FreeBSD git weekly: 2025-11-17 to 2025-11-23

This is the *pi family of trigonometric functions. Quite a few C23
functions are still missing.  These seem to be:
acospi, acospif, acospil, asinpi, asinpif, asinpil, atan2pi, atan2pif,
atan2pil, atanpi, atanpif, atanpil, canonicalize, canonicalizef,
canonicalizel, compoundn, compoundnf, compoundnl, daddl, ddivl, dfmal,
dmull, dsqrtl, dsubl, exp10, exp10f, exp10l, exp10m1, exp10m1f,
exp10m1l, exp2m1, exp2m1f, exp2m1l, fadd, faddl, fdiv, fdivl, ffma,
ffmal, fmaximum, fmaximum_mag, fmaximum_mag_num, fmaximum_mag_numf,
fmaximum_mag_numl, fmaximum_magf, fmaximum_magl, fmaximum_num,
fmaximum_numf, fmaximum_numl, fmaximumf, fmaximuml, fminimum,
fminimum_mag, fminimum_mag_num, fminimum_mag_numf, fminimum_mag_numl,
fminimum_magf, fminimum_magl, fminimum_num, fminimum_numf,
fminimum_numl, fminimumf, fminimuml, fmul, fmull, fromfp, fromfpf,
fromfpl, fromfpx, fromfpxf, fromfpxl, fsqrt, fsqrtl, fsub, fsubl,
iscanonical, iseqsig, issignaling, issubnormal, iszero, nextdown,
nextdownf, nextdownl, nextup, nextupf, nextupl, pown, pownf, pownl,
powr, powrf, powrl, rootf, rootl, rootn, roundeven, roundevenf,
roundevenl, rsqrt, rsqrtf, rsqrtl, ufromfp, ufromfpf, ufromfpl,
ufromfpx, ufromfpxf, ufromfpxl.

Reviewed by:    imp
Approved by:    markj (mentor)
MFC after:      1 month
Relnotes:       yes
Differential Revision:  https://reviews.freebsd.org/D53783

The command
  sh -c 'sleep 3 | sleep 2 & sleep 3 & kill %1; wait %1'
crashes (with appropriate sanitization such as putting
MALLOC_CONF=abort:true,junk:true in the environment or compiling with
-fsanitize=address).

What happens here is that waitcmdloop() calls dowait() with a NULL job
pointer, instructing dowait() to freejob() if it's a non-interactive
shell and $! was not and cannot be referenced for it. However,
waitcmdloop() then uses fields possibly freed by freejob() and calls
freejob() again.

This only occurs if the job being waited for is identified via % syntax
($! has never been referenced for it), it is a pipeline with two or more
elements and another background job has been started before the wait
command. That seems special enough for a bug to remain. Test scripts
written by Jilles would almost always use $! and not % syntax.

We can instead make waitcmdloop() pass its job pointer to dowait(),
fixing up things for that (waitcmdloop() will have to call deljob() if
it does not call freejob()).

The crash from
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290330#c2 appears to
be the same bug.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290330
Reported by:    bdrewery
Reviewed by:    bdrewery
Differential Revision:  https://reviews.freebsd.org/D53773

While waiting for input in the read builtin, if select() is interrupted
but there is no pending signal, we act like we timed out, and return the
same status as if we had been interrupted by SIGALRM, instead of looping
until we actually do time out.

* Replace the single select() call with a ppoll() loop.

* Improve validation of the timeout value.  We now accept things like
  "1h30m15s", which we used to silently truncate to "1h".  The flip side
  is that we no longer accept things like "1hour" or "5sec".

* Modify the existing `read -t 0` test case to verify that read returns
  immediately when there is input and fails immediately when there isn't.

* Add a second test case which performs the same tests with a non-zero
  timeout value.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290844
MFC after:      1 week
Fixes:          https://cgit.freebsd.org/src/commit/?id=c4539460e3a4 ("sh: Improve error handling in read builtin:")
Reviewed by:    jilles, bdrewery
Differential Revision:  https://reviews.freebsd.org/D53761

Calling dotrap() can do almost anything, including reallocating the
jobtab array. Convert the job pointer to an index before calling
dotrap() and then restore a proper job pointer afterwards.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290330
Reported by:    bdrewery
Reviewed by:    bdrewery
Differential Revision:  https://reviews.freebsd.org/D53793

When the source of the copy operation is the root directory, we should
neither append it to the destination path on FTS_D nor trim it back off
on FTS_DP.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291132
MFC after:      3 days
Fixes:          https://cgit.freebsd.org/src/commit/?id=82fc0d09e862 ("cp: Partly restore symlink folllowing.")
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D53863

Sort usage and man page options, mention possible minimum and maximum
values, fix punctuation marks, and cleanup the man page.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291092
Reviewed by:    pauamma_gundo.com, christos
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D53827

The deprecation notice should indicate that the driver or feature will
be removed in a future release, not one that's nearly EOL.

Sponsored by:   The FreeBSD Foundation

Approved by:  markj (mentor)
MFC after:      1 month
Differential Revision:  https://reviews.freebsd.org/D53784

 - also use new .St -ieee754-2008 request in *pi.3

Reviewed by:    imp
Approved by     markj (mentor)
See also:       D53784
Differential Revision:  https://reviews.freebsd.org/D53783

Reviewed by:  pauamma_gundo.com
Sponsored by:   The FreeBSD Foundation
Differential revision:  https://reviews.freebsd.org/D53798

Release notes are generated using this text.

I used "interfaces" not "adapters" in these pages as the listed devices
are the controller ICs, not end-user projects.

Reviewed by:    ziaee
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53846

This is the only place this important debugging tunable is documented.
Mark it up with the Va macro according to style.mdoc(5) so that people
can find it via `apropos Va=kern.msg`, the standard syntax to search
the FreeBSD manual for sysctls and tunables.

Fixes:  https://cgit.freebsd.org/src/commit/?id=6910fee62e77 (dmesg: Document kern.msgbuf_show_timestamp)

MFC:                  immediately as 2 llms say this is impossible
Reviewed by:            adrian, emaste
Differential Revision:  https://reviews.freebsd.org/D53860

- Add several missing .Pp after lists and literal blocks.

- Fix the column widths for the console table and use a shorter indent
  so that it doesn't wrap on an 80-col display.

Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D53866

Virtual Functions are considered untrusted and have no control
over VLAN filtering configuration in HW. To allow using
VLANs on VF intreface driver has to assume that VLAN HW Filtering
is always enabled and pass requests for adding or removing VLAN
tags to Physical Function driver using Mailbox API.

Signed-off-by: Krzysztof Galazka <krzysztof.galazka@intel.com>

Approved by:    kbowling (mentor)
Reviewed by:    erj (previous version)
Tested by:      gowtham.kumar.ks_intel.com
MFC after:      1 week
Sponsored by:   Intel Corporation
Differential Revision:  https://reviews.freebsd.org/D53245

PR:           https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290496
Tested by:      adrian
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week

nvme: Abstract out function to obtain a disk ident string from cdata

This will permit sharing the code with nvmf(4).

Sponsored by:   Chelsio Communications
Differential Revision:  https://reviews.freebsd.org/D53338

nvme: Include <sys/systm.h> explicitly for memmove

Reported by:    andrew, rpokala
Fixes:          https://cgit.freebsd.org/src/commit/?id=8d2a50bb3805 ("nvme: Abstract out function to obtain a disk ident string from cdata")
Sponsored by:   Chelsio Communications

This mirrors commit 6d0001d44490becdd20d627ce663c72a30b9aac3 but for
nvmf(4).

Sponsored by:   Chelsio Communications
Differential Revision:  https://reviews.freebsd.org/D53339

Use the midr value to ensure we find the correct PCPU pointer on arm64.

Sponsored by:   Arm Ltd
Differential Revision:  https://reviews.freebsd.org/D53327

Some non-PCI devices can send interrupts, e.g. the Arm SMMU or GICv5
Interrupt Wire Bridge. Add support for these by implementing pci_get_id
and pci_alloc_msi and the MSI/MSI-X parts of the PCIB interface.

Only the MSI parts of the PCI interface are added as that is all I am
able to test.

Sponsored by:   Arm Ltd
Differential Revision:  https://reviews.freebsd.org/D53330

Add the arm64 parts to support for non-PCI MSI and MSI-X interrupts.

Sponsored by:   Arm Ltd
Differential Revision:  https://reviews.freebsd.org/D53331

We don't have a GICv2 vgic so can just return 0.

Sponsored by:   Arm Ltd
Differential Revision:  https://reviews.freebsd.org/D53662

GICv5 will need this too, so move to the GIC_IVAR namespace.

Sponsored by:   Arm Ltd
Differential Revision:  https://reviews.freebsd.org/D53663

The old gicv3_get_support_lpis will be removed.

Sponsored by:   Arm Ltd
Differential Revision:  https://reviews.freebsd.org/D53664

It's no longer used after moving to gic_get_support_lpis.

Sponsored by:   Arm Ltd
Differential Revision:  https://reviews.freebsd.org/D53665

Our recent changes to iichid.c has caused us to attempt to read a
full REPORT instead, and at least one keyboard hangs solid when we
do that.

This patch changes us to be spec-compliant.

Differential Revision: https://reviews.freebsd.org/D53803
MFC after: 1 day
Approved by: re(ccperciva)

b21e67875bf0c tested for the good condition, not the error condition, so
we'd never do anything else in this function. This was causing certain
logging not to happen, and also prevented forthcoming namespace size
change code from working as well.

Fixes: https://cgit.freebsd.org/src/commit/?id=b21e67875bf0c
Sponsored by: Netflix

When we get a namespace notification, we have to reconstrut the
namespace to get the new identification data from the namespace. For
each namespace in the AEN, we will reconstrict it before we call the
notification. We also flag it as changed for the duration of the change
callback (prior versions of the patch needed to keep track, but we no
longer do, so this bit may be removed). Note when we've seen the
namespace so we can notify when it goes away.

Co-authored-by: imp
Differential Revision: https://reviews.freebsd.org/D33032

Signal the new media size when the namespace changes size.

Reviewed by:            imp
Differential Revision:  https://reviews.freebsd.org/D33032

Signal when the namespace is gone so we can tear down the disk when a
nvme drive is removed.

Reviewed by:            imp
Differential Revision:  https://reviews.freebsd.org/D33032

pmap_zero_page() may be called on uncached pages, so using the cache to
zero uncached pages may trigger a fault.

MFC after:      2 weeks

39d4094173f9 ("epair: add support for checksum offloading") revealed
that HW checksum offloading is not enabled when the dpaa2_ni driver
is attached despite being declared and enabled on the dpni interface.

I modified dpaa2_ni_setup_if_caps to take into account both IPv4 and
IPv6 checksum offloading capabilities and added a call to re-configure
interface capabilities on attach to fix it.

Reviewed by:    bz
Fixes:          https://cgit.freebsd.org/src/commit/?id=39d4094173f9 ("epair: add support for checksum offloading")
MFC after:      1 week
Differential Revision: https://reviews.freebsd.org/D53436

INVARIANTS kernels may trigger a KASSERT panic from sndbuf_acquire(),
when fuzzing write(2) using stress2, because of a race in chn_write().

In the case of chn_write(), what sndbuf_acquire() does is extend the
ready-to-read area of the buffer by a specified amount of bytes. The
KASSERT in question makes sure the number of bytes we want to extend the
ready area by, is less than or equal to the number of free bytes in the
buffer. This makes sense, because we cannot extend the ready area to
something larger than what is available (i.e., free) in the first place.

What chn_write() currently does for every write is; calculate the
appropriate write size, let's say X, unlock the channel, uiomove() X
bytes to the channel's buffer, lock the channel, and call
sndbuf_acquire() to extend the ready area by X bytes. The problem with
this approach, however, is the following.

Suppose an empty channel buffer with a length of 1024 bytes, and 2
threads, (A) and (B), where (B) is a higher-priority one. Suppose thread
(A) wants to write 1024 bytes. It unlocks the channel and uiomove()s
1024 bytes to the channel buffer. At the same time, thread (B) picks up
the lock, and because it is higher priority, it keeps dominating the
lock for a few iterations. By the time thread (A) picks up the lock
again, it tries to call sndbuf_acquire() with a size of 1024 bytes,
which was calculated before it performed the uiomove(). In this case,
there is a very high chance that the buffer will not be empty, that is,
have a free area of 1024 bytes, as was the case when thread (A) started
executing, and so the KASSERT will trigger a panic because the condition
(bytes <= free) is not met.

Another scenario that can trigger a panic is the following: suppose a
buffer with a size of 4 bytes, and two threads: (A) and (B). In the
first iteration, thread (A) wants to write 2 bytes, while the buffer is
empty, BUT the pointer (sndbuf_getfreeptr()) is at the end (i.e.,
buf[3]). In the first iteration of the loop, because of the way we
calculate t, we'll end up writing only 1 byte, so after sz -= t, sz will
be 1, and so we'll need one more iteration in the inner loop, to write
the remaining 1 byte. Now we're at the end of the first loop, thread (A)
unlocks the channel, it has written 1 byte, it needs to write 1 more,
and the buffer is left with 3 empty slots. Now thread (B) picks up the
lock, and it wants to write 3 (or more) bytes. Eventually it writes the
3 bytes, and it leaves the buffer with 0 free slots. By the time thread
(A) picks up the lock again, and continues with the second iteration of
the inner loop, it will try to write the last byte, but sndbuf_acquire()
will panic because there is no free space anymore.

To fix this, get rid of the inner loop and calculate the write size on
each iteration. Also, call sndbuf_acquire() before unlocking the
channel. In the scenarios explained above, we'll end up entering the
chn_sleep() case. Modify it as well, so that we do not kill the channel
if we need to sleep more.

Do the same for chn_read() to avoid possible similar panics from
sndbuf_dispose().

Reported by:    pho
Tested by:      christos, pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Reviewed by:    pho, kib
Differential Revision:  https://reviews.freebsd.org/D53666

Unused and confusing.

Sponsored by:   The FreeBSD Foundation
MFC after:      1 week

The reporter contacted me with packet loss and throughput fluctuations
on a low power machine (Intel J1900) that got worse with the recent AIM
algorithm in FreeBSD 14.2+.

32K RX PBA matches Linux default.  Add a conditional path since we don't
otherwise do a fixup for jumbo frames to retain space for two frames in
Tx.

With this change and an additional errata change, the throughput meets
line rate for the reporter.

Reported by:    Codin <codin@nagi.ftp.sh>
Tested by:      Codin <codin@nagi.ftp.sh>
MFC after:      2 weeks

Reporter noted packet loss with 82583.  NVM is down level.  The
errata docs mention disabling this, which should be the firmware
default, so I am not sure why we were enabling this bit.  Linux and
OpenBSD have the same issue, while NetBSD got it right.

Reported by:    Codin <codin@nagi.ftp.sh>
Tested by:      Codin <codin@nagi.ftp.sh>
MFC after:      2 weeks

* tag packets for 11n/11ac associated nodes with A_MPDU so they
  get passed into the reordering logic

* tag A-MSDU frames with AMSDU and AMSDU_MORE so they don't get
  dropped due to duplicate sequence numbers.

Note: I haven't yet elicited A-MSDU in A-MPDU to fully test this,
but I do see the net80211 reordering logic kick in (which you can
see via wlanstats -i wlan0 -o ampdu 1).

I've checked with Johannes Berg at Intel (who maintains the linux
iwlwifi stuff); he replied saying none of the firmware versions are
doing AMPDU reorder offloading.

Differential Revision:  https://reviews.freebsd.org/D53781

Locally tested:

 * AX210, STA mode, > 200mbit bidirectional traffic testing on
   5GHz VHT/40.

sound: Simplify logic in dsp_io_ops()

Use CHN_LOCK()/CHN_UNLOCK() directly, instead of
dsp_lock_chans()/dsp_unlock_chans(). These functions are useful when we
want to potentially lock both channels. Here we know which channel we
are locking, so we can just lock it directly. This way we get rid of the
prio variable as well.

Related to runpid again, there is no reason to assign it when
CHN_F_RUNNING is not set. channel->pid (as well as channel->comm) is
always assigned in dsp_chn_alloc().

Get rid of runpid. I do not see how we can end up with channel->pid
(td->td_proc->p_pid) not matching buf->uio_td->td_proc->p_pid.

Also improve errno values.

Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D53736

sound: Clean up midi/ includes

Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D53841

sound: Merge PCM_ALIVE() with PCM_REGISTERED()

PCM_ALIVE() is used only in pcm_unregister(), but it does not hurt to
use PCM_REGISTERED(), which uses PCM_ALIVE() internally. In fact, it's
more robust this way.

Sponsored by:   The FreeBSD Foundation
MFC after:      1 week

Do not create mutexes with snd_mtxcreate(). It doesn't provide any
value, plus it first allocates the mutex with malloc(9). Allocate
mutexes in the stack and use mtx_* functions directly instead of the
snd_mtx* wrappers.

Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Reviewed by:    kib, markj
Differential Revision:  https://reviews.freebsd.org/D53855

Differential Revision:        https://reviews.freebsd.org/D53092
Reviewed by: np (outside of differential)
Sponsored by: Netflix

Differential Revision:        https://reviews.freebsd.org/D53093
Reviewed by: kbowling
Sponsored by: Netflix

Differential Revision:        https://reviews.freebsd.org/D53094
Sponsored by: Netflix

Differential Revision:        https://reviews.freebsd.org/D53095
Sponsored by: Netflix

Differential Revision:        https://reviews.freebsd.org/D53096
Sponsored by: Netflix

Differential Revision:        https://reviews.freebsd.org/D53097
Reviewed by: kbowling
Sponsored by: Netflix

Differential Revision:        https://reviews.freebsd.org/D53098
Reviewed by: tuexen
Sponsored by: Netflix

Differential Revision:        https://reviews.freebsd.org/D53099
Sponsored by: Netflix

Differential Revision:        https://reviews.freebsd.org/D53100
Reviewed by: akiyano_amazon.com

Differential Revision:        https://reviews.freebsd.org/D53101
Reviewed by: zlei
Sponsored by: Netflix

Differential Revision:        https://reviews.freebsd.org/D53102
Reviewed by: arybchik, zlei
Sponsored by: Netflix

Differential Revision:        https://reviews.freebsd.org/D53103
Reviewed by: markj
Sponsored by: Netflix

If we fail to obtain a new source port (pf_get_sport()) while we've
created a udp_mapping (for 'endpoint independent nat') we must free the
udp_mapping in pf_get_sport(). Otherwise the calling function will call
pf_udp_mapping_release(). This will then attempt to remove the udp_mapping from
a list it's not in, and crash.

Actually free the udp_mapping in all failure cases. While here sprinkle in a few
more assertions to ensure we don't forget leak udp_mappings and add a test case
to provoke this problem.

Reviewed by:    thj
MFC after:      1 week
See also:       https://redmine.pfsense.org/issues/16517
Sponsored by:   Rubicon Communications, LLC ("Netgate")
Differential Revision:  https://reviews.freebsd.org/D53737

IFT_ENC has special behaviour in pf we don't desire, and this also ensures that
for all interface types there is N:1:1 correspondence between if_type:dlt:header len.

Requested by:   glebius
MFC after:      1 week

Opcode handling should not fall through to the LOOKUP_DSCP type.

Reviewed by:    melifaro
Obtained from:  Yandex LLC
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D53775

Recent changes to HPTS have broken an API that was somehow removed (used by user space programs for
time calculations). This commit will add back the inline function that was removed.

Differential Revision:<https://reviews.freebsd.org/D53225>

Use the same check as iflib_if_transmit() to detect when the
interface is down and return the proper error code, and also
free the mbuf.

This fixes an mbuf leak when a member of a lagg is brought
down (and probably many other scenarios).

Sponsored by: Netflix

When iterating over known addresses for the requested target host name,
skip those that are not supported by the running kernel.

MFC after:      1 week
PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=195231
Reviewed by:    emaste
Differential Revision:  https://reviews.freebsd.org/D53588

No functional change intended, suggested by glebius.

Reviewed by:            rscheff, zlei, tuexen
Differential Revision:  https://reviews.freebsd.org/D53739

In c12013f5bb38 we fixed udp_mapping cleanup issues in pf_get_sport(), but
missed the static-port case (i.e. low == 0 && high == 0). We could still exit
pf_get_sport() without either inserting the udp_mapping or freeing it.

Address this and add a test case to provoke the problem.

Reviewed by:    thj
MFC after:      1 week
Sponsored by:   Rubicon Communications, LLC ("Netgate")
Differential Revision:  https://reviews.freebsd.org/D53856

This allows to immediately dereference ipfw_insn member.

bpf: remove dead code

Should have gone together with 9738277b5c66.

bpf: refactor buffer pre-allocation for BIOCSETIF

This basically refactors 4f42daa4a326f to use less indentation and
variables.  The code is still not race proof.

bpf: leave only locked version of bpf_detachd()

The unlocked one is used only once.  No functional change.

bpf: remove DDB code

With modern debugging tools it isn't useful at all and is just a
maintenance burden.

We use the fact that all NICs that support hashing are using the
same hash algorithm and hash key to enable symmetic hashing in
TCP, where a software version of the same hash is used to
establish hashes on outgoing connections.

Sponsored by: Netflix
Reviewed by: adrian, zlei (both early version)
Differential Revision:  https://reviews.freebsd.org/D53089

Now that we can trust NICs to supply an identical hash result
to software, we can setup the inpcb hash on outgoing connections.
This gives us symmetric hashing, meaning packets should enter
and leave on the same NIC queue.

Differential Revision:  https://reviews.freebsd.org/D53104
Reviewed by: adrian, cc, kbowling, tuexen, zlei
Sponsored by: Netflix

x86 doesn't use FDT things by default, but aarch64 does. I thought I'd
built the loader on aarch64 to test the EDK2 all the things series, but
apparently not. This fixes the aarch64 build.

Fixes:          https://cgit.freebsd.org/src/commit/?id=43b8edb32051
Sponsored by:   Netflix

Update to include the right includes for the riscv protocol to get the
hypervisor details.

Note: I expanded the GUID inline rather than using a #define because
there was none. This is only listed in UefiCpuPkg/UefiCpuPkg.dec, so
include it here inline until we can automate using those files.

Fixes:          https://cgit.freebsd.org/src/commit/?id=43b8edb32051
Sponsored by:   Netflix

Make libesecureboot build, enabled when WITH_BEARSSL=y
WITH_LOADER_EFI_SECUREBOOT=y.

Copy EDK2 files related to secure boot to sys/contrib/edk2 and delete
duplicates under libsecreboot/efi/include.
Adjust efi_variables.c to build in the new environment.

Undefine MIN and MAX before include sys/param.h in libsecureboot.h. I'm
not sure that sys/param.h is needed here, but either the param.h or the
Base.h definitions are fine.

Fix include paths to reflect the new way.

Fixes:          https://cgit.freebsd.org/src/commit/?id=43b8edb32051
Sponsored by:   Netflix

Users report freebsd-update failing with "The update metadata index is
correctly signed, but failed an integrity check."  Add a hint at which
of the cases is failing to help track down the issue.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264205
Reviewed by:    dch
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52222

Specifically, make this code fit in fewer columns:
- deindent cases to conform to the usual style,
- use a local variable to minimize duplication in each case.

No functional change intended.

Reviewed by:    0mp, netchild
MFC after:      2 weeks
Sponsored by:   Klara, Inc.
Sponsored by:   Modirum MDPay
Differential Revision:  https://reviews.freebsd.org/D53754

Unmodified sources from https://github.com/csjayp/setaudit at commit
aa4dd9dfa40b6437030d718834236f4eaeb18ccb.

Some follow-up changes will fix a few issues and make it easier to use
this utility in the rc framework.

Reviewed by:    csjp
MFC after:      2 weeks
Sponsored by:   Modirum MDPay
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D53669

The usage of strtoul() was incorrect.

Reviewed by:    csjp
MFC after:      2 weeks
Sponsored by:   Modirum MDPay
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D53671

By default, setaudit(8) overwrites the whole audit session state.  For
the purpose of overwriting only a single field, e.g., the audit user,
this is inconvenient.  Add -U to accomodate this case: when specified,
setaudit(8) will first fetch the current session state block and then
will only overwrite those fields specified on the command line.

Reviewed by:    csjp
MFC after:      2 weeks
Sponsored by:   Modirum MDPay
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D53672

When running an rc command, if the target rc script defines
<command>_cmd, e.g., start_cmd=..., then the run_rc_command() executes
that instead of $command.  In general it's a shell function, and
"cpuset -l <n> <shell function>" doesn't work.

Moreover, it doesn't really make sense to run cpuset for anything other
than start_cmd.

Other optional isolation mechanisms (e.g., <name>_fib,
<name>_chroot) are only used when invoking $command directly as part of
the "start" command.  Make <name>_cpuset consistent with everything else
by removing these extraneous cpuset invocations.

Reviewed by:    0mp
MFC after:      2 weeks
Sponsored by:   Modirum MDPay
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D53746

When an unprivileged user restarts a service using, e.g., sudo, the
service runs with the audit user ID set to that of the unprivileged
user.  This can have surprising effects: for instance, a user that
restarts a jail that is running sshd will end up with their UID attached
to all audit logs associated with users who log in via that sshd
instance.  (sshd will set the audit user, but this is disallowed in
jails by default.)

Add support for rc.conf directives which cause rc to override the audit
user.  Specifically, make <name>_audit_user=foo cause the audit user to
be set to "foo" for service <name>.  A plain audit_user=foo directive
causes all services to be started as foo.

Note, like other similar rc features, this feature is limited to rc
services which are run by executing a command.  Shell functions can't be
wrapped this way.

Reviewed by:    0mp
MFC after:      2 weeks
Sponsored by:   Modirum MDPay
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D53747

Use [[:space:]] rather than a white space character to delimit the keys
and the values in the resolv.conf file.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236079
Reviewed by:    des
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D53811

The previous implementation implemented hostfwd rules which would allow
the host to connect to the guest via a NATed TCP connection.  libslirp
also permits NAT in the other direction, but this was prevented by
bhyve's capsicum sandbox.

To make the slirp backend more useful, split the backend out into a
separate process which does not enter capability mode if outbound
connections are permitted (enabled by setting the new "open" keyword).
The process communicates with the bhyve network frontend (typically a
virtio network interface) using a unix SOCK_SEQPACKET socket pair.  If
the bhyve process exits, the helper will automatically exit.

Aside from this restructuring, there is not much actual change.  Many
slirp parameters are still hard-coded for now, though this may change.
The "restricted" feature is toggled by the new "open" keyword; in
particular, the backend is restricted by default for compatibility with
15.0 and 14.3.

Each packet now has to traverse an extra socket, but this overhead
should be acceptable given that the slirp backend cannot be said to
provide high-performance networking.  With iperf3 I can get 4Gbps from
the guest to the host on a Zen 4 system.

MFC after:      1 month
Sponsored by:   CHERI Research Centre (EPSRC grant UKRI3001)
Differential Revision:  https://reviews.freebsd.org/D53454

Tested by:    Timothy Pearson (tpearson_raptorengineering.com)
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D53801

Add guards against attempting to process a user data file with an empty
first line or contents.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290395
Reviewed by:    bapt (earlier), dtxdf, markj
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D53239

This is the *pi family of trigonometric functions. Quite a few C23
functions are still missing.  These seem to be:
acospi, acospif, acospil, asinpi, asinpif, asinpil, atan2pi, atan2pif,
atan2pil, atanpi, atanpif, atanpil, canonicalize, canonicalizef,
canonicalizel, compoundn, compoundnf, compoundnl, daddl, ddivl, dfmal,
dmull, dsqrtl, dsubl, exp10, exp10f, exp10l, exp10m1, exp10m1f,
exp10m1l, exp2m1, exp2m1f, exp2m1l, fadd, faddl, fdiv, fdivl, ffma,
ffmal, fmaximum, fmaximum_mag, fmaximum_mag_num, fmaximum_mag_numf,
fmaximum_mag_numl, fmaximum_magf, fmaximum_magl, fmaximum_num,
fmaximum_numf, fmaximum_numl, fmaximumf, fmaximuml, fminimum,
fminimum_mag, fminimum_mag_num, fminimum_mag_numf, fminimum_mag_numl,
fminimum_magf, fminimum_magl, fminimum_num, fminimum_numf,
fminimum_numl, fminimumf, fminimuml, fmul, fmull, fromfp, fromfpf,
fromfpl, fromfpx, fromfpxf, fromfpxl, fsqrt, fsqrtl, fsub, fsubl,
iscanonical, iseqsig, issignaling, issubnormal, iszero, nextdown,
nextdownf, nextdownl, nextup, nextupf, nextupl, pown, pownf, pownl,
powr, powrf, powrl, rootf, rootl, rootn, roundeven, roundevenf,
roundevenl, rsqrt, rsqrtf, rsqrtl, ufromfp, ufromfpf, ufromfpl,
ufromfpx, ufromfpxf, ufromfpxl.

Reviewed by:    imp
Approved by:    markj (mentor)
MFC after:      1 month
Relnotes:       yes
Differential Revision:  https://reviews.freebsd.org/D53783

Fix Makefiles
Update zfs_config.h and zfs_gitrev.h

Workaround multiple cross-build issues in OpenZFS code

TBD: discuss long-term fix with OpenZFS

Slap a #ifdef _KERNEL around it all since it's useless to userland.

Fixes:          https://cgit.freebsd.org/src/commit/?id=43b8edb32051
Sponsored by:   Netflix

sys/types.h used to be brought in through namespace pollution, but no
more.

Fixes:          https://cgit.freebsd.org/src/commit/?id=43b8edb32051
Sponsored by:   Netflix

cfg80211_chandef_create() gets passed a pointer to a cfg80211_chan_def.
It seems that several users are passing in an uninitialized variable
from the stack and expect cfg80211_chandef_create() to initialize it.
Run memset() on the struct, which for all callers currently seems to do
the right thing, to avoid later accesses to uninitialized struct members
like "punctured".

Reported by:    CI (gcc build)
MFC after:      3 days
Sponsonred by:  The FreeBSD Foundation

EFIAPI has to be defined correctly for amd64, or things won't boot
because it uses a different API than we normally use. Normally, this
only affects amd64, since all the other archs are basically nothing.
Tested on: amd64, aarch64 and armv7 (the frist two by markj and I with
differnet test setups).

Fixes:                  https://cgit.freebsd.org/src/commit/?id=43b8edb32051
Sponsored by:           Netflix
Reviewed by:            markj
Differential Revision:  https://reviews.freebsd.org/D53799

In general f_event is supposed to be called with the knlist mutex held,
so lock it earlier to follow this protocol.  Also make sure that the
update to kn_fflags is synchronized.

Lock the kqueue itself earlier in the case where the knote is activated,
to avoid locking and unlocking the kqueue twice.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291005
Reported by:    Qiu-ji Chen <chenqiuji666@gmail.com>
Reviewed by:    kib
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D53762

Fix an ACPI only kernel by only building the vchiq files when FDT is
enabled.

Fixes:  https://cgit.freebsd.org/src/commit/?id=745c4aa5e8f0 ("Make BRCM2837 port conform FreeBSD/ARM64 guidelines")
Sponsored by:   Arm Ltd

Refactor setting of geometry for the disk to its own function. No
functional changes.

Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D33032

Register for AC_GETDEV_CHANGED. When we receive a namespace
notification, we only create a new device if it was unconfigured. If it
was configured, generate this async event. Rely on the fact that we
reconstruct namespace to just get the data from the identify data and
call disk_resised.

Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D33032

LinuxKPI: 802.11: use a _check rather than a _protected version for linksta

Switch to link_sta_dereference_check rather than _protected to access
the value.  The actual problem we hit was elsewhere though.

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days

LinuxKPI: 802.11: implement mtx support for ieee80211_iterate_interfaces

Implement the lockdep_assert_wiphy call for
ieee80211_iterate_active_interfaces_mtx() to avoid a warning when
used and to make sure callers comply with assumptions.

Leave an "IMPROVE" note as we can likely switch another of the multiple
callers to RCU.

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days

LinuxKPI: 802.11: initialize a backpointer on the link_sta

iwlwifi/mld uses the back pointer in iwl_mld_link_sta_from_mac80211().
Initialize it to make BE200 cards work again.

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days
PR;             290808

Silence some warnings in my editor.  No functional change intended.

MFC after:      1 week

No functional change intended.

MFC after:      1 week

Reviewed by;  markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D53826

The code never uses it so there's no need to forward declare it.

Sponsored by:   Innovate UK

Make the check MI by allocating sf_buf in non-blockable manner. For
DMAP arches, this should be nop since sf_buf allocation cannot fail
trivially. For non-DMAP arches, we get the checks activated unless there
is serious sf_buf pressure, which typically should be not.

The context for vm_page_free_prep() should be ready to block on some VM
mutexes, which should make it reasonable to block on sf_buf list lock.

Move the code to INVARIANTS build from DIAGNOSTIC, and control its activation
with the sysctl debug.vm_check_pg_zero.

Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D53850

Compiled under INVARIANTS, activated by the same sysctl
debug.vm_check_pg_zero.

Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D53850

These were forgotten during the METALOGization process earlier.

Reviewed by:    markj
MFC after:      immediately (for 15.0-RC2)
Differential Revision:  https://reviews.freebsd.org/D53795

We ship these in order to comply with GCE Marketplace rules about
providing source code and licenses for all the software we ship as
part of images.

Reviewed by:    markj
MFC after:      immediately (15.0-RC2)
Differential Revision:  https://reviews.freebsd.org/D53796

The packages for 15.0-RELEASE built without the bug fix needed to make
files created via @sample get properly listed in METALOG.  Fix the
cloudware which contain @sample-using packages by adding the necessary
files to METALOG manually.

This should be reverted after the next full package build, and live on
only in releng/15.0.

Reviewed by:    markj
MFC after:      immediately (15.0-RC2)
Differential Revision:  https://reviews.freebsd.org/D53797

release: Remove KDE from dvd1.iso

Prior to this commit, we were shipping 2155 MB of packages (from the
ports tree, not counting pkgbase) on dvd1.iso.  Due to the amount of
space required by shipping pkgbase packages *and* distribution sets
on the DVD images, we only have 1696 MB available if we want to fit
into the 4.7 GB limit for DVDs.  Many users have indicated that this
is indeed important.

It is practically impossible to hit this target without removing KDE;
while KDE and its dependencies narrowly fit (1550 MB), we exceed the
limit as soon as we include either of freebsd-doc-all or gnome.  While
we would pick KDE over GNOME (surveys regularly indicate that KDE is
the more widely used of the two), we believe that documentation is the
most important thing to include.

Since removing KDE leaves a bit of extra space, add editors/emacs and
editors/vim.  This takes the 15.0 amd64 dvd1.iso up to 4.689 GB. [1]

Requested by:   adamw [1]
MFC after:      immediately (for 15.0-RC3)
Differential Revision:  https://reviews.freebsd.org/D53800

release: Ship DVD with only emacs@nox flavour

Contrary to the claim made in a previous commit, removing KDE and
adding all of vim and emacs results in an image which does not fit
into 4.7 GB; to be specific, it lands at 4.722 GB rather than the
claimed 4.689 GB.  (This descrepancy resulted from doing test DVD
image builds using an out-of-date tree, and became visible when the
15.0-RC3 images were built.)

Limit the emacs packages shipped on the DVD to the "nox" flavor;
this brings the disk image down to 4.407 GB, aka under the 4.7 GB
limit for standard DVDs.

Fixes:  https://cgit.freebsd.org/src/commit/?id=6cc6beb4c889 ("release: Remove KDE from dvd1.iso")
MFC after:      1 day (for 15.0-RC4)

This key was generated by gordon@ (aka security-officer@) on an offline
system as a backup key should anything happen to the AWS Key
Management Service that is currently in use for signing pkgbase
repositories for FreeBSD 15.x.

Reviewed by:    cperciva
With hat:       so

stress2: Added more robust test termination

stress2: No not rely on unset variables when using 'set -u'

stress2: Update the exclude list

A test helper program pcap-test allows to capture, inject and compare.
Build a simple test case on top of it.  More test cases can be easily
constructed.

- Cast sockaddrs through void to silence warnings about expected
  alignment.
- Fix cast style.
- Sort includes.
- Make some global variables local.
- Sort options.

No functional change intended.

Reviewed by:    csjp
MFC after:      2 weeks
Sponsored by:   Modirum MDPay
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D53670

- s/cacheing/caching/

MFC after:      5 days

- s/avaliable/available/

MFC after:      3 days

- s/compatibiliy/compatibility/
- s/rewriten/rewritten/
- s/derrived/derived/
- s/suppported/supported/
- s/Horisontal/Horizontal/
- s/thesholds/thresholds/

MFC after:      3 days

- s/Additionnaly/Additionally/
- s/commmand/command/

MFC after:      3 days

- s/environnement/environment/
- s/interger/integer/

MFC after:      3 days

- s/addres/address/

MFC after:      3 days

- s/outout/output/

MFC after:      3 days

- s/unexpect/unexpected/

MFC after:      5 days

- s/unexpect/unexpected/

MFC after:      5 days

- s/registeration/registration/

MFC after:      5 days

- s/devic/device/

MFC after:      3 days

- s/Chanel/Channel/

MFC after:      3 days

Sponsored by: DARPA, AFRL

No functional change intended.

Reviewed by:    bapt, dtxdf, kevans
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D53238

This one is from EmbeddedPkg/Include/Guid/Fdt.h, which is our first
EmbeddedPkg addition. For the moment, I'm doing this as an ad-hoc basis,
but in the next import may need to reconsider the strategy.

Sponsored by:           Netflix

Now that we've moved to always using this, it turns out the the funky
thing we have for L'a' is everywhere. Removing this check until I can
sort it out. This breaks the build on armv7 otherwise.

Fixes:          https://cgit.freebsd.org/src/commit/?id=43b8edb32051
Sponsored by:   Netflix

Import UefiCpuPkg/Include/Protocol/RiscVBootProtocol.h to
Include/Protocol. This is another direct copy that needs to be carefully
considered in future imports. For now, it's easier to add this
incrementally here.

Sponsored by:           Netflix

Notable upstream pull request merges:
 #17477 02fdd26e5 Add knob to disable slow io notifications
 #17792 d0294aa75 Update dnode_next_offset_level to accept blkid instead
                  of offset
 #17824 8c225ff1b Fix gang write late_arrival bug
 #17861 -multiple Lift userspace definitions out of zfs_context.h
 #17872 dcada084b Pass flags to more DMU write/hold functions
 #17875 ec268cdf9 Fix caching of DDT log and BRT
 #17875 ea125eeb5 BRT: Round bv_entcount up to BRT_BLOCKSIZE
 #17877 6cfc3dba9 Cleanup ZIO_FLAG_IO_RETRY vs TRYHARD usage
 #17885 e63d026b9 cmd/zpool cstyle issues
 #17890 b4f073b5a Add BRT support to zpool prefetch command
 #17903 baefe098e ZIO: Set minimum number of free issue threads to 32
 #17906 6e12f0bd7 spa_misc: add an API for spa_namespace_lock
 #17908 e26b9fc87 FreeBSD: Add support for _PC_CASE_INSENSITIVE
 #17911 -multiple Update library ABI versions for v2.4.0
 #17915 8aaed7dc4 BRT: Fix ranges to blocks conversion math
 #17916 cc5cae547 BRT: Increase block size from 4KB to 8KB
 #17921 72b2a9571 ZAP: Remove dmu_object_info_from_dnode() call

Obtained from:  OpenZFS
OpenZFS commit: e63d026b91b822dd9b363ab9a1e39d9a66493601

This is needed to simplify the msun manpages {sin,cos,tan}pi.3

Approved by:    markj (mentor)
MFC after:      1 month
Differential Revision:  https://reviews.freebsd.org/D53784

diff3's getopt.h included a function declaration without a prototype,
which produces a compiler warning.  Just remove the bespoke getopt.h
and use the system header.

Reported by:    Mark Millard
Reviewed by:    fuz
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53802

And compare impcompat != 0 as it's actually an integer incremented on
each use of one of the AeExX3 options.

Reviewed by:    fuz
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53808

Like we did for mvm, only get the tid after all the other checks are
done by the function in order to not trigger an assert.  Linux will
likely return a random value there which later is not used as the
driver does an early return.  In LinuxKPI we do check that the frame
assumptions hold up, which does not go so well for a random frame.

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days
PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290808

libarchive 3.8.3

Important bugfixes:
 #2753 lib: Create temporary files in the target directory
 #2768 lha: Fix for an out-of-bounds buffer overrun when using
       p[H_LEVEL_OFFSET]
 #2769 7-zip: Fix a buffer overrun when reading truncated 7zip headers
 #2771 lz4 and zstd: Support both lz4 and zstd data with leading
       skippable frames

Obtained from:  libarchive
Vendor commit:  1368b08875351df8aa268237b882c8f4ceb0882d
MFC after:      1 week

Use the protype socket to obtain the IP address for an error message.
Using the resultant socket address, a NULL because create_interface()
had failed, results in SIGSEGV.

To reproduce this bug,

ifconfig bridge100 create
ifconfig bridge100 10.10.10.10/24
ifconfig bridge101 create
ifconfig bridge101 10.10.10.10/24
ntpd -n

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291119
MFC after:      3 days

Rockchip have two erratas (#3568001 and #3568002) for the GIC on RK356x.

Until we have a way to handle them revert the changes that uses ITS instead of
GIC for PCIe.

Currently, LLDB in FreeBSD host sets the Process Architecture used by
lldbserver as Default one. Which cause problem when trying to debug a
32bit binary on amd64 platform since the lldb itself will found mismatch
architecture with lldbserver's return.

Notice that this patch is only a partial fix for the debugging problem.
We are still unable to debug x86 on x86_64 so that we don't provide
testcase in this patch.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289945
Obtained from:  llvm-project 394e7ded8b6bcff1382468b407ca620a2837f41b

The register set information is stored as a singleton in
GetRegisterInfo_i386. However, other functions later access this
information assuming it is stored in GetSharedRegisterInfoVector. To
resolve this inconsistency, we remove the original construction logic
and instead initialize the singleton using llvm::call_once within the
appropriate function (GetSharedRegisterInfoVector_i386).

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289945
Obtained from:  llvm-project 41859c27842eeda1ef6ff18f3b2fb269388c0857

arm64: Move intr_pic_init_secondary earlier

This may have been called after intr_irq_shuffle. For most interrupt
controllers this appears to be safe, however for the GICv5 we need to
read a per-CPU ID register before we can assign interrupts to a given
CPU.

Fix the race by moving intr_pic_init_secondary earlier in the boot,
after devices have been enumerated and before the interrupts are moved
to their assigned CPUs.

Sponsored by:   Arm Ltd
Differential Revision:  https://reviews.freebsd.org/D53685

Revert "arm64: Move intr_pic_init_secondary earlier"

It's not clear what the race described in the commit actually is, nor
how it could arise, but this commit is definitely wrong; curthread is no
longer set for intr_pic_init_secondary, and gic_v3's pic_init_secondary
uses mutex(9) in some places, which requires curthread, so it has led to
panics. Revert this change until the original issue this was intended to
be fixed can be more thorougly investigated and a better fix made.

Reported by:    Herbert J. Skuhra <herbert@gojira.at>, jhb

This reverts commit a695ac2ce8bc8e8b989359002659063f2e056dcf.

sound: Merge chn_intr() with chn_intr_locked()

There is no scenario where chn_intr() is called with the channel lock
already held.

No functional change intended.

Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Reviewed by:    kib, markj
Differential Revision:  https://reviews.freebsd.org/D53854

Revert "sound: Merge chn_intr() with chn_intr_locked()"

It turns out that snd_uaudio(4) uses sound(4)'s channel lock for its USB
transfer callbacks. I will try to address this at some point, because
this is layering violation, but for now we need to revert the commit, as
it causes a lock recursion panic with USB audio devices.

This reverts commit e254ef87a30bfcaabc6e4d8e0ecf05f6949a4f06.

    [Driver] Enable outline atomics for FreeBSD/aarch64 (#156089)

The compiler_rt helper functions have been built since 12.4, 13.1, 14
and anything newer.

This reverts commit bd27bd1f51d049538cc7a0053be9d99110a53ae1.

Only some people (including the release manager, unfortunately) ran into
build issues with the previous iteration of this commit, because they
were bootstrapping the compiler, either via the WITHOUT_SYSTEM_COMPILER
src.conf(5) setting, or because the build system determined that their
base system compiler was out of date.

The bootstrapped compiler would then enable outline atomics and compile
libgcc_s with these, but because libgcc_s is linked with -nodefaultlibs,
it could not find the helper routines in libcompiler_rt.a.

In contrast, people who did not bootstrap the compiler never saw any
issues, because libgcc_s was built using their 'old' base system
compiler, and so libgcc_s would not contain any calls to those helper
routines.

Fix this by ensuring that libgcc_s is linked against libcompiler_rt.a
explicitly, similar to some other binaries and libraries that are built
with -nodefaultlibs.

Also, bump FREEBSD_CC_VERSION to ensure that everybody gets the updated
compiler with outline atomics enabled. (This should have been done in
the first iteration of this commit, because the error would have shown
up right away then.)

MFC after:      3 days