FreeBSD git weekly: 2025-11-03 to 2025-11-09

MFC after:    3 days
Sponsored by:   Rubicon Communications, LLC ("Netgate")

Add a missing break statement to avoid falling through to the '+'
case.

Fixes:          https://cgit.freebsd.org/src/commit/?id=96f4be881e8e ("ktrace(1): teach about KTR_EXTERR")

This change follows a localized approach within getprompt() and avoids
full parser reentry. While this means we don't support advanced
expansions like ${parameter#pattern}, it provides POSIX-compliant basic
parameter expansion without the complexity of making the parser
reentrant. This is sufficient for the vast majority of use cases.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=46441

Commit 2ed053cde5 changed UFS' VOP_RMDIR() behavior to no longer
ignore whiteouts when determining whether a directory is empty,
unless explicitly requested by the caller.  However, this also
necessitates a change to rm(1) to avoid breaking the expected
behavior when forcibly removing directory hierarchies via `rm -fr`.
I neglected to make this follow-on change despite discussing it
in the review for the breaking commit (D45987).

Finally address the breakage by making `rm -fr` imply FTS_WHITEOUT
when rm(1) reads directory contents via fts_read(3).  While here,
also fix a logic error which produces a spurious 'No error' warning
message on stdout for each deleted whiteout.

Reported by:    csjp
Reviewed by:    csjp, kib, olce
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D53640

PR:           https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290705
MFC after:      1 week
Sponsored by:   Rubicon Communications, LLC ("Netgate")

MFC after:    3 days

I did not bump the date here as the manual page looks more like a draft
and I'm not sure if it is actually up-to-date considering that it's
current Dd dates back to 1998.

MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D52770

These were previously somewhat safe to call destroy_dev(9), but will now
also cause a deadlock in the same fashion that d_close doing so would
previously.  Amend the note to point it out, in case it's useful for
someone.

Reviewed by:    imp, kib, markj
Differential Revision:  https://reviews.freebsd.org/D53439

ZFS has since been changed to use EOPNOTSUPP instead of EINVAL, and
fusefs/nfs are following suit.  POSIX Issue 8 had also made this move,
so it makes sense for us to standardize on EOPNOTSUPP.

Note in the HISTORY section where we're diverging from our previous
versions to align with the new standard.

Reviewed by:    asomers, imp (both previous version), kib
Differential Revision:  https://reviews.freebsd.org/D53537

Specifically, remove Tn macors, replace Li with Ql, and escape %N to
address date.1's rendering issues on man.freebsd.org.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290801
Reported by:    jinwookjeongg@gmail.com
MFC after:      1 week
Sponsored by:   Klara, Inc.

MFC after:    3 days
Sponsored by:   Rubicon Communications, LLC ("Netgate")

This manual is large enough and well structured enough that we can have
a clickable table of contents. Use that to move some subsections which
should not appear in Hardware Release Note to the description section.
Adjust subsection names so this will work, preserving parentheticals
for search by moving them to the bodies just below.

Strip unnecessary copyright symbols and escaped hyphens. Copyright
symbols never appear in the content of manual pages, including other
Intel manual pages, and appear to break the Hardware Release Notes.
Escaped hyphens were necessary decades ago for manual pages written
in man(7), but this page is written in mdoc(7). Also misc touchups.

Add the recently added E835 devices to the supported HARDWARE list.
Add the speed ranges to description like the other ethernet drivers.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290778
MFC after:      1 day
Fixes:          https://cgit.freebsd.org/src/commit/?id=09b48f811b4b (Add support for E835-XXV-4 adapter)
Fixes:          https://cgit.freebsd.org/src/commit/?id=b202176dc76d (Add PCI IDs for E835 devices)
Reviewed by:    kgalazka (previous version)
Reported by:    kgalazka (additional hardware has been added)
Reported by:    bigsneaky@duck.com (HW Relnote is truncating)

The user can trivially see the list of examples in /etc/inetd.conf
by looking at the file, so there's no need to include an entire
paragraph in the manual enumerating the examples which are provided.

MFC after:      3 days
Reviewed by:    0mp
Sponsored by:   https://www.patreon.com/bsdivy
Differential Revision:  https://reviews.freebsd.org/D52740

mpr.4: Add Broadcom LSI 3808 to HARDWARE

The product brief "MegaRAID 9500 PCIe Gen 4.0 Tri-Mode Storage Adapters"
confirms that the LSI 3808 are supported in FreeBSD.

https://docs.broadcom.com/doc/MegaRAID-9500-Tri-Mode-Storage-Adapters

MFC after:              3 days
Reviewed by:            imp, ziaee
Differential Revision:  https://reviews.freebsd.org/D52760

mpr.4: Remove Broadcom LSI 3908 from support list

"This one is my fault due to incorrect merging" ~ziaee

MFC after:              3 days
Reviewed by:            ziaee
Fixes:                  https://cgit.freebsd.org/src/commit/?id=744c8d554453 (mpr.4: Add Broadcom LSI 3808)
Differential Revision:  https://reviews.freebsd.org/D53634

While here, change "N" to "X" to match sndctl.8's notation.

Sponsored by:   The FreeBSD Foundation
MFC after:      4 days
Reviewed by:    emaste
Differential Revision:  https://reviews.freebsd.org/D53503

Document debug.minidump and machdep.dump_retry_count sysctl variables.

PR:                     https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259393
MFC after:              3 seconds
Reviewed by:            gbe (previous), markj, ziaee
Differential Revision:  https://reviews.freebsd.org/D32618

PR:           https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290425
MFC after:      3 seconds, this fixes the HW relnotes
Reported by:    jwb

Bump .Dd too while I am here.

Tag SPDX while here. This is not a content change, so do not bump date.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274164
MFC after:      3 seconds

PR:           https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272426
MFC after:      3 days
Co-authored-by: Piotr Smyrak <ps.ports@smyrak.com>

There should be no space between -x's "arg" and "=value".

MFC after:      3 days

PR:                   https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200803
MFC after:              3 days
Reviewed by:            jamie
Differential Revision:  https://reviews.freebsd.org/D53631

For some people "Ed" is a first name, but for mandoc it is a
macro (end of display block) and needs to be escaped.

Reviewed by:  markj
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D53627

This driver is a subclass of the normal PCI bus driver that is
intended to be used for the logical child bus of a Thunderbolt PCI-PCI
bridge device.  To determine if a given PCI bus's parent is a TB
bridge, it examines the PCI device IDs of the parent pcibX device.
However, this only works for pcibX devices that are actual PCI-PCI
bridges and panics for PCI buses that are children of host bridges
such as the pci0 child of pcib0.

Probably this should not be reading device IDs (as that doesn't tell
you if the device driver for the PCI-PCI bridge is actually a TB
driver).  Instead, the TB PCI-PCI driver should be exporting a new
IVAR (with a globally unique number as we do for ACPI handles) that
returns the TB generation and the probe routine for this PCI bus
driver should be checking for that IVAR (the way acpi_pci.c checks for
the presence of an ACPI handle).

This fixes a panic on boot if tb.ko is loaded at boot time (which the
driver recommends for certain chipsets).

Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D53202

We can free the mask earlier, simplifying some error paths.  No
functional change intended.

Reviewed by:    corvink, jhb, emaste
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Klara, Inc.
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D53418

vcpu_notify_event() previously took a boolean parameter which determines
whether the implementation should try to use a posted interrupt.  On
arm64 and riscv, the implementation of vcpu_notify_event() is otherwise
identical to that of amd64.

With the aim of deduplicating vcpu state management code, introduce a
separate amd64-only function which tries to use posted interrupts.  This
requires some duplication with vcpu_notify_event_locked(), but only a
little bit.

Then, fix up callers.  No functional change intended.

Reviewed by:    corvink, jhb
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D53419

No functional change intended.

Reviewed by:    corvink, jhb, emaste
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D53420

Move the vmm_initialized check out of vm_create() and into the legacy
sysctl handler.  If vmm_initialized is false, /dev/vmmctl will not be
available and so cannot be used to create VMs.

Introduce new MD vmm_modinit() and vmm_modcleanup() routines which
handle MD (de)initialization.

No functional change intended.

Reviewed by:    corvink
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D53421

vm_create() is only called from one place.  Rather than having similar
checks everywhere, move them to vmmdev_create().

We can safely assume that the name is nul-terminated, the vmmctl ioctl
handler and the legacy sysctl handler ensure this.  So, don't bother
with strnlen().

Finally, make sure that the name buffers are the same size on all
platforms.  VM_MAX_NAMELEN is supposed to be the maximum, not including
the nul terminator.

Reviewed by:    corvink
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D53422

Reviewed by:  corvink, emaste
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D53423

No functional change intended.

Reviewed by:    corvink
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D53477

The access of vq->vq_ring.used->idx needs to be volatile-qualified,
otherwise the compiler may optimize virtqueue_poll() into an infinite
loop if there is no data available upon the first poll.

Prior to commit ad17789a8569 this wasn't a problem since an external
function call after each poll inhibited the optimization.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289930
MFC after:      3 days
Sponsored by:   Klara, Inc.
Fixes:          https://cgit.freebsd.org/src/commit/?id=ad17789a8569 ("virtio: Remove the unused poll method")

vm_alloc_vcpu() is called quite frequently, and we don't need to apply
the vgic limit unless we're actually allocating a vcpu structure for the
first time.

No functional change intended.

Reviewed by:    andrew
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D53580

The documented properties [1] for card-detection are one of:
 - cd-gpios
 - non-removable
 - broken-cd

In cd_setup() we handle the first two, but not the latter, resulting in
a silently undetected card on an affected system.

To work around this, force cd_disabled when broken-cd is specified, so
that the card detect helper function gets to run. A more complete
solution would implement some kind of polling mechanism to detect the
card's presence or removal.

Some variants of the Allwinner D1, such as the Lichee Rv, specify this
property in the mmc0 device node.

[1] sys/contrib/device-tree/Bindings/mmc/mmc-controller.yaml

Reported by:    Haowu Ge <gehaowu@bitmoe.com>
Tested by:      Haowu Ge <gehaowu@bitmoe.com>
Reviewed by:    imp, manu, mmel
MFC after:      1 week
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D53546

Change tag preallocation to happen asynchronously when an interface is
brought up, so as to reduce boot times when preallocating tags.

- A new mlx5-tls-prealloc_wq is allocated when preallocation is
  desired, and started when an interface is opened

- The bulk of the prealloc code remains the same, except the
  allocations are now M_NOWAIT. M_NOWAIT is needed because, since the
  preallocation is done asynchronously, and since tag allocation is
  not instant, we could race with a real TLS session trying to
  allocate a tag. Note that in this case, we take allocation failure
  as a sign that we were unable to obtain the entire zone due to there
  being other consumers.  This was suggested by @markj as a way to
  keep things simple, after discussing why uma_zone_get_cur() didn't
  immediately report a fully allocated zone.  If this turns out to be
  problematic, we could use uma_zone_set_maxaction() to stop
  pre-allocations (also suggested by Mark)

Reviewed by: glebius, kib, markj
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D53570

safe(4): add gone_in 16.0

Reviewed by:    emaste
Differential Revision:  https://reviews.freebsd.org/D53426

safe(4): fix api used

Fixes: https://cgit.freebsd.org/src/commit/?id=9b7d2cee

When a SYN ACK is received for a listening socket, just drop it
instead of killing the SYN-cache entry and send a RST.
This closes the possibility to kill a TCP connection during its
handling in the SYN-cache.

Reviewed by:            Nick Banks, Peter Lei
MFC after:              3 days
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D53540

Reviewed by:          markj, Peter Lei
MFC after:              3 days
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D53542

in the ipsec_accel_sa_newkey_cb() when the SA offload is only enabled
on a specific different interface, not the current one.

Also remove no longer relevant XXX comment.

Noted and reviewed by:  slavash
Sponsored by:   NVidia networking
MFC after:      1 week

We're in the dtor, so we can't destroy it now without deadlocking after
recent changes to make destroy_dev() provide a barrier.  However, we
know there isn't any other dtor to run, so we can go ahead and clean up
our state and just prevent a use-after-free if someone races to open
the device while we're trying to destroy it.  tunopen() now uses the
net epoch to protect against softc release by a concurrent
tun_destroy().

While we're here, allow a destroy operation to proceed if we caught a
signal in cv_wait_sig() but tun_busy dropped to 0 while we were waiting
to acquire the lock.

This was more of an inherent design flaw, rather than a bug in the
below-refed commit.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290575
Fixes:  https://cgit.freebsd.org/src/commit/?id=4dbe6628179d ("devfs: make destroy_dev() a release [...]")
Reviewed by:    kib, markj
Differential Revision:  https://reviews.freebsd.org/D53438

Sponsored by: Rubicon Communications, LLC ("Netgate")

ipfilter: Add htable (hash table) tunable

This is in preparation for addition of a hash table max size.

Reviewed by:            markj
MFC after:              1 week
Differential revision:  https://reviews.freebsd.org/D53283

ipfilter: Add an htable max size tuneable.

Add an ipfilter runtime option (ipf -T) to adjust the default
maximum hash table size. Default it to 1024 entries. It will be
used by a subsequent commit to limit any damage due to excessively
large hash table input by the user.

Reviewed by:            markj
MFC after:              1 week
Differential revision:  https://reviews.freebsd.org/D53284

ipfilter: Don't trust userland supplied iph_size

ipf_htable_create() trusts a user-supplied iph_size from iphtable_t
and computes the allocation size as iph->iph_size * sizeof(*iph->iph_table)
without checking for integer overflow. A sufficiently large iph_size
causes the multiplication to wrap, resulting in an under-sized allocation
for the table pointer array. Subsequent code (e.g., in ipf_htent_insert())
can then write past the end of the allocated buffer, corrupting kernel
memory and causing DoS or potential privilege escalation.

This is not typically a problem when using the ipfilter provided
userland tools as calculate the correct lengths. This mitigates a
rogue actor calling ipfilter ioctls directly.

Reported by:            Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed by:            markj
MFC after:              1 week
Differential revision:  https://reviews.freebsd.org/D53286

Add a comment explaining why syncache entries are dropped and fix a
typo in a comment.

Reviewed by:            rrs, glebius
MFC after:              3 days
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D53564

PR:           https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290893

Apply OpenBSD env.c,v 1.24 and 1.25, which replaces manual size
calculations with reallocarray() to prevent possible integer
overflow.

MFC after:      3 days

Changes based on comments in D53110: tags should be lowercase; rename a
few containers so that the JSON/XML output says "DISK" or "MULTIPATH"
(depending on class) instead of a generic "Geom"; adds {t:} to trim
extra whitespaces that sometimes appeared in the value fields of
JSON/XML output.

Submitted-by: Johan Söllvander
MFC-after:    1 week
Differential Revision: https://reviews.freebsd.org/D53313

parse_vlans() does 's = strdup(str)', then calls strsep(&s, ...), then
attempts to free(s) at the end of the function.  For the success case,
this is fine (s is NULL, so it's a trivial memory leak), but in the
error case, we will attempt to free an invalid pointer.

Fix this by storing the original return value from strdup() and freeing
that instead.

MFC after:      3 seconds
Reported by:    David Gwynne <dlg@openbsd.org>
Reviewed by:    zlei, kevans
Sponsored by:   https://www.patreon.com/bsdivy
Differential Revision:  https://reviews.freebsd.org/D53545

etc/mtree: Add package tags for /usr/include

Set the default package to clibs-dev, since that's where the vast
majority of include files comes from.  Add explicit package tags
for the directories which are installed in their own package.

MFC after:      1 day
Reviewed by:    emaste
Sponsored by:   https://www.patreon.com/bsdivy
Differential Revision:  https://reviews.freebsd.org/D53577

etc/mtree/BSD.include.dist: Remove libipt-dev

This package only exists on amd64, which means on other platforms we
produce an empty package containing nothing but this directory, and
without a base package (libipt) that package fails to install due to
a missing dependency.

For now, fix this by removing the libipt-dev package tag, which moves
this directory to clibs.

Fixes: https://cgit.freebsd.org/src/commit/?id=436618a427b4 ("etc/mtree: Add package tags for /usr/include")
Reported by:    cperciva
MFC after:      3 seconds

It serves no purpose to manually manage the IPF_NUM_ERRORS count.
Calculate it instead.

Reviewed by:            emaste, markj
MFC after:              1 week
Differential revision:  https://reviews.freebsd.org/D53308

There is a pool feature, dynamic_gang_header, that is enabled by default
in new pools.  When this feature is active, gang headers may be larger
than 512 bytes.  The loader needs to be taught to cope with that.

Try using the vdev ashift to pick the gang block header size.  If the
checksum fails, fall back to the old gang block header size.

This is based on a patch by Paul Dagnelie, with testing, bug-fixing and
some simplifications from me.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289690
Co-authored by: Paul Dagnelie <paul.dagnelie@klarasystems.com>
Reviewed by:    imp
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D53578

Unbootstrapped pkg will ignore -N if -r is specified first.  Flip the
order.

Prior to commit 66c75fa63aff this worked by accident.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290393
Reported by:    olgeni
MFC after:      3 days
Fixes:          https://cgit.freebsd.org/src/commit/?id=66c75fa63aff ("freebsd-update: Fix the pkgbase check")

The second and third members of struct bsddialog_menuitem are `bool on`
and `unsigned int depth`. The newfs dialog options in bsdinstall's
partition tool had these two swapped, so the default selection did not
work.

PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290857
Reviewed by: asiciliano
Fixes: https://cgit.freebsd.org/src/commit/?id=50e244964e9b ("bsdinstall/partedit: Replace libdialog with libbsddialog")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53639

In two cases we returned E2BIG where it should have been a boolean ('false').

MFC after:      1 week
Sponsored by:   Rubicon Communications, LLC ("Netgate")

termcap and tabset are currently in runtime, but since ncurses is the
only thing which uses them, they belong in the ncurses package.

curses without termcap is not very useful, so put them in the -lib
subpackage rather than ncurses itself, so that installing ncurses-lib
provides a working curses.

This change moves files between packages so, until we have a proper
policy on how to handle this in release/stable branches, it should
not be MFC'd.

MFC after:      never
Discussed with: kevans
Reviewed by:    manu, kevans
Sponsored by:   https://www.patreon.com/bsdivy
Differential Revision:  https://reviews.freebsd.org/D53610

FUSE protocol 7.33 extended the FUSE_SETXATTR request format.  But the
extension is optional.  The server must opt-in by setting the
FUSE_SETXATTR_IN flag during FUSE_INIT.  We were wrongly using the
extended format for any server using protocol 7.33 or later.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290547
Co-authored-by: CismonX <admin@cismon.net>
Fixes:          https://cgit.freebsd.org/src/commit/?id=d5e3cf41e89 ("fusefs: Upgrade FUSE protocol to version 7.33")
MFC after:      3 days

POSIX Issue 7 had allowed EINVAL for this case, but issue 8 moves it
to ENOTSUP instead.  ZFS uses the latter and we have some software in
ports already that's wanting to use that to detect the filesystem not
supporting it, so let's standardize on it.

Reviewed by:    imp (previous version), asomers, kib
Differential Revision:  https://reviews.freebsd.org/D53535

POSIX Issue 7 had allowed EINVAL for this case, but issue 8 moves it
to ENOTSUP instead.  ZFS uses the latter and we have some software in
ports already that's wanting to use that to detect the filesystem not
supporting it, so let's standardize on it.

Reviewed by:    imp, kib, rmacklem
Differential Revision:  https://reviews.freebsd.org/D53536

to prevent future name collision with some buf/bio macros

Reviewed by:    mckusick
Sponsored by:   The FreeBSD Foundation
Differential revision:  https://reviews.freebsd.org/D53351

exterror(9): add SETEXTERROR_KE() macro

It fills the extended error data into explicitly passed pointer to the
struct kexterr instead of td_kexterr for current thread.

Reviewed by:    mckusick
Sponsored by:   The FreeBSD Foundation
Differential revision:  https://reviews.freebsd.org/D53351

exterror(9): add two helpers

The exterr_set_from() function sets current thread extended error from
the pre-filled struct kexterr.

The exterr_clear() function clears some struct kexterr.

Reviewed by:    mckusick
Sponsored by:   The FreeBSD Foundation
Differential revision:  https://reviews.freebsd.org/D53351

exterror(9): add infra for bufs and bios

The extended error can be stored in either struct bio or struct buf,
indicated by BIO_EXTERR bio_flag.  At some strategic places, it is
copied into the current thread extended error.

This structure is required because io request from the top might pass
down through several io threads and the context that can report meaningful
extended error does not belong to the thread that initiated the io.

Sizes before the change, on amd64 nodebug:
sizeof(struct buf) =  456
sizeof(struct bio) = 376

after:
sizeof(struct buf) =  496
sizeof(struct bio) = 408

WIP: more geom providers should handle BIO_EXTERR when passing cloned
bios down and then handling completions.

Reviewed by:    mckusick
Sponsored by:   The FreeBSD Foundation
Differential revision:  https://reviews.freebsd.org/D53351

libdtrace: Update io.d to chase changes to struct bio layout

Fixes:  https://cgit.freebsd.org/src/commit/?id=6c406b5b9312 ("exterror(9): add infra for bufs and bios")

As an example of use for the bp_exterr infrastructure.

Reviewed by:    mckusick
Sponsored by:   The FreeBSD Foundation
Differential revision:  https://reviews.freebsd.org/D53351

Noted by:     imp
Sponsored by:   The FreeBSD Foundation

Sponsored by: The FreeBSD Foundation

Noted by:     imp
Sponsored by:   The FreeBSD Foundation

Ensure that we're in the right state / priority for each of the states
in the driver. These asserts assured that a prior patch that I committed
to fix a priority leak worked when a drive departed (and bounced back
too!). These have been running in our production since I committed the
change and haven't trigged.

Sponsored by:           Netflix
Differential Revision:  https://reviews.freebsd.org/D53259

If vfs_buildopts() failed, vfs_freeopts() must not be called.

Reported and tested by: pho
Reviewed by:    jamie
Sponsored by:   The FreeBSD Foundation
MFC after:      3 days
Differential revision:  https://reviews.freebsd.org/D53612

and one that will be with us in the long-term future.
(this helps reduce diffs in the future and for down-stream users
that trim entropy sources).  Also, move deprecated (removed in 16.0)
sources to the bottom of the list to reduce changes to 15.x.

Reviewed by:    glebius
Obtained from:  Juniper Networks
Differential Revision:  https://reviews.freebsd.org/D53311

This is an extension needed by next commit, where some additional
reference is kept on the credentials to be set on a process in order to
keep these credentials alive even after the process lock is released (an
intervening reset of process credentials could release the reference
that the process holds).

Only 'cr_users' is incremented, as the reference (counted in 'cr_ref')
comes from the caller, who passes it to the process.

Reviewed by:    kib, markj
MFC after:      1 week
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D53636

No functional change.

With this tiny change, all the file becomes whitespace-clean.

MFC after:      1 week
Sponsored by:   The FreeBSD Foundation

In system calls changing process credentials, on RACCT, calls to
racct_proc_ucred_changed() must be issued on the new credentials.
Currently, this is done after the new credentials have been installed on
the process via proc_set_cred() or proc_set_cred_enforce_proc_lim(),
which modifies 'p_ucred'.  Only the process lock guarantees that the new
credentials pointed to by 'p_ucred' cannot themselves be concurrently
modified, which would cause their 'struct ucred' to potentially lose its
last reference from the process before the call to
racct_proc_ucred_changed(), which needs one.

For better code understandability and to avoid errors in future
modifications, stop relying on proc_set_cred*() storing the passed
'struct ucred' in the process 'p_ucred' and on the process lock to avoid
the reference taken by proc_set_cred*() to vanish.  Instead, ensure that
a reference is held when racct_proc_ucred_changed() is called.

As racct_proc_ucred_changed() is actually passed explicit pointers to
the old and new credentials, there is in fact no need to call it after
proc_set_cred().  Instead, call it before proc_set_cred() and its taking
over the reference.

Since setcred() uses proc_set_cred_enforce_proc_lim(), which can fail,
instead of proc_set_cred(), we instead take an additional reference with
crhold().  Indeed, racct_proc_ucred_changed() should update resource
accounting only if proc_set_cred_enforce_proc_lim() succeeds (an
alternative would be to call it in advance and then in case of failure
of the latter to call it again in order to backpedal the updated
accounting, but we don't see a compelling reason to do that instead of
taking an additional reference).

While here, add to the documentation of proc_set_cred_enforce_proc_lim()
that it does not take over the credentials reference in case of failure.
While here, in racct_proc_ucred_changed()'s herald comment, add the
precise condition in which this function must be called.

No functional change intended.

Reviewed by:    kib
MFC after:      1 week
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D53563

Reviewed by:  bcr
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D51317

A bug in pkg, which somehow only surfaced as a consequence of pkgbase,
results in pkg install sometimes pulling in false dependencies.  This
problem might be limited to cases when the lib32 pkgbase packages are
not installed.  In the case of EC2 "small" images, installing the
ebsnvme-id package results in binutils, gcc12-devel, gmp, indexinfo,
liblz4, mpc, mpfr, and zstd packages being installed.

These false dependencies are however not recorded as dependencies --
at some level pkg does understand that they're not needed -- so running
pkg autoremove immediately after pkg install cleans them up.

Note: This does not remove lines from METALOG corresponding to these
packages, and makefs emits an error when it attempts to create the
filesystem but cannot find the files listed in METALOG -- but makefs
does seem to complete normally despite the error messages.

This change should be reverted once the pkg issue has been located and
fixed.

Reviewed by:    ivy
MFC after:      3 days
Sponsored by:   https://www.patreon.com/cperciva
Differential Revision:  https://reviews.freebsd.org/D53543

release: GCE builds depend on ftp

GCE images are required by Google to include their source code; we do
this by extracting {src,ports}.txz into the images, from the (legacy)
distribution sets.

Make sure those distribution sets actually exist.

Reviewed by:    ivy
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D53567

release: Don't try to fetch distfiles for pkgbase

In order to comply with the require that GCE images must include their
source code, we fetch distfiles for all of the packages installed into
GCE images.  This fails for obvious reasons for packages with an origin
of base/*; filter those out to generate the list to fetch.

Reviewed by:    ivy
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D53568

release: Make fetch happen in GCE images

We want to fetch distfiles, regardless of whether they contain known
vulnerabilities or we're building images for a different version of
FreeBSD.

Reviewed by:    ivy
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D53569

MFC after:    2 weeks
Fixes:          https://cgit.freebsd.org/src/commit/?id=91dd9aae1ab8 Add explicit static DTrace tracing to the callout mechanism
Differential Revision:  https://reviews.freebsd.org/D51397

Also add kexec reboot flag to the reboot man page.

As set-base depends on set-optional, so should set-base-dbg depend on
set-optional-dbg.  Otherwise, people who install set-base-dbg will be
missing a bunch of debug packages.

MFC after:      1 day
Reviewed by:    emaste
Sponsored by:   https://www.patreon.com/bsdivy
Differential Revision:  https://reviews.freebsd.org/D53575

libkadm5clnt_mit installs a symlink from libkadm5clnt.so for backward
compatibility, but it neglected to include the package tags, so the
symlink was missing from pkgbase builds.  Add ${DEV_TAG_ARGS} to the
install command.

Reported by:    Mark Millard <marklmi@yahoo.com>
MFC after:      1 day
Reviewed by:    emaste
Sponsored by:   https://www.patreon.com/bsdivy
Differential Revision:  https://reviews.freebsd.org/D53574

The libcasper package exists to contain libcasper, but for some reason
only the libcap_net service was in the package, with libcasper itself
and the rest of the services being in runtime.  Move everything to the
libcasper package, except tests which stay in the tests package.

MFC after:      1 day
Reviewed by:    emaste
Sponsored by:   https://www.patreon.com/bsdivy
Differential Revision:  https://reviews.freebsd.org/D53576

Commit 9065390ddc7b moved atf to its own package, but mistakenly moved
the tests as well.  Put the tests back into the test package.

Fixes:  https://cgit.freebsd.org/src/commit/?id=9065390ddc7b ("packages: Remove the tests-dev package")
MFC after:      1 day
Reviewed by:    emaste
Sponsored by:   https://www.patreon.com/bsdivy
Differential Revision:  https://reviews.freebsd.org/D53594

libcrypto's Makefile.inc used PACKAGE=openssl, which overrides the
PACKAGE=tests in libcrypto/tests/Makefile.  Use PACKAGE?=openssl
instead to avoid this.  This puts the OpenSSL tests in the tests
package where they belong.

MFC after:      1 day
Reviewed by:    manu, ngie
Sponsored by:   https://www.patreon.com/bsdivy
Differential Revision:  https://reviews.freebsd.org/D53595

This periodic script only makes sense if mandoc is installed, so move
it to the mandoc package like other periodic scripts.

/usr/libexec/makewhatis.local only exists for the enjoyment of this
script, and doesn't work without mandoc installed, so move that as
well.

This change moves files between packages so, until we have a proper
policy on how to handle this in release/stable branches, it should
not be MFC'd.

MFC after:      never
Reviewed by:    ziaee, manu
Sponsored by:   https://www.patreon.com/bsdivy
Differential Revision:  https://reviews.freebsd.org/D53609

gtest/gmock are not normally used by users unless running the tests,
so they shouldn't be in the utilities package.  Move them to a new
googletest package, to match what we did with ATF/Kyua.

While here, move tests dependencies from tests-all.ucl to tests.ucl,
which is the canonical place for that.

This change adds a new package to the system so, until we have a proper
policy on how to handle this in release/stable branches, it should not
be MFC'd.

MFC after:      never
Reported by:    emaste
Reviewed by:    manu
Sponsored by:   https://www.patreon.com/bsdivy
Differential Revision:  https://reviews.freebsd.org/D53607

We have an existing rdma package for IB/rdma-related files, but most
of ofed isn't in that package, making it rather useless.  Move all of
lib/ofed to the rdma package.

Add a separate rdma-lib package using LIB_PACKAGE, since utilities
depends on the rdma libraries and we don't want that to pull in all
of rdma.

This change moves files between packages so, until we have a proper
policy on how to handle this in release/stable branches, it should
not be MFC'd.

PR:     https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263227
MFC after:      never
Reviewed by:    manu
Sponsored by:   https://www.patreon.com/bsdivy
Differential Revision:  https://reviews.freebsd.org/D53604

- Only apply the previously added CWARNFLAGS to `drv.c` instead of the
  whole module.
- Only apply `-Wno-initializer-overrides` to CWARNFLAGS in the clang
  scenario as it's not supported with gcc.

This fixes building the module with gcc and avoids accidentally
introducing tech debt with the module, in the event other issues are
accidentally introduced.

MFC after:      3 days
Fixes:          https://cgit.freebsd.org/src/commit/?id=6b627f8858 ("iwlwifi: update Intel's mvm/mld drivers")
Differential Revision:  https://reviews.freebsd.org/D53591

MFC after:    2 weeks
Differential Revision:  https://reviews.freebsd.org/D51287

This was a minor oversight from their introduction.

Commit message by kevans@.

Fixes:  https://cgit.freebsd.org/src/commit/?id=851dc7f859c23 ("jail: add jail descriptors")
Reviewed by:    kevans

Azure requires the first 1 MB (2,048 sectors) of the OS disk to remain
empty for VM images:

  https://learn.microsoft.com/partner-center/marketplace-offers/azure-vm-certification-faq#vm-images-must-have-1-mb-of-free-space

Also append the BOOTPARTSOFFSET suffix for aarch64 images, which only
has an ESP partition for booting.

Co-authored-by: Brad Davis <brd@FreeBSD.org>
Approved by:    cperciva
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53628

We have NO_ROOT here, so we need WITHOUT_QEMU to avoid problems.

15.0 candidate.

Reviewed by:    emaste, markj
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D53637

The tests themselves create identically named jails, resulting in
spurious failures when the tests are run in parallel.

MFC after:      1 week

PR:   https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=250593
Reviewed by:    bcr, ziaee
Thanks to:      imp, markj
MFC after:      1 week
Fixes:  https://cgit.freebsd.org/src/commit/?id=3843eba85d98 Add unmapped BIO support to GEOM ZERO
Fixes:  https://cgit.freebsd.org/src/commit/?id=24e1fdcd1a69 Allow to specify the byte which will be used for filling read buffer
Fixes:  https://cgit.freebsd.org/src/commit/?id=565bc101112c Add a very simple and small GEOM class - ZERO

This change moves files between packages so, until we have a proper
policy on how to handle this in release/stable branches, it should
not be MFC'd.

MFC after:      never
Reviewed by:    manu, dim
Sponsored by:   https://www.patreon.com/bsdivy
Differential Revision:  https://reviews.freebsd.org/D53608

OpenBSD was nearly against the NetBSD entries, especially in their
earlier lineages.  Now line up "OpenBSD" with | at the 'e'.

Reviewed by:    gordon (in person)
Differential Revision:  https://reviews.freebsd.org/D53509

Commit 09aeca28dd75 ("BSD family tree: reduce OpenBSD-NetBSD crowding")
moved OpenBSD releases over 2 spaces.  Move the line through OpenBSD
releases over as well.

Reviewed by:    obrien
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53635

This was sometimes exiting while the child fifo was created resulting in
[ENOTEMPTY] from rm.  The child fifo isn't needed, just sleep.

PR:     https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290837
Fixes:  https://cgit.freebsd.org/src/commit/?id=e31fb97148f ("read builtin: Empty variables on timeout")
MFC after:      3 days

Add: slider dialog.
Imported to enable testing and to complete the geomman(8) utility.

Developed as part of the "Full Disk Administration Tool for FreeBSD"
project, Braulio Rivas (brauliorivas@), Google Summer of Code 2025.

Sponsored by:   Google LLC (GSoC 2025)

Merge commit '5a70558d32b9680c10ab579c7491652e0838cee4'

openssh: Don't try to bind to unsupported addresses

When selecting an address to bind to, skip IPv4 addresses if the kernel
does not support the inet feature, and IPv6 addresses if the kernel does
not support the inet6 feature.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195231
MFC after:      1 week
Reviewed by:    emaste
Differential Revision:  https://reviews.freebsd.org/D53561

Revert "openssh: Don't try to bind to unsupported addresses"

This doesn't actually do anything useful, since getifaddrs() will only
return supported addresses.  The root cause of the issue described in
the PR lies earlier in the connection timeline, around the start of the
ssh_create_socket() function.

This reverts commit e5ff8e7977434b150a66bb3e472c6d0e0f644cfa.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195231

kern: RACCT: Keep process credentials alive via references

In system calls changing process credentials, on RACCT, calls to
racct_proc_ucred_changed() must be issued on the new credentials.
Currently, this is done after the new credentials have been installed on
the process via proc_set_cred() or proc_set_cred_enforce_proc_lim(),
which modifies 'p_ucred'.  Only the process lock guarantees that the new
credentials pointed to by 'p_ucred' cannot themselves be concurrently
modified, which would cause their 'struct ucred' to potentially lose its
last reference from the process before the call to
racct_proc_ucred_changed(), which needs one.

For better code understandability and to avoid errors in future
modifications, stop relying on proc_set_cred*() storing the passed
'struct ucred' in the process 'p_ucred' and on the process lock to avoid
the reference taken by proc_set_cred*() to vanish.  Instead, ensure that
a reference is held when racct_proc_ucred_changed() is called.

As racct_proc_ucred_changed() is actually passed explicit pointers to
the old and new credentials, there is in fact no need to call it after
proc_set_cred().  Instead, call it before proc_set_cred() and its taking
over the reference.

Since setcred() uses proc_set_cred_enforce_proc_lim(), which can fail,
instead of proc_set_cred(), we instead take an additional reference with
crhold().  Indeed, racct_proc_ucred_changed() should update resource
accounting only if proc_set_cred_enforce_proc_lim() succeeds (an
alternative would be to call it in advance and then in case of failure
of the latter to call it again in order to backpedal the updated
accounting, but we don't see a compelling reason to do that instead of
taking an additional reference).

While here, add to the documentation of proc_set_cred_enforce_proc_lim()
that it does not take over the credentials reference in case of failure.
While here, in racct_proc_ucred_changed()'s herald comment, add the
precise condition in which this function must be called.

No functional change intended.

Reviewed by:    kib
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D53563

Revert "kern: RACCT: Keep process credentials alive via references"

The change causes a panic on boot with INVARIANTS kernels.  Revert for
now.

This reverts commit a5d1a0c9bfcca38528b861c5afb51ea9b1696b65.

Reported by:    syzbot+74624c6fcbb384ea0113@syzkaller.appspotmail.com