This is a display of mostly-automatically-classified git commits from 2025-09-29 to 2025-10-05.
In the future, these reports might include summaries or additional information, but for now our focus is figuring out what type of classification would be most useful.
Table of contents and commits per category:
| (5) | Highlighted commits (these are copies, not in stats) | |
| 3 | 1.2% | Userland programs |
| 20 | 8.3% | Documentation |
| 55 | 22.9% | Hardware support |
| 19 | 7.9% | Networking |
| 27 | 11.2% | System administration |
| 7 | 2.9% | Libraries |
| 6 | 2.5% | Filesystems |
| 14 | 5.8% | Kernel |
| 51 | 21.2% | Build system |
| 4 | 1.7% | Internal organizational stuff |
| 11 | 4.6% | Testing |
| 4 | 1.7% | Style, typos, and comments |
| 9 | 3.8% | Contrib code |
| 10 | 4.2% | Reverted commits |
| 0 | 0.0% | Unclassified commits |
| 240 | 100% | total |
| Technical notes about this page |
For extra visibility, these are copies of commits found in
other sections. Most (if not all) come from the commit message
containing "Relnotes:", or commits modifying
UPDATING.
While preserving compatibility ('root' implied if no user is specified,
option '-i' not setting groups), introduce options to control finely
which user and group IDs are set in the launched process.
To minimize the risks of user error, mdo(1) by default enforces that all
user and group IDs are specified, either with explicit values from the
command-line or, if a known user name is passed with '-u', from the
corresponding content of the password and group databases. The other
main type of use cases is to start from the current process'
credentials, only amending part of them. It is now also possible to
blend both approaches, where some parts must be specified and the others
can just be amended or left as is.
Options:
* As before:
-u: Specifies a user name or ID to change all user IDs to. If a known
name is passed, also automatically sets all groups as per the
password and group databases.
-i: Starts from the current groups, instead of having to specify them
by using '-u' with a known user name or explicitly.
* New:
-k: Starts from the current users (incompatible with '-u'). Implies '-i'.
-g: Sets/overrides the primary group IDs with the passed group name or ID.
-G: Sets/overrides the supplementary groups set with the passed list of
comma-separated names or IDs.
-s: Amend the supplementary groups set according to the list of
comma-separated directives from the following:
- @: Empties the set. Must be the first directive. Incompatible with '-G'.
- +<group>: Add a group to the set.
- -<group>: Remove a group from the set. Takes precedence over +<group>.
--euid: Overrides the effective user ID.
--ruid: Overrides the real user ID.
--svuid: Overrides the saved user ID.
--egid: Overrides the effective group ID.
--rgid: Overrides the real group ID.
--svgid: Overrides the saved group ID.
Option '-k' was introduced as a requirement to be explicit when one
wants to keep the current user(s) instead of specifying new ones. This
is both for the purpose of avoiding foot-shooting and preserving the
possibility to omit '-u' to switch to 'root'. In order to avoid
confusion, if any user or group overrides are specified, mdo(1) however
enforces that either '-u' or '-k' has been specified (so, in practice,
'-u root' is implied only in the absence of any other options except
'-i').
Some base supplementary groups set is needed when '-s' is used without
directive '@'. It can be an explicit one specified with '-G',
effectively meaning that '-G' is processed before '-s'. Else, it is
determined from the password/group database (see initgroups(3)) if '-u'
with a user name was passed, or is simply the current set if '-i' (or
'-k') was specified. Other cases require specifying the full set (using
'-G' or '-s' with '@'), and will fail otherwise.
As the release process for 15.0 is progressing, this is committed in
advance of the still-in-progress tests and manual page updates.
Note for MFC to stable/14: As initgroups() has its old behavior,
consistently with it, remove the effective GID from being passed also as
a supplementary group.
Reviewed by: bapt
MFC after: 3 days
Relnotes: yes
Event: EuroBSDCon 2025
Sponsored by: The FreeBSD Foundation
Sponsored by: Google LLC (GSoC 2025)
Co-authored-by: Kushagra Srivastava <kushagra1403@gmail.com>
Differential Revision: https://reviews.freebsd.org/D52613
This was previously deprecated and is slated for removal in 15.0. Users who still need ftpd(8) can install the ftp/freebsd-ftpd port. Retain the ftp(d) PAM services since other FTP daemons use them. Update /etc/inetd.conf to point to /usr/local. Add ftpd to ObsoleteFiles, but do not list configuration files since users may want to preserve these to use with the freebsd-ftpd port. There is still some language in the manual referring to ftpd(8) which is relevant to the port, which has been retained but updated to reference the port. MFC after: 3 days Relnotes: yes Reviewed by: cperciva Differential Revision: https://reviews.freebsd.org/D52739
Both drm-kmod and nvidia-drm were updated to keep compiling and/or working after the latest LinuxKPI PCI changes. Some of what should have worked for a long time but did not or conflicted was hidden behind native PCI calls instead of using LinuxKPI. We cleaned this up. Bump __FreeBSD_version so that users will get the updated packages. MFC after: 3 days PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289647
root's home directory was moved to /root many years ago, so there's no reason to keep this old link. This brings sh in line with csh, where /.cshrc was removed in dcb65c5a94d4. Relnotes: yes Approved by: re (cperciva) MFC after: 1 day PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289097 Reviewed by: cperciva, jilles, bapt, emaste Differential Revision: https://reviews.freebsd.org/D52161
Put virtual_oss, /etc/devd/snd.conf and the other audio-related tools into a new "sound" package. Don't create a separate -lib package, since it's unlikely someone will want mixer(3) without mixer(8). Put the sound package in the optional set rather than minimal, since it's not actually required for audio hardware support, and many systems (including nearly all servers) won't want it installed. MFC after: 3 seconds Reviewed by: christos Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52823
Commits about commands found in man section 1 (other than networking).
While preserving compatibility ('root' implied if no user is specified,
option '-i' not setting groups), introduce options to control finely
which user and group IDs are set in the launched process.
To minimize the risks of user error, mdo(1) by default enforces that all
user and group IDs are specified, either with explicit values from the
command-line or, if a known user name is passed with '-u', from the
corresponding content of the password and group databases. The other
main type of use cases is to start from the current process'
credentials, only amending part of them. It is now also possible to
blend both approaches, where some parts must be specified and the others
can just be amended or left as is.
Options:
* As before:
-u: Specifies a user name or ID to change all user IDs to. If a known
name is passed, also automatically sets all groups as per the
password and group databases.
-i: Starts from the current groups, instead of having to specify them
by using '-u' with a known user name or explicitly.
* New:
-k: Starts from the current users (incompatible with '-u'). Implies '-i'.
-g: Sets/overrides the primary group IDs with the passed group name or ID.
-G: Sets/overrides the supplementary groups set with the passed list of
comma-separated names or IDs.
-s: Amend the supplementary groups set according to the list of
comma-separated directives from the following:
- @: Empties the set. Must be the first directive. Incompatible with '-G'.
- +<group>: Add a group to the set.
- -<group>: Remove a group from the set. Takes precedence over +<group>.
--euid: Overrides the effective user ID.
--ruid: Overrides the real user ID.
--svuid: Overrides the saved user ID.
--egid: Overrides the effective group ID.
--rgid: Overrides the real group ID.
--svgid: Overrides the saved group ID.
Option '-k' was introduced as a requirement to be explicit when one
wants to keep the current user(s) instead of specifying new ones. This
is both for the purpose of avoiding foot-shooting and preserving the
possibility to omit '-u' to switch to 'root'. In order to avoid
confusion, if any user or group overrides are specified, mdo(1) however
enforces that either '-u' or '-k' has been specified (so, in practice,
'-u root' is implied only in the absence of any other options except
'-i').
Some base supplementary groups set is needed when '-s' is used without
directive '@'. It can be an explicit one specified with '-G',
effectively meaning that '-G' is processed before '-s'. Else, it is
determined from the password/group database (see initgroups(3)) if '-u'
with a user name was passed, or is simply the current set if '-i' (or
'-k') was specified. Other cases require specifying the full set (using
'-G' or '-s' with '@'), and will fail otherwise.
As the release process for 15.0 is progressing, this is committed in
advance of the still-in-progress tests and manual page updates.
Note for MFC to stable/14: As initgroups() has its old behavior,
consistently with it, remove the effective GID from being passed also as
a supplementary group.
Reviewed by: bapt
MFC after: 3 days
Relnotes: yes
Event: EuroBSDCon 2025
Sponsored by: The FreeBSD Foundation
Sponsored by: Google LLC (GSoC 2025)
Co-authored-by: Kushagra Srivastava <kushagra1403@gmail.com>
Differential Revision: https://reviews.freebsd.org/D52613
PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289717 Reviewed by: jhb
Man pages, release notes, etc.
Add context for inclusion in Hardware Release Notes. MFC after: 3 days
For the improvement of the hardware release notes. While here, tag SPDX. MFC after: 3 days
Add some context for the Hardware Relnotes, and tag SPDX while here. MFC after: 3 days
Fixes: https://cgit.freebsd.org/src/commit/?id=5673462af533 ("namei.9: sort operational modifiers in numerical order") MFC after: 2 days Sponsored by: The FreeBSD Foundation
MFC after: 3 days
This is a minor bug, since the kernel ignores imr_address and applications are not supposed to initialize it.
AFACT, this was never accurate. When there was support (such as it was) for PDP endian it seems to have been spelled PDP_ENDIAN. Reviewed by: imp, kib, emaste Sponsored by: Innovate UK Differential Revision: https://reviews.freebsd.org/D52817
Only i386 lays out structures with weak (4-byte) alightment. It may be that access works when weakly aligned, but from an ABI perspective, it's all about struct layout. Reviewed by: kib, emaste Sponsored by: Innovate UK Differential Revision: https://reviews.freebsd.org/D52818
This manual only describes a tiny amount suitable for the HW Relnotes. Remove the description section and replace it with a hardware section which will appear there. MFC after: 3 minutes Reported by: ivy History Ref: 5bcb64f20afff21be511cc5 (Add mmc and mmcsd)
Also add cross-references to hkbd.4 and hms.4. Sponsored by: The FreeBSD Foundation
PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280377 Sponsored by: The FreeBSD Foundation
umass.4: Add HISTORY, HARDWARE, and SPDX While here, break a long line that agitates the linter. Fixes: https://cgit.freebsd.org/src/commit/?id=cc16f1b9d9261f18 (Add umass.c) MFC after: 1 hour Discussed with: imp, ivy diff --git a/sys/dev/usb/FILES b/sys/dev/usb/FILES
umass.4: Remove some extra lines which snuck in Fixes: https://cgit.freebsd.org/src/commit/?id=70993c2fbe1ac (umass.4: Add HISTORY, HARDWARE, and SPDX) MFC with: 70993c2fbe1ac (umass.4: Add HISTORY, HARDWARE, and SPDX)
Reported by: Bruno Silvestre
MFC after: 1 hr Discussed with: ivy, olce Co-authored-by: ziaee (typed up imps suggestion, tagged spdx) Differential Revision: https://reviews.freebsd.org/D52860
The description likely also needs some love. MFC after: 1 hour Co-authored-by: ziaee (typed up imps suggestion, tagged spdx) Differential Revision: https://reviews.freebsd.org/D52866
MFC after: 3 days Sponsored by: Klara, Inc. Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D52828
Approved by: ziaee MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52896
Replace CD-ROMs with "discs, USBs, or network boot environments" to both modernize aesthetic and also nudge youths to think at scale. Since I'm disrupting the flow of these lines anyway, expand the VM acronym because I think this is one of the first manuals people will be looking at. Reset list alignment to seven characters. It was at 19 characters, and that was not enough to align them all, wasting many extra lines by crunching all the words over. Seven actually bought us some lines from six due to avg item size. Tag SPDX. MFC after: 3 days Discussed with: ivy, zi
Document descriptions for device drivers always contain registered trademarks of the manufacturers, but this is not a place for the registered mark symbol. While here, remove another useless symbol, the hyphen in the first line comment. MFC after: 3 days
Hardware drivers and architecture-specific code.
cxgbe(4): Rename lport to hw_port. No functional change intended. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): Use hw_port and tx_chan correctly all over the driver The port's tx channel and its hardware index are different things that happen to have the same value on NICs using T4 through T6. This is going to change so use the correct spelling all over the driver. Specifically, the firmware expects the hw port index in all of these: * PCIe channel for queues * TX interface for TX CPLs * PORTID in FW_PORT commands * PORTID in t4_alloc_vi * flowid in all the firmware flowc WRs * mbox commands that deal with the tx scheduler Also, create a port_id lookup table for hw_port, just like the one for tx_chan. Use it to lookup the port softc in the port_info handler. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): hw/fw headers and shared code for the Terminator 7 ASIC This is the first of a series of commits that will add T7 support to cxgbe. The ASIC is gen5x16 on the PCIe side and has a 400Gbps MAC on the Ethernet side. NICs using the T7 will come in the following variants: * 1 x 400Gbps with QSFP-DD connector * 2 x 200/100/40Gbps with QSFP56/QSFP28/QSFP+ connectors * 4 x 50/25/10/1Gbps with SFP28/SFP+/SFP connectors There are 8 general purpose ARM A72 cores available on select SmartNIC/DPU boards. Obtained from: Chelsio Communications MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): Claim T7 based devices The nexus/ifnet names are chnex/che respectively. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): Add T7 support to routines that deal with memory windows MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): Update meminfo for T7 There are new regions in the T7 and internal addresses are not limited to 32b. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): Support for displaying T7 MPS TCAM entries MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): Include T7 PMRX cache stats in the sysctl that shows PM stats MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): T7's SGE context has 4 more bytes MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): Congestion manager context settings for T7 MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): Recognize the new capabilities reported by T7 firmwares MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): T7 LB mode support This is the new mode where multiple internal channels are used to service 1 port. LB = Load Balancing. * Ask for tx_tpchmap from the firmware and update sc->chan_map. * Statistics for a port should include all its channels. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): Updates for T7 CIM multicore operation T7 has a multicore microprocessor and each core has its own queue configuration, inbound/outbound queues, and logic analyzer. A work request involving a tid can only be handled on queues where (tid & tid_qid_sel_mask) == (eq->cntxt_id & tid_qid_sel_mask). MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): Update the filtering code for T7 There are new fields available and the width of the optional part has changed. This affects the ntuples used by TOE/filters/hashfilters. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): T7 TCB CPLs have queue and channel in different location MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe(4): T7 ULPTX supports larger data length with MEMIO commands MFC after: 3 days Sponsored by: Chelsio Communications
These are the filters that can be used to sniff wire traffic after all hw offloads. MFC after: 3 days Sponsored by: Chelsio Communications
This enables the 2x200/100/40Gbps and 4x50/25/10/1Gbps boards. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe: Refactor find_offload_adapter and move to t4_tom from cxgbei This allows it to be used for other offload drivers. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe: Move send_iscsi_flowc_wr to t4_tom.ko Rename the function to send_txdataplen_max_flowc_wr to match the parameter it sets. This function will be reused by other ULP modules. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe: Move the STAG and PBL memory pool arenas to the base driver Both RDMA (iw_cxgbe) and NVMe offloads use TPT table entries to map transaction tags in incoming PDUs to buffers in host memory permitting direct placement of received data into host memory buffers avoiding copies (iSCSI offload uses a different scheme for mapping tags to host memory). Move the vmem arenas for the supporting card memory regions from iw_cxgbe to the main driver so they can be shared with the NVMe offload driver. In addition, add some helper routines for constructing work requests to update TPT table entries. MFC after: 3 days Sponsored by: Chelsio Communications
- Use expanded channel ID fields (2 bits vs 1 bits), even on T6 as on T6 the extra bits were previously reserved and the channel IDs should only be 0 or 1 on T6. - Set CMDMORE in ULP_TX_PKT on T7. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe: Support for NIC KTLS transmit on T7 adapters. Unlike NIC KTLS support on T6, T7 is able to reuse the existing TSO functionality directly, including trimming the output of the crypto engine before it is passed on to TSO. This is much simpler and does not require the use of bypass pseudo-connections in the TOE engine. Among other things this permits arbitrary TCP options (including the full range of possible TCP timestamp values) while also avoiding various edge cases where parts of a requested TCP packet could not always be transmitted (e.g. partial trailers). This implementation also permits NIC KTLS to be used in parallel with TOE. This version does not yet support connections over a VF (specifically the ktls_tunnel_packet function needs to handle the VF work request), nor does it support VxLAN offload. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe: Support for TLS 1.3 in key contexts. For TLS 1.3 the 4 byte salt field has been extended to hold the 12 byte nonce. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe: Extend NIC TLS to support TLS 1.3. One unusual quirk is that the crypto engine requires the driver to provide an 8 byte placeholder as input before the AAD that is replaced with the middle 8 bytes of the nonce generated from the sequence number and key context. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe TOE TLS: Better support for partial records for T7. T7 is able to start TOE TLS receive offload more cleanly if a partial TLS record containing a full header and at least one other byte has been received. In that case it is able to request the remaining bytes for the current TLS record from the NIC. Once those bytes has been received TLS receive offload can then be received starting with the subsequent record. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe TOE TLS: Support for TLS 1.3 for transmit. MFC after: 3 days Sponsored by: Chelsio Communications
cxgbe TOE TLS: Support for TLS 1.3 for receive MFC after: 3 days Sponsored by: Chelsio Communications
Unlike mp_ring_enqueue, this function is meant to be called from within a drain routine to enqueue more packets to the queue currently being drained. To avoid recursion, it only enqueues additional items without becoming a consumer. MFC after: 3 days Sponsored by: Chelsio Communications
Currently this CPL is only used to handle replies from lookaside crypto requests submitted by ccr(4). However, in the future this request will be returned for other requests. Use the low bit in the cookie field as a way to identify replies to ccr(4) vs other use cases. This should be safe as 'struct cryptop' pointers should be word-aligned. MFC after: 3 days Sponsored by: Chelsio Communications
T7's crypto co-processor adds a new partial GCM mode. This permits an AES-GCM operation to be split into multiple requests. After each request, the partial GHASH state is returned to the host and must be included in the subsequent request to continue the GHASH computation. Make use of this when sending a TLS record that spans multiple TCP "request" (where a request can use TSO to span multiple segments). This permits computing the final GHASH value across multiple requests without having to re-send the entire TLS record for the final request. To ensure that intermediate GHASH results are available when needed, mbuf chains are queued in the TLS pcb and only dispatched one at a time to the NIC TXQ. Packets which do not request a GHASH result queue the next mbuf from the connection as soon as they are written into the TXQ. Packets which do request a GHASH result queue the next mbuf after the the GHASH result is returned by a message on a NIC RXQ. Note that partial GCM mode is only used for the in-order data at the "tip" of a connection and not for retransmits of earlier data. Retransmits will not request a GHASH result so will enqueue the next mbuf from the connection to the NIC TXQ after being written. Partial GCM mode is also not TLS-aware and only supports "plain" AES-GCM. Thus, TLS AAD must be explicitly constructed and sent as part of the work request in the TXQ at the start of each TLS record. However, by avoiding the need to retransmit the entire TLS record's contents for the last mbuf spanning a TLS record, the overall amount of "wasted" DMA is reduced by a factor of about 30. MFC after: 3 days Sponsored by: Chelsio Communications
Implement bus_setup_intr and bus_teardown_intr as bus_generic_setup_intr and bus_generic_teardown_intr respectively for GPIO drivers that support interrupts. This allows children to setup interrupts. Reported by: Evgenii Ivanov <devivanov@proton.me> Reviewed by: imp MFC after: 1 day Differential Revision: https://reviews.freebsd.org/D52197
snd_hda: Implement automatic redirection between associations For audio to be redirected to the headphones/headset after plugging the jack, or back to the speaker/internal mic when unplugging it, the speaker and headphone pins need to be part of the same association (i.e., the same PCM device). This patch makes it possible to redirect audio even between different associations, which can reduce the need for manual pin patching. The idea is that we issue a devctl_notify() from within the jack detection callback whenever a jack is (un-)plugged to redirect audio to the appropriate device. Then the snd.conf devd script is responsible for using virtual_oss to change the playback/recording device to whatever snd_hda(4) selected. The reason for requiring virtual_oss is that it has hot-swapping support, which is necessary for jack redirection. Sponsored by: The FreeBSD Foundation MFC after: 2 days Differential Revision: https://reviews.freebsd.org/D50070
devd: Remove SND package This was done by accident, build snd.conf always. Reported by: ivy Fixes: https://cgit.freebsd.org/src/commit/?id=2ffaca551eaf ("snd_hda: Implement automatic redirection between associations") Sponsored by: The FreeBSD Foundation MFC after: 1 day
gpioc: allocate priv->events with the correct size MFC after: 1 day
gpioc: fix race in ioctl(GPIOCONFIGEVENTS) A race can occur in gpioc_ioctl when it is called with GPIOCONFIGEVENTS closely followed by GPIOSETCONFIG. GPIOSETCONFIG can alter the priv->pins list, making it no longer empty and opening the door for access to priv->events while we are reallocating it. Fix this by holding priv->mtx while handling GPIOCONFIGEVENTS. Reported by: Qiu-ji Chen PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289120 Reviewed by: mmel MFC after: 1 day Differential Revision: https://reviews.freebsd.org/D52783
gpioc: allocate new fifo size This slipped through after I resolved some merge conflicts. Fixes: https://cgit.freebsd.org/src/commit/?id=d000adfe MFC after: 1 day
This is the most contended lock type during the first hour of -j 104 poudriere. Drops significantly with the change. Note there are suspicous acquires which most likely don't need to happen, artificially exacerbating tehe problem..
Hardware TCP LRO results in problems in settings with IP forwarding being enabled. In case of nodes without IP forwarding, using software LRO is also beneficial in general, since it can provide better information about what was received on the wire. Therefore, disable hardware TCP LRO by default. By tuning the loader tunable, this can be changed. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263229 Reviewed by: Timo Völker MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52684
If ath_tx_tag_crypto() returns an error, then ath_tx_normal_setup() should consume the mbuf and return an error, so the caller knows to free the ath_buf. But it wasn't. This fixes issues I've seen locally where a an AP VAP constantly hits error conditions (due to other RF/PHY/MAC chipset issues which I haven't yet figured out) and encryption fails because the station goes away whilst something's being queued. Locally tested: * AR9380, AP mode (2G HT20, 5G HT20, 5G HT40)
Sponsored by: Rubicon Communications, LLC ("Netgate")
arm64/vmm: Clear all pmc fields When clearing pmcntenclr_el0, pmintenclr_el1, and pmovsclr_el0 clear all bits as new fields may be added in the upper 32-bits. Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52801
arm64/vmm: Save more PMU registers These were missed in the initial vmm.ko change. While here keep the order the same in all locations we handle these. Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52802
arm64/vmm: Save dbgclaimset_el1 It may be used by the guest. Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52803
To be consistent within the register prefix all fields with MDCR_EL2_. Reviewed by: emaste Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52804
Move the MDCR_EL2 macros into the correct alphabetical location. Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52805
These are features we don't support or advertise to the guest so can safely be trapped. Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D52806
Keeping cumulative MCA statistics in the kernel provides a way for users to get an accurate count of various kinds of errors reported by the CPU. After ca8929d2a3e9b9df31d2e487377f99d7c39aa01d, it is possible that the kernel will drop the record of some MCA interrupts. Moreover, this provides a cheaper interface to obtain statistics if that is the only reason a user is processing MCA logs. Reviewed by: markj Sponsored by: Netflix MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D52709
iwx: add some missed beacon debugging I'm seeing random disconnects in iwx without any useful information as to why. I'll start by adding missed beacon debugging here; hopefully they're generally useful. Differential Revision: https://reviews.freebsd.org/D52524 Reviewed by: bz
iwx: add some lock assertions in the TX start path The locking paths into these routines LOOK correct, but I figured it'd be good to at least enforce we're not doing concurrent entry into iwx_start() / iwx_tx() without the lock held. Differential Revision: https://reviews.freebsd.org/D52655 Reviewed by: thj
iwx: don't log VHT rate lookups in iwx_tx_fill_cmd() for data frames iwx is now logging a lot of stuff to the kernel when associated at VHT rates. It's my fault; the replacement tx rate APIs print out a warning when you're handing the legacy rate /HT rate APIs a VHT rate. However all of the supported chipsets in iwx will be pushing the rate control entirely into firmware. We don't need to do per-frame TX rate control like in previous chips. So for now, just put in an if (rate == VHT) into the path and a TODO comment. A few lines later the function will just skip the rate assignment stuff for data frames, thus saving us the logging. The other paths (control traffic, multicast traffic) uses legacy rates / HT rates by default and won't trigger a warning log. Yes, iwx_tx_fill_cmd() really does deserve a rate control logic rewrite, but I want to fix this particular issue first. Locally tested: * AX210, STA mode, HT and VHT associations Differential Revision: https://reviews.freebsd.org/D52766 Reviewed by: thj
iwx: rewrite iwx_rs_update() to be VHT aware, refactor it a bit The current iwx_rs_update() code doesn't handle setting VHT rates at all. So: * write a routine - iwx_rs_update_node_txrate() - which will update the given node txrate info with the given notification * .. which is based on the print_ratenflags() logic and decoding * migrate iwx_rs_update() to use this routine, only on the STA BSS node. This only handles decoding the version 2 rate_n_flags format response - same as print_ratenflags() - so print if someone somehow sees a version 1 response. It's shown a few things that deserve some later follow-up work: * I really should have net80211 APIs that operate on the txrate struct itself, not on the ieee80211_node, but I'll use what I have. Changing it later is easy. * the current net80211 txrate API doesn't include channel width, LDPC/STBC and such. I didn't need it for the earlier tx rate representation migration, but it would be nice to add it. (The reason is that those choices are currently made in the drivers using rate control, rather than the rate control module, which is again what the older code did as well.) This means that the displayed rate isn't EXACTLY what the NIC has chosen - eg the NIC could quite happily decide to transmit a 20MHz or 40MHz frame to an 80MHz STA if that actually works out better. So just add TODOs for those. Locally tested: * AX210, STA mode Differential Revision: https://reviews.freebsd.org/D52767 Reviewed by: thj
MediaTek mt76 WiFi cards are advertising FLR support but after issuing a FLR the chipset is gone. Add a quirk so we can disable FLR. The current reset code will automatically fall back to a power reset. This makes the card show up under bhyve where before it would just not be discovered at all. That should make wifibox work for it and will help development for a LinuxKPI based mt76 driver as found in framework laptops as no dedicated machine and constant reboots are needed anymore. We will likely need to add more PCI vendor/device IDs once we can test the other device IDs. Event: EuroBSDCon Devsummit 2025 After a lot of help from: jhb Really implemented by: jhb (I just typed and tested) GH issue: github.com/pgj/freebsd-wifibox/issues/73 MFC after: 3 days Reviewed by: imp, emaste Differential Revision: https://reviews.freebsd.org/D52728
Just like vmxnet3_intr_disable_all, iflib may invoke this routine before vmxnet3_attach_post() has run, which is before the top-level shared data area is initialized and the device made aware of it. MFC after: 1 week Sponsored by: Dell Inc.
swi_remove expects a void *, but we were passing void **. MFC after: 1 week Sponsored by: Dell Inc.
Network-related commands, library, and kernel.
Otherwise builds warn about them being unused.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Use NetBSD probe locations for consistency. We have submitted all improved or missing probes, keeping them synchronized with NetBSD (our blocklist upstream) should simplify upgrades and maintenance, as the locations of these probes are a moving target, depending on upstream OpenSSH changes. Additionally, use BLACKLIST_AUTH_FAIL exclusively for now. At the time of this commit BLACKLIST_BAD_USER, is a no-op. However, it will change in a future upgrade. Also, enhance blacklist notification messages for better debugging by making them more descriptive. Reviewed by: emaste Approved by: emaste (mentor) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52749
This was previously deprecated and is slated for removal in 15.0. Users who still need ftpd(8) can install the ftp/freebsd-ftpd port. Retain the ftp(d) PAM services since other FTP daemons use them. Update /etc/inetd.conf to point to /usr/local. Add ftpd to ObsoleteFiles, but do not list configuration files since users may want to preserve these to use with the freebsd-ftpd port. There is still some language in the manual referring to ftpd(8) which is relevant to the port, which has been retained but updated to reference the port. MFC after: 3 days Relnotes: yes Reviewed by: cperciva Differential Revision: https://reviews.freebsd.org/D52739
All the status and statistics utilties in base are ending with "stat", the only exception is mailstats(8) but that's from sendmail. Reviewed by: imp, adrian MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52724
- Update related comments - Remove from tools/tools/net80211 Reviewed by: imp, adrian MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52726
When sending challenge ACKs from the SYN-cache, apply the same rate limiting as in other states. Reviewed by: cc, rrs MFC after: 3 days Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D52754
Only validate SEG.SEQ and SEG.ACK when processing a real SYN-cache entry. In the SYN-cookie case, these conditions are always true, since the SYN-cache entry on the stack is constructed from the incoming TCP segment. While there, fix the logging messages. Reviewed by: Nick Banks MFC after: 3 days Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D52816
On some iflib drivers, the txd reclaim routine can be fairly expensive
at high packet rates. Iflib was designed with the intent of only
reclaiming tx descriptors above a configurable threshold, but this
logic was left unimplemented.
This change:
- implements 2 new knobs, iflib.tx_reclaim_thresh and
iflib.tx_reclaim_ticks.
- moves tx reclaim thresh from the if_shared_ctx and into the
iflib_ctx as drivers don't need to see it, and it needs to be
changed, so it can't be const
- tx_reclaim_thresh and ticks are replicated into the txq to
improve cache locality of data accessed in the hot path
- ticks is used rather than more expensive timekeeping mechanism so
as to keep things simple and cheap
This change substantially improves packet rates on bnxt. It has been
tested on bxnt and ixl
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D52561
Reviewed by: markj (initial version)
Don't drop a SYN-cache entry just because a challenge ACK couldn't be sent. This might only be a temporary failure. Reviewed by: Nick Banks, glebius, jtl MFC after: 3 days Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D52840
It's only used in this file.
Sponsored by: Rubicon Communications, LLC ("Netgate")
The routine allocates the wrong size and then passes it to in6_get_ifid.
At the same time it violates invariants by issuing malloc with M_WAITOK
while within net epoch section.
Sponsored by: Rubicon Communications, LLC ("Netgate")
The validation of SEG.SEQ (first step in SEGMENT ARRIVES of RFC 9293) should be done before the validation of SEG.ACK (fifth step in SEGMENT ARRIVES in RFC 9293). Furthermore, when the SEG.SEQ validation fails, a challenge ACK should be sent instead of sending a RST-segment and moving the endpoint to CLOSED. Reported by: Tilnel on freebsd-net Reviewed by: Nick Banks MFC after: 3 days Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D52849
While processing SCTP packets we can enqueue work for later, in the
sctp_multihome_jobs queue. This deferred job includes a copy of the current
struct pf_pdesc, which must contain a valid pcksum pointer (in case of NAT).
However, jobs could be enqueued before we'd actually set this pointer in
pf_setup_pdesc(). Set this pointer before we scan the SCTP chunk headers (and
could enqueue deferred jobs.)
While here sprinkle in a few more assertions to ensure we got this right.
Reported-by: syzbot+974d0fb7e53c9aa31b90@syzkaller.appspotmail.com
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
We returned 'PF_DROP' instead of '-1' in one case, which would lead to us
continuing the processing for an invalid packet.
This also aligns us closer to OpenBSD, and reduces the odds of future similar
mixups.
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
The syncache entry is locked by the hash bucket lock. After running SCH_UNLOCK(), we have no guarantee that the syncache entry still exists. Resolve the race by moving SCH_UNLOCK() after the log() call which reads variables from the syncache entry. Reviewed by: rrs, tuexen, Nick Banks Sponsored by: Netflix MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52868
If an rdr (or nat) rule specifies 'pass' we don't run the filter rules, we just
pass the traffic. Or at least, we did until that got unintentionally broken.
Restore that behaviour and add a test case.
While here also fix nat:dummynet_mask, which relied on the broken behaviour.
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D52838
* use ND_NA_FLAG_ROUTER flag in carp_send_na() when we work as router. * use in6addr_any as destination address for nd6_na_output(), then it will use ipv6-all-nodes multicast address. * add in6_selectsrc_nbr() function that accepts additional argument ip6_moptions. Use this function from ND6 code to avoid cases when nd6_na_output/nd6_ns_output can not find source address for multicast destinations. * add some comments from RFC2461 for better understanding. * use tlladdr argument as flags and use ND6_NA_OPT_LLA when we need to add target link-layer address option, and ND6_NA_CARP_MASTER when we know that target address is CARP master. Then we can prepare correct CARP's mac address if target address is CARP master. * move blocks of code where multicast options is initialized and use it when destination address is multicast. Reviewed by: kp Obtained from: Yandex LLC MFC after: 2 weeks Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D52825
Replace counter(9) usage with more lightweight atomic(9) in the code handling RFC 7217 SLAAC address generation. Also, use `u_int` types with this. Leaving `dad_failures` local to `in6_get_stableifid()` as a `uint64_t` to avoid changing the generated addresses from previous code; this also gives some headroom for future changes. While here, moved some `#include` lines to adhere to style(9). Reviewed by: glebius, jhibbits, jtl, zlei Approved by: glebius, jtl, zlei Differential Revision: https://reviews.freebsd.org/D52731
sdl_data isn't always NULL terminated Signed-off-by: nreilly@qnx.com PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288958 Reviewed by: markj MFC after: 1 week
Stuff in man section 8 (other than networking).
Remove 'pager' shim that was last not supported in FreeBSD 12.2, which went EOL on March 31, 2022. People have had enough time to upgrade the boot loader. Sponsored by: Netflix
Check the number of arguments and ensure that the passed-in device to disable parses correctly. Sponsored by: Netflix
While boot_single:lower() should always be in {yes,no}, it might not
be. In one place we check == yes, and another ~= no. Make both places ~=
no for consistency. We generally try to test != default.
Sponsored by: Netflix
Fixes armv7 build. Reported by: CI Fixes: https://cgit.freebsd.org/src/commit/?id=9cab9fde5eda ("virtual_oss: Port to base") Sponsored by: The FreeBSD Foundation MFC after: 4 days
* Registers dump * SGE context * TCB info MFC after: 3 days Sponsored by: Chelsio Communications
Reported by: CI Fixes: https://cgit.freebsd.org/src/commit/?id=9cab9fde5eda ("virtual_oss: Port to base") Sponsored by: The FreeBSD Foundation MFC after: 4 days
Add a blocklist probe when user access is denied. Reviewed by: emaste Approved by: emaste (mentor) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52747
Reviewed by: emaste Approved by: emaste (mentor) Obtained from: NetBSD MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D52746
For proper redundancy, add copies of loader.efi to each of the ESPs we create when we create multi-volume ZFS datasets. zfsboot creates a list of secondary ESPs, while bootpart doesn't create any (it's the UFS partitioning tool) because we don't supporg UFS over gmirror. The primary ESP is mounted and is what we use efibootmgr to boot from. The redundant copies allow the system to boot if the primary disks fails. Sponsored by: Netflix MFC After: 2 days PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208802 Reviewed by: cperciva Differential Revision: https://reviews.freebsd.org/D52780
With pkgbase, users may decide to install a minimal set of packages that's missing some daemons. Check which services are installed, and only include the ones which are present in the dialogue. MFC after: 1 day Reviewed by: cperciva Differential Revision: https://reviews.freebsd.org/D52646
virtual_oss(8) chooses formats based on preference lists (see VPREFERRED_*) for each sample depth (-b option). However, if we, for example, use 32 bits LE for the sample depth, what will end up happening is that the format chosen will be 0x10001000, which corresponds to AFMT_S32_LE *and* AFMT_F32_LE OR'd together. This happens because the preference lists include both AFMT_S32_* and AFMT_F32_* in the 32-bit cases. Because we essentially end up using an invalid format, sound(4) will eventually reach pcm_sample_write()'s (sys/dev/sound/pcm/pcm.h) __assert_unreachable() case. This patch is a temporary fix to address the panic, until a proper solution for using floating point formats is found. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289904 Sponsored by: The FreeBSD Foundation MFC after: 2 days
Commit 561dc357c2f5 changed the way we handle components in the prompt, and accidentally resulted in the kernel-dbg component not being listed since we now hide all components ending in "-dbg". Add an exception for kernel-dbg to bring it back. Fixes: https://cgit.freebsd.org/src/commit/?id=561dc357c2f5 ("bsdinstall: Use package sets for pkgbase install") MFC after: 3 seconds Reviewed by: emaste Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52826
rc: Teach netwait to wait for DAD In some configurations, especially in jails, it is possible for the system to boot so fast that we end up launching daemons while duplicate address detection is still ongoing. If that happens, said daemons may fail to bind to IPv6 addresses, as they are still tentative. Teach the netwait service to wait (up to 10 seconds, by default) for the tentative flag to vanish. MFC after: 1 week Reviewed by: olce Differential Revision: https://reviews.freebsd.org/D51889
rc: Improve netwait DAD logic Disable if IPv6 is not supported, and instead of 10 seconds, default to one more than the value of net.inet6.ip6.dad_count. Fixes: https://cgit.freebsd.org/src/commit/?id=5ead817c3b7a ("rc: Teach netwait to wait for DAD") Reviewed by: bz Differential Revision: https://reviews.freebsd.org/D52905
List deleted entries prefixed by "#". This is consistent with other ippool list functions. Fixes: https://cgit.freebsd.org/src/commit/?id=7531c434a593 MFC after: 1 week
To maintain consistency with ippool list functions, prefix deleted entries with "#". MFC after: 1 week
As with 7531c434a593, which dumped ippool table data in the "new" format, print hash data in the "new" format. MFC after: 1 week
As with 7531c434a593, which dumped ippool table data in the "new" format, print dstlist data in the "new" format. MFC after: 1 week
Add a new --jail option to the pkgbase script which installs jail-specific set variants if they exist: * "minimal" is replaced with "minimal-jail" * A kernel is not installed. * For sets shown in the component selection dialogue, only show the appropriate variant (jail or non-jail) for the target. Modify the jail script to pass --jail to the pkgbase script. Remove the redundant --no-kernel option, which was added in 15.0 and was only used to install jails. MFC after: 3000ms Reviewed by: ifreund_freebsdfoundation.org Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52829
Reviewed by: kib
This version builds every module into the flua binary itself, since all of the bootstrap tools are built -DNO_SHARED. As a result, we also cannot dlsym(), so we can't really discover the names of our newly builtin modules. Instead, just build out a linker set with all of our luaopen_*() functions to register everything up-front. Building in all of the modules isn't strictly necessary, but it means that we have an example of how to add a bootstrap module everywhere you go and one doesn't need to consider whether bootstrap flua can use a module when writing scripts. On my build machine, the consequence on our binary size is an increase from around 1.6M -> 1.9M, which isn't really that bad. .lua modules can install into their usual path below $WORLDTMP/legacy and we'll pick them up automagically by way of the ctor that sets up LUA_PATH early on. This re-lands bootstrap module support with a more sensible subset, and after having verified that it cross-builds fine on macOS and Linux -- we cannot do libfreebsd on !FreeBSD because it's more system header dependant. We also need to bootstrap libmd to bring in libhash, and libucl + libyaml. Reviewed by: bapt, emaste (both previous version) Differential Revision: https://reviews.freebsd.org/D51890
flua: kick out the remaining builtin modules Bootstrap flua has some magic now to handle modules by building them in and discovering them via linker sets. This is slightly cleaner than always building them in and baking them into loadedlibs for both bootstrap and system flua. Adjust the stand build now that these three libs have their own new homes. Reviewed by: bapt, emaste Differential Revision: https://reviews.freebsd.org/D51891
flua: move lposix back into flua for now The real luaposix is structured differently, and our builtin version tends to model that in its own special way. Build it back in until we get the shlib model just right to unbreak nuageinit, among other things. This is a partial revert of the below-referenced commit; the other two modules are simple, though, and were accurately split out. Reported by: markj Fixes: https://cgit.freebsd.org/src/commit/?id=b11a5709ec2b6 ("flua: kick out the remaining builtin modules")
nuageinit: require lfs where it's needed nuageinit largely already did this, but one spot was missed -- add the necessary require() in to get the module loaded. Fixes: https://cgit.freebsd.org/src/commit/?id=b11a5709ec2b6 ("flua: kick out the remaining builtin modules")
flua: unbreak the build Local tree pollution let this escape. *sigh*. Pointy hat: kevans Pointy hat: kevans Pointy hat: kevans Fixes: https://cgit.freebsd.org/src/commit/?id=9c7db0931d486ce ("flua: move lposix back into flua for now")
heimdal-kadmin: Add support for the -f dump option
The "-f" dump option allows a dump of the Heimdal
KDC in a format that the MIT kdb5_util command can
load into a MIT KDC's database.
This makes transitioning from the Heimdal KDC to
the current MIT one feasible without having to
re-create the KDC database from scratch.
glebius@ did the initial work, cherry picking these
commits from the Heimdal sources on github and then doing
extensive merge conflict resolution and other fixes so
that it would build.
Heimdal commit fca5399 authored by Nico Williams:
Initial commit for second approach for multiple kvno. NOT TESTED!
Heimdal commit 57f1545 authored by Nico Williams:
Add support for writing to KDB and dumping HDB to MIT KDB dump format
Before this change Heimdal could read KDBs. Now it can write to
them too.
Heimdal can now also dump HDBs (including KDBs) in MIT format,
which can then be imported with kdb5_util load.
This is intended to help in migrations from MIT to Heimdal by
allowing migrations from Heimdal to MIT so that it is possible
to rollback from Heimdal to MIT should there be any issues. The
idea is to allow a) running Heimdal kdc/kadmind with a KDB, or
b) running Heimdal with an HDB converted from a KDB and then
rollback by dumping the HDB and loading a KDB.
Note that not all TL data types are supported, only two: last
password change and modify-by. This is the minimum necessary.
PKINIT users may need to add support for KRB5_TL_USER_CERTIFICATE,
and for databases with K/M history we may need to add KRB5_TL_MKVNO
support.
This resulted in a Heimdal kadmin that would dump
the KDC database in MIT format. However, there
were issues when this dump was loaded into the
current MIT KDC in FreeBSD current/15.0.
The changes I did to make the dump more useful are listed below:
When "-f MIT" is used for "kadmin -l dump" it writes
the dump out in MIT format. This dump format is understood
by the MIT kdb5_util command. The patch modifies the above
so that the MIT KDC's master key keytab file can be provided
as the argument to "-f" so that the principals are re-encrypted in
it. This allows any principal with at least one strong encryption
type key to work without needing a change_password.
The strong encryption types supported by the Heimdal KDC are:
aes256-cts-hmac-sha1-96
aes128-cts-hmac-sha1-96
The issues my changes address are:
- If there are weak encryption keys in a principal's entry,
MIT's kadmin.local will report that the principcal's entry
is incomplete or corrupted.
- The keys are encrypted in Heimdal's master key. The
"-d" option can be used on the "kadmin -l dump" to
de-encrypt them, but the passwords will not work on the
current MIT KDC.
To try and deal with the above issues, this patch modied the above to:
- Does not dump the weak keys.
- Re-encrypts the strong keys in MIT's master key if the argument
to "-f" is actually a filename which holds the MIT KDC's
master key keytab and not "MIT".
- For principals that only have weak keys, it generates
a fake strong key. This key will not work on the MIT
KDC, but the principal entry will work once a
change_password is done to it.
- It always generates a "modified_by" entry, faking one if
not already present in the Heimdal KDC database.
This was necessary, since the MIT kadmin will
report that the principal entry is "incomplete or
corrupted" without one.
It also fixed a problem where "get principal" no longer
worked after the initial patch was applied.
A man page update will be done as a separate commit.
I believe this commit is acceptable since the Heimdal
sources are now essentially deprecated in favor of the
MIT sources and that this new "-f" patch simplifies
the transition to the MIT KDC.
Discussed with: glebius, cy
MFC after: 3 days
kadmin.8: Document the new dump -f flag Commit 5000d023a446 added a new flag to the dump option. This patch documents this new flag. This is a content change. MFC after: 3 days Fixes: https://cgit.freebsd.org/src/commit/?id=5000d023a446 ("heimdal-kadmin: Add support for the -f dump option")
Remember to also free ncounters. Fixes: https://cgit.freebsd.org/src/commit/?id=c00aca9a71 ("pf: Show pf fragment reassembly counters.") MFC after: 3 days Sponsored by: Rubicon Communications, LLC ("Netgate")
This change simplifies integration of gdb python scripts with our kernel debugging infrastructure. Rather than putting debugging scripts in /usr/libexec/kgdb, move them to <path-to-kernel-debug-symbols>/gdb, and add a kernel-gdb.py which automatically loads modules from that directory. kernel-gdb.py will be automatically executed by kgdb when loading kernel debug symbols (assuming a default configuration), so one no longer needs to do anything to use these modules. The change also adds a couple of new modules, vnet.py and pcpu.py, for conveniently accessing VNET symbols and PCPU/DPCPU fields, respectively. Note that these require a change to the kernel linker when accessing symbols from a loadable kernel module. sys/tools/gdb/README.txt describes the scheme in more detail and provides some rudiementary documentation for the commands and functions added by these modules. It should be updated when adding new features. sys/tools/gdb/selftest.py can be used to do some primitive testing of the modules. All it does is execute a number of gdb commands making use of commands and functions added by these modules. The developer is expected to verify that the commands complete without errors and that the output looks sane. Discussed with: kp, avg, jhb, glebius MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D50825
Summary: This makes the code easier to understand and slightly faster, but requires C23. calloc() would benefit, too, but I didn't want to touch the imported jemalloc code base. Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D52854
In preparation of adding recallocarray() to libc. See also: D52863 Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D52878
This function from OpenBSD is a hybrid of reallocarray() and calloc(). It reallocates an array, clearing any newly allocated items. reallocarray() ultimately originates from OpenBSD. The source is taken from lib/libopenbsd, which now no longer has the function unless when bootstrapping (needed for mandoc). Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D52863
MD5 is used by libc/resolv to generate a random sequence id from a current time stamp. Replace this convoluted mechanism with a call to arc4random(). This permits us to entirely drop MD5 from libc, simplifying the MD5 rework proposed in D45670. Approved by: markj Reviewed by: kevans, markj See also: D45670 Event: EuroBSDcon 2025 Differential Revision: https://reviews.freebsd.org/D52784
We don't want to put these in clibs (where libc is) since they are not critical to system operation. Move them to locales, since anyone who is interested in translated versions of strerror() is going to have that installed anyway. While here, add some more documentation to bsd.nls.mk, particularly the NLSPACKAGE option. MFC after: 3 seconds Reviewed by: manu, kib Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52898
Introduce vn_fullpath_jail(), which returns a path to the passed vnode relative to the current jail's root. It will be used by mac_do(4) in a subsequent commit. Factor out common code between the new variant and vn_fullpath(). While here, rework the comments a bit. Add vn_fullpath_jail() to the vn_fullpath.9 manual page. While here, document all the existing public vn_fullpath*() functions. Reviewed by: kib (except latest manual page changes) MFC after: 3 days Event: EuroBSDCon 2025 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52757
ddb show lockedvnods might find a ufs vnode after it is inserted into the mount queue in ffs_vgetf but before the dinode is allocated. Avoid trapping by testing for the dinode pointer. Reviewed by: markj Discussed with: mjg Sponsored by: Dell Inc. Differential Revision: https://reviews.freebsd.org/D52795
nullfs: remove the vhold/vdrop cycle around unlock Both lower vnode and null data are safe while the lock is held, at the same time neither is touched after unlock. While here remove stale comment about interlock handling. It is no longer legal to pass to unlock. Reviewed by: kib Tested by: pho (previous version) Differential Revision: https://reviews.freebsd.org/D38761
nullfs: assert the vnode is not doomed in null_hashget_locked While here some style touch ups and fixing a stale name in an assert. Reviewed by: kib Tested by: pho (previous version) Differential Revision: https://reviews.freebsd.org/D38761
nullfs: smr-protected hash lookup Vast majority of real-world contention on the hash comes from lookups, notably seen during highly parallel poudriere runs. Lockless lookup largely alleviates the problem. Reviewed by: kib Tested by: pho (previous version) Differential Revision: https://reviews.freebsd.org/D38761
nullfs: avoid the interlock in null_lock with smr This largely eliminates contention on the vnode interlock. Note this still does not scale, to be fixed(tm). Reviewed by: kib Tested by: pho (previous version) Differential Revision: https://reviews.freebsd.org/D38761
Kernel stuff (other than networking, filesystems, and drivers).
MAC/do: Check executable path from the current jail's root Contrary to my initial belief, vn_fullpath() does return a vnode's path from the current chroot, and not from the global root (which would have been a bug also, but without security consequences). This enables a "confused deputy"-like scenario where a chroot(2) can change which executable can be authorized by MAC/do, which is even more problematic for unprivileged chroot(2). This was found by re-examining the code following two close events: 1. Shawn Webb sent a mail to freebsd-hackers@ on 08/05 saying that in HardenedBSD they had added a check on P2_NO_NEW_PRIVS (in mac_do_priv_grant()), which I responded to on 08/20 saying that P2_NO_NEW_PRIVS was not necessary for mac_do(4), with a correct reasoning but based on the wrong above-mentioned assumption about vn_fullpath(). 2. I reviewed some code by Kushagra Srivastava (GSoC 2025 student working on mac_do(4)/mdo(1)) adding the ability to specify which executables can spawn processes that mac_do(4) may decide to authorize (others are simply ignored), which currently is hardcoded to '/usr/bin/mdo'. MFC after: 3 days Event: EuroBSDCon 2025 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52758
vn_fullpath.9: Add missing links for described functions To reflect all the functions that are now described in the manual page. Fixes: https://cgit.freebsd.org/src/commit/?id=9f269a0a771a ("MAC/do: Check executable path ...") MFC after: 3 days Event: EuroBSDCon 2025 Sponsored by: The FreeBSD Foundation
share/man/man9: Fix compilation I goofed in the previous commit. Fixes: https://cgit.freebsd.org/src/commit/?id=05e5de00b9ea ("vn_fullpath.9: Add missing links for described functions") MFC after: 3 days Event: EuroBSDCon 2025 Sponsored by: The FreeBSD Foundation
Like lkpi_pci_get_domain_bus_and_slot() implement lkpi_pci_get_slot() using pci_find_bsf() instead of pci_find_dbsf() (no domain). This is needed for a wireless driver. Unfortunately the name [pci_get_slot()] collides with the native PCI function. Add a guard around it and disable the use when the native version is required (in lkpifill_pci_dev() and in bnxt/bnxt_en; if the latter gets fixed we can probably also fix work around it in the former; further conflicts in drm-kmod 6.1-lts, 6.6-lts, and master were resolved). Sponsored by: The FreeBSD Foundation (initially) MFC aftre: 3 days Reviewed by: dumbbell Differential Revision: https://reviews.freebsd.org/D52065
Both drm-kmod and nvidia-drm were updated to keep compiling and/or working after the latest LinuxKPI PCI changes. Some of what should have worked for a long time but did not or conflicted was hidden behind native PCI calls instead of using LinuxKPI. We cleaned this up. Bump __FreeBSD_version so that users will get the updated packages. MFC after: 3 days PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289647
When trying to walk lock chains, we have to deduce what a thread is blocked on. Checking LOCK_CLASS(td->td_wchan) is not a very reliable method by itself, as it just tests whether a particular 4 bits near where td_wchan points have a particular value. Misinterpreting wait channel pointers of other sleeps as lockmgr locks would frequently cause ddb show allchains (or show lockchain) to trap, or to produce incorrect output. Now, check the sleepq_type. When calling sleepq_add, we use SLEEPQ_LK for lockmgr locks and SLEEPQ_SX for sx locks. This is a more reliable indication that the td_wchan is actually a lock. While here, also make the output of lockmgr and sx locks consistent with the output for other locks (see print_lockchain). Outputting a pointer to the lock allows it to be inspected further with ddb show lock or other methods. Reviewed by: markj Sponsored by: Dell Inc. Differential Revision: https://reviews.freebsd.org/D52794
In some devices, there may be multiple isa bridges available from different sources. Therefore, we allow multiple lpc devices to be generated so that pcie bus won't show "none" anymore. For example, in my AMD based Framework Laptop, there are two such bridges. One is acpi hinted, another is from pcie. Reviewed by: imp Approved by: lwhsu (mentor) MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D52815
When trying to find the address of a VNET variable from a debugger, it helps to have the original address of the VNET section. In particular, given the address of a vnet_entry_foo symbol, one wants to easily find the linker file that the symbol belongs to. In link_elf_obj.c, the section address for VNET and DPCPU sections is overwritten in link_elf_link_preload() and link_elf_load_file(). Add an "origaddr" field to store the original absolute address of the section base. In link_elf.c the elf_file_t already has the fields we want, but they were not getting filled out for the kernel itself. Fix that too, since that simplifies things for debuggers and improves consistency. Reviewed by: kib MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D52730
- Use the recently-added fsetfl_lock/unlock API to synchronize direct FIONBIO and FIOASYNC ioctls with fcntl(F_SETFL). - While here, skip calling the underlying ioctl if the flag's current state matches the requested state. - Also while here, only update the flag state if the underlying ioctl succeeds. This fixes a bug where the flags represented the new state even if the underlying ioctl failed. A test is added for this last case that a failing FIOASYNC on /dev/null doesn't result in setting O_ASYNC in the file flags. Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D52721
While both locking and unlocking a spinlock used to be inline, this
changed when spinlock_enter/spinlock_exit got introduced, defeating the
point of inlining them.
This either needs to have inlined spinlock enter/exit in place or have
mtx lock/unlock as function calls with the irq flags inlined in there.
Sponsored by: Rubicon Communications, LLC ("Netgate")
The macro is misleading and of questionable value to begin with.
For starters, it is used for both spinlocks and regular mutexes (the
latter only the in the slow path), which have fundamentally different
requirements on unlock -- spinlocks are guaranteed to not have blocked
waiters and can blindly do a store.
The commentary above the it is also head-scratching:
> Release mtx_lock quickly, assuming we own it.
You can't *just* release a sleepable mutex "quickly". The only legal use
right now is when the turnstile lock is held.
Note that unlock of a sleepable mutex without using RMW atomics is very
much possible and may show up soon (tm).
Sponsored by: Rubicon Communications, LLC ("Netgate")
It is readily apparent the FOFFSET_LOCKED flag protects it because the
read followed its use.
It also does not matter who said how it was protected earlier.
Reviewed by: kib, markj
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D52915
Both use the same 16 bit var to store their locked and waiters bits,
then this in file_v_unlock:
state = atomic_load_16(flagsp);
if ((state & lock_wait_bit) == 0 &&
atomic_cmpset_rel_16(flagsp, state, state & ~lock_bit))
return;
can fail if for example foffset is being unlocked while setfl is getting
locked.
Afterwards the code assumes there are blocked waiters on foffset.
Reviewed by: kib, markj
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D52915
packages: Add an "optional" set This is everything in "base" but without compilers. This means we have sets to support four basic workloads: - "minimal" for a small installation where the user intends to add other packages by hand. - "optional" for a complete installation on a production system which does not need to compile software. - "devel", which can be added to either minimal or optional when compilers are required. - "base" for a complete installation, including compilers, for users who don't want to interact with pkgbase and just want the complete system installed like it was before. This is probably the last set want to add; any further metapackages would be better treated as "task" packages intended to target one specific workload. MFC after: 3 days Reviewed by: cperciva, bapt Differential Revision: https://reviews.freebsd.org/D52777
create-sets.sh: Always build the base sets Since all packages were moved to the optional set, no packages are directly in the base sets, which means nothing caused the base sets to be built. Add the base sets to create-sets.sh so they're always built. Fixes: https://cgit.freebsd.org/src/commit/?id=eaecc9551ae4 ("packages: Add an "optional" set") MFC after: 1 day
sh: Remove /.profile root's home directory was moved to /root many years ago, so there's no reason to keep this old link. This brings sh in line with csh, where /.cshrc was removed in dcb65c5a94d4. Relnotes: yes Approved by: re (cperciva) MFC after: 1 day PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289097 Reviewed by: cperciva, jilles, bapt, emaste Differential Revision: https://reviews.freebsd.org/D52161
bin/sh: Fix the build Removing <bsd.prog.mk> was unintentional; put it back. Fixes: https://cgit.freebsd.org/src/commit/?id=d31e342bcc8e ("sh: Remove /.profile") MFC after: 1 day
We don't need an entire package for this trivial library. Move it to toolchain, which in practice means it's installed in toolchain-dev as it only contains a static library. MFC after: 1 day Reviewed by: bapt Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52793
This library is required for C11 conformance, and is tiny (11kB), so instead of creating a bunch of packages for it, put it in runtime. Although this is a core C library and might be expected to live in clibs, kib objected to this on the basis that almost nothing actually uses libstdthreads and putting it in clibs would be wasteful. MFC after: 1 day Reviewed by: kib Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52792
Rename liblzma to xz, and use LIB_PACKAGE to create an xz-lib package for runtime libraries. MFC after: 1 day Reviewed by: bapt Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52791
Instead of creating a separate libsdp package, use LIB_PACKAGE to ship this in bluetooth-lib. MFC after: 1 day Reviewed by: bapt Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52790
This is part of audit, so use the new LIB_PACKAGE feature to name the package audit-lib, rather than libbsm. MFC after: 1 day Reviewed by: bapt Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52789
This is a niche tool which is only useful in a small number of specific situations. It's very small (8kB), and the executable component /usr/bin/stdbuf is already in -utilities, so move the shlib to -utilities as well. MFC after: 1 day Reviewed by: bapt Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52788
virtual_bt_speaker(8) includes bluetooth.h, which won't exist if WITHOUT_BLUETOOTH is set, which will result in a build failure. Reported by: peterj Fixes: https://cgit.freebsd.org/src/commit/?id=9cab9fde5eda ("virtual_oss: Port to base") Sponsored by: The FreeBSD Foundation MFC after: 3 days
Remove the ctf-tools package. Add a new package which contains the previous contents of ctf-tools along with libctf. This removes CDDL-licensed code from the utilities package. Set LIB_PACKAGE for libctf so that DTrace runtime doesn't need to install the tools. MFC after: 1 day Reviewed by: bapt Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52776
LLVM was relicensed under Apache 2.0 with LLVM exception a while ago. MFC after: 1 day Reviewed by: bapt, imp (previous version) Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D51769
pkgbase: move ncurses into its own package Pushing ncurses into clibs adds extra upgrade risk to a package that otherwise consists of integral libs with non-trivial interdependencies. Adding it to -runtime was considered, but the move was historically motivated to some extent by allowing a much smaller set of base libs to be installed for smaller VM images that don't really need all of the runtime package. This also fixes the ncurses build to ensure that libmenuw is grouped with the rest of the ncurses libraries, which doesn't seem to have been an intentional omission. Reviewed by: ivy MFC after: 2 days (pkgbase movement) Differential Revision: https://reviews.freebsd.org/D52786
packages: remove ncurses-all license text The "Software" line in the license text seems to trip some kind of UCL parsing bug. Replace it with an SPDX tag and a pointer to the file for the time being. Reported by: fluffy, madpilot Fixes: https://cgit.freebsd.org/src/commit/?id=06afa0a55e0ac ("pkgbase: move ncurses into its own package")
libedit isn't as foundational as the rest of -clibs, but various bits of -runtime do need it. Give it a new home over in -runtime. This also fixes the libedit build to group the readline bits into the same package as the libedit that implements them. Reviewed by: ivy MFC after: 2 days (pkgbase movement) Differential Revision: https://reviews.freebsd.org/D52787
While here, fix manlint warnings and a typo in tzset(3). MFC after: 3 days
virtual_oss: Do not build if WITHOUT_CUSE is set PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289920 Fixes: https://cgit.freebsd.org/src/commit/?id=9cab9fde5eda ("virtual_oss: Port to base") Sponsored by: The FreeBSD Foundation MFC after: 1 day Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D52807
rc.d: Fix package for virtual_oss There is no virtual_oss package. Install the virtual_oss script in rc, since there's currently no specific package for sound utilities. This fixes the pkgbase build. Fixes: https://cgit.freebsd.org/src/commit/?id=f040ee6e4078 ("virtual_oss: Do not build if WITHOUT_CUSE is set")
Azure images are Microsoft VHD files which use the .vhd extension. We use the mkimg format arg "vhdf" to specify the fixed vhd format, but the extension should remain .vhd. Reviewed by: lwhsu, whu Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D38761
This is the latest supported version in Ubuntu 22.04 Reviewed by: vexeduxr, imp, emaste Sponsored by: Arm Ltd Pull Request: https://github.com/freebsd/freebsd-src/pull/1862
diff3 is the last remaining GPL-licensed userland component. Move it to its own package, so that it may be excluded if desired. Reviewed by: ivy Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52810
These targets are used to produce legacy dist sets for install media and now always use NO_ROOT mode. Extend existing logic that forces NO_ROOT mode to these cases to ensure they do not run in the wrong mode. Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D50551
The Makefile logic for /etc/aliases, /var/yp/Makefile and /etc/unbound tries to avoid creating the symlink if it already exists in the target, but this breaks with pkgbase since the symlink won't be installed (and therefore won't be added to METALOG) if building with an existing worldstage, meaning it's missing from the generated package. Change the logic to forcibly install the symlink if NO_ROOT is defined, but keep the existing logic for non-package builds to avoid trashing the user's custom symlinks on non-pkgbase installworld. MFC after: 3 seconds Reported by: cperciva Reviewed by: cperciva, emaste Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52834
Reviewed by: emaste Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52830
Put virtual_oss, /etc/devd/snd.conf and the other audio-related tools into a new "sound" package. Don't create a separate -lib package, since it's unlikely someone will want mixer(3) without mixer(8). Put the sound package in the optional set rather than minimal, since it's not actually required for audio hardware support, and many systems (including nearly all servers) won't want it installed. MFC after: 3 seconds Reviewed by: christos Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52823
Although bootonly doesn't contain an offline package repository, we still want pkg installed so the user can use it to repair an existing system. Installing it from the release repository ensures it's always available without depending on pkg.freebsd.org. While here, fix a typo in PKGBASE_REPO_ARGS. MFC after: 3 seconds Reviewed by: cperciva Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52848
thunderbolt.4: Initial manual for HW Relnotes This manual contains nothing and is only suitable for the HW Relnotes, but lets get it in so we have something and then can iterate on it. MFC after: 3 minutes Fixes: https://cgit.freebsd.org/src/commit/?id=2ed9833791f2 (thunderbolt: Import USB4 code) Discussed with: obiwac Differential Revision: https://reviews.freebsd.org/D52847
thunderbolt.4: Mention Thunderbolt 3 MFC after: 1 hr Reported by: emaste Fixes: https://cgit.freebsd.org/src/commit/?id=2f7a796b590e (thunderbolt.4: Initial manual)
It is available on all supproted FreeBSD versions. Sponsored by: The FreeBSD Foundation
Reviewed by: ivy Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52857
Pass PKG_ABI to virtual machine image builds. Reviewed by: cperciva Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52874
When doing a NO_ROOT build we can't run pkg inside a chroot, for multiple reasons including not having /dev mounted. MFC after: 6 hours Sponsored by: https://www.patreon.com/cperciva
I wrote this file and am the only person who has modified it since it was added. MFC after: 3 days
The (update-)packages targets require buildworld and buildkernel to run first. Add some .ORDER statements to ensure this happens. This fixes 'make -j8 buildworld buildkernel packages'. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289969 Reported by: yasu MFC after: 3 days Reviewed by: yasu, emaste Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52877
vmimage.subr: Support NO_ROOT pkgbase We need to tell pkg to record files in METALOG; otherwise when we create the VM image it's almost empty. MFC after: 6 hours Sponsored by: https://www.patreon.com/cperciva
vmimage.subr: fix typo in checking NO_ROOT var Reviewed by: imp Fixes: https://cgit.freebsd.org/src/commit/?id=08b497dc6c4d ("vmimage.subr: Support NO_ROOT pkgbase") Signed-off-by: Siva Mahadevan <me@svmhdvn.name> Pull-request: https://github.com/freebsd/freebsd-src/pull/1867 Sponsored by: The FreeBSD Foundation
Use the same approach for pkgbase-repo-dir as for the packagesystem dependency. Reviewed by: Isaac Freund <ifreund@freebsdfoundation.org> Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52884
We previously used `PKG_FORMAT: tar` to avoid spending a lot of time in zstd compression. Instead just set PKG_LEVEL to compression level 1, which still produces packages that are much smaller than uncompressed tarballs with only a small penalty in build time. Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52858
Previously if WITHOUT_TOOLCHAIN was set we'd create a FreeBSD-clang package that contained only ar.5. As ar.5 describes the ar format and doesn't come from Clang/LLVM move it to the FreeBSD-toolchain package and make it conditional on MK_TOOLCHAIN. Reviewed by: ivy Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52886
libopenbsd retains recallocarray() during bootstrapping for now as it is needed for mandoc. Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D52864
release: Check for empty NODISTSETS
Treat an empty NODISTSETS the same as if it is not defined; this avoids
problems if a script calls 'make release NODISTSETS=${NODISTSETS}'.
MFC after: 3 days
Sponsored by: https://www.patreon.com/cperciva
release: Respect NODISTSETS In addition to not putting distribution sets onto ISO images, if NODISTSETS is set then we should not build the distribution sets or put them onto the "FTP" site (aka download.freebsd.org). MFC after: 3 days Sponsored by: https://www.patreon.com/cperciva
release: Publish pkgbase-repo.tar This is a tarball containing the pkgbase repository for the release. Note: This is an uncompressed tarball, because all of its constituent .pkg files are already compressed; there's no point adding another layer of compression. Reviewed by: ivy MFC after: 1 minute Sponsored by: https://www.patreon.com/cperciva Differential Revision: https://reviews.freebsd.org/D52899
- Don't clean pkg files, they won't be recorded in the manifest anyway. - Use pw's new metalog mode to create the vagrant user. Note that we do not need to manually create the home directory, pw will do it, so just remove that. - Write metalog entries for the vagrant user's ssh key dir and authorized keys file Note, this depends on an updated pw being installed on the host. Reviewed by: emaste MFC after: 1 day Sponsored by: Klara, Inc. Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52631
Sponsored by: The FreeBSD Foundation
The embedded "SD card" images build very differently from regular releases, and don't use pkgbase yet. MFC after: 3 days Sponsored by: https://www.patreon.com/cperciva
CROSS_TOOLCHAIN is used to build src with a different toolchain than the bundled one. Ports also has a CROSS_TOOLCHAIN option, but it has a different meaning. When building ports-mgmt/pkg from ports for the package-pkg target, unset CROSS_TOOLCHAIN to prevent ports from being confused. This fixes 'make CROSS_TOOLCHAIN=llvm19 package-pkg' for the native target, but cross-building (e.g., targetting powerpc from amd64) is still broken due to an issue in pkg itself. MFC after: 3 seconds Reviewed by: emaste Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D52902
We don't need this, and we don't use this. It's left over from the svn days. We stopped supporting svn as a project entirely when 12.x went EOL. And VCS_REVSION isn't in any current ucl file or anywhere else in the tree. Sponsored by: Netflix Reviewed by : kevans, brd Differential Revision: https://reviews.freebsd.org/D52912
The .if defined(_MKSHOWCONFIG) covered an unusually large area, so it should have not been removed in the last commit. I must have tested in the wrong tree before pushing... FixeS: 28b858f5059c Sponsored by: Netflix
MFC after: 3 days
Onboard new ports committer Tiago Gasiba (tiga) in accordance with step 5 of sec. 7.1 committer's guide PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289889 Approved by: eduardo, flo (mentors)
Rename this test helper app to multicast-send.c. Extend it to send from/to arbitrary addresses and arbitrary payload so that it can be used in more test scenarios.
- Use git to detect the latest stable branch rather than hardcoding it. - Handle the case where the script is run outside a src or ports repository. - Fix a pattern to match .git instead of *git. Reviewed by: andrew, releng (emaste) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52681
PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289948 Approved by: eduardo (mentor)
Test a value of TZ that temporarily escapes from TZDIR (which is not permitted when setugid) then reenters it. MFC after: 3 days
Test scripts based on atf_python can now pass jail command options via the
'opts' key in the 'vnetX' key of TOPOLOGY.
Reviewed by: melifaro
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D52761
We can't reliably check for the absence of replies to our MLD queries (because a host may announce its multicast subscriptions), so enable pf logging and check for the relevant error message instead. PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289821 MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D52762
tests/netinet: extend IPv4 multicast testing framework Provide a helper program multicast-receive.c that joins arbitrary group on arbitrary specified interface and receives a single datagram and prints it out. In multicast.sh provide a template with two jails connected by two interface pairs, so that we can check sends/receives in presence of multiple interfaces. Compose a few basic tests to check legacy and new IP_ADD_MEMBERSHIP and MCAST_JOIN_GROUP.
tests/netinet: add a few missing atf_checks in multicast.sh Fixes: https://cgit.freebsd.org/src/commit/?id=d0c8a0b3e6fc5372428eb4fddcd4f8c65b5b0ee0
Excercise the code introduced in 9e792f7ef729
("sys/netinet6: Fix SLAAC for interfaces with no /64 LL address").
Sponsored by: Rubicon Communications, LLC ("Netgate")
Also convert nearby ATF_REQUIRE_MSG to ATF_REQUIRE_INTEQ_MSG. Reported by: GCC -Wint-in-bool-context Reviewed by: asomers, des Differential Revision: https://reviews.freebsd.org/D45893
Commit 4a77657cbc01 increased the size of several opcodes to ipfw_insn_u32. Approved by: ae Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D52876
Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D52720
These could go in other categories, but it's more clear if they're here instead.
When an asterisk is encountered inside a C-style comment, we first check if there is at least one more character left in the buffer, and if that character is a slash, which would terminate the comment. If that is not the case, the next two characters are consumed without being inspected. If one of those is a double quote, or the initial asterisk of an asterisk-slash pair, we end up misparsing the comment. MFC after: 3 days Reviewed by: kevans, bofh Differential Revision: https://reviews.freebsd.org/D52808
Reported by: ivy@ MFC after: 3 days
No functional change. Effort: CHERI upstreaming Reviewed by: imp Fixes: https://cgit.freebsd.org/src/commit/?id=426fc376afaf ("bsd.cpu.mk: Introduce MACHINE_ABI") Sponsored by: Innovate UK Differential Revision: https://reviews.freebsd.org/D52833
Reviewed by: cperciva Approved by: emaste (mentor) MFC after: 1 day Differential Revision: https://reviews.freebsd.org/D52917
MFC after: 3 days
Upstream uses a set of flags that reduces to O_RDONLY | O_CLOEXEC when you ignore flags that either don't exist in FreeBSD or have no effect. We were using O_RDONLY | O_BINARY, which reduces to O_RDONLY. Add O_CLOEXEC. Also replace O_RDONLY with the more accurate O_SEARCH when opening TZDIR. MFC after: 3 days Fixes: https://cgit.freebsd.org/src/commit/?id=967a49a21a27 ("Update tzcode to 2025b")
MFC after: 3 days Sponsored by: Chelsio Communications
Interesting changes: + mandoc db: Improve case sorting, found by our very own markj + history: Add macros for version 8 and 10 AT&T Unix + linter: Warn on blank lines in man(7) like mdoc(7) + manuals: Improve precision, man(7) syntax table, and roff(7) specifics + manuals: Fix PDF/PS footer regression detailed in our PR: 289786 PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289786 MFC after: 3 days
Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230) Timing side-channel in SM2 algorithm on 64 bit ARM (CVE-2025-9231) Out-of-bounds read in HTTP client no_proxy handling (CVE-2025-9232) Obtained from: OpenSSL Approved by: so Security: FreeBSD-SA-25:08.openssl Security: CVE-2025-9230 Security: CVE-2025-9231 Security: CVE-2025-9232
The function is unused, already disappeared upstream and results in
compilation warnings.
Sponsored by: Rubicon Communications, LLC ("Netgate")
To avoid a compilation warning. The routine turned out to be rather
stubborn when it comes to trying to ifdef it out.
Sponsored by: Rubicon Communications, LLC ("Netgate")
This change includes all necessary changes required to update to OpenSSL 3.5.4. More information about the 3.5.4 release can be found in the relevant release notes (see 8e12a5c4eb3507846b5 for more details). Merge commit '8e12a5c4eb3507846b507d0afe87d115af41df40'
Notable upstream pull request merges:
#16025 26b0f561b dnode_next_offset: backtrack if lower level does not match
#17758 c722bf881 Add interface to interface spa_get_worst_case_min_alloc()
function
#17765 8d4c3ee9e zvol: Fix blk-mq sync
#17787 8869caae5 zinject: Introduce ready delay fault injection
#17780 b2196fbed Fix 'zpool add' safety check corner cases
#17783 5c38029f4 zdb: add ZFS_KEYFORMAT_RAW support for -K option
#17786 f0a95e897 zpool iostat: refresh pool list every interval
#17807 -multiple zpool iostat: fix regressions in "all pools" mode
after #17786
#17793 -multiple ddt prune: Add SCL_ZIO deadlock workaround
#17799 ac2d8c80b Make mount/share errors non-fatal for zfs create/clone
Obtained from: OpenZFS
OpenZFS commit: 5605a6d79b3582296208ac391f93a5faf729fa92
IfAPI: Added missing accessor for if_home_vnet Reviewed by: kp Signed-off-by: Kevin Irabor <kevin.irabor04@gmail.com>
Revert "IfAPI: Added missing accessor for if_home_vnet" This reverts commit 4e7a375804e5ad4b244ce9a035fa971cbf2f0944. We do not want out-of-tree consumers to access the home_vnet variable. As discussed with the author and Gleb Smirnoff.
In linux_pci_attach_device() allocate a LinuxKPI pci_dev for each device in the hierarchy up to the root port[1] as we cannot do that later on demand as we may be in a context where we may not sleep. Take special care of DRM as there is a non-PCI device in the chain which needs to be skipped. iwlwifi(4) can hit this case called from a callout. While here leave a comment sa the cleanup order of linux_pci_attach_device() needs correction seperately. This reverts commit 3860afe99ec39b9942967941181f28f27f3fc548. Sponsored by: The FreeBSD Foundation (initially) PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=283027 PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289647 Suggested by: jhb [1] MFC after: 3 days Reviewed by: dumbbell Differential Revision: https://reviews.freebsd.org/D52069
This reverts commit a13f28d57ecfd136ce73493659c28a47fa1a4b9f. Reported by: phk Tested by: phk Sponsored by: The FreeBSD Foundation
flua: support our flua modules in the bootstrap flua This version builds every module into the flua binary itself, since all of the bootstrap tools are built -DNO_SHARED. As a result, we also cannot dlsym(), so we can't really discover the names of our newly builtin modules. Instead, just build out a linker set with all of our luaopen_*() functions to register everything up-front. Building in all of the modules isn't strictly necessary, but it means that we have an example of how to add a bootstrap module everywhere you go and one doesn't need to consider whether bootstrap flua can use a module when writing scripts. On my build machine, the consequence on our binary size is an increase from around 1.6M -> 1.9M, which isn't really that bad. .lua modules can install into their usual path below $WORLDTMP/legacy and we'll pick them up automagically by way of the ctor that sets up LUA_PATH early on. Reviewed by: bapt, emaste Differential Revision: https://reviews.freebsd.org/D51890
Revert "flua: support our flua modules in the bootstrap flua" This reverts commit 1953a12ee2cde1afacb3e3f7612d89695c96e04f, because it cannot work at all on macOS without more work, at a minimum. We use linker sets for module discovery, but we don't have a version of this that works for mach-o at the moment.
flua: kick out the remaining builtin modules Bootstrap flua has some magic now to handle modules by building them in and discovering them via linker sets. This is slightly cleaner than always building them in and baking them into loadedlibs for both bootstrap and system flua. Adjust the stand build now that these three libs have their own new homes. Reviewed by: bapt, emaste Differential Revision: https://reviews.freebsd.org/D51891
Revert "flua: kick out the remaining builtin modules" This reverts commit 80ada959004c4386880e47b11618f8abfc2d80e1, because bootstrap flua is about to get backed out.
flua: don't build libjail into the bootstrap flua Other systems don't have jail support, and we won't be using it anyways.
Revert "flua: don't build libjail into the bootstrap flua" This reverts commit 31320402472394af57eb3a36bee7f944117ca0ed, because bootstrap flua is about to get backed out.
Not classified automatically, and waiting for manual attention.
-- no commits in this category this week --
Dates:
Automatic grouping:
This reverts commit \\b([0-9a-fA-F]{40})\\b
and the hash was found in this week's commits.
Automatic categories:
Source code:
Generated with commits-periodical 0.18 at 2025-11-03 03:26:53+00:00.
This work is supported by Tarsnap Backup Inc.
Alternate version: 2025-09-29 (debug) (contains info about the classification)