FreeBSD git weekly: 2025-09-08 to 2025-09-14

Manpages are very small, and having a separate manpages package for
every base package is quite annoying for users.  Turn this option
off by default.

Discussed with: bapt
Reviewed by:    manu, emaste
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D52417

Fixes:                https://cgit.freebsd.org/src/commit/?id=dd8c666d8b78 ("src.sys.mk: Support src.conf in SRCTOP")

PR:           https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289245
Fixes:          https://cgit.freebsd.org/src/commit/?id=14b61b2e9317 ("man: Add -l option")

Reviewed by:  cem, emaste
MFC after:      2 weeks
Sponsored by:   Stormshield
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D52231

make(1)'s -D flag does not allow for setting the value of the variable.
It just defines the variable and sets its value to 1. In fact, make(1)
treats "=" as just another character in the variable name:

```
$ make -DA=2 -V A  # Output is just an empty line.

$ make -DA=2 -V A=2  # Variable "A=2" is defined and set to "1".
1
```

Fixes:  https://cgit.freebsd.org/src/commit/?id=d25f7d324a9d ports.7: Document DEBUG_FLAGS and the process of debugging ports
MFC after:      3 days

Reviewed by:            bapt@
Approved by:            bapt@
Differential Revision:  https://reviews.freebsd.org/D52436

Reviewed by:  bcr
MFC after:      3 days

MFC after:    3 days
Sponsored by:   Klara, Inc.
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D52489

Document the buildenvvars target and the BUILDENV_SHELL variable.

Sponsored by:           Netflix

Signed-off-by: Miroslav Cimerman <mc@doas.su>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1845

Right now the cutoff values for the RCT and APT tests are computed with
a fixed min-entropy estimate of 1.  In preparation for permitting
alternative estimates for "pure" sources (i.e., hardware noise sources),
extend the code to handle alternative estimates of an integer number of
bits.

For the RCT test, the cutoff is simply the formula from section 4.4.1 of
NIST SP 800-90B.  For the APT test, I used Excel to compute a lookup
table using the formula provided in section 4.4.2.

Reviewed by:    cem
MFC after:      2 weeks
Sponsored by:   Stormshield
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D52228

This variable provides a mask of all registered entropy sources and is
updated when drivers attach and detach (or by sysctl).  However, nothing
was synchronizing accesses to it.  Use the harvest lock to provide
mutual exclusion for updates, and use atomic_load_int() to mark unlocked
reads.

Reviewed by:    cem
MFC after:      2 weeks
Sponsored by:   Stormshield
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D52230

The current implementation of the NIST health tests assumes a
min-entropy estimate of one bit per sample, which is quite conservative.
For so-called "pure" sources (e.g., virtio-random, TPM) it might be nice
to support larger estimates so that the tests catch failed devices more
quickly.

Thus:
- let each pure random source provide an estimate, so that downstreams
  or driver implementors can override defaults if they want to;
- increase the default estimate for pure sources;
- for pure sources initialize the state machine at source registration
  time.

Reviewed by:    cem
MFC after:      2 weeks
Sponsored by:   Stormshield
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D52232

So-called pure sources provide entropy at regular intervals, so the
timestamp counter provides little entropy.  Exclude it from health
testing for such sources.

Reviewed by:    cem, emaste
MFC after:      2 weeks
Sponsored by:   Stormshield
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D52233

vtnet: improve checksum offloading

When transmitting a packet over the vtnet interface, map the
csum flags CSUM_DATA_VALID | CSUM_PSEUDO_HDR to the virtio
flag VIRTIO_NET_HDR_F_DATA_VALID.
When receiving a packet over the virtio network channel, translate
the virtio flag VIRTIO_NET_HDR_F_NEEDS_CSUM not to CSUM_DATA_VALID |
CSUM_PSEUDO_HDR, but to CSUM_TCP, CSUM_TCP_IPV6, CSUM_UDP, or
CSUM_UDP_IPV6.
The second change fixes a series of issue related to checksum
offloading for if_vtnet.
While there, improve the stats counters to allow a detailed view
on what is going on in relation to checksum offloading.

PR:                     https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=165059
Reviewed by:            tuexen, manpages
MFC after:              3 days
Differential Revision:  https://reviews.freebsd.org/D51686

vtnet: fix compilation for NOIP configs

Reported by:    bz
Fixes:          https://cgit.freebsd.org/src/commit/?id=3008f30d2c2c ("vtnet: improve checksum offloading")
MFC after:      3 days

Strictly speaking, opc & 0x3 == 3 is input and output at the same
time. This is undefined, in general. But for vendor commands, it's
vendor specific. Linux allows it generally and treats it as a read,
which is what we do too, so remove this check to be more compatible with
Linux's behavior (which we're trying to emulate).

Sponsored by:           Netflix

Enable sequence number offload.

This should both enable the sequence number offloading and disable
the net80211 TX lock from being acquired/released/checked.

Differential Revision:  https://reviews.freebsd.org/D50747
Okayed by: bz

Enable sequence number offload.

This should both enable the sequence number offloading and disable
the net80211 TX lock from being acquired/released/checked.

Differential Revision:  https://reviews.freebsd.org/D50749
Okayed by: bz

* Enable A-MPDU TX by fixing the A-MPDU TX establish routine;
  always assign sequence numbers from net80211 (for now); and
  fix the descriptor programming.

* Add TODO items around CAM allocation for keys, MAC ID stuff which
  we likely need to fix for working IBSS/AP behaviour, and whatever
  other bits and pieces I noticed.

* Disable amsdu2ampdu, we can decap A-MSDU just fine in net80211,
  doubly so if we somehow get A-MSDU inside an A-MPDU.

I've tested / verified that A-MPDU TX and A-MPDU RX is correctly
established and functioning by using rtwn in monitor mode.

I used an old r92su linux out of tree driver for comparison.

Differential Revision:  https://reviews.freebsd.org/D50748
Okayed by: bz

qlnxe: Unconditionally enable extended media types

Those extended media types are available since about 2015 [1]. All
supported branches already have them defined.

No functional change intended.

[1] eb7e25b22f1c ifmedia changes: Extend the number of available subtypes for Ethernet media ...

Reviewed by:    kbowling
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D52374

qlnxe: Support SIOCGIFXMEDIA ioctl

ifconfig(8) will try SIOCGIFXMEDIA first and then retry SIOCGIFMEDIA if
that fails. Since the driver reports extended media types, support
SIOCGIFXMEDIA ioctl directly rather than doing another round.

Reviewed by:    kbowling
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D52375

qlnxe: Report speeds in decimal format

It is more natural to read the speed in decimal format than hexadecimal
one.

Spotted this while diagnosing PR 287445,

```
[__ecore_configure_pf_max_bandwidth:6864(qlnx-0)]Configured MAX bandwidth to be 000061a8 Mb/sec
[__ecore_configure_pf_min_bandwidth:6922(qlnx-0)]Configured MIN bandwidth to be 750 Mb/sec
```

Reviewed by:    kbowling
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D52376

This restores a check that existed prior to commit be1f7435ef218b1d
("kern: start tracking cr_gid outside of cr_groups[]").

While here, improve pmc_can_attach()'s style by changing the type of
'decline_attach' to 'bool', fixing tests on it, adding missing
parentheses to 'return' statements, and by changing its return value
type to 'bool'.

Fixes:          https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]")
MFC after:      9 days
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D52252

The returned value in this case was wrong, and would basically prevent
some PMC's owner process to attach that PMC to itself although the
security checks underneath would have allowed it.

Now that this early return has been fixed, its block basically becomes
a performance short-circuit which has no effect from a functional
standpoint.

Fixes:          https://cgit.freebsd.org/src/commit/?id=ebccf1e3a6b1 ("Bring a working snapshot of hwpmc(4), ...")
MFC after:      9 days
Sponsored by:   The FreeBSD Foundation

This restores a check that existed prior to commit be1f7435ef218b1d
("kern: start tracking cr_gid outside of cr_groups[]").

Fixes:          https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]")
MFC after:      9 days
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D52253

Originally ixgbe_if_update_admin_status() only handled 1G and 10G speeds,
causing any other speeds to display as "1 Gbps" in link status logs.

This issue is fixed by adding link speed to string conversion logic through
the introduction of a helper function, ixgbe_link_speed_to_str(), which
corrects the misleading logs to reflect accurate link speeds.

Signed-off-by: Yogesh Bhosale yogesh.bhosale@intel.com

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288960
Reported by:    Mike Belanger - QNX
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D52442

Remove the unused function ixgbe_is_media_cage_present that
generates a compiler warning.

Signed-off-by: Yogesh Bhosale yogesh.bhosale@intel.com

Reported by:    markj
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D52467

It may pass packets up the stack and so needs to be called in a network
epoch.  When a watchdog timeout happens, we need to enter a section
explicitly.

Reviewed by:    zlei, glebius, adrian
MFC after:      2 weeks
Sponsored by:   Innovate UK
Differential Revision:  https://reviews.freebsd.org/D51885

PR:           https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288960
Reported by:    michaelo
MFC after:      2 days

PR:           https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286720
Reviewed by:    zlei
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D50491

Reported by:    markj, bz
Approved by:    markj (mentor)
Fixes:  https://cgit.freebsd.org/src/commit/?id=2b74ff5fceb6 ("ichwd: introduce i6300esbwd watch dog driver")
Differential Revision: https://reviews.freebsd.org/D52476

The new Framework 16 with ALC285 exhibits the same issue as the previous
model. Therefore, we apply the same fix to the new model.

Reviewed by:    emaste, Daniel Schaefer <dhs@frame.work>
Approved by:    lwhsu (mentor)
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Framework Computer Inc
Differential Revision: https://reviews.freebsd.org/D52423

cxgbe tom: Halve the size of offload transmit software descriptors

Use bitfields to pack tx_credits and plen into a single 32-bit word.

Reviewed by:    np
Sponsored by:   Chelsio Communications
Differential Revision:  https://reviews.freebsd.org/D47759

cxgbe tom: Support sending "raw" WR mbufs on plain TCP and TLS sockets

This is intended to support control work requests that manipulate
connection state but do not transmit data.  Raw WRs are transmitted
immediately if possible, otherwise they are queued to an mbufq in the
toe pcb until sufficient credits are available.  Raw WRs take
precendence over transmitting socket data.

Reviewed by:    np
Sponsored by:   Chelsio Communications
Differential Revision:  https://reviews.freebsd.org/D47761

cxgbe tom: Export alloc_raw_mbuf for use in other TOE drivers

Reviewed by:    np
Sponsored by:   Chelsio Communications
Differential Revision:  https://reviews.freebsd.org/D47762

cxgbe tom: Send auxiliary TLS work requests as raw WR mbufs

In particular, the work request to update the TCB state when switching
from plain TCP to TLS is now queued on the connection's offload
transmit queue rather than over the per-port control queue.

This also handles an unlikely edge case that a connection does not
have sufficient credits to transmit other work requests synchronously
such as programming the key in on-card memory or altering TCB fields.

Reviewed by:    np
Sponsored by:   Chelsio Communications
Differential Revision:  https://reviews.freebsd.org/D47763

igb VF must not read normal stat registers and only read a limited
set of registers.  The PF registers also don't make since as the VF
is an internal port, and there is no PHY to collect stats like CRC
errors from.

PR:     https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282309
Obtained from:  Juniper Networks, Inc.
Differential Revision:  https://reviews.freebsd.org/D52326

So gcc12 doesn't understand that t->udelay is >= 1, so thinks that noack
might be unset sometimes. While we specifically constrain this on direct
assignment, there's a sysctl that might not. This is likely also a bug.
Instead of uglifying everything by using MAX(1, sc->udelay), I rewrote
the for loop as a do-while loop (which arguably dictates intent better
because this code clearly assumes it will be executed once).

Sponsored by:           Netflix

We detect an error condiction and print it. And then unconditionally
jump to the err code, which is incorrect. It's clear from indentation
and code tracing there should be braces here.

Sponsored by:           Netflix

Help the flow analysis in gcc12 by initializing scsi_reply to NULL and
testing it along with sense_buf. Sense buf should be non-null only in
this code path, but might also be non-null if the PA for is somehow set
to zero. I debated adding an assert for the latter, but opted to instead
preserve existing behavior.

Also set host_diagnostic to 0. gcc12 can't quite realize that we only
test it after we've been through this loop at least once to report an
error condition. Initialize to 0 to avoid a diagnostic.

Sponsored by:           Netflix

If we have outstanding tractions and then poll and still have
outstanding transactions, we print a warning. However, we print the
warning, confusingly, even if there's 0 left. Enclose the two statements
in {} to avoid this relatively harmless effect and quiet gcc12's
indentation complaint.

Sponsored by:           Netflix

This is as opposed to using ACPI sleep states (`ACPI_STATE_S*`). We now
use `POWER_STYPE_*` added in D52036.

This is in preparation for adding support for s2idle, which is not an
ACPI sleep state, but needs to be handled specially by
`acpi_EnterSleepState`.

Supersedes D48732.

Reviewed by:    mckusick (mentor), markj
Approved by:    mckusick (mentor), markj
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D52043

The commit in Fixes: introduced logging the output bits from
ieee80211_vht_get_vhtflags().  This ends up causing quite a lot
of logging when net80211 is doing things like processing
received beacons.

So just remove the logging; if it's needed again then a developer
can add it back to that location, or just use dtrace to capture
the return value.

Fixes:  https://cgit.freebsd.org/src/commit/?id=4bf049bfeefd9
Differential Revision: https://reviews.freebsd.org/D52142
Reviewed by:    bz

net80211 has various places where null data / null qos data frames
are sent.  However plenty of NICs shouldn't be sending them from
net80211 and it may even upset their 802.11n window / sequence number
tracking.

So add support here.

Differential Revision:  https://reviews.freebsd.org/D52297
Reviewed by:    bz

The legacy code handling -j in display() was causing xo_finish() to be
skipped.  It has also been causing a memory leak since 0726c6574f8
(sockstat: Add automatic column sizing and remove -w option)

Fixes:          https://cgit.freebsd.org/src/commit/?id=7b35b4d1963 (sockstat: add libxo support)
MFC after:      1 week
Reported by:    glebius
Reviewed by:    glebius
Sponsored by:   ConnectWise
Pull Request:   https://github.com/freebsd/freebsd-src/pull/1842

No functional change intended.

MFC after:      3 days
Sponsored by:   Netflix, Inc.

pf_pull_hdr() allows to pass an action pointer parameter as output
value.  This is never used, all callers pass a NULL argument.  Remove
ACTION_SET() entirely.

The logic (fragoff >= len) in pf_pull_hdr() does not work since
revision 1.4.  Before it was used to drop short TCP or UDP fragments
that contained only part of the header.  Current code in pf_pull_hdr()
drops the packets anyway, so always set reason PFRES_FRAG.

OK kn@ sashan@

Obtained from:  OpenBSD, bluhm <bluhm@openbsd.org>, 46650f23db
Sponsored by:   Rubicon Communications, LLC ("Netgate")

Update to current convention of using fcntl.h O_* flags instead of vnode.h IO_*
ones, as explained in sys/fs/devfs/devfs_vnops.c.

Signed-off-by: Quentin Thébault <quentin.thebault@defenso.fr>
Reviewed by: imp, jhb
Pull Request: https://github.com/freebsd/freebsd-src/pull/1827

Return success when FIONBIO or FIOASYNC ioctl are received in order to support
being set to non-blocking through fcntl(2). We return an error on FIOASYNC with
non-zero data argument since we do not support O_ASYNC.

Signed-off-by: Quentin Thébault <quentin.thebault@defenso.fr>
Reviewed by: imp, jhb
Pull Request: https://github.com/freebsd/freebsd-src/pull/1827

Outbound VLAN filtering wasn't being done for host-originated frames,
because bridge_output was missing a call to bridge_vfilter_out, like
in bridge_forward and bridge_broadcast.

Rather than adding another call, move the filtering to bridge_enqueue,
which ensures all frames will be filtered.  This slightly changes the
observable behaviour since we now do pfil before vlan filtering, but
that's probably closer to what users expect anyway.

MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D52380

Current leap-seconds file has already expired on 28 June 2025

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289352
Obtained from:  https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.3960835200
MFC after:      3 days

error: 'static' is not at beginning of declaration [-Werror=old-style-declaration]

All datasets on zroot pool are compressed by default since FreeBSD 11.0 [1],
no need to mention that on some specific datasets these days.

[1] 47206692f2cca020891d1eec5028e02c3e6f56c5

Reviewed by:    jrm (mentor), ziaee
MFC after:      3 days
Differential Revision:   https://reviews.freebsd.org/D52304

This is needed to fix bootstrapping on FreeBSD versions before commit
56ee5c551f89 ("sysctl: make sys/sysctl.h self contained").  Moreover,
certctl should really be including sys/types.h directly since it uses
size_t.

MFC after:      1 week

loader/efi: return error from efi_find_framebuffer

Also return actual errno values in other code paths.
(suggested by tsoome)

Reviewed by:    tsoome, imp
Differential Revision:  https://reviews.freebsd.org/D52432

loader/efi: plug memory leak

Reviewed by:    tsoome
Differential Revision:  https://reviews.freebsd.org/D52433

loader/efi: remove is_last parameter from find_currdev

It is unused.

Reviewed by:    tsoome
Differential Revision:  https://reviews.freebsd.org/D52434

Translate the given errno to an efi status instead of always exiting
with EFI_LOAD_ERROR.

This helps future developers when adding additional options handlers in the
surrounding blocks.

This is effectively a no-op.

MFC after:      1 month

Put -I in its proper place alphabetically

Sponsored by:           Netflix

nanobsd: Expose do_image_prep on command line

do_image_prep will skip the customizations and other image prep that's
the same each time. It was just set before for -I. Expose it now with -p
which doesn't have the other side effects. Also, fix a bug where early
customization was run in this case. We don't want that run multiple
times when building an image from an existing tree or when skipping
image prep (there's no reason to make it a separate hook). Also change
example small media from Compact Flash to SD Card (though maybe it
should be microSD card, eMMC or similar, but that's getting too
verbose).

Sponsored by:           Netflix

nanobsd: Fix the p flag

Fix the "p" flag in the manual page.
While here, add the flag to the usage instructions.

Reviewed by:    imp
Approved by:    emaste (mentor)
Fixes:  https://cgit.freebsd.org/src/commit/?id=90593b1bdb80 ("nanobsd: Expose do_image_prep on command line")
Differential Revision:  https://reviews.freebsd.org/D52508

Reported by:  Michael Dexter
Fixes:          https://cgit.freebsd.org/src/commit/?id=72d01e62b082 netgraph: teach ngctl to attach and run itself in a jail
MFC after:      1 day

Pointy hat to:        vexeduxr
Reported by:    Bakul Shah

When sending UDP packets:
* compute the checksum in the correct order. This only has an impact
  if the length of the payload is odd.
* don't send packet with a checksum of zero, use 0xffff instead as
  required.
When receiving UDP packets:
* don't do any computations when the checksum is zero.
* compute the checksum in the correct order. This only has an impact
  if the length of the payload is odd.
* when computing the checksum, store the pseudo header checksum
* if the checksum is computed as zero, use 0xffff instead.
* also accept packets, when the checksum in the packet is the pseudo
  header checksum.
The last point fixes a problem when the DHCP client runs in a VM,
the DHCP server runs on the host serving the VM and the network
interface supports transmit checksum offloading. Since dhclient
doesn't use UDP sockets but bpf devices to read the packets, the
checksum will be incorrect and only contain the checksum of the
pseudo header.

PR:                     https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263229
Reviewed by:            markj, Timo Völker
Tested by:              danilo
MFC after:              3 days
Differential Revision:  https://reviews.freebsd.org/D52394

Use pfctl_fopen (which checks to ensure the given file isn't a directory)
for pfctl -f /path/to/pf.conf. Otherwise, if you accidentally use a dir
instead of a file (e.g. if you have an /etc/pf directory and don't notice
the name when tab-completing), you successfully install an empty ruleset.
ok sashan@

Obtained from:  OpenBSD, sthen <sthen@openbsd.org>, 2f48098846
Sponsored by:   Rubicon Communications, LLC ("Netgate")

Currently 'pfctl -a "*" -sr' recursively walks anchor tree and shows
rules found in every anchor. This commit introduces the same behavior
for tables. Command 'pfctl -a "*" -sT' prints all tables attached to
every anchor loaded to pf(4).

Inconsistency has been noticed by Klemens (kn@).

OK @bluhm, OK @kn

Obtained from:  OpenBSD, sashan <sashan@openbsd.org>, 3898e3532e
Sponsored by:   Rubicon Communications, LLC ("Netgate")

The fix to pfctl_kill_src_nodes() comes from Olivier Croquin.
bluhm@ pointed out pfctl_net_kill_states() suffers from the
same copy'n'paste typo. Commit combines both fixes.

OK @bluhm, OK @kn

Obtained from:  OpenBSD, sashan <sashan@openbsd.org>, cde97ca321
Sponsored by:   Rubicon Communications, LLC ("Netgate")

Reported by:  bdrewery
MFC after:      1 week
See also:       da50f49977cc4e6aae55cb2379313599249a8dd2
Sponsored by:   Rubicon Communications, LLC ("Netgate")

While here, improve userlist error message.

PR:                     https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289399
MFC after:              3 days
Reviewed by:            kbowling, rgrimes
Approved by:            kbowling, rgrimes (src)
Reported by:            michaeldexter, rgrimes
Differential Revision:  https://reviews.freebsd.org/D52464

MFC After:    1 day
Sponsored by:   Amn Afzar Hoopad Inc
Differencial Revision:  https://reviews.freebsd.org/D52418

StartImage() may return additional data from failure. This data
has text message followed by optional binary blob. Print
out the text message (if present) and free the data.
See 7.4.2 EFI_BOOT_SERVICES.StartImage() page 199
UEFI_Spec_Final_2.11.pdf.

Reviewed by:    imp

nuageinit: chmod sudoers directory instead of chmod (again) sudoers file

* Set mode of sudoers to 0440.

Reviewed by:            bapt@, jlduran@
Approved by:            bapt@, jlduran@
Differential Revision:  https://reviews.freebsd.org/D52438

nuageinit: Allow the use of network parameters from network-config

To better comply with the cloud-init specification, we need to
support the configuration of network-related parameters from
the network-config file, which is common in most deployments.

Reviewed by:            bapt@
Approved by:            bapt@
Differential Revision:  https://reviews.freebsd.org/D52419

nuageinit: Add doas support

* Set mode of etc directory to 0755.
* Use user.localbase sysctl instead of /usr/local.
* Add test case for doas.
* Set ${LOCALBASE} instead of /usr/local in nuageinit(7) man page.

Reviewed by:            bapt@
Approved by:            bapt@
Differential Revision:  https://reviews.freebsd.org/D52437

nuageinit: Add me to copyright list

Approved by:    bapt@

It is referred to in the documentation as the system crontab, not root's
crontab.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289099
Reviewed by:    emaste
Approved by:    emaste (mentor)
Fixes:  https://cgit.freebsd.org/src/commit/?id=d33daab9348a ("Call /etc/crontab the "system crontab", not "root's crontab".  While here, fix some other wording issues")
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D52503

guid here is only used for EFI_ZFS_BOOT, so move the ifdef.

Noticed by: wosch and clang 20
Sponsored by:           Netflix

Like lastjid, desc should count as a pseudo-parameter.  The difference
lies entirely in the security.jail.param sysctls, which list all of
the jail parameters.  Since desc opens and returns a file descriptor,
it has no place in such uses as "jls all."  Like lastjid, it's still
recognized by the kernel if passed in/out, and hard-coded into libjail
so it can be recognized there.

MFC after:      3 days

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1843

In particular, fixes 'procstat -s -M' (only if there are less than 16
groups).

Reviewed by:    kib, emaste
Fixes:          https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]")
MFC after:      9 days
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D52260

PR:   https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289447
MFC after:      1 week

libc: prevent incorrect %a/%La rounding at full precision

In __hdtoa() and __hldtoa(), rounding is incorrectly applied when
the requested precision exactly matches the number of significant
hexadecimal digits. In this case, the redux adjustment can trigger
an unintended exponent increment and shift the rounding position
left by one bit. This causes the least significant digit to be
rounded incorrectly.

The fix adds a new condition based on MAX_HEX_DIGITS (derived from
MANT_DIG) so that rounding is performed only when precision is
strictly less than the number of significant digits. This avoids
the unintended shift while preserving correct rounding for other
cases.

A new regression test
(printfloat_test:hexadecimal_rounding_offset_eq_exp) covers both
the binary64 (%.13a) and binary128 (%.28La on arm64) cases that
previously fail, ensuring the bug does not regress.

Note: MAX_HEX_DIGITS represents the maximum number of hexadecimal
digits needed to express the mantissa. It is computed by subtracting
the implicit integer bit from [L]DBL_MANT_DIG, dividing the remaining
mantissa bits by 4 (with +3 to round up any remainder), and finally
adding +1 for the leading integer digit. This makes its meaning
explicit and distinct from SIGFIGS, which serves a different purpose.

Fixes: https://cgit.freebsd.org/src/commit/?id=76303a9735ee ("Make several changes to the way printf handles hex floating point (%a):")
Signed-off-by: Osamu Sho <osamusho@gmail.com>
Reviewed by: imp,jlduran
Pull Request: https://github.com/freebsd/freebsd-src/pull/1837

Fix floaing point test.

I botched a style fix to a pull request, and didn't catch it on amd64,
but it broke almost everything else. It's a false positive to the style
program and spaces cannot be inserted here. It's not math, but a funky
notation.

Fixes: https://cgit.freebsd.org/src/commit/?id=9dd78db9c30a

Fix floaing point test. (again)

Fixes: https://cgit.freebsd.org/src/commit/?id=9dd78db9c30a

This comment is obsolete, as:
1. This code is FreeBSD-specific and is not shared with other BSDs.
2. With our recent changes in commit be1f7435ef218b1d ("kern: start
   tracking cr_gid outside of cr_groups[]"), all of NetBSD, OpenBSD and
   FreeBSD have the effective GID in a separate field (DragonFlyBSD
   remains to this day an outlier).

MFC after:      9 days
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D52254

Fixes:          https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]")
MFC after:      9 days
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D52256

Reviewed by:    kib
Fixes:          https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]")
MFC after:      9 days
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D52257

EBADF semantic is that the passed fd is invalid, not that it is of wrong
type.  Using EBADF in these places in kern_event.c and sys_procdesc.c
give bad examples to copy from.

Note that places in kern_event.c that checks KQ_CLOSING and return EBADF
are kept, since KQ_CLOSING is the transient state before the fd is
finally closed and become eligible for EBADF.

Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D52410

Most pure sources work under a "pull" model wherein a dedicated thread
polls the source at regular intervals (every 100ms).  A couple of
sources, however, will instead call random_harvest_direct() to provide
entropy samples.  Such sources were not calling random_source_register()
and thus weren't in the global random source list.

Modify "push" sources to use random_source_register() like other sources
do.  Such sources omit an implementation of rs_read and are thus skipped
by the above-mentioned thread.  This makes it easier to allow pure
sources to provide a min-entropy estimate in a uniform way.

Reviewed by:    cem
MFC after:      2 weeks
Sponsored by:   Stormshield
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D52229

If passed the parent of a device instead of the device, the loop might
end up with the host bridge in the pci local variable.  If the passed
device is not from the pci hierarchy, any of the calculated parents
might be NULL.

Change the interface to allow the caller to receive error.
Instead of asserting, just issue a message and return ENXIO,
allowing the caller to select appropriate action.

PR:     https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289318
Reviewed by:    jah
Sponsored by:   The FreeBSD Foundation
MFC after:      2 weeks
Differential revision:  https://reviews.freebsd.org/D52406

PR:   https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289204
Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D52421

For kernel threads, ASTs are not handled at all, so there is no reason
to expect that g_waitidle() would be called through AST scheduling.

PR:     https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289204
Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D52421

vm_domainset: Only probe domains once when iterating, instead of up to 4 times

Because of the 'di_minskip' logic, which resets the initial domain, an
iterator starts by considering only domains that have more than
'free_min' pages in a first phase, and then all domains in a second one.
Non-"underpaged" domains are thus examined twice, even if the allocation
can't succeed.

Re-scanning the same domains twice just wastes time, as allocation
attempts that must not wait may rely on failing sooner and those that
must will loop anyway (a domain previously scanned twice has more pages
than 'free_min' and consequently vm_wait_doms() will just return
immediately).

Additionally, the DOMAINSET_POLICY_FIRSTTOUCH policy would aggravate
this situation by reexamining the current domain again at the end of
each phase.  In the case of a single domain, this means doubling again
the number of times domain 0 is probed.

Implementation consists in adding two 'domainset_t' to 'struct
vm_domainset_iter' (and removing the 'di_n' counter).  The first,
'di_remain_mask', contains domains still to be explored in the current
phase, the first phase concerning only domains with more pages than
'free_min' ('di_minskip' true) and the second one concerning only
domains previously under 'free_min' ('di_minskip' false).  The second,
'di_min_mask', holds the domains with less pages than 'free_min'
encountered during the first phase, and serves as the reset value for
'di_remain_mask' when transitioning to the second phase.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277476
Fixes:          https://cgit.freebsd.org/src/commit/?id=e5818a53dbd2 ("Implement several enhancements to NUMA policies.")
Fixes:          https://cgit.freebsd.org/src/commit/?id=23984ce5cd24 ("Avoid resource deadlocks when one domain has exhausted its memory."...)
MFC after:      10 days
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D51249

vm_domainset: Simplify vm_domainset_iter_next()

As we are now visiting each domain only once, the test in
vm_domainset_iter_prefer() about skipping the preferred domain (the one
initially visited for policy DOMAINSET_POLICY_PREFER) becomes redundant.
Removing it makes this function essentially the same as
vm_domainset_iter_rr().

Thus, remove vm_domainset_iter_prefer().  This makes all policies behave
the same in vm_domainset_iter_next().

No functional change (intended).

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277476
MFC after:      10 days
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D51250

vm_domainset: Refactor iterators, multiple fixes

vm_domainset_iter_first() would not check if the initial domain selected
by the policy was effectively valid (i.e., allowed by the domainset and
not marked as ignored by vm_domainset_iter_ignore()).  It would just try
to skip it if it had less pages than 'free_min', and would not take into
account the possibility of no domains being valid.

Factor out code that logically belongs to the iterator machinery and is
not tied to how allocations (or impossibility thereof) are to be
handled.  This allows to remove duplicated code between
vm_domainset_iter_page() and vm_domainset_iter_policy(), and between
vm_domainset_iter_page_init() and _vm_domainset_iter_policy_init().
This also allows to remove the 'pages' parameter from
vm_domainset_iter_page_init().

This also makes the two-phase logic clearer, revealing an inconsistency
between setting 'di_minskip' to true in vm_domainset_iter_init()
(implying that, in the case of waiting allocations, further attempts
after the first sleep should just allocate for the first domain,
regardless of their situation with respect to their 'free_min') and
trying to skip the first domain if it has too few pages in
vm_domainset_iter_page_init() and _vm_domainset_iter_policy_init().  Fix
this inconsistency by resetting 'di_minskip' to 'true' in
vm_domainset_iter_first() instead so that, after each vm_wait_doms()
(waiting allocations that could not be satisfied immediately), we again
start with only the domains that have more than 'free_min' pages.

While here, fix the minor quirk that the round-robin policy would start
with the domain after the one pointed to by the initial value of
'di_iter' (this just affects the case of resetting '*di_iter', and would
not cause domain skips in other circumstances, i.e., for waiting
allocations that actually wait or at each subsequent new iterator
creation with same iteration index storage).

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277476
Tested by:      Kenneth Raplee <kenrap_kennethraplee.com>
Fixes:          https://cgit.freebsd.org/src/commit/?id=7b11a4832691 ("Add files for r327895")
Fixes:          https://cgit.freebsd.org/src/commit/?id=e5818a53dbd2 ("Implement several enhancements to NUMA policies.")
Fixes:          https://cgit.freebsd.org/src/commit/?id=23984ce5cd24 ("Avoid resource deadlocks when one domain has exhausted its memory."...)
MFC after:      10 days
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D51251

Fix the comment introducing the 'wlan_*' devices (AES-CCMP is missing)
after introducing AES-GCMP.

While here, re-order the devices in order of appearance of the related
technologies.

No functional change (intended).

Reviewed by:    adrian, emaste
Fixes:          https://cgit.freebsd.org/src/commit/?id=7bf82ea4fdda ("sys: add wlan_gcmp to GENERIC kernels as appropriate")
MFC after:      3 days
MFC to:         stable/15
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D52444

Following commit be1f7435ef218b1d ("kern: start tracking cr_gid outside
of cr_groups[]"), cr_groups[] doesn't contain the effective GID anymore.
Fix the 'show proc' DDB command to show it again, and make it stand out
with respect to the supplementary ones.

Fixes:          https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]")
MFC after:      9 days
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D52251

Fixes 'procstat -s' run on a core file when the number of groups in
effect at the moment of core dump exceeds KI_NGROUPS (16).

Reviewed by:    kib
Fixes:          https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]")
MFC after:      9 days
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D52258

In particular, fixes 'procstat -s' on a live system or a core file (only
if there are less than 16 groups).

Reviewed by:    kib
Fixes:          https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]")
MFC after:      9 days
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D52259

In particular, fixes 'procstat -s' on a live system (for processes with
more than 16 groups).

Reviewed by:    kib, emaste
Fixes:          https://cgit.freebsd.org/src/commit/?id=be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]")
MFC after:      9 days
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D52261

Following fd9e09cb, EBADF is not the suitable error code for a non-
jail descriptor passed to jail_set, jail_get, jail_attach_fd, and
jail_remove_fd.

Reported by:    kib

- Fix an mbuf leak with iflib.simple_tx=1 when we run out of tx descs
in iflib_encap().  It seems odd to free the mbuf in iflib_encap(),
but that routine consumes mbufs for other reasons, and it seemed
safest to free there rather than have the simple tx routine parse
return values to determine what needed to be freed.

- Increment counters for output drops when ENOBUFS is encountered
and output errors when other transmit errors are encountered for both
the simple and normal tx routines.

- Performed driver changes so that iflib drivers now add the generic
output drop and output error counters to their private counters in their
ifdi_get_counter routines.

Reviewed by: kbowling, markj
Differential Revision: https://reviews.freebsd.org/D52369
Sponsored by: Netflix

Reviewed by:  andrew
Obtained from:  CheriBSD
Differential Revision:  https://reviews.freebsd.org/D52401

Currently, F_SETFL always invokes FIONBIO and FIOASYNC ioctls on the
file descriptor even if the state of the associated flag has not
changed.  This means that a character device driver that implements
non-blocking I/O but not async I/O needs a handler for FIOASYNC that
permits setting the value to 0.  This also means that
fcntl(fd, F_SETFL, fcntl(fd, F_GETFL)) can fail for a character device
driver that does not handle both FIONBIO and FIOASYNC.  These
requirements are not obvious nor well documented.

Instead, only invoke FIONBIO and FIOASYNC if the relevant flag changes
state.  This only requires a device driver to implement support for
FIONBIO or FIOASYNC if it supports the corresponding flag.

While here, if a request aims to toggle both F_NOBLOCK and F_ASYNC and
FIOASYNC fails, pass the previous state of F_NONBLOCK to FIONBIO
instead of always disabling non-blocking I/O and then possibly
reverting the flag back to on in f_flags.

Reviewed by:    mckusick, imp, kib, emaste
Differential Revision:  https://reviews.freebsd.org/D52403

struct sysinit's func pointer requires its address, thus a real function
is generated in every translation unit when the source file has SYSINITs
declared. That results in plenty of identical sysinit_tslog_shim in the
final kernel file, in which only one is used and others are left useless.

MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D52413

Otherwise we don't do anything to kick vcpu threads out of a sleep
state when destroying a VM.  For instance, suppose a guest executes hlt
on amd64 or wfi on arm64 with interrupts disabled.  Then,
bhyvectl --destroy will hang until the vcpu thread somehow comes out of
vm_handle_hlt()/vm_handle_wfi() since destroy_dev() is waiting for vCPU
threads to drain.

Note that on amd64, if hw.vmm.halt_detection is set to 1 (the default),
the guest will automatically exit in this case since it's treated as a
shutdown.  But, the above should not hang if halt_detection is set to 0.

Here, vm_suspend() wakes up vcpu threads, and a subsequent attempt to
run the vCPU will result in an error which gets propagated to userspace,
allowing destroy_dev() to proceed.

Add a new suspend code for this purpose.  Modify bhyve to exit with
status 4 ("exited due to an error") when it's received, since that's
what'll happen generally when the VM is destroyed asynchronously.

Reported by:    def
MFC after:      2 weeks
Sponsored by:   Innovate UK
Differential Revision:  https://reviews.freebsd.org/D51761

Jail descriptors were given a file-like mode, user, and group, for the
purpose of controlling how the descriptor may be used.  This is too far
removed from the file paradigm to make sense.  Remove it in favor of a
better access control method to be added, such as Capsicum.

Also add missing code in jaildesc_fill_kinfo.

Reported by:    crest at rlwinm.de, kib
MFC after:      3 days

When freeing the last reference of the net80211 node the net80211
node_free() code may directly call into the crypto code to delete
the keys.  While we still holding the wiphy lock this would lead to
a recursion on the non-recursive wiphy lock.  Defer freeing the
reference until we are back under the net80211 com lock.

Reported by:    Mark Phillips (mark freebsdfoundation.org) on 15.0-ALPHA1
MFC after:      3 days

Separate ossl's existing AES-NI GCM implementation into a common
ossl_aes_gcm.c and add conditionals to switch between OpenSSL's AES-NI
and POWER8 GCM routines depending on the architecture. Since the
existing AVX-512 implementation is less agnostic, move it into a
separate ossl_aes_gcm_avx512.c.

Reviewed by:    markj
MFC after:      1 month
Differential Revision:  https://reviews.freebsd.org/D44274

Instead of using the EVFILT_PROC model of attempting to automatically
register new events when a child jail is created, just give a single
event when a child jail is created.  As was already done with jail
attach events, make a best-effort report of the added jail's id in
kn_data.  If the are multiple NOTE_JAIL_CHILD and/or NOTE_JAIL_ATTACH
events, set the NOTE_JAIL_MULTI flag, and don't report anything in
data, indicating that the caller will need to query the system state
on their own.

MFC after:      3 days

We also need to destroy the rw_lock when we free the softc.

Noticed by: markj
Fixes: https://cgit.freebsd.org/src/commit/?id=656f7f43f204
Sponsored by:           Netflix

Give jail descriptors the same kevent flags as jails.  Also fix the
event reporting in jails, where it was including data for events the
user didn't ask for.

MFC after:      3 days

sdt hotpatching was implemented, thus a remark about usefulnes of doing
it was removed.

Apart from that a bunch of expanded/reworded explanations.

Improvement in terms of the quality of the use the English language
was a non-goal and was most likely not achieved.

See the added comment.

The entire notion of how vnodes are doomed needs to be reworked, but the
bare minimum would be to have filesystems provide ops for doomed nodes
and keep ->v_data around at least until they are done with it.

PR:   https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289504
Reported by:    Damjan Jovanovic <damjan.jov@gmail.com>
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week

g_provider_by_name already skips the leading '/dev/' so these if
statements are redundant. This changes some error messages, but those
aren't parsed. g_concat also calls g_concat_find_disk, but it also skips
/dev/ if present at the start of the string.

Reviewed by: imp, Elliot Mitchell
Pull Request: https://github.com/freebsd/freebsd-src/pull/1793

This partially reverts fd9e09cb2ab0, since apparently QT depends on this
specific error code.  It seems that it applies pdgetpid() to random fds
and filters non-procdescs by checking errno for EBADF.

Reported by:    arrowd, Kenneth Raplee <kenrap@kennethraplee.com>
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week

Remove sys/cdefs.h.
Remove unneeded sys/param.h.

Reviewed by:    alc, markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D51474

Reviewed by:  alc, markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D51474

vm_fault: add vm_fault_might_be_cow() helper

The helper checks that the object containing the fs->m page is not the
top object in the shadow chain.

Reviewed by:    alc, markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D51474

vm_fault: add helper vm_fault_can_cow_rename()

Reviewed by:    alc, markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D51474

vm_fault: try to only share-busy page for soft faults

If the fault handler found a vaild page that is definitely not going to be
renamed for COW, try to only sbusy the page.  We do not need to validate
the page, and parallel faults on the same address are excluded by the
xbusy state of the page from the top object.

Reviewed by:    alc, markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D51474

vm_fault: assert that first_m is xbusy

There are several invariants, most important of which is prevention of
parallel faults handling, that depend on first_m being xbusy for the
duration of the page fault processing.

Suggested by:   markj
Reviewed by:    alc, markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D51474

Pull out the sleep types (stype) from ACPI, as was previously being
done in D48732, and pass this sleep type to `power_pm_fn` instead of
passing the existing sleep state. This is a little awkward because we
already kinda have generic sleep states (`POWER_SLEEP_STATE_*`), but
these are not precise enough to build upon.

This revision also adds generic equivalents to `hw.acpi.suspend_state`
etc sysctls, e.g. `kern.power.suspend`.

Reviewed by:    markj, mckusick (mentor)
Approved by:    markj, mckusick (mentor)
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D52036

Allow PM backends to report supported sleep types when registering
through `power_pm_register`. Expose this information through
`kern.power.supported_stype` sysctl, and set defaults for
`power_standby/suspend/hibernate_stype` based on this.

Implement this in ACPI PM backend.

Reviewed by:    mckusick (mentor), markj
Approved by:    mckusick (mentor), markj
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D52044

MFC after:    1 week
Differential Revision:  https://reviews.freebsd.org/D52008

It was added to the list in bsd.opts.mk in commit 4f81c42fbd76, so
should have been removed here.

Reported by:    cperciva
Fixes:          https://cgit.freebsd.org/src/commit/?id=4f81c42fbd76 ("share/mk: Substitute reproducible prefixes in dwarf info")
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Klara, Inc.

Reviewed by:  tsoome
Differential Revision:  https://reviews.freebsd.org/D52431

sysutils/panicmail is specified again several lines down.

MFC after:      1 week
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Klara, Inc.

src.sys.mk: Support src.conf in SRCTOP

If SRCCONF is not defined and src.conf exists at the top level of the
source tree, use that instead of /etc/src.conf.

MFC after:      3 days
Reviewed by:    kevans, imp
Differential Revision:  https://reviews.freebsd.org/D52470

UPDATING: mention the src.conf change

Fixes:          https://cgit.freebsd.org/src/commit/?id=dd8c666d8b78 ("src.sys.mk: Support src.conf in SRCTOP")

Manpages are very small, and having a separate manpages package for
every base package is quite annoying for users.  Turn this option
off by default.

Discussed with: bapt
Reviewed by:    manu, emaste
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D52417

Verify that the target file or directory exists, and add support for an
optional mode.  This is required to enable NO_ROOT builds of some
cloudware image types.  No functional change intended.

Reviewed by:    cperciva, emaste
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D52449

Some services, such as growfs, only run upon the first boot of an image.
The first boot is indicated by the presence of the file /firstboot,
which is unlinked after boot.

Individual cloudware types shouldn't be responsible for creating it.  Do
so in a centralized place.  Aside from simplifying things, this ensures
that we create a metalog entry for the firstboot file.

Reviewed by:    cperciva, emaste
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D52450

The “all.sh” script in version 7.1.0 accepts one less parameter for
selecting the tests to be run.

Add extra defines required for bc-7.1.0 to the Makefiles.

PRINC_LOOK_AHEAD is the upstream default. Normally ksu determines the
target princiapl by (quoted from the man page)

a. default principal of the source cache

b. target_user@local_realm

c. source_user@local_realm

With PRINC_LOOK_AHEAD emabled, for each candidate in the above
list, select an authorized principal that has the same realm name
and first part of the principal name equal to the prefix of the
candidate. For example if candidate a) is jqpublic@ISI.EDU and
jqpublic/secure@ISI.EDU is authorized to access the target account
then the default principal is set to jqpublic/secure@ISI.EDU.

Case 2: source user is root.

If the target user is non-root then the default principal name
is target_user@local_realm.  Else, if the source cache exists
the default principal name is set to the default principal of
the source cache.  If the source cache does not exist, default
principal name is set to root\@local_realm.

This commit restores the same behaviour as Heimdal ksu.

Reported by:            Dan Mahoney <dmahoney@isc.org>
Requested by:           Dan Mahoney <dmahoney@isc.org>
MFC after:              3 days
MFC to:                 15/stable
Differential revision:   https://reviews.freebsd.org/D52478

MFC After:    1 day

packages: Use LIB_PACKAGE for zfs and ufs packages

Commit f9513c334ff7 moved the shared libraries for ZFS and UFS into
separate packages (libzfs and libufs), which resulted in a rather
large number of packages being created, e.g. for ZFS:

FreeBSD-libzfs
FreeBSD-libzfs-dbg
FreeBSD-libzfs-dbg-lib32
FreeBSD-libzfs-dev
FreeBSD-libzfs-dev-lib32
FreeBSD-libzfs-lib32
FreeBSD-zfs
FreeBSD-zfs-dbg
FreeBSD-zfs-dbg-lib32
FreeBSD-zfs-dev
FreeBSD-zfs-dev-lib32
FreeBSD-zfs-lib32
FreeBSD-zfs-man

Use LIB_PACKAGE instead, which significantly reduces the number of
packages:

FreeBSD-zfs
FreeBSD-zfs-dbg
FreeBSD-zfs-dbg-lib32
FreeBSD-zfs-dev
FreeBSD-zfs-dev-lib32
FreeBSD-zfs-lib
FreeBSD-zfs-lib32
FreeBSD-zfs-man

MFC after:      3 days
Reviewed by:    bapt
Differential Revision:  https://reviews.freebsd.org/D52416

packages: Add correct license for zoneinfo

Source: contrib/tzdata/LICENSE

MFC after:      3 days
Reviewed by:    bapt
Differential Revision:  https://reviews.freebsd.org/D51886

packages: Add meta-package sets

Add several metapackages which contain no files themselves, but depend
on other packages.  This allows the user to install a system by using
a set like "FreeBSD-set-minimal" instead of having to know which
specific packages are required, and it means if we add more package
in the future, existing installations will get them automatically as
long as they were installed using a set.

The defined sets are significantly less granular than the actual
packages; the assumption is that users who want a very specific set of
packages installed can do that manually, while sets are intended more
for typical users who just want to install FreeBSD.

The following sets are defined:

* minimal: the set of packages required to boot the system and bring
  up a multi-user UNIX system.  This includes hardware support,
  networking (wireless, DHCP), basic functionality like syslogd, cron
  and periodic.  It does not include a kernel, because the kernels are
  quite large and the user might want to use a custom kernel.

  sendmail and DMA are not included in minimal.  Since we provide two
  MTAs, the user should select which one they want, or install one from
  ports.  sshd is not included because it's not required for the base
  system, and the user might want to install it from ports.

  Some other significant subsystems (e.g. NFS, Kerberos) are also not
  included.

  The minimal set does not include any libraries itself, since we rely
  on dependencies to pull these in.  This implies it doesn't include
  library manpages, which is fine, since users won't want manpages for
  libraries unless they've also installed the development packages.

* devel: the compiler toolchain for building software, along with all
  "-dev" packages which include header files and static libraries.

* lib32: 32-bit compatibility packages.  This includes both runtime
  and development packages.

* kernels: the kernel packages.  For freebsd.org builds, this will be
  GENERIC, GENERIC-DEBUG, etc., for custom builds it will be whatever
  was set in $KERNCONF.

* base: everything else; this includes the entire base system.

For each set, also generate a <setname>-dbg set containing the debug
packages for the set.

The sets are built along with the rest of the packages using a new
script called create-sets.sh, which examines the "set" annotation in
each package and puts it in the appropriate set.  This is in
anticipation of the later "groups" feature appearing in pkg itself, at
which point we can simply replace the set annotation with the group.

MFC after:      3 days
Reviewed by:    imp, bapt
Differential Revision:  https://reviews.freebsd.org/D52412

release.sh: Pass PKGCONF through to make release

Otherwise setting PKGCONF=1 in the release.conf file doesn't actually
result in pkgbase bits being produced and shipped on images.

MFC after:      1 minute
Sponsored by:   https://www.patreon.com/c/cperciva

release.sh: Pass *PKGBASE* through

It helps to get the variable name right...

Fixes:  https://cgit.freebsd.org/src/commit/?id=d4282cfa97d6 ("release.sh: Pass PKGCONF through to make release")
MFC after:      1 minute
Sponsored by:   https://www.patreon.com/c/cperciva

We then pass ABI from pkgbase-stage.lua to pkg(8); without this,
cross-building releases with PKGBASE enabled fails with

pkg: wrong architecture: ...
pkg: repository FreeBSD-base contains packages with wrong ABI: ...

MFC after:      1 minute
Discussed with: emaste, jrtc27
Sponsored by:   https://www.patreon.com/c/cperciva

This directory gets created by pkgbase-stage.lua.

MFC after:      3 days
Sponsored by:   https://www.patreon.com/c/cperciva

Sponsored by: Rubicon Communications, LLC ("Netgate")

Sponsored by: Rubicon Communications, LLC ("Netgate")

This has been supplanted by cryptocheck and has bitrotted to the point
where it no longer builds.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289325
Reviewed by:    jhb
Differential Revision:  https://reviews.freebsd.org/D52399

libc's C memcmp currently returns the difference in byte values rather
than just -1/0/1 as the AArch64 assembly implementation, many non-
FreeBSD implementations, and compiler built-in optimizations do.

It is a bug for a user to expect memcmp to return the difference in the
byte values as the compiler is free to inline memcmp() with an
implementation that does not do this.  Change the test to validate only
what the standard requires.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289084
Reviewed by:    markj, fuz
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D52502

MFC after:    1 week
Differential Revision:  https://reviews.freebsd.org/D52407

For "options", we put a space before a TAB so that commenting out an
option doesn't move the columns.

No functional change.

Fixes:          https://cgit.freebsd.org/src/commit/?id=c8d8cac2a847 ("mac_do(4): allow compiling into kernel")
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation

Reported by:  kib
MFC after:      3 days

MFC after:    3 days

MFC after:    3 days

and whitespace cleanup.

MFC after:      3 days

MFC after:    3 days

getgrouplist(3): Remove superfluous headers, bogus comment and whitespace

No functional change (intended).

Fixes:          https://cgit.freebsd.org/src/commit/?id=a59d6a872459 ("Implementing 'fallback' nsswitch source.")
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation

libc: fix the _FORTIFY_SOURCE build of getgrouplist(3)

We need <unistd.h> to get our prototype normally, but WARNS in libc is
way too low to surface that.

Additionally, _FORTIFY_SOURCE needs to include <ssp/unistd.h> by way of
<unistd.h> to actually export an implementation of getgrouplist(3).  The
version defined in the .c gets named __ssp_real_getgrouplist() and the
actual implementation comes from the redirect stub in <ssp/unistd.h>,
which basically gets optimized away in the built object because our
__builtin_object_size() check is trivially false when we cannot resolve
any object sizes in this translation unit.

This could be argued as a design flaw in _FORTIFY_SOURCE, but we should
grab <unistd.h> for our prototype anyways so let's kick the can down
the road instead of re-thinking it for 15.0.

Reported by:    Shawn Webb (HardenedBSD)
Fixes:          https://cgit.freebsd.org/src/commit/?id=d3f8ed6066 ("getgrouplist(3): Remove superfluous [...]")
MFC after:      3 days

Signed-off-by: Quentin Thébault <quentin.thebault@defenso.fr>
Reviewed by: imp, jhb
Pull Request: https://github.com/freebsd/freebsd-src/pull/1827

Notable upstream pull request merges:
 #15869 ee7c36264 Add description of default sorting behavior to zfs_list.8
 #17375 ced72fdd6 tunables: remove legacy FreeBSD aliases
 #17600 1da2c30be Update pam_zfs_key.c default path for FreeBSD
 #17632 b6bd3228b Synchronize the update of feature refcount
 #17645 59f8f5dfe zfs_vnops_os.c: Add support for the _PC_CLONE_BLKSIZE name
 #17665 0d54ae288 zdb: Fix format strings on 32-bit systems
 #17673 976f76534 Update compatibility.d files
 #17699 e3c3e86c0 Fix wrong dedup_table_size for legacy dedup
 #17704 e29bfa5bd Fix warnings about sha2_is_supported on FreeBSD/i386
 #17706 a2424312c Fix the build on 32-bit FreeBSD with GCC

Obtained from:  OpenZFS
OpenZFS commit: 7939bad5e79225288a2580e8ea217f5c6f616db2

Suppose an nvlist nvl belongs to a parent nvlist or nvlist array.  In
this case, nvl contains a pointer to its container.  This trips up
nvlist_send(nvl) and nvlist_dump(nvl), which intuitively should only
operate on nvl and its nvpairs.  In particular, both of these functions
will traverse to nvl's parent and start sending/dumping the parent's
nvpairs, which results in assertion failures or nonsensical output,
respectively.

Reviewed by:    oshogbo
MFC after:      2 weeks
Sponsored by:   Innovate UK
Differential Revision:  https://reviews.freebsd.org/D52360

printm is specific to the FreeBSD dtrace port.  I believe it's
effectively the same as tracemem(), though printm apparently predates
it.  It stores the size of the buffer of traced data inline.  Currently
it represents that size using a uintptr_t, which isn't really right and
poses challenges when porting to CHERI because
`DTRACE_STORE(uintptr_t, ...`  requires the destination to be suitably
aligned, but this isn't necessary since we're just storing a size.

Convert to using a size_t.  This should be a no-op since
sizeof(uintptr_t) == sizeof(size_t) on non-CHERI platforms (and besides
that I don't see a reason to use printm() when tracemem() is available
and is simpler to use.)

Reviewed by:    Domagoj Stolfa, avg
MFC after:      2 weeks
Sponsored by:   Innovate UK
Differential Revision:  https://reviews.freebsd.org/D52055

This update fixes a few bugs:
- Improper response to double SIGINT with editline.
- Not letting libedit handle terminal size changes.
- A dc crash from improperly handling an error.
- A duplicate check for reference arrays.
- Build failures with GCC 15.

Merge commit '682da5a0fdb2c38ecc3951047a882471d62aa1d1'

Notable upstream pull request merges:
 #17227 d64711c20 Detect a slow raidz child during reads
 #17543 -multiple zfs allow send:raw
 #17717 bc0b5318a Prevent scrubbing a read-only pool
 #17722 cb5f9aa58 FreeBSD: Satisfy ASSERT_VOP_IN_SEQC()
 #17729 3f4312a0a Fix two infinite loops if dmu_prefetch_max set to zero
 #17730 37cd30f71 Fix ddle memleak in ddt_log_load
 #17733 bc8bcfc71 Fix type in dbrrd_closest()
 #17735 9b772f328 Fix time database update calculations

Obtained from:  OpenZFS
OpenZFS commit: 3f4312a0a428624e596bb35ae4806ea0d4d69472

It turns out this breaks the nvidia-drm drviers.
We'll try to rework things and put it back later.

This reverts commit bbeeb585315645db20118ef349a4e3dc83b148cc.

This reverts commit 7c448f5aab8be6977d0860e608e7d497b495d28c.
Will be committed again with correct authorship.

This reverts commit 1c23d8f9f39870951c1d0dfbb112fc4e53237737.
Will be committed again with correct authorship.

libc: Remove readdir_r(3)

This function was never safe to use.  We marked it deprecated in the
manual page in 2016, and it is marked obsolete in POSIX 2024.  We
previously added a linker warning and annotated the prototype; now that
stable/15 has been branched, we can remove it from main.

Relnotes:       yes
Reviewed by:    kib
Differential Revision:  https://reviews.freebsd.org/D52474

Revert "libc: Remove readdir_r(3)"

This reverts commit d549de769055ae6116601e54e4c86dfb3e17f4c4.

I received a report that certain Linux application would crash on a
message of a departure of an interface with FreeBSD name.  Looks like
dropping NL_RTM_DELLINK is a lesser evil than relay them with FreeBSD
names.

This reverts commit 554907bac3b264863a051f75eedc35d180d3e18c.