FreeBSD git weekly: 2026-01-12 to 2026-01-18

Reviewed by:  jamie, markj
Differential Revision:  https://reviews.freebsd.org/D54737

This was enabled after a report [1] that iwlwifi(4) works on
RISC-V.

[1] https://mail-archive.freebsd.org/cgi/getmsg.cgi?fetch=5947+0+archive/2026/freebsd-wireless/20260112.freebsd-wireless

Sponsored by:   The FreeBSD Foundation

inadvertently changed the commit hash to the commit on stable/15

A description for WITHOUT_SOUND is still missing though.

The -c and -m flags are mututally exclusive. Also minor manual fixes:

+ Angle quotes do not work in prose, use double quote matching extant
+ Align manual page options list
+ Tag SPDX license identifier for manual

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292408
MFC after:      3 days

tuning.7: add more explanation about swap (over-)accounting

Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D54572

tuning.7: use the correct word for collapsing

Fixes: https://cgit.freebsd.org/src/commit/?id=457b940bfb6a228af1281f357b627ecf1e26fea5
Signed-off-by: Oliver Pinter <oliver.pntr+freebsd@gmail.com>
MFC after:      1 week

Sponsored by: Rubicon Communications, LLC ("Netgate")

Obtained from:        OpenBSD, jsg <jsg@openbsd.org>, 86739c769e
Sponsored by:   Rubicon Communications, LLC ("Netgate")

linked with the plural from other text, and
matches "Source Limiters. From Atanas Vladimirov.

Obtained from:  OpenBSD, sthen <sthen@openbsd.org>, d4acfc5766
Sponsored by:   Rubicon Communications, LLC ("Netgate")

Submitted by: markj
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D54572

In particular, we should provide a hint about mac.conf(5), since libjail
will just use the mac_prepare_type(3) API to provide a reasonably sane
interface for system administrators.  Progammers wanting to fetch an
arbitrary MAC label would need to bypass libjail and use jail_get(2)
directly with their own prepared `struct mac`.

Differential Revision:  https://reviews.freebsd.org/D54067

Reviewed by:  jamie, markj
Differential Revision:  https://reviews.freebsd.org/D54737

If the kernel is built without stack(9) (options STACK),
then the mentioned sysctl(8) kern.tty_info_kstacks will not be found.

MFC after:              3 days
Reviewed by:            kib, ziaee
Differential Revision:  https://reviews.freebsd.org/D54701

This was enabled after a report [1] that iwlwifi(4) works on
RISC-V.

[1] https://mail-archive.freebsd.org/cgi/getmsg.cgi?fetch=5947+0+archive/2026/freebsd-wireless/20260112.freebsd-wireless

Sponsored by:   The FreeBSD Foundation

While here, fix manlint warnings in rtnetlink(4).

Reviewed by: melifaro, ziaee, glebius
Approved by: glebius (mentor)
Differential Revision: https://reviews.freebsd.org/D53786

Replace CTLFLAG_NEEDGIANT with CTLFLAG_MPSAFE for all interrupt
coalescing sysctls. The driver uses jme_mtx mutex for proper
synchronization and does not require Giant lock.

Sysctls converted:
- dev.jme.X.tx_coal_to (TX coalescing timeout)
- dev.jme.X.tx_coal_pkt (TX coalescing packet count)
- dev.jme.X.rx_coal_to (RX coalescing timeout)
- dev.jme.X.rx_coal_pkt (RX coalescing packet count)
- dev.jme.X.process_limit (max RX events to process)

Reviewed by:    markj
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54618

Replace CTLFLAG_NEEDGIANT with CTLFLAG_MPSAFE for all light sensor
sysctls.  All of the sysctl handlers are serialized by a driver mutex.

Sysctls converted:
- dev.isl.X.als (ambient light sensor)
- dev.isl.X.ir (infrared sensor)
- dev.isl.X.prox (proximity sensor)
- dev.isl.X.resolution (sensor resolution)
- dev.isl.X.range (sensor range)

Reviewed by:    markj
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54621

Replace CTLFLAG_NEEDGIANT with CTLFLAG_MPSAFE for all ADC sensor
sysctls.  All of the sysctl handlers are serialized by a driver mutex.

Sysctls converted:
- dev.ads111x.X.channelN.gain_index (PGA setting)
- dev.ads111x.X.channelN.rate_index (sample rate)
- dev.ads111x.X.channelN.voltage (sampled voltage)
- dev.ads111x.X.config (configuration register)
- dev.ads111x.X.lo_thresh (comparator low threshold)
- dev.ads111x.X.hi_thresh (comparator high threshold)

Reviewed by:    markj
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54620

Signed-off-by: Minsoo Choo <minsoochoo0122@proton.me>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1957

Sponsored by: The FreeBSD Foundation
MFC after:      1 week
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D54130

We do not support EFI boot on i386.  Thus:
1. Move (back) 'device vt_efifb' from x86/NOTES to amd64/NOTES.
2. Remove 'device vt_efifb' from i386/MINIMAL.

Reported by:    jhb
Fixes:          https://cgit.freebsd.org/src/commit/?id=f224591746bd ("Add ASMC_DEBUG make option")
Fixes:          https://cgit.freebsd.org/src/commit/?id=67599eef01f5 ("sys/x86/NOTES: Add vt_efifb")
Sponsored by:   The FreeBSD Foundation

We use min() in most places.

No functional change intended.

Sponsored by:   The FreeBSD Foundation
MFC after:      1 week

arm64: Add FEAT_MOPS register fields

(commit message by andrew@)

Reviewed by:    andrew
Sponsored by:   Arm Ltd

arm64: Enable MOPS in userspace

Detect presence of FEAT_MOPS, and enable instruction set and set HWCAP2 flag
if present.

Add handler for MOE exceptions.

Reviewed by:    andrew
Sponsored by:   Arm Ltd
Differential Revision:  https://reviews.freebsd.org/D54558

arm64: Provide ifunc HWCAP structure definitions

IFUNC structure is based on Section 9.4.1 "GNU C Library IFUNC interface"
from "System V ABI for the Arm 64-bit Architecture (AArch64)", 2025Q1.
(https://github.com/ARM-software/abi-aa/releases/download/2025Q1/sysvabi64.pdf)

Reviewed by:    andrew
Sponsored by:   Arm Ltd
Differential Revision:  https://reviews.freebsd.org/D54598

Use the correct value when calculating the mask.

(commit message by andrew@)

Sponsored by:   Arm Ltd

Function to enable specific IRQ source.

This will be used by the s2idle code to enable just SCIs on x86 to break
the CPU out of idle.

Reviewed by:    olce
Approved by:    olce
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D48734

Implement STYPE_SUSPEND_TO_IDLE sleep type added in c43473dc9b83
("sys/power: Generic sleep types").

This is a prerequisite for the firmware to enter the S0ix states. When
suspending to idle, the system stays in an ACPI S0 state, but the CPUs
are idled and devices are suspended/resumed before and after this as
they would be when entering any other sleep type (except for AWAKE and
POWEROFF).

Factor out do_standby, do_sleep, and add a new do_idle function for
idling the CPU (a future patch will make this an idle loop and not just
a simple cpu_idle() call). In do_idle, SCIs (interrupt 9) are enabled to
allow wake events to break the CPU out of idle.

Record all the steps made instead of just the last one in slp_state,
which allows for more flexible unwinding (will be useful to not have to
goto breakout if the SPMC entry call fails when that is committed).

A lot of this borrows from Ben Widawsky's patch: D17675. The main
functional difference with that patch is that suspend-to-idle is a
wholly separate sleep type in this one as opposed to being an
alternative implementation for s2mem (S3).

Reviewed by:    emaste, olce
Approved by:    olce
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D48734

VT_SETMODE ioctl currently checks the provided signal numbers with its
own ISSIGVALID macro that uses NSIG (32) as a maximum, although the code
that will actually send the signal in sys/kern/kern_sig.c uses
_SIG_VALID which allows up to _SIG_MAXSIG (128).

This change aligns the vt code with the kernel internals and enables the
use of higher signal numbers so that applications are not limited to
SIGUSR1 and SIGUSR2 for vt release and acquire signals.

Signed-off-by:  Quentin Thébault <quentin.thebault@defenso.fr>
Reviewed by:    emaste, imp, kevans
Differential Revision:  https://reviews.freebsd.org/D53615

  The mtw(4) driver works correctly on initial boot, but fails to initialize
  the MT7601U WiFi adapter after a warm reboot.

  Users must either physically unplug and replug the USB adapter, or perform a
  full power cycle to restore functionality, if usb power is always powered
  (only a replug works)

  The root cause is that warm reboot does not power-cycle USB devices,
  leaving the MT7601U in a stale state from the previous session.

  The MCU retains its ready flag and the device ignores initialization
  commands, resulting in timeout waiting for MCU to initialize errors.

  At the OS Level, pinging 1.1.1.1 will work, but the speed will be very
  slow. In addition in debug mode, we see thousand of error logs.

  This patch addresses the issue by:

  * Performing USB re-enumeration on attach to reset the device state
  * Detecting when the MCU is already marked ready (stale from previous
    session) and forcing a reset of the MCU before loading firmware
  * Increasing the firmware load timeout from 3s to 10s to accommodate
    slower initialization after reset
  * Increasing MCU ready poll attempts from 100 to 300 with longer delays
    to handle devices that take longer to become ready after reset

  Note: The increase was random, lower value might work.

Test Plan:

  Tested on MacBook Pro (late-2015) and a MacMini with MediaTek MT7601U
  USB adapter across multiple warm reboot cycles.

  With the mac-mini and a another desktop, the issue happens only if
  connected via an always powered usb hub port in the monitor.
  The laptop don't power cycle it power.

Differential Revision:  https://reviews.freebsd.org/D54659
Reviewed by:    adrian

  Add support for the MacBookPro11,5 (Mid 2015, 15-inch with AMD Radeon R9 M370X GPU)
  to the Apple SMC driver.

  Debug testing revealed this model lacks several SMC keys present on MacBookPro11,4
  (IBLC, ICMC, IC2C), that model-specific sensor definitions.

Differential Revision:  https://reviews.freebsd.org/D54665
Reviewed by:    adrian

We have reports that iwlwifi(4) works on RISC-V.  While we can turn off
full ACPI-specific files easily, intermittent code still relies on the
header files to be present.  In order to not need to completely #ifdef
everything out we want to include acpi.h from LinuxKPI and as a result
need this file.  With this the iwlwifi(4) code compiles just fine and
will do the right thing (given the functional ACPI parts are disabled/
unavailable).

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days
Reviewed by:    mhorne, emaste
Differential Revision: https://reviews.freebsd.org/D54691

nvme: Add ability to override ioq to put the request on

Sometimes the client device needs to manage the IOQ the request goes
to. Expand the interface we have for the request to allow it to be set
for this special use case.

Sponsored by:           Netflix
Reviewed by:            jhb
Differential Revision:  https://reviews.freebsd.org/D54714

nvme: Fix a typo

Fixes:  https://cgit.freebsd.org/src/commit/?id=73c921ef1d44 ("nvme: Add ability to override ioq to put the request on")

On read, these registers' fields return 1 if forwarding of the
corresponding interrupt is enabled, and 0 otherwise.  The test in
read_enabler() was inverted.

Reported by:    Kevin Day <kevin@your.org>
Reviewed by:    andrew
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54678

We should free the allocated ASID if smmu_init_cd() fails.

Move the allocation of "domain" to simplify the first error path.

Reported by:    Kevin Day <kevin@your.org>
Reviewed by:    br
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54676

This simplifies detach/cleanup for drivers that add multiple ACPI ioctls.

Reviewed by:    imp
Sponsored by:   Netflix
Differential Revision:  https://reviews.freebsd.org/D54420

This patch provides two improvements for TCP/IPv4 and UDP/IPv4
transmit checksum offloading:
(1) Use *CIC_SEG instead of *CIC_FULL, since FreeBSD always provides
    a pseudo header checksum.
(2) Don't make transmit IPv4 header checksum offloading a prerequisite
    for TCP/IPv4 or UDP/IPv4 transmit checksum offloading.
This is the root cause of PR 291696, since right now the epair
interface does not support transmit IPv4 header checksum offloading,
but TCP/IPv4 and UDP/IPv4 transmit checksum offloading.

PR:                     https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291696
Reviewed by:            Timo Voelker
Tested by:              Marek Benc
MFC after:              3 days
Differential Revision:  https://reviews.freebsd.org/D54395

This allows a MINIMAL kernel to boot in qemu/kvm.

MFC after:      1 week
Sponsored by:   Klara, Inc.
Sponsored by:   NetApp, Inc.

The bge interface is special with respect to transmit checksumi
offloading. In the default settings, an bge interface announces TXCSUM
capabilities, but only supports TCP/IPv4 and not UDP/IPv4 due to
limitations of some of the NICs. This results in problems when the bge
interface becomes a member of a bridge. Since currently only the
TXCSUM capabilities are synced when a member is added to a bridge and
not the protocol specific capabilities, this can result in a situation
where UDP packets are sent out using a bge interface without having a
correct checksum.
To mitigate this problem, initially don't announce TXCSUM capabilities,
when UDP transmit checksum is disabled. It is still possible to enable
TXCSUM capabilities via ifconfig.

PR:                     https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291420
Reviewed by:            Timo Voelker
MFC after:              3 days
Differential Revision:  https://reviews.freebsd.org/D54486

Reviewed by:    olce
Approved by:    markj (mentor)
MFC after:      2 weeks
Differential Revision: https://reviews.freebsd.org/D54505

Each C file is compiled separately so these functions can't be inlined
except in the file where they are defined.  Since these functions aren't
used outside smartpqi_request.c, just do the simple thing and make them
private to that file.

Reported by:    gcc
Reviewed by:    jrhall
Fixes:          https://cgit.freebsd.org/src/commit/?id=c558eca47970 ("smartpqi: update to version 4660.0.2002")
Differential Revision:  https://reviews.freebsd.org/D54732

Building the LINT-NOIP kernel on amd64 with clang 21 results in a
-Werror warning similar to:

    sys/dev/mxge/if_mxge.c:1846:44: error: variable 'sum' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer]
     1846 |                     cksum_offset, sizeof(sum), (caddr_t)&sum);
          |                                                          ^~~

Indeed, if both `INET` and `INET6` are undefined, `sum` is never
initialized. Initialize it to zero to silence the warning.

Reviewed by:    jhibbits
MFC after:      3 days
Differential Revision: https://reviews.freebsd.org/D54730

Add atomic_set/clear_short/char for doing 8-bit and 16-bit operations
more efficiently on "newer" architectures (POWER7 and later).

Piggybacks on b31abc95eb.

No functional change intended.

MFC after:      3 days

This patch adds support for transmit checksum offload for TCP/IPv6
and UDP/IPv6.

Reviewed by:            Timo Völker
MFC after:              3 days
Differential Revision:  https://reviews.freebsd.org/D54754

This patch adds support for receive checksum offload for TCP/IPv6
and UDP/IPv6. Since receive checksum offload can't be configured
separately for IPv4 and IPv6, IFCAP_RXCSUM and IFCAP_RXCSUM_IPV6
can't be changed independently.

Reviewed by:            Timo Völker
MFC after:              3 days
Differential Revision:  https://reviews.freebsd.org/D54756

Reviewed by:  markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D54543

Reviewed by:  markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D54543

If APIC is left in somewhat bad state, with some source hot (not masked
and active, e.g. timers after kexec or due to BIOS bug), we get the
interrupt too early.

Reported by:    jmg
Reviewed by:    markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D54543

Tidy up a bunch of places that have the same duplicated logic.  Simplify
callers of in6_init_prefix_ltimes().  No functional change intended.

Reviewed by:    pouria, zlei, tuexen, glebius
MFC after:      2 weeks
Sponsored by:   OPNsense
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D54561

When one uses SIOCAIFADDR_IN6 to add a v6 address, it's possible to set
the preferred and valid lifetimes of the address.  If the address
already exists, this ioctl will recalculate and update the expiry times
based on the provided timestamps.

When adding a new address, the lifetimes are inherited by the prefix as
well, but only if we create a new prefix.  If the prefix already exists,
as it will in the case where an address is being updated rather than
being added, we do not touch the prefix lifetimes at all.  This means
that the original address lifetime still applies to the route associated
with that prefix, so when the prefix expires, the route goes away.

This behaviour doesn't make a lot of sense: if the admin updates an
address lifetime, we should ensure that the prefix lifetime is updated
too.  Make that change, ensuring that we do not shorten the prefix
lifetime, as the prefix might be shared among multiple interface
addresses.

Add a regression test.

Co-authored by: Franco Fichtner <franco@opnsense.org>
Reviewed by:    pouria, zlei, ae
MFC after:      2 weeks
Sponsored by:   OPNsense
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D54562

The error path is never taken.  Also the path was leaking a lock.

Noticed by:     ae

Creation of enc0 before SI_SUB_PROTO_MC mangles the MLD list as well as
encounters IGMP mutex not initialized yet.

Reported & tested by:       mjg

NB: the enc(4) is not a true interface indeed.  In a perfect world the
module shall not create a cloner, shall not enter if_attach(), shall not
trigger ifnet_arrival_event, neither shall have any protocol attached to
it. The enc0 exists for two purposes: 1) create a bpf(9) tap; 2) to allow
injection packets in the middle of ipsec(4) processing temporarily
rewriting m_pkthdr.rcvif to point at enc0.  While the problem 1 is already
solved with a recent divorce between bpf(9) and ifnet(9), the problem 2 is
harder to solve without breaking packet filter rules that use "via enc0".

both source and state limiters can provide constraints on the number
of states that a set of rules can create, and optionally the rate
at which they are created. state limiters have a single limit, but
source limiters apply limits against a source address (or network).
the source address entries are dynamically created and destroyed,
and are also limited.

this started out because i was struggling to understand the source and
state tracking options in pf.conf, and looking at the code made it
worse. it looked like some functionality was missing, and the code also
did some things that surprised me. taking a step back from it, even it
if did work, what is described doesn't work well outside very simple
environments.

the functionality i'm talking about is most of the stuff in the
Stateful Tracking Options section of pf.conf(4).

some of the problems are illustrated one of the simplest options:
the "max number" option that limits the number of states that a
rule is allowed to create:

- wiring limits up to rules is a problem because when you load a
  new ruleset the limit is reset, allowing more states to be created
  than you intended.
- a single "rule" in pf.conf can expand to multiple rules in the
  kernel thanks to things like macro expansion for multiple ports.
  "max 1000" on a line in pf.conf could end up being many times
  that in effect.
- when a state limit on a rule is reached, the packet is dropped.
  this makes it difficult to do other things with the packet, such a
  redirect it to a tarpit or another server that replies with an
  outage notices or such.

a state limiter solves these problems. the example from the pf.conf.5
change demonstrates this:

     An example use case for a state limiter is to restrict the number of
     connections allowed to a service that is accessible via multiple
     protocols, e.g. a DNS server that can be accessed by both TCP and UDP on
     port 53, DNS-over-TLS on TCP port 853, and DNS-over-HTTPS on TCP port 443
     can be limited to 1000 concurrent connections:

           state limiter "dns-server" id 1 limit 1000

           pass in proto { tcp udp } to port domain state limiter "dns-server"
           pass in proto tcp to port { 853 443 } state limiter "dns-server"

a single limit across all these protocols can't be implemented with
per rule state limits, and any limits that were applied are reset
if the ruleset is reloaded.

the existing source-track implementation appears to be incomplete,
i could only see code for "source-track global", but not "source-track
rule". source-track global is too heavy and unweildy a hammer, and
source-track rule would suffer the same issues around rule lifetimes
and expansions that the "max number" state tracking config above has.

a slightly expanded example from the pf.conf.5 change for source limiters:

     An example use for a source limiter is the mitigation of denial of
     service caused by the exhaustion of firewall resources by network or port
     scans from outside the network.  The states created by any one scanner
     from any one source address can be limited to avoid impacting other
     sources.  Below, up to 10000 IPv4 hosts and IPv6 /64 networks from the
     external network are each limited to a maximum of 1000 connections, and
     are rate limited to creating 100 states over a 10 second interval:

           source limiter "internet" id 1 entries 10000 \
                   limit 1000 rate 100/10 \
                   inet6 mask 64

           block in on egress
           pass in quick on egress source limiter "internet"
           pass in on egress proto tcp probability 20% rdr-to $tarpit

the extra bit is if the source limiter doesn't have "space" for the
state, the rule doesn't match and you can fall through to tarpitting
20% of the tcp connections for fun.

i've been using this in anger in production for over 3 years now.

sashan@ has been poking me along (slowly) to get it in a good enough
shape for the tree for a long time. it's been one of those years.

bluhm@ says this doesnt break the regress tests.
ok sashan@

Obtained from:  OpenBSD, dlg <dlg@openbsd.org>, 8463cae72e
Sponsored by:   Rubicon Communications, LLC ("Netgate")

This is a new feature with new ioctl calls, so we can safely remove them
right now.

Sponsored by:   Rubicon Communications, LLC ("Netgate")

the range checks are not needed because both members
(statelim and sourcelim) are uint8_t, they implicitly
fit desired range <0, 255>. Unbreaks gcc build.
Pointed out by deraadt@

OK deraadt@

Obtained from:  OpenBSD, sashan <sashan@openbsd.org>, 3a7be1e428
Sponsored by:   Rubicon Communications, LLC ("Netgate")

Those finishing touches were supposed to land
with source/state limiter changes. I failed to
spot them during code review.

OK dlg@

Obtained from:  OpenBSD, sashan <sashan@openbsd.org>, 098c19176b
Sponsored by:   Rubicon Communications, LLC ("Netgate")

the code that unwinds state creation when something fails needed
the pf_source variable at the function scope to be set, but this
was masked by a declaration in the scope that sets up the source
limiting. this results in a NULL deref in the unwind code when it
needs to clean up the accounting for a source limiter.

i found it funny that i left this comment for myself in the unwinding
code:

        /* who needs KASSERTS when we have NULL derefs */

ok jmatthew@

Obtained from:  OpenBSD, dlg <dlg@openbsd.org>, fc9311361f
Sponsored by:   Rubicon Communications, LLC ("Netgate")

This change extends pf(4) limiters so administrator
can specify action the rule executes when limit is
reached. By default when limit is reached the limiter
overrides action specified by rule to no-match.
If administrator wants to block packet instead then
rule with limiter should be changed to:

   pass in from any to any state limiter test (block)

OK dlg@

Obtained from:  OpenBSD, sashan <sashan@openbsd.org>, 04394254d9
Sponsored by:   Rubicon Communications, LLC ("Netgate")

pf_qid2qname() was never used. Remove it

Sponsored by:   Rubicon Communications, LLC ("Netgate")

Fix the arguments to the debug statement.

(slightly adjusted from the original submission by bz)

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286448
MFC after:      3 days

This ioctl has been marked as "old" starting with the original KAME export
over 20 years ago and has been hidden under #ifdef _KERNEL since.  There
is no software that uses it.

Trim white space padding that gets added libxo fields cc and stack when
using -C and -c.

The padding is only visible if you're using multiple stacks or
congestion algorithms.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292262
MFC after:      5 days
Reviewed by:    asomers, tuexen
Approved by:    asomers (mentor)
Differential Revision:  https://reviews.freebsd.org/D54709

Count input/output packets and bytes on the interface as well, not just
in openvpn-specific counters.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292464
MFC after:      2 weeks
Sponsored by:   Rubicon Communications, LLC ("Netgate")

If a jumbo payload option is added, the length of the mbuf chain is
increased by 8 but the actual hop-by-hop extension header with the
jumbo playload option is only inserted in the packet if there are
other options. Therefore, adjust optlen to reflect the actual size
of IPv6 extension headers including the hop-by-hop extension header
containing the jumbo payload option.

Reported by:            syzbot+73fe316271df473230eb@syzkaller.appspotmail.com
Reviewed by:            markj, Timo Voelker
MFC after:              3 days
Differential Revision:  https://reviews.freebsd.org/D54394

Increment fe->sent_packets after export9_send().
Previously, NetFlow v9 templates were only re-announced based on
time, ignoring the packet count parameter (`templ_packets`).

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270083
Reviewed by:    glebius pouria
Approved by:    glebius (mentor)
MFC after:      1 week
Sponsored by:   Subcarpathian BSD User Group

Otherwise, a forwarding thread may use the interface being detached.  This
is a regression from 0d469d23715d, which manifests itself as a reliably
reproducible panic in in6_selecthlim().  Note that there are old bug
reports about such a panic, and I believe this change will not fix them,
as their nature is not due to a screwed up detach sequence, but due to
lack of proper epoch(9) based synchronization between the detach and
forwarding.

Reviewed by:            pouria
Reported & tested by:       jhibbits
PR:                     https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292162
Fixes:                  https://cgit.freebsd.org/src/commit/?id=0d469d23715d690b863787ebfa51529e1f6a9092
Differential Revision:  https://reviews.freebsd.org/D54721

The so called upper half ipfw lock is not used in the forwarding path.  It
is used only during configuration changes and servicing system events like
interface arrival/departure or vnet creation.  The original code drops the
lock before malloc(M_WAITOK) and then goes into great efforts to recover
from possible races.  But the races still exist, e.g. create_table() would
first check for table existence, but then drop the lock.  The change also
fixes unlock leak in check_table_space() in a branch that apparently was
never entered.

Changing to a sleepable lock we can reduce a lot of existing complexity
associated with race recovery, and as use the lock to cover other
configuration time allocations, like recently added per-rule bpf(4) taps.

This change doesn't remove much of a race recovery code, to ease bisection
in case of a regression.  This will be done in a separate commit.  This
change just removes lock drops during configuration events.  The only
reduction is removal of get_map(), which is a straightforward reduce to a
simple malloc(9).

The only sleepable context where the lock was acquired was dyn_tick(). The
comment said it is done to prevent parallel execution of
dyn_expire_states().  However, there is proper internal locking in there
and function should be safe to execute in parallel.  The real problem is
dyn_expire_states() called via userland to race with dyn_grow_hashtable()
called via dyn_tick().  Protect against this condition with the main chain
lock.

Differential Revision:  https://reviews.freebsd.org/D54535

Before the "upper half lock" became sleepable the table manipulation code
needed sophisticated workarounds to recover from races, where the lock is
temporarily dropped to do malloc(M_WAITOK).  Remove all these workarounds
as they are no longer needed.

Differential Revision:  https://reviews.freebsd.org/D54580

The lock grab & drop predates epoch(9) introduction to the network
stack and it doesn't provide a true guarantee that all threads that
may use ipfw configuration have finished.  Also the lock prevented
from sleepable operations when freeing the rules.

Make the tap database belong to ip_fw_chain, but leave the default "ipfw0"
tap per-vnet.  This is only slightly better than keeping the database per-
vnet, as the bpf name space is per-vnet.  However, we yet have only single
ipfw chain.  Whenever multiple chains will coexist, this needs to be
addressed.

Require the chain lock to make modifications to the database.

Move tap allocation to a later ruleset build stage, when all rule numbers
are known already.  This fixes a panic introduced by 3daae1ac1d82.

Fixes:  https://cgit.freebsd.org/src/commit/?id=3daae1ac1d82ecdcd855101bab5206e914b12350

NB: Rest of ipfw(4) sources get sx.h via vnet.h, which isn't perfect.

Pipe actions spawn a process based on the command provided in the
syslogd configuration file. When a HUP signal is received, enter
the process into the deadq instead of immediately killing it.
This matches the behavior of syslogd prior to it being Capsicumized.

Fixes: https://cgit.freebsd.org/src/commit/?id=d2d180fb7736

Sponsored by: The FreeBSD Foundation
MFC after:      1 week
Reviewed by:    ziaee, mckusick
Differential Revision:  https://reviews.freebsd.org/D54032

And refer to dist sets as "legacy."  This matches our expectation for
FreeBSD 16.0.

Reviewed by:    cperciva
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54156

Add DOCUMENTATION_URL and SUPPORT_URL to the generated /var/run/os-release
file, and route the existing URLs through rc.conf-configurable variables:

  - osrelease_home_url
  - osrelease_documentation_url
  - osrelease_support_url
  - osrelease_bug_report_url

This allows downstreams and appliance vendors to customize these URLs
without patching the base script, while providing useful defaults for
stock FreeBSD installations.

Tested:
  - sh -n libexec/rc/rc.d/os-release
  - (No FreeBSD host available; not runtime-tested yet)

Signed-off-by: NVSRahul <nvsrahul@hotmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1961

Add rc.conf defaults for the os-release URL settings introduced in the
os-release rc.d script. This makes it easier for downstream integrators
and appliances to override the URLs via rc.conf instead of patching the
script.

The following variables are added to libexec/rc/rc.conf:
- osrelease_home_url
- osrelease_documentation_url
- osrelease_support_url
- osrelease_bug_report_url

These correspond to HOME_URL, DOCUMENTATION_URL, SUPPORT_URL, and
BUG_REPORT_URL in the generated os-release file.

Signed-off-by: NVSRahul <nvsrahul@hotmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1961

Function arguments are based on Section 9.4.1 "GNU C Library IFUNC interface"
from "System V ABI for the Arm 64-bit Architecture (AArch64)", 2025Q1.
(https://github.com/ARM-software/abi-aa/releases/download/2025Q1/sysvabi64.pdf)

Reviewed by:    kib, andrew
Sponsored by:   Arm Ltd
Differential Revision:  https://reviews.freebsd.org/D54559

The 'introduce source and state limiters' commit added source and state
limiters, and used Stlimiters and Srclimiters as show options. However,
FreeBSD had 'Sources' as a show option already. This means that
'pfctl -sS' would now be ambiguous. Avoid this by renaming the new
options.

Sponsored by:   Rubicon Communications, LLC ("Netgate")

Deviate a little from the OpenBSD code, to avoid unexpected output
changes.

Don't print limiter information when we show the rules (or labels).
Do include the source and state limiters in the 'all' (pfctl -sa) output
and give them their own titles.

Sponsored by:   Rubicon Communications, LLC ("Netgate")

The current ifa_load() is not paranoid enough when it deals with
information which comes from kernel. The function just ignores
sa_len member in socket address returned getifaddrs().

The issue has been reported by anton@. The idea for fix here comes
fromy claudio@.

OK @claudio, @deraadt

Obtained from:  OpenBSD, sashan <sashan@openbsd.org>, a48d060175
Sponsored by:   Rubicon Communications, LLC ("Netgate")

pfctl_parser.c, ifa_load() should distinguish between broadcast
and PPP peer address when it populates interface table for rule
parser.

OK @claudio, OK @dlg

Obtained from:  OpenBSD, sashan <sashan@openbsd.org>, 2e871bec67
Sponsored by:   Rubicon Communications, LLC ("Netgate")

When printing source limiters use the same keywords as we accept on
input, that is use 'entries' for the entries value (not 'limit') and
'limit' for the limit value (and not 'states').

Update the test case to match.

Sponsored by:   Rubicon Communications, LLC ("Netgate")

PF configuration files can contains many things.

Using the new page characters (i.e. ^L, \014) to mark the beginning
of parts is useful because many editors such as emacs and vim has
facilities to jump next/previous ones.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=86635
MFC after:      2 weeks
Submitted by:   MOROHOSHI Akihiko <moro@remus.dti.ne.jp>
Submitted by:   Simon Wollwage <rootnode+freebsd@wollwage.com>
Sponsored by:   Rubicon Communications, LLC ("Netgate")

Reviewed by:  markj
Fixes:          https://cgit.freebsd.org/src/commit/?id=ea675a43f09b ("libexec/kgdb: Add new modules and install them together with debug info")
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54680

Reviewed by:  ivy
Fixes:          https://cgit.freebsd.org/src/commit/?id=ea5e50c2985b ("packages: Add a mandoc package")
Differential Revision:  https://reviews.freebsd.org/D54682

rtld: Simplify walking program headers

Store phnum in Obj_Entry instead of phsize and use that to simplify
the terminate expressions when iterating over program headers.

Reviewed by:    kib
Obtained from:  CheriBSD
Sponsored by:   AFRL, DARPA
Differential Revision:  https://reviews.freebsd.org/D54710

rtld: Use uintptr_t instead of Elf_Addr for init/fini function pointers

This is a no-op on non-CHERI architectures, but is required for CHERI
where Elf_Addr is only an address and not a complete pointer.

While here, consistently use `uintptr_t *` for arrays of init/fini
function pointers.

Reviewed by:    imp, kib
Effort:         CHERI upstreaming
Obtained from:  CheriBSD
Sponsored by:   AFRL, DARPA
Differential Revision:  https://reviews.freebsd.org/D54711

rtld: Switch to using <assert.h> for assert

The stock assert() works because rtld-libc includes a custom
implementation of __assert().

Reviewed by:    imp, kib
Obtained from:  CheriBSD
Sponsored by:   AFRL, DARPA
Differential Revision:  https://reviews.freebsd.org/D54712

Currently, to define a new environment variable or modify an existing
one, we need to use env(1), which may or may not be available inside
the jail, especially in OCI containers created with the scratch
layer (i.e., those containers that are only a single static binary,
plus configuration files and related stuff). With this option, we
can specify environment variables of arbitrary length for the
specified process running inside the jail.

Reviewed by:                jamie@
Approved by:                jamie@
Differential Revision:      https://reviews.freebsd.org/D54660

Reviewed by:  kib
Sponsored by:   AFRL, DARPA
Differential Revision:  https://reviews.freebsd.org/D54507

Reviewed by:  ivy
Differential Revision:  https://reviews.freebsd.org/D54681

Add a function to all nodes under a config option node. This allows
parsing an arbitrary number of similarly structured configuration
options in a config option group.

Reviewed by:    corvink, markj
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D51551

created to allow addressable leds to be driven by abusing spi bus as waveform generator. this might have other uses for similar "permanent" spi transfers

Differential Revision:  https://reviews.freebsd.org/D54734
Reviewed by:    adrian

nanobsd: Prefer nano_umount to umount

nano_umount[^1] is a convenience routine used to override issues with
umount(8) without changing the nanobsd.sh source code.  There were a few
places where it was not being used.

[^1]: Introduced in 6d12b61a88a6 ("Add a routine for easy workaround any
umount issues w/o hacking nanobsd.sh.")

Reviewed by:    imp, emaste
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D48780

nanobsd: Add uname/gname to the spec

Also include the default NanoBSD uname/gname in the specification file.

By default, NANO_DEF_UNAME and NANO_DEF_GNAME map to root and wheel
respectively.

Reviewed by:    imp, emaste
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D48781

nanobsd: Make tgt_dir2symlink() take a mode

Make tgt_dir2symlink() take an optional third argument that sets the
mode.  By default, assume an absolute mode of 0777, to maintain
backward compatibility.

Reviewed by:    imp, emaste
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D48782

nanobsd: Prefer tgt_dir2symlink() to create symlinks

Prefer tgt_dir2symlink() to create symlinks, as it has the benefit of
appending the entry to the metalog file.

Reviewed by:    imp, emaste
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D48783

nanobsd: Set the proper mode for /tmp

The correct mode for /tmp is 1777, keep the same mode when symlinking it
to /var/tmp.

Reviewed by:    imp, emaste
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D48784

nanobsd: Prefer tgt_touch() instead of touch

Prefer tgt_touch() as it adds an entry to the metalog file.

Reviewed by:    imp, emaste
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D48785

nanobsd: Add a function to create directories

Add tgt_dir(), that creates and adds directory entries to the metalog
specification file.  Initially not wired.

Reviewed by:    imp
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D48786

nanobsd: Add a NANO_TIMESTAMP variable

Initially not wired, this variable will hold the time stamp for all the
files of the final image.
By default uses the last commit time stamp, if empty, it will use the
start time of the NanoBSD build.

Reviewed by:    imp
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D48787

nanobsd: Switch the / partition in fstab

Introduce a function tgt_switch_root_fstab() that switches the root
partition in the target file system tab file.  Initially not wired.

Reviewed by:    imp
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D48788

nanobsd: Add a nano_makefs function

Add a NANO_MAKEFS global variable with options equivalent to NANO_NEWFS
to be used with a nano_makefs function for creating images.

Also add a function that adjusts the code size calculation, so makefs -s
won't error about the minimum rounded size.  Ideally this shim should be
removed, therefore the suspicious _xxx prefix.

Initially not wired.

Reviewed by:    imp
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D48789

nanobsd: Add a provisional populate_part function

Add a _populate_part(ition) function that mimics the current
populate_slice.  Note however, that this function is not
backward-compatible with populate_slice, hence the different name.  A
"_" is prepended to signal that it still experimental.

It can be used to populate the /cfg and /data partition using makefs(8).

Initially not wired.

Reviewed by:    imp
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D48790

nanobsd: Add a provisional populate /cfg function

Add a provisional _populate_cfg_part function.  It populates the /cfg
partition, but using makefs(8), which is more in-line with what release
engineering uses to create images.

Reviewed by:    imp
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D48791

nanobsd: Add a provisional populate /data function

Add a provisional _populate_data_part function.  It populates the
optional /data partition, but using makefs(8), which is more in-line
with what release engineering uses to create images.

Reviewed by:    emaste
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D48792

nanobsd: Add a NO_ROOT build option

Add a -U option to build NanoBSD images without root privileges.  It
relies on makefs/mkimg and metalog (mtree) files, similar to what
release engineering uses to build images.

Keep the current way to build NanoBSD images untouched.  Once this
method gets battle tested, it may be used to build images as root as
well.

Reviewed by:    imp, emaste
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D48793

powerpc/loader: Add CAS support for older CPUs

QEMU creates a "ibm,arch-vec-5-platform-support" property for all
pseries emulations.  Add POWER7 and POWER6 to the CAS list, more can be
added later as needed/desired.

MFC after:      1 week

powerpc/loader: Size the CAS PVR array correctly

Fixes:          https://cgit.freebsd.org/src/commit/?id=895eeb492 ("powerpc/loader: Add CAS support for older CPUs")
MFC after:      1 week

No functional change intended.

Reviewed by: pouria, delphij, imp
Approved by: glebius (mentor)
Differential Revision: https://reviews.freebsd.org/D54752

This is based on an initial implementation by michaelo in
https://reviews.freebsd.org/D54361.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270497
Reported by:    michaelo
Reviewed by:    michaelo
Tested by:      michaelo
MFC after:      1 week
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D54606

This is no longer used after commit
99282790b7d01ec3c4072621d46a0d7302517ad4 moved ELF notes from C to
assembly.

Reviewed by:    kib
Fixes:          https://cgit.freebsd.org/src/commit/?id=99282790b7d0 ("Remove the sed hack for ABI tag notes.")
Sponsored by:   AFRL, DARPA
Differential Revision:  https://reviews.freebsd.org/D54506

Function arguments are based on Section 9.4.1 "GNU C Library IFUNC interface"
from "System V ABI for the Arm 64-bit Architecture (AArch64)", 2025Q1.
(https://github.com/ARM-software/abi-aa/releases/download/2025Q1/sysvabi64.pdf)

Reviewed by:    andrew
Sponsored by:   Arm Ltd
Differential Revision:  https://reviews.freebsd.org/D54599

libc/aarch64: Use MOPS implementations of memcpy/memmove/memset where availble

Reviewed by:    andrew
Sponsored by:   Arm Ltd
Differential Revision:  https://reviews.freebsd.org/D54560

depend-cleanup.sh: Clean up the old arm64 memset.S

This has moved from a generated file in objdir to the source tree.
Remove the old file and any .depend files that reference it.

Reviewed by:    bapt (via IRC)
Fixes:  https://cgit.freebsd.org/src/commit/?id=41ccf82b29f3 ("libc/aarch64: Use MOPS implementations of memcpy/memmove/memset where availble")
Sponsored by:   Arm Ltd
Differential Revision:  https://reviews.freebsd.org/D54729

Add a guard that expects a failure of the test on aarch64.

Reviewed by:    emaste
Fixes:          https://cgit.freebsd.org/src/commit/?id=df1ea5887326 ("tests: Test libexecinfo backtrace call througth signal trampoline")
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54675

The __aligned attribute in the previous version applied to the location
of the pointers, not the data the pointers pointed to.  While this
could be fixed by applying the attribute to a local typedef of uint16_t,
just using memcpy() for the unaligned access is simpler and ISO C.

This fixes the build on CHERI architectures which do not support
misaligned pointers and were thus failing with:

lib/libc/string/swab.c:12:18: error: alignment (1) of 'const uint16_t *' (aka 'const unsigned short *') is less than the required capability alignment (16) [-Werror,-Wcheri-capability-misuse]
   12 |         const uint16_t *f __aligned(1) = from;
      |

Co-authored by: Jessica Clarke <jrtc27@FreeBSD.org>
Fixes:          https://cgit.freebsd.org/src/commit/?id=02ebbc781f08 ("swab: Fix implementation to support overlapping copies")
Sponsored by:   AFRL, DARPA

Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D54399

Add strtonumx(), a companion to strtonum(3) that preserves its safety
and error-reporting semantics while allowing the caller to specify a
conversion base, similar to the strtol(3) family of functions.

Reviewed by:    emaste, kib, ziaee
Obtained from:  https://www.illumos.org/issues/15365
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D54270

Instead of ad-hoc comparisons against the struct type in a few places,
start to abstract out an interface for dealing with struct types.  For
now, this just means that we have some special jailparam_import and
jailparam_export handling for the ip addr types, but in the next commit
we'll extend it further to support MAC labels.

Reviewed by:    jamie
Differential Revision:  https://reviews.freebsd.org/D53959

MAC label handling is a little special; to avoid being too disruptive,
we allocate a `mac_t *` here for the value so that we can mac_prepare()
or mac_from_text() into.  As a result, we need:

 - A custom free() handler to avoid leaking the *jp_value
 - A custom jailparam_get() handler to mac_prepare() the mac_t and
    populate the iove properly, so that the kernel doesn't have to
    do something funky like copyin, dereference, copyin again.
 - A custom jailparam_set() handler to similarly populate the iovec
    properly.

Reviewed by:    jamie
Differential Revision:  https://reviews.freebsd.org/D53960

Change tdestroy() to immediately free a node with no right child as
soon as it is encountered. Currently, such nodes are visited twice
before deletion.

Reviewed by:    kib
Differential Revision:  https://reviews.freebsd.org/D54699

NO_FP_LIBC was added in 2004 to save space by disabling FP support in
*printf()/*scanf(). The size benefit is negligible on modern systems
and conflicts with assumptions made by current base utilities.

Remove the option and always build libc with floating-point support.

Reported by:    Oskar Holmlund <eovholmlund at gmail com>
MFC after:      2 weeks

When an NFSv4.n client specifies settings for attributes other
mode during a Open/Create/Exclusive_41, these other attributes
were not being set.

This patch resolves the problem by calling nfsrv_fixsattr()
after the VOP_CREATE() call in nfsvno_open() for this case.

There is no extant NFSv4.n client that currently does this,
as far as I know.

MFC after:      2 weeks

Reported by:    ngie
Fixes:          https://cgit.freebsd.org/src/commit/?id=fde9fe18219f ("i386: Fix kernel compilation after introduction of ASMC_DEBUG option")
Sponsored by:   The FreeBSD Foundation

Reviewed by:  markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D54572

When an attempt to increase the swap charge for the ucred failed, we
must forcibly increase the charge to allow the vmspace_destroy()
operation to correctly un-charge the accumulated objects.

Add a swap_reserve_force_by_cred() helper and use it in
vmspace_unshare(), same as it is done in normal fork operations.

Reviewed by:    markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D54572

vm_object: remove the charge member

State that the object charge is zero if object->cred == NULL, or equal
to the ptoa(object->size) otherwise.

Besides being much simpler, the transition to use object->size corrects
the architectural issue with the use of object->charge.  The split
operations effectively carve the holes in the charged regions, but
single counter cannot properly express it.  As result, coalescing
anonymous mappings cannot calculate correctly if the extended mapping
already backed by the existing object is already accounted or not [1].

To properly solve the issue, either we need to start tracking exact
charged regions in the anonymous objects, which has the significant
overhead and complications.  Or give up on the slight over-accounting
and charge the whole object unconditionally, as it is done in the patch.

Reported by:    mmel, pho [1]
Reviewed by:    markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D54572

vm_map_entry_delete(): fix the calculation of swap release

Reported and tested by: andrew
Fixes:  https://cgit.freebsd.org/src/commit/?id=d160447129fe060b28bcd6ba429d17afdf494ff2
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week

Reviewed by:  andrew
Sponsored by:   Arm Ltd
Differential Revision:  https://reviews.freebsd.org/D54600

This is supposed to be a dtrace_id_t, which is a uint32_t, while id_t is
a uint64_t.  sdt.h avoids depending on dtrace.h so we can't use
dtrace_id_t directly.

Bump __FreeBSD_version since the layout of structures in the SDT probe
linker set has changed.

Sponsored by:   NetApp, Inc.
Sponsored by:   Klara, Inc.

In order to compile iwlwifi(4), which is reported to work on RISC-V,
include the ACPI headers to avoid adding further FreeBSD-specific #ifdefs
to the driver.  With this iwlwifi(4) just compiles on RISC-V (at least
if ACPI support is turned off in the module Makefile).

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days
Reviewed by:    emaste
Differential Revision: https://reviews.freebsd.org/D54692

pcie_get_speed_cap() has a hard coded skip of 3 devices at the
beginning.  It is either called on a pdev or on a result from
pci_upstream_bridge().  In the latter case skipping another three
devices might get us to acpi0 or nexus, neither of which is a
PCI device still and pci_get_vendor() will panic() on that.

Sponsored by:   The FreeBSD Foundation (commit)
GHI:            https://github.com/freebsd/drm-kmod/issues/393
MFC after:      2 weeks
Differential Revision: https://reviews.freebsd.org/D53862

After commit 3bd8fab2415b ("vfs: Move DEBUG_VFS_LOCKS checks to
INVARIANTS"), this option has no effect.  Let's finish the removal.

There are a couple of additional uses in zfs, I will submit a separate
patch upstream for them.

Reviewed by:    mckusick, kib
Differential Revision:  https://reviews.freebsd.org/D54662

linuxkpi: Fix an error path in linux_alloc_current()

If the allocation fails we should free the task struct.

While here get rid of a couple of unnecessary assertions.

Reported by:    Kevin Day <kevin@your.org>
Reviewed by:    emaste
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54671

linuxkpi: Avoid a potential null pointer dereference in an error path

Reported by:    Kevin Day <kevin@your.org>
Reviewed by:    bz, emaste
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54672

linuxkpi: Clean up linux_shmem_file_setup() a bit

- Free the pointer that was returned by the allocator, instead of the
  address of the first member.  These will be equal in practice, but
  it's sketchy and won't work on CHERI with subobject bounds checking.
- Use an anonymous struct, there's no need to name it.

Reviewed by:    bz, brooks, emaste
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54673

The assumption was incorrect, and the current VIMAGE implementation leaves
a possibility for some interfaces still exist in a jail that is going
away.

Fixes:  https://cgit.freebsd.org/src/commit/?id=607f11055d2d421770963162a4d9a99cdd136152

Reviewed by:  olce
Differential Revision:  https://reviews.freebsd.org/D53953

A last-minute change to the jail MAC entry points in D53954 is going to
pass the jail_[gs]et(2) flags to mac_prison_check_[gs]et() so that a
policy can, e.g., reject or allow a change if the intent is to
immediately attach, or disallow some fetching of dying jails.

Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D54658

This adds the following hooks:
 - mpo_prison_check_attach: check for subject capability to attach to
    a given jail
 - mpo_prison_check_create: check for subject capability to create a
    jail with the given option set
 - mpo_prison_check_get: check for subject capability to fetch the
    given parameters for a jail
 - mpo_prison_check_set: check for subject capability to set the
    given parameters for a jail
 - mpo_prison_check_remove: check for subject capability to remove the
    jail

check_get wouldn't typically be a privileged operation, but is included
to give MAC policies a wider range of capabilities at a relatively low
cost.  We also add two more for the purpose of label propagation:
 - mpo_prison_created: surface the creation of a jail so that one can
    do propagation to, e.g., the root vnode or any mounts
 - mpo_prison_attached: attach an existing process to the jail so that
    one can propagate the jail label to the process, as appropriate.

It is unclear if this is preferred vs. having separate associate entry
points for each type of object we might associate.  That would split
these up like so:

 - prison_created -> prison_associate_vnode
 - prison_attached -> prison_associate_proc

Some sample policy ideas that should be feasible to implement with this
set of hooks, in case it's inspiring:
 - mac_bomb: policy that allows a poudriere user to construct jails
    without root privilege, given a restricted set of jail parameters.
    Slap a warning label on it.
 - mac_capsule: policy that realizes the capsule idea that I pitched[0]
    on -jail@ to create jails that are effectively immutable once
    sealed, using these hooks and a label.

Perhaps a silly idea, but a downstream could consider a scenario where
it can implement special jail enumeration using a MAC policy and a
cooperating application that specifies non-parameter options to filter
the results.

[0] https://lists.freebsd.org/archives/freebsd-jail/2025-September/000550.html

Reviewed by:    olce (slightly earlier version)
Differential Revision:  https://reviews.freebsd.org/D53954

We'll subsequently use this in the MAC framework to get a struct prison
when we already have the struct file in question, rather than an fd.

Reviewed by:    jamie, olce
Differential Revision:  https://reviews.freebsd.org/D53955

We'll still add an old-fashioned jail param to configure jail MAC
labels, but for testing it's really easy to grab a jaildesc and use
that.

Reviewed by:    jamie, olce
Differential Revision:  https://reviews.freebsd.org/D53956

A future commit to the area will further our jail integration and add
a use for this: the struct mac itself was already copied in as part of
vfs_buildopts(), so we only need to copyin the strings.

We add an explicit flag argument because the jail operation will need to
do it while holding the prison lock.

Reviewed by:    olce
Differential Revision:  https://reviews.freebsd.org/D53957

Have it take a `struct mac` and we'll paper over the difference for
jail(8)/jls(8) in libjail(3).  The mac_syscalls.h model is taken from
mac_set_proc_*() that were previously done.

Reviewed by:    olce
Differential Revision:  https://reviews.freebsd.org/D53958

When compiling vchiq with clang 21, the following -Werror warning is
produced:

    sys/contrib/vchiq/interface/vchiq_arm/vchiq_arm.c:728:27: error: default initialization of an object of type 'VCHIQ_QUEUE_MESSAGE32_T' with const member leaves the object uninitialized [-Werror,-Wdefault-const-init-field-unsafe]
      728 |                 VCHIQ_QUEUE_MESSAGE32_T args32;
          |                                         ^
    sys/contrib/vchiq/interface/vchiq_arm/vchiq_ioctl.h:151:40: note: member 'elements' declared 'const' here
      151 |         const /*VCHIQ_ELEMENT_T * */ uint32_t elements;
          |                                               ^

While the warning is formally correct, the 'args32' object is
immediately initialized after its declaration. Therefore, suppress the
warning.

MFC after:      3 days

Reviewed by:    olce
Approved by:    markj (mentor)
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D54551

Since we move to implement Linux's CLOCK_MONOTONIC with CLOCK_UPTIME, we
broke the some timer support for Linux. Fix this by initializing
CLOCK_UPTIME as a posix clock so we can use in that context.

PR:                     https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292496
MFC After:              5 days
Fixes:                  https://cgit.freebsd.org/src/commit/?id=108de784513d
Sponsored by:           Netflix
Reviewed by:            kib
Differential Revision:  https://reviews.freebsd.org/D54746

Reviewed by:  glebius, markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D54713

Reviewed by:  glebius, markj
Tested by:      pho
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D54713

swap_pager_getpages(): some pages from ma[] might be bogus

Same as vnode_pager_generic_getpages_async(), swap_pager_getpages() must
handle a possibility of the provided page run to include bogus_page on
some positions, when called from sendfile_swapin().  The swap pager is
used for tmpfs vnodes.

In particular, the bogus page must not be used for pindex calculation,
we better not update the flags on it or wait for the flag clearing, and
we must not call vm_page_valid() because the function expects busy page.

This was bisected down to 72ddb6de1028426 (unix: increase
net.local.(stream|seqpacket).(recv|send)space to 64 KiB),
which is somewhat surprising, but apparently reasonable because it
allowed the run of more than one page for page-in from the swap pager,
which now might include valid pages replaced by bogus one.

In collaboration with:  pho
Reviewed by:    glebius, markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D54713

vm/swap_pager.c: silence compiler warning

Initialize pindex in swap_pager_getpages_locked() before the loop
actually calculating it by skipping bogus pages.  Compiler is worried
that loop might never assign to it, which actually cannot happen.

Sponsored by:   The FreeBSD Foundation
Fixes:  https://cgit.freebsd.org/src/commit/?id=d198ad51ea73bbb162336923a387f52b0b1c1f1d
MFC after:      1 week

aq: Add to amd64 GENERIC and to sys/conf/NOTES

Reviewed by:    adrian
Differential Revision:  https://reviews.freebsd.org/D54633

aq: remove from NOTES; it's unfortunately amd64 only

Unfortunately the aq driver is using readl/writel calls instead
of bus space routines.

This broke, well, everything else.
Fixes:          https://cgit.freebsd.org/src/commit/?id=c75eff16ef54aaae7b5dc52ed894cc73a855f469

src.opts: Introduce MK_SOUND

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291853
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Reviewed by:    zarychtam_plan-b.pwste.edu.pl, markj
Differential Revision:  https://reviews.freebsd.org/D54456

build: Remove duplicate SUBDIR entries

Fixes:  https://cgit.freebsd.org/src/commit/?id=f74f891581bc ("src.opts: Introduce MK_SOUND")

libexec/rc/rc.d/Makefile: Remove duplicate mixer entry

Fixes:          https://cgit.freebsd.org/src/commit/?id=f74f891581bc ("src.opts: Introduce MK_SOUND")
PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292436
Sponsored by:   The FreeBSD Foundation
MFC after:      4 days
Reviewed by:    ivy, emaste
Differential Revision:  https://reviews.freebsd.org/D54706

virtual_oss: Take MK_CUSE into account

Reported by:    brooks
Fixes:          https://cgit.freebsd.org/src/commit/?id=f74f891581bc ("src.opts: Introduce MK_SOUND")
Sponsored by:   The FreeBSD Foundation
MFC after:      4 days
Reviewed by:    brooks, emaste
Differential Revision:  https://reviews.freebsd.org/D54708

Otherwise the tests cannot be run in parallel since they create
identically named jails.

Fixes:  https://cgit.freebsd.org/src/commit/?id=dd49816b0d66 ("bpf: avoid panic on multiple readers")

Reviewed by:  markj
Sponsored by:   Netflix
Differential Revision:  https://reviews.freebsd.org/D54115

The LinuxKPI based wireless drivers are currently limited to amd64 and
arm64 (and until cleaned up i386).  Adding RISC-V now as we have a
report that iwlwifi(4) works on RISC-V [1]. Factor the LinuxKPI based
wireless drivers out into their own block.

Given RISC-V has no ACPI support yet (though we fixed #includes in
order to keep compiling the drivers without further modifications
where possible) we need to take care of rtw89 which fails to compile
without ACPI enabled.  A quick check at the Linux build files indicates
that the depenency is not correctly recorded there either.  Disable
compiling rtw89 without ACPI (on RISC-V) for the moment until this is
fixed.

[1] https://mail-archive.freebsd.org/cgi/getmsg.cgi?fetch=5947+0+archive/2026/freebsd-wireless/20260112.freebsd-wireless

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days
Reviewed by:    emaste
Differential Revision: https://reviews.freebsd.org/D54693

iwlwifi/rtw89: improve module Makefile dependency on ACPI

In order to compile iwlwifi(4) and rtw89(4) on RISC-V [1] make the
currently manually tracked ACPI support option automatic based on
DEV_ACPI.
rtw89(4) is missing proper CONFIG_ACPI checks in the driver (or the
mandatory dependency on ACPI) even upstream it seems.  We just added
that check to the modules/Makefile until this is fixed.

[1] https://mail-archive.freebsd.org/cgi/getmsg.cgi?fetch=5947+0+archive/2026/freebsd-wireless/20260112.freebsd-wireless

Sponosred by:   The FreeBSD Foundation
MFC after:      3 days
Reviewed by:    emaste
Differential Revision: https://reviews.freebsd.org/D54694

modules: iwlwifi/rtw89 allow standalone build

The KERN_OPTS:MDEV_ACPI checks are fine for as long as we are building
modules along the kernel.  If one wants to just build the module
standalone out of the module directory this would fail.
Add the missing include for kmod.opts.mk (as was done for tcp
in 1319a76179682).

Sponsored by:   The FreeBSD Foundation
Reported by:    Tassilo Philipp (tphilipp potion-studios.com)
Fixes:  https://cgit.freebsd.org/src/commit/?id=f5a77dc8f8df ("improve module Makefile dependency on ACPI")
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D54769

virtual_oss: remove needless .include in intermediate Makefile

It doesn't define anything we use.

Reviewed by:    christos
Sponsored by:   DARPA, AFRL
Differential Revision:  https://reviews.freebsd.org/D54702

virtual_oss: build commands/libs in parallel

Reviewed by:    christos
Sponsored by:   DARPA, AFRL
Differential Revision:  https://reviews.freebsd.org/D54703

virtual_oss: build system tidying

general:
 - find libsamplerate's headers in the temporary sysroot instead of
   digging in the source tree.
 - use LIBADD where possible

lib/virtual_oss:
 - centralize SHLIBDIR define
 - centralize include path for internal headers
 - don't try to find libsamplerate directly in .OBJDIR

No functional changes.

Reviewed by:    christos
Sponsored by:   DARPA, AFRL
Differential Revision:  https://reviews.freebsd.org/D54704

These plugins require samplerate.h due to virtual_oss's int.h including
it, but don't use any symbols directly so don't link to the library.

Centralize adding the include path.

Reviewed by:    christos
Sponsored by:   DARPA, AFRL
Differential Revision:  https://reviews.freebsd.org/D54705

Otherwise the script may permute the order of entries in the file since
find(1) output is not stable.

Reviewed by:    kib
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54669

So as a proof of concept, sync the info we have with the #bhyve
phabricator group. This is imperfect, but will help test out providing
better feedback to diff submitters.

Sponsored by:           Netflix

Add code to fetch and decode CODEOWNERS and automatically @ people in
the review.

Create a new file, .github/path-rules.txt that has a set of paths to
match and specific warnings about that part of the tree. We'll use this
to try to wave off pull requests in certain areas of the tree, as well
as remind people when contrib is involved, etc.

Sponsored by:           Netflix

If you tag me on manual reviews, I will help you. I'm very intersted in
helping keep things standard and predictable across the manual. As these
files say, this is not intended to imply any desire for blocking.

MFC after:      3 days

+ svnadmin has apparently been superceeded by gitadm@
+ fix intro prose wrapping to be consistent at 72 for trad console

MFC after:      3 days

Add myself (pouria@) as new src committer with glebius@ as mentor

Reviewed by: glebius
Approved by: glebius (mentor)
Differential Revision: https://reviews.freebsd.org/D54637

Reviewed by: glebius
Approved by: glebius (mentor)
Fixes: https://cgit.freebsd.org/src/commit/?id=2059040493fb3f76cd1f06350fd4534a71a1f83c
Differential Revision:  <https://reviews.freebsd.org/D54637>

Approved by:  markj (mentor)
Differential Revision:  https://reviews.freebsd.org/D54664

Reviewed by:  emaste
Differential Revision:  https://reviews.freebsd.org/D54696

Reviewed by:  asomers
Approved by:    asomers (mentor)
Differential Revision:  https://reviews.freebsd.org/D54715

This is the only subdirectory of sys/crypto that is a vendor import.

Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D54719

Reviewed by:          lwhsu
Approved by:            lwhsu (mentor)
Differential Revision:  https://reviews.freebsd.org/D54744

Reviewed by:          lwhsu
Approved by:            lwhsu (mentor)
Differential Revision:  https://reviews.freebsd.org/D54744

Fixes:        https://cgit.freebsd.org/src/commit/?id=da5d94d29a5e ("Remove obsolete BUGS section from zgrep(1) man page, add test")

Fix test login.conf files and update their MD5 checksums.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291649
Reviewed by:    imp
Fixes:          https://cgit.freebsd.org/src/commit/?id=54ce6b2c4c16 ("login.conf.5: Remove mention of login copyright setting")
Pull Request:   https://github.com/freebsd/freebsd-src/pull/1962

tarfs: tests: Increase timeout (again)

Bump the timeout value (a little more), to avoid cutoff on emulated
architectures on ci.freebsd.org.

Reported by:    Jenkins
Fixes:          https://cgit.freebsd.org/src/commit/?id=47015e454661 ("tests: Increase timeout")
MFC after:      3 days

tarfs: tests: Increase timeout (again 2)

Bump the timeout value (for the third time), to avoid cutoff on emulated
architectures on ci.freebsd.org.  One of the runners will take
considerably more time to complete this test.

Reported by:    Jenkins
Fixes:          https://cgit.freebsd.org/src/commit/?id=a551b0524953 ("tarfs: tests: Increase timeout (again)")
MFC after:      3 days

Sponsored by: Rubicon Communications, LLC ("Netgate")

pf tests: basic state limiters test case

Sponsored by:   Rubicon Communications, LLC ("Netgate")

pf tests: state limiter rate test

Sponsored by:   Rubicon Communications, LLC ("Netgate")

pf tests: basic source limiters test case

Sponsored by:   Rubicon Communications, LLC ("Netgate")

pf tests: extend the source limiter test

Also enumerate and kill individual source addresses.

Sponsored by:   Rubicon Communications, LLC ("Netgate")

Sponsored by: Rubicon Communications, LLC ("Netgate")

Fixes:        https://cgit.freebsd.org/src/commit/?id=0bfcfb3cb1cbfa383cbd24eff39d39f143eb63ba

Reviewed by:          pouria, ae
Differential Revision:  https://reviews.freebsd.org/D54579

Fix a typo in the rdr_action_head() test.

Fixes:          https://cgit.freebsd.org/src/commit/?id=685fb4253819 ("pf: Log the intended action when a NAT rule matches a packet")
MFC after:      1 week

Reviewed by:  des
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D54412

MFC after:    1 week

- s/vaues/values/

MFC after:      5 days

- s/vaues/values/

MFC after:      5 days

MFC after:    3 days

6.6 is ABI compatible with 6.5 (tested with abidiff)
Remove html documentation to ease updates

MFC After:      1 month