \
+ -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+ .else
+ .warning InitAll (zeros) requested but not support by compiler
+ .endif
+ .elif ${MK_INIT_ALL_PATTERN} == "yes"
+ .if ${COMPILER_FEATURES:Minit-all}
+ CFLAGS+= -ftrivial-auto-var-init=pattern
+ .else
+ .warning InitAll (pattern) requested but not support by compiler
+ .endif
+ .endif
+
+ #
++>>>>>>> upstream/main
# Add -gdwarf-2 when compiling -g. The default starting in clang v3.4
# and gcc 4.8 is to generate DWARF version 4. However, our tools don't
# cope well with DWARF 4, so force it to genereate DWARF2, which they
diff --cc sys/conf/kern.opts.mk
index c60f3e0a3ebc,5a66849b36da..000000000000
mode 100644,100644..100755
--- a/sys/conf/kern.opts.mk
+++ b/sys/conf/kern.opts.mk
@@@ -52,6 -52,8 +52,11 @@@ __DEFAULT_YES_OPTIONS =
__DEFAULT_NO_OPTIONS = \
BHYVE_SNAPSHOT \
EXTRA_TCP_STACKS \
++<<<<<<< HEAD
++=======
+ INIT_ALL_PATTERN \
+ INIT_ALL_ZERO \
++>>>>>>> upstream/main
KERNEL_RETPOLINE \
OFED \
RATELIMIT \
@@@ -91,10 -93,9 +96,16 @@@ BROKEN_OPTIONS+= ZF
BROKEN_OPTIONS+= OFED
.endif
++<<<<<<< HEAD
+.if ${MACHINE_CPUARCH} == "amd64"
+__DEFAULT_YES_OPTIONS+= RETPOLINE
+.else
+__DEFAULT_NO_OPTIONS+= RETPOLINE
++=======
+ # Things that don't work based on toolchain support.
+ .if ${MACHINE} != "i386" && ${MACHINE} != "amd64"
+ BROKEN_OPTIONS+= KERNEL_RETPOLINE
++>>>>>>> upstream/main
.endif
# EFI doesn't exist on mips, powerpc, or riscv.
diff --cc sys/conf/kmod.mk
index e65926f0c09f,b19d911604c3..000000000000
mode 100644,100644..100755
--- a/sys/conf/kmod.mk
+++ b/sys/conf/kmod.mk
@@@ -154,10 -154,6 +154,13 @@@ CFLAGS+= -fno-omit-frame-pointer -mno-o
CFLAGS+= -fPIC
.endif
++<<<<<<< HEAD
+.if defined(MK_RETPOLINE) && ${MK_RETPOLINE} != "no"
+CFLAGS+= -mretpoline
+.endif
+
++=======
++>>>>>>> upstream/main
# Temporary workaround for PR 196407, which contains the fascinating details.
# Don't allow clang to use fpu instructions or registers in kernel modules.
.if ${MACHINE_CPUARCH} == arm
diff --cc sys/conf/newvers.sh
index 172697b65873,8e41fcfa94a3..000000000000
mode 100644,100644..100755
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@@ -58,7 -58,6 +58,10 @@@ BRANCH="CURRENT
if [ -n "${BRANCH_OVERRIDE}" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
++<<<<<<< HEAD
+BRANCH="${BRANCH}-HBSD"
++=======
++>>>>>>> upstream/main
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"
@@@ -321,18 -320,12 +324,27 @@@ if [ -n "$hg_cmd" ] ; the
fi
fi
++<<<<<<< HEAD
+if [ -n "${HBSD_EXTRA}" ] ; then
+ hbsdv=" [${HBSD_EXTRA}]"
+else
+ hbsdv=" "
+fi
+
+[ ${include_metadata} = "if-modified" -a ${modified} = "yes" ] && include_metadata=yes
+if [ ${include_metadata} != "yes" ]; then
+ VERINFO="${VERSION}${hbsdv}${svn}${git}${hg} ${i}"
+ VERSTR="${VERINFO}\\n"
+else
+ VERINFO="${VERSION} #${v}${hbsdv}${svn}${git}${hg}: ${t}"
++=======
+ [ ${include_metadata} = "if-modified" -a ${modified} = "yes" ] && include_metadata=yes
+ if [ ${include_metadata} != "yes" ]; then
+ VERINFO="${VERSION}${svn}${git}${hg} ${i}"
+ VERSTR="${VERINFO}\\n"
+ else
+ VERINFO="${VERSION} #${v}${svn}${git}${hg}: ${t}"
++>>>>>>> upstream/main
VERSTR="${VERINFO}\\n ${u}@${h}:${d}\\n"
fi
diff --cc sys/conf/options
index 6511d43a015a,24f984930dc2..000000000000
mode 100644,100644..100755
--- a/sys/conf/options
+++ b/sys/conf/options
@@@ -781,9 -781,6 +781,12 @@@ VT_TWOBUTTON_MOUSE opt_syscons.
DEV_SC opt_syscons.h
DEV_VT opt_syscons.h
++<<<<<<< HEAD
+# kbdmux options
+KBDMUX_DFLT_KEYMAP opt_kbdmux.h
+
++=======
++>>>>>>> upstream/main
# teken terminal emulator options
TEKEN_CONS25 opt_teken.h
TEKEN_UTF8 opt_teken.h
@@@ -803,6 -800,8 +806,11 @@@ KBD_MAXWAIT opt_kbd.
KBD_RESETDELAY opt_kbd.h
KBDIO_DEBUG opt_kbd.h
++<<<<<<< HEAD
++=======
+ KBDMUX_DFLT_KEYMAP opt_kbdmux.h
+
++>>>>>>> upstream/main
# options for the Atheros driver
ATH_DEBUG opt_ath.h
ATH_TXBUF opt_ath.h
@@@ -964,35 -963,6 +972,38 @@@ RACCT_DEFAULT_TO_DISABLED opt_global.
# Resource Limits
RCTL opt_global.h
++<<<<<<< HEAD
+# PaX-inspired hardening features
+PAX opt_pax.h
+PAX_ASLR opt_pax.h
+PAX_SYSCTLS opt_pax.h
+PAX_SEGVGUARD opt_pax.h
+PAX_HARDENING opt_pax.h
+PAX_NOEXEC opt_pax.h
+PAX_INSECURE_MODE opt_pax.h
+PAX_CONTROL_ACL opt_pax.h
+PAX_CONTROL_ACL_OVERRIDE_SUPPORT opt_pax.h
+PAX_CONTROL_EXTATTR opt_pax.h
+PAX_JAIL_SUPPORT opt_pax.h
+HBSD_DEBUG opt_pax.h
+
+# ASLR overwritable defaults
+PAX_ASLR_DELTA_MMAP_DEF_LEN opt_pax.h
+PAX_ASLR_DELTA_STACK_DEF_LEN opt_pax.h
+PAX_ASLR_DELTA_VDSO_DEF_LEN opt_pax.h
+PAX_ASLR_DELTA_EXEC_DEF_LEN opt_pax.h
+PAX_ASLR_COMPAT_DELTA_MMAP_DEF_LEN opt_pax.h
+PAX_ASLR_COMPAT_DELTA_STACK_DEF_LEN opt_pax.h
+PAX_ASLR_COMPAT_DELTA_EXEC_DEF_LEN opt_pax.h
+PAX_ASLR_COMPAT_DELTA_VDSO_DEF_LEN opt_pax.h
+PAX_ASLR_DELTA_MMAP_LSB opt_pax.h
+PAX_ASLR_DELTA_STACK_LSB opt_pax.h
+PAX_ASLR_DELTA_STACK_WITH_GAP_LSB opt_pax.h
+PAX_ASLR_DELTA_EXEC_LSB opt_pax.h
+PAX_ASLR_DELTA_VDSO_LSB opt_pax.h
+
++=======
++>>>>>>> upstream/main
# Random number generator(s)
# Alternative RNG algorithm.
RANDOM_FENESTRASX opt_global.h
diff --cc sys/conf/options.amd64
index 6f6b07c6273e,cd90747ba732..000000000000
mode 100644,100644..100755
--- a/sys/conf/options.amd64
+++ b/sys/conf/options.amd64
@@@ -67,11 -67,5 +67,14 @@@ XENHVM opt_global.
# options for the Intel C600 SAS driver (isci)
ISCI_LOGGING opt_isci.h
++<<<<<<< HEAD
+# HardenedBSD ASLR options
+PAX_ASLR_DELTA_MAP32BIT_DEF_LEN opt_pax.h
+PAX_ASLR_DELTA_MAP32BIT_MIN_LEN opt_pax.h
+PAX_ASLR_DELTA_MAP32BIT_MAX_LEN opt_pax.h
+PAX_ASLR_DELTA_MAP32BIT_LSB opt_pax.h
+
++=======
++>>>>>>> upstream/main
# EFI Runtime services support
EFIRT opt_efirt.h
diff --cc sys/conf/options.arm64
index 6817ac5e88c3,db6550ad3ae7..000000000000
mode 100644,100644..100755
--- a/sys/conf/options.arm64
+++ b/sys/conf/options.arm64
@@@ -30,9 -30,3 +30,12 @@@ SOC_NXP_LS opt_soc.
SOC_ROCKCHIP_RK3328 opt_soc.h
SOC_ROCKCHIP_RK3399 opt_soc.h
SOC_XILINX_ZYNQ opt_soc.h
++<<<<<<< HEAD
+
+# HardenedBSD ASLR options
+PAX_ASLR_DELTA_MAP32BIT_DEF_LEN opt_pax.h
+PAX_ASLR_DELTA_MAP32BIT_MIN_LEN opt_pax.h
+PAX_ASLR_DELTA_MAP32BIT_MAX_LEN opt_pax.h
+PAX_ASLR_DELTA_MAP32BIT_LSB opt_pax.h
++=======
++>>>>>>> upstream/main
diff --cc sys/conf/options.i386
index 39d046861a92,73957449413f..000000000000
mode 100644,100644..100755
--- a/sys/conf/options.i386
+++ b/sys/conf/options.i386
@@@ -21,6 -21,7 +21,10 @@@ PV_STATS opt_pmap.
# Options for emulators. These should only be used at config time, so
# they are handled like options for static filesystems
# (see src/sys/conf/options), except for broken debugging options.
++<<<<<<< HEAD
++=======
+ COMPAT_AOUT opt_dontuse.h
++>>>>>>> upstream/main
COMPAT_LINUX opt_dontuse.h
LINPROCFS opt_dontuse.h
LINSYSFS opt_dontuse.h
diff --cc sys/contrib/openzfs/lib/libzfs/os/freebsd/libzfs_compat.c
index 309af4168a91,2de90c7ceea5..000000000000
mode 100644,100644..100755
--- a/sys/contrib/openzfs/lib/libzfs/os/freebsd/libzfs_compat.c
+++ b/sys/contrib/openzfs/lib/libzfs/os/freebsd/libzfs_compat.c
@@@ -212,20 -212,11 +212,26 @@@ zfs_ioctl(libzfs_handle_t *hdl, int req
int
libzfs_load_module(void)
{
++<<<<<<< HEAD
+
+ if (getuid()) {
+ /*
+ * HBSD: KLD-related syscalls require a privileged
+ * account.
+ */
+ return (0);
+ }
++=======
++>>>>>>> upstream/main
/*
* XXX: kldfind(ZFS_KMOD) would be nice here, but we retain
* modfind("zfs") so out-of-base openzfs userland works with the
* in-base module.
*/
++<<<<<<< HEAD
+
++=======
++>>>>>>> upstream/main
if (modfind("zfs") < 0) {
/* Not present in kernel, try loading it. */
if (kldload(ZFS_KMOD) < 0 && errno != EEXIST) {
diff --cc sys/ddb/db_ps.c
index e7b7929a2353,df2db88e97a1..000000000000
mode 100644,100644..100755
--- a/sys/ddb/db_ps.c
+++ b/sys/ddb/db_ps.c
@@@ -33,14 -33,12 +33,20 @@@
__FBSDID("$FreeBSD$");
#include "opt_kstack_pages.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/cons.h>
#include <sys/jail.h>
#include <sys/kdb.h>
#include <sys/kernel.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/sysent.h>
#include <sys/systm.h>
@@@ -370,9 -368,6 +376,12 @@@ DB_SHOW_COMMAND(thread, db_show_thread
(void *)(td->td_kstack + td->td_kstack_pages * PAGE_SIZE - 1));
db_printf(" flags: %#x ", td->td_flags);
db_printf(" pflags: %#x\n", td->td_pflags);
++<<<<<<< HEAD
+#ifdef PAX
+ pax_db_printf_flags_td(td, PAX_LOG_DEFAULT);
+#endif
++=======
++>>>>>>> upstream/main
db_printf(" state: ");
switch (td->td_state) {
case TDS_INACTIVE:
@@@ -497,9 -492,6 +506,12 @@@ DB_SHOW_COMMAND(proc, db_show_proc
dump_args(p);
db_printf("\n");
}
++<<<<<<< HEAD
+#ifdef PAX
+ pax_db_printf_flags(p, PAX_LOG_DEFAULT);
+#endif
++=======
++>>>>>>> upstream/main
db_printf(" reaper: %p reapsubtree: %d\n",
p->p_reaper, p->p_reapsubtree);
db_printf(" sigparent: %d\n", p->p_sigparent);
diff --cc sys/dev/kbd/kbd.c
index 6abd986ded30,fd996f7a06ad..000000000000
mode 100644,100644..100755
--- a/sys/dev/kbd/kbd.c
+++ b/sys/dev/kbd/kbd.c
@@@ -31,7 -31,6 +31,10 @@@
__FBSDID("$FreeBSD$");
#include "opt_kbd.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/systm.h>
@@@ -85,13 -84,7 +88,17 @@@ static int keyboards = 1
static keyboard_t *kbd_ini;
static keyboard_t **keyboard = &kbd_ini;
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+/* Only root should be able to change keyboard mapping */
+static int keymap_restrict_change = 4;
+#else
static int keymap_restrict_change;
+#endif
+
++=======
++static int keymap_restrict_change;
++>>>>>>> upstream/main
static SYSCTL_NODE(_hw, OID_AUTO, kbd, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
"kbd");
SYSCTL_INT(_hw_kbd, OID_AUTO, keymap_restrict_change, CTLFLAG_RW,
diff --cc sys/dev/netmap/netmap_freebsd.c
index ef6d062c9b83,e37815dc88d5..000000000000
mode 100644,100644..100755
--- a/sys/dev/netmap/netmap_freebsd.c
+++ b/sys/dev/netmap/netmap_freebsd.c
@@@ -51,7 -51,6 +51,10 @@@
#include <vm/uma.h>
++<<<<<<< HEAD
+#include <sys/jail.h>
++=======
++>>>>>>> upstream/main
#include <sys/malloc.h>
#include <sys/socket.h> /* sockaddrs */
#include <sys/selinfo.h>
diff --cc sys/dev/random/fortuna.c
index 3f79bf214643,5b6a8a36c16d..000000000000
mode 100644,100644..100755
--- a/sys/dev/random/fortuna.c
+++ b/sys/dev/random/fortuna.c
@@@ -39,9 -39,6 +39,12 @@@ __FBSDID("$FreeBSD$")
#include <sys/limits.h>
#ifdef _KERNEL
++<<<<<<< HEAD
+
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#include <sys/fail.h>
#include <sys/kernel.h>
#include <sys/lock.h>
diff --cc sys/dev/sound/pcm/dsp.c
index 8ec818a2cff5,0593a585b0fd..000000000000
mode 100644,100644..100755
--- a/sys/dev/sound/pcm/dsp.c
+++ b/sys/dev/sound/pcm/dsp.c
@@@ -45,6 -45,11 +45,14 @@@
SND_DECLARE_FILE("$FreeBSD$");
++<<<<<<< HEAD
++=======
+ static int dsp_mmap_allow_prot_exec = 0;
+ SYSCTL_INT(_hw_snd, OID_AUTO, compat_linux_mmap, CTLFLAG_RWTUN,
+ &dsp_mmap_allow_prot_exec, 0,
+ "linux mmap compatibility (-1=force disable 0=auto 1=force enable)");
+
++>>>>>>> upstream/main
static int dsp_basename_clone = 1;
SYSCTL_INT(_hw_snd, OID_AUTO, basename_clone, CTLFLAG_RWTUN,
&dsp_basename_clone, 0,
@@@ -2222,7 -2227,21 +2230,25 @@@ dsp_mmap_single(struct cdev *i_dev, vm_
struct snddev_info *d;
struct pcm_channel *wrch, *rdch, *c;
++<<<<<<< HEAD
+ if (nprot & PROT_EXEC)
++=======
+ /*
+ * Reject PROT_EXEC by default. It just doesn't makes sense.
+ * Unfortunately, we have to give up this one due to linux_mmap
+ * changes.
+ *
+ * https://lists.freebsd.org/pipermail/freebsd-emulation/2007-June/003698.html
+ *
+ */
+ #ifdef SV_ABI_LINUX
+ if ((nprot & PROT_EXEC) && (dsp_mmap_allow_prot_exec < 0 ||
+ (dsp_mmap_allow_prot_exec == 0 &&
+ SV_CURPROC_ABI() != SV_ABI_LINUX)))
+ #else
+ if ((nprot & PROT_EXEC) && dsp_mmap_allow_prot_exec < 1)
+ #endif
++>>>>>>> upstream/main
return (EINVAL);
/*
diff --cc sys/dev/sound/pcm/mixer.c
index e79b74291721,09b0bb8ab148..000000000000
mode 100644,100644..100755
--- a/sys/dev/sound/pcm/mixer.c
+++ b/sys/dev/sound/pcm/mixer.c
@@@ -83,7 -83,7 +83,11 @@@ static u_int16_t snd_mixerdefaults[SOUN
[SOUND_MIXER_PCM] = 75,
[SOUND_MIXER_SPEAKER] = 75,
[SOUND_MIXER_LINE] = 75,
++<<<<<<< HEAD
+ [SOUND_MIXER_MIC] = 0,
++=======
+ [SOUND_MIXER_MIC] = 25,
++>>>>>>> upstream/main
[SOUND_MIXER_CD] = 75,
[SOUND_MIXER_IGAIN] = 0,
[SOUND_MIXER_LINE1] = 75,
diff --cc sys/fs/procfs/procfs_dbregs.c
index f8b07c9bad06,8d2206d2995c..000000000000
mode 100644,100644..100755
--- a/sys/fs/procfs/procfs_dbregs.c
+++ b/sys/fs/procfs/procfs_dbregs.c
@@@ -45,13 -45,10 +45,19 @@@
* $FreeBSD$
*/
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/lock.h>
#include <sys/mutex.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/ptrace.h>
#include <sys/sysent.h>
@@@ -126,17 -123,11 +132,25 @@@ procfs_doprocdbregs(PFS_FILL_ARGS
PROC_LOCK(p);
}
if (error == 0 && uio->uio_rw == UIO_WRITE) {
++<<<<<<< HEAD
+ if (!P_SHOULDSTOP(p)) /* XXXKSE should be P_TRACED? */ {
+ error = EBUSY;
+ }
+#ifdef PAX_HARDENING
+ else if ((error = pax_procfs_harden(td2)) == 0) {
+#else
+ else {
+#endif
+ /* XXXKSE: */
+ error = PROC(write, dbregs, td2, &r);
+ }
++=======
+ if (!P_SHOULDSTOP(p)) /* XXXKSE should be P_TRACED? */
+ error = EBUSY;
+ else
+ /* XXXKSE: */
+ error = PROC(write, dbregs, td2, &r);
++>>>>>>> upstream/main
}
PROC_UNLOCK(p);
diff --cc sys/fs/procfs/procfs_fpregs.c
index 35a37097b99a,9675030df3c0..000000000000
mode 100644,100644..100755
--- a/sys/fs/procfs/procfs_fpregs.c
+++ b/sys/fs/procfs/procfs_fpregs.c
@@@ -39,13 -39,10 +39,19 @@@
* $FreeBSD$
*/
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/lock.h>
#include <sys/mutex.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/ptrace.h>
#include <sys/sysent.h>
@@@ -124,17 -121,11 +130,25 @@@ procfs_doprocfpregs(PFS_FILL_ARGS
PROC_LOCK(p);
}
if (error == 0 && uio->uio_rw == UIO_WRITE) {
++<<<<<<< HEAD
+ if (!P_SHOULDSTOP(p)) {
+ error = EBUSY;
+ }
+#ifdef PAX_HARDENING
+ else if ((error = pax_procfs_harden(td2)) == 0) {
+#else
+ else {
+#endif
+ /* XXXKSE: */
+ error = PROC(write, fpregs, td2, &r);
+ }
++=======
+ if (!P_SHOULDSTOP(p))
+ error = EBUSY;
+ else
+ /* XXXKSE: */
+ error = PROC(write, fpregs, td2, &r);
++>>>>>>> upstream/main
}
PROC_UNLOCK(p);
diff --cc sys/fs/procfs/procfs_mem.c
index c24d264ca75e,59f039064d09..000000000000
mode 100644,100644..100755
--- a/sys/fs/procfs/procfs_mem.c
+++ b/sys/fs/procfs/procfs_mem.c
@@@ -38,12 -38,9 +38,18 @@@
* $FreeBSD$
*/
++<<<<<<< HEAD
+#include "opt_pax.h"
+
#include <sys/param.h>
#include <sys/lock.h>
#include <sys/mutex.h>
+#include <sys/pax.h>
++=======
++#include <sys/param.h>
++#include <sys/lock.h>
++#include <sys/mutex.h>
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/ptrace.h>
#include <sys/systm.h>
@@@ -68,10 -65,6 +74,13 @@@ procfs_doprocmem(PFS_FILL_ARGS
PROC_LOCK(p);
error = p_candebug(td, p);
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+ if (error == 0)
+ error = pax_procfs_harden(td);
+#endif
++=======
++>>>>>>> upstream/main
PROC_UNLOCK(p);
if (error == 0)
error = proc_rwmem(p, uio);
diff --cc sys/fs/procfs/procfs_regs.c
index fcc9ffbd16fa,032141a9e32e..000000000000
mode 100644,100644..100755
--- a/sys/fs/procfs/procfs_regs.c
+++ b/sys/fs/procfs/procfs_regs.c
@@@ -39,13 -39,10 +39,19 @@@
* $FreeBSD$
*/
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/lock.h>
#include <sys/mutex.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/ptrace.h>
#include <sys/sysent.h>
@@@ -124,17 -121,11 +130,25 @@@ procfs_doprocregs(PFS_FILL_ARGS
PROC_LOCK(p);
}
if (error == 0 && uio->uio_rw == UIO_WRITE) {
++<<<<<<< HEAD
+ if (!P_SHOULDSTOP(p)) {
+ error = EBUSY;
+ }
+#ifdef PAX_HARDENING
+ else if ((error = pax_procfs_harden(td2)) == 0) {
+#else
+ else {
+#endif
+ /* XXXKSE: */
+ error = PROC(write, regs, td2, &r);
+ }
++=======
+ if (!P_SHOULDSTOP(p))
+ error = EBUSY;
+ else
+ /* XXXKSE: */
+ error = PROC(write, regs, td2, &r);
++>>>>>>> upstream/main
}
PROC_UNLOCK(p);
diff --cc sys/fs/tmpfs/tmpfs.h
index e07469936a57,beded9cd5455..000000000000
mode 100644,100644..100755
--- a/sys/fs/tmpfs/tmpfs.h
+++ b/sys/fs/tmpfs/tmpfs.h
@@@ -131,28 -131,6 +131,31 @@@ RB_HEAD(tmpfs_dir, tmpfs_dirent)
(TMPFS_DIRCOOKIE_DUP | TMPFS_DIRCOOKIE_MASK)
/*
++<<<<<<< HEAD
+ * Extended attribute support.
+ *
+ * A good portion of this support is based upon the UFS
+ * implementation. Stand on the shoulders of giants. This
+ * implementation aims to only provide support for applying extended
+ * attributes to files (VREG).
+ */
+
+#define TMPFS_EXTATTR_MAXNAME 33 /* Includes terminating NUL */
+#define TMPFS_EXTATTR_MAXVALUESIZE 64
+
+struct tmpfs_extattr_list_entry {
+ LIST_ENTRY(tmpfs_extattr_list_entry) tele_entries;
+ int tele_attrnamespace;
+ char tele_attrname[TMPFS_EXTATTR_MAXNAME];
+ void *tele_value;
+ size_t tele_value_size;
+};
+
+LIST_HEAD(tmpfs_extattr_list_head, tmpfs_extattr_list_entry);
+
+/*
++=======
++>>>>>>> upstream/main
* Internal representation of a tmpfs file system node.
*
* This structure is splitted in two parts: one holds attributes common
@@@ -316,12 -294,6 +319,15 @@@ struct tmpfs_node
*/
vm_object_t tn_aobj; /* (c) */
struct tmpfs_mount *tn_tmp; /* (c) */
++<<<<<<< HEAD
+
+ /*
+ * The extended attributes list, which may be
+ * empty.
+ */
+ struct tmpfs_extattr_list_head tn_extattr_list; /* (i) */
++=======
++>>>>>>> upstream/main
} tn_reg;
} tn_spec; /* (v) */
};
diff --cc sys/fs/tmpfs/tmpfs_subr.c
index 93b586259025,e285f8d57989..000000000000
mode 100644,100644..100755
--- a/sys/fs/tmpfs/tmpfs_subr.c
+++ b/sys/fs/tmpfs/tmpfs_subr.c
@@@ -333,7 -333,6 +333,10 @@@ tmpfs_alloc_node(struct mount *mp, stru
break;
case VREG:
++<<<<<<< HEAD
+ LIST_INIT(&(nnode->tn_reg.tn_extattr_list));
++=======
++>>>>>>> upstream/main
obj = nnode->tn_reg.tn_aobj =
vm_pager_allocate(OBJT_SWAP, NULL, 0, VM_PROT_DEFAULT, 0,
NULL /* XXXKIB - tmpfs needs swap reservation */);
@@@ -382,7 -381,6 +385,10 @@@ boo
tmpfs_free_node_locked(struct tmpfs_mount *tmp, struct tmpfs_node *node,
bool detach)
{
++<<<<<<< HEAD
+ struct tmpfs_extattr_list_entry *attr, *tattr;
++=======
++>>>>>>> upstream/main
vm_object_t uobj;
bool last;
@@@ -423,11 -421,6 +429,14 @@@
break;
case VREG:
++<<<<<<< HEAD
+ LIST_FOREACH_SAFE(attr, &(node->tn_reg.tn_extattr_list),
+ tele_entries, tattr) {
+ free(attr->tele_value, M_TEMP);
+ free(attr, M_TEMP);
+ }
++=======
++>>>>>>> upstream/main
uobj = node->tn_reg.tn_aobj;
if (uobj != NULL) {
if (uobj->size != 0)
diff --cc sys/fs/tmpfs/tmpfs_vnops.c
index 2505a6c586f1,9c0eba42d317..000000000000
mode 100644,100644..100755
--- a/sys/fs/tmpfs/tmpfs_vnops.c
+++ b/sys/fs/tmpfs/tmpfs_vnops.c
@@@ -41,7 -41,6 +41,10 @@@ __FBSDID("$FreeBSD$")
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/dirent.h>
++<<<<<<< HEAD
+#include <sys/extattr.h>
++=======
++>>>>>>> upstream/main
#include <sys/fcntl.h>
#include <sys/file.h>
#include <sys/limits.h>
@@@ -76,23 -75,6 +79,26 @@@ SYSCTL_INT(_vfs_tmpfs, OID_AUTO, rename
__DEVOLATILE(int *, &tmpfs_rename_restarts), 0,
"Times rename had to restart due to lock contention");
++<<<<<<< HEAD
+static struct tmpfs_extattr_list_entry *tmpfs_node_has_extattr(
+ struct tmpfs_node *, int, const char *, bool);
+
+static int tmpfs_extattr_set(struct vnode *, int, const char *,
+ struct uio *, struct ucred *, struct thread *);
+
+static int tmpfs_extattr_get(struct vnode *, int, const char *,
+ struct uio *, size_t *, struct ucred *, struct thread *);
+
+static int tmpfs_listextattr(struct vop_listextattr_args *);
+
+static int tmpfs_extattr_list(struct vnode *, int, struct uio *,
+ size_t *, struct ucred *, struct thread *);
+
+static int tmpfs_extattr_delete(struct vnode *, int, const char *,
+ struct ucred *, struct thread *);
+
++=======
++>>>>>>> upstream/main
static int
tmpfs_vn_get_ino_alloc(struct mount *mp, void *arg, int lkflags,
struct vnode **rvp)
@@@ -1787,264 -1769,6 +1793,267 @@@ restart
return (ENOENT);
}
++<<<<<<< HEAD
+static struct tmpfs_extattr_list_entry *
+tmpfs_node_has_extattr(struct tmpfs_node *node, int attrnamespace,
+ const char *name, bool dolock)
+{
+ struct tmpfs_extattr_list_entry *entry, *tentry;
+
+ entry = NULL;
+
+ if (dolock) {
+ TMPFS_NODE_LOCK(node);
+ }
+ LIST_FOREACH_SAFE(entry, &(node->tn_reg.tn_extattr_list),
+ tele_entries, tentry) {
+ if (attrnamespace != entry->tele_attrnamespace) {
+ continue;
+ }
+
+ if (!strcmp(name, entry->tele_attrname)) {
+ break;
+ }
+ }
+ if (dolock) {
+ TMPFS_NODE_UNLOCK(node);
+ }
+
+ return (entry);
+}
+
+static int
+tmpfs_getextattr(struct vop_getextattr_args *ap)
+{
+
+ return (tmpfs_extattr_get(ap->a_vp, ap->a_attrnamespace,
+ ap->a_name, ap->a_uio, ap->a_size, ap->a_cred, ap->a_td));
+}
+
+static int
+tmpfs_extattr_get(struct vnode *vp, int attrnamespace, const char *name,
+ struct uio *uio, size_t *size, struct ucred *cred, struct thread *td)
+{
+ struct tmpfs_extattr_list_entry *attr;
+ struct tmpfs_node *node;
+ size_t len;
+ int error;
+
+ if (vp->v_type != VREG) {
+ return (EOPNOTSUPP);
+ }
+
+ error = extattr_check_cred(vp, attrnamespace, cred, td, VREAD);
+ if (error) {
+ return (error);
+ }
+
+ node = VP_TO_TMPFS_NODE(vp);
+
+ attr = tmpfs_node_has_extattr(node, attrnamespace, name, true);
+ if (attr == NULL) {
+ return (ENOATTR);
+ }
+
+ if (size) {
+ *size = attr->tele_value_size;
+ }
+
+ if (uio != NULL) {
+ len = MIN(attr->tele_value_size, uio->uio_resid);
+ uio->uio_resid = len;
+ uio->uio_offset = 0;
+ error = uiomove(attr->tele_value, len, uio);
+ }
+
+ return (error);
+}
+
+static int
+tmpfs_setextattr(struct vop_setextattr_args *ap)
+{
+
+ return (tmpfs_extattr_set(ap->a_vp, ap->a_attrnamespace,
+ ap->a_name, ap->a_uio, ap->a_cred, ap->a_td));
+}
+
+static int
+tmpfs_extattr_set(struct vnode *vp, int attrnamespace, const char *name,
+ struct uio *uio, struct ucred *cred, struct thread *td)
+{
+ struct tmpfs_extattr_list_entry *attr;
+ struct tmpfs_node *node;
+ size_t sz;
+ int error;
+
+ if (vp->v_type != VREG) {
+ return (EOPNOTSUPP);
+ }
+
+ error = extattr_check_cred(vp, attrnamespace, cred, td, VWRITE);
+ if (error) {
+ return (error);
+ }
+
+ if (uio->uio_resid > TMPFS_EXTATTR_MAXVALUESIZE) {
+ return (EINVAL);
+ }
+
+ if (strlen(name) == 0) {
+ return (EINVAL);
+ }
+
+ if (strlen(name) >= TMPFS_EXTATTR_MAXNAME) {
+ return (EINVAL);
+ }
+
+ node = VP_TO_TMPFS_NODE(vp);
+
+ attr = tmpfs_node_has_extattr(node, attrnamespace, name, true);
+ if (attr == NULL) {
+ sz = MIN(TMPFS_EXTATTR_MAXVALUESIZE, uio->uio_resid);
+ attr = malloc(sizeof(*attr), M_TEMP, M_WAITOK|M_ZERO);
+
+ attr->tele_value = malloc(sz, M_TEMP, M_WAITOK);
+ attr->tele_value_size = sz;
+ attr->tele_attrnamespace = attrnamespace;
+ strncpy(attr->tele_attrname, name,
+ sizeof(attr->tele_attrname)-1);
+
+ uiomove(attr->tele_value, sz, uio);
+
+ TMPFS_NODE_LOCK(node);
+ LIST_INSERT_HEAD(&(node->tn_reg.tn_extattr_list),
+ attr, tele_entries);
+ TMPFS_NODE_UNLOCK(node);
+ }
+
+ return (0);
+}
+
+static int
+tmpfs_listextattr(struct vop_listextattr_args *ap)
+{
+
+ return tmpfs_extattr_list(ap->a_vp, ap->a_attrnamespace,
+ ap->a_uio, ap->a_size, ap->a_cred, ap->a_td);
+}
+
+static int
+tmpfs_extattr_list(struct vnode *vp, int attrnamespace, struct uio *uio,
+ size_t *size, struct ucred *cred, struct thread *td)
+{
+ struct tmpfs_extattr_list_entry *attr, *tattr;
+ struct tmpfs_node *node;
+ size_t namelen;
+ uint8_t namelen8;
+ int error;
+
+ if (vp->v_type != VREG) {
+ return (EOPNOTSUPP);
+ }
+
+ error = extattr_check_cred(vp, attrnamespace, cred, td, VREAD);
+ if (error) {
+ return (error);
+ }
+
+ node = VP_TO_TMPFS_NODE(vp);
+
+ if (size) {
+ *size = 0;
+ }
+
+ TMPFS_NODE_LOCK(node);
+ LIST_FOREACH_SAFE(attr, &(node->tn_reg.tn_extattr_list),
+ tele_entries, tattr) {
+ if (attr->tele_attrnamespace != attrnamespace) {
+ continue;
+ }
+
+ namelen = strlen(attr->tele_attrname);
+ if (size) {
+ *size += namelen + sizeof(namelen8);
+ } else if (uio != NULL) {
+ namelen8 = namelen;
+ TMPFS_NODE_UNLOCK(node);
+ error = uiomove(&namelen8, sizeof(namelen8), uio);
+ if (error) {
+ TMPFS_NODE_LOCK(node);
+ break;
+ }
+ error = uiomove(attr->tele_attrname, namelen, uio);
+ if (error) {
+ TMPFS_NODE_LOCK(node);
+ break;
+ }
+ TMPFS_NODE_LOCK(node);
+ }
+
+ if (error) {
+ break;
+ }
+ }
+ TMPFS_NODE_UNLOCK(node);
+
+ return (error);
+}
+
+static int
+tmpfs_extattr_delete(struct vnode *vp, int attrnamespace, const char *name,
+ struct ucred *cred, struct thread *td)
+{
+ struct tmpfs_extattr_list_entry *attr;
+ struct tmpfs_node *node;
+ int error;
+
+ if (vp->v_type != VREG) {
+ return (EOPNOTSUPP);
+ }
+
+ error = extattr_check_cred(vp, attrnamespace, cred, td, VWRITE);
+ if (error) {
+ return (error);
+ }
+
+ node = VP_TO_TMPFS_NODE(vp);
+
+ TMPFS_NODE_LOCK(node);
+ attr = tmpfs_node_has_extattr(node, attrnamespace, name, false);
+ if (attr == NULL) {
+ TMPFS_NODE_UNLOCK(node);
+ return (EINVAL);
+ }
+
+ LIST_REMOVE(attr, tele_entries);
+ TMPFS_NODE_UNLOCK(node);
+
+ free(attr->tele_value, M_TEMP);
+ memset(attr, 0, sizeof(*attr));
+ free(attr, M_TEMP);
+
+ return (0);
+}
+
+static int
+tmpfs_deleteextattr(struct vop_deleteextattr_args *ap)
+/*
+vop_deleteextattr {
+ IN struct vnode *a_vp;
+ IN int a_attrnamespace;
+ IN const char *a_name;
+ IN struct ucred *a_cred;
+ IN struct thread *a_td;
+}
+*/
+{
+
+ return (tmpfs_extattr_delete(ap->a_vp, ap->a_attrnamespace, ap->a_name,
+ ap->a_cred, ap->a_td));
+}
+
++=======
++>>>>>>> upstream/main
/*
* Vnode operations vector used for files stored in a tmpfs file system.
*/
@@@ -2061,10 -1785,6 +2070,13 @@@ struct vop_vector tmpfs_vnodeop_entrie
.vop_stat = tmpfs_stat,
.vop_getattr = tmpfs_getattr,
.vop_setattr = tmpfs_setattr,
++<<<<<<< HEAD
+ .vop_getextattr = tmpfs_getextattr,
+ .vop_setextattr = tmpfs_setextattr,
+ .vop_listextattr = tmpfs_listextattr,
+ .vop_deleteextattr = tmpfs_deleteextattr,
++=======
++>>>>>>> upstream/main
.vop_read = tmpfs_read,
.vop_read_pgcache = tmpfs_read_pgcache,
.vop_write = tmpfs_write,
diff --cc sys/geom/geom_kern.c
index e528228f21e0,e06824afc9fd..000000000000
mode 100644,100644..100755
--- a/sys/geom/geom_kern.c
+++ b/sys/geom/geom_kern.c
@@@ -208,18 -208,18 +208,33 @@@ SYSCTL_NODE(_kern, OID_AUTO, geom, CTLF
"GEOMetry management");
SYSCTL_PROC(_kern_geom, OID_AUTO, confxml,
++<<<<<<< HEAD
+ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_NEEDGIANT | CTLFLAG_ROOTONLY,
+ 0, 0, sysctl_kern_geom_confxml, "",
+ "Dump the GEOM config in XML");
+
+SYSCTL_PROC(_kern_geom, OID_AUTO, confdot,
+ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_NEEDGIANT | CTLFLAG_ROOTONLY,
+ 0, 0, sysctl_kern_geom_confdot, "",
+ "Dump the GEOM config in dot");
+
+SYSCTL_PROC(_kern_geom, OID_AUTO, conftxt,
+ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_NEEDGIANT | CTLFLAG_ROOTONLY,
+ 0, 0, sysctl_kern_geom_conftxt, "",
++=======
+ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_NEEDGIANT, 0, 0,
+ sysctl_kern_geom_confxml, "",
+ "Dump the GEOM config in XML");
+
+ SYSCTL_PROC(_kern_geom, OID_AUTO, confdot,
+ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_NEEDGIANT, 0, 0,
+ sysctl_kern_geom_confdot, "",
+ "Dump the GEOM config in dot");
+
+ SYSCTL_PROC(_kern_geom, OID_AUTO, conftxt,
+ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_NEEDGIANT, 0, 0,
+ sysctl_kern_geom_conftxt, "",
++>>>>>>> upstream/main
"Dump the GEOM config in txt");
SYSCTL_INT(_kern_geom, OID_AUTO, debugflags, CTLFLAG_RWTUN,
diff --cc sys/i386/cloudabi32/cloudabi32_sysvec.c
index 3eb945832cc1,4f12d2b6cbce..000000000000
mode 100644,100644..100755
--- a/sys/i386/cloudabi32/cloudabi32_sysvec.c
+++ b/sys/i386/cloudabi32/cloudabi32_sysvec.c
@@@ -26,12 -26,9 +26,18 @@@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
++<<<<<<< HEAD
+#include "opt_pax.h"
+
+#include <sys/param.h>
+#include <sys/imgact.h>
+#include <sys/kernel.h>
+#include <sys/pax.h>
++=======
+ #include <sys/param.h>
+ #include <sys/imgact.h>
+ #include <sys/kernel.h>
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/sysent.h>
@@@ -197,7 -194,6 +203,10 @@@ static struct sysentvec cloudabi32_elf_
.sv_fetch_syscall_args = cloudabi32_fetch_syscall_args,
.sv_syscallnames = cloudabi32_syscallnames,
.sv_schedtail = cloudabi32_schedtail,
++<<<<<<< HEAD
+ .sv_pax_aslr_init = pax_aslr_init_vmspace32,
++=======
++>>>>>>> upstream/main
};
INIT_SYSENTVEC(elf_sysvec, &cloudabi32_elf_sysvec);
diff --cc sys/i386/conf/NOTES
index e23fd94c38f0,c086d0fc704e..000000000000
mode 100644,100644..100755
--- a/sys/i386/conf/NOTES
+++ b/sys/i386/conf/NOTES
@@@ -863,6 -863,9 +863,12 @@@ options NKPT=3
#####################################################################
# ABI Emulation
++<<<<<<< HEAD
++=======
+ # Enable (32-bit) a.out binary support
+ options COMPAT_AOUT
+
++>>>>>>> upstream/main
# Enable 32-bit runtime support for CloudABI binaries.
options COMPAT_CLOUDABI32
diff --cc sys/i386/i386/elf_machdep.c
index 39b681534667,0d870748967e..000000000000
mode 100644,100644..100755
--- a/sys/i386/i386/elf_machdep.c
+++ b/sys/i386/i386/elf_machdep.c
@@@ -29,7 -29,6 +29,10 @@@
__FBSDID("$FreeBSD$");
#include "opt_cpu.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/kernel.h>
@@@ -37,7 -36,6 +40,10 @@@
#include <sys/exec.h>
#include <sys/imgact.h>
#include <sys/linker.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/sysent.h>
#include <sys/imgact_elf.h>
@@@ -75,7 -73,7 +81,11 @@@ struct sysentvec elf32_freebsd_sysvec
.sv_setregs = exec_setregs,
.sv_fixlimit = NULL,
.sv_maxssiz = NULL,
++<<<<<<< HEAD
+ .sv_flags = SV_ABI_FREEBSD | SV_IA32 | SV_ILP32 |
++=======
+ .sv_flags = SV_ABI_FREEBSD | SV_ASLR | SV_IA32 | SV_ILP32 |
++>>>>>>> upstream/main
SV_SHP | SV_TIMEKEEP | SV_RNG_SEED_VER,
.sv_set_syscall_retval = cpu_set_syscall_retval,
.sv_fetch_syscall_args = cpu_fetch_syscall_args,
@@@ -85,7 -83,6 +95,10 @@@
.sv_schedtail = NULL,
.sv_thread_detach = NULL,
.sv_trap = NULL,
++<<<<<<< HEAD
+ .sv_pax_aslr_init = pax_aslr_init_vmspace,
++=======
++>>>>>>> upstream/main
};
INIT_SYSENTVEC(elf32_sysvec, &elf32_freebsd_sysvec);
diff --cc sys/i386/i386/machdep.c
index b561c52d15cd,e847d97b8bcf..000000000000
mode 100644,100644..100755
--- a/sys/i386/i386/machdep.c
+++ b/sys/i386/i386/machdep.c
@@@ -428,11 -428,11 +428,19 @@@ osendsig(sig_t catcher, ksiginfo_t *ksi
regs->tf_esp = (int)fp;
if (p->p_sysent->sv_sigcode_base != 0) {
++<<<<<<< HEAD
+ regs->tf_eip = p->p_sigcode_base + szsigcode -
+ szosigcode;
+ } else {
+ /* a.out sysentvec does not use shared page */
+ regs->tf_eip = p->p_psstrings - szosigcode;
++=======
+ regs->tf_eip = p->p_sysent->sv_sigcode_base + szsigcode -
+ szosigcode;
+ } else {
+ /* a.out sysentvec does not use shared page */
+ regs->tf_eip = p->p_sysent->sv_psstrings - szosigcode;
++>>>>>>> upstream/main
}
regs->tf_eflags &= ~(PSL_T | PSL_D);
regs->tf_cs = _ucodesel;
@@@ -553,7 -553,7 +561,11 @@@ freebsd4_sendsig(sig_t catcher, ksiginf
}
regs->tf_esp = (int)sfp;
++<<<<<<< HEAD
+ regs->tf_eip = p->p_sigcode_base + szsigcode -
++=======
+ regs->tf_eip = p->p_sysent->sv_sigcode_base + szsigcode -
++>>>>>>> upstream/main
szfreebsd4_sigcode;
regs->tf_eflags &= ~(PSL_T | PSL_D);
regs->tf_cs = _ucodesel;
@@@ -715,9 -715,9 +727,15 @@@ sendsig(sig_t catcher, ksiginfo_t *ksi
}
regs->tf_esp = (int)sfp;
++<<<<<<< HEAD
+ regs->tf_eip = p->p_sigcode_base;
+ if (regs->tf_eip == 0)
+ regs->tf_eip = p->p_psstrings - szsigcode;
++=======
+ regs->tf_eip = p->p_sysent->sv_sigcode_base;
+ if (regs->tf_eip == 0)
+ regs->tf_eip = p->p_sysent->sv_psstrings - szsigcode;
++>>>>>>> upstream/main
regs->tf_eflags &= ~(PSL_T | PSL_D);
regs->tf_cs = _ucodesel;
regs->tf_ds = _udatasel;
diff --cc sys/i386/linux/linux_sysvec.c
index 907d20cd874f,7bd1102e48a0..000000000000
mode 100644,100644..100755
--- a/sys/i386/linux/linux_sysvec.c
+++ b/sys/i386/linux/linux_sysvec.c
@@@ -29,20 -29,18 +29,30 @@@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/exec.h>
#include <sys/fcntl.h>
#include <sys/imgact.h>
++<<<<<<< HEAD
++=======
+ #include <sys/imgact_aout.h>
++>>>>>>> upstream/main
#include <sys/imgact_elf.h>
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/malloc.h>
#include <sys/module.h>
#include <sys/mutex.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/signalvar.h>
#include <sys/syscallsubr.h>
@@@ -199,15 -197,15 +209,24 @@@ linux_copyout_auxargs(struct image_para
int error, issetugid;
p = imgp->proc;
++<<<<<<< HEAD
+ arginfo = (struct ps_strings *)p->p_psstrings;
+ issetugid = imgp->proc->p_flag & P_SUGID ? 1 : 0;
++=======
+ issetugid = imgp->proc->p_flag & P_SUGID ? 1 : 0;
+ arginfo = (struct ps_strings *)p->p_sysent->sv_psstrings;
++>>>>>>> upstream/main
uplatform = (Elf32_Addr *)((caddr_t)arginfo - linux_szplatform);
args = (Elf32_Auxargs *)imgp->auxargs;
argarray = pos = malloc(LINUX_AT_COUNT * sizeof(*pos), M_TEMP,
M_WAITOK | M_ZERO);
AUXARGS_ENTRY(pos, LINUX_AT_SYSINFO_EHDR,
++<<<<<<< HEAD
+ imgp->proc->p_shared_page_base);
++=======
+ imgp->proc->p_sysent->sv_shared_page_base);
++>>>>>>> upstream/main
AUXARGS_ENTRY(pos, LINUX_AT_SYSINFO, linux_vsyscall);
AUXARGS_ENTRY(pos, LINUX_AT_HWCAP, cpu_feature);
@@@ -285,7 -283,7 +304,11 @@@ linux_copyout_strings(struct image_para
execpath_len = strlen(imgp->execpath) + 1;
else
execpath_len = 0;
++<<<<<<< HEAD
+ arginfo = (struct ps_strings *)p->p_psstrings;
++=======
+ arginfo = (struct ps_strings *)p->p_sysent->sv_psstrings;
++>>>>>>> upstream/main
destp = (uintptr_t)arginfo;
/* Install LINUX_PLATFORM. */
@@@ -840,6 -838,42 +863,45 @@@ linux_get_machine(const char **dst
}
}
++<<<<<<< HEAD
++=======
+ struct sysentvec linux_sysvec = {
+ .sv_size = LINUX_SYS_MAXSYSCALL,
+ .sv_table = linux_sysent,
+ .sv_transtrap = linux_translate_traps,
+ .sv_fixup = linux_fixup,
+ .sv_sendsig = linux_sendsig,
+ .sv_sigcode = &_binary_linux_locore_o_start,
+ .sv_szsigcode = &linux_szsigcode,
+ .sv_name = "Linux a.out",
+ .sv_coredump = NULL,
+ .sv_imgact_try = linux_exec_imgact_try,
+ .sv_minsigstksz = LINUX_MINSIGSTKSZ,
+ .sv_minuser = VM_MIN_ADDRESS,
+ .sv_maxuser = VM_MAXUSER_ADDRESS,
+ .sv_usrstack = LINUX_USRSTACK,
+ .sv_psstrings = PS_STRINGS,
+ .sv_stackprot = VM_PROT_ALL,
+ .sv_copyout_strings = exec_copyout_strings,
+ .sv_setregs = linux_exec_setregs,
+ .sv_fixlimit = NULL,
+ .sv_maxssiz = NULL,
+ .sv_flags = SV_ABI_LINUX | SV_AOUT | SV_IA32 | SV_ILP32,
+ .sv_set_syscall_retval = linux_set_syscall_retval,
+ .sv_fetch_syscall_args = linux_fetch_syscall_args,
+ .sv_syscallnames = NULL,
+ .sv_shared_page_base = LINUX_SHAREDPAGE,
+ .sv_shared_page_len = PAGE_SIZE,
+ .sv_schedtail = linux_schedtail,
+ .sv_thread_detach = linux_thread_detach,
+ .sv_trap = NULL,
+ .sv_onexec = linux_on_exec,
+ .sv_onexit = linux_on_exit,
+ .sv_ontdexit = linux_thread_dtor,
+ };
+ INIT_SYSENTVEC(aout_sysvec, &linux_sysvec);
+
++>>>>>>> upstream/main
struct sysentvec elf_linux_sysvec = {
.sv_size = LINUX_SYS_MAXSYSCALL,
.sv_table = linux_sysent,
@@@ -871,7 -905,6 +933,10 @@@
.sv_schedtail = linux_schedtail,
.sv_thread_detach = linux_thread_detach,
.sv_trap = NULL,
++<<<<<<< HEAD
+ .sv_pax_aslr_init = pax_aslr_init_vmspace,
++=======
++>>>>>>> upstream/main
.sv_onexec = linux_on_exec,
.sv_onexit = linux_on_exit,
.sv_ontdexit = linux_thread_dtor,
diff --cc sys/kern/imgact_elf.c
index 3fd4de0b1650,fc1b7bf1a53a..000000000000
mode 100644,100644..100755
--- a/sys/kern/imgact_elf.c
+++ b/sys/kern/imgact_elf.c
@@@ -35,8 -35,6 +35,11 @@@
__FBSDID("$FreeBSD$");
#include "opt_capsicum.h"
++<<<<<<< HEAD
+#include "opt_gzio.h"
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/capsicum.h>
@@@ -52,7 -50,6 +55,10 @@@
#include <sys/mount.h>
#include <sys/mman.h>
#include <sys/namei.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/procfs.h>
#include <sys/ptrace.h>
@@@ -133,6 -130,12 +139,15 @@@ SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WO
nxstack, CTLFLAG_RW, &__elfN(nxstack), 0,
__XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) ": enable non-executable stack");
++<<<<<<< HEAD
++=======
+ #if __ELF_WORD_SIZE == 32 && (defined(__amd64__) || defined(__i386__))
+ int i386_read_exec = 0;
+ SYSCTL_INT(_kern_elf32, OID_AUTO, read_exec, CTLFLAG_RW, &i386_read_exec, 0,
+ "enable execution from readable segments");
+ #endif
+
++>>>>>>> upstream/main
static u_long __elfN(pie_base) = ET_DYN_LOAD_ADDR;
static int
sysctl_pie_base(SYSCTL_HANDLER_ARGS)
@@@ -483,7 -486,7 +498,11 @@@ __elfN(check_header)(const Elf_Ehdr *hd
static int
__elfN(map_partial)(vm_map_t map, vm_object_t object, vm_ooffset_t offset,
++<<<<<<< HEAD
+ vm_offset_t start, vm_offset_t end, vm_prot_t prot, vm_prot_t maxprot)
++=======
+ vm_offset_t start, vm_offset_t end, vm_prot_t prot)
++>>>>>>> upstream/main
{
struct sf_buf *sf;
int error;
@@@ -516,7 -519,7 +535,11 @@@
static int
__elfN(map_insert)(struct image_params *imgp, vm_map_t map, vm_object_t object,
vm_ooffset_t offset, vm_offset_t start, vm_offset_t end, vm_prot_t prot,
++<<<<<<< HEAD
+ vm_prot_t maxprot, int cow)
++=======
+ int cow)
++>>>>>>> upstream/main
{
struct sf_buf *sf;
vm_offset_t off;
@@@ -525,7 -528,7 +548,11 @@@
if (start != trunc_page(start)) {
rv = __elfN(map_partial)(map, object, offset, start,
++<<<<<<< HEAD
+ round_page(start), prot, maxprot);
++=======
+ round_page(start), prot);
++>>>>>>> upstream/main
if (rv != KERN_SUCCESS)
return (rv);
offset += round_page(start) - start;
@@@ -533,8 -536,7 +560,12 @@@
}
if (end != round_page(end)) {
rv = __elfN(map_partial)(map, object, offset +
++<<<<<<< HEAD
+ trunc_page(end) - start, trunc_page(end), end, prot,
+ maxprot);
++=======
+ trunc_page(end) - start, trunc_page(end), end, prot);
++>>>>>>> upstream/main
if (rv != KERN_SUCCESS)
return (rv);
end = trunc_page(end);
@@@ -547,7 -549,7 +578,11 @@@
* to copy the data.
*/
rv = vm_map_fixed(map, NULL, 0, start, end - start,
++<<<<<<< HEAD
+ prot | VM_PROT_WRITE, maxprot, MAP_CHECK_EXCL);
++=======
+ prot | VM_PROT_WRITE, VM_PROT_ALL, MAP_CHECK_EXCL);
++>>>>>>> upstream/main
if (rv != KERN_SUCCESS)
return (rv);
if (object == NULL)
@@@ -570,7 -572,7 +605,11 @@@
} else {
vm_object_reference(object);
rv = vm_map_fixed(map, object, offset, start, end - start,
++<<<<<<< HEAD
+ prot, maxprot, cow | MAP_CHECK_EXCL |
++=======
+ prot, VM_PROT_ALL, cow | MAP_CHECK_EXCL |
++>>>>>>> upstream/main
(object != NULL ? MAP_VN_EXEC : 0));
if (rv != KERN_SUCCESS) {
locked = VOP_ISLOCKED(imgp->vp);
@@@ -638,7 -640,7 +677,11 @@@ __elfN(load_section)(struct image_param
(prot & VM_PROT_WRITE ? 0 : MAP_DISABLE_COREDUMP);
rv = __elfN(map_insert)(imgp, map, object, file_addr,
++<<<<<<< HEAD
+ map_addr, map_addr + map_len, prot, prot, cow);
++=======
+ map_addr, map_addr + map_len, prot, cow);
++>>>>>>> upstream/main
if (rv != KERN_SUCCESS)
return (EINVAL);
@@@ -661,7 -663,7 +704,11 @@@
/* This had damn well better be true! */
if (map_len != 0) {
rv = __elfN(map_insert)(imgp, map, NULL, 0, map_addr,
++<<<<<<< HEAD
+ map_addr + map_len, prot, VM_PROT_ALL, 0);
++=======
+ map_addr + map_len, prot, 0);
++>>>>>>> upstream/main
if (rv != KERN_SUCCESS)
return (EINVAL);
}
@@@ -683,15 -685,9 +730,21 @@@
* Remove write access to the page if it was only granted by map_insert
* to allow copyout.
*/
++<<<<<<< HEAD
+#ifdef PAX_NOEXEC
+ if ((prot & VM_PROT_WRITE) == 0)
+ vm_map_protect(map, trunc_page(map_addr), round_page(map_addr +
+ map_len), prot, TRUE);
+#else
if ((prot & VM_PROT_WRITE) == 0)
vm_map_protect(map, trunc_page(map_addr), round_page(map_addr +
map_len), prot, FALSE);
+#endif
++=======
++ if ((prot & VM_PROT_WRITE) == 0)
++ vm_map_protect(map, trunc_page(map_addr), round_page(map_addr +
++ map_len), prot, FALSE);
++>>>>>>> upstream/main
return (0);
}
@@@ -878,12 -874,6 +931,15 @@@ __CONCAT(rnd_, __elfN(base))(vm_map_t m
return (res);
}
++<<<<<<< HEAD
+/*
+ * Impossible et_dyn_addr initial value indicating that the real base
+ * must be calculated later with some randomization applied.
+ */
+#define ET_DYN_ADDR_RAND 1
+
++=======
++>>>>>>> upstream/main
static int
__elfN(enforce_limits)(struct image_params *imgp, const Elf_Ehdr *hdr,
const Elf_Phdr *phdr, u_long et_dyn_addr)
@@@ -1062,6 -1052,12 +1118,15 @@@ __elfN(load_interp)(struct image_param
return (error);
}
++<<<<<<< HEAD
++=======
+ /*
+ * Impossible et_dyn_addr initial value indicating that the real base
+ * must be calculated later with some randomization applied.
+ */
+ #define ET_DYN_ADDR_RAND 1
+
++>>>>>>> upstream/main
static int
__CONCAT(exec_, __elfN(imgact))(struct image_params *imgp)
{
@@@ -1079,10 -1075,9 +1144,16 @@@
uint32_t fctl0;
int32_t osrel;
bool free_interp;
++<<<<<<< HEAD
+ int do_asr, error, i, n;
+
+ hdr = (const Elf_Ehdr *)imgp->image_header;
+ do_asr = 0;
++=======
+ int error, i, n;
+
+ hdr = (const Elf_Ehdr *)imgp->image_header;
++>>>>>>> upstream/main
/*
* Do we have a valid ELF header ?
@@@ -1185,12 -1180,15 +1256,24 @@@
* non-zero for some reason.
*/
if (baddr == 0) {
++<<<<<<< HEAD
+ if ((__elfN(pie_aslr_enabled) &&
+ (imgp->proc->p_flag2 & P2_ASLR_DISABLE) == 0) ||
+ (imgp->proc->p_flag2 & P2_ASLR_ENABLE) != 0)
+ do_asr = 1;
+
+ et_dyn_addr = ET_DYN_LOAD_ADDR;
++=======
+ if ((sv->sv_flags & SV_ASLR) == 0 ||
+ (fctl0 & NT_FREEBSD_FCTL_ASLR_DISABLE) != 0)
+ et_dyn_addr = __elfN(pie_base);
+ else if ((__elfN(pie_aslr_enabled) &&
+ (imgp->proc->p_flag2 & P2_ASLR_DISABLE) == 0) ||
+ (imgp->proc->p_flag2 & P2_ASLR_ENABLE) != 0)
+ et_dyn_addr = ET_DYN_ADDR_RAND;
+ else
+ et_dyn_addr = __elfN(pie_base);
++>>>>>>> upstream/main
}
}
@@@ -1219,10 -1217,14 +1302,21 @@@
imgp->proc->p_flag2 &= ~(P2_ASLR_ENABLE | P2_ASLR_DISABLE);
PROC_UNLOCK(imgp->proc);
}
++<<<<<<< HEAD
+
+ if (((imgp->proc->p_flag2 & P2_ASLR_ENABLE) != 0 ||
+ (__elfN(aslr_enabled) && hdr->e_type == ET_EXEC)) &&
+ do_asr) {
++=======
+ if ((sv->sv_flags & SV_ASLR) == 0 ||
+ (imgp->proc->p_flag2 & P2_ASLR_DISABLE) != 0 ||
+ (fctl0 & NT_FREEBSD_FCTL_ASLR_DISABLE) != 0) {
+ KASSERT(et_dyn_addr != ET_DYN_ADDR_RAND,
+ ("et_dyn_addr == RAND and !ASLR"));
+ } else if ((imgp->proc->p_flag2 & P2_ASLR_ENABLE) != 0 ||
+ (__elfN(aslr_enabled) && hdr->e_type == ET_EXEC) ||
+ et_dyn_addr == ET_DYN_ADDR_RAND) {
++>>>>>>> upstream/main
imgp->map_flags |= MAP_ASLR;
/*
* If user does not care about sbrk, utilize the bss
@@@ -1240,19 -1242,9 +1334,25 @@@
map = &vmspace->vm_map;
imgp->proc->p_sysent = sv;
++<<<<<<< HEAD
+ maxv = vm_map_max(map) - lim_max(td, RLIMIT_STACK);
+
+#ifdef PAX_ASLR
+ /*
+ * Only use HardenedBSD's PaX ASLR implementation when
+ * FreeBSD's ASR is disabled.
+ */
+ if (!do_asr && (hdr->e_type == ET_DYN && baddr == 0)) {
+ pax_aslr_execbase(imgp->proc, &et_dyn_addr);
+ }
+#endif
+
+ if (do_asr) {
++=======
+
+ maxv = vm_map_max(map) - lim_max(td, RLIMIT_STACK);
+ if (et_dyn_addr == ET_DYN_ADDR_RAND) {
++>>>>>>> upstream/main
KASSERT((map->flags & MAP_ASLR) != 0,
("ET_DYN_ADDR_RAND but !MAP_ASLR"));
et_dyn_addr = __CONCAT(rnd_, __elfN(base))(map,
@@@ -1281,8 -1273,6 +1381,11 @@@
* calculation is that it leaves room for the heap to grow to
* its maximum allowed size.
*/
++<<<<<<< HEAD
+ PROC_LOCK(imgp->proc);
+ vmspace = imgp->proc->p_vmspace;
++=======
++>>>>>>> upstream/main
addr = round_page((vm_offset_t)vmspace->vm_daddr + lim_max(td,
RLIMIT_DATA));
if ((map->flags & MAP_ASLR) != 0) {
@@@ -1290,13 -1280,9 +1393,19 @@@
MPASS(maxv1 >= addr); /* No overflow */
map->anon_loc = __CONCAT(rnd_, __elfN(base))(map, addr, maxv1,
MAXPAGESIZES > 1 ? pagesizes[1] : pagesizes[0]);
++<<<<<<< HEAD
+ }
+#ifdef PAX_ASLR
+ else
+ pax_aslr_rtld(imgp->proc, &addr);
+#endif
+ map->anon_loc = addr;
+ PROC_UNLOCK(imgp->proc);
++=======
+ } else {
+ map->anon_loc = addr;
+ }
++>>>>>>> upstream/main
imgp->entry_addr = entry;
@@@ -1335,7 -1321,6 +1444,10 @@@
elf_auxargs->flags = 0;
elf_auxargs->entry = entry;
elf_auxargs->hdr_eflags = hdr->e_flags;
++<<<<<<< HEAD
+ elf_auxargs->pax_flags = imgp->proc->p_pax;
++=======
++>>>>>>> upstream/main
imgp->auxargs = elf_auxargs;
imgp->interpreted = 0;
@@@ -1372,7 -1357,6 +1484,10 @@@ __elfN(freebsd_copyout_auxargs)(struct
AUXARGS_ENTRY(pos, AT_FLAGS, args->flags);
AUXARGS_ENTRY(pos, AT_ENTRY, args->entry);
AUXARGS_ENTRY(pos, AT_BASE, args->base);
++<<<<<<< HEAD
+ AUXARGS_ENTRY(pos, AT_PAXFLAGS, args->pax_flags);
++=======
++>>>>>>> upstream/main
AUXARGS_ENTRY(pos, AT_EHDRFLAGS, args->hdr_eflags);
if (imgp->execpathp != 0)
AUXARGS_ENTRY_PTR(pos, AT_EXECPATH, imgp->execpathp);
@@@ -1389,7 -1373,7 +1504,11 @@@
}
if (imgp->sysent->sv_timekeep_base != 0) {
AUXARGS_ENTRY(pos, AT_TIMEKEEP,
++<<<<<<< HEAD
+ imgp->proc->p_timekeep_base);
++=======
+ imgp->sysent->sv_timekeep_base);
++>>>>>>> upstream/main
}
AUXARGS_ENTRY(pos, AT_STACKPROT, imgp->sysent->sv_shared_page_obj
!= NULL && imgp->stack_prot != 0 ? imgp->stack_prot :
@@@ -2588,9 -2572,9 +2707,15 @@@ __elfN(note_procstat_psstrings)(void *a
KASSERT(*sizep == size, ("invalid size"));
structsize = sizeof(ps_strings);
#if defined(COMPAT_FREEBSD32) && __ELF_WORD_SIZE == 32
++<<<<<<< HEAD
+ ps_strings = PTROUT(p->p_psstrings);
+#else
+ ps_strings = p->p_psstrings;
++=======
+ ps_strings = PTROUT(p->p_sysent->sv_psstrings);
+ #else
+ ps_strings = p->p_sysent->sv_psstrings;
++>>>>>>> upstream/main
#endif
sbuf_bcat(sb, &structsize, sizeof(structsize));
sbuf_bcat(sb, &ps_strings, sizeof(ps_strings));
@@@ -2806,6 -2790,10 +2931,13 @@@ __elfN(trans_prot)(Elf_Word flags
prot |= VM_PROT_WRITE;
if (flags & PF_R)
prot |= VM_PROT_READ;
++<<<<<<< HEAD
++=======
+ #if __ELF_WORD_SIZE == 32 && (defined(__amd64__) || defined(__i386__))
+ if (i386_read_exec && (flags & PF_R))
+ prot |= VM_PROT_EXECUTE;
+ #endif
++>>>>>>> upstream/main
return (prot);
}
diff --cc sys/kern/init_main.c
index 53e09f351301,5eb8186c23ca..000000000000
mode 100644,100644..100755
--- a/sys/kern/init_main.c
+++ b/sys/kern/init_main.c
@@@ -49,7 -49,6 +49,10 @@@ __FBSDID("$FreeBSD$")
#include "opt_ddb.h"
#include "opt_kdb.h"
#include "opt_init_path.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include "opt_verbose_sysinit.h"
#include <sys/param.h>
@@@ -69,7 -68,6 +72,10 @@@
#include <sys/dtrace_bsd.h>
#include <sys/syscallsubr.h>
#include <sys/sysctl.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/racct.h>
#include <sys/resourcevar.h>
@@@ -432,7 -430,6 +438,10 @@@ struct sysentvec null_sysvec =
.sv_schedtail = NULL,
.sv_thread_detach = NULL,
.sv_trap = NULL,
++<<<<<<< HEAD
+ .sv_pax_aslr_init = NULL,
++=======
++>>>>>>> upstream/main
};
/*
@@@ -497,11 -494,6 +506,14 @@@ proc0_init(void *dummy __unused
p->p_flag = P_SYSTEM | P_INMEM | P_KPROC;
p->p_flag2 = 0;
p->p_state = PRS_NORMAL;
++<<<<<<< HEAD
+#ifdef PAX
+ p->p_pax = PAX_NOTE_ALL_DISABLED;
+#endif
+ p->p_usrstack = USRSTACK;
+ p->p_psstrings = PS_STRINGS;
++=======
++>>>>>>> upstream/main
p->p_klist = knlist_alloc(&p->p_mtx);
STAILQ_INIT(&p->p_ktr);
p->p_nice = NZERO;
@@@ -518,9 -510,6 +530,12 @@@
td->td_flags = TDF_INMEM;
td->td_pflags = TDP_KTHREAD;
td->td_cpuset = cpuset_thread0();
++<<<<<<< HEAD
+#ifdef PAX
+ td->td_pax = PAX_NOTE_ALL_DISABLED;
+#endif
++=======
++>>>>>>> upstream/main
td->td_domain.dr_policy = td->td_cpuset->cs_domain;
prison0_init();
p->p_peers = 0;
diff --cc sys/kern/kern_exec.c
index c816b55182b4,b3fcbef0289b..000000000000
mode 100644,100644..100755
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@@ -32,7 -32,6 +32,10 @@@ __FBSDID("$FreeBSD$")
#include "opt_capsicum.h"
#include "opt_hwpmc_hooks.h"
#include "opt_ktrace.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include "opt_vm.h"
#include <sys/param.h>
@@@ -52,7 -51,6 +55,10 @@@
#include <sys/mount.h>
#include <sys/mutex.h>
#include <sys/namei.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/ptrace.h>
@@@ -148,6 -146,10 +154,13 @@@ SYSCTL_INT(_kern, OID_AUTO, disallow_hi
&disallow_high_osrel, 0,
"Disallow execution of binaries built for higher version of the world");
++<<<<<<< HEAD
++=======
+ static int map_at_zero = 0;
+ SYSCTL_INT(_security_bsd, OID_AUTO, map_at_zero, CTLFLAG_RWTUN, &map_at_zero, 0,
+ "Permit processes to map an object at virtual address 0.");
+
++>>>>>>> upstream/main
static int
sysctl_kern_ps_strings(SYSCTL_HANDLER_ARGS)
{
@@@ -158,12 -160,12 +171,21 @@@
#ifdef SCTL_MASK32
if (req->flags & SCTL_MASK32) {
unsigned int val;
++<<<<<<< HEAD
+ val = (unsigned int)p->p_psstrings;
+ error = SYSCTL_OUT(req, &val, sizeof(val));
+ } else
+#endif
+ error = SYSCTL_OUT(req, &p->p_psstrings,
+ sizeof(p->p_psstrings));
++=======
+ val = (unsigned int)p->p_sysent->sv_psstrings;
+ error = SYSCTL_OUT(req, &val, sizeof(val));
+ } else
+ #endif
+ error = SYSCTL_OUT(req, &p->p_sysent->sv_psstrings,
+ sizeof(p->p_sysent->sv_psstrings));
++>>>>>>> upstream/main
return error;
}
@@@ -177,12 -179,12 +199,21 @@@ sysctl_kern_usrstack(SYSCTL_HANDLER_ARG
#ifdef SCTL_MASK32
if (req->flags & SCTL_MASK32) {
unsigned int val;
++<<<<<<< HEAD
+ val = (unsigned int)p->p_usrstack;
+ error = SYSCTL_OUT(req, &val, sizeof(val));
+ } else
+#endif
+ error = SYSCTL_OUT(req, &p->p_usrstack,
+ sizeof(p->p_usrstack));
++=======
+ val = (unsigned int)p->p_sysent->sv_usrstack;
+ error = SYSCTL_OUT(req, &val, sizeof(val));
+ } else
+ #endif
+ error = SYSCTL_OUT(req, &p->p_sysent->sv_usrstack,
+ sizeof(p->p_sysent->sv_usrstack));
++>>>>>>> upstream/main
return error;
}
@@@ -385,10 -387,6 +416,13 @@@ do_execve(struct thread *td, struct ima
int error, i, orig_osrel;
uint32_t orig_fctl0;
static const char fexecv_proc_title[] = "(fexecv)";
++<<<<<<< HEAD
+#ifdef PAX
+ image_params.pax.req_acl_flags = 0;
+ image_params.pax.req_extattr_flags = 0;
+#endif
++=======
++>>>>>>> upstream/main
imgp = &image_params;
@@@ -477,19 -475,6 +511,22 @@@ interpret
if (error)
goto exec_fail_dealloc;
++<<<<<<< HEAD
+#ifdef PAX_CONTROL_EXTATTR
+ error = pax_control_extattr_parse_flags(td, imgp);
+ if (error)
+ goto exec_fail_dealloc;
+#endif
+
+#ifdef PAX
+ error = pax_elf(td, imgp);
+ if (error) {
+ goto exec_fail_dealloc;
+ }
+#endif
+
++=======
++>>>>>>> upstream/main
imgp->object = imgp->vp->v_object;
if (imgp->object != NULL)
vm_object_reference(imgp->object);
@@@ -625,12 -610,6 +662,15 @@@
goto exec_fail_dealloc;
}
++<<<<<<< HEAD
+#ifdef PAX_SEGVGUARD
+ error = pax_segvguard_check(td, imgp->vp, args->fname);
+ if (error)
+ goto exec_fail_dealloc;
+#endif
+
++=======
++>>>>>>> upstream/main
/*
* Special interpreter operation, cleanup and loop up to try to
* activate the interpreter.
@@@ -690,11 -669,6 +730,14 @@@
goto exec_fail_dealloc;
}
++<<<<<<< HEAD
+ p->p_psstrings = p->p_sysent->sv_psstrings;
+#ifdef PAX_ASLR
+ pax_aslr_stack_with_gap(p, &(p->p_psstrings));
+#endif
+
++=======
++>>>>>>> upstream/main
/* ABI enforces the use of Capsicum. Switch into capabilities mode. */
if (SV_PROC_FLAG(p, SV_CAPSICUM))
sys_cap_enter(td, NULL);
@@@ -1070,8 -1044,6 +1113,11 @@@ exec_new_vmspace(struct image_params *i
vm_offset_t sv_minuser, stack_addr;
vm_map_t map;
u_long ssiz;
++<<<<<<< HEAD
+ vm_prot_t stackprot;
+ vm_prot_t stackmaxprot;
++=======
++>>>>>>> upstream/main
imgp->vmspace_destroyed = 1;
imgp->sysent = sv;
@@@ -1090,7 -1062,10 +1136,14 @@@
* not disrupted
*/
map = &vmspace->vm_map;
++<<<<<<< HEAD
+ sv_minuser = MAX(sv->sv_minuser, PAGE_SIZE);
++=======
+ if (map_at_zero)
+ sv_minuser = sv->sv_minuser;
+ else
+ sv_minuser = MAX(sv->sv_minuser, PAGE_SIZE);
++>>>>>>> upstream/main
if (refcount_load(&vmspace->vm_refcnt) == 1 &&
vm_map_min(map) == sv_minuser &&
vm_map_max(map) == sv->sv_maxuser &&
@@@ -1115,44 -1090,19 +1168,58 @@@
}
map->flags |= imgp->map_flags;
++<<<<<<< HEAD
+#ifdef PAX_ASLR
+ PROC_LOCK(imgp->proc);
+ pax_aslr_init(imgp);
+ PROC_UNLOCK(imgp->proc);
+#endif
+
+ /* Map a shared page */
+ obj = sv->sv_shared_page_obj;
+ if (obj != NULL) {
+ p->p_shared_page_base = sv->sv_shared_page_base;
+#ifdef PAX_ASLR
+ PROC_LOCK(imgp->proc);
+ pax_aslr_vdso(p, &(p->p_shared_page_base));
+ PROC_UNLOCK(imgp->proc);
+#endif
+ vm_object_reference(obj);
+ error = vm_map_fixed(map, obj, 0,
+ p->p_shared_page_base, sv->sv_shared_page_len,
++=======
+ /* Map a shared page */
+ obj = sv->sv_shared_page_obj;
+ if (obj != NULL) {
+ vm_object_reference(obj);
+ error = vm_map_fixed(map, obj, 0,
+ sv->sv_shared_page_base, sv->sv_shared_page_len,
++>>>>>>> upstream/main
VM_PROT_READ | VM_PROT_EXECUTE,
VM_PROT_READ | VM_PROT_EXECUTE,
MAP_INHERIT_SHARE | MAP_ACC_NO_CHARGE);
if (error != KERN_SUCCESS) {
vm_object_deallocate(obj);
++<<<<<<< HEAD
+#ifdef PAX_ASLR
+ pax_log_aslr(p, PAX_LOG_DEFAULT,
+ "failed to map the shared-page @%p",
+ (void *)p->p_shared_page_base);
+#endif
return (vm_mmap_to_errno(error));
}
+
+ p->p_timekeep_base = sv->sv_timekeep_base;
+#ifdef PAX_ASLR
+ PROC_LOCK(imgp->proc);
+ if (p->p_timekeep_base != 0)
+ pax_aslr_vdso(p, &(p->p_timekeep_base));
+ PROC_UNLOCK(imgp->proc);
+#endif
++=======
++ return (vm_mmap_to_errno(error));
++ }
++>>>>>>> upstream/main
}
/* Allocate a new stack */
@@@ -1172,34 -1122,15 +1239,46 @@@
} else {
ssiz = maxssiz;
}
++<<<<<<< HEAD
+
+ stack_addr = sv->sv_usrstack;
+#ifdef PAX_ASLR
+ /* Randomize the stack top. */
+ pax_aslr_stack(p, &stack_addr);
+#endif
+ /* Save the process specific randomized stack top. */
+ p->p_usrstack = stack_addr;
+ /* Calculate the stack's mapping address. */
+ stack_addr -= ssiz;
+ stackprot = obj != NULL && imgp->stack_prot != 0 ? imgp->stack_prot : sv->sv_stackprot;
+ stackmaxprot = VM_PROT_ALL;
+#ifdef PAX_NOEXEC
+ pax_noexec_nx(p, &stackprot, &stackmaxprot);
+#endif
+ imgp->eff_stack_sz = lim_cur(curthread, RLIMIT_STACK);
+ if (ssiz < imgp->eff_stack_sz)
+ imgp->eff_stack_sz = ssiz;
+ error = vm_map_stack(map, stack_addr, (vm_size_t)ssiz,
+ stackprot, stackmaxprot, MAP_STACK_GROWS_DOWN);
+ if (error != KERN_SUCCESS) {
+#ifdef PAX_ASLR
+ pax_log_aslr(p, PAX_LOG_DEFAULT,
+ "failed to map the main stack @%p",
+ (void *)p->p_usrstack);
+#endif
+ return (vm_mmap_to_errno(error));
+ }
++=======
+ imgp->eff_stack_sz = lim_cur(curthread, RLIMIT_STACK);
+ if (ssiz < imgp->eff_stack_sz)
+ imgp->eff_stack_sz = ssiz;
+ stack_addr = sv->sv_usrstack - ssiz;
+ error = vm_map_stack(map, stack_addr, (vm_size_t)ssiz,
+ obj != NULL && imgp->stack_prot != 0 ? imgp->stack_prot :
+ sv->sv_stackprot, VM_PROT_ALL, MAP_STACK_GROWS_DOWN);
+ if (error != KERN_SUCCESS)
+ return (vm_mmap_to_errno(error));
++>>>>>>> upstream/main
/*
* vm_ssize and vm_maxsaddr are somewhat antiquated concepts, but they
@@@ -1632,17 -1563,11 +1711,25 @@@ exec_copyout_strings(struct image_param
execpath_len = 0;
p = imgp->proc;
szsigcode = 0;
++<<<<<<< HEAD
+ arginfo = (struct ps_strings *)p->p_psstrings;
+ p->p_sigcode_base = p->p_sysent->sv_sigcode_base;
+ imgp->ps_strings = arginfo;
+ if (p->p_sigcode_base == 0) {
+ if (p->p_sysent->sv_szsigcode != NULL)
+ szsigcode = *(p->p_sysent->sv_szsigcode);
+#ifdef PAX_ASLR
+ } else {
+ // XXXOP
+ pax_aslr_vdso(p, &(p->p_sigcode_base));
+#endif
++=======
+ arginfo = (struct ps_strings *)p->p_sysent->sv_psstrings;
+ imgp->ps_strings = arginfo;
+ if (p->p_sysent->sv_sigcode_base == 0) {
+ if (p->p_sysent->sv_szsigcode != NULL)
+ szsigcode = *(p->p_sysent->sv_szsigcode);
++>>>>>>> upstream/main
}
destp = (uintptr_t)arginfo;
diff --cc sys/kern/kern_fork.c
index fc3ec3d3f009,5bdf5054863d..000000000000
mode 100644,100644..100755
--- a/sys/kern/kern_fork.c
+++ b/sys/kern/kern_fork.c
@@@ -41,7 -41,6 +41,10 @@@ __FBSDID("$FreeBSD$")
#include "opt_ktrace.h"
#include "opt_kstack_pages.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/systm.h>
@@@ -57,7 -56,6 +60,10 @@@
#include <sys/lock.h>
#include <sys/malloc.h>
#include <sys/mutex.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/procdesc.h>
@@@ -206,12 -204,8 +212,17 @@@ SYSCTL_INT(_kern, OID_AUTO, lastpid, CT
* modulus that is too big causes a LOT more process table scans and slows
* down fork processing as the pidchecked caching is defeated.
*/
++<<<<<<< HEAD
+int randompid = 0;
+
+#ifdef PAX_HARDENING
+SYSCTL_INT(_kern, OID_AUTO, randompid, CTLFLAG_RD | CTLFLAG_MPSAFE,
+ &randompid, 0, "Random PID modulus");
+#else
++=======
+ static int randompid = 0;
+
++>>>>>>> upstream/main
static int
sysctl_kern_randompid(SYSCTL_HANDLER_ARGS)
{
@@@ -242,10 -236,10 +253,17 @@@
return (error);
}
++<<<<<<< HEAD
+SYSCTL_PROC(_kern, OID_AUTO, randompid, CTLTYPE_INT | CTLFLAG_RW |
+ CTLFLAG_MPSAFE, 0, 0, sysctl_kern_randompid, "I",
+ "Random PID modulus");
+#endif
++=======
+ SYSCTL_PROC(_kern, OID_AUTO, randompid,
+ CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 0,
+ sysctl_kern_randompid, "I",
+ "Random PID modulus. Special values: 0: disable, 1: choose random value");
++>>>>>>> upstream/main
extern bitstr_t proc_id_pidmap;
extern bitstr_t proc_id_grpidmap;
@@@ -469,7 -463,6 +487,10 @@@ do_fork(struct thread *td, struct fork_
__rangeof(struct thread, td_startcopy, td_endcopy));
bcopy(&p2->p_comm, &td2->td_name, sizeof(td2->td_name));
++<<<<<<< HEAD
+ td2->td_pax = p2->p_pax;
++=======
++>>>>>>> upstream/main
td2->td_sigstk = td->td_sigstk;
td2->td_flags = TDF_INMEM;
td2->td_lend_user_pri = PRI_MAX;
@@@ -848,15 -841,6 +869,18 @@@ fork1(struct thread *td, struct fork_re
else
MPASS(fr->fr_procp == NULL);
++<<<<<<< HEAD
+#ifdef PAX_SEGVGUARD
+ if (td->td_proc->p_pid != 0) {
+ error = pax_segvguard_check(curthread, curthread->td_proc->p_textvp,
+ td->td_proc->p_comm);
+ if (error)
+ return (error);
+ }
+#endif
+
++=======
++>>>>>>> upstream/main
/* Check for the undefined or unimplemented flags. */
if ((flags & ~(RFFLAGS | RFTSIGFLAGS(RFTSIGMASK))) != 0)
return (EINVAL);
diff --cc sys/kern/kern_jail.c
index 196303e0fc08,1bad2d7488c1..000000000000
mode 100644,100644..100755
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@@ -34,7 -34,6 +34,10 @@@ __FBSDID("$FreeBSD$")
#include "opt_ddb.h"
#include "opt_inet.h"
#include "opt_inet6.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/types.h>
@@@ -44,7 -43,6 +47,10 @@@
#include <sys/sysproto.h>
#include <sys/malloc.h>
#include <sys/osd.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/taskqueue.h>
@@@ -201,7 -199,6 +207,10 @@@ static struct bool_flags pr_flag_allow[
{"allow.read_msgbuf", "allow.noread_msgbuf", PR_ALLOW_READ_MSGBUF},
{"allow.unprivileged_proc_debug", "allow.nounprivileged_proc_debug",
PR_ALLOW_UNPRIV_DEBUG},
++<<<<<<< HEAD
+ {"allow.extattr", "allow.noextattr", PR_ALLOW_EXTATTR},
++=======
++>>>>>>> upstream/main
{"allow.suser", "allow.nosuser", PR_ALLOW_SUSER},
};
const size_t pr_flag_allow_size = sizeof(pr_flag_allow);
@@@ -209,7 -206,6 +218,10 @@@
#define JAIL_DEFAULT_ALLOW (PR_ALLOW_SET_HOSTNAME | \
PR_ALLOW_RESERVED_PORTS | \
PR_ALLOW_UNPRIV_DEBUG | \
++<<<<<<< HEAD
+ PR_ALLOW_EXTATTR | \
++=======
++>>>>>>> upstream/main
PR_ALLOW_SUSER)
#define JAIL_DEFAULT_ENFORCE_STATFS 2
#define JAIL_DEFAULT_DEVFS_RSNUM 0
@@@ -259,10 -255,6 +271,13 @@@ prison0_init(void
}
if (bootverbose)
printf("hostuuid: using %s\n", prison0.pr_hostuuid);
++<<<<<<< HEAD
+
+#ifdef PAX
+ (void)pax_init_prison(&prison0, NULL);
+#endif
++=======
++>>>>>>> upstream/main
}
/*
@@@ -1311,14 -1303,6 +1326,17 @@@ kern_jail_set(struct thread *td, struc
goto done_releroot;
}
++<<<<<<< HEAD
+#ifdef PAX
+ if (!pax_init_prison(pr, opts)) {
+ error = EINVAL;
+ prison_deref(pr, PD_LIST_XLOCKED);
+ goto done_releroot;
+ }
+#endif
+
++=======
++>>>>>>> upstream/main
mtx_lock(&pr->pr_mtx);
/*
* New prisons do not yet have a reference, because we do not
@@@ -2301,12 -2285,6 +2319,15 @@@ prison_remove_one(struct prison *pr
struct proc *p;
int deuref;
++<<<<<<< HEAD
+#ifdef MAC
+#ifdef PAX_CONTROL_ACL
+ mac_prison_destroy(pr);
+#endif
+#endif
+
++=======
++>>>>>>> upstream/main
/* If the prison was persistent, it is not anymore. */
deuref = 0;
if (pr->pr_flags & PR_PERSIST) {
@@@ -3416,12 -3394,6 +3437,15 @@@ prison_priv_check(struct ucred *cred, i
return (0);
return (EPERM);
++<<<<<<< HEAD
+ case PRIV_VFS_EXTATTR_SYSTEM:
+ if (cred->cr_prison->pr_allow & PR_ALLOW_EXTATTR)
+ return (0);
+ else
+ return (EPERM);
+
++=======
++>>>>>>> upstream/main
default:
/*
* In all remaining cases, deny the privilege request. This
@@@ -3845,8 -3817,6 +3869,11 @@@ SYSCTL_JAIL_PARAM(_allow, read_msgbuf,
"B", "Jail may read the kernel message buffer");
SYSCTL_JAIL_PARAM(_allow, unprivileged_proc_debug, CTLTYPE_INT | CTLFLAG_RW,
"B", "Unprivileged processes may use process debugging facilities");
++<<<<<<< HEAD
+SYSCTL_JAIL_PARAM(_allow, extattr, CTLTYPE_INT | CTLFLAG_RW,
+ "B", "Jails may set system-level filesystem extended attributes");
++=======
++>>>>>>> upstream/main
SYSCTL_JAIL_PARAM(_allow, suser, CTLTYPE_INT | CTLFLAG_RW,
"B", "Processes in jail with uid 0 have privilege");
@@@ -4249,45 -4219,6 +4276,48 @@@ db_show_prison(struct prison *pr
ii == 0 ? "ip6.addr =" : " ",
ip6_sprintf(ip6buf, &pr->pr_ip6[ii]));
#endif
++<<<<<<< HEAD
+#ifdef PAX
+ db_printf(" pr_hbsd = {\n");
+
+ db_printf(" .aslr = {\n");
+ db_printf(" .status = %d\n",
+ pr->pr_hbsd.aslr.status);
+ db_printf(" .compat_status = %d\n",
+ pr->pr_hbsd.aslr.compat_status);
+ db_printf(" .disallow_map32bit_status = %d\n",
+ pr->pr_hbsd.aslr.disallow_map32bit_status);
+ db_printf(" }\n");
+
+ db_printf(" .noexec = {\n");
+ db_printf(" .pageexec_status = %d\n",
+ pr->pr_hbsd.noexec.pageexec_status);
+ db_printf(" .mprotect_status = %d\n",
+ pr->pr_hbsd.noexec.mprotect_status);
+ db_printf(" }\n");
+
+ db_printf(" .segvguard = {\n");
+ db_printf(" .status = %d\n",
+ pr->pr_hbsd.segvguard.status);
+ db_printf(" .expiry = %d\n",
+ pr->pr_hbsd.segvguard.expiry);
+ db_printf(" .suspension = %d\n",
+ pr->pr_hbsd.segvguard.suspension);
+ db_printf(" .maxcrashes = %d\n",
+ pr->pr_hbsd.segvguard.maxcrashes);
+ db_printf(" }\n");
+
+ db_printf(" .log = {\n");
+ db_printf(" .log = %d\n",
+ pr->pr_hbsd.log.log);
+ db_printf(" .ulog = %d\n",
+ pr->pr_hbsd.log.ulog);
+ db_printf(" }\n");
+
+ db_printf(" }\n");
+#endif
++=======
++>>>>>>> upstream/main
}
DB_SHOW_COMMAND(prison, db_show_prison_command)
diff --cc sys/kern/kern_linker.c
index 4276b55f5aeb,e54546eec7b4..000000000000
mode 100644,100644..100755
--- a/sys/kern/kern_linker.c
+++ b/sys/kern/kern_linker.c
@@@ -32,7 -32,6 +32,10 @@@ __FBSDID("$FreeBSD$")
#include "opt_ddb.h"
#include "opt_kld.h"
#include "opt_hwpmc_hooks.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/kernel.h>
@@@ -1191,10 -1190,6 +1194,13 @@@ sys_kldfind(struct thread *td, struct k
return (error);
#endif
++<<<<<<< HEAD
+ error = priv_check(td, PRIV_KLD_STAT);
+ if (error != 0)
+ return (error);
+
++=======
++>>>>>>> upstream/main
td->td_retval[0] = -1;
pathname = malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
@@@ -1226,10 -1221,6 +1232,13 @@@ sys_kldnext(struct thread *td, struct k
return (error);
#endif
++<<<<<<< HEAD
+ error = priv_check(td, PRIV_KLD_STAT);
+ if (error != 0)
+ return (error);
+
++=======
++>>>>>>> upstream/main
sx_xlock(&kld_sx);
if (uap->fileid == 0)
lf = TAILQ_FIRST(&linker_files);
@@@ -1284,17 -1275,14 +1293,26 @@@ kern_kldstat(struct thread *td, int fil
{
linker_file_t lf;
int namelen;
++<<<<<<< HEAD
+ int error;
+#ifdef MAC
++=======
+ #ifdef MAC
+ int error;
+
++>>>>>>> upstream/main
error = mac_kld_check_stat(td->td_ucred);
if (error)
return (error);
#endif
++<<<<<<< HEAD
+ error = priv_check(td, PRIV_KLD_STAT);
+ if (error != 0)
+ return (error);
+
++=======
++>>>>>>> upstream/main
sx_xlock(&kld_sx);
lf = linker_find_file_by_id(fileid);
if (lf == NULL) {
@@@ -1309,11 -1297,7 +1327,15 @@@
bcopy(lf->filename, &stat->name[0], namelen);
stat->refs = lf->refs;
stat->id = lf->id;
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+ stat->address = NULL;
+#else
stat->address = lf->address;
+#endif
++=======
++ stat->address = lf->address;
++>>>>>>> upstream/main
stat->size = lf->size;
/* Version 2 fields: */
namelen = strlen(lf->pathname) + 1;
@@@ -1356,10 -1340,6 +1378,13 @@@ sys_kldfirstmod(struct thread *td, stru
return (error);
#endif
++<<<<<<< HEAD
+ error = priv_check(td, PRIV_KLD_STAT);
+ if (error != 0)
+ return (error);
+
++=======
++>>>>>>> upstream/main
sx_xlock(&kld_sx);
lf = linker_find_file_by_id(uap->fileid);
if (lf) {
@@@ -1392,10 -1372,6 +1417,13 @@@ sys_kldsym(struct thread *td, struct kl
return (error);
#endif
++<<<<<<< HEAD
+ error = priv_check(td, PRIV_KLD_STAT);
+ if (error != 0)
+ return (error);
+
++=======
++>>>>>>> upstream/main
if ((error = copyin(uap->data, &lookup, sizeof(lookup))) != 0)
return (error);
if (lookup.version != sizeof(lookup) ||
@@@ -1411,11 -1387,7 +1439,15 @@@
error = ENOENT;
else if (LINKER_LOOKUP_SYMBOL(lf, symstr, &sym) == 0 &&
LINKER_SYMBOL_VALUES(lf, sym, &symval) == 0) {
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+ lookup.symvalue = (uintptr_t) NULL;
+#else
+ lookup.symvalue = (uintptr_t) symval.value;
+#endif
++=======
+ lookup.symvalue = (uintptr_t) symval.value;
++>>>>>>> upstream/main
lookup.symsize = symval.size;
error = copyout(&lookup, uap->data, sizeof(lookup));
} else
@@@ -1424,11 -1396,7 +1456,15 @@@
TAILQ_FOREACH(lf, &linker_files, link) {
if (LINKER_LOOKUP_SYMBOL(lf, symstr, &sym) == 0 &&
LINKER_SYMBOL_VALUES(lf, sym, &symval) == 0) {
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+ lookup.symvalue = (uintptr_t)NULL;
+#else
+ lookup.symvalue = (uintptr_t)symval.value;
+#endif
++=======
+ lookup.symvalue = (uintptr_t)symval.value;
++>>>>>>> upstream/main
lookup.symsize = symval.size;
error = copyout(&lookup, uap->data,
sizeof(lookup));
diff --cc sys/kern/kern_mib.c
index fc1798745d30,abd04b47023b..000000000000
mode 100644,100644..100755
--- a/sys/kern/kern_mib.c
+++ b/sys/kern/kern_mib.c
@@@ -91,8 -91,6 +91,11 @@@ SYSCTL_ROOT_NODE(OID_AUTO, compat, CTLF
"Compatibility code");
SYSCTL_ROOT_NODE(OID_AUTO, security, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
"Security");
++<<<<<<< HEAD
+SYSCTL_ROOT_NODE(OID_AUTO, hardening, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
+ "Kernel hardening features");
++=======
++>>>>>>> upstream/main
#ifdef REGRESSION
SYSCTL_ROOT_NODE(OID_AUTO, regression, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
"Regression test MIB");
@@@ -451,7 -449,7 +454,11 @@@ SYSCTL_PROC(_kern, KERN_SECURELVL, secu
/* Actual kernel configuration options. */
extern char kernconfstring[];
++<<<<<<< HEAD
+SYSCTL_STRING(_kern, OID_AUTO, conftxt, CTLFLAG_RD | CTLFLAG_MPSAFE | CTLFLAG_ROOTONLY,
++=======
+ SYSCTL_STRING(_kern, OID_AUTO, conftxt, CTLFLAG_RD | CTLFLAG_MPSAFE,
++>>>>>>> upstream/main
kernconfstring, 0, "Kernel configuration file");
#endif
diff --cc sys/kern/kern_module.c
index 899200473a24,97dca7185319..000000000000
mode 100644,100644..100755
--- a/sys/kern/kern_module.c
+++ b/sys/kern/kern_module.c
@@@ -36,7 -36,6 +36,10 @@@ __FBSDID("$FreeBSD$")
#include <sys/malloc.h>
#include <sys/sysproto.h>
#include <sys/sysent.h>
++<<<<<<< HEAD
+#include <sys/priv.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/lock.h>
#include <sys/mutex.h>
@@@ -310,11 -309,7 +313,15 @@@ in
sys_modnext(struct thread *td, struct modnext_args *uap)
{
module_t mod;
++<<<<<<< HEAD
+ int error;
+
+ error = priv_check(td, PRIV_KLD_STAT);
+ if (error)
+ return (error);
++=======
+ int error = 0;
++>>>>>>> upstream/main
td->td_retval[0] = -1;
@@@ -347,10 -342,6 +354,13 @@@ sys_modfnext(struct thread *td, struct
module_t mod;
int error;
++<<<<<<< HEAD
+ error = priv_check(td, PRIV_KLD_STAT);
+ if (error)
+ return (error);
+
++=======
++>>>>>>> upstream/main
td->td_retval[0] = -1;
MOD_SLOCK;
@@@ -380,15 -371,11 +390,22 @@@ sys_modstat(struct thread *td, struct m
{
module_t mod;
modspecific_t data;
++<<<<<<< HEAD
+ int error;
++=======
+ int error = 0;
++>>>>>>> upstream/main
int id, namelen, refs, version;
struct module_stat *stat;
char *name;
++<<<<<<< HEAD
+ error = priv_check(td, PRIV_KLD_STAT);
+ if (error)
+ return (error);
+
++=======
++>>>>>>> upstream/main
MOD_SLOCK;
mod = module_lookupbyid(uap->modid);
if (mod == NULL) {
@@@ -435,14 -422,10 +452,21 @@@
int
sys_modfind(struct thread *td, struct modfind_args *uap)
{
++<<<<<<< HEAD
+ int error;
+ char name[MAXMODNAME];
+ module_t mod;
+
+ error = priv_check(td, PRIV_KLD_STAT);
+ if (error)
+ return (error);
+
++=======
+ int error = 0;
+ char name[MAXMODNAME];
+ module_t mod;
+
++>>>>>>> upstream/main
if ((error = copyinstr(uap->name, name, sizeof name, 0)) != 0)
return (error);
@@@ -490,10 -473,6 +514,13 @@@ freebsd32_modstat(struct thread *td, st
struct module_stat32 *stat32;
char *name;
++<<<<<<< HEAD
+ error = priv_check(td, PRIV_KLD_STAT);
+ if (error)
+ return (error);
+
++=======
++>>>>>>> upstream/main
MOD_SLOCK;
mod = module_lookupbyid(uap->modid);
if (mod == NULL) {
diff --cc sys/kern/kern_priv.c
index acd8e5fbeb65,b621de58f685..000000000000
mode 100644,100644..100755
--- a/sys/kern/kern_priv.c
+++ b/sys/kern/kern_priv.c
@@@ -34,8 -34,6 +34,11 @@@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/jail.h>
#include <sys/kernel.h>
@@@ -116,11 -114,7 +119,15 @@@ static int unprivileged_mlock = 1
SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_mlock, CTLFLAG_RWTUN,
&unprivileged_mlock, 0, "Allow non-root users to call mlock(2)");
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+static int unprivileged_read_msgbuf = 0;
+#else
static int unprivileged_read_msgbuf = 1;
+#endif
++=======
++static int unprivileged_read_msgbuf = 1;
++>>>>>>> upstream/main
SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_read_msgbuf,
CTLFLAG_RW, &unprivileged_read_msgbuf, 0,
"Unprivileged processes may read the kernel message buffer");
@@@ -271,28 -265,6 +278,31 @@@ priv_check_cred(struct ucred *cred, in
}
}
++<<<<<<< HEAD
+#if !defined(PAX_HARDENING)
+ /*
+ * Inspecting kernel module information should be root-only
+ * when PAX_HARDENING is set.
+ */
+ if (priv == PRIV_KLD_STAT) {
+ error = 0;
+ goto out;
+ }
+#endif
+
+ if (priv == PRIV_SYSCTL_ROOTONLY) {
+#ifdef PAX_HARDENING
+ if (cred->cr_uid == 0) {
+#endif
+ error = 0;
+ goto out;
+#ifdef PAX_HARDENING
+ }
+#endif
+ }
+
++=======
++>>>>>>> upstream/main
/*
* Writes to kernel/physical memory are a typical root-only operation,
* but non-root users are expected to be able to read it (provided they
diff --cc sys/kern/kern_proc.c
index 9958a78d4fef,83c668eaece3..000000000000
mode 100644,100644..100755
--- a/sys/kern/kern_proc.c
+++ b/sys/kern/kern_proc.c
@@@ -1899,7 -1899,7 +1899,11 @@@ get_proc_vector32(struct thread *td, st
int i, error;
error = 0;
++<<<<<<< HEAD
+ if (proc_readmem(td, p, (vm_offset_t)p->p_psstrings, &pss,
++=======
+ if (proc_readmem(td, p, (vm_offset_t)p->p_sysent->sv_psstrings, &pss,
++>>>>>>> upstream/main
sizeof(pss)) != sizeof(pss))
return (ENOMEM);
switch (type) {
@@@ -1975,7 -1975,7 +1979,11 @@@ get_proc_vector(struct thread *td, stru
if (SV_PROC_FLAG(p, SV_ILP32) != 0)
return (get_proc_vector32(td, p, proc_vectorp, vsizep, type));
#endif
++<<<<<<< HEAD
+ if (proc_readmem(td, p, (vm_offset_t)p->p_psstrings, &pss,
++=======
+ if (proc_readmem(td, p, (vm_offset_t)p->p_sysent->sv_psstrings, &pss,
++>>>>>>> upstream/main
sizeof(pss)) != sizeof(pss))
return (ENOMEM);
switch (type) {
@@@ -2953,13 -2953,13 +2961,21 @@@ sysctl_kern_proc_ps_strings(SYSCTL_HAND
* process.
*/
ps_strings32 = SV_PROC_FLAG(p, SV_ILP32) != 0 ?
++<<<<<<< HEAD
+ PTROUT(p->p_psstrings) : 0;
++=======
+ PTROUT(p->p_sysent->sv_psstrings) : 0;
++>>>>>>> upstream/main
PROC_UNLOCK(p);
error = SYSCTL_OUT(req, &ps_strings32, sizeof(ps_strings32));
return (error);
}
#endif
++<<<<<<< HEAD
+ ps_strings = p->p_psstrings;
++=======
+ ps_strings = p->p_sysent->sv_psstrings;
++>>>>>>> upstream/main
PROC_UNLOCK(p);
error = SYSCTL_OUT(req, &ps_strings, sizeof(ps_strings));
return (error);
@@@ -3070,13 -3070,13 +3086,23 @@@ sysctl_kern_proc_sigtramp(SYSCTL_HANDLE
bzero(&kst32, sizeof(kst32));
if (SV_PROC_FLAG(p, SV_ILP32)) {
if (sv->sv_sigcode_base != 0) {
++<<<<<<< HEAD
+ kst32.ksigtramp_start = p->p_sigcode_base;
+ kst32.ksigtramp_end = p->p_sigcode_base +
+ *sv->sv_szsigcode;
+ } else {
+ kst32.ksigtramp_start = p->p_psstrings -
+ *sv->sv_szsigcode;
+ kst32.ksigtramp_end = p->p_psstrings;
++=======
+ kst32.ksigtramp_start = sv->sv_sigcode_base;
+ kst32.ksigtramp_end = sv->sv_sigcode_base +
+ *sv->sv_szsigcode;
+ } else {
+ kst32.ksigtramp_start = sv->sv_psstrings -
+ *sv->sv_szsigcode;
+ kst32.ksigtramp_end = sv->sv_psstrings;
++>>>>>>> upstream/main
}
}
PROC_UNLOCK(p);
@@@ -3086,13 -3086,13 +3112,23 @@@
#endif
bzero(&kst, sizeof(kst));
if (sv->sv_sigcode_base != 0) {
++<<<<<<< HEAD
+ kst.ksigtramp_start = (char *)p->p_sigcode_base;
+ kst.ksigtramp_end = (char *)p->p_sigcode_base +
+ *sv->sv_szsigcode;
+ } else {
+ kst.ksigtramp_start = (char *)p->p_psstrings -
+ *sv->sv_szsigcode;
+ kst.ksigtramp_end = (char *)p->p_psstrings;
++=======
+ kst.ksigtramp_start = (char *)sv->sv_sigcode_base;
+ kst.ksigtramp_end = (char *)sv->sv_sigcode_base +
+ *sv->sv_szsigcode;
+ } else {
+ kst.ksigtramp_start = (char *)sv->sv_psstrings -
+ *sv->sv_szsigcode;
+ kst.ksigtramp_end = (char *)sv->sv_psstrings;
++>>>>>>> upstream/main
}
PROC_UNLOCK(p);
error = SYSCTL_OUT(req, &kst, sizeof(kst));
diff --cc sys/kern/kern_prot.c
index 550a311e8d41,73b89582230d..000000000000
mode 100644,100644..100755
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@@ -48,7 -48,6 +48,10 @@@ __FBSDID("$FreeBSD$")
#include "opt_inet.h"
#include "opt_inet6.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/systm.h>
@@@ -59,7 -58,6 +62,10 @@@
#include <sys/loginclass.h>
#include <sys/malloc.h>
#include <sys/mutex.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/refcount.h>
#include <sys/sx.h>
#include <sys/priv.h>
@@@ -1337,11 -1335,7 +1343,15 @@@ securelevel_ge(struct ucred *cr, int le
* using a variety of system MIBs.
* XXX: data declarations should be together near the beginning of the file.
*/
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+static int see_other_uids = 0;
+#else
static int see_other_uids = 1;
+#endif
++=======
++static int see_other_uids = 1;
++>>>>>>> upstream/main
SYSCTL_INT(_security_bsd, OID_AUTO, see_other_uids, CTLFLAG_RW,
&see_other_uids, 0,
"Unprivileged processes may see subjects/objects with different real uid");
@@@ -1371,11 -1365,7 +1381,15 @@@ cr_canseeotheruids(struct ucred *u1, st
* using a variety of system MIBs.
* XXX: data declarations should be together near the beginning of the file.
*/
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+static int see_other_gids = 0;
+#else
+static int see_other_gids = 1;
+#endif
++=======
+ static int see_other_gids = 1;
++>>>>>>> upstream/main
SYSCTL_INT(_security_bsd, OID_AUTO, see_other_gids, CTLFLAG_RW,
&see_other_gids, 0,
"Unprivileged processes may see subjects/objects with different real gid");
diff --cc sys/kern/kern_racct.c
index 9b1f2f540010,4df1c72d50f7..000000000000
mode 100644,100644..100755
--- a/sys/kern/kern_racct.c
+++ b/sys/kern/kern_racct.c
@@@ -78,14 -78,6 +78,17 @@@ bool __read_frequently racct_enable = f
bool __read_frequently racct_enable = true;
#endif
++<<<<<<< HEAD
+/*
+ * XXXOP 1
+ *
+ * force conflict in git, to prevent the changing of this tunable as RW
+ *
+ * More details under this link:
+ * https://reviews.freebsd.org/D2369#inline-15370
+ */
++=======
++>>>>>>> upstream/main
SYSCTL_NODE(_kern, OID_AUTO, racct, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
"Resource Accounting");
SYSCTL_BOOL(_kern_racct, OID_AUTO, enable, CTLFLAG_RDTUN, &racct_enable,
diff --cc sys/kern/kern_resource.c
index fd8f7ff354ac,036cb0ccb945..000000000000
mode 100644,100644..100755
--- a/sys/kern/kern_resource.c
+++ b/sys/kern/kern_resource.c
@@@ -39,8 -39,6 +39,11 @@@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/sysproto.h>
@@@ -49,7 -47,6 +52,10 @@@
#include <sys/lock.h>
#include <sys/malloc.h>
#include <sys/mutex.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/refcount.h>
@@@ -762,18 -759,13 +768,28 @@@ kern_proc_setrlimit(struct thread *td,
if (limp->rlim_cur > oldssiz.rlim_cur) {
prot = p->p_sysent->sv_stackprot;
size = limp->rlim_cur - oldssiz.rlim_cur;
++<<<<<<< HEAD
+ addr = p->p_usrstack - limp->rlim_cur;
+#ifdef PAX_NOEXEC
+ if ((prot & (VM_PROT_WRITE|VM_PROT_EXECUTE)) != VM_PROT_EXECUTE) {
+ prot &= ~VM_PROT_EXECUTE;
+ } else {
+ prot &= ~VM_PROT_WRITE;
+ }
+#endif
+ } else {
+ prot = VM_PROT_NONE;
+ size = oldssiz.rlim_cur - limp->rlim_cur;
+ addr = p->p_usrstack - oldssiz.rlim_cur;
++=======
+ addr = p->p_sysent->sv_usrstack -
+ limp->rlim_cur;
+ } else {
+ prot = VM_PROT_NONE;
+ size = oldssiz.rlim_cur - limp->rlim_cur;
+ addr = p->p_sysent->sv_usrstack -
+ oldssiz.rlim_cur;
++>>>>>>> upstream/main
}
addr = trunc_page(addr);
size = round_page(size);
diff --cc sys/kern/kern_shutdown.c
index 6720eafeea94,e200b6d8a4b4..000000000000
mode 100644,100644..100755
--- a/sys/kern/kern_shutdown.c
+++ b/sys/kern/kern_shutdown.c
@@@ -43,7 -43,6 +43,10 @@@ __FBSDID("$FreeBSD$")
#include "opt_ekcd.h"
#include "opt_kdb.h"
#include "opt_panic.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include "opt_printf.h"
#include "opt_sched.h"
#include "opt_watchdog.h"
@@@ -67,7 -66,6 +70,10 @@@
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/mount.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/reboot.h>
@@@ -901,9 -899,6 +907,12 @@@ vpanic(const char *fmt, va_list ap
printf("cpuid = %d\n", PCPU_GET(cpuid));
#endif
printf("time = %jd\n", (intmax_t )time_second);
++<<<<<<< HEAD
+#ifdef PAX
+ pax_print_hbsd_context();
+#endif
++=======
++>>>>>>> upstream/main
#ifdef KDB
if ((newpanic || trace_all_panics) && trace_on_panic)
kdb_backtrace();
diff --cc sys/kern/kern_sig.c
index 356cd35ea211,ed4dd52b66d3..000000000000
mode 100644,100644..100755
--- a/sys/kern/kern_sig.c
+++ b/sys/kern/kern_sig.c
@@@ -40,7 -40,6 +40,10 @@@
__FBSDID("$FreeBSD$");
#include "opt_ktrace.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/ctype.h>
@@@ -64,7 -63,6 +67,10 @@@
#include <sys/mutex.h>
#include <sys/refcount.h>
#include <sys/namei.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/procdesc.h>
#include <sys/ptrace.h>
@@@ -3305,9 -3303,6 +3311,12 @@@ sigexit(struct thread *td, int sig
td->td_ucred->cr_uid,
sig &~ WCOREFLAG,
sig & WCOREFLAG ? " (core dumped)" : "");
++<<<<<<< HEAD
+#ifdef PAX_SEGVGUARD
+ pax_segvguard_segfault(curthread, p->p_comm);
+#endif
++=======
++>>>>>>> upstream/main
} else
PROC_UNLOCK(p);
exit1(td, 0, sig);
diff --cc sys/kern/kern_sysctl.c
index 81722c337591,ffb6ac196ba3..000000000000
mode 100644,100644..100755
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@@@ -43,7 -43,6 +43,10 @@@ __FBSDID("$FreeBSD$")
#include "opt_capsicum.h"
#include "opt_ddb.h"
#include "opt_ktrace.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include "opt_sysctl.h"
#include <sys/param.h>
@@@ -2202,15 -2201,6 +2205,18 @@@ sysctl_root(SYSCTL_HANDLER_ARGS
}
#endif
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+ /* Is this sysctl available only to root? */
+ if (oid->oid_kind & CTLFLAG_ROOTONLY) {
+ error = priv_check(req->td, PRIV_SYSCTL_ROOTONLY);
+ if (error)
+ goto out;
+ }
+#endif
+
++=======
++>>>>>>> upstream/main
/* Is this sysctl sensitive to securelevels? */
if (req->newptr && (oid->oid_kind & CTLFLAG_SECURE)) {
lvl = (oid->oid_kind & CTLMASK_SECURE) >> CTLSHIFT_SECURE;
diff --cc sys/kern/kern_thr.c
index 70d458ddd05e,69259d78811a..000000000000
mode 100644,100644..100755
--- a/sys/kern/kern_thr.c
+++ b/sys/kern/kern_thr.c
@@@ -252,7 -252,6 +252,10 @@@ thread_create(struct thread *td, struc
p->p_flag |= P_HADTHREADS;
thread_link(newtd, p);
bcopy(p->p_comm, newtd->td_name, sizeof(newtd->td_name));
++<<<<<<< HEAD
+ newtd->td_pax = p->p_pax;
++=======
++>>>>>>> upstream/main
thread_lock(td);
/* let the scheduler know about these things. */
sched_fork_thread(td, newtd);
diff --cc sys/kern/kern_thread.c
index 77dad9dad309,3561895d9fff..000000000000
mode 100644,100644..100755
--- a/sys/kern/kern_thread.c
+++ b/sys/kern/kern_thread.c
@@@ -30,7 -30,6 +30,10 @@@
#include "opt_witness.h"
#include "opt_hwpmc_hooks.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
@@@ -75,14 -74,6 +78,17 @@@
#include <sys/eventhandler.h>
/*
++<<<<<<< HEAD
+ * In HardenedBSD enabled builds disable these checks, since we
+ * already changed the layouts of the struct proc and struct thread.
+ * From other part, we are already incompatible with FreeBSD's
+ * prebuilt binary kernel modules, so we don't want to keep
+ * these restrictions.
+ */
+#ifndef PAX
+/*
++=======
++>>>>>>> upstream/main
* Asserts below verify the stability of struct thread and struct proc
* layout, as exposed by KBI to modules. On head, the KBI is allowed
* to drift, change to the structures must be accompanied by the
@@@ -132,7 -123,6 +138,10 @@@ _Static_assert(offsetof(struct proc, p_
_Static_assert(offsetof(struct proc, p_emuldata) == 0x30c,
"struct proc KBI p_emuldata");
#endif
++<<<<<<< HEAD
+#endif /* PAX */
++=======
++>>>>>>> upstream/main
SDT_PROVIDER_DECLARE(proc);
SDT_PROBE_DEFINE(proc, , , lwp__exit);
diff --cc sys/kern/subr_module.c
index e40acf567f29,02137adae27c..000000000000
mode 100644,100644..100755
--- a/sys/kern/subr_module.c
+++ b/sys/kern/subr_module.c
@@@ -562,6 -562,6 +562,10 @@@ sysctl_preload_dump(SYSCTL_HANDLER_ARGS
return (error);
}
SYSCTL_PROC(_debug, OID_AUTO, dump_modinfo,
++<<<<<<< HEAD
+ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE | CTLFLAG_ROOTONLY,
++=======
+ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE,
++>>>>>>> upstream/main
NULL, 0, sysctl_preload_dump, "A",
"pretty-print the bootloader metadata");
diff --cc sys/kern/subr_msgbuf.c
index cbbc11435538,980d37df205b..000000000000
mode 100644,100644..100755
--- a/sys/kern/subr_msgbuf.c
+++ b/sys/kern/subr_msgbuf.c
@@@ -31,8 -31,6 +31,11 @@@
* Generic message buffer support routines.
*/
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/lock.h>
@@@ -56,11 -54,7 +59,15 @@@ static u_int msgbuf_cksum(struct msgbu
* Timestamps in msgbuf are useful when trying to diagnose when core dumps
* or other actions occurred.
*/
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+static int msgbuf_show_timestamp = 1;
+#else
+static int msgbuf_show_timestamp = 0;
+#endif
++=======
+ static int msgbuf_show_timestamp = 0;
++>>>>>>> upstream/main
SYSCTL_INT(_kern, OID_AUTO, msgbuf_show_timestamp, CTLFLAG_RWTUN,
&msgbuf_show_timestamp, 0, "Show timestamp in msgbuf");
diff --cc sys/kern/subr_prf.c
index ef59bab58fd9,31117c4e3415..000000000000
mode 100644,100644..100755
--- a/sys/kern/subr_prf.c
+++ b/sys/kern/subr_prf.c
@@@ -41,7 -41,6 +41,10 @@@ __FBSDID("$FreeBSD$")
#ifdef _KERNEL
#include "opt_ddb.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include "opt_printf.h"
#endif /* _KERNEL */
@@@ -55,7 -54,6 +58,10 @@@
#include <sys/kernel.h>
#include <sys/msgbuf.h>
#include <sys/malloc.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/stddef.h>
@@@ -208,49 -206,6 +214,52 @@@ uprintf(const char *fmt, ...
return (retval);
}
++<<<<<<< HEAD
+int
+hbsd_uprintf(const char *fmt, ...)
+{
+ va_list ap;
+ struct putchar_arg pca;
+ struct proc *p;
+ struct thread *td;
+ int p_locked, retval;
+
+ td = curthread;
+ if (TD_IS_IDLETHREAD(td))
+ return (0);
+
+ sx_slock(&proctree_lock);
+ p = td->td_proc;
+ if ((p_locked = PROC_LOCKED(p)))
+ PROC_LOCK(p);
+ if ((p->p_flag & P_CONTROLT) == 0) {
+ if (p_locked)
+ PROC_UNLOCK(p);
+ sx_sunlock(&proctree_lock);
+ return (0);
+ }
+ SESS_LOCK(p->p_session);
+ pca.tty = p->p_session->s_ttyp;
+ SESS_UNLOCK(p->p_session);
+ if (p_locked)
+ PROC_UNLOCK(p);
+ if (pca.tty == NULL) {
+ sx_sunlock(&proctree_lock);
+ return (0);
+ }
+ pca.flags = TOTTY;
+ pca.p_bufr = NULL;
+ va_start(ap, fmt);
+ tty_lock(pca.tty);
+ sx_sunlock(&proctree_lock);
+ retval = kvprintf(fmt, putchar, &pca, 10, ap);
+ tty_unlock(pca.tty);
+ va_end(ap);
+ return (retval);
+}
+
++=======
++>>>>>>> upstream/main
/*
* tprintf and vtprintf print on the controlling terminal associated with the
* given session, possibly to the log as well.
diff --cc sys/kern/subr_witness.c
index 181de6d20330,7e21db5d7c91..000000000000
mode 100644,100644..100755
--- a/sys/kern/subr_witness.c
+++ b/sys/kern/subr_witness.c
@@@ -117,8 -117,6 +117,11 @@@ __FBSDID("$FreeBSD$")
#include <machine/stdarg.h>
++<<<<<<< HEAD
+extern int unprivileged_read_msgbuf;
+
++=======
++>>>>>>> upstream/main
#if !defined(DDB) && !defined(STACK)
#error "DDB or STACK options are required for WITNESS"
#endif
@@@ -2757,10 -2755,6 +2760,13 @@@ sysctl_debug_witness_badstacks(SYSCTL_H
struct sbuf *sb;
int error;
++<<<<<<< HEAD
+ error = priv_check(req->td, PRIV_MSGBUF);
+ if (error)
+ return (error);
+
++=======
++>>>>>>> upstream/main
if (witness_watch < 1) {
error = SYSCTL_OUT(req, w_notrunning, sizeof(w_notrunning));
return (error);
@@@ -2847,10 -2841,6 +2853,13 @@@ sysctl_debug_witness_fullgraph(SYSCTL_H
struct sbuf *sb;
int error;
++<<<<<<< HEAD
+ error = priv_check(req->td, PRIV_MSGBUF);
+ if (error)
+ return (error);
+
++=======
++>>>>>>> upstream/main
#ifdef __i386__
error = SYSCTL_OUT(req, w_notallowed, sizeof(w_notallowed));
return (error);
diff --cc sys/kern/sys_process.c
index 4abe92f84adf,3a184f1d678f..000000000000
mode 100644,100644..100755
--- a/sys/kern/sys_process.c
+++ b/sys/kern/sys_process.c
@@@ -34,8 -34,6 +34,11 @@@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/ktr.h>
@@@ -48,7 -46,6 +51,10 @@@
#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/vnode.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/ptrace.h>
#include <sys/rwlock.h>
#include <sys/sx.h>
diff --cc sys/kern/tty_info.c
index a7a1d434429a,4cf8be19ebda..000000000000
mode 100644,100644..100755
--- a/sys/kern/tty_info.c
+++ b/sys/kern/tty_info.c
@@@ -239,7 -239,7 +239,11 @@@ sbuf_tty_drain(void *a, const char *d,
}
#ifdef STACK
++<<<<<<< HEAD
+static int tty_info_kstacks = STACK_SBUF_FMT_NONE;
++=======
+ static int tty_info_kstacks = STACK_SBUF_FMT_COMPACT;
++>>>>>>> upstream/main
static int
sysctl_tty_info_kstacks(SYSCTL_HANDLER_ARGS)
diff --cc sys/kern/vfs_mount.c
index 8d26ddd68e86,b3555f0a43e5..000000000000
mode 100644,100644..100755
--- a/sys/kern/vfs_mount.c
+++ b/sys/kern/vfs_mount.c
@@@ -2148,7 -2148,7 +2148,11 @@@ vfs_scanopt(struct vfsoptlist *opts, co
}
int
++<<<<<<< HEAD
+vfs_setopt(struct vfsoptlist *opts, const char *name, void *value, size_t len)
++=======
+ vfs_setopt(struct vfsoptlist *opts, const char *name, void *value, int len)
++>>>>>>> upstream/main
{
struct vfsopt *opt;
@@@ -2169,7 -2169,7 +2173,11 @@@
}
int
++<<<<<<< HEAD
+vfs_setopt_part(struct vfsoptlist *opts, const char *name, void *value, size_t len)
++=======
+ vfs_setopt_part(struct vfsoptlist *opts, const char *name, void *value, int len)
++>>>>>>> upstream/main
{
struct vfsopt *opt;
@@@ -2481,22 -2481,16 +2489,33 @@@ mount_devctl_event_mntopt(struct sbuf *
if (opts == NULL || TAILQ_EMPTY(opts))
return;
++<<<<<<< HEAD
+ if (sbuf_printf(sb, " %s=\"", what) == -1) {
+ return;
+ }
++=======
+ sbuf_printf(sb, " %s=\"", what);
++>>>>>>> upstream/main
TAILQ_FOREACH(opt, opts, link) {
if (opt->name[0] == '\0' || (opt->len > 0 && *(char *)opt->value == '\0'))
continue;
devctl_safe_quote_sb(sb, opt->name);
if (opt->len > 0) {
++<<<<<<< HEAD
+ if (sbuf_putc(sb, '=') == -1) {
+ return;
+ }
+ devctl_safe_quote_sb(sb, opt->value);
+ }
+ if (sbuf_putc(sb, ';') == -1) {
+ return;
+ }
++=======
+ sbuf_putc(sb, '=');
+ devctl_safe_quote_sb(sb, opt->value);
+ }
+ sbuf_putc(sb, ';');
++>>>>>>> upstream/main
}
sbuf_putc(sb, '"');
}
@@@ -2514,58 -2508,32 +2533,87 @@@ mount_devctl_event(const char *type, st
buf = malloc(DEVCTL_LEN, M_MOUNT, M_NOWAIT);
if (buf == NULL)
return;
++<<<<<<< HEAD
+ if (sbuf_new(&sb, buf, DEVCTL_LEN, SBUF_FIXEDLEN) == NULL) {
+ free(buf, M_MOUNT);
+ return;
+ }
+ if (sbuf_cpy(&sb, "mount-point=\"") == -1) {
+ goto err;
+ }
+ devctl_safe_quote_sb(&sb, sfp->f_mntonname);
+ if (sbuf_cat(&sb, "\" mount-dev=\"") == -1) {
+ goto err;
+ }
+ devctl_safe_quote_sb(&sb, sfp->f_mntfromname);
+ if (sbuf_cat(&sb, "\" mount-type=\"") == -1) {
+ goto err;
+ }
+ devctl_safe_quote_sb(&sb, sfp->f_fstypename);
+ if (sbuf_cat(&sb, "\" fsid=0x") == -1) {
+ goto err;
+ }
+ cp = (const uint8_t *)&sfp->f_fsid.val[0];
+ for (int i = 0; i < sizeof(sfp->f_fsid); i++) {
+ if (sbuf_printf(&sb, "%02x", cp[i]) == -1) {
+ goto err;
+ }
+ }
+ if (sbuf_printf(&sb, " owner=%u flags=\"", sfp->f_owner) == -1) {
+ goto err;
+ }
+ for (fp = optnames; fp->o_opt != 0; fp++) {
+ if ((mp->mnt_flag & fp->o_opt) != 0) {
+ if (sbuf_cat(&sb, fp->o_name) == -1) {
+ goto err;
+ }
+ if (sbuf_putc(&sb, ';') == -1) {
+ goto err;
+ }
+ }
+ }
+ if (sbuf_putc(&sb, '"') == -1) {
+ goto err;
+ }
+ mount_devctl_event_mntopt(&sb, "opt", mp->mnt_opt);
+ if (donew)
+ mount_devctl_event_mntopt(&sb, "optnew", mp->mnt_optnew);
+ if (sbuf_finish(&sb) == -1) {
+ goto err;
+ }
+
+ if (sbuf_error(&sb) == 0) {
+ devctl_notify("VFS", "FS", type, sbuf_data(&sb));
+ }
+err:
++=======
+ sbuf_new(&sb, buf, DEVCTL_LEN, SBUF_FIXEDLEN);
+ sbuf_cpy(&sb, "mount-point=\"");
+ devctl_safe_quote_sb(&sb, sfp->f_mntonname);
+ sbuf_cat(&sb, "\" mount-dev=\"");
+ devctl_safe_quote_sb(&sb, sfp->f_mntfromname);
+ sbuf_cat(&sb, "\" mount-type=\"");
+ devctl_safe_quote_sb(&sb, sfp->f_fstypename);
+ sbuf_cat(&sb, "\" fsid=0x");
+ cp = (const uint8_t *)&sfp->f_fsid.val[0];
+ for (int i = 0; i < sizeof(sfp->f_fsid); i++)
+ sbuf_printf(&sb, "%02x", cp[i]);
+ sbuf_printf(&sb, " owner=%u flags=\"", sfp->f_owner);
+ for (fp = optnames; fp->o_opt != 0; fp++) {
+ if ((mp->mnt_flag & fp->o_opt) != 0) {
+ sbuf_cat(&sb, fp->o_name);
+ sbuf_putc(&sb, ';');
+ }
+ }
+ sbuf_putc(&sb, '"');
+ mount_devctl_event_mntopt(&sb, "opt", mp->mnt_opt);
+ if (donew)
+ mount_devctl_event_mntopt(&sb, "optnew", mp->mnt_optnew);
+ sbuf_finish(&sb);
+
+ if (sbuf_error(&sb) == 0)
+ devctl_notify("VFS", "FS", type, sbuf_data(&sb));
++>>>>>>> upstream/main
sbuf_delete(&sb);
free(buf, M_MOUNT);
}
diff --cc sys/kern/vfs_syscalls.c
index 0712c0b7a248,d3d7617c2801..000000000000
mode 100644,100644..100755
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@@ -41,7 -41,6 +41,10 @@@ __FBSDID("$FreeBSD$")
#include "opt_capsicum.h"
#include "opt_ktrace.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/systm.h>
@@@ -68,7 -67,6 +71,10 @@@
#include <sys/sx.h>
#include <sys/unistd.h>
#include <sys/vnode.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/dirent.h>
@@@ -1521,21 -1519,12 +1527,29 @@@ sys_linkat(struct thread *td, struct li
AT_RESOLVE_BENEATH)));
}
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+int hardlink_check_uid = 1;
+#else
int hardlink_check_uid = 0;
+#endif
++=======
++int hardlink_check_uid = 0;
++>>>>>>> upstream/main
SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
&hardlink_check_uid, 0,
"Unprivileged processes cannot create hard links to files owned by other "
"users");
++<<<<<<< HEAD
+
+#ifdef PAX_HARDENING
+static int hardlink_check_gid = 1;
+#else
static int hardlink_check_gid = 0;
+#endif
++=======
++static int hardlink_check_gid = 0;
++>>>>>>> upstream/main
SYSCTL_INT(_security_bsd, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
&hardlink_check_gid, 0,
"Unprivileged processes cannot create hard links to files owned by other "
@@@ -1944,9 -1933,6 +1958,12 @@@ restart
if (error != 0)
goto out;
#endif
++<<<<<<< HEAD
+#ifdef PAX_SEGVGUARD
+ pax_segvguard_remove(td, vp);
+#endif
++=======
++>>>>>>> upstream/main
vfs_notify_upper(vp, VFS_NOTIFY_UPPER_UNLINK);
error = VOP_REMOVE(nd.ni_dvp, vp, &nd.ni_cnd);
#ifdef MAC
diff --cc sys/libkern/iconv.c
index fba41db83a15,6fecb0a937c4..000000000000
mode 100644,100644..100755
--- a/sys/libkern/iconv.c
+++ b/sys/libkern/iconv.c
@@@ -416,7 -416,7 +416,11 @@@ iconv_sysctl_add(SYSCTL_HANDLER_ARGS
return error;
if (din.ia_version != ICONV_ADD_VER)
return EINVAL;
++<<<<<<< HEAD
+ if (din.ia_datalen > ICONV_CSMAXDATALEN || din.ia_datalen < 0)
++=======
+ if (din.ia_datalen > ICONV_CSMAXDATALEN)
++>>>>>>> upstream/main
return EINVAL;
if (strnlen(din.ia_from, sizeof(din.ia_from)) >= ICONV_CSNMAXLEN)
return EINVAL;
diff --cc sys/mips/conf/ERL
index 9a77865b37a4,c5688729c344..000000000000
mode 100644,100644..100755
--- a/sys/mips/conf/ERL
+++ b/sys/mips/conf/ERL
@@@ -19,8 -19,6 +19,11 @@@
#
# $FreeBSD$
++<<<<<<< HEAD
+include HARDENEDBSD
+
++=======
++>>>>>>> upstream/main
ident ERL
makeoptions ARCH_FLAGS="-march=octeon+"
diff --cc sys/mips/conf/MALTA
index 176d53b9be06,2c96f5024e14..000000000000
mode 100644,100644..100755
--- a/sys/mips/conf/MALTA
+++ b/sys/mips/conf/MALTA
@@@ -5,7 -5,6 +5,10 @@@
ident MALTA
include "std.MALTA"
++<<<<<<< HEAD
+include HARDENEDBSD
++=======
++>>>>>>> upstream/main
machine mips mips
diff --cc sys/mips/conf/MALTA64
index d6a8d90c6fd2,7014a4d83534..000000000000
mode 100644,100644..100755
--- a/sys/mips/conf/MALTA64
+++ b/sys/mips/conf/MALTA64
@@@ -5,7 -5,6 +5,10 @@@
ident MALTA64
include "std.MALTA"
++<<<<<<< HEAD
+include HARDENEDBSD
++=======
++>>>>>>> upstream/main
machine mips mips64
diff --cc sys/mips/conf/MALTA64EL
index f3beba2a992e,f4911924288d..000000000000
mode 100644,100644..100755
--- a/sys/mips/conf/MALTA64EL
+++ b/sys/mips/conf/MALTA64EL
@@@ -5,7 -5,6 +5,10 @@@
ident MALTA64
include "std.MALTA"
++<<<<<<< HEAD
+include HARDENEDBSD
++=======
++>>>>>>> upstream/main
machine mips mips64el
diff --cc sys/mips/conf/MALTAEL
index da8996c45735,a4d752cf0858..000000000000
mode 100644,100644..100755
--- a/sys/mips/conf/MALTAEL
+++ b/sys/mips/conf/MALTAEL
@@@ -5,7 -5,6 +5,10 @@@
ident MALTA
include "std.MALTA"
++<<<<<<< HEAD
+include HARDENEDBSD
++=======
++>>>>>>> upstream/main
machine mips mipsel
diff --cc sys/mips/conf/OCTEON1
index 94751aa5d729,ce188b660bf2..000000000000
mode 100644,100644..100755
--- a/sys/mips/conf/OCTEON1
+++ b/sys/mips/conf/OCTEON1
@@@ -18,8 -18,6 +18,11 @@@
#
# $FreeBSD$
++<<<<<<< HEAD
+include HARDENEDBSD
+
++=======
++>>>>>>> upstream/main
ident OCTEON1
makeoptions ARCH_FLAGS="-march=octeon+"
diff --cc sys/mips/conf/ONIONOMEGA
index bc0b16052bc5,a25cd1c481c7..000000000000
mode 100644,100644..100755
--- a/sys/mips/conf/ONIONOMEGA
+++ b/sys/mips/conf/ONIONOMEGA
@@@ -16,8 -16,6 +16,11 @@@
# Include the default AR933x parameters
include "std.AR933X"
++<<<<<<< HEAD
+include HARDENEDBSD
+
++=======
++>>>>>>> upstream/main
ident ONIONOMEGA
# Override hints with board values
@@@ -55,16 -53,3 +58,19 @@@ device geom_ma
# Boot off of the rootfs, as defined in the geom_map setup.
options ROOTDEVNAME=\"ufs:map/rootfs.uzip\"
++<<<<<<< HEAD
+
+options PAX
+options PAX_ASLR
+options PAX_HARDENING
+options PAX_SEGVGUARD
+options PAX_NOEXEC
+options PAX_SYSCTLS
+options HBSD_DEBUG
+
+options INVARIANTS
+options INVARIANT_SUPPORT
+
+options BOOTVERBOSE=1
++=======
++>>>>>>> upstream/main
diff --cc sys/mips/mips/elf_machdep.c
index 019808e0ec38,9e27e5e7f2a4..000000000000
mode 100644,100644..100755
--- a/sys/mips/mips/elf_machdep.c
+++ b/sys/mips/mips/elf_machdep.c
@@@ -30,8 -30,6 +30,11 @@@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/kernel.h>
#include <sys/systm.h>
@@@ -40,7 -38,6 +43,10 @@@
#include <sys/linker.h>
#include <sys/sysent.h>
#include <sys/imgact_elf.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/syscall.h>
#include <sys/signalvar.h>
@@@ -80,7 -77,7 +86,11 @@@ static struct sysentvec elf_freebsd_sys
.sv_setregs = exec_setregs,
.sv_fixlimit = NULL,
.sv_maxssiz = NULL,
++<<<<<<< HEAD
+ .sv_flags = SV_ABI_FREEBSD | SV_RNG_SEED_VER |
++=======
+ .sv_flags = SV_ABI_FREEBSD | SV_ASLR | SV_RNG_SEED_VER |
++>>>>>>> upstream/main
#ifdef __mips_n64
SV_LP64,
#else
@@@ -92,7 -89,6 +102,10 @@@
.sv_schedtail = NULL,
.sv_thread_detach = NULL,
.sv_trap = NULL,
++<<<<<<< HEAD
+ .sv_pax_aslr_init = pax_aslr_init_vmspace,
++=======
++>>>>>>> upstream/main
};
static __ElfN(Brandinfo) freebsd_brand_info = {
diff --cc sys/mips/mips/freebsd32_machdep.c
index 4f073adc6cdd,5d7fd4719efb..000000000000
mode 100644,100644..100755
--- a/sys/mips/mips/freebsd32_machdep.c
+++ b/sys/mips/mips/freebsd32_machdep.c
@@@ -32,8 -32,6 +32,11 @@@
* Based on nwhitehorn's COMPAT_FREEBSD32 support code for PowerPC64.
*/
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#define __ELF_WORD_SIZE 32
#include <sys/types.h>
@@@ -48,7 -46,6 +51,10 @@@
#include <sys/proc.h>
#include <sys/namei.h>
#include <sys/fcntl.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/sysent.h>
#include <sys/imgact_elf.h>
#include <sys/syscall.h>
@@@ -107,7 -104,6 +113,10 @@@ struct sysentvec elf32_freebsd_sysvec
.sv_schedtail = NULL,
.sv_thread_detach = NULL,
.sv_trap = NULL,
++<<<<<<< HEAD
+ .sv_pax_aslr_init = pax_aslr_init_vmspace32,
++=======
++>>>>>>> upstream/main
};
INIT_SYSENTVEC(elf32_sysvec, &elf32_freebsd_sysvec);
@@@ -446,7 -442,7 +455,11 @@@ freebsd32_sendsig(sig_t catcher, ksigin
/*
* Signal trampoline code is at base of user stack.
*/
++<<<<<<< HEAD
+ td->td_frame->ra = (register_t)(intptr_t)p->p_psstrings - *(p->p_sysent->sv_szsigcode);
++=======
+ td->td_frame->ra = (register_t)(intptr_t)FREEBSD32_PS_STRINGS - *(p->p_sysent->sv_szsigcode);
++>>>>>>> upstream/main
PROC_LOCK(p);
mtx_lock(&psp->ps_mtx);
}
diff --cc sys/mips/mips/pm_machdep.c
index dde1e64b1def,8d8cf4e1023d..000000000000
mode 100644,100644..100755
--- a/sys/mips/mips/pm_machdep.c
+++ b/sys/mips/mips/pm_machdep.c
@@@ -175,7 -175,7 +175,11 @@@ sendsig(sig_t catcher, ksiginfo_t *ksi
/*
* Signal trampoline code is at base of user stack.
*/
++<<<<<<< HEAD
+ regs->ra = (register_t)(intptr_t)p->p_psstrings - *(p->p_sysent->sv_szsigcode);
++=======
+ regs->ra = (register_t)(intptr_t)PS_STRINGS - *(p->p_sysent->sv_szsigcode);
++>>>>>>> upstream/main
PROC_LOCK(p);
mtx_lock(&psp->ps_mtx);
}
diff --cc sys/modules/Makefile
index 716a8970908d,654ec66268b0..000000000000
mode 100644,100644..100755
--- a/sys/modules/Makefile
+++ b/sys/modules/Makefile
@@@ -40,6 -40,7 +40,10 @@@ SUBDIR=
${_amdtemp} \
amr \
${_an} \
++<<<<<<< HEAD
++=======
+ ${_aout} \
++>>>>>>> upstream/main
${_arcmsr} \
${_allwinner} \
${_armv8crypto} \
@@@ -607,6 -608,7 +611,10 @@@ _rockchip= rockchi
.if ${MACHINE_CPUARCH} == "i386" || ${MACHINE_CPUARCH} == "amd64"
_agp= agp
_an= an
++<<<<<<< HEAD
++=======
+ _aout= aout
++>>>>>>> upstream/main
_bios= bios
.if ${MK_SOURCELESS_UCODE} != "no"
_bxe= bxe
diff --cc sys/modules/bhnd/Makefile
index b28f8dbfb2d7,18e5ad4c2149..000000000000
mode 100644,100644..100755
--- a/sys/modules/bhnd/Makefile
+++ b/sys/modules/bhnd/Makefile
@@@ -61,7 -61,7 +61,11 @@@ SRCS+= bhnd_nvram_data.c
SRCS+= bhnd_nvram_map.h bhnd_nvram_map_data.h
SRCS+= bhnd_nvram_if.c bhnd_nvram_if.h
++<<<<<<< HEAD
+SRCS+= device_if.h bus_if.h ofw_bus_if.h
++=======
+ SRCS+= device_if.h bus_if.h
++>>>>>>> upstream/main
SUBDIR= bcma \
bcma_bhndb \
diff --cc sys/netinet/ip_icmp.c
index e16a284bd5e0,f8dfc21df8f3..000000000000
mode 100644,100644..100755
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@@ -35,7 -35,6 +35,10 @@@
__FBSDID("$FreeBSD$");
#include "opt_inet.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/systm.h>
@@@ -147,12 -146,8 +150,17 @@@ VNET_DEFINE_STATIC(int, icmp_rfi) = 0
SYSCTL_INT(_net_inet_icmp, OID_AUTO, reply_from_interface, CTLFLAG_VNET | CTLFLAG_RW,
&VNET_NAME(icmp_rfi), 0,
"ICMP reply from incoming interface for non-local packets");
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+VNET_DEFINE_STATIC(int, icmp_quotelen) = 8;
+#else
/* Router requirements RFC 1812 section 4.3.2.3 requires 576 - 28. */
VNET_DEFINE_STATIC(int, icmp_quotelen) = 548;
+#endif /* PAX_HARDENING */
++=======
++/* Router requirements RFC 1812 section 4.3.2.3 requires 576 - 28. */
++VNET_DEFINE_STATIC(int, icmp_quotelen) = 548;
++>>>>>>> upstream/main
#define V_icmp_quotelen VNET(icmp_quotelen)
SYSCTL_INT(_net_inet_icmp, OID_AUTO, quotelen, CTLFLAG_VNET | CTLFLAG_RW,
&VNET_NAME(icmp_quotelen), 0,
diff --cc sys/netinet/ip_id.c
index 1c6d32c09754,b52f5403b332..000000000000
mode 100644,100644..100755
--- a/sys/netinet/ip_id.c
+++ b/sys/netinet/ip_id.c
@@@ -75,8 -75,6 +75,11 @@@ __FBSDID("$FreeBSD$")
* enabled.
*/
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/counter.h>
@@@ -101,11 -99,7 +104,15 @@@
* user wants to, we can turn on random ID generation.
*/
VNET_DEFINE_STATIC(int, ip_rfc6864) = 1;
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+VNET_DEFINE_STATIC(int, ip_do_randomid) = 1;
+#else
+VNET_DEFINE_STATIC(int, ip_do_randomid) = 0;
+#endif
++=======
+ VNET_DEFINE_STATIC(int, ip_do_randomid) = 0;
++>>>>>>> upstream/main
#define V_ip_rfc6864 VNET(ip_rfc6864)
#define V_ip_do_randomid VNET(ip_do_randomid)
@@@ -289,11 -283,6 +296,14 @@@ ipid_sysinit(void
CPU_FOREACH(i)
arc4rand(zpcpu_get_cpu(V_ip_id, i), sizeof(uint64_t), 0);
++<<<<<<< HEAD
+
+#ifdef PAX_HARDENING
+ if (V_ip_do_randomid)
+ ip_initid(8192);
+#endif
++=======
++>>>>>>> upstream/main
}
VNET_SYSINIT(ip_id, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY, ipid_sysinit, NULL);
diff --cc sys/netinet/ip_input.c
index c7f5c88341dd,be21decff6cb..000000000000
mode 100644,100644..100755
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@@ -37,7 -37,6 +37,10 @@@ __FBSDID("$FreeBSD$")
#include "opt_bootp.h"
#include "opt_ipstealth.h"
#include "opt_ipsec.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include "opt_route.h"
#include "opt_rss.h"
@@@ -134,12 -133,7 +137,16 @@@ SYSCTL_INT(_net_inet_ip, IPCTL_SENDREDI
* to the loopback interface instead of the interface where the
* packets for those addresses are received.
*/
++<<<<<<< HEAD
+
+#ifdef PAX_HARDENING
+VNET_DEFINE_STATIC(int, ip_checkinterface) = 1;
+#else
+VNET_DEFINE_STATIC(int, ip_checkinterface);
+#endif
++=======
+ VNET_DEFINE_STATIC(int, ip_checkinterface);
++>>>>>>> upstream/main
#define V_ip_checkinterface VNET(ip_checkinterface)
SYSCTL_INT(_net_inet_ip, OID_AUTO, check_interface, CTLFLAG_VNET | CTLFLAG_RW,
&VNET_NAME(ip_checkinterface), 0,
diff --cc sys/netinet/ip_reass.c
index b32f1fa5fc2b,f5cc6ad68125..000000000000
mode 100644,100644..100755
--- a/sys/netinet/ip_reass.c
+++ b/sys/netinet/ip_reass.c
@@@ -34,7 -34,6 +34,10 @@@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include "opt_rss.h"
#include <sys/param.h>
@@@ -572,11 -571,7 +575,15 @@@ ipreass_init(void
V_ipq[i].count = 0;
}
V_ipq_hashseed = arc4random();
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+ V_maxfragsperpacket = 0;
+#else
V_maxfragsperpacket = 16;
+#endif
++=======
++ V_maxfragsperpacket = 16;
++>>>>>>> upstream/main
V_ipq_zone = uma_zcreate("ipq", sizeof(struct ipq), NULL, NULL, NULL,
NULL, UMA_ALIGN_PTR, 0);
max = IP_MAXFRAGPACKETS;
diff --cc sys/netinet6/in6_proto.c
index 649bcfd5a305,21b7d660676f..000000000000
mode 100644,100644..100755
--- a/sys/netinet6/in6_proto.c
+++ b/sys/netinet6/in6_proto.c
@@@ -70,7 -70,6 +70,10 @@@ __FBSDID("$FreeBSD$")
#include "opt_ipsec.h"
#include "opt_ipstealth.h"
#include "opt_sctp.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include "opt_route.h"
#include <sys/param.h>
@@@ -361,12 -360,8 +364,17 @@@ VNET_DOMAIN_SET(inet6)
#endif /* !IPV6FORWARDING */
#ifndef IPV6_SENDREDIRECTS
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+#define IPV6_SENDREDIRECTS 0
+#else
+#define IPV6_SENDREDIRECTS 1
+#endif
+#endif
++=======
+ #define IPV6_SENDREDIRECTS 1
+ #endif
++>>>>>>> upstream/main
VNET_DEFINE(int, ip6_forwarding) = IPV6FORWARDING; /* act as router? */
VNET_DEFINE(int, ip6_sendredirects) = IPV6_SENDREDIRECTS;
@@@ -381,13 -376,8 +389,18 @@@ VNET_DEFINE(int, ip6_hdrnestlimit) = 15
* process? */
VNET_DEFINE(int, ip6_dad_count) = 1; /* DupAddrDetectionTransmits */
VNET_DEFINE(int, ip6_auto_flowlabel) = 1;
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+VNET_DEFINE(int, ip6_use_deprecated) = 0;/* allow deprecated addr
+ * (RFC2462 5.5.4) */
+#else
VNET_DEFINE(int, ip6_use_deprecated) = 1;/* allow deprecated addr
* (RFC2462 5.5.4) */
+#endif
++=======
++VNET_DEFINE(int, ip6_use_deprecated) = 1;/* allow deprecated addr
++ * (RFC2462 5.5.4) */
++>>>>>>> upstream/main
VNET_DEFINE(int, ip6_rr_prune) = 5; /* router renumbering prefix
* walk list every 5 sec. */
VNET_DEFINE(int, ip6_mcast_pmtu) = 0; /* enable pMTU discovery for multicast? */
@@@ -410,11 -400,7 +423,15 @@@ VNET_DEFINE(int, pmtu_expire) = 60*10
VNET_DEFINE(int, pmtu_probe) = 60*2;
/* ICMPV6 parameters */
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+VNET_DEFINE(int, icmp6_rediraccept) = 0;/* accept and process redirects */
+#else
+VNET_DEFINE(int, icmp6_rediraccept) = 1;/* accept and process redirects */
+#endif
++=======
+ VNET_DEFINE(int, icmp6_rediraccept) = 1;/* accept and process redirects */
++>>>>>>> upstream/main
VNET_DEFINE(int, icmp6_redirtimeout) = 10 * 60; /* 10 minutes */
VNET_DEFINE(int, icmp6errppslim) = 100; /* 100pps */
/* control how to respond to NI queries */
diff --cc sys/netinet6/in6_src.c
index e0fc37c7a2be,7a756030f01c..000000000000
mode 100644,100644..100755
--- a/sys/netinet6/in6_src.c
+++ b/sys/netinet6/in6_src.c
@@@ -67,7 -67,6 +67,10 @@@ __FBSDID("$FreeBSD$")
#include "opt_inet.h"
#include "opt_inet6.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/lock.h>
@@@ -127,11 -126,7 +130,15 @@@ static struct sx addrsel_sxlock
VNET_DEFINE_STATIC(struct in6_addrpolicy, defaultaddrpolicy);
#define V_defaultaddrpolicy VNET(defaultaddrpolicy)
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+VNET_DEFINE(int, ip6_prefer_tempaddr) = 1;
+#else
VNET_DEFINE(int, ip6_prefer_tempaddr) = 0;
+#endif
++=======
++VNET_DEFINE(int, ip6_prefer_tempaddr) = 0;
++>>>>>>> upstream/main
static int selectroute(struct sockaddr_in6 *, struct ip6_pktopts *,
struct ip6_moptions *, struct route_in6 *, struct ifnet **,
diff --cc sys/netinet6/nd6_rtr.c
index 5cac23bf3d9e,41c9e0251d59..000000000000
mode 100644,100644..100755
--- a/sys/netinet6/nd6_rtr.c
+++ b/sys/netinet6/nd6_rtr.c
@@@ -36,7 -36,6 +36,10 @@@ __FBSDID("$FreeBSD$")
#include "opt_inet.h"
#include "opt_inet6.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/systm.h>
@@@ -92,11 -91,7 +95,15 @@@ VNET_DEFINE_STATIC(struct ifnet *, nd6_
VNET_DEFINE(int, nd6_defifindex);
#define V_nd6_defifp VNET(nd6_defifp)
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+VNET_DEFINE(int, ip6_use_tempaddr) = 1;
+#else
VNET_DEFINE(int, ip6_use_tempaddr) = 0;
+#endif
++=======
++VNET_DEFINE(int, ip6_use_tempaddr) = 0;
++>>>>>>> upstream/main
VNET_DEFINE(int, ip6_desync_factor);
VNET_DEFINE(u_int32_t, ip6_temp_preferred_lifetime) = DEF_TEMP_PREFERRED_LIFETIME;
diff --cc sys/powerpc/powerpc/elf32_machdep.c
index 7ec043b882f2,04150f02bb9c..000000000000
mode 100644,100644..100755
--- a/sys/powerpc/powerpc/elf32_machdep.c
+++ b/sys/powerpc/powerpc/elf32_machdep.c
@@@ -27,8 -27,6 +27,11 @@@
* $FreeBSD$
*/
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/kernel.h>
#include <sys/systm.h>
@@@ -38,7 -36,6 +41,10 @@@
#include <sys/exec.h>
#include <sys/imgact.h>
#include <sys/malloc.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/namei.h>
#include <sys/fcntl.h>
@@@ -123,7 -120,7 +129,11 @@@ struct sysentvec elf32_freebsd_sysvec
.sv_fixlimit = NULL,
#endif
.sv_maxssiz = NULL,
++<<<<<<< HEAD
+ .sv_flags = SV_ABI_FREEBSD | SV_ILP32 | SV_SHP |
++=======
+ .sv_flags = SV_ABI_FREEBSD | SV_ILP32 | SV_SHP | SV_ASLR |
++>>>>>>> upstream/main
SV_TIMEKEEP | SV_RNG_SEED_VER,
.sv_set_syscall_retval = cpu_set_syscall_retval,
.sv_fetch_syscall_args = cpu_fetch_syscall_args,
@@@ -132,7 -129,6 +142,10 @@@
.sv_schedtail = NULL,
.sv_thread_detach = NULL,
.sv_trap = NULL,
++<<<<<<< HEAD
+ .sv_pax_aslr_init = pax_aslr_init_vmspace32,
++=======
++>>>>>>> upstream/main
.sv_hwcap = &cpu_features,
.sv_hwcap2 = &cpu_features2,
};
diff --cc sys/powerpc/powerpc/elf64_machdep.c
index d04559199ae1,1bca857d9ca5..000000000000
mode 100644,100644..100755
--- a/sys/powerpc/powerpc/elf64_machdep.c
+++ b/sys/powerpc/powerpc/elf64_machdep.c
@@@ -27,15 -27,12 +27,21 @@@
* $FreeBSD$
*/
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/kernel.h>
#include <sys/systm.h>
#include <sys/exec.h>
#include <sys/imgact.h>
#include <sys/malloc.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/namei.h>
#include <sys/fcntl.h>
@@@ -84,7 -81,7 +90,11 @@@ struct sysentvec elf64_freebsd_sysvec_v
.sv_setregs = exec_setregs_funcdesc,
.sv_fixlimit = NULL,
.sv_maxssiz = NULL,
++<<<<<<< HEAD
+ .sv_flags = SV_ABI_FREEBSD | SV_LP64 | SV_SHP |
++=======
+ .sv_flags = SV_ABI_FREEBSD | SV_LP64 | SV_SHP | SV_ASLR |
++>>>>>>> upstream/main
SV_TIMEKEEP | SV_RNG_SEED_VER,
.sv_set_syscall_retval = cpu_set_syscall_retval,
.sv_fetch_syscall_args = cpu_fetch_syscall_args,
@@@ -132,7 -129,6 +142,10 @@@ struct sysentvec elf64_freebsd_sysvec_v
.sv_trap = NULL,
.sv_hwcap = &cpu_features,
.sv_hwcap2 = &cpu_features2,
++<<<<<<< HEAD
+ .sv_pax_aslr_init = pax_aslr_init_vmspace,
++=======
++>>>>>>> upstream/main
};
static boolean_t ppc64_elfv1_header_match(struct image_params *params,
diff --cc sys/powerpc/powerpc/exec_machdep.c
index 24178fee4b55,807a06b783c0..000000000000
mode 100644,100644..100755
--- a/sys/powerpc/powerpc/exec_machdep.c
+++ b/sys/powerpc/powerpc/exec_machdep.c
@@@ -296,7 -296,7 +296,11 @@@ sendsig(sig_t catcher, ksiginfo_t *ksi
mtx_unlock(&psp->ps_mtx);
PROC_UNLOCK(p);
++<<<<<<< HEAD
+ tf->srr0 = (register_t)p->p_sigcode_base;
++=======
+ tf->srr0 = (register_t)p->p_sysent->sv_sigcode_base;
++>>>>>>> upstream/main
/*
* copy the frame out to userland.
diff --cc sys/riscv/riscv/elf_machdep.c
index 8a8444935d60,06d117128ef7..000000000000
mode 100644,100644..100755
--- a/sys/riscv/riscv/elf_machdep.c
+++ b/sys/riscv/riscv/elf_machdep.c
@@@ -37,15 -37,12 +37,21 @@@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/kernel.h>
#include <sys/systm.h>
#include <sys/exec.h>
#include <sys/imgact.h>
#include <sys/linker.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/sysctl.h>
#include <sys/sysent.h>
@@@ -87,7 -84,7 +93,11 @@@ struct sysentvec elf64_freebsd_sysvec
.sv_setregs = exec_setregs,
.sv_fixlimit = NULL,
.sv_maxssiz = NULL,
++<<<<<<< HEAD
+ .sv_flags = SV_ABI_FREEBSD | SV_LP64 | SV_SHP |
++=======
+ .sv_flags = SV_ABI_FREEBSD | SV_LP64 | SV_SHP | SV_ASLR |
++>>>>>>> upstream/main
SV_RNG_SEED_VER,
.sv_set_syscall_retval = cpu_set_syscall_retval,
.sv_fetch_syscall_args = cpu_fetch_syscall_args,
@@@ -97,7 -94,6 +107,10 @@@
.sv_schedtail = NULL,
.sv_thread_detach = NULL,
.sv_trap = NULL,
++<<<<<<< HEAD
+ .sv_pax_aslr_init = pax_aslr_init_vmspace,
++=======
++>>>>>>> upstream/main
.sv_hwcap = &elf_hwcap,
.sv_machine_arch = riscv_machine_arch,
};
diff --cc sys/riscv/riscv/machdep.c
index 22945dd4c076,841bfeda891e..000000000000
mode 100644,100644..100755
--- a/sys/riscv/riscv/machdep.c
+++ b/sys/riscv/riscv/machdep.c
@@@ -656,9 -656,9 +656,15 @@@ sendsig(sig_t catcher, ksiginfo_t *ksi
sysent = p->p_sysent;
if (sysent->sv_sigcode_base != 0)
++<<<<<<< HEAD
+ tf->tf_ra = (register_t)p->p_sigcode_base;
+ else
+ tf->tf_ra = (register_t)(p->p_psstrings -
++=======
+ tf->tf_ra = (register_t)sysent->sv_sigcode_base;
+ else
+ tf->tf_ra = (register_t)(sysent->sv_psstrings -
++>>>>>>> upstream/main
*(sysent->sv_szsigcode));
CTR3(KTR_SIG, "sendsig: return td=%p pc=%#x sp=%#x", td, tf->tf_sepc,
diff --cc sys/security/mac/mac_framework.h
index 4a092d948763,ea061d6258ff..000000000000
mode 100644,100644..100755
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@@@ -88,7 -88,6 +88,10 @@@ struct ucred
struct vattr;
struct vnode;
struct vop_setlabel_args;
++<<<<<<< HEAD
+struct prison;
++=======
++>>>>>>> upstream/main
#include <sys/acl.h> /* XXX acl_type_t */
#include <sys/types.h> /* accmode_t */
@@@ -635,8 -634,6 +638,11 @@@ int mac_vnode_execve_will_transition(st
void mac_vnode_relabel(struct ucred *cred, struct vnode *vp,
struct label *newlabel);
++<<<<<<< HEAD
+void mac_prison_destroy(struct prison *pr);
+
++=======
++>>>>>>> upstream/main
/*
* Calls to help various file systems implement labeling functionality using
* their existing EA implementation.
diff --cc sys/security/mac/mac_policy.h
index f5b3e64b02c6,b875e6eb5487..000000000000
mode 100644,100644..100755
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@@@ -99,7 -99,6 +99,10 @@@ struct thread
struct ucred;
struct vattr;
struct vnode;
++<<<<<<< HEAD
+struct prison;
++=======
++>>>>>>> upstream/main
/*
* Policy module operations.
@@@ -671,8 -670,6 +674,11 @@@ typedef int (*mpo_vnode_setlabel_extatt
struct vnode *vp, struct label *vplabel,
struct label *intlabel);
++<<<<<<< HEAD
+typedef void (*mpo_prison_destroy_t)(struct prison *prison);
+
++=======
++>>>>>>> upstream/main
struct mac_policy_ops {
/*
* Policy module operations.
@@@ -965,8 -962,6 +971,11 @@@
mpo_vnode_internalize_label_t mpo_vnode_internalize_label;
mpo_vnode_relabel_t mpo_vnode_relabel;
mpo_vnode_setlabel_extattr_t mpo_vnode_setlabel_extattr;
++<<<<<<< HEAD
+
+ mpo_prison_destroy_t mpo_prison_destroy;
++=======
++>>>>>>> upstream/main
};
/*
diff --cc sys/sys/copyright.h
index ef32db3abefc,b7b4090be317..000000000000
mode 100644,100644..100755
--- a/sys/sys/copyright.h
+++ b/sys/sys/copyright.h
@@@ -31,7 -31,7 +31,11 @@@
/* Add a FreeBSD vendor copyright here */
#define COPYRIGHT_Vendor \
++<<<<<<< HEAD
+ "Copyright (c) 2013-2020 The HardenedBSD Project.\n"
++=======
+ ""
++>>>>>>> upstream/main
/* FreeBSD */
#define COPYRIGHT_FreeBSD \
diff --cc sys/sys/elf_common.h
index ec3393305b81,8166d352955c..000000000000
mode 100644,100644..100755
--- a/sys/sys/elf_common.h
+++ b/sys/sys/elf_common.h
@@@ -968,9 -968,8 +968,14 @@@ typedef struct
#define AT_ENVV 31 /* Environment vector */
#define AT_PS_STRINGS 32 /* struct ps_strings */
#define AT_FXRNG 33 /* Pointer to root RNG seed version. */
++<<<<<<< HEAD
+#define AT_PAXFLAGS 34
+
+#define AT_COUNT 35 /* Count of defined aux entry types. */
++=======
+
+ #define AT_COUNT 34 /* Count of defined aux entry types. */
++>>>>>>> upstream/main
/*
* Relocation types.
diff --cc sys/sys/imgact.h
index d844ddc03564,5463b6f80d1c..000000000000
mode 100644,100644..100755
--- a/sys/sys/imgact.h
+++ b/sys/sys/imgact.h
@@@ -94,10 -94,6 +94,13 @@@ struct image_params
bool credential_setid; /* true if becoming setid */
bool textset;
u_int map_flags;
++<<<<<<< HEAD
+ struct _pax {
+ uint32_t req_acl_flags; /* Requested PaX settings from ACL */
+ uint32_t req_extattr_flags; /* Req. PaX setting from extattr */
+ } pax;
++=======
++>>>>>>> upstream/main
};
#ifdef _KERNEL
diff --cc sys/sys/imgact_elf.h
index 523afb8117fb,ca95798c7288..000000000000
mode 100644,100644..100755
--- a/sys/sys/imgact_elf.h
+++ b/sys/sys/imgact_elf.h
@@@ -65,7 -65,6 +65,10 @@@ typedef struct
Elf_Size flags;
Elf_Size entry;
Elf_Word hdr_eflags; /* e_flags field from ehdr */
++<<<<<<< HEAD
+ Elf_Word pax_flags;
++=======
++>>>>>>> upstream/main
} __ElfN(Auxargs);
typedef struct {
diff --cc sys/sys/jail.h
index a6813e23e518,2a6ee07ecc47..000000000000
mode 100644,100644..100755
--- a/sys/sys/jail.h
+++ b/sys/sys/jail.h
@@@ -32,10 -32,6 +32,13 @@@
#ifndef _SYS_JAIL_H_
#define _SYS_JAIL_H_
++<<<<<<< HEAD
+#if defined(_KERNEL) || defined(_WANT_PRISON)
+#include <sys/pax.h>
+#endif
+
++=======
++>>>>>>> upstream/main
#ifdef _KERNEL
struct jail_v0 {
u_int32_t version;
@@@ -194,7 -190,6 +197,10 @@@ struct prison
char pr_domainname[MAXHOSTNAMELEN]; /* (p) jail domainname */
char pr_hostuuid[HOSTUUIDLEN]; /* (p) jail hostuuid */
char pr_osrelease[OSRELEASELEN]; /* (c) kern.osrelease value */
++<<<<<<< HEAD
+ struct hbsd_features pr_hbsd; /* (p) PaX-inspired hardening features */
++=======
++>>>>>>> upstream/main
};
struct prison_racct {
@@@ -240,15 -235,13 +246,23 @@@
#define PR_ALLOW_SUSER 0x00000400
#define PR_ALLOW_RESERVED_PORTS 0x00008000
#define PR_ALLOW_KMEM_ACCESS 0x00010000 /* reserved, not used yet */
++<<<<<<< HEAD
+#define PR_ALLOW_EXTATTR 0x00020000
+#define PR_ALLOW_ALL_STATIC 0x000387ff
++=======
+ #define PR_ALLOW_ALL_STATIC 0x000187ff
++>>>>>>> upstream/main
/*
* PR_ALLOW_DIFFERENCES determines which flags are able to be
* different between the parent and child jail upon creation.
*/
++<<<<<<< HEAD
+#define PR_ALLOW_DIFFERENCES (PR_ALLOW_UNPRIV_DEBUG | \
+ PR_ALLOW_EXTATTR)
++=======
+ #define PR_ALLOW_DIFFERENCES (PR_ALLOW_UNPRIV_DEBUG)
++>>>>>>> upstream/main
/*
* OSD methods
diff --cc sys/sys/kernel.h
index 14a8c9b7b151,181036c98a6a..000000000000
mode 100644,100644..100755
--- a/sys/sys/kernel.h
+++ b/sys/sys/kernel.h
@@@ -102,7 -102,6 +102,10 @@@ enum sysinit_sub_id
SI_SUB_WITNESS = 0x1A80000, /* witness initialization */
SI_SUB_MTX_POOL_DYNAMIC = 0x1AC0000, /* dynamic mutex pool */
SI_SUB_LOCK = 0x1B00000, /* various locks */
++<<<<<<< HEAD
+ SI_SUB_PAX = 0x1B80000, /* pax setup */
++=======
++>>>>>>> upstream/main
SI_SUB_EVENTHANDLER = 0x1C00000, /* eventhandler init */
SI_SUB_VNET_PRELINK = 0x1E00000, /* vnet init before modules */
SI_SUB_KLD = 0x2000000, /* KLD and module setup */
diff --cc sys/sys/ktr_class.h
index 3b309349a5a1,f2c76c73505b..000000000000
mode 100644,100644..100755
--- a/sys/sys/ktr_class.h
+++ b/sys/sys/ktr_class.h
@@@ -74,8 -74,7 +74,12 @@@
#define KTR_SCHED 0x20000000 /* Machine parsed sched info. */
#define KTR_BUF 0x40000000 /* Buffer cache */
#define KTR_PTRACE 0x80000000 /* Process debugging. */
++<<<<<<< HEAD
+#define KTR_PAX 0x100000000 /* PaX */
+#define KTR_ALL 0x1ffffffff
++=======
+ #define KTR_ALL 0xffffffff
++>>>>>>> upstream/main
/* KTR trace classes to compile in */
#ifdef KTR
diff --cc sys/sys/mount.h
index c2a7953ca1ee,f965dd72d7ba..000000000000
mode 100644,100644..100755
--- a/sys/sys/mount.h
+++ b/sys/sys/mount.h
@@@ -973,9 -973,9 +973,15 @@@ int vfs_filteropt(struct vfsoptlist *,
void vfs_opterror(struct vfsoptlist *opts, const char *fmt, ...);
int vfs_scanopt(struct vfsoptlist *opts, const char *name, const char *fmt, ...);
int vfs_setopt(struct vfsoptlist *opts, const char *name, void *value,
++<<<<<<< HEAD
+ size_t len);
+int vfs_setopt_part(struct vfsoptlist *opts, const char *name, void *value,
+ size_t len);
++=======
+ int len);
+ int vfs_setopt_part(struct vfsoptlist *opts, const char *name, void *value,
+ int len);
++>>>>>>> upstream/main
int vfs_setopts(struct vfsoptlist *opts, const char *name,
const char *value);
int vfs_setpublicfs /* set publicly exported fs */
diff --cc sys/sys/priv.h
index f62de8499867,7ef54782a60d..000000000000
mode 100644,100644..100755
--- a/sys/sys/priv.h
+++ b/sys/sys/priv.h
@@@ -146,7 -146,6 +146,10 @@@
*/
#define PRIV_KLD_LOAD 130 /* Load a kernel module. */
#define PRIV_KLD_UNLOAD 131 /* Unload a kernel module. */
++<<<<<<< HEAD
+#define PRIV_KLD_STAT 132 /* Lookup a kernel module */
++=======
++>>>>>>> upstream/main
/*
* Privileges associated with the MAC Framework and specific MAC policy
@@@ -512,14 -511,10 +515,21 @@@
#define PRIV_KMEM_READ 680 /* Open mem/kmem for reading. */
#define PRIV_KMEM_WRITE 681 /* Open mem/kmem for writing. */
++<<<<<<< HEAD
+/* sysctl(9) privileges.
+ */
+#define PRIV_SYSCTL_ROOTONLY 800
+
+/*
+ * Track end of privilege list.
+ */
+#define _PRIV_HIGHEST 801
++=======
+ /*
+ * Track end of privilege list.
+ */
+ #define _PRIV_HIGHEST 682
++>>>>>>> upstream/main
/*
* Validate that a named privilege is known by the privilege system. Invalid
diff --cc sys/sys/proc.h
index 6b23c9385d97,0d92dfb7578d..000000000000
mode 100644,100644..100755
--- a/sys/sys/proc.h
+++ b/sys/sys/proc.h
@@@ -322,7 -322,6 +322,10 @@@ struct thread
u_char td_pri_class; /* (t) Scheduling class. */
u_char td_user_pri; /* (t) User pri from estcpu and nice. */
u_char td_base_user_pri; /* (t) Base user pri */
++<<<<<<< HEAD
+ uint32_t td_pax; /* (b) Cached PaX settings from process. */
++=======
++>>>>>>> upstream/main
u_char td_pre_epoch_prio; /* (k) User pri on entry to epoch */
uintptr_t td_rb_list; /* (k) Robust list head. */
uintptr_t td_rbp_list; /* (k) Robust priv list head. */
@@@ -679,15 -678,9 +682,21 @@@ struct proc
rlim_t p_cpulimit; /* (c) Current CPU limit in seconds. */
signed char p_nice; /* (c) Process "nice" value. */
int p_fibnum; /* in this routing domain XXX MRT */
++<<<<<<< HEAD
+ uint32_t p_pax; /* (b) PaX is enabled to this process */
pid_t p_reapsubtree; /* (e) Pid of the direct child of the
reaper which spawned
our subtree. */
+ vm_offset_t p_usrstack; /* (b) Process stack top. */
+ vm_offset_t p_psstrings; /* (b) Process psstrings address. */
+ vm_offset_t p_timekeep_base; /* (c) Address of timekeep structure. */
+ vm_offset_t p_shared_page_base; /* (c) Address of shared page. */
+ vm_offset_t p_sigcode_base; /* (c) Address of sigcode. */
++=======
++ pid_t p_reapsubtree; /* (e) Pid of the direct child of the
++ reaper which spawned
++ our subtree. */
++>>>>>>> upstream/main
uint16_t p_elf_machine; /* (x) ELF machine type */
uint64_t p_elf_flags; /* (x) ELF flags */
/* End area that is copied on creation. */
diff --cc sys/sys/sysctl.h
index 96b009f162da,9e9bd723f4bd..000000000000
mode 100644,100644..100755
--- a/sys/sys/sysctl.h
+++ b/sys/sys/sysctl.h
@@@ -113,8 -113,6 +113,11 @@@ struct ctlname
*/
#define CTLFLAG_NEEDGIANT 0x00000800 /* Handler require Giant */
++<<<<<<< HEAD
+#define CTLFLAG_ROOTONLY 0x00000010 /* Only available to root */
+
++=======
++>>>>>>> upstream/main
/*
* Secure level. Note that CTLFLAG_SECURE == CTLFLAG_SECURE1.
*
@@@ -1133,7 -1131,6 +1136,10 @@@ SYSCTL_DECL(_compat)
SYSCTL_DECL(_regression);
SYSCTL_DECL(_security);
SYSCTL_DECL(_security_bsd);
++<<<<<<< HEAD
+SYSCTL_DECL(_hardening);
++=======
++>>>>>>> upstream/main
extern char machine[];
extern char osrelease[];
diff --cc sys/sys/sysent.h
index eb479a405eed,db729239243f..000000000000
mode 100644,100644..100755
--- a/sys/sys/sysent.h
+++ b/sys/sys/sysent.h
@@@ -40,7 -40,6 +40,10 @@@ struct rlimit
struct sysent;
struct thread;
struct ksiginfo;
++<<<<<<< HEAD
+struct proc;
++=======
++>>>>>>> upstream/main
struct syscall_args;
enum systrace_probe_t {
@@@ -142,7 -141,6 +145,10 @@@ struct sysentvec
void (*sv_schedtail)(struct thread *);
void (*sv_thread_detach)(struct thread *);
int (*sv_trap)(struct thread *);
++<<<<<<< HEAD
+ void (* const sv_pax_aslr_init)(struct proc *p);
++=======
++>>>>>>> upstream/main
u_long *sv_hwcap; /* Value passed in AT_HWCAP. */
u_long *sv_hwcap2; /* Value passed in AT_HWCAP2. */
const char *(*sv_machine_arch)(struct proc *);
@@@ -174,6 -172,7 +180,10 @@@
#define SV_ABI_UNDEF 255
#ifdef _KERNEL
++<<<<<<< HEAD
++=======
+ extern struct sysentvec aout_sysvec;
++>>>>>>> upstream/main
extern struct sysent sysent[];
extern const char *syscallnames[];
diff --cc sys/vm/vm_map.c
index 3670cbd3527f,5925ae8e96ad..000000000000
mode 100644,100644..100755
--- a/sys/vm/vm_map.c
+++ b/sys/vm/vm_map.c
@@@ -67,8 -67,6 +67,11 @@@
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/elf.h>
@@@ -76,7 -74,6 +79,10 @@@
#include <sys/ktr.h>
#include <sys/lock.h>
#include <sys/mutex.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/vmmeter.h>
#include <sys/mman.h>
@@@ -150,9 -147,6 +156,12 @@@ static int vm_map_stack_locked(vm_map_
int cow);
static void vm_map_wire_entry_failure(vm_map_t map, vm_map_entry_t entry,
vm_offset_t failed_addr);
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+static int sysctl_stack_guard_page(SYSCTL_HANDLER_ARGS);
+#endif
++=======
++>>>>>>> upstream/main
#define ENTRY_CHARGED(e) ((e)->cred != NULL || \
((e)->object.vm_object != NULL && (e)->object.vm_object->cred != NULL && \
@@@ -349,17 -343,6 +358,20 @@@ vmspace_alloc(vm_offset_t min, vm_offse
vm->vm_taddr = 0;
vm->vm_daddr = 0;
vm->vm_maxsaddr = 0;
++<<<<<<< HEAD
+#ifdef PAX_ASLR
+ vm->vm_aslr_delta_mmap = 0;
+ vm->vm_aslr_delta_stack = 0;
+ vm->vm_aslr_delta_thr_stack = 0;
+ vm->vm_aslr_delta_exec = 0;
+ vm->vm_aslr_delta_vdso = 0;
+#ifdef __LP64__
+ vm->vm_aslr_delta_map32bit = 0;
+#endif
+#endif
+
++=======
++>>>>>>> upstream/main
return (vm);
}
@@@ -1679,11 -1662,8 +1691,16 @@@ vm_map_insert(vm_map_t map, vm_object_
(cow & MAP_SPLIT_BOUNDARY_MASK) != 0,
("vm_map_insert: paradoxical MAP_NOFAULT request, obj %p cow %#x",
object, cow));
++<<<<<<< HEAD
+
+#ifndef PAX_NOEXEC
+ KASSERT((prot & ~max) == 0,
+ ("prot %#x is not subset of max_prot %#x", prot, max));
+#endif
++=======
+ KASSERT((prot & ~max) == 0,
+ ("prot %#x is not subset of max_prot %#x", prot, max));
++>>>>>>> upstream/main
/*
* Check that the start and end points are not bogus.
@@@ -2022,7 -2002,7 +2039,11 @@@ out
static const int aslr_pages_rnd_64[2] = {0x1000, 0x10};
static const int aslr_pages_rnd_32[2] = {0x100, 0x4};
++<<<<<<< HEAD
+static int cluster_anon = 0;
++=======
+ static int cluster_anon = 1;
++>>>>>>> upstream/main
SYSCTL_INT(_vm, OID_AUTO, cluster_anon, CTLFLAG_RW,
&cluster_anon, 0,
"Cluster anonymous mappings: 0 = no, 1 = yes if no hint, 2 = always");
@@@ -2763,9 -2743,6 +2784,12 @@@ vm_map_protect(vm_map_t map, vm_offset_
struct ucred *cred;
vm_prot_t old_prot;
int rv;
++<<<<<<< HEAD
+#ifdef PAX_NOEXEC
+ int ret;
+#endif
++=======
++>>>>>>> upstream/main
if (start == end)
return (KERN_SUCCESS);
@@@ -2904,12 -2881,6 +2928,15 @@@ again
continue;
old_prot = entry->protection;
++<<<<<<< HEAD
+#ifdef PAX_NOEXEC
+ ret = pax_mprotect_enforce(curthread->td_proc, map, old_prot, new_prot);
+ if (ret != 0) {
+ return (ret);
+ }
+#endif
++=======
++>>>>>>> upstream/main
if (set_max)
entry->protection =
@@@ -4304,16 -4275,6 +4331,19 @@@ vmspace_fork(struct vmspace *vm1, vm_oo
vm2->vm_taddr = vm1->vm_taddr;
vm2->vm_daddr = vm1->vm_daddr;
vm2->vm_maxsaddr = vm1->vm_maxsaddr;
++<<<<<<< HEAD
+#ifdef PAX_ASLR
+ vm2->vm_aslr_delta_exec = vm1->vm_aslr_delta_exec;
+ vm2->vm_aslr_delta_mmap = vm1->vm_aslr_delta_mmap;
+ vm2->vm_aslr_delta_stack = vm1->vm_aslr_delta_stack;
+ vm2->vm_aslr_delta_thr_stack = vm1->vm_aslr_delta_thr_stack;
+ vm2->vm_aslr_delta_vdso = vm1->vm_aslr_delta_vdso;
+#ifdef __LP64__
+ vm2->vm_aslr_delta_map32bit = vm1->vm_aslr_delta_map32bit;
+#endif
+#endif
++=======
++>>>>>>> upstream/main
vm_map_lock(old_map);
if (old_map->busy)
vm_map_wait_busy(old_map);
@@@ -4534,47 -4495,9 +4564,53 @@@ out
}
static int stack_guard_page = 1;
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+SYSCTL_PROC(_security_bsd, OID_AUTO, stack_guard_page, CTLTYPE_INT|
+ CTLFLAG_RWTUN|CTLFLAG_SECURE, NULL, 0, sysctl_stack_guard_page,
+ "I",
+ "Specifies the number of guard pages for a stack that grows");
+#else
+SYSCTL_INT(_security_bsd, OID_AUTO, stack_guard_page, CTLFLAG_RWTUN,
+ &stack_guard_page, 0,
+ "Specifies the number of guard pages for a stack that grows");
+#endif
+
+#ifdef PAX_HARDENING
+static int
+sysctl_stack_guard_page(SYSCTL_HANDLER_ARGS)
+{
+ int err, val;
+
+ val = stack_guard_page;
+ err = sysctl_handle_int(oidp, &val, sizeof(int), req);
+ if (err || req->newptr == NULL)
+ return (err);
+
+ switch (val) {
+ case 0:
+ /* FALLTHROUGH */
+ case 1:
+ stack_guard_page = val;
+ err = 0;
+ break;
+ default:
+ /*
+ * kib@'s MAP_GUARD isn't ready for more
+ * than a single page.
+ */
+ err = EINVAL;
+ break;
+ }
+
+ return (err);
+}
+#endif
++=======
+ SYSCTL_INT(_security_bsd, OID_AUTO, stack_guard_page, CTLFLAG_RWTUN,
+ &stack_guard_page, 0,
+ "Specifies the number of guard pages for a stack that grows");
++>>>>>>> upstream/main
static int
vm_map_stack_locked(vm_map_t map, vm_offset_t addrbos, vm_size_t max_ssize,
@@@ -4751,7 -4674,7 +4787,11 @@@ retry
* limit.
*/
is_procstack = addr >= (vm_offset_t)vm->vm_maxsaddr &&
++<<<<<<< HEAD
+ addr < (vm_offset_t)p->p_usrstack;
++=======
+ addr < (vm_offset_t)p->p_sysent->sv_usrstack;
++>>>>>>> upstream/main
if (is_procstack && (ctob(vm->vm_ssize) + grow_amount > stacklim))
return (KERN_NO_SPACE);
diff --cc sys/vm/vm_map.h
index 119dea28ade5,349bb4815762..000000000000
mode 100644,100644..100755
--- a/sys/vm/vm_map.h
+++ b/sys/vm/vm_map.h
@@@ -292,14 -292,6 +292,17 @@@ struct vmspace
caddr_t vm_taddr; /* (c) user virtual address of text */
caddr_t vm_daddr; /* (c) user virtual address of data */
caddr_t vm_maxsaddr; /* user VA at max stack growth */
++<<<<<<< HEAD
+ vm_offset_t vm_aslr_delta_mmap; /* mmap() random delta for ASLR */
+ vm_offset_t vm_aslr_delta_stack; /* stack random delta for ASLR */
+ vm_offset_t vm_aslr_delta_thr_stack; /* thread stack random delta for ASLR */
+ vm_offset_t vm_aslr_delta_exec; /* exec base random delta for ASLR */
+ vm_offset_t vm_aslr_delta_vdso; /* VDSO base random delta for ASLR */
+#ifdef __LP64__
+ vm_offset_t vm_aslr_delta_map32bit; /* random for MAP_32BIT mappings */
+#endif
++=======
++>>>>>>> upstream/main
u_int vm_refcnt; /* number of references */
/*
* Keep the PMAP last, so that CPU-specific variations of that
diff --cc sys/vm/vm_mmap.c
index 14483e23d2e9,7888ff15e36c..000000000000
mode 100644,100644..100755
--- a/sys/vm/vm_mmap.c
+++ b/sys/vm/vm_mmap.c
@@@ -46,7 -46,6 +46,10 @@@
__FBSDID("$FreeBSD$");
#include "opt_hwpmc_hooks.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include "opt_vm.h"
#include <sys/param.h>
@@@ -58,7 -57,6 +61,10 @@@
#include <sys/sysproto.h>
#include <sys/elf.h>
#include <sys/filedesc.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/procctl.h>
@@@ -104,8 -102,7 +110,12 @@@ int old_mlock = 0
SYSCTL_INT(_vm, OID_AUTO, old_mlock, CTLFLAG_RWTUN, &old_mlock, 0,
"Do not apply RLIMIT_MEMLOCK on mlockall");
static int mincore_mapped = 1;
++<<<<<<< HEAD
+SYSCTL_INT(_vm, OID_AUTO, mincore_mapped,
+ CTLFLAG_RWTUN | CTLFLAG_SECURE, &mincore_mapped, 0,
++=======
+ SYSCTL_INT(_vm, OID_AUTO, mincore_mapped, CTLFLAG_RWTUN, &mincore_mapped, 0,
++>>>>>>> upstream/main
"mincore reports mappings, not residency");
static int imply_prot_max = 0;
SYSCTL_INT(_vm, OID_AUTO, imply_prot_max, CTLFLAG_RWTUN, &imply_prot_max, 0,
@@@ -228,9 -225,6 +238,12 @@@ kern_mmap_req(struct thread *td, const
int align, error, fd, flags, max_prot, prot;
cap_rights_t rights;
mmap_check_fp_fn check_fp_fn;
++<<<<<<< HEAD
+#ifdef PAX_ASLR
+ int pax_aslr_done;
+#endif
++=======
++>>>>>>> upstream/main
orig_addr = addr = mrp->mr_hint;
len = mrp->mr_len;
@@@ -260,11 -254,6 +273,14 @@@
fp = NULL;
AUDIT_ARG_FD(fd);
++<<<<<<< HEAD
+#ifdef PAX_ASLR
+ orig_addr = addr;
+ pax_aslr_done = 0;
+#endif
+
++=======
++>>>>>>> upstream/main
/*
* Ignore old flags that used to be defined but did not do anything.
*/
@@@ -279,9 -268,14 +295,20 @@@
* ld.so sometimes issues anonymous map requests with non-zero
* pos.
*/
++<<<<<<< HEAD
+ if ((len == 0 && p->p_osrel >= P_OSREL_MAP_ANON) ||
+ ((flags & MAP_ANON) != 0 && (fd != -1 || pos != 0)))
+ return (EINVAL);
++=======
+ if (!SV_CURPROC_FLAG(SV_AOUT)) {
+ if ((len == 0 && p->p_osrel >= P_OSREL_MAP_ANON) ||
+ ((flags & MAP_ANON) != 0 && (fd != -1 || pos != 0)))
+ return (EINVAL);
+ } else {
+ if ((flags & MAP_ANON) != 0)
+ pos = 0;
+ }
++>>>>>>> upstream/main
if (flags & MAP_STACK) {
if ((fd != -1) ||
@@@ -334,11 -328,6 +361,14 @@@
align >> MAP_ALIGNMENT_SHIFT < PAGE_SHIFT))
return (EINVAL);
++<<<<<<< HEAD
+#if defined(MAP_32BIT) && defined(PAX_HARDENING)
+ if (pax_disallow_map32bit_active(td, flags))
+ return (EPERM);
+#endif
+
++=======
++>>>>>>> upstream/main
/*
* Check for illegal addresses. Watch out for address wrap... Note
* that VM_*_ADDRESS are not constants due to casts (argh).
@@@ -367,14 -356,7 +397,18 @@@
*/
if (addr + size > MAP_32BIT_MAX_ADDR)
addr = 0;
++<<<<<<< HEAD
+#ifdef PAX_ASLR
+ PROC_LOCK(td->td_proc);
+ if (!(td->td_proc->p_flag2 & P2_ASLR_ENABLE))
+ pax_aslr_mmap_map_32bit(td->td_proc, &addr, orig_addr, flags);
+ PROC_UNLOCK(td->td_proc);
+ pax_aslr_done = 1;
+#endif /* PAX_ASLR */
+#endif /* MAP_32BIT */
++=======
+ #endif
++>>>>>>> upstream/main
} else {
/*
* XXX for non-fixed mappings where no hint is provided or
@@@ -390,17 -372,6 +424,20 @@@
lim_max(td, RLIMIT_DATA))))
addr = round_page((vm_offset_t)vms->vm_daddr +
lim_max(td, RLIMIT_DATA));
++<<<<<<< HEAD
+#ifdef PAX_ASLR
+ PROC_LOCK(td->td_proc);
+ if (!(td->td_proc->p_flag2 & P2_ASLR_ENABLE)) {
+ if (flags & MAP_STACK)
+ pax_aslr_thr_stack(td->td_proc, &addr);
+ else
+ pax_aslr_mmap(td->td_proc, &addr, orig_addr, flags);
+ }
+ PROC_UNLOCK(td->td_proc);
+ pax_aslr_done = 1;
+#endif
++=======
++>>>>>>> upstream/main
}
if (len == 0) {
/*
@@@ -419,20 -390,8 +456,25 @@@
*
* This relies on VM_PROT_* matching PROT_*.
*/
++<<<<<<< HEAD
+#ifdef PAX_NOEXEC
+ cap_maxprot = VM_PROT_ALL;
+
+ pax_pageexec(td->td_proc, (vm_prot_t *)&prot, (vm_prot_t *)&cap_maxprot);
+ pax_mprotect(td->td_proc, (vm_prot_t *)&prot, (vm_prot_t *)&cap_maxprot);
+ pax_pageexec(td->td_proc, (vm_prot_t *)&prot, (vm_prot_t *)&max_prot);
+ pax_mprotect(td->td_proc, (vm_prot_t *)&prot, (vm_prot_t *)&max_prot);
+
+ error = vm_mmap_object(&vms->vm_map, &addr, size, prot,
+ cap_maxprot, flags, NULL, pos, FALSE, td);
+#else
+ error = vm_mmap_object(&vms->vm_map, &addr, size, prot,
+ max_prot, flags, NULL, pos, FALSE, td);
+#endif
++=======
+ error = vm_mmap_object(&vms->vm_map, &addr, size, prot,
+ max_prot, flags, NULL, pos, FALSE, td);
++>>>>>>> upstream/main
} else {
/*
* Mapping file, get fp for validation and don't let the
@@@ -457,17 -416,6 +499,20 @@@
error = EINVAL;
goto done;
}
++<<<<<<< HEAD
+
+#ifdef PAX_NOEXEC
+ pax_pageexec(td->td_proc, (vm_prot_t *)&prot, (vm_prot_t *)&cap_maxprot);
+ pax_mprotect(td->td_proc, (vm_prot_t *)&prot, (vm_prot_t *)&cap_maxprot);
+ pax_pageexec(td->td_proc, (vm_prot_t *)&prot, (vm_prot_t *)&max_prot);
+ pax_mprotect(td->td_proc, (vm_prot_t *)&prot, (vm_prot_t *)&max_prot);
+#endif
+#ifdef PAX_ASLR
+ KASSERT((flags & MAP_FIXED) == MAP_FIXED || pax_aslr_done == 1,
+ ("%s: ASLR reqiured ...", __func__));
+#endif
++=======
++>>>>>>> upstream/main
if (check_fp_fn != NULL) {
error = check_fp_fn(fp, prot, max_prot & cap_maxprot,
flags);
@@@ -532,6 -480,11 +577,14 @@@ ommap(struct thread *td, struct ommap_a
#define OMAP_FIXED 0x0100
prot = cvtbsdprot[uap->prot & 0x7];
++<<<<<<< HEAD
++=======
+ #if (defined(COMPAT_FREEBSD32) && defined(__amd64__)) || defined(__i386__)
+ if (i386_read_exec && SV_PROC_FLAG(td->td_proc, SV_ILP32) &&
+ prot != 0)
+ prot |= PROT_EXEC;
+ #endif
++>>>>>>> upstream/main
flags = 0;
if (uap->flags & OMAP_ANON)
flags |= MAP_ANON;
diff --cc sys/vm/vm_phys.c
index 3254c247dab5,c8f98a0b4695..000000000000
mode 100644,100644..100755
--- a/sys/vm/vm_phys.c
+++ b/sys/vm/vm_phys.c
@@@ -157,7 -157,7 +157,11 @@@ SYSCTL_OID(_vm, OID_AUTO, phys_free
static int sysctl_vm_phys_segs(SYSCTL_HANDLER_ARGS);
SYSCTL_OID(_vm, OID_AUTO, phys_segs,
++<<<<<<< HEAD
+ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE | CTLFLAG_ROOTONLY, NULL, 0,
++=======
+ CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
++>>>>>>> upstream/main
sysctl_vm_phys_segs, "A",
"Phys Seg Info");
diff --cc sys/vm/vm_unix.c
index 52c09d522991,8b3fce6b49a9..000000000000
mode 100644,100644..100755
--- a/sys/vm/vm_unix.c
+++ b/sys/vm/vm_unix.c
@@@ -38,8 -38,6 +38,11 @@@
* @(#)vm_unix.c 8.1 (Berkeley) 6/11/93
*/
++<<<<<<< HEAD
+#include "opt_pax.h"
+
++=======
++>>>>>>> upstream/main
/*
* Traditional sbrk/grow interface to VM
*/
@@@ -50,7 -48,6 +53,10 @@@ __FBSDID("$FreeBSD$")
#include <sys/param.h>
#include <sys/lock.h>
#include <sys/mutex.h>
++<<<<<<< HEAD
+#include <sys/pax.h>
++=======
++>>>>>>> upstream/main
#include <sys/proc.h>
#include <sys/racct.h>
#include <sys/resourcevar.h>
@@@ -95,9 -92,8 +101,14 @@@ kern_break(struct thread *td, uintptr_
struct vmspace *vm = td->td_proc->p_vmspace;
vm_map_t map = &vm->vm_map;
vm_offset_t new, old, base;
++<<<<<<< HEAD
+ vm_prot_t prot, maxprot;
+ rlim_t datalim, lmemlim, vmemlim;
+ int rv;
++=======
+ rlim_t datalim, lmemlim, vmemlim;
+ int prot, rv;
++>>>>>>> upstream/main
int error = 0;
datalim = lim_cur(td, RLIMIT_DATA);
@@@ -182,11 -178,12 +193,20 @@@
}
#endif
prot = VM_PROT_RW;
++<<<<<<< HEAD
+ maxprot = VM_PROT_ALL;
+#ifdef PAX_NOEXEC
+ pax_noexec_nx(td->td_proc, &prot, &maxprot);
+#endif
+ rv = vm_map_insert(map, NULL, 0, old, new, prot, maxprot, 0);
++=======
+ #if (defined(COMPAT_FREEBSD32) && defined(__amd64__)) || defined(__i386__)
+ if (i386_read_exec && SV_PROC_FLAG(td->td_proc, SV_ILP32))
+ prot |= VM_PROT_EXECUTE;
+ #endif
+ rv = vm_map_insert(map, NULL, 0, old, new, prot, VM_PROT_ALL,
+ 0);
++>>>>>>> upstream/main
if (rv == KERN_SUCCESS && (map->flags & MAP_WIREFUTURE) != 0) {
rv = vm_map_wire_locked(map, old, new,
VM_MAP_WIRE_USER | VM_MAP_WIRE_NOHOLES);
diff --cc sys/x86/include/specialreg.h
index 48165adb4769,22672d50efed..000000000000
mode 100644,100644..100755
--- a/sys/x86/include/specialreg.h
+++ b/sys/x86/include/specialreg.h
@@@ -615,7 -615,6 +615,10 @@@
#define MSR_PP1_ENERGY_STATUS 0x641
#define MSR_PPERF 0x64e
#define MSR_TSC_DEADLINE 0x6e0 /* Writes are not serializing */
++<<<<<<< HEAD
+#define MSR_IA32_DEBUG_INTERFACE 0xc80 /* Intel Silicon Debug interface */
++=======
++>>>>>>> upstream/main
#define MSR_IA32_PM_ENABLE 0x770
#define MSR_IA32_HWP_CAPABILITIES 0x771
#define MSR_IA32_HWP_REQUEST_PKG 0x772
@@@ -840,13 -839,6 +843,16 @@@
#define PAT_MASK(i) PAT_VALUE(i, 0xff)
/*
++<<<<<<< HEAD
+ * Silicon Debug Interface modes.
+ */
+#define IA32_DEBUG_INTERFACE_EN 0x0000000000000001 /* enable SDBG */
+#define IA32_DEBUG_INTERFACE_LOCK 0x0000000040000000 /* lock bit */
+#define IA32_DEBUG_INTERFACE_MASK 0x0000000080000000
+
+/*
++=======
++>>>>>>> upstream/main
* Constants related to MTRRs
*/
#define MTRR_UNCACHEABLE 0x00
diff --cc sys/x86/x86/cpu_machdep.c
index 1cac32e8b769,4798f913d5b2..000000000000
mode 100644,100644..100755
--- a/sys/x86/x86/cpu_machdep.c
+++ b/sys/x86/x86/cpu_machdep.c
@@@ -51,7 -51,6 +51,10 @@@ __FBSDID("$FreeBSD$")
#include "opt_kstack_pages.h"
#include "opt_maxmem.h"
#include "opt_mp_watchdog.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include "opt_platform.h"
#ifdef __i386__
#include "opt_apic.h"
@@@ -852,11 -851,7 +855,15 @@@ nmi_handle_intr(u_int type, struct trap
static int hw_ibrs_active;
int hw_ibrs_ibpb_active;
++<<<<<<< HEAD
+#ifdef PAX
+int hw_ibrs_disable = 0;
+#else
int hw_ibrs_disable = 1;
+#endif
++=======
++int hw_ibrs_disable = 1;
++>>>>>>> upstream/main
SYSCTL_INT(_hw, OID_AUTO, ibrs_active, CTLFLAG_RD, &hw_ibrs_active, 0,
"Indirect Branch Restricted Speculation active");
diff --cc sys/x86/x86/identcpu.c
index 7839248e4aff,938c24d1951f..000000000000
mode 100644,100644..100755
--- a/sys/x86/x86/identcpu.c
+++ b/sys/x86/x86/identcpu.c
@@@ -42,7 -42,6 +42,10 @@@
__FBSDID("$FreeBSD$");
#include "opt_cpu.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include <sys/param.h>
#include <sys/bus.h>
@@@ -1783,16 -1782,12 +1786,22 @@@ in
pti_get_default(void)
{
++<<<<<<< HEAD
+#ifdef PAX
+ return (1);
+#else
++=======
++>>>>>>> upstream/main
if (strcmp(cpu_vendor, AMD_VENDOR_ID) == 0 ||
strcmp(cpu_vendor, HYGON_VENDOR_ID) == 0)
return (0);
if ((cpu_ia32_arch_caps & IA32_ARCH_CAP_RDCL_NO) != 0)
return (0);
return (1);
++<<<<<<< HEAD
+#endif
++=======
++>>>>>>> upstream/main
}
static u_int
diff --cc sys/x86/x86/mp_x86.c
index fbba9ee2bff8,0f528f6567ee..000000000000
mode 100644,100644..100755
--- a/sys/x86/x86/mp_x86.c
+++ b/sys/x86/x86/mp_x86.c
@@@ -33,7 -33,6 +33,10 @@@ __FBSDID("$FreeBSD$")
#include "opt_cpu.h"
#include "opt_ddb.h"
#include "opt_kstack_pages.h"
++<<<<<<< HEAD
+#include "opt_pax.h"
++=======
++>>>>>>> upstream/main
#include "opt_pmap.h"
#include "opt_sched.h"
#include "opt_smp.h"
@@@ -146,11 -145,7 +149,15 @@@ _Static_assert(xAPIC_MAX_APIC_ID <= MAX
static void release_aps(void *dummy);
static void cpustop_handler_post(u_int cpu);
++<<<<<<< HEAD
+#ifdef PAX_HARDENING
+static int hyperthreading_allowed;
+#else
static int hyperthreading_allowed = 1;
+#endif
++=======
++static int hyperthreading_allowed = 1;
++>>>>>>> upstream/main
SYSCTL_INT(_machdep, OID_AUTO, hyperthreading_allowed, CTLFLAG_RDTUN,
&hyperthreading_allowed, 0, "Use Intel HTT logical CPUs");
diff --cc targets/pseudo/bootstrap-tools/Makefile
index 9af606bd7d97,88b89a5c9d10..000000000000
mode 100644,100644..100755
--- a/targets/pseudo/bootstrap-tools/Makefile
+++ b/targets/pseudo/bootstrap-tools/Makefile
@@@ -43,8 -43,7 +43,12 @@@ BSARGS= DESTDIR=
MK_HTML=no NO_LINT=yes MK_MAN=no \
-DNO_PIC MK_PROFILE=no -DNO_SHARED \
-DNO_CPU_CFLAGS MK_WARNS=no MK_CTF=no \
++<<<<<<< HEAD
+ MK_CLANG_EXTRAS=yes MK_CLANG_FULL=no \
+ MK_CLANG_FORMAT=no
++=======
+ MK_CLANG_EXTRAS=no MK_CLANG_FORMAT=no MK_CLANG_FULL=no \
++>>>>>>> upstream/main
MK_LLDB=no MK_TESTS=no \
MK_INCLUDES=yes
diff --cc targets/pseudo/userland/share/Makefile.depend
index 3198034aea29,9946a8370552..000000000000
mode 100644,100644..100755
--- a/targets/pseudo/userland/share/Makefile.depend
+++ b/targets/pseudo/userland/share/Makefile.depend
@@@ -60,7 -60,6 +60,10 @@@ DIRDEPS =
share/i18n/esdb/TCVN \
share/i18n/esdb/UTF \
share/info \
++<<<<<<< HEAD
+ share/keys/hbsd-update/trusted \
++=======
++>>>>>>> upstream/main
share/keys/pkg/trusted \
share/locale-links \
share/man/man1 \
diff --cc tests/sys/kern/kern_copyin.c
index 0215a739f627,b77360e928fd..000000000000
mode 100644,100644..100755
--- a/tests/sys/kern/kern_copyin.c
+++ b/tests/sys/kern/kern_copyin.c
@@@ -1,6 -1,4 +1,9 @@@
/*-
++<<<<<<< HEAD
+ * Copyright (c) 2016 Oliver Pinter <[email protected]>
+ * Copyright (c) 2015 The FreeBSD Foundation
++=======
++>>>>>>> upstream/main
* Copyright (c) 2015, 2020 The FreeBSD Foundation
* All rights reserved.
*
@@@ -33,10 -31,6 +36,13 @@@
__FBSDID("$FreeBSD$");
#include <sys/param.h>
++<<<<<<< HEAD
+#ifdef HARDENEDBSD
+#include <sys/mman.h>
+#endif
+#include <sys/stat.h>
++=======
++>>>>>>> upstream/main
#include <sys/exec.h>
#include <sys/sysctl.h>
#include <errno.h>
@@@ -95,9 -89,6 +101,12 @@@ ATF_TC_BODY(kern_copyin, tc
{
char template[] = "copyin.XXXXXX";
uintptr_t maxuser;
++<<<<<<< HEAD
+#ifdef HARDENEDBSD
+ void *p;
+#endif
++=======
++>>>>>>> upstream/main
#if defined(__mips__)
/*
@@@ -114,19 -105,6 +123,22 @@@
maxuser = VM_MAXUSER_ADDRESS;
#endif
++<<<<<<< HEAD
+#ifdef HARDENEDBSD
+ /*
+ * On HardenedBSD, the last page not always mapped in contrast
+ * to FreeBSD, where the last page always mapped as shared page.
+ *
+ * To fix this test, which expects the existence of the last page
+ * just map them in at the test start, and unmap them at the end.
+ */
+ p = mmap((void *)maxuser, PAGE_SIZE, PROT_READ | PROT_WRITE, MAP_ANON | MAP_EXCL | MAP_FIXED, -1, 0);
+ ATF_REQUIRE(p != MAP_FAILED);
+ ATF_REQUIRE(p == (void *)maxuser);
+#endif
+
++=======
++>>>>>>> upstream/main
scratch_file = mkstemp(template);
ATF_REQUIRE(scratch_file != -1);
unlink(template);
@@@ -144,10 -122,6 +156,13 @@@
ATF_CHECK(copyin_checker(FMAX - 10, 9) == EFAULT);
ATF_CHECK(copyin_checker(FMAX - 10, 10) == EFAULT);
ATF_CHECK(copyin_checker(FMAX - 10, 11) == EFAULT);
++<<<<<<< HEAD
+
+#ifdef HARDENEDBSD
+ munmap(p, PAGE_SIZE);
+#endif
++=======
++>>>>>>> upstream/main
}
ATF_TP_ADD_TCS(tp)
diff --cc tools/boot/install-boot.sh
index 0f3f2f4cdfdb,58ffb6987bb7..000000000000
--- a/tools/boot/install-boot.sh
+++ b/tools/boot/install-boot.sh
@@@ -11,7 -11,7 +11,11 @@@
# insert code here to guess what you have -- yikes!
# Minimum size of FAT filesystems, in KB.
++<<<<<<< HEAD
+fat32min=65525
++=======
+ fat32min=33292
++>>>>>>> upstream/main
fat16min=2100
die() {
diff --cc tools/build/mk/OptionalObsoleteFiles.inc
index 6836c6f4e558,69065a9c4a3b..000000000000
mode 100644,100644..100755
--- a/tools/build/mk/OptionalObsoleteFiles.inc
+++ b/tools/build/mk/OptionalObsoleteFiles.inc
@@@ -2445,36 -2445,6 +2445,39 @@@ OLD_FILES+=usr/share/snmp/defs/hast_tre
OLD_FILES+=usr/share/snmp/mibs/BEGEMOT-HAST-MIB.txt
.endif
++<<<<<<< HEAD
+.if ${MK_HBSD_UPDATE} == no
+OLD_FILES+=etc/hbsd-update.conf
+OLD_FILES+=usr/sbin/hbsd-update
+OLD_FILES+=usr/sbin/hbsd-update-build
+OLD_FILES+=usr/share/man/man8/hbsd-update.8.gz
+OLD_FILES+=usr/share/man/man8/hbsd-update-build.8.gz
+OLD_DIRS+=usr/share/keys/hbsd-update/revoked
+OLD_FILES+=usr/share/keys/hbsd-update/trusted/5905e1b4.0
+OLD_FILES+=usr/share/keys/hbsd-update/trusted/ca.hardenedbsd.org
+OLD_DIRS+=usr/share/keys/hbsd-update/trusted
+OLD_DIRS+=usr/share/keys/hbsd-update
+.endif
+
+.if ${MK_HBSDCONTROL} == no
+OLD_LIBS+=usr/lib/libhbsdcontrol.a
+OLD_LIBS+=usr/lib/libhbsdcontrol_p.a
+OLD_LIBS+=usr/lib/libhbsdcontrol.so
+OLD_LIBS+=usr/lib/libhbsdcontrol.so.0
+OLD_FILES+=usr/include/libhbsdcontrol.h
+OLD_FILES+=usr/lib/debug/usr/lib/libhbsdcontrol.so.0.debug
+OLD_FILES+=usr/lib/debug/usr/sbin/hbsdcontrol.debug
+OLD_FILES+=usr/sbin/hbsdcontrol
+OLD_FILES+=usr/share/man/man3/hbsdcontrol_rm_extattr.3.gz
+OLD_FILES+=usr/share/man/man3/hbsdcontrol_rm_feature_state.3.gz
+OLD_FILES+=usr/share/man/man3/hbsdcontrol_set_extattr.3.gz
+OLD_FILES+=usr/share/man/man3/hbsdcontrol_set_feature_state.3.gz
+OLD_FILES+=usr/share/man/man3/libhbsdcontrol.3.gz
+OLD_FILES+=usr/share/man/man8/bsdcontrol.8.gz
+.endif
+
++=======
++>>>>>>> upstream/main
.if ${MK_HESIOD} == no
OLD_FILES+=usr/bin/hesinfo
OLD_FILES+=usr/include/hesiod.h
@@@ -6439,6 -6409,7 +6442,10 @@@ OLD_FILES+=etc/periodic/daily/480.leapf
OLD_FILES+=etc/rc.d/ntpd
OLD_FILES+=usr/bin/ntpq
OLD_FILES+=usr/sbin/ntp-keygen
++<<<<<<< HEAD
++=======
+ OLD_FILES+=usr/sbin/ntpd
++>>>>>>> upstream/main
OLD_FILES+=usr/sbin/ntpdate
OLD_FILES+=usr/sbin/ntpdc
OLD_FILES+=usr/sbin/ntptime
diff --cc tools/tools/nanobsd/embedded/qemu-powerpc64.cfg
index cfd0b6f34a45,e16cefdb7434..000000000000
mode 100644,100644..100755
--- a/tools/tools/nanobsd/embedded/qemu-powerpc64.cfg
+++ b/tools/tools/nanobsd/embedded/qemu-powerpc64.cfg
@@@ -27,7 -27,7 +27,11 @@@
#
NANO_ARCH=powerpc64
++<<<<<<< HEAD
+NANO_KERNEL=HARDENEDBSD64
++=======
+ NANO_KERNEL=GENERIC64
++>>>>>>> upstream/main
NANO_DRIVE=ada0
NANO_NAME=qemu-powerpc64
diff --cc usr.bin/Makefile
index d65cd5103df6,8ea3b1c2bfe3..000000000000
mode 100644,100644..100755
--- a/usr.bin/Makefile
+++ b/usr.bin/Makefile
@@@ -231,7 -231,7 +231,11 @@@ SUBDIR.${MK_KDUMP}+= trus
SUBDIR.${MK_KERBEROS_SUPPORT}+= compile_et
SUBDIR.${MK_LDNS_UTILS}+= drill
SUBDIR.${MK_LDNS_UTILS}+= host
++<<<<<<< HEAD
+#SUBDIR.${MK_LIB32}+= ldd32
++=======
+ SUBDIR.${MK_LIB32}+= ldd32
++>>>>>>> upstream/main
SUBDIR.${MK_LOCATE}+= locate
# XXX msgs?
SUBDIR.${MK_MAIL}+= biff
diff --cc usr.bin/ar/Makefile
index ddcae5e39fac,7a6601a7d043..000000000000
mode 100644,100644..100755
--- a/usr.bin/ar/Makefile
+++ b/usr.bin/ar/Makefile
@@@ -2,9 -2,8 +2,14 @@@
.include <src.opts.mk>
++<<<<<<< HEAD
+PROG= elftc-ar
+SRCS= ar.c acplex.l acpyacc.y read.c util.c write.c y.tab.h
+MAN= ar.1
++=======
+ PROG= ar
+ SRCS= ar.c acplex.l acpyacc.y read.c util.c write.c y.tab.h
++>>>>>>> upstream/main
LIBADD= archive elf
@@@ -15,14 -14,7 +20,18 @@@ CFLAGS+=-I. -I${.CURDIR
.if ${MK_SHARED_TOOLCHAIN} == "no"
NO_SHARED?= yes
.endif
++<<<<<<< HEAD
+
+.if ${MK_LLVM_AR_IS_AR} == "no"
+SYMLINKS= ${BINDIR}/elftc-ar ${BINDIR}/ranlib \
+ ${BINDIR}/elftc-ar ${BINDIR}/ar
+.else
+SYMLINKS= ${BINDIR}/elftc-ar ${BINDIR}/elftc-ranlib
+.endif
+
++=======
+ LINKS= ${BINDIR}/ar ${BINDIR}/ranlib
++>>>>>>> upstream/main
MLINKS= ar.1 ranlib.1
.include <bsd.prog.mk>
diff --cc usr.bin/calendar/Makefile
index f89a942245e3,d7937b8cf804..000000000000
mode 100644,100644..100755
--- a/usr.bin/calendar/Makefile
+++ b/usr.bin/calendar/Makefile
@@@ -13,8 -13,7 +13,12 @@@ CFLAGS+= -DWITH_ICON
.endif
FILESGROUPS+= CALS
++<<<<<<< HEAD
+CALS= calendars/calendar.all \
+ calendars/calendar.freebsd
++=======
+ CALS= calendars/calendar.freebsd
++>>>>>>> upstream/main
CALSDIR= ${SHAREDIR}/calendar
HAS_TESTS=
diff --cc usr.bin/cap_mkdb/Makefile
index 79de43c7151f,408790c6c025..000000000000
mode 100644,100644..100755
--- a/usr.bin/cap_mkdb/Makefile
+++ b/usr.bin/cap_mkdb/Makefile
@@@ -3,6 -3,4 +3,9 @@@
PROG= cap_mkdb
++<<<<<<< HEAD
+NOCFI= yes
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
diff --cc usr.bin/clang/Makefile.inc
index 70c50c8e780a,a257b795b7af..000000000000
mode 100644,100644..100755
--- a/usr.bin/clang/Makefile.inc
+++ b/usr.bin/clang/Makefile.inc
@@@ -4,6 -4,8 +4,11 @@@ WARNS?=
.include <bsd.compiler.mk>
++<<<<<<< HEAD
++=======
+ MK_PIE:= no # Explicit libXXX.a references
+
++>>>>>>> upstream/main
.if ${COMPILER_TYPE} == "clang"
DEBUG_FILES_CFLAGS= -gline-tables-only
.else
diff --cc usr.bin/clang/clang.prog.mk
index ccc46b40564f,de5cceac7c6b..000000000000
mode 100644,100644..100755
--- a/usr.bin/clang/clang.prog.mk
+++ b/usr.bin/clang/clang.prog.mk
@@@ -20,8 -20,5 +20,11 @@@ PACKAGE= clan
LIBADD+= execinfo
LIBADD+= ncursesw
LIBADD+= pthread
++<<<<<<< HEAD
+LIBADD+= z
+
+NOCFI= yes
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
diff --cc usr.bin/clang/lld/Makefile
index 35f95f8a1f69,3593a4006ba2..000000000000
mode 100644,100644..100755
--- a/usr.bin/clang/lld/Makefile
+++ b/usr.bin/clang/lld/Makefile
@@@ -2,8 -2,6 +2,11 @@@
.include <src.opts.mk>
++<<<<<<< HEAD
+MK_CFI= no
+
++=======
++>>>>>>> upstream/main
LLVM_BASE= ${SRCTOP}/contrib/llvm-project
LLVM_SRCS= ${LLVM_BASE}/llvm
LLD_SRCS= ${LLVM_BASE}/lld
diff --cc usr.bin/clang/llvm-ar/Makefile
index 0a7ced714051,86d4538271a1..000000000000
mode 100644,100644..100755
--- a/usr.bin/clang/llvm-ar/Makefile
+++ b/usr.bin/clang/llvm-ar/Makefile
@@@ -1,7 -1,5 +1,10 @@@
# $FreeBSD$
++<<<<<<< HEAD
+.include <src.opts.mk>
+
++=======
++>>>>>>> upstream/main
PROG_CXX= llvm-ar
MAN= llvm-ar.1 llvm-ranlib.1
@@@ -12,9 -10,4 +15,12 @@@ LIBADD+=
LINKS+= ${BINDIR}/llvm-ar ${BINDIR}/llvm-ranlib
++<<<<<<< HEAD
+.if ${MK_LLVM_AR_IS_AR} != "no"
+SYMLINKS= ${BINDIR}/llvm-ar ${BINDIR}/ar \
+ ${BINDIR}/llvm-ar ${BINDIR}/ranlib
+.endif
+
++=======
++>>>>>>> upstream/main
.include "../llvm.prog.mk"
diff --cc usr.bin/clang/llvm-nm/Makefile
index 8050879d0b00,02f16887a7cf..000000000000
mode 100644,100644..100755
--- a/usr.bin/clang/llvm-nm/Makefile
+++ b/usr.bin/clang/llvm-nm/Makefile
@@@ -1,7 -1,5 +1,10 @@@
# $FreeBSD$
++<<<<<<< HEAD
+.include <src.opts.mk>
+
++=======
++>>>>>>> upstream/main
PROG_CXX= llvm-nm
SRCDIR= llvm/tools/llvm-nm
@@@ -9,8 -7,4 +12,11 @@@ SRCS+= llvm-nm.cp
LIBADD+= z
++<<<<<<< HEAD
+.if ${MK_LLVM_NM_IS_NM} != "no"
+SYMLINKS= ${BINDIR}/llvm-nm ${BINDIR}/nm
+.endif
+
++=======
++>>>>>>> upstream/main
.include "../llvm.prog.mk"
diff --cc usr.bin/clang/llvm-objdump/Makefile
index 164bf49a7f17,34b015042718..000000000000
mode 100644,100644..100755
--- a/usr.bin/clang/llvm-objdump/Makefile
+++ b/usr.bin/clang/llvm-objdump/Makefile
@@@ -1,7 -1,5 +1,10 @@@
# $FreeBSD$
++<<<<<<< HEAD
+.include <src.opts.mk>
+
++=======
++>>>>>>> upstream/main
PROG_CXX= llvm-objdump
SRCDIR= llvm/tools/llvm-objdump
@@@ -14,9 -12,4 +17,12 @@@ SRCS+= llvm-objdump.cp
LIBADD+= z
++<<<<<<< HEAD
+.if ${MK_LLVM_OBJDUMP_IS_OBJDUMP} != "no"
+SYMLINKS= ${BINDIR}/llvm-objdump \
+ ${BINDIR}/objdump
+.endif
+
++=======
++>>>>>>> upstream/main
.include "../llvm.prog.mk"
diff --cc usr.bin/clang/llvm.prog.mk
index 90cba30d7078,58fd3eedd113..000000000000
mode 100644,100644..100755
--- a/usr.bin/clang/llvm.prog.mk
+++ b/usr.bin/clang/llvm.prog.mk
@@@ -25,8 -25,5 +25,11 @@@ PACKAGE= clan
LIBADD+= execinfo
LIBADD+= ncursesw
LIBADD+= pthread
++<<<<<<< HEAD
+LIBADD+= z
+
+NOCFI= yes
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
diff --cc usr.bin/grep/Makefile
index c8ec63c951f5,418889047052..000000000000
mode 100644,100644..100755
--- a/usr.bin/grep/Makefile
+++ b/usr.bin/grep/Makefile
@@@ -4,8 -4,6 +4,11 @@@
.include <src.opts.mk>
++<<<<<<< HEAD
+NOCFI= yes
+
++=======
++>>>>>>> upstream/main
.if ${MK_BSD_GREP} == "yes" || defined(BOOTSTRAPPING)
PROG= grep
MAN1= grep.1 zgrep.1
diff --cc usr.bin/logger/logger.c
index 0216bbf7bceb,44aa8ed3bae1..000000000000
mode 100644,100644..100755
--- a/usr.bin/logger/logger.c
+++ b/usr.bin/logger/logger.c
@@@ -104,7 -104,7 +104,11 @@@ main(int argc, char *argv[]
time_t now;
int ch, logflags, pri;
char *tag, *host, buf[1024], *timestamp, tbuf[26],
++<<<<<<< HEAD
+ *hostname, hbuf[MAXHOSTNAMELEN+1], *dotp, *pristr;
++=======
+ *hostname, hbuf[MAXHOSTNAMELEN], *pristr;
++>>>>>>> upstream/main
const char *svcname, *src;
tag = NULL;
@@@ -205,12 -205,8 +209,17 @@@
if (hostname == NULL) {
hostname = hbuf;
++<<<<<<< HEAD
+ memset(hbuf, 0, sizeof(hbuf));
+ if (gethostname(hbuf, MAXHOSTNAMELEN))
+ hostname[0] = '\0';
+ dotp = strchr(hostname, '.');
+ if (dotp != NULL)
+ *dotp = '\0';
++=======
+ (void )gethostname(hbuf, MAXHOSTNAMELEN);
+ *strchrnul(hostname, '.') = '\0';
++>>>>>>> upstream/main
}
/* log input line if appropriate */
diff --cc usr.bin/login/login.conf
index 4e53a2d25452,25f0f267ff68..000000000000
mode 100644,100644..100755
--- a/usr.bin/login/login.conf
+++ b/usr.bin/login/login.conf
@@@ -26,7 -26,6 +26,10 @@@ default:
:passwd_format=sha512:\
:copyright=/etc/COPYRIGHT:\
:welcome=/var/run/motd:\
++<<<<<<< HEAD
+ :LC_COLLATE=C:\
++=======
++>>>>>>> upstream/main
:setenv=BLOCKSIZE=K:\
:mail=/var/mail/$:\
:path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\
diff --cc usr.bin/login/motd.template
index 58ba8c3cf967,ea98a3266c3a..000000000000
mode 100644,100644..100755
--- a/usr.bin/login/motd.template
+++ b/usr.bin/login/motd.template
@@@ -1,21 -1,20 +1,44 @@@
++<<<<<<< HEAD
+HardenedBSD ?.?.? (UNKNOWN)
+
++------------------------------------------------------------------------------+
+| |
+| Welcome to HardenedBSD! |
+| |
+| _ _ _ _ ____ _____ _____ |
+| | | | | | | | | _ \ / ____| __ \ |
+| | |__| | __ _ _ __ __| | ___ _ __ ___ __| | |_) | (___ | | | | |
+| | __ |/ _` | '__/ _` |/ _ \ '_ \ / _ \/ _` | _ < \___ \| | | | |
+| | | | | (_| | | | (_| | __/ | | | __/ (_| | |_) |____) | |__| | |
+| |_| |_|\__,_|_| \__,_|\___|_| |_|\___|\__,_|____/|_____/|_____/ |
+| |
++------------------------------------------------------------------------------+
+ Edit /etc/motd to change this login announcement.
+
+HardenedBSD website: https://hardenedbsd.org/
+Code repositories: https://git-01.md.hardenedbsd.org/
+Mailing lists: https://hardenedbsd.org/content/mailing-lists/
+Documentation:
+ https://git-01.md.hardenedbsd.org/HardenedBSD/hardenedbsd/wiki
++=======
+
+ Welcome to FreeBSD!
+
+ Release Notes, Errata: https://www.FreeBSD.org/releases/
+ Security Advisories: https://www.FreeBSD.org/security/
+ FreeBSD Handbook: https://www.FreeBSD.org/handbook/
+ FreeBSD FAQ: https://www.FreeBSD.org/faq/
+ Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
+ FreeBSD Forums: https://forums.FreeBSD.org/
+
+ Documents installed with the system are in the /usr/local/share/doc/freebsd/
+ directory, or can be installed later with: pkg install en-freebsd-doc
+ For other languages, replace "en" with a language code like de or fr.
+
+ Show the version of FreeBSD installed: freebsd-version ; uname -a
+ Please include that output and any error messages when posting questions.
+ Introduction to manual pages: man man
+ FreeBSD directory layout: man hier
+
+ To change this login announcement, see motd(5).
++>>>>>>> upstream/main
diff --cc usr.bin/mail/Makefile
index 9c7136220aa0,7b205b8019d8..000000000000
mode 100644,100644..100755
--- a/usr.bin/mail/Makefile
+++ b/usr.bin/mail/Makefile
@@@ -12,8 -12,6 +12,11 @@@ EFILES= mail.r
LINKS= ${BINDIR}/mail ${BINDIR}/Mail ${BINDIR}/mail ${BINDIR}/mailx
MLINKS= mail.1 Mail.1 mail.1 mailx.1
++<<<<<<< HEAD
+CFI_OVERRIDE=-fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
WARNS?= 2
.PATH: ${.CURDIR}/misc
diff --cc usr.bin/nc/Makefile
index df5ed65b3897,b518cfdc67ce..000000000000
mode 100644,100644..100755
--- a/usr.bin/nc/Makefile
+++ b/usr.bin/nc/Makefile
@@@ -10,8 -10,6 +10,11 @@@ SRCS= netcat.c atomicio.c socks.
CFLAGS+=-DIPSEC
LIBADD= ipsec
++<<<<<<< HEAD
+CFI_OVERRIDE=-fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.if ${MK_STATS} != "no" && !defined(RESCUE)
LIBADD+= sbuf stats
CFLAGS+= -DWITH_STATS
diff --cc usr.bin/nm/Makefile
index e571f10610e9,b1b9555962e7..000000000000
mode 100644,100644..100755
--- a/usr.bin/nm/Makefile
+++ b/usr.bin/nm/Makefile
@@@ -7,9 -7,7 +7,13 @@@ NMDIR= ${ELFTCDIR}/n
.PATH: ${NMDIR}
++<<<<<<< HEAD
+PROG= elftc-nm
+SRCS= nm.c
+MAN= nm.1
++=======
+ PROG= nm
++>>>>>>> upstream/main
LIBADD= dwarf elftc elf
@@@ -21,8 -19,4 +25,11 @@@ CFLAGS+= -DWITH_CASPE
CFLAGS+=-I${ELFTCDIR}/libelftc -I${ELFTCDIR}/common
++<<<<<<< HEAD
+.if ${MK_LLVM_NM_IS_NM} == "no"
+SYMLINKS= ${BINDIR}/elftc-nm ${BINDIR}/nm
+.endif
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
diff --cc usr.bin/procstat/procstat_auxv.c
index 3d04ae05736b,0b540de973de..000000000000
mode 100644,100644..100755
--- a/usr.bin/procstat/procstat_auxv.c
+++ b/usr.bin/procstat/procstat_auxv.c
@@@ -204,11 -204,6 +204,14 @@@ procstat_auxv(struct procstat *procstat
prefix, "AT_BSDFLAGS", (u_long)auxv[i].a_un.a_val);
break;
#endif
++<<<<<<< HEAD
+#ifdef AT_PAXFLAGS
+ case AT_PAXFLAGS:
+ xo_emit("{dw:/%s}{Lw:/%-16s/%s}{:AT_PAXFLAGS/%#lx}\n",
+ prefix, "AT_PAXFLAGS", (u_long)auxv[i].a_un.a_val);
+#endif
++=======
++>>>>>>> upstream/main
#ifdef AT_ARGC
case AT_ARGC:
xo_emit("{dw:/%s}{Lw:/%-16s/%s}{:AT_ARGC/%ld}\n",
diff --cc usr.bin/rpcgen/Makefile
index ab6a8081d816,f78fa64968fd..000000000000
mode 100644,100644..100755
--- a/usr.bin/rpcgen/Makefile
+++ b/usr.bin/rpcgen/Makefile
@@@ -4,6 -4,4 +4,9 @@@ PROG= rpcge
SRCS= rpc_main.c rpc_clntout.c rpc_cout.c rpc_hout.c rpc_parse.c \
rpc_sample.c rpc_scan.c rpc_svcout.c rpc_tblout.c rpc_util.c
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
diff --cc usr.bin/rpcinfo/Makefile
index 1644284c04c6,3c8e51c000c3..000000000000
mode 100644,100644..100755
--- a/usr.bin/rpcinfo/Makefile
+++ b/usr.bin/rpcinfo/Makefile
@@@ -9,6 -9,4 +9,9 @@@ CFLAGS+= -DPORTMA
WARNS?= 2
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
diff --cc usr.bin/showmount/Makefile
index 42402d9064fc,59199098dda6..000000000000
mode 100644,100644..100755
--- a/usr.bin/showmount/Makefile
+++ b/usr.bin/showmount/Makefile
@@@ -4,6 -4,4 +4,9 @@@
PROG= showmount
MAN= showmount.8
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
diff --cc usr.bin/svn/Makefile.inc
index 32eee3399ceb,8a6458fc0419..000000000000
mode 100644,100644..100755
--- a/usr.bin/svn/Makefile.inc
+++ b/usr.bin/svn/Makefile.inc
@@@ -2,13 -2,14 +2,22 @@@
.include <src.opts.mk>
++<<<<<<< HEAD
+MK_PIE:= no # Explicit libXXX.a references
+
++=======
++>>>>>>> upstream/main
.if ${MK_SVN} == "yes"
SVNLITE?=
.else
SVNLITE?= lite
.endif
++<<<<<<< HEAD
++=======
+ .if ${MK_PIE} != "no"
+ PIE_SUFFIX= _pie
+ .endif
++>>>>>>> upstream/main
PACKAGE= svn
@@@ -40,23 -41,23 +49,44 @@@ LIBSVN_REPOSDIR= ${.OBJDIR:H}/lib/libsv
LIBSVN_SUBRDIR= ${.OBJDIR:H}/lib/libsvn_subr
LIBSVN_WCDIR= ${.OBJDIR:H}/lib/libsvn_wc
++<<<<<<< HEAD
+LIBAPR= ${LIBAPRDIR}/libapr.a
+LIBAPR_UTIL= ${LIBAPR_UTILDIR}/libapr-util.a
+LIBSERF= ${LIBSERFDIR}/libserf.a
+
+LIBSVN_CLIENT= ${LIBSVN_CLIENTDIR}/libsvn_client.a
+LIBSVN_DELTA= ${LIBSVN_DELTADIR}/libsvn_delta.a
+LIBSVN_DIFF= ${LIBSVN_DIFFDIR}/libsvn_diff.a
+LIBSVN_FS= ${LIBSVN_FSDIR}/libsvn_fs.a
+LIBSVN_FS_FS= ${LIBSVN_FS_FSDIR}/libsvn_fs_fs.a
+LIBSVN_FS_UTIL= ${LIBSVN_FS_UTILDIR}/libsvn_fs_util.a
+LIBSVN_FS_X= ${LIBSVN_FS_XDIR}/libsvn_fs_x.a
+LIBSVN_RA= ${LIBSVN_RADIR}/libsvn_ra.a
+LIBSVN_RA_LOCAL= ${LIBSVN_RA_LOCALDIR}/libsvn_ra_local.a
+LIBSVN_RA_SVN= ${LIBSVN_RA_SVNDIR}/libsvn_ra_svn.a
+LIBSVN_RA_SERF= ${LIBSVN_RA_SERFDIR}/libsvn_ra_serf.a
+LIBSVN_REPOS= ${LIBSVN_REPOSDIR}/libsvn_repos.a
+LIBSVN_SUBR= ${LIBSVN_SUBRDIR}/libsvn_subr.a
+LIBSVN_WC= ${LIBSVN_WCDIR}/libsvn_wc.a
++=======
+ LIBAPR= ${LIBAPRDIR}/libapr${PIE_SUFFIX}.a
+ LIBAPR_UTIL= ${LIBAPR_UTILDIR}/libapr-util${PIE_SUFFIX}.a
+ LIBSERF= ${LIBSERFDIR}/libserf${PIE_SUFFIX}.a
+
+ LIBSVN_CLIENT= ${LIBSVN_CLIENTDIR}/libsvn_client${PIE_SUFFIX}.a
+ LIBSVN_DELTA= ${LIBSVN_DELTADIR}/libsvn_delta${PIE_SUFFIX}.a
+ LIBSVN_DIFF= ${LIBSVN_DIFFDIR}/libsvn_diff${PIE_SUFFIX}.a
+ LIBSVN_FS= ${LIBSVN_FSDIR}/libsvn_fs${PIE_SUFFIX}.a
+ LIBSVN_FS_FS= ${LIBSVN_FS_FSDIR}/libsvn_fs_fs${PIE_SUFFIX}.a
+ LIBSVN_FS_UTIL= ${LIBSVN_FS_UTILDIR}/libsvn_fs_util${PIE_SUFFIX}.a
+ LIBSVN_FS_X= ${LIBSVN_FS_XDIR}/libsvn_fs_x${PIE_SUFFIX}.a
+ LIBSVN_RA= ${LIBSVN_RADIR}/libsvn_ra${PIE_SUFFIX}.a
+ LIBSVN_RA_LOCAL= ${LIBSVN_RA_LOCALDIR}/libsvn_ra_local${PIE_SUFFIX}.a
+ LIBSVN_RA_SVN= ${LIBSVN_RA_SVNDIR}/libsvn_ra_svn${PIE_SUFFIX}.a
+ LIBSVN_RA_SERF= ${LIBSVN_RA_SERFDIR}/libsvn_ra_serf${PIE_SUFFIX}.a
+ LIBSVN_REPOS= ${LIBSVN_REPOSDIR}/libsvn_repos${PIE_SUFFIX}.a
+ LIBSVN_SUBR= ${LIBSVN_SUBRDIR}/libsvn_subr${PIE_SUFFIX}.a
+ LIBSVN_WC= ${LIBSVN_WCDIR}/libsvn_wc${PIE_SUFFIX}.a
++>>>>>>> upstream/main
.endif
diff --cc usr.bin/svn/svn/Makefile
index 755a510d21f8,fc31b878fbee..000000000000
mode 100644,100644..100755
--- a/usr.bin/svn/svn/Makefile
+++ b/usr.bin/svn/svn/Makefile
@@@ -67,8 -67,6 +67,11 @@@ CFLAGS+= -I${SVNDIR}/include
-I${APRU}/include/private \
-I${APRU}/include
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
LDADD= -L${LIBSVN_CLIENTDIR} -lsvn_client${PIE_SUFFIX} \
-L${LIBSVN_WCDIR} -lsvn_wc${PIE_SUFFIX} \
-L${LIBSVN_RADIR} -lsvn_ra${PIE_SUFFIX} \
diff --cc usr.bin/tsort/Makefile
index eec528d52104,b0d353e4d8f7..000000000000
mode 100644,100644..100755
--- a/usr.bin/tsort/Makefile
+++ b/usr.bin/tsort/Makefile
@@@ -3,6 -3,4 +3,9 @@@
PROG= tsort
++<<<<<<< HEAD
+CFI_OVERRIDE=-fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
diff --cc usr.bin/vi/Makefile
index 48cd95719949,993970fd3051..000000000000
mode 100644,100644..100755
--- a/usr.bin/vi/Makefile
+++ b/usr.bin/vi/Makefile
@@@ -16,8 -16,6 +16,11 @@@ VIEW= nvie
PROG= nvi
++<<<<<<< HEAD
+CFI_OVERRIDE=-fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
CFLAGS+= -D__REGEX_PRIVATE
LINKS= ${BINDIR}/${VI} ${BINDIR}/${EX} ${BINDIR}/${VI} ${BINDIR}/${VIEW}
diff --cc usr.sbin/Makefile
index fac2524fa1fe,bd2f0cbe0797..000000000000
mode 100644,100644..100755
--- a/usr.sbin/Makefile
+++ b/usr.sbin/Makefile
@@@ -141,8 -141,6 +141,11 @@@ SUBDIR.${MK_FMTREE}+= fmtre
SUBDIR.${MK_FREEBSD_UPDATE}+= freebsd-update
SUBDIR.${MK_GSSAPI}+= gssd
SUBDIR.${MK_GPIO}+= gpioctl
++<<<<<<< HEAD
+SUBDIR.${MK_HBSD_UPDATE}+= hbsd-update
+SUBDIR.${MK_HBSDCONTROL}+= hbsdcontrol
++=======
++>>>>>>> upstream/main
SUBDIR.${MK_INET6}+= ip6addrctl
SUBDIR.${MK_INET6}+= mld6query
SUBDIR.${MK_INET6}+= ndp
diff --cc usr.sbin/bhyve/bhyverun.c
index eab9bf113f9c,51df78c5f5ea..000000000000
mode 100644,100644..100755
--- a/usr.sbin/bhyve/bhyverun.c
+++ b/usr.sbin/bhyve/bhyverun.c
@@@ -355,8 -355,7 +355,12 @@@ topology_parse(const char *opt
return(0);
out:
++<<<<<<< HEAD
+ if (str != NULL)
+ free(str);
++=======
+ free(str);
++>>>>>>> upstream/main
return (-1);
}
diff --cc usr.sbin/bhyve/xmsr.c
index 81eb70041435,0b87821836b7..000000000000
mode 100644,100644..100755
--- a/usr.sbin/bhyve/xmsr.c
+++ b/usr.sbin/bhyve/xmsr.c
@@@ -61,8 -61,6 +61,11 @@@ emulate_wrmsr(struct vmctx *ctx, int vc
return (0);
case MSR_BIOS_SIGN:
return (0);
++<<<<<<< HEAD
+ case MSR_IA32_DEBUG_INTERFACE:
+ return (0);
++=======
++>>>>>>> upstream/main
default:
break;
}
@@@ -126,13 -124,6 +129,16 @@@ emulate_rdmsr(struct vmctx *ctx, int vc
*/
*val = 0x000a1003;
break;
++<<<<<<< HEAD
+ case MSR_IA32_DEBUG_INTERFACE:
+ /*
+ * Mark the Silicon Debug feature as disabled
+ * and lock the configuration.
+ */
+ *val = 0 | IA32_DEBUG_INTERFACE_LOCK;
+ return (0);
++=======
++>>>>>>> upstream/main
default:
error = -1;
break;
diff --cc usr.sbin/bhyveload/Makefile
index ff04f381c0ef,48bed64c26e4..000000000000
mode 100644,100644..100755
--- a/usr.sbin/bhyveload/Makefile
+++ b/usr.sbin/bhyveload/Makefile
@@@ -5,8 -5,6 +5,11 @@@ SRCS= bhyveload.
MAN= bhyveload.8
PACKAGE= bhyve
++<<<<<<< HEAD
+CFI_OVERRIDE=-fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
LIBADD= vmmapi
WARNS?= 3
diff --cc usr.sbin/blacklistd/Makefile
index d3da0e416875,8c9a354a7fb3..000000000000
mode 100644,100644..100755
--- a/usr.sbin/blacklistd/Makefile
+++ b/usr.sbin/blacklistd/Makefile
@@@ -20,6 -20,4 +20,9 @@@ CFLAGS+=-I${BLACKLIST_DIR}/include -I${
-DHAVE_STRUCT_SOCKADDR_SA_LEN
# CFLAGS+= -D_REENTRANT
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
diff --cc usr.sbin/bsdinstall/distextract/distextract.c
index 0263a58d7db7,81d83f982e30..000000000000
mode 100644,100644..100755
--- a/usr.sbin/bsdinstall/distextract/distextract.c
+++ b/usr.sbin/bsdinstall/distextract/distextract.c
@@@ -71,7 -71,7 +71,11 @@@ main(void
size_t span;
struct dpv_config *config;
struct dpv_file_node *dist = dists;
++<<<<<<< HEAD
+ static char backtitle[] = "HardenedBSD Installer";
++=======
+ static char backtitle[] = "FreeBSD Installer";
++>>>>>>> upstream/main
static char title[] = "Archive Extraction";
static char aprompt[] = "\n Overall Progress:";
static char pprompt[] = "Extracting distribution files...\n";
diff --cc usr.sbin/bsdinstall/distfetch/distfetch.c
index f65ed7bfe29b,5f262343720e..000000000000
mode 100644,100644..100755
--- a/usr.sbin/bsdinstall/distfetch/distfetch.c
+++ b/usr.sbin/bsdinstall/distfetch/distfetch.c
@@@ -69,7 -69,7 +69,11 @@@ main(void
}
init_dialog(stdin, stdout);
++<<<<<<< HEAD
+ dialog_vars.backtitle = __DECONST(char *, "HardenedBSD Installer");
++=======
+ dialog_vars.backtitle = __DECONST(char *, "FreeBSD Installer");
++>>>>>>> upstream/main
dlg_put_backtitle();
for (i = 0; i < ndists; i++) {
diff --cc usr.sbin/bsdinstall/partedit/part_wizard.c
index c98697cc2ed9,3160e1f049ea..000000000000
mode 100644,100644..100755
--- a/usr.sbin/bsdinstall/partedit/part_wizard.c
+++ b/usr.sbin/bsdinstall/partedit/part_wizard.c
@@@ -154,7 -154,7 +154,11 @@@ boot_disk(struct gmesh *mesh
if (n > 1) {
err = dlg_menu("Partitioning",
++<<<<<<< HEAD
+ "Select the disk on which to install HardenedBSD.", 0, 0, 0,
++=======
+ "Select the disk on which to install FreeBSD.", 0, 0, 0,
++>>>>>>> upstream/main
n, disks, &selected, NULL);
chosen = (err == 0) ? strdup(disks[selected].name) : NULL;
@@@ -236,7 -236,7 +240,11 @@@ query
dialog_vars.defaultno = TRUE;
snprintf(message, sizeof(message), "Would you like to use this entire "
++<<<<<<< HEAD
+ "disk (%s) for HardenedBSD or partition it to share it with other "
++=======
+ "disk (%s) for FreeBSD or partition it to share it with other "
++>>>>>>> upstream/main
"operating systems? Using the entire disk will erase any data "
"currently stored there.", disk);
choice = dialog_yesno("Partition", message, 0, 0);
@@@ -251,7 -251,7 +259,11 @@@
sprintf(warning, "The existing partition scheme on this "
"disk (%s) is not bootable on this platform. To install "
++<<<<<<< HEAD
+ "HardenedBSD, it must be repartitioned. This will destroy all "
++=======
+ "FreeBSD, it must be repartitioned. This will destroy all "
++>>>>>>> upstream/main
"data on the disk. Are you sure you want to proceed?",
scheme);
subchoice = dialog_yesno("Non-bootable Disk", warning, 0, 0);
@@@ -335,7 -335,7 +347,11 @@@ wizard_makeparts(struct gmesh *mesh, co
humanize_number(neededstr, 7, MIN_FREE_SPACE, "B", HN_AUTOSCALE,
HN_DECIMAL);
sprintf(message, "There is not enough free space on %s to "
++<<<<<<< HEAD
+ "install HardenedBSD (%s free, %s required). Would you like "
++=======
+ "install FreeBSD (%s free, %s required). Would you like "
++>>>>>>> upstream/main
"to choose another disk or to open the partition editor?",
disk, availablestr, neededstr);
diff --cc usr.sbin/bsdinstall/partedit/partedit.c
index 08d3cc2992b9,c5fa28e73582..000000000000
mode 100644,100644..100755
--- a/usr.sbin/bsdinstall/partedit/partedit.c
+++ b/usr.sbin/bsdinstall/partedit/partedit.c
@@@ -102,7 -102,7 +102,11 @@@ main(int argc, const char **argv
init_dialog(stdin, stdout);
if (!sade_mode)
++<<<<<<< HEAD
+ dialog_vars.backtitle = __DECONST(char *, "HardenedBSD Installer");
++=======
+ dialog_vars.backtitle = __DECONST(char *, "FreeBSD Installer");
++>>>>>>> upstream/main
dialog_vars.item_help = TRUE;
nscroll = i = 0;
@@@ -126,7 -126,7 +130,11 @@@
return (error);
}
} else {
++<<<<<<< HEAD
+ prompt = "Create partitions for HardenedBSD. No changes will be "
++=======
+ prompt = "Create partitions for FreeBSD. No changes will be "
++>>>>>>> upstream/main
"made until you select Finish.";
}
@@@ -297,7 -297,7 +305,11 @@@ validate_setup(void
if (root == NULL) {
dialog_msgbox("Error", "No root partition was found. "
++<<<<<<< HEAD
+ "The root HardenedBSD partition must have a mountpoint of '/'.",
++=======
+ "The root FreeBSD partition must have a mountpoint of '/'.",
++>>>>>>> upstream/main
0, 0, TRUE);
return (FALSE);
}
@@@ -310,7 -310,7 +322,11 @@@
dialog_vars.defaultno = TRUE;
cancel = dialog_yesno("Warning", "The chosen root partition "
"has a preexisting filesystem. If it contains an existing "
++<<<<<<< HEAD
+ "HardenedBSD system, please update it with freebsd-update "
++=======
+ "FreeBSD system, please update it with freebsd-update "
++>>>>>>> upstream/main
"instead of installing a new system on it. The partition "
"can also be erased by pressing \"No\" and then deleting "
"and recreating it. Are you sure you want to proceed?",
diff --cc usr.sbin/bsdinstall/scripts/adduser
index b10242b93bd1,456f76b04319..000000000000
--- a/usr.sbin/bsdinstall/scripts/adduser
+++ b/usr.sbin/bsdinstall/scripts/adduser
@@@ -27,7 -27,7 +27,11 @@@
# $FreeBSD$
clear
++<<<<<<< HEAD
+echo "HardenedBSD Installer"
++=======
+ echo "FreeBSD Installer"
++>>>>>>> upstream/main
echo "========================"
echo "Add Users"
echo
diff --cc usr.sbin/bsdinstall/scripts/auto
index 8fb3cb4422c9,a58a63f2f70c..000000000000
--- a/usr.sbin/bsdinstall/scripts/auto
+++ b/usr.sbin/bsdinstall/scripts/auto
@@@ -49,7 -49,7 +49,11 @@@ msg_auto_zfs="Auto (ZFS)
msg_auto_zfs_desc="Guided Root-on-ZFS"
msg_auto_zfs_help="To use ZFS with less than 8GB RAM, see https://wiki.freebsd.org/ZFSTuningGuide"
msg_exit="Exit"
++<<<<<<< HEAD
+msg_freebsd_installer="HardenedBSD Installer"
++=======
+ msg_freebsd_installer="FreeBSD Installer"
++>>>>>>> upstream/main
msg_gpt_active_fix="Your hardware is known to have issues booting in CSM/Legacy/BIOS mode from GPT partitions that are not set active. Would you like the installer to apply this workaround for you?"
msg_lenovo_fix="Your model of Lenovo is known to have a BIOS bug that prevents it booting from GPT partitions without UEFI. Would you like the installer to apply a workaround for you?"
msg_manual="Manual"
@@@ -160,7 -160,7 +164,11 @@@ if [ -f $BSDINSTALL_DISTDIR/MANIFEST ]
exec 3>&1
EXTRA_DISTS=$( eval dialog \
++<<<<<<< HEAD
+ --backtitle \"HardenedBSD Installer\" \
++=======
+ --backtitle \"FreeBSD Installer\" \
++>>>>>>> upstream/main
--title \"Distribution Select\" --nocancel --separate-output \
--checklist \"Choose optional system components to install:\" \
0 0 0 $DISTMENU \
@@@ -183,7 -183,7 +191,11 @@@ LOCAL_DISTRIBUTIONS=`echo $LOCAL_DISTRI
FETCH_DISTRIBUTIONS=`echo $FETCH_DISTRIBUTIONS` # Trim white space
if [ -n "$FETCH_DISTRIBUTIONS" -a -n "$BSDINSTALL_CONFIGCURRENT" ]; then
++<<<<<<< HEAD
+ dialog --backtitle "HardenedBSD Installer" --title "Network Installation" --msgbox "Some installation files were not found on the boot volume. The next few screens will allow you to configure networking so that they can be downloaded from the Internet." 0 0
++=======
+ dialog --backtitle "FreeBSD Installer" --title "Network Installation" --msgbox "Some installation files were not found on the boot volume. The next few screens will allow you to configure networking so that they can be downloaded from the Internet." 0 0
++>>>>>>> upstream/main
bsdinstall netconfig || error
NETCONFIG_DONE=yes
fi
@@@ -312,7 -312,7 +324,11 @@@ case $CURARCH i
esac
exec 3>&1
++<<<<<<< HEAD
+PARTMODE=`echo $PMODES | xargs dialog --backtitle "HardenedBSD Installer" \
++=======
+ PARTMODE=`echo $PMODES | xargs dialog --backtitle "FreeBSD Installer" \
++>>>>>>> upstream/main
--title "Partitioning" \
--item-help \
--menu "How would you like to partition your disk?" \
@@@ -436,15 -436,15 +452,25 @@@ bsdinstall tim
bsdinstall services
bsdinstall hardening
++<<<<<<< HEAD
+dialog --backtitle "HardenedBSD Installer" --title "Add User Accounts" --yesno \
++=======
+ dialog --backtitle "FreeBSD Installer" --title "Add User Accounts" --yesno \
++>>>>>>> upstream/main
"Would you like to add users to the installed system now?" 0 0 && \
bsdinstall adduser
finalconfig() {
exec 3>&1
++<<<<<<< HEAD
+ REVISIT=$(dialog --backtitle "HardenedBSD Installer" \
+ --title "Final Configuration" --no-cancel --menu \
+ "Setup of your HardenedBSD system is nearly complete. You can now modify your configuration choices. After this screen, you will have an opportunity to make more complex changes using a shell." 0 0 0 \
++=======
+ REVISIT=$(dialog --backtitle "FreeBSD Installer" \
+ --title "Final Configuration" --no-cancel --menu \
+ "Setup of your FreeBSD system is nearly complete. You can now modify your configuration choices. After this screen, you will have an opportunity to make more complex changes using a shell." 0 0 0 \
++>>>>>>> upstream/main
"Exit" "Apply configuration and exit installer" \
"Add User" "Add a user to the system" \
"Root Password" "Change root password" \
@@@ -453,7 -453,7 +479,11 @@@
"Services" "Set daemons to run on startup" \
"System Hardening" "Set security options" \
"Time Zone" "Set system timezone" \
++<<<<<<< HEAD
+ "Handbook" "Install HardenedBSD (FreeBSD) Handbook (requires network)" 2>&1 1>&3)
++=======
+ "Handbook" "Install FreeBSD Handbook (requires network)" 2>&1 1>&3)
++>>>>>>> upstream/main
exec 3>&-
case "$REVISIT" in
@@@ -506,7 -506,7 +536,11 @@@ if [ ! -z "$BSDINSTALL_FETCHDEST" ]; th
rm -rf "$BSDINSTALL_FETCHDEST"
fi
++<<<<<<< HEAD
+dialog --backtitle "HardenedBSD Installer" --title "Manual Configuration" \
++=======
+ dialog --backtitle "FreeBSD Installer" --title "Manual Configuration" \
++>>>>>>> upstream/main
--default-button no --yesno \
"The installation is now finished. Before exiting the installer, would you like to open a shell in the new system to make any final manual modifications?" 0 0
if [ $? -eq 0 ]; then
diff --cc usr.sbin/bsdinstall/scripts/checksum
index f3ed1ab564c9,ff404d7f587b..000000000000
--- a/usr.sbin/bsdinstall/scripts/checksum
+++ b/usr.sbin/bsdinstall/scripts/checksum
@@@ -37,7 -37,7 +37,11 @@@ for dist in $DISTRIBUTIONS; d
for i in $DISTRIBUTIONS; do
items="$items $i `eval echo \\\${status_$(basename $i .txz):-Pending}`"
done
++<<<<<<< HEAD
+ dialog --backtitle "HardenedBSD Installer" --title "Checksum Verification" \
++=======
+ dialog --backtitle "FreeBSD Installer" --title "Checksum Verification" \
++>>>>>>> upstream/main
--mixedgauge "Verifying checksums of selected distributions." \
0 0 $percentage $items
@@@ -64,11 -64,11 +68,19 @@@
eval "status_$distname=1"
case $(/bin/freebsd-version -u) in
*-ALPHA*|*-CURRENT|*-STABLE|*-PRERELEASE)
++<<<<<<< HEAD
+ dialog --backtitle "HardenedBSD Installer" --title "Error" \
+ --msgbox "The checksum for $dist does not match. It may have become corrupted, or it may be from a newer version of HardenedBSD. Please check for a newer snapshot." 0 0
+ ;;
+ *)
+ dialog --backtitle "HardenedBSD Installer" --title "Error" \
++=======
+ dialog --backtitle "FreeBSD Installer" --title "Error" \
+ --msgbox "The checksum for $dist does not match. It may have become corrupted, or it may be from a newer version of FreeBSD. Please check for a newer snapshot." 0 0
+ ;;
+ *)
+ dialog --backtitle "FreeBSD Installer" --title "Error" \
++>>>>>>> upstream/main
--msgbox "The checksum for $dist does not match. It may have become corrupted, and should be redownloaded." 0 0
;;
esac
diff --cc usr.sbin/bsdinstall/scripts/config
index 7aa7e3570980,a909c3faee63..000000000000
--- a/usr.sbin/bsdinstall/scripts/config
+++ b/usr.sbin/bsdinstall/scripts/config
@@@ -30,7 -30,7 +30,11 @@@
############################################################ MAIN
cat $BSDINSTALL_TMPETC/rc.conf.* >> $BSDINSTALL_TMPETC/rc.conf
++<<<<<<< HEAD
+rm -f $BSDINSTALL_TMPETC/rc.conf.*
++=======
+ rm $BSDINSTALL_TMPETC/rc.conf.*
++>>>>>>> upstream/main
cat $BSDINSTALL_CHROOT/etc/sysctl.conf $BSDINSTALL_TMPETC/sysctl.conf.* >> $BSDINSTALL_TMPETC/sysctl.conf
rm $BSDINSTALL_TMPETC/sysctl.conf.*
diff --cc usr.sbin/bsdinstall/scripts/docsinstall
index 9c5ce417fb8f,cb1f1e1858ad..000000000000
--- a/usr.sbin/bsdinstall/scripts/docsinstall
+++ b/usr.sbin/bsdinstall/scripts/docsinstall
@@@ -61,7 -61,7 +61,11 @@@ msg_endoc_desc="English Documentation (
msg_esdoc_desc="Spanish Documentation"
msg_frdoc_desc="French Documentation"
msg_freebsd_documentation_installation="FreeBSD Documentation Installation"
++<<<<<<< HEAD
+msg_freebsd_installer="HardenedBSD Installer"
++=======
+ msg_freebsd_installer="FreeBSD Installer"
++>>>>>>> upstream/main
msg_hudoc_desc="Hungarian Documentation"
msg_itdoc_desc="Italian Documentation"
msg_jadoc_desc="Japanese Documentation"
diff --cc usr.sbin/bsdinstall/scripts/hardening
index db69f3463778,9fea1b6aed5d..000000000000
--- a/usr.sbin/bsdinstall/scripts/hardening
+++ b/usr.sbin/bsdinstall/scripts/hardening
@@@ -32,28 -32,8 +32,33 @@@ echo -n > $BSDINSTALL_TMPETC/rc.conf.ha
echo -n > $BSDINSTALL_TMPETC/sysctl.conf.hardening
echo -n > $BSDINSTALL_TMPBOOT/loader.conf.hardening
++<<<<<<< HEAD
+if [ `sysctl -n security.bsd.see_other_uids` -eq 0 ]; then
+ hide_uids=on
+fi
+
+if [ `sysctl -n security.bsd.see_other_gids` -eq 0 ]; then
+ hide_gids=on
+fi
+
+if [ `sysctl -n security.bsd.unprivileged_read_msgbuf` -eq 0 ]; then
+ read_msgbuf=on
+fi
+
+if [ `sysctl -n security.bsd.unprivileged_proc_debug` -eq 0 ]; then
+ proc_debug=on
+fi
+
+if [ `sysctl -n security.bsd.stack_guard_page` -gt 0 ]; then
+ stack_guard=on
+fi
+
+exec 3>&1
+FEATURES=$( dialog --backtitle "HardenedBSD Installer" \
++=======
+ exec 3>&1
+ FEATURES=$( dialog --backtitle "FreeBSD Installer" \
++>>>>>>> upstream/main
--title "System Hardening" --nocancel --separate-output \
--checklist "Choose system security hardening options:" \
0 0 0 \
diff --cc usr.sbin/bsdinstall/scripts/hostname
index b5286d0f5d1d,b151ef15c690..000000000000
--- a/usr.sbin/bsdinstall/scripts/hostname
+++ b/usr.sbin/bsdinstall/scripts/hostname
@@@ -51,7 -51,7 +51,11 @@@ f_include $BSDCFG_SHARE/dialog.sub
#
# Strings that should be moved to an i18n file and loaded with f_include_lang()
#
++<<<<<<< HEAD
+msg_freebsd_installer="HardenedBSD Installer"
++=======
+ msg_freebsd_installer="FreeBSD Installer"
++>>>>>>> upstream/main
msg_ok="OK"
msg_please_choose_a_hostname="Please choose a hostname for this machine.\n\nIf you are running on a managed network, please ask\nyour network administrator for an appropriate name."
msg_set_hostname="Set Hostname"
diff --cc usr.sbin/bsdinstall/scripts/jail
index 2169fa9eb9ef,ecfbb78357d9..000000000000
--- a/usr.sbin/bsdinstall/scripts/jail
+++ b/usr.sbin/bsdinstall/scripts/jail
@@@ -42,7 -42,7 +42,11 @@@ error()
if [ -n "$1" ]; then
msg="$1\n\n"
fi
++<<<<<<< HEAD
+ dialog --backtitle "HardenedBSD Installer" --title "Abort" \
++=======
+ dialog --backtitle "FreeBSD Installer" --title "Abort" \
++>>>>>>> upstream/main
--no-label "Exit" --yes-label "Restart" --yesno \
"${msg}An installation step has been aborted. Would you like to restart the installation or exit the installer?" 0 0
if [ $? -ne 0 ]; then
@@@ -75,7 -75,7 +79,11 @@@ if [ -f $BSDINSTALL_DISTDIR/MANIFEST ]
exec 3>&1
EXTRA_DISTS=$(echo $DISTMENU | xargs dialog \
++<<<<<<< HEAD
+ --backtitle "HardenedBSD Installer" \
++=======
+ --backtitle "FreeBSD Installer" \
++>>>>>>> upstream/main
--title "Distribution Select" --nocancel --separate-output \
--checklist "Choose optional system components to install:" \
0 0 0 \
@@@ -113,7 -113,7 +121,11 @@@ bsdinstall rootpass || error "Could no
trap true SIGINT # This section is optional
bsdinstall services
++<<<<<<< HEAD
+dialog --backtitle "HardenedBSD Installer" --title "Add User Accounts" --yesno \
++=======
+ dialog --backtitle "FreeBSD Installer" --title "Add User Accounts" --yesno \
++>>>>>>> upstream/main
"Would you like to add users to the installed system now?" 0 0 && \
bsdinstall adduser
diff --cc usr.sbin/bsdinstall/scripts/keymap
index 66ca31b802ba,739d0223c4f4..000000000000
--- a/usr.sbin/bsdinstall/scripts/keymap
+++ b/usr.sbin/bsdinstall/scripts/keymap
@@@ -52,8 -52,8 +52,13 @@@ hline_arrows_tab_enter="Press arrows, T
msg_continue_with_keymap="Continue with %s keymap"
msg_default="default"
msg_error="Error"
++<<<<<<< HEAD
+msg_freebsd_installer="HardenedBSD Installer"
+msg_keymap_menu_text="The system console driver for HardenedBSD defaults to\nstandard \"US\" keyboard map. Other keymaps can be chosen below."
++=======
+ msg_freebsd_installer="FreeBSD Installer"
+ msg_keymap_menu_text="The system console driver for FreeBSD defaults to standard \"US\"\nkeyboard map. Other keymaps can be chosen below."
++>>>>>>> upstream/main
msg_keymap_selection="Keymap Selection"
msg_ok="OK"
msg_select="Select"
diff --cc usr.sbin/bsdinstall/scripts/mirrorselect
index 510f3fbe2073,987a524218af..000000000000
--- a/usr.sbin/bsdinstall/scripts/mirrorselect
+++ b/usr.sbin/bsdinstall/scripts/mirrorselect
@@@ -33,29 -33,128 +33,154 @@@
: ${DIALOG_ITEM_HELP=4}
: ${DIALOG_ESC=255}
++<<<<<<< HEAD
+case `uname -r` in
+12.*)
+ _hbsd_dist_dir="pub/hardenedbsd/12-stable/`uname -m`/`uname -p`/BUILD-LATEST"
+ ;;
+*)
+ _hbsd_dist_dir="pub/hardenedbsd/current/`uname -m`/`uname -p`/BUILD-LATEST"
+ ;;
+esac
+
+exec 3>&1
+MIRROR=`dialog --backtitle "HardenedBSD Installer" \
+ --title "Mirror Selection - Latest HardenedBSD-stable" \
+ --extra-button --extra-label "Other" \
+ --menu "Please select the site closest to you or \"other\" if you'd like to specify a different choice. Also note that not every site listed here carries more than the base distribution kits. Only Primary sites are guaranteed to carry the full range of possible distributions. Select a site that's close!" \
+ 0 0 0 \
+ http://ci-01.nyi.hardenedbsd.org "Main Site (NYI)"\
+ http://qspcqclhifj3tcpojsbwoxgwanlo2wakti2ia4wozxjcldkxmw2yj3yd.onion "Onion Service" \
+ 2>&1 1>&3`
+MIRROR_BUTTON=$?
+exec 3>&-
+
+BSDINSTALL_DISTSITE="$MIRROR/${_hbsd_dist_dir}"
+
++=======
+ exec 3>&1
+ MIRROR=`dialog --backtitle "FreeBSD Installer" \
+ --title "Mirror Selection" --extra-button --extra-label "Other" \
+ --menu "Please select the site closest to you or \"other\" if you'd like to specify a different choice. Also note that not every site listed here carries more than the base distribution kits. Only Primary sites are guaranteed to carry the full range of possible distributions. Select a site that's close!" \
+ 0 0 0 \
+ ftp://ftp.freebsd.org "Main Site"\
+ ftp://ftp.freebsd.org "IPv6 Main Site"\
+ ftp://ftp3.ie.freebsd.org "IPv6 Ireland"\
+ ftp://ftp2.jp.freebsd.org "IPv6 Japan"\
+ ftp://ftp4.se.freebsd.org "IPv6 Sweden"\
+ ftp://ftp4.us.freebsd.org "IPv6 USA"\
+ ftp://ftp1.freebsd.org "Primary"\
+ ftp://ftp2.freebsd.org "Primary #2"\
+ ftp://ftp3.freebsd.org "Primary #3"\
+ ftp://ftp4.freebsd.org "Primary #4"\
+ ftp://ftp5.freebsd.org "Primary #5"\
+ ftp://ftp6.freebsd.org "Primary #6"\
+ ftp://ftp7.freebsd.org "Primary #7"\
+ ftp://ftp10.freebsd.org "Primary #10"\
+ ftp://ftp11.freebsd.org "Primary #11"\
+ ftp://ftp12.freebsd.org "Primary #12"\
+ ftp://ftp13.freebsd.org "Primary #13"\
+ ftp://ftp14.freebsd.org "Primary #14"\
+ ftp://ftp.au.freebsd.org "Australia"\
+ ftp://ftp2.au.freebsd.org "Australia #2"\
+ ftp://ftp3.au.freebsd.org "Australia #3"\
+ ftp://ftp.at.freebsd.org "Austria"\
+ ftp://ftp2.br.freebsd.org "Brazil #2"\
+ ftp://ftp3.br.freebsd.org "Brazil #3"\
+ ftp://ftp4.br.freebsd.org "Brazil #4"\
+ ftp://ftp.cn.freebsd.org "China"\
+ ftp://ftp.cz.freebsd.org "Czech Republic"\
+ ftp://ftp.dk.freebsd.org "Denmark"\
+ ftp://ftp.fi.freebsd.org "Finland"\
+ ftp://ftp.fr.freebsd.org "France"\
+ ftp://ftp3.fr.freebsd.org "France #3"\
+ ftp://ftp4.fr.freebsd.org "IPv6 France #4"\
+ ftp://ftp5.fr.freebsd.org "France #5"\
+ ftp://ftp6.fr.freebsd.org "France #6"\
+ ftp://ftp7.fr.freebsd.org "France #7"\
+ ftp://ftp8.fr.freebsd.org "IPv6 France #8"\
+ ftp://ftp.de.freebsd.org "Germany"\
+ ftp://ftp2.de.freebsd.org "Germany #2"\
+ ftp://ftp4.de.freebsd.org "Germany #4"\
+ ftp://ftp5.de.freebsd.org "Germany #5"\
+ ftp://ftp7.de.freebsd.org "Germany #7"\
+ ftp://ftp8.de.freebsd.org "Germany #8"\
+ ftp://ftp.gr.freebsd.org "Greece"\
+ ftp://ftp2.gr.freebsd.org "Greece #2"\
+ ftp://ftp3.ie.freebsd.org "Ireland #3"\
+ ftp://ftp.jp.freebsd.org "Japan"\
+ ftp://ftp2.jp.freebsd.org "Japan #2"\
+ ftp://ftp3.jp.freebsd.org "Japan #3"\
+ ftp://ftp4.jp.freebsd.org "Japan #4"\
+ ftp://ftp5.jp.freebsd.org "Japan #5"\
+ ftp://ftp6.jp.freebsd.org "Japan #6"\
+ ftp://ftp7.jp.freebsd.org "Japan #7"\
+ ftp://ftp8.jp.freebsd.org "Japan #8"\
+ ftp://ftp9.jp.freebsd.org "Japan #9"\
+ ftp://ftp.kr.freebsd.org "Korea"\
+ ftp://ftp2.kr.freebsd.org "Korea #2"\
+ ftp://ftp.lv.freebsd.org "Latvia"\
+ ftp://ftp.nl.freebsd.org "Netherlands"\
+ ftp://ftp2.nl.freebsd.org "Netherlands #2"\
+ ftp://ftp.nz.freebsd.org "New Zealand"\
+ ftp://ftp.no.freebsd.org "Norway"\
+ ftp://ftp.pl.freebsd.org "Poland"\
+ ftp://ftp.ru.freebsd.org "Russia"\
+ ftp://ftp2.ru.freebsd.org "Russia #2"\
+ ftp://ftp5.ru.freebsd.org "Russia #5"\
+ ftp://ftp6.ru.freebsd.org "Russia #6"\
+ ftp://ftp.sk.freebsd.org "Slovak Republic"\
+ ftp://ftp2.sk.freebsd.org "Slovak Republic #2"\
+ ftp://ftp.si.freebsd.org "Slovenia"\
+ ftp://ftp.za.freebsd.org "South Africa"\
+ ftp://ftp2.za.freebsd.org "South Africa #2"\
+ ftp://ftp4.za.freebsd.org "South Africa #4"\
+ ftp://ftp.se.freebsd.org "Sweden"\
+ ftp://ftp4.se.freebsd.org "Sweden #4"\
+ ftp://ftp.ch.freebsd.org "Switzerland"\
+ ftp://ftp.tw.freebsd.org "Taiwan"\
+ ftp://ftp2.tw.freebsd.org "Taiwan #2"\
+ ftp://ftp3.tw.freebsd.org "Taiwan #3"\
+ ftp://ftp4.tw.freebsd.org "Taiwan #4"\
+ ftp://ftp6.tw.freebsd.org "Taiwan #6"\
+ ftp://ftp11.tw.freebsd.org "Taiwan #11"\
+ ftp://ftp.uk.freebsd.org "UK"\
+ ftp://ftp2.uk.freebsd.org "UK #2"\
+ ftp://ftp3.uk.freebsd.org "UK #3"\
+ ftp://ftp4.uk.freebsd.org "UK #4"\
+ ftp://ftp5.uk.freebsd.org "UK #5"\
+ ftp://ftp.ua.freebsd.org "Ukraine"\
+ ftp://ftp7.ua.freebsd.org "Ukraine #7"\
+ ftp://ftp1.us.freebsd.org "USA #1"\
+ ftp://ftp2.us.freebsd.org "USA #2"\
+ ftp://ftp3.us.freebsd.org "USA #3"\
+ ftp://ftp4.us.freebsd.org "USA #4"\
+ ftp://ftp5.us.freebsd.org "USA #5"\
+ ftp://ftp6.us.freebsd.org "USA #6"\
+ ftp://ftp8.us.freebsd.org "USA #8"\
+ ftp://ftp10.us.freebsd.org "USA #10"\
+ ftp://ftp11.us.freebsd.org "USA #11"\
+ ftp://ftp13.us.freebsd.org "USA #13"\
+ ftp://ftp14.us.freebsd.org "USA #14"\
+ ftp://ftp15.us.freebsd.org "USA #15"\
+ 2>&1 1>&3`
+ MIRROR_BUTTON=$?
+ exec 3>&-
+
+ _UNAME_R=`uname -r`
+ _UNAME_R=${_UNAME_R%-p*}
+
+ case ${_UNAME_R} in
+ *-ALPHA*|*-CURRENT|*-STABLE|*-PRERELEASE)
+ RELDIR="snapshots"
+ ;;
+ *)
+ RELDIR="releases"
+ ;;
+ esac
+
+ BSDINSTALL_DISTSITE="$MIRROR/pub/FreeBSD/${RELDIR}/`uname -m`/`uname -p`/${_UNAME_R}"
++>>>>>>> upstream/main
case $MIRROR_BUTTON in
$DIALOG_CANCEL)
@@@ -65,9 -164,9 +190,15 @@@ $DIALOG_OK
;;
$DIALOG_EXTRA)
exec 3>&1
++<<<<<<< HEAD
+ BSDINSTALL_DISTSITE=`dialog --backtitle "HardenedBSD Installer" \
+ --title "Mirror Selection" \
+ --inputbox "Please enter the URL to an alternate HardenedBSD mirror:" \
++=======
+ BSDINSTALL_DISTSITE=`dialog --backtitle "FreeBSD Installer" \
+ --title "Mirror Selection" \
+ --inputbox "Please enter the URL to an alternate FreeBSD mirror:" \
++>>>>>>> upstream/main
0 0 "$BSDINSTALL_DISTSITE" 2>&1 1>&3`
MIRROR_BUTTON=$?
exec 3>&-
diff --cc usr.sbin/bsdinstall/scripts/mount
index 15f1a2df7899,c7bc1aa5387d..000000000000
--- a/usr.sbin/bsdinstall/scripts/mount
+++ b/usr.sbin/bsdinstall/scripts/mount
@@@ -44,7 -44,7 +44,11 @@@ for i in $FILESYSTEMS; d
mkdir -p $i 2>/dev/null
MNTERROR=`mount -F $TMP_FSTAB $i 2>&1`
if [ $? -ne 0 ]; then
++<<<<<<< HEAD
+ dialog --backtitle "HardenedBSD Installer" --title "Error" \
++=======
+ dialog --backtitle "FreeBSD Installer" --title "Error" \
++>>>>>>> upstream/main
--msgbox "Error mounting partition $i:\n$MNTERROR" 0 0
exit 1
fi
diff --cc usr.sbin/bsdinstall/scripts/netconfig
index 84e397a8d788,f9913c324228..000000000000
--- a/usr.sbin/bsdinstall/scripts/netconfig
+++ b/usr.sbin/bsdinstall/scripts/netconfig
@@@ -63,14 -63,14 +63,22 @@@ for IF in $INTERFACES; d
done
if [ -z "$INTERFACES" ]; then
++<<<<<<< HEAD
+ dialog --backtitle 'HardenedBSD Installer' \
++=======
+ dialog --backtitle 'FreeBSD Installer' \
++>>>>>>> upstream/main
--title 'Network Configuration Error' \
--msgbox 'No network interfaces present to configure.' 0 0
exit 1
fi
exec 3>&1
++<<<<<<< HEAD
+INTERFACE=`echo $DIALOG_TAGS | xargs dialog --backtitle 'HardenedBSD Installer' --title 'Network Configuration' --menu 'Please select a network interface to configure:' 0 0 0 2>&1 1>&3`
++=======
+ INTERFACE=`echo $DIALOG_TAGS | xargs dialog --backtitle 'FreeBSD Installer' --title 'Network Configuration' --menu 'Please select a network interface to configure:' 0 0 0 2>&1 1>&3`
++>>>>>>> upstream/main
if [ $? -eq $DIALOG_CANCEL ]; then exit 1; fi
exec 3>&-
@@@ -101,7 -101,7 +109,11 @@@ case $? i
esac
if [ ${IPV4_AVAIL} -eq 1 ]; then
++<<<<<<< HEAD
+ dialog --backtitle 'HardenedBSD Installer' --title 'Network Configuration' \
++=======
+ dialog --backtitle 'FreeBSD Installer' --title 'Network Configuration' \
++>>>>>>> upstream/main
--yesno 'Would you like to configure IPv4 for this interface?' 0 0
if [ $? -eq $DIALOG_OK ]; then
bsdinstall netconfig_ipv4 ${INTERFACE} "${IFCONFIG_PREFIX}" || \
@@@ -116,7 -116,7 +128,11 @@@ if [ ${IPV4_AVAIL} -eq 0 -a -n ${IFCONF
echo ifconfig_${INTERFACE}=\"${IFCONFIG_PREFIX}\" >> $BSDINSTALL_TMPETC/._rc.conf.net
fi
if [ ${IPV6_AVAIL} -eq 1 ]; then
++<<<<<<< HEAD
+ dialog --backtitle 'HardenedBSD Installer' --title 'Network Configuration' \
++=======
+ dialog --backtitle 'FreeBSD Installer' --title 'Network Configuration' \
++>>>>>>> upstream/main
--yesno 'Would you like to configure IPv6 for this interface?' 0 0
if [ $? -eq $DIALOG_OK ]; then
bsdinstall netconfig_ipv6 ${INTERFACE} || exec $0
@@@ -181,7 -181,7 +197,11 @@@ els
fi
exec 3>&1
++<<<<<<< HEAD
+RESOLV=$(echo "${RESOLV}" | xargs dialog --backtitle 'HardenedBSD Installer' \
++=======
+ RESOLV=$(echo "${RESOLV}" | xargs dialog --backtitle 'FreeBSD Installer' \
++>>>>>>> upstream/main
--title 'Network Configuration' \
--mixedform 'Resolver Configuration' 0 0 0 \
2>&1 1>&3)
diff --cc usr.sbin/bsdinstall/scripts/netconfig_ipv4
index 9dc71f92e409,2acd9029d150..000000000000
--- a/usr.sbin/bsdinstall/scripts/netconfig_ipv4
+++ b/usr.sbin/bsdinstall/scripts/netconfig_ipv4
@@@ -40,21 -40,21 +40,37 @@@ INTERFACE=$
IFCONFIG_PREFIX="$2"
test -z "$IFCONFIG_PREFIX" || IFCONFIG_PREFIX="$2 "
case "${INTERFACE}" in
++<<<<<<< HEAD
+"") dialog --backtitle 'HardenedBSD Installer' --title 'Network Configuration' \
++=======
+ "") dialog --backtitle 'FreeBSD Installer' --title 'Network Configuration' \
++>>>>>>> upstream/main
--msgbox 'No interface specified for IPv4 configuration.' 0 0
exit 1
;;
esac
++<<<<<<< HEAD
+dialog --backtitle 'HardenedBSD Installer' --title 'Network Configuration' --yesno 'Would you like to use DHCP to configure this interface?' 0 0
+if [ $? -eq $DIALOG_OK ]; then
+ if [ ! -z $BSDINSTALL_CONFIGCURRENT ]; then
+ ifconfig $INTERFACE up
+ dialog --backtitle 'HardenedBSD Installer' --infobox "Acquiring DHCP lease..." 0 0
+ err=$( pkill -F /var/run/dhclient/dhclient.${INTERFACE}.pid; dhclient $INTERFACE 2>&1 )
+ if [ $? -ne 0 ]; then
+ f_dprintf "%s" "$err"
+ dialog --backtitle 'HardenedBSD Installer' --msgbox "DHCP lease acquisition failed." 0 0
++=======
+ dialog --backtitle 'FreeBSD Installer' --title 'Network Configuration' --yesno 'Would you like to use DHCP to configure this interface?' 0 0
+ if [ $? -eq $DIALOG_OK ]; then
+ if [ ! -z $BSDINSTALL_CONFIGCURRENT ]; then
+ ifconfig $INTERFACE up
+ dialog --backtitle 'FreeBSD Installer' --infobox "Acquiring DHCP lease..." 0 0
+ err=$( pkill -F /var/run/dhclient/dhclient.${INTERFACE}.pid; dhclient $INTERFACE 2>&1 )
+ if [ $? -ne 0 ]; then
+ f_dprintf "%s" "$err"
+ dialog --backtitle 'FreeBSD Installer' --msgbox "DHCP lease acquisition failed." 0 0
++>>>>>>> upstream/main
exec $0 ${INTERFACE} "${IFCONFIG_PREFIX}"
fi
fi
@@@ -67,7 -67,7 +83,11 @@@ NETMASK=`ifconfig $INTERFACE inet | aw
ROUTER=`netstat -rn -f inet | awk '/default/ {printf("%s\n", $2);}'`
exec 3>&1
++<<<<<<< HEAD
+IF_CONFIG=$(dialog --backtitle 'HardenedBSD Installer' --title 'Network Configuration' --form 'Static Network Interface Configuration' 0 0 0 \
++=======
+ IF_CONFIG=$(dialog --backtitle 'FreeBSD Installer' --title 'Network Configuration' --form 'Static Network Interface Configuration' 0 0 0 \
++>>>>>>> upstream/main
'IP Address' 1 0 "$IP_ADDRESS" 1 20 16 0 \
'Subnet Mask' 2 0 "$NETMASK" 2 20 16 0 \
'Default Router' 3 0 "$ROUTER" 3 20 16 0 \
diff --cc usr.sbin/bsdinstall/scripts/netconfig_ipv6
index db8b8555a173,abc53906f4ad..000000000000
--- a/usr.sbin/bsdinstall/scripts/netconfig_ipv6
+++ b/usr.sbin/bsdinstall/scripts/netconfig_ipv6
@@@ -47,7 -47,7 +47,11 @@@ f_include $BSDCFG_SHARE/dialog.sub
INTERFACE=$1
case "${INTERFACE}" in
++<<<<<<< HEAD
+"") dialog --backtitle 'HardenedBSD Installer' --title 'Network Configuration' \
++=======
+ "") dialog --backtitle 'FreeBSD Installer' --title 'Network Configuration' \
++>>>>>>> upstream/main
--msgbox 'No interface specified for IPv6 configuration.' 0 0
exit 1
;;
@@@ -56,17 -56,17 +60,29 @@@ esa
AGAIN=""
while : ; do
MSG="Would you like to try stateless address autoconfiguration (SLAAC)${AGAIN}?"
++<<<<<<< HEAD
+ dialog --backtitle 'HardenedBSD Installer' --title 'Network Configuration' \
+ --yesno "${MSG}" 0 0
+ if [ $? -eq $DIALOG_OK ]; then
+ if [ ! -z $BSDINSTALL_CONFIGCURRENT ]; then
+ dialog --backtitle 'HardenedBSD Installer' \
++=======
+ dialog --backtitle 'FreeBSD Installer' --title 'Network Configuration' \
+ --yesno "${MSG}" 0 0
+ if [ $? -eq $DIALOG_OK ]; then
+ if [ ! -z $BSDINSTALL_CONFIGCURRENT ]; then
+ dialog --backtitle 'FreeBSD Installer' \
++>>>>>>> upstream/main
--infobox "Sending Router Solicitation ..." 0 0
ifconfig ${INTERFACE} inet6 -ifdisabled accept_rtadv up
err=$( rtsol -F $INTERFACE 2>&1 )
if [ $? -ne 0 ]; then
f_dprintf "%s" "$err"
++<<<<<<< HEAD
+ dialog --backtitle 'HardenedBSD Installer' --msgbox "SLAAC failed." 0 0
++=======
+ dialog --backtitle 'FreeBSD Installer' --msgbox "SLAAC failed." 0 0
++>>>>>>> upstream/main
AGAIN=" again"
continue
fi
@@@ -106,7 -106,7 +122,11 @@@ END
}'`
exec 3>&1
++<<<<<<< HEAD
+IF_CONFIG=$(echo ${ADDRS} | xargs dialog --backtitle 'HardenedBSD Installer' \
++=======
+ IF_CONFIG=$(echo ${ADDRS} | xargs dialog --backtitle 'FreeBSD Installer' \
++>>>>>>> upstream/main
--title 'Network Configuration' \
--mixedform 'Static IPv6 Network Interface Configuration' 0 0 0 \
2>&1 1>&3)
diff --cc usr.sbin/bsdinstall/scripts/rootpass
index 16b7795bff0e,7764a51b62fb..000000000000
--- a/usr.sbin/bsdinstall/scripts/rootpass
+++ b/usr.sbin/bsdinstall/scripts/rootpass
@@@ -27,7 -27,7 +27,11 @@@
# $FreeBSD$
clear
++<<<<<<< HEAD
+echo "HardenedBSD Installer"
++=======
+ echo "FreeBSD Installer"
++>>>>>>> upstream/main
echo "========================"
echo
diff --cc usr.sbin/bsdinstall/scripts/services
index 637d3313c930,c59628b2a88c..000000000000
--- a/usr.sbin/bsdinstall/scripts/services
+++ b/usr.sbin/bsdinstall/scripts/services
@@@ -39,13 -39,15 +39,22 @@@ f
echo -n > $BSDINSTALL_TMPETC/rc.conf.services
exec 3>&1
++<<<<<<< HEAD
+DAEMONS=$( dialog --backtitle "HardenedBSD Installer" \
++=======
+ DAEMONS=$( dialog --backtitle "FreeBSD Installer" \
++>>>>>>> upstream/main
--title "System Configuration" --nocancel --separate-output \
--checklist "Choose the services you would like to be started at boot:" \
0 0 0 \
local_unbound "Local caching validating resolver" ${local_unbound:-off} \
sshd "Secure shell daemon" ${sshd_enable:-off} \
moused "PS/2 mouse pointer on console" ${moused_enable:-off} \
++<<<<<<< HEAD
++=======
+ ntpdate "Synchronize system and network time at bootime" \
+ ${ntpdate_enable:-off} \
++>>>>>>> upstream/main
ntpd "Synchronize system and network time" ${ntpd_enable:-off} \
powerd "Adjust CPU frequency dynamically if supported" \
${powerd_enable:-off} \
diff --cc usr.sbin/bsdinstall/scripts/time
index 847c2d4598cb,67e539b53658..000000000000
--- a/usr.sbin/bsdinstall/scripts/time
+++ b/usr.sbin/bsdinstall/scripts/time
@@@ -36,7 -36,7 +36,11 @@@ export T
# Set date
exec 3>&1
++<<<<<<< HEAD
+DATE=$(dialog --backtitle 'HardenedBSD Installer' \
++=======
+ DATE=$(dialog --backtitle 'FreeBSD Installer' \
++>>>>>>> upstream/main
--title 'Time & Date' \
--ok-label 'Set Date' \
--cancel-label 'Skip' \
@@@ -48,7 -48,7 +52,11 @@@ exec 3>&
# Set time
exec 3>&1
++<<<<<<< HEAD
+TIME=$(dialog --backtitle 'HardenedBSD Installer' \
++=======
+ TIME=$(dialog --backtitle 'FreeBSD Installer' \
++>>>>>>> upstream/main
--title 'Time & Date' \
--ok-label 'Set Time' \
--cancel-label 'Skip' \
diff --cc usr.sbin/bsdinstall/scripts/wlanconfig
index 86dc9d7f0d61,c2234831be9d..000000000000
--- a/usr.sbin/bsdinstall/scripts/wlanconfig
+++ b/usr.sbin/bsdinstall/scripts/wlanconfig
@@@ -32,7 -32,7 +32,11 @@@
BSDCFG_SHARE="/usr/share/bsdconfig"
. $BSDCFG_SHARE/common.subr || exit 1
f_include $BSDCFG_SHARE/dialog.subr
++<<<<<<< HEAD
+f_dialog_backtitle "HardenedBSD Installer"
++=======
+ f_dialog_backtitle "FreeBSD Installer"
++>>>>>>> upstream/main
############################################################ FUNCTIONS
diff --cc usr.sbin/bsdinstall/scripts/zfsboot
index af2cb5a24e48,eef482b806c5..000000000000
--- a/usr.sbin/bsdinstall/scripts/zfsboot
+++ b/usr.sbin/bsdinstall/scripts/zfsboot
@@@ -252,7 -252,7 +252,11 @@@ msg_encrypt_disks_help="Use geli(8) to
msg_error="Error"
msg_force_4k_sectors="Force 4K Sectors?"
msg_force_4k_sectors_help="Align partitions to 4K sector boundries and set vfs.zfs.min_auto_ashift=12"
++<<<<<<< HEAD
+msg_freebsd_installer="HardenedBSD Installer"
++=======
+ msg_freebsd_installer="FreeBSD Installer"
++>>>>>>> upstream/main
msg_geli_password="Enter a strong passphrase, used to protect your encryption keys. You will be required to enter this passphrase each time the system is booted"
msg_geli_setup="Initializing encryption on selected disks,\n this will take several seconds per disk"
msg_install="Install"
diff --cc usr.sbin/cron/cron/Makefile
index e42d71fa2ef5,87c6bab7b495..000000000000
mode 100644,100644..100755
--- a/usr.sbin/cron/cron/Makefile
+++ b/usr.sbin/cron/cron/Makefile
@@@ -5,8 -5,6 +5,11 @@@ PROG= cro
MAN= cron.8
SRCS= cron.c database.c do_command.c job.c user.c popen.c
++<<<<<<< HEAD
+NOCFI= yes
+
++=======
++>>>>>>> upstream/main
CFLAGS+= -DLOGIN_CAP -DPAM
LIBADD= cron pam util
diff --cc usr.sbin/ctld/Makefile
index c02ae6934ec8,08dcb79d0d84..000000000000
mode 100644,100644..100755
--- a/usr.sbin/ctld/Makefile
+++ b/usr.sbin/ctld/Makefile
@@@ -17,7 -17,6 +17,10 @@@ MAN= ctld.8 ctl.conf.
LIBADD= bsdxml md sbuf util ucl m nv
++<<<<<<< HEAD
+
++=======
++>>>>>>> upstream/main
YFLAGS+= -v
CLEANFILES= y.tab.c y.tab.h y.output
diff --cc usr.sbin/inetd/Makefile
index dad62e834ef2,b8f216970d7f..000000000000
mode 100644,100644..100755
--- a/usr.sbin/inetd/Makefile
+++ b/usr.sbin/inetd/Makefile
@@@ -26,5 -26,4 +26,8 @@@ LIBADD+= wra
CFLAGS+= -DIPSEC
LIBADD+= ipsec
++<<<<<<< HEAD
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
diff --cc usr.sbin/iscsid/Makefile
index c22fb9aaa60d,e3b1acb636b2..000000000000
mode 100644,100644..100755
--- a/usr.sbin/iscsid/Makefile
+++ b/usr.sbin/iscsid/Makefile
@@@ -11,6 -11,4 +11,9 @@@ MAN= iscsid.
LIBADD= md util
++<<<<<<< HEAD
+WARNS= 6
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
diff --cc usr.sbin/mountd/Makefile
index 7b1ef34bea03,bc16512c5a26..000000000000
mode 100644,100644..100755
--- a/usr.sbin/mountd/Makefile
+++ b/usr.sbin/mountd/Makefile
@@@ -4,7 -4,6 +4,10 @@@
PROG= mountd
SRCS= mountd.c getmntopts.c
MAN= exports.5 netgroup.5 mountd.8
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
++=======
++>>>>>>> upstream/main
MOUNT= ${SRCTOP}/sbin/mount
CFLAGS+= -I${MOUNT}
diff --cc usr.sbin/newsyslog/newsyslog.conf
index 8691fd1d28b5,80e8270935a1..000000000000
mode 100644,100644..100755
--- a/usr.sbin/newsyslog/newsyslog.conf
+++ b/usr.sbin/newsyslog/newsyslog.conf
@@@ -21,13 -21,12 +21,22 @@@
/var/log/cron 600 3 1000 * JC
/var/log/daily.log 640 7 * @T00 JN
/var/log/debug.log 600 7 1000 * JC
++<<<<<<< HEAD
+/var/log/init.log 640 3 1000 * J
+/var/log/kerberos.log 600 7 1000 * J
+/var/log/maillog 640 7 * @T00 JC
+/var/log/messages 640 5 1000 @0101T JC
+/var/log/monthly.log 640 12 * $M1D0 JN
+/var/log/pkg.log 600 10 * * CN
+/var/log/devd.log 640 3 1000 * JC
++=======
+ /var/log/init.log 644 3 1000 * J
+ /var/log/kerberos.log 600 7 1000 * J
+ /var/log/maillog 640 7 * @T00 JC
+ /var/log/messages 644 5 1000 @0101T JC
+ /var/log/monthly.log 640 12 * $M1D0 JN
+ /var/log/devd.log 644 3 1000 * JC
++>>>>>>> upstream/main
/var/log/security 600 10 1000 * JC
/var/log/utx.log 644 3 * @01T05 B
/var/log/weekly.log 640 5 * $W6D0 JN
diff --cc usr.sbin/newsyslog/newsyslog.conf.d/amd.conf
index 94f9f24f4588,329652dd5135..000000000000
mode 100644,100644..100755
--- a/usr.sbin/newsyslog/newsyslog.conf.d/amd.conf
+++ b/usr.sbin/newsyslog/newsyslog.conf.d/amd.conf
@@@ -1,2 -1,2 +1,6 @@@
# $FreeBSD$
++<<<<<<< HEAD
+/var/log/amd.log 640 7 1000 * J
++=======
+ /var/log/amd.log 644 7 1000 * J
++>>>>>>> upstream/main
diff --cc usr.sbin/newsyslog/newsyslog.conf.d/lpr.conf
index ba5b6ab36d14,5febb309c6ec..000000000000
mode 100644,100644..100755
--- a/usr.sbin/newsyslog/newsyslog.conf.d/lpr.conf
+++ b/usr.sbin/newsyslog/newsyslog.conf.d/lpr.conf
@@@ -1,2 -1,2 +1,6 @@@
# $FreeBSD$
++<<<<<<< HEAD
+/var/log/lpd-errs 640 7 1000 * JC
++=======
+ /var/log/lpd-errs 644 7 1000 * JC
++>>>>>>> upstream/main
diff --cc usr.sbin/ntp/Makefile
index 781473f26f79,ad5b5234035a..000000000000
mode 100644,100644..100755
--- a/usr.sbin/ntp/Makefile
+++ b/usr.sbin/ntp/Makefile
@@@ -1,8 -1,6 +1,11 @@@
# Makefile for ntpd.
# $FreeBSD$
++<<<<<<< HEAD
+.include <src.opts.mk>
+
++=======
++>>>>>>> upstream/main
SUBDIR= libopts libntp libntpevent libparse ntpd ntpdc ntpq ntpdate \
ntptime ntp-keygen sntp
SUBDIR+= doc
diff --cc usr.sbin/ntp/ntpd/Makefile
index affef38ccb88,2d8a8b9d2a2d..000000000000
mode 100644,100644..100755
--- a/usr.sbin/ntp/ntpd/Makefile
+++ b/usr.sbin/ntp/ntpd/Makefile
@@@ -4,8 -4,6 +4,11 @@@ MAN
.include <src.opts.mk>
++<<<<<<< HEAD
+MK_CFI= no
+
++=======
++>>>>>>> upstream/main
.PATH: ${SRCTOP}/contrib/ntp/ntpd \
${.OBJDIR}
diff --cc usr.sbin/pkg/FreeBSD.conf.latest
index 475c35f2ff75,e4eec8f11451..000000000000
mode 100644,100644..100755
--- a/usr.sbin/pkg/FreeBSD.conf.latest
+++ b/usr.sbin/pkg/FreeBSD.conf.latest
@@@ -12,5 -12,5 +12,9 @@@ FreeBSD:
mirror_type: "srv",
signature_type: "fingerprints",
fingerprints: "/usr/share/keys/pkg",
++<<<<<<< HEAD
+ enabled: no
++=======
+ enabled: yes
++>>>>>>> upstream/main
}
diff --cc usr.sbin/pkg/FreeBSD.conf.quarterly
index 7713093cac4b,68e1d32ac680..000000000000
mode 100644,100644..100755
--- a/usr.sbin/pkg/FreeBSD.conf.quarterly
+++ b/usr.sbin/pkg/FreeBSD.conf.quarterly
@@@ -12,5 -12,5 +12,9 @@@ FreeBSD:
mirror_type: "srv",
signature_type: "fingerprints",
fingerprints: "/usr/share/keys/pkg",
++<<<<<<< HEAD
+ enabled: no
++=======
+ enabled: yes
++>>>>>>> upstream/main
}
diff --cc usr.sbin/pkg/Makefile
index 9079232f7433,980faafc6b6c..000000000000
mode 100644,100644..100755
--- a/usr.sbin/pkg/Makefile
+++ b/usr.sbin/pkg/Makefile
@@@ -1,13 -1,28 +1,38 @@@
# $FreeBSD$
++<<<<<<< HEAD
++=======
+ _BRANCH!= ${MAKE} -C ${SRCTOP}/release -V BRANCH
+ BRANCH?= ${_BRANCH}
+ .if ${BRANCH:MCURRENT} != ""
+ PKGCONFBRANCH?= latest
+ .else
+ . if ${BRANCH:MBETA*} || ${BRANCH:MRC*} || ${BRANCH:MRELEASE*}
+ PKGCONFBRANCH?= quarterly
+ . else
+ . if ${MACHINE} != "amd64" && ${MACHINE} != "i386"
+ PKGCONFBRANCH?= quarterly
+ . else
+ PKGCONFBRANCH?= latest
+ . endif
+ . endif
+ .endif
+ CONFS= FreeBSD.conf.${PKGCONFBRANCH}
+ CONFSNAME= FreeBSD.conf
+ CONFSDIR= /etc/pkg
+ CONFSMODE= 644
++>>>>>>> upstream/main
PROG= pkg
SRCS= pkg.c dns_utils.c config.c
MAN= pkg.7
++<<<<<<< HEAD
+CONFS= HardenedBSD.conf HardenedBSD.tor.conf
+CONFSDIR= /etc/pkg
+CONFSMODE= 644
+
++=======
++>>>>>>> upstream/main
CFLAGS+=-I${SRCTOP}/contrib/libucl/include
.PATH: ${SRCTOP}/contrib/libucl/include
LIBADD= archive fetch ucl sbuf crypto ssl util
diff --cc usr.sbin/ppp/Makefile
index 4f66fbdb1ebe,2e77285abe4c..000000000000
mode 100644,100644..100755
--- a/usr.sbin/ppp/Makefile
+++ b/usr.sbin/ppp/Makefile
@@@ -15,8 -15,6 +15,11 @@@ CONFS= ppp.con
CONFSDIR= ${CONFDIR}/ppp
CONFSMODE= 600
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.if ${MK_NETGRAPH} == "no"
PPP_NO_NETGRAPH=
.endif
diff --cc usr.sbin/pwd_mkdb/Makefile
index 6a3101b99c47,f8a2b20ef10b..000000000000
mode 100644,100644..100755
--- a/usr.sbin/pwd_mkdb/Makefile
+++ b/usr.sbin/pwd_mkdb/Makefile
@@@ -8,8 -8,6 +8,11 @@@ PROG= pwd_mkd
MAN= pwd_mkdb.8
SRCS= pw_scan.c pwd_mkdb.c
++<<<<<<< HEAD
+CFI_OVERRIDE=-fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
CFLAGS+= -I${SRCTOP}/lib/libc/gen # for pw_scan.h
.if defined(BOOTSTRAPPING)
CFLAGS+=-I${.CURDIR}/bootstrap
diff --cc usr.sbin/rpc.lockd/Makefile
index 682f823cbbaa,db812a6c48fd..000000000000
mode 100644,100644..100755
--- a/usr.sbin/rpc.lockd/Makefile
+++ b/usr.sbin/rpc.lockd/Makefile
@@@ -9,8 -9,6 +9,11 @@@ SRCS= kern.c nlm_prot_svc.c lockd.c loc
CFLAGS+= -I. -I${SYSROOT:U${DESTDIR}}/usr/include/rpcsvc
WARNS?= 3
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
LIBADD= rpcsvc
CLEANFILES= nlm_prot_svc.c nlm_prot.h test
diff --cc usr.sbin/rpc.statd/Makefile
index 90811798c27c,c857f62790dc..000000000000
mode 100644,100644..100755
--- a/usr.sbin/rpc.statd/Makefile
+++ b/usr.sbin/rpc.statd/Makefile
@@@ -7,8 -7,6 +7,11 @@@ SRCS= file.c sm_inter_svc.c sm_inter.h
CFLAGS+= -I${.OBJDIR}
LIBADD= rpcsvc
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
# XXX: mismatch between (xdrproc_t) and xdr_void().
WARNS?= 2
diff --cc usr.sbin/rpc.umntall/Makefile
index d8b4bda81867,fc4a3998c07c..000000000000
mode 100644,100644..100755
--- a/usr.sbin/rpc.umntall/Makefile
+++ b/usr.sbin/rpc.umntall/Makefile
@@@ -7,6 -7,4 +7,9 @@@ SRCS= rpc.umntall.c mounttab.
WARNS?= 3
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
diff --cc usr.sbin/rpc.yppasswdd/Makefile
index 96de598425e8,22887fb0ec88..000000000000
mode 100644,100644..100755
--- a/usr.sbin/rpc.yppasswdd/Makefile
+++ b/usr.sbin/rpc.yppasswdd/Makefile
@@@ -1,5 -1,4 +1,8 @@@
# $FreeBSD$
++<<<<<<< HEAD
+#
++=======
++>>>>>>> upstream/main
RPCDIR= ${DESTDIR}/usr/include/rpcsvc
@@@ -15,8 -14,6 +18,11 @@@ SRCS= util.c yp_access.c yp_dblookup.c
GENSRCS=yp.h yp_clnt.c yppasswd.h yppasswd_private.h yppasswd_private_svc.c \
yppasswd_private_xdr.c yppasswd_svc.c
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
WARNS?= 5
CFLAGS+= -fno-strict-aliasing
CFLAGS+= -I${SRCTOP}/usr.sbin/vipw \
diff --cc usr.sbin/rpc.ypupdated/Makefile
index 05885e76457f,dc640d12b592..000000000000
mode 100644,100644..100755
--- a/usr.sbin/rpc.ypupdated/Makefile
+++ b/usr.sbin/rpc.ypupdated/Makefile
@@@ -8,8 -8,6 +8,11 @@@ SRCS= ypupdate_prot_svc.c ypupdate_prot
yp_error.c update.c ypupdated_server.c \
yp_dblookup.c yp_dbwrite.c yp_dbdelete.c yp_dbupdate.c
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
#CFLAGS+= -DYP
CFLAGS+= -I${SRCTOP}/usr.sbin/ypserv -I. -I${SRCTOP}/libexec/ypxfr
diff --cc usr.sbin/rpc.ypxfrd/Makefile
index 974c93dd598a,0e98d83638e0..000000000000
mode 100644,100644..100755
--- a/usr.sbin/rpc.ypxfrd/Makefile
+++ b/usr.sbin/rpc.ypxfrd/Makefile
@@@ -7,8 -7,6 +7,11 @@@ MAN= rpc.ypxfrd.
SRCS= ypxfrd_svc.c ypxfrd.h ypxfrd_server.c yp_error.c \
yp_access.c ypxfrd_main.c
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
CFLAGS+= -I. -DXFRBLOCKSIZE=65535
WARNS?= 2
diff --cc usr.sbin/rpcbind/Makefile
index b57391b1fd83,eb7baa7fbcfc..000000000000
mode 100644,100644..100755
--- a/usr.sbin/rpcbind/Makefile
+++ b/usr.sbin/rpcbind/Makefile
@@@ -7,7 -7,6 +7,10 @@@ PROG= rpcbin
MAN= rpcbind.8
SRCS= check_bound.c rpcb_stat.c rpcb_svc_4.c rpcbind.c pmap_svc.c \
rpcb_svc.c rpcb_svc_com.c security.c warmstart.c util.c
++<<<<<<< HEAD
+CFI_OVERRIDE= -fno-sanitize=cfi-icall
++=======
++>>>>>>> upstream/main
CFLAGS+= -DPORTMAP
diff --cc usr.sbin/rtsold/Makefile
index ebbb18ed9ff4,34da996b0f79..000000000000
mode 100644,100644..100755
--- a/usr.sbin/rtsold/Makefile
+++ b/usr.sbin/rtsold/Makefile
@@@ -35,5 -35,4 +35,8 @@@ CFLAGS+= -DWITH_CASPE
LIBADD+= casper cap_syslog nv
.endif
++<<<<<<< HEAD
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
diff --cc usr.sbin/sendmail/Makefile
index b763bd063588,3a74a200f2ed..000000000000
mode 100644,100644..100755
--- a/usr.sbin/sendmail/Makefile
+++ b/usr.sbin/sendmail/Makefile
@@@ -28,8 -28,6 +28,11 @@@ BINMODE=455
BINMODE=2555
.endif
++<<<<<<< HEAD
+CFI_OVERRIDE=-fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
# Define the database format to use for aliases et al.
DBMDEF= -DNEWDB
# If you don't want NIS alias/map support, comment out this line
@@@ -70,9 -68,6 +73,12 @@@ DPADD+=${SENDMAIL_DPADD
LDADD+=${SENDMAIL_LDADD}
LDFLAGS+=${SENDMAIL_LDFLAGS}
++<<<<<<< HEAD
+# HBSDTODO: Research why sendmail compilation fails with SafeStack.
+MK_SAFESTACK= no
+
++=======
++>>>>>>> upstream/main
sm_os.h: ${SENDMAIL_DIR}/include/sm/os/sm_os_freebsd.h .NOMETA
ln -sf ${.ALLSRC} ${.TARGET}
diff --cc usr.sbin/services_mkdb/Makefile
index 700e34c1993a,9d728b6da824..000000000000
mode 100644,100644..100755
--- a/usr.sbin/services_mkdb/Makefile
+++ b/usr.sbin/services_mkdb/Makefile
@@@ -7,8 -7,6 +7,11 @@@ PROG= services_mkd
MAN= services_mkdb.8
SRCS= services_mkdb.c uniq.c extern.h
++<<<<<<< HEAD
+CFI_OVERRIDE=-fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.endian.mk>
.include <src.opts.mk>
.if ${MK_SERVICESDB} != "no"
diff --cc usr.sbin/syslogd/syslog.conf
index 029c4e675318,a556f309d943..000000000000
mode 100644,100644..100755
--- a/usr.sbin/syslogd/syslog.conf
+++ b/usr.sbin/syslogd/syslog.conf
@@@ -30,8 -30,6 +30,11 @@@ daemon.info /var/log/daemon.lo
# Uncomment this if you wish to see messages produced by devd
# !devd
# *.>=notice /var/log/devd.log
++<<<<<<< HEAD
+!pkg,pkg-static
+*.* /var/log/pkg.log
++=======
++>>>>>>> upstream/main
!*
include /etc/syslog.d
include /usr/local/etc/syslog.d
diff --cc usr.sbin/tcpdump/tcpdump/Makefile
index 086688f15b16,1133a0a150d5..000000000000
mode 100644,100644..100755
--- a/usr.sbin/tcpdump/tcpdump/Makefile
+++ b/usr.sbin/tcpdump/tcpdump/Makefile
@@@ -198,7 -198,6 +198,10 @@@ CFLAGS+= -I${SYSROOT:U${DESTDIR}}/usr/i
CFLAGS+= -DHAVE_LIBCRYPTO -DHAVE_OPENSSL_EVP_H
.endif
++<<<<<<< HEAD
+
++=======
++>>>>>>> upstream/main
.if ${MK_PF} != "no"
SRCS+= print-pflog.c \
print-pfsync.c
diff --cc usr.sbin/unbound/Makefile
index 555c0a757e5b,5e747ebb6952..000000000000
mode 100644,100644..100755
--- a/usr.sbin/unbound/Makefile
+++ b/usr.sbin/unbound/Makefile
@@@ -1,6 -1,6 +1,10 @@@
# $FreeBSD$
++<<<<<<< HEAD
+SUBDIR= daemon anchor checkconf control host
++=======
+ SUBDIR= daemon anchor checkconf control
++>>>>>>> upstream/main
SUBDIR+= setup
SUBDIR_PARALLEL=
diff --cc usr.sbin/unbound/checkconf/Makefile
index 087611655500,c10f7eb90959..000000000000
mode 100644,100644..100755
--- a/usr.sbin/unbound/checkconf/Makefile
+++ b/usr.sbin/unbound/checkconf/Makefile
@@@ -13,6 -13,4 +13,9 @@@ CFLAGS+= -I${.CURDIR:H} -I${.CURDIR
LIBADD= unbound pthread
MAN= local-unbound-checkconf.8
++<<<<<<< HEAD
+CFI_OVERRIDE=-fno-sanitize=cfi-icall
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
diff --cc usr.sbin/unbound/daemon/Makefile
index 5b43e0c8e6a1,ee251acee85f..000000000000
mode 100644,100644..100755
--- a/usr.sbin/unbound/daemon/Makefile
+++ b/usr.sbin/unbound/daemon/Makefile
@@@ -14,6 -14,4 +14,9 @@@ CFLAGS+= -I${.CURDIR:H} -I${.CURDIR
LIBADD= unbound util ssl crypto pthread
MAN= local-unbound.8 local-unbound.conf.5
++<<<<<<< HEAD
+NOCFI= yes
+
++=======
++>>>>>>> upstream/main
.include <bsd.prog.mk>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment