FreeBSD git weekly: 2025-11-24 to 2025-11-30

This new header complies with ISO/IEC 9899:2024 (C23).

Contrary to glibc, we do not provide inline definitions in
<stdbit.h> as we expect our system compiler to soon recognise
these as builtins anyway.

Relnotes:       yes
MFC after:      1 month
Reviewed by:    adrian
Approved by:    markj (mentor)
Differential Revision:  https://reviews.freebsd.org/D53657

If the basis for supplementary groups are the current ones, we do not
need to fetch them when they are to be replaced entirely (which we
already have been doing), as in the '!start_from_current_groups' case,
but specifically also when they are not going to be touched at all.

This change in passing makes the modified code block's comment saying
that SETCREDF_SUPP_GROUPS need not be set here correct.

MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D53771

Document the nosymfollow mount option in more details.
Forgotten in 5ddc8ded1dbe650b7d83240a1f86a1eb6e2b9b5a

Signed-off-by: Ricardo Branco <rbranco@suse.de>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1891

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1890

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1890

This is a manual page update describing the functionality that was added
to mdo(1) in commit 3ca1e69028ac ("mdo(1): Add support and shortcuts for
fully specifying users and groups").  Please either refer to that commit
or the new manual page's content for more information.

While here:
- Add to the introduction a description of process credentials and some
  specific vocabulary that is used throughout the page, as well as the
  relationship between mdo(1) and mac_do(4).
- Update the HISTORY section.
- Add AUTHORS and SECURITY CONSIDERATIONS sections.

Reviewed by:    ziaee
MFC after:      1 minute
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Google LLC (GSoC 2025)
Co-authored-by: Kushagra Srivastava <kushagra1403@gmail.com>
Differential Revision:  https://reviews.freebsd.org/D53905

It has not been installed since commit cdc37953165c ("In preparation for
the removal of the roff toolchain, disconnect the") and turned up in
a search for outdated MALLOC_OPTIONS settings.

The rendered paper is available at
https://papers.freebsd.org/1998/phk-malloc

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287357
Reviewed by:    bapt
Event:          Kitchener-Waterloo Hackathon 202506
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50908

Some time ago, the boot loader stopped polling for a key press during
the kernel and module loading prior to the transition to lua. Inspection
of the code shows the polling is no longer there. Document the change.

Sponsored by:           Netflix

Realtek changed how it styled its name 25 or so years ago, but the old
style persisted in many places. These products use the new styling in
their datasheets.

Signed-off-by: ykla yklaxds@gmail.com
Sponsored by: Chinese FreeBSD Community
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1901

umass(4), while much improved, still sometimes need quirks. Add a
pointer to usb_quirk(4) and usbconfig(8).

Sponsored by:           Netflix

Signed-off-by: Minsoo Choo <minsoochoo0122@proton.me>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1903

Add cross references to relevant stdbit man pages

Approved by:    markj (mentor)
MFC after:      1 month
Differential Revision: https://reviews.freebsd.org/D53661

Fixes:                https://cgit.freebsd.org/src/commit/?id=9d18115ca0ab ("sound: Retire snd_mtx* wrappers")
Reported by:    CI
Sponsored by:   The FreeBSD Foundation
MFC after:      4 days

Sponsored by: The FreeBSD Foundation
MFC after:      1 week
Reviewed by:    christos
Pull Request:   https://github.com/freebsd/freebsd-src/pull/1887

Differential Revision:        https://reviews.freebsd.org/D53091
Reviewed by: kib
Sponsored by: Netflix

Tweak a couple of comments and fix a spelling error.

Sponsored by:           Netflix

When "options RSS" is configured, opt_rss.h defines the "RSS" token.

PR:     https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291068
Fixes:  https://cgit.freebsd.org/src/commit/?id=17b4a0acfaf5 ("cxgbe(4): T7 related updates to shared code")

It was found that in some circumstances when launching
non-waiting create qhash cqp operation the refcount on
the cqp_request may be not properly decremented leading to a memory
leak.

Signed-off-by: Bartosz Sobczak <bartosz.sobczak@intel.com>

Reviewed by:    anzhu_netapp.com
Tested by:      mateusz.moga_intel.com
Approved by:    kbowling (mentor)
MFC after:      1 week
Sponsored by:   Intel Corporation
Differential Revision:  https://reviews.freebsd.org/D53732

.../sys/dev/cxgbe/t4_main.c:7197:1: warning: unused function 'hashen_to_hashconfig' [-Wunused-function]
 7197 | hashen_to_hashconfig(int hashen)
      | ^~~~~~~~~~~~~~~~~~~~
1 warning generated.

Reported by:    bz
Fixes:  https://cgit.freebsd.org/src/commit/?id=d381a6b4a552 cxgbe: use newly exposed RSS hash key API rather than ad-hoc hashing

The NVME controller in Crucial P310 disk does not accept 16-byte aligned
host memory buffer on Codasip Prime platform, but works fine on PAGE_SIZE
aligned memory.

Instead of adding a quirk, just increase alignment for everyone.

Reviewed by:    jhb
Discussed with: imp
Sponsored by:   CHERI Research Centre
Differential Revision:  https://reviews.freebsd.org/D53296

Ensure the offp capability bounds cover entire struct with checksum fields.

This is needed for CHERI systems to avoid bounds violation trap, as
otherwise offp allowed to dereference 4 bytes of csum_flags field only
so bzero failed.

Tested on ARM Morello.

Reviewed by:    kbowling
Discussed with: jrtc27
Sponsored by:   CHERI Research Centre
Differential Revision:  https://reviews.freebsd.org/D53903

Signed-off-by: ykla yklaxds@gmail.com
Sponsored by: Chinese FreeBSD Community
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1900

FIB_ALGO modular FIB lookups have been enabled by default on
amd64 and arm64 since 2021, so enable it on riscv as well.

Reviewed by:    melifaro
MFC after:      1 month

MFC after:    1 week
Sponsored by:   Chelsio Communications

It's our preferred style. No functional change.

Noticed by: avg
Sponsored by: Netflix

Due to performance constraints on a synthesized CHERI RISC-V core,
remove usage of xdma(4) scatter-gather framework.  Instead, provide
a minimalistic interface between two drivers.

This increases performance ~4-5 times.
Tested using scp(1) and nc(1) on Codasip Prime.

Sponsored by:   CHERI Research Centre
Differential Revision:  https://reviews.freebsd.org/D53932

The buffer in struct config should be allocated or mmap'ed. The code
without this patch allocates the buffer unconditionally, even for mmap
configs.

MFC after:      1 week
Reviewed by:    christos
Differential Revision:  https://reviews.freebsd.org/D53939

Linux does not check that any of the signals in vt_mode VT_SETMODE ioctl
(relsig, acqsig, frsig) are valid, but FreeBSD required that all three
are valid.  frsig is unusued in both Linux and FreeBSD, and software
typically leaves it unset.  To improve portability, allow frsig to be
set to zero.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289812
Reported by:    Dušan Gvozdenović
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52835

Realtek changed how it styled its name 25 or so years ago, but the old
style persisted in many places. These products use the new styling in
their datasheets.

Signed-off-by: ykla yklaxds@gmail.com
Sponsored by: Chinese FreeBSD Community
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1901

This is used on Codasip Prime.

Sponsonred by: CHERI Research Centre

Add a device_has_children() function which can be used to check if a
device has children without allocating a list of them which we aren't
going to use, or even counting them.

Also modify device_get_children() so it can be used to query the count
without allocating a list.

MFC after:      1 week
Sponsored by:   Klara, Inc.
Sponsored by:   NetApp, Inc.
Reviewed by:    imp, markj
Differential Revision:  https://reviews.freebsd.org/D53918

Does not really serve any real purpose. It gets set on mixer_open() and
unset on mixer_close(), so it essentially tells us whether the mixer is
open or not.

mixer_close() uses it to return EBADF in case the mixer is not busied,
as in, the mixer has not been open()'d yet. This is redundant. The other
place where this is used is to decide whether to serve an ioctl issued
by userland, in which case it won't if, again, the mixer has not been
busied (i.e., opened). Again, seems redundant.

Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D53859

This restores the functionality as it was pre-97d152698f48.

A stopgap was committed by glebius@ in 34dfccc64f47 ("acpi: in
acpi_stype_sysctl() use same logic as in acpi_sleep_state_sysctl()").

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290651
Reviewed by:    thj, emaste
Approved by:    thj
Fixes:  https://cgit.freebsd.org/src/commit/?id=97d152698f48 ("acpi: Use sleep types defined in sys/power.h")
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D53909

sys: remove comment for armv5/6

Signed-off-by: Minsoo Choo <minsoochoo0122@proton.me>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1903

sys: remove armv6/6.1 support from debug monitor

Signed-off-by: Minsoo Choo <minsoochoo0122@proton.me>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1903

sys: update comment for removal of armv6

Signed-off-by: Minsoo Choo <minsoochoo0122@proton.me>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1903

arm: Remove unused variable in dbg_arch_supported

Removed unused dbg_didr which had been used prior to f42421307b11 to
detect qemu unsupported debugger. I'm unsure how this slipped through my
testing.

Fixes: https://cgit.freebsd.org/src/commit/?id=f42421307b11
Sponsored by: Netflix

Obtained from https://github.com/Aquantia/aqtion-freebsd commit
c61d27b1d94af72c642deefa0595884481ea7377.

This is not using a vendor branch.  The formerly-upstream repo is
abandoned and I do not believe it will receive updates.  This initial
import serves as a snapshot of the vendor code, but from here we will
iterate on it in the tree as our own code.

Bug fixes, code cleanup, and build infrastructure will follow.

NetBSD and OpenBSD have derivatives of this driver (with additional
hardware support).  We can look to changes in those drivers, and the
Linux driver, to add support here.

Reviewed by:    adrian
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53813

pause() has 2 different definition in unistd.h and sys/systm.h

Direct access to struct ifnet members is not possible in FreeBSD 15;
accessors must be used.  These exist in all supported FreeBSD versions,
so we do not need to make this conditional.

aq_if_priv_ioctl and aq_if_debug have prototypes but are not yet
implemented.  Just remove the commented-out DEVMETHODs and the unused
prototypes, to clear a build-time warning; the DEVMETHODs and prototypes
can be readded if / when they are implemented.

Previously emitted a compiler warning "warning: bitwise comparison
always evaluates to false."

Looking at the OpenBSD driver (which is based on this code) it looks
like the VLAN flag should be set if either of these bits is.  In the
OpenBSD driver these are AQ_RXDESC_TYPE_VLAN and AQ_RXDESC_TYPE_VLAN2
rather than a magic number 0x60.

Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53836

Clear the RSS hash on transmit, now that RSS hashing is enabled
unconditionally, and the network stack may want to trust that
it is getting the correct hash on input.

Differential Revision:  https://reviews.freebsd.org/D53090
Reviewed by: zlei
Sponsored by: Netflix

Prior to commit 0c511bafdd5b309505c13c8dc7c6816686d1e103, each time
snl_realloc_msg_buffer was called, it called snl_allocz to request a
new buffer.  If an existing linear buffer was used, then after the
call, the linear buffer effectively contained the old buffer contents
followed by the new buffer (so there was definitely wasted memory),
but the linear buffer state was consistent (lb->offset correctly
accounted for both copies).  For example, if the initial linear buffer
was 256 bytes in size, lb->size would be 256.  Using 16 bytes followed
by 32 bytes would first set lb->offset to 16, then the second realloc
would allocate 48 bytes (16 + 32) setting lb->offset to 64 (16 + 48).

Commit 0c511bafdd5b309505c13c8dc7c6816686d1e103 aimed to avoid this
memory waste by resetting the base pointer to the start of the
existing linear buffer if the new allocation was later in the same
linear buffer.  This avoided some of the waste, but broke the
accounting.  Using the same example above, the second realloc would
reuse the pointer at an offset of 0, but the linear buffer would still
claim that 64 bytes was allocated via lb->offset rather than the true
allocation of 48 bytes.

One approach to fix this would be to "extend" the allocation of an
existing linear buffer where a realloc would try to increase
lb->offset without setting a new base pointer so long as there was
still room remaining in the linear buffer for the new request.

However, this change takes a simpler approach.  If snl_allocz()
returned an allocation from a new linear buffer, just claim the entire
linear buffer for use by the snl_writer ensuring the accounting is
correct in both the linear buffer and the snl writer.  With this
approach, the initial snl_writer size would be 256 bytes for a 256
byte linear buffer and would only grow if it needs to allocate an
entirely new linear buffer.

Reviewed by:    igoro
Fixes:          https://cgit.freebsd.org/src/commit/?id=0c511bafdd5b ("netlink: fix snl_writer and linear_buffer re-allocation logic")
Sponsored by:   AFRL, DARPA
Differential Revision:  https://reviews.freebsd.org/D53697

pf was too strict when validating SCTP tags. When a server receives a
retransmitted INIT it will reply with a random initiate tag every time.
However, pf saves the first initiate tag and expects every subsequent INIT_ACK
retransmission to have the same tag. This is not the case, leading to endless
INIT/INIT_ACK cycles.

Allow the tag to be updated as long as we've not gone past COOKIE_WAIT.

Add a test case to verify this.

MFC after:      2 weeks
See also:       https://redmine.pfsense.org/issues/16516
Sponsored by:   Rubicon Communications, LLC ("Netgate")

ipfilter: Add ipf_check_names_string()

ipf_check_names_string will verify userland inputs in names strings
(fr.fr_names, in.in_names) for correctness.

Original concept of ipf_check_names_string() instead of macros by
markj.

Reviewed by:            markj
MFC after:              1 week
Differential revision:  https://reviews.freebsd.org/D53843

ipfilter: Verify frentry on entry into kernel

The frentry struct is built by ipf(8), specifically ipf_y.y when parsing
the ipfilter configuration file (typically ipf.conf). frentry contains
a variable length string field at the end of the struct. This data field,
called fr_names, may contain various text strings such as NIC names,
destination list (dstlist) names, and filter rule comments.  The length
field specifies the length of fr_names within the frentry structure and
fr_size specifies the size of the frentry structure itself.

The upper bound limit to the length of strings field is controlled by the
fr_max_namelen sysctl/kenv or the max_namelen ipfilter tuneable.

The initial concepts were discussed with emaste and jrm.

Reported by:            Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed by:            markj
MFC after:              1 week
Differential revision:  https://reviews.freebsd.org/D53843

ipfilter: Verify ipnat on entry into kernel

The ipnat struct is built by ipnat(8), specifically ipnat_y.y when
parsing the ipnat configuration file (typically ipnat.conf). ipnat
contains a variable length string field at the end of the struct. This
data field, called in_names, may contain various text strings such as
NIC names. There is no upper bound limit to the length of strings as
long as the in_namelen length field specifies the length of in_names
within the ipnat structure and in_size specifies the size of the ipnat
structure itself.

Reported by:            Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed by:            markj
MFC after:              1 week
Differential revision:  https://reviews.freebsd.org/D53843

ipfilter: Remove unused variable

Reported by:    jlduran
Fixes:          https://cgit.freebsd.org/src/commit/?id=eda1756d0454, https://cgit.freebsd.org/src/commit/?id=821774dfbdaa
MFC after:      1 week
X-MFC with:     eda1756d0454, 821774dfbdaa

ipfilter: Restore used variable

One of the "unused" i variables is actually used.

Fixes:          https://cgit.freebsd.org/src/commit/?id=20c48f090b27

ipfilter: fix broken build

Every commit earns me a dozen emails that LINT is broken. This should
stop that.

Fixes: https://cgit.freebsd.org/src/commit/?id=eda1756d0454f ipfilter: Verify frentry on entry into kernel
Sponsored by: Netflix

pam_krb5: Fix manual page in MIT case

* Always install the manual page as pam_krb5(8) regardless of which
  version we're using.
* Regenerate it using pod2mdoc instead of pod2man so it doesn't claim
  to be part of “User Contributed Perl Documentation”.
* Put the correct section number in the header and footer.
* Don't cross-reference non-existent pam(7) manual page.

Reviewed by:    cperciva
Differential Revision:  https://reviews.freebsd.org/D53885

ObsoleteFiles: Fix repeated typo in recent entries

Fixes:          https://cgit.freebsd.org/src/commit/?id=685a78570b35 ("random: remove hifn(4)")
Fixes:          https://cgit.freebsd.org/src/commit/?id=5b9fba1cb0d8 ("Retire pccard(4)")
Fixes:          https://cgit.freebsd.org/src/commit/?id=3cf85a69ae7d ("hifn.4: Really remove")
Fixes:          https://cgit.freebsd.org/src/commit/?id=8a8c58f71e80 ("pccard.4: Really remove")
Fixes:          https://cgit.freebsd.org/src/commit/?id=6aaf184dc4e2 ("pcic.4: Really remove")
Fixes:          https://cgit.freebsd.org/src/commit/?id=daa1f9b415f3 ("apm(8): Drop MLINK to apmconf(8)")
Fixes:          https://cgit.freebsd.org/src/commit/?id=961b934407f0 ("pam_krb5: Fix manual page in MIT case")

In arch_fix_auxv(), remove local variable shadowing the argument,
remove write-only variable, and declare the loop variable.
The wrong patch was committed after series of local reverts and
re-apply.

Fixes:  https://cgit.freebsd.org/src/commit/?id=b2b3d2a962eb00005641546fbe672b95e5d0672a
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week

Fixes:        https://cgit.freebsd.org/src/commit/?id=0e62ebd20172 ("bhyve: Move the slirp backend out into a separate process")

When in restricted mode, the slirp-helper process enters a capsicum
sandbox, after which we cannot look up the uid for the "nobody" user.
Reverse the order.

Reported by:    kp
Fixes:  https://cgit.freebsd.org/src/commit/?id=0e62ebd20172 ("bhyve: Move the slirp backend out into a separate process")

Use ZFSTOP instead of OZFS. They are the saame thing.

Sponsored by:           Netflix
Reviewed by:            tsoome
Differential Revision:  https://reviews.freebsd.org/D53900

ZFSSRC is abiguous on its surface and too clos to ZFSTOP, so rename it
to SAZFSSRC.

Sponsored by:           Netflix
Reviewed by:            tsoome
Differential Revision:  https://reviews.freebsd.org/D53901

When reading by sector (because reading a whole track failed), we can
accidentally fall into the "should not happen" path, which both
(a) emits a spurious error message and (b) fouls up our position
accounting going forward.  Ensure we do not inappropriately fall into
that path.

Avoid obscuring the "short after" message in cases where it happens.

Signed-off-by: Matt Jacobson <mhjacobson@me.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1897

As a safety precaution df381bec2d2b limits ippool hash table size to 1K.
This causes any legitimely large hash table to fail to load. The
htable_size_max ipf tuneable adjusts this but the adjustment is made
in the ipfilter rc script, invoked after the ippool script (because it
depends on ippool). Let's load the ipfilter_optionlist in ippool as well.
ipfilter_optionlist load will also occur in the ipfilter rc script in case
the user uses ipfilter without ippool.

Fixes:          https://cgit.freebsd.org/src/commit/?id=df381bec2d2b
MFC after:      3 days

Realtek changed how it styled its name 25 or so years ago, but the old
style persisted in many places. These products use the new styling in
their datasheets.

Signed-off-by: ykla yklaxds@gmail.com
Sponsored by: Chinese FreeBSD Community
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1901

Rather than fetching packages directly from the CDN which currently
backs pkgbase.freebsd.org, requests will go to pkg.freebsd.org mirrors
and be 302ed to the correct servers.  This adds ~70 seconds to the
process of installing or upgrading a pkgbase system; it also orphans
systems with 15.0-{PRERELEASE,ALPHA*,BETA*} installed since they are
expecting to see pkgbase files signed with the pkg keys, not the new
pkgbase signing keys.

Reviewed by:    dch, philip
MFC after:      immediately (for 15.0-RELEASE)
With hat:       re
Requested by:   clusteradm, core
Differential Revision:  https://reviews.freebsd.org/D53964

The mtree tool indents directory entries with 4 spaces.

Reviewed by:    imp
Fixes:          https://cgit.freebsd.org/src/commit/?id=9cab9fde5eda ("virtual_oss: Port to base")
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D53979

This adds unit tests for all 70 functions in <stdbit.h>.

I'm sorry for the test framework, but it makes it so I don't
have to write 70 unit tests by hand.

Reviewed by:    adrian, des
Approved by:    markj (mentor)
MFC after:      1 month
Differential Revision:  https://reviews.freebsd.org/D53660

If we fail to open /dev/pf don't try to close it again. That would result in
errno getting overwritten by close(), hiding potentially useful information.

MFC after:      2 weeks
Sponsored by:   Rubicon Communications, LLC ("Netgate")

libefivar: Standardize #ifndef __FreeBSD__

Standardize preprocessor directives that comment out unused functions
(essentially #if 0).

No functional change intended.

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1894

libefivar: Move functions to match reference file

Move a few functions to match their locations in the reference file.
No functional change intended.

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1894

libefivar: Add and comment out unused functions

This commit introduces gratuitous white space and unused functions.
This functionality is guarded/commented out.  This change is necessary
to reduce the differences with the reference file in subsequent commits.

No functional change intended.

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1894

libefivar: MdePkg: Clean up source files

1. Do not use tab characters
2. No trailing white space in one line
3. All files must end with CRLF

No functional change.

Obtained from:  https://github.com/tianocore/edk2/commit/9095d37b8fe5bfc3d02adad6ba7fd7359ebc0107

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1894

libefivar: Add a checking step

Add a checking step in DevicePathUtilities.c to verify DevicePath.
https://bugzilla.tianocore.org/show_bug.cgi?id=1372

v2: Remove ASSERT() and the redundant checking step. Update related
    description.

Note that the link above no longer exists.  The commit message was kept
verbatim.  An archived version of the bug report can be found at:
https://web.archive.org/web/20240714192353/bugzilla.tianocore.org/show_bug.cgi?id=1372

Obtained from:  https://github.com/tianocore/edk2/commit/fd02394228ee1dc2378cccfde6098c461f96dd42

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1894

libefivar: Add sanity check for FilePath device path

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1497

Current implementation of IsDevicePathValid() is not enough for type
of MEDIA_FILEPATH_DP, which has NULL-terminated string in the device
path. This patch add a simple NULL character check at Length position.

Note that the link above no longer exists.  The commit message was kept
verbatim.  An archived version of the bug report can be found at:
https://web.archive.org/web/20240714191428/https://bugzilla.tianocore.org/show_bug.cgi?id=1497

Add the const keyword to avoid errors/warnings about dropping a const
qualifier.

Obtained from:  https://github.com/tianocore/edk2/commit/2f7a96d6ec13b292d6f31295f3195913921173e1

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1894

libefivar: Replace BSD License with BSD+Patent License

https://bugzilla.tianocore.org/show_bug.cgi?id=1373

Replace BSD 2-Clause License with BSD+Patent License.  This change is
based on the following emails:

  https://lists.01.org/pipermail/edk2-devel/2019-February/036260.html
  https://lists.01.org/pipermail/edk2-devel/2018-October/030385.html

RFCs with detailed process for the license change:

  V3: https://lists.01.org/pipermail/edk2-devel/2019-March/038116.html
  V2: https://lists.01.org/pipermail/edk2-devel/2019-March/037669.html
  V1: https://lists.01.org/pipermail/edk2-devel/2019-March/037500.html

Note that the link above no longer exists.  The commit message was kept
verbatim.  An archive of the bug report can be found at:
https://web.archive.org/web/20240714192319/https://bugzilla.tianocore.org/show_bug.cgi?id=1373

Obtained from:  https://github.com/tianocore/edk2/commit/9344f0921518309295da89c221d10cbead8531aa

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1894

libefivar: Support UefiDevicePathLib under StandaloneMm

This change added an instance of UefiDevicePathLib for StandaloneMm. It
abstracts DevicePathFromHandle function into different files for
Standalone MM and other instances to avoid linking gBS into MM_STANDALONE
drivers.

No functional change intended, as this function and its invocation are ifdefd
out.

Obtained from:  https://github.com/tianocore/edk2/commit/14a746bb6a92d59669c67a970479558734cf2383

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1894

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737

Apply uncrustify changes to .c/.h files in the MdePkg package

Note that the link above no longer exists.  The commit message was kept
verbatim.  An original copy of the bug report can be found at:
https://web.archive.org/web/20241008121707/https://bugzilla.tianocore.org/show_bug.cgi?id=3737

Obtained from:  https://github.com/tianocore/edk2/commit/2f88bd3a1296c522317f1c21377876de63de5be7

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1894

MFC after:    1 week
Sponsored by:   Klara, Inc.
Reviewed by:    fuz
Differential Revision:  https://reviews.freebsd.org/D53908

According to the Open Group Base Specifications Issue 8[1], strfmon(3)
should return EINVAL when the '+' flag was included in a conversion
specification and the locale's positive_sign and negative_sign values
would both be returned by localeconv(3) as empty strings.

Austin Group Defect 1199[2] is applied, adding the [EINVAL] error.

[1]: https://pubs.opengroup.org/onlinepubs/9799919799/functions/strfmon.html
[2]: https://www.austingroupbugs.net/view.php?id=1199

Reviewed by:    kib
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D53912

If the locale's positive_sign and negative_sign values would both be
returned by localeconv() as empty strings, strfmon() shall behave as if
the negative_sign value was the string "-".

This occurs with the C locale.  The implementation previously assigned
"0" to sign_posn (parentheses around the entire string); now it assigns
it to "1" (sign before the string) when it is undefined (CHAR_MAX).

Austin Group Defect 1199[1] is applied, changing the requirements for
the '+' and '(' flags.

[1]: https://www.austingroupbugs.net/view.php?id=1199

Reviewed by:    kib
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D53913

verify_prep can return VE_FINGERPRINT_NONE. Consider such scenario so
the VE_GEUSS heuristics works with files that likely will not have
fingerprints in the manifest file.

Obtained from:  Hewlett Packard Enterprise
Reviewed by:    sjg
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D53940

This function is part of ISO/IEC 9899:2024 (C23) and was forgotten in D47856.

Reviewed by:    imp
Approved by:    markj (mentor)
See also:       D47856
Fixes:          https://cgit.freebsd.org/src/commit/?id=59677aecb67bbedcfa2ee5d7d2b189193cdc4af7
MFC after:      1 month
Differential Revision:  https://reviews.freebsd.org/D53951

A type similar to char16 and char32_t, for compliance with C23.
The related type atomic_char8_t is added to stdatomic.h.
As char8_t is always unsigned char, I've skipped adding __char8_t.
This can be added, too, if desired.

Reviewed by:    imp
Approved by:    markj (mentor)
MFC after:      1 month
Differential Revision:  https://reviews.freebsd.org/D53952

stddef.h: add unreachable() for C23 compliance

unreachable() is a hint to the compiler that it is unreachable.
Add a new man page unreachable(3) to document this macro.

Reviewed by:    imp
Approved by:    markj (mentor)
MFC after:      1 month
Differential Revision:  https://reviews.freebsd.org/D53967

unreachable.3: add missing brace in example

Reported by:    alc
Approved by:    markj (mentor)
MFC after:      1 month
Fixes:          https://cgit.freebsd.org/src/commit/?id=b381d0980221b476cadbef862a8e5973d675fb7a
See also:       D53967

Signed-off-by: Minsoo Choo <minsoochoo0122@proton.me>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1903

Signed-off-by: Minsoo Choo <minsoochoo0122@proton.me>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1903

This new header complies with ISO/IEC 9899:2024 (C23).

Contrary to glibc, we do not provide inline definitions in
<stdbit.h> as we expect our system compiler to soon recognise
these as builtins anyway.

Relnotes:       yes
MFC after:      1 month
Reviewed by:    adrian
Approved by:    markj (mentor)
Differential Revision:  https://reviews.freebsd.org/D53657

Bugzilla PR reported a crash caused by a synthetic client
doing a Lock operation request with a delegation stateid.

This patch fixes the problem by adding sanity checks
for the type of stateid provided as an argument to the
Lock and LockU operations.

It has been tested with the FreeBSD, Linux and Solaris 11.4
clients.  Hopefully, other NFSv4 clients will work ok
as well.

PR:     https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291080
Tested by:      Robert Morris <rtm@lcs.mit.edu>
MFC after:      2 weeks

This removes mac_label_copyin32() as mac_label_copyin() can now handle
both native and 32-bit struct mac objects.

Reviewed by:    olce, brooks
Obtained from:  CheriBSD
Sponsored by:   AFRL, DARPA
Differential Revision:  https://reviews.freebsd.org/D53755

This is the more typical approach used in the tree for system calls
with per-ABI structure layouts.

Reviewed by:    olce, brooks
Obtained from:  CheriBSD
Sponsored by:   AFRL, DARPA
Differential Revision:  https://reviews.freebsd.org/D53756

This is the more typical style used in compat syscalls.  Modern
compilers are smart enough to coalesce multiple member assignments
into a bulk copy.

Reviewed by:    olce, brooks
Obtained from:  CheriBSD
Sponsored by:   AFRL, DARPA
Differential Revision:  https://reviews.freebsd.org/D53757

Swap pager might still carry the data.

Debugging help from:    mmel
Reviewed by:    alc
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D53891

setcred(): Remove an optimization for when cr_groups[0] was the egid

Because setcred() has (always) treated the effective GID separately from
the supplementary groups, when cr_groups[0] was storing the effective
GID, it internally needed to build an array containing both the
effective GID and the specified supplementary groups to eventually call
crsetgroups_internal().

As kern_setcred() was only used to actually implement
user_setcred()/sys_setcred(), which need to allocate a buffer to copy in
the userland groups array into, some optimization was put in place where
these would allocate an array with one more element than
'wc_supp_groups', copyin() the latter into the subarray starting at
index 1 and pass the pointer to the whole array to kern_setcred() in
'preallocated_groups'.  This would allow kern_setcred() not to have to
allocate memory again to make room for the additional effective GID.

Since commit be1f7435ef21 ("kern: start tracking cr_gid outside of
cr_groups[]"), crsetgroups_internal() only takes supplementary groups,
so this machinery has become obsolete.  It was not removed as part of
that commit, but just minimally amended to simplify the changes and
lower the risks.  Finally remove it.

Reviewed by:    kevans
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D53772

setcred(2): Fix a panic on too many groups from latest commit

kern_setcred_copyin_supp_groups() is documented to always set
'sc_supp_groups', but did not do it if there are more supplementary
groups than 'ngroups_max'.  Also, that case was omitted from the herald
comment.  Add it there, also including it as a case where
'sc_supp_groups_nb' is reset to 0 as a security measure.

Initially, kern_setcred_copyin_supp_groups() had the usual property that
nothing had to be freed on it returning an error, but was then converted
to relying on the caller to free() even on error, and this part was
missed during the conversion.  The benefits of this unusual convention
are that we can zero or NULLify groups-related attributes in advance,
preventing inadvertent use of stale data (defensive security measure),
and we can avoid some small code duplication (no need to have two same
calls to free()).  This makes sense as kern_setcred_copyin_supp_groups()
is meant to be a private sub-routine of user_setcred() only.  While
here, rename kern_setcred_copyin_supp_groups() =>
user_setcred_copyin_supp_groups().

Reported by:    pho
Fixes:          https://cgit.freebsd.org/src/commit/?id=4cd93df95e69 ("setcred(): Remove an optimization for when cr_groups[0] was the egid")
Sponsored by:   The FreeBSD Foundation

In practice this just ends up as an orphan section and so is placed next
to .rodata-like sections, so it's pretty harmless, but not intended.

Fixes:  https://cgit.freebsd.org/src/commit/?id=a095390344fb ("Use a template assembly file for firmware object files.")

The upstream refactoring of ndaregister() to split out ndasetgeom()
accidentally used an uninitialed variable to decide whether or not
to set DISKFLAG_UNMAPPED_BIO.  Fix this by moving that portion of
ndasetgeom() back up to ndaregister().  The check for PIM_UNMAPPED
is not really needed because nvme devices always have that set,
so it cannot change in the other path that ndasetgeom() is now called.

Reviewed by:    imp
Fixes:          https://cgit.freebsd.org/src/commit/?id=dffd882d12d2a71aca464f48209ec9ae6f393b15
Sponsored by:   Netflix
MFC After:      1 minute

ptraddr_t is an unsigned integer type that can hold the address of any
pointer.  It differes from uintptr_t in that it does not carry
provenance which is useful for CHERI in that it can disambigurate the
provenance of uintptr_t expressions.  It differes from size_t in that
some segmented architecture (not supported by FreeBSD) may have a size_t
that does not hold an address.

ptraddr_t is not yet standardized, but is currently proposed for
inclusion in C++2Y.

Prefer the compiler defined __PTRADDR_TYPE__ defintion where available
as this a new type and we don't need to worry about historical values.
Fall back to __size_t where unavailable.

Reviewed by:    kib, markj
Effort:         CHERI upstreaming
Sponsored by:   Innovate UK
Differential Revision:  https://reviews.freebsd.org/D53817

sys/_types.h: centralize __vm_offset_t and __vm_size_t definitions

Use __ptraddr_t to define __vm_offset_t and __size_t for __vm_size_t
rather than per-pointer-size definitions.

Reviewed by:    kib, markj
Effort:         CHERI upstreaming
Sponsored by:   Innovate UK
Differential Revision:  https://reviews.freebsd.org/D53818

sys/_types.h: define __(u)int(f)ptr_t for CHERI

On pure-capability ABIs, uintptr_t and variants are capabilities and
defined to the new primative type __uintcap_t and variants.  This is
required to allow pointers (capabilities) to round trip through
uintptr_t as required by the C standard.

Reviewed by:    kib, markj
Effort:         CHERI upstreaming
Sponsored by:   Innovate UK
Differential Revision:  https://reviews.freebsd.org/D53819

sys/_types.h: define fallback __(u)intcap_t

__intcap_t and __uintcap_t are new primative types in CHERI-aware ABIs
that are used to define (u)intptr_t.  To allow coexistance of integer
pointers and hybrid code, define them to __(u)intptr_t when they are
not otherwise available.

Reviewed by:    kib, markj
Effort:         CHERI upstreaming
Sponsored by:   Innovate UK
Differential Revision:  https://reviews.freebsd.org/D53820

sys/_types.h: add void * to __max_align_t

Add a pointer member to __max_align_t as pointers may have different
alignment requirements than long long or long double.

Reviewed by:    kib
Effort:         CHERI upstreaming
Sponsored by:   Innovate UK
Differential Revision:  https://reviews.freebsd.org/D53821

sys/_types.h: add __intptr_t to __mbstate_t

Extend __mbstate_t to include an intptr_t to ensure it can hold a
pointer if required.

Reviewed by:    kib, markj
Effort:         CHERI upstreaming
Sponsored by:   Innovate UK
Differential Revision:  https://reviews.freebsd.org/D53822

sys/_types.h: Unbreak gcc build

We can't assume that <sys/cdefs.h> is in scope.

Fixes:          https://cgit.freebsd.org/src/commit/?id=85ab981a8e4e ("sys/_types.h: define fallback __(u)intcap_t")
Reviewed by:    olce, imp, emaste
Differential Revision:  https://reviews.freebsd.org/D53980

sys/_types.h: Actually unbreak gcc build

Fixes:          https://cgit.freebsd.org/src/commit/?id=19728f31ae42 ("sys/_types.h: Unbreak gcc build")
Reviewed by:    emaste
Differential Revision:  https://reviews.freebsd.org/D53986

This type represents an integer value of at least 64 bits which is
capable of being cast to and from pointer types.  It is intended to
replace various spellings of (u)int64_t there the value is expected to
hold a pointer.  This is common in Linux code to allow 32-bit and 64-bit
structures to be the same and used other places including OpenZFS.  With
the introduction of CHERI this no longer works, but we need to preserve
the ABI for integer pointer targets.  Rather than adding ifdefs in every
case, we introduce a new type.

Reviewed by:    kib, markj
Effort:         CHERI upstreaming
Sponsored by:   Innovate UK
Differential Revision:  https://reviews.freebsd.org/D53823

The module panicked at unload with "recursing but non-recursive rw".
There is a comment that "Unloading of the kgssapi module is not
currently supported" and the MOD_UNLOAD case falls through to returning
EOPNOTSUPP anyway.  Just #if 0 the code in the unload path, leaving it
as a hint in case someone implements unload support later on.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291249
Reviewed by:    rmacklem
Fixes: https://cgit.freebsd.org/src/commit/?id=ad704a34bc2c ("Use syscall_helper_register(9) rather than syscall_register().")
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53949

For compliance with IOS/IEC 9899:2024 ("C23").

These macros define the width in bits of the basic integer types.
Another new macro, BITINT_MAXWIDTH, is not yet included as I do not
understand what it should be set to.  Perhaps it is compiler-specific.

Approved by:    markj (mentor)
MFC after:      1 month
Differential Revision:  https://reviews.freebsd.org/D53825

The platform-dependent macros are added to the various
_stdint.h headers, those that are always the same are
added directly to _stdint.h.

We may want to move the definitions for WCHAR_* and
WINT_* out of the platform header files as those are
always the same.

Approved by:    markj (mentor)
MFC after:      1 month
Differential Revision:  https://reviews.freebsd.org/D53830

Otherwise etcupdate apparently can fail if its private object directory
under /var/db is in a filesystem mounted noexec.  We shouldn't be
building this target at all, but for now, just apply this workaround.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291043
Reviewed by:    ivy, cy, des
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D53861

Define this helper variable in one place and make it available while
building the entire base system.

Reviewed by:    sjg
Obtained from:  CheriBSD (mostly)
Differential Revision:  https://reviews.freebsd.org/D53790

Reviewed by:  brooks
Obtained from:  CheriBSD
Differential Revision:  https://reviews.freebsd.org/D53791

This isn't used by modern cards, but is needed for i915kms to load
on a system that has agp as a module not compiled into the kernel.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291214
Reviewed by:    cy
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53906

mqueue: Export kern_kmq_* symbols from kernel module

linux.ko supports POSIX message queues using these symbols, so they need
to be exported rather than relying on the kernel linker's misfeature of
linking against debug or local symbols (which will soon be disabled by
default).

Reported by:    mav
Reviewed by:    zlei
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53907

mqueuefs: Export another symbol required by linux.ko

Fixes: https://cgit.freebsd.org/src/commit/?id=e00a781c216c ("mqueue: Export kern_kmq_* symbols from kernel module")
Sponsored by:   The FreeBSD Foundation

The patch level is not part of the branch per se and should not be
used in constructing the FreeBSD-base.conf file used by bsdinstall.

MFC after:      1 day

Reviewed by:  des, dim, emaste
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D53948

This allows iw_cxgbe.ko, cxgbei.ko, nvmf_che.ko, etc. to be loaded when
debug.link_elf_leak_locals and debug.link_elf_obj_leak_locals are
disabled.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291250
MFC after:      1 week
Sponsored by:   Chelsio Communications

No functional change.

MFC after:      1 week
Sponsored by:   Chelsio Communications

In 986e05bc2a18 I revamped the build for all the llvm subprojects. Among
others I added objects under contrib/llvm-project/llvm/lib/TableGen, but
I missed that upstream explicitly removes these when building the shared
llvm library:

https://github.com/llvm/llvm-project/blob/llvmorg-19.1.7/llvm/tools/llvm-shlib/CMakeLists.txt#L23

In 2e47f35be5dc I converted libllvm to a shared library. From that point
onwards, some of the global command line option objects registered in
llvm/lib/TableGen/Main.cpp conflict with similar objects in tools like
llvm-cov, llvm-as, etc.

This results in an error when running these tools: "CommandLine Error:
Option 'o' registered more than once!", followed by a fatal exit.

Fix this by removing the TableGen objects from libllvm. Note that we no
longer install any of the tblgen binaries, these are only used during
buildworld, and then in a statically linked form.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291233
MFC after:      3 days

This is only used for armv6, which as been removed since FreeBSD 15.

Signed-off-by: Minsoo Choo <minsoochoo0122@proton.me>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1903

Signed-off-by: Minsoo Choo <minsoochoo0122@proton.me>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1903

This is the overview man page for the <stdbit.h> functions.

Reviewed by:    pauamma@gundo.com, adrian
Approved by:    markj (mentor)
MFC after:      1 month
Differential Revision:  https://reviews.freebsd.org/D53658

This adds man pages for each group of functions in <stdbit.h>.
The man pages have cross references to one-another.
Cross references from external man pages to these will be added
in a later commit.

Reviewed by:    pauamma@gundo.com, kib
Approved by:    markj (mentor)
MFC after:      1 month
Differential Revision:  https://reviews.freebsd.org/D53659

git-arc: Don't require devel/arcanist

Instead of invoking just “arc”, which requires devel/arcanist, which
conflicts with archivers/arc, invoke the underlying script installed by
devel/arcanist-lib.

Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D53942

git-arc: Fix existence check

Fixes:          https://cgit.freebsd.org/src/commit/?id=b3e53f9fff11 ("git-arc: Don't require devel/arcanist")
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D53942

git-arc: Fix failure to call arc() function

As of b3e53f9fff11, git-arc attempted to call the internal shell
function, arc(), using env(1).  However, because env(1) does not call
shell functions, it actually attempted to run the arc utility.  This led
to errors:

    % git arc create -r xxx HEAD
    env: arc: No such file or directory
    git-arc: could not create Phabricator diff

This change removes the unnecessary use of env(1), so the arc() function
is correctly called.

Reviewed by:    markj
Fixes:          https://cgit.freebsd.org/src/commit/?id=b3e53f9fff11 ("git-arc: Don't require devel/arcanist")
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D53972

When checking vnet test prerequisites we check if if_epair and if_bridge are
available, but we only checked for loadable modules. It's possible for these to
be built into the kernel instead.

Sponsored by:   Rubicon Communications, LLC ("Netgate")

Add tests for The Open Group Base Specifications Issue 8[1], Austin
Group Defect 1199[2].

Items marked with XXX represent an invalid output.  These items will be
fixed in subsequent commits.

Notice that an existing test is now considered invalid.

Our locale definitions do not include int_p_sep_by_space nor
int_n_sep_by_space[3].  Those will be addressed in a subsequent commit.
However, the CLDR project defines them as "0", which causes the output
to appear as "USD123.45".  If our locale definitions were to set the
international {n,p}_sep_by_space to "1", the output would display as the
expected "USD 123.45".

While here, use the SPDX license identifier and add my name to the
file.

[1]: https://pubs.opengroup.org/onlinepubs/9799919799/functions/strfmon.html
[2]: https://www.austingroupbugs.net/view.php?id=1199
[3]: https://unicode-org.atlassian.net/browse/CLDR-237

Reviewed by:    kib
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D53911

pf tests: fix killstate:v6

Allow neighbor discovery/advertisement packets, but don't create state
for them. This ensures that the destination jail can respond to our
echo requests, and that we don't create extra states that would confuse
the test.

Sponsored by:   Rubicon Communications, LLC ("Netgate")

pf tests: fix syncookie:loopback_v6

Use 'no_dad' when assigning a v6 address, because otherwise we may try
to use it before it becomes usable.

Sponsored by:   Rubicon Communications, LLC ("Netgate")

pf tests: explicitly set the source address in killstate:v6

We've seen failures due to pft_ping.py selecting the wrong source address.
Explicitly use 2001:db8::1 as source, to match the tests's expectations.

Sponsored by:   Rubicon Communications, LLC ("Netgate")

pf tests: pflog:{rdr_action,state_max} disable IPv6

Turn off IPv6 on all interfaces to avoid having multicast listener
reports generated that might turn up in out pflog output, disrupting
the test.

Sponsored by:   Rubicon Communications, LLC ("Netgate")

This file checks the correctness of the various _MAX, _MIN, and
_WIDTH macros defined for the libc types.  It assumes that none
of the types have padding bits.

Approved by:    markj (mentor)
MFC after:      1 month
Differential Revision:  https://reviews.freebsd.org/D53831

<sys/systm.h> needs to be first after <sys/param.h>. And we don't need
both sys/param.h and sys/types.h.

Fixes:          https://cgit.freebsd.org/src/commit/?id=032fbda024d78
Sponsored by:   Netflix

Fix typos in the files that are owned by the project.

Bring back a "duplicate word" removal (node node), which should have
been "node Node", the second "node" is not capitalized in the reference
file (yet).  We'll bring it back capitalized to avoid it from triggering
automated checking scripts and possibly reverting this change again.  A
few other typos were not fixed, as we strive to keep as close to the
reference files as possible, these fixes should be submitted to the
reference project (tianocore/edk2) in the not so distant future.

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1894

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3760

Update all use of ', OPTIONAL' to ' OPTIONAL,' for function params.

Note that the link above no longer exists.  The commit message was kept
verbatim.  An archive of the bug report can be found at:
https://web.archive.org/web/20240714185609/https://bugzilla.tianocore.org/show_bug.cgi?id=3760

Obtained from:  https://github.com/tianocore/edk2/commit/d0e2f8232a26453fc0191629ed44ff2a46ea073e

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1894

Signed-off-by: ykla yklaxds@gmail.com
Sponsored by:   Chinese FreeBSD Community
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1899

No functional change.

MFC after:    1 week

Signed-off-by: ykla yklaxds@gmail.com
Sponsored by: Chinese FreeBSD Community
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1901

- Use tabs before '\'.
- Comment for '#else' must be the negation of the initial '#if''s test.

No functional change.

Sponsored by:   The FreeBSD Foundation

Fixes:          https://cgit.freebsd.org/src/commit/?id=9d975e47d5a3 ("exports.5: Clarify that exported dirs should be local mount points")
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation

Sponsored by: Klara, Inc.
Sponsored by:   NetApp, Inc.

Reviewed by:  thj, emaste
Approved by:    thj
Sponsored by:   The FreeBSD Foundation

Not only does the new pam_krb5 module not have the same allow_kdc_spoof
option that the old one had, its behavior in this matter defaults to
insecure.  Reimplement allow_kdc_spoof and switch the default back.

Reviewed by:    cy
Differential Revision:  https://reviews.freebsd.org/D53884

Add a fix to apply scrubbing of unsolicited NS RRSets (and their
respective address records) for YXDOMAIN and nodata non-referral
answers. This prevents a malicious actor from exploiting a possible
cache poison attack.

Obtained from:  NLnet Labs
Security:       CVE-2025-11411

Partially revert:
https://github.com/openzfs/zfs/commit/99d7453b43dc0ef04a35e461ef14db72e1326c7c
which introduced this file upstream. This causes this definition to be
preferred for all builds. Make the smallest change possible to this file
to change the default to FreeBSD. We're talking to the upstraem folks
about the right fix. Feel free to revert this in the future, so long as
`bectl activate -t` still works properly afterwards.

Sponsored by:           Netflix

Summary: This avoids a clash with the new macro in <stddef.h>
introduced in D53967

Reviewed by:    imp
Approved by:    markj (mentor)
MFC after:      1 month
Differential Revision:  https://reviews.freebsd.org/D53968

kernel linker: Disable local sym resolution by default

In 95c20faf11a1 and ecd8245e0d77 kib introduced support to have the
kernel linker stop resolving local symbols from other files, but did
not enable it by default to avoid surprises.  Flip the default now,
before FreeBSD 16.0.

The debug.link_elf_leak_locals and debug.link_elf_obj_leak_locals
sysctls are available to revert to the previous behaviour if necessary.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207898
Reviewed by:    bz
Relnotes:       Yes
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47742

Revert "kernel linker: Disable local sym resolution by default"

I've received a report of a failure from resolving kern_kmq_open.
Revert for now as we are currently in stabweek.

This reverts commit 9562994a7aacee2baae6ddee1a7b558b48ae39ef.

Reported by:    mav