FreeBSD git weekly: 2026-02-23 to 2026-03-01

The asmc(4) driver should work for 32-bit Intel-based Macs, in theory, if
the model details were added to the detection list. That being said,
32-bit Intel Macs were only released and available to the general public
for 8 months [1], so the value in maintaining i386 support in the driver is
reduced due to limited hardware access.

Remove 32-bit support for the driver officially to make it clear its use is
not supported.

This should fix building `NOTES.i386` by proxy as well.

Relnotes:       yes
MFC after:      2 weeks
Fixes:          https://cgit.freebsd.org/src/commit/?id=f224591746b ("Add ASMC_DEBUG make option")
Fixes:          https://cgit.freebsd.org/src/commit/?id=8342d9f7b5f ("asmc(4): Stop building it on i386, as...")
Differential Revision:  https://reviews.freebsd.org/D55544

Current radix-based implementation of lookup tables in ipfw does
not support non-contiguous prefixes while this type of lookup is
needed to write CPU-effective firewall configurations.

For some of the cases we can reach the goal using a masked table
lookup by adding masked (e.g. zero non-significant bits) records
into a table and then zero non-significant bits in lookup key
prior to making a table lookup.

Obtained from:  Yandex LLC
MFC after:      3 weeks
Relnotes:       yes
Sponsored by:   Yandex LLC
Differential Revision:  https://reviews.freebsd.org/D53694

By default zstd refuses to operate on symlinks, so for example
`zless /var/crash/vmcore.last.zst` failed to view the uncompressed core
file.  Add -f to the zstd command line to allow operation on symlinks.

Reviewed by:    delphij
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55101

Summary: A trivial resource leak fix; free the allocated memory before return.

Test Plan: Code inspection, run command.

I built a simple program that waits for a signal on a kqueue, then ran
that. The standard procstat displays:

```
fbsd-dev% Waiting for SIGTERM...
procstat -a kqueue
    PID       KQFD   FILTER      IDENT      FLAGS     FFLAGS       DATA      UDATA     STATUS
  84352          3   SIGNAL         15          C          -          0        0x0          -
```

The revised procstat displays:
```
fbsd-dev% sudo LD_LIBRARY_PATH=/usr/obj/usr/home/dab/git/freebsd/src/arm64.aarch64/lib/libutil /usr/obj/usr/home/dab/git/freebsd/src/arm64.aarch64/usr.bin/procstat/procstat -a kqueue
    PID       KQFD   FILTER      IDENT      FLAGS     FFLAGS       DATA      UDATA     STATUS
  84352          3   SIGNAL         15          C          -          0        0x0          -
fbsd-dev%
```

As expected, the two displays are identical. This doesn't prove that
the leak is gone, but it does prove that the revised command still
operates correctly. I think it can clearly be seen from inspection of
the change that the leak has been remedied.

Reviewed-bys: vangyzen
Differential Revision: https://reviews.freebsd.org/D55422

* Order includes.

* Turn the diff type into an enum.

* Turn an unreachable error message into an assertion.

* Remove unused debugging code.

* Remove some dead assignments.

* Consistently use 1 instead of EXIT_FAILURE.

* Turn a return from main() into an exit().

MFC after:      1 week
Sponsored by:   Klara, Inc.
Reviewed by:    bapt
Differential Revision:  https://reviews.freebsd.org/D55517

Use mbrtowc()/iswprint()/wcwidth() in put_tty_line() so that
the l command displays valid multibyte characters as-is instead
of escaping each byte as octal.

Column wrapping now correctly accounts for character display
width (including double-width CJK characters).

Invalid or incomplete UTF-8 sequences and non-printable
characters are still escaped as octal.

Differential Revision:  https://reviews.freebsd.org/D55365

paste(1): Utilise STAILQ from <sys/queue.h> in lieu of the home-rolled linked-list

Signed-off-by: Faraz Vahedi <kfv@kfv.io>
Reviewed by: imp, oshogbo
Pull Request: https://github.com/freebsd/freebsd-src/pull/1443

paste(1): Make small modifications to improve readability

Signed-off-by: Faraz Vahedi <kfv@kfv.io>
Reviewed by: imp, oshogbo
Pull Request: https://github.com/freebsd/freebsd-src/pull/1443

paste(1): Capsicumise

Signed-off-by: Faraz Vahedi <kfv@kfv.io>
Reviewed by: imp, oshogbo
Pull Request: https://github.com/freebsd/freebsd-src/pull/1443

Signed-off-by: Faraz Vahedi <kfv@kfv.io>

With minor changes from committer.

Reviewed by: imp, oshogbo, markj (previous version)
Pull Request: https://github.com/freebsd/freebsd-src/pull/1491

Signed-off-by: Faraz Vahedi <kfv@kfv.io>
Reviewed by: imp, oshogbo, markj (previous version)
Pull Request: https://github.com/freebsd/freebsd-src/pull/1491

MFC after:            3 days
Reviewed by:            bapt (previous), jilles, tembun@bk.ru
Differential Revision:  https://reviews.freebsd.org/D55295

Tiny manpage bug I caused in D50241
I left a line in the manpage that shouldn't be there.

MFC after:      3 days
Fixes:          https://cgit.freebsd.org/src/commit/?id=72d01e62b082 ("netgraph: teach ngctl to attach and run itself in a jail")
Reviewed by:    des, markj
Differential Revision:  https://reviews.freebsd.org/D55485

MFC after:    3 days

Our manual page currently states that system() will return 127 if it
fails to execute the shell.  The actual return value is, to quote POSIX,
“as if the command language interpreter had terminated using exit(127)
or _exit(127)”.

MFC after:      1 week
Sponsored by:   Klara, Inc.
Reviewed by:    bnovkov, kevans
Differential Revision:  https://reviews.freebsd.org/D55483

Correct media types for 1000Mbit/s, 2500Mbit/s, 5000Mbit/s and 10Gbit/s.

Reviewed by:    adrian
Differential Revision:  https://reviews.freebsd.org/D55496

"These examples appear to be originally noted thirteen years ago by
Mark Saad, contributed by eadler, put into a patch by Felix Johnson,
and made into mdoc by myself. Finally, put this bug to rest." ~ziaee

PR:                     https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=167742
Co-authored-by:         eadler, ziaee, Mark Saad
Differential Revision:  https://reviews.freebsd.org/D48877

Use the correct key name in the chpasswd section.
Remove a stray line to fix the description of 'password'.

MFC after:      1 week
Sponsored by:   Chelsio Communications
Reviewed by:    maxim
Differential Revision:  https://reviews.freebsd.org/D55547

On Panasonic FZ-Y1 and similar models, the EC latches RF_KILL on
shutdown and suspend when battery is at certain level, causing wireless
to boot with hard block.

Call WLSW.SHRF during attach and resume to clear the block.

Tested on Panasonic FZ-Y1 with Intel Wireless 7265.

Reviewed by:    adrian, obiwac
Approved by:    adrian, obiwac
Differential Revision:  https://reviews.freebsd.org/D55265

Currently this happens as a side effect of the return type of
sdio_get_function() in the expansion of __BUS_ACCESSOR, but this is
fragile and can break if __BUS_ACCESSOR changes to define other
functions first.

Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D55351

- Use __BUS_ACCESSOR_DEFAULT for the global handle IVAR to preserve
  existing behavior for acpi_get_handle.

- Use __BUS_ACCESSOR for the private ACPI IVARs as these are only used
  with direct children of acpi0.

Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D55355

The product series is called NXP QorIQ Layerscape.  Remove the extra 'e.

MFC after:      3 days
Reviewed by:    mmel, emaste
Differential Revision: https://reviews.freebsd.org/D55388

Fix spelling of NXP, which is not NPX, in two places.

Improves:       a4e30909ec98
Reported by:    Kevin Bowling (kevin.bowling kev009.com), qoriq_dw_pci.c
MFC after:      3 days

While here, remove an unused declaration.

Reviewed by:    jrtc27
Sponsored by:   AFRL, DARPA
Differential Revision:  https://reviews.freebsd.org/D53898

Reviewed by:  np (earlier version)
Sponsored by:   Chelsio Communications
Differential Revision:  https://reviews.freebsd.org/D55470

Both of the aforementioned macros have been present in FreeBSD
for well over a decade: 2009 for `KOBJMETHOD_END`; 2011 for
`DEVMETHOD_END`.

Adapt all hardcoded references of `{0, 0}` with `DEVMETHOD_END`
and `KOBJMETHOD_END` as appropriate. This helps ensure that
future adaptations to drivers following patterns documented
in driver(9) can be made more easily/without issue.

MFC after:      1 week
Differential Revision:   https://reviews.freebsd.org/D55414

Apple Mac systems support Wake-on-LAN from powered-off state (S5/G2) via
the AUPO SMC key.

This change adds a convenience sysctl, `dev.asmc.0.wol`. This can be
disabled if set to 0 and enabled if set to 1.

The AUPO key is volatile and resets to 0x00 on every boot, so WoL must
be manually enabled before each shutdown to work from powered-off state.
Users need to run: `sysctl dev.asmc.0.wol=1` before shutting down the
system. The sysctl is best set to persist in `/etc/sysctl.conf`.

MFC after:      1 week
Reviewed By:    markj, ngie
Differential Revision:  https://reviews.freebsd.org/D54439

Having to enter in each of the models for Apple hardware, recompiling,
etc, is tedious. Provide generic models so end-users can leverage some
of the capabilities provided by the driver, i.e., common features like
minimal fans and lights (if present on the generic model) support.

The generic models are as follows:
- Macmini
- MacBookAir
- MacBookPro
- MacPro

This sort of follows the pattern established by the `applesmc` driver in
Linux.

MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D55395

Do it always for bootverbose if offload was enabled in the kernel
config, not only if the device actually supports all required
capabilities to do the offload. Otherwise, having the code to print the
caps is pointless.

Reviewed by:    slavash
Tested by:      Wafa Hamzah <wafah@nvidia.com>
Sponsored by:   NVidia networking
MFC after:      1 week

Reviewed by:  slavash
Tested by:      Wafa Hamzah <wafah@nvidia.com>
Sponsored by:   Nvidia networking
MFC after:      1 week

Migrate to the new encryption key API rather than poking at the
key struct directly.

Differential Revision:  https://reviews.freebsd.org/D54479

Migrate to the new encryption key API rather than poking at the
key struct directly.

Differential Revision:  https://reviews.freebsd.org/D54480

Migrate to the new encryption key API rather than poking at the
key struct directly.

Differential Revision:  https://reviews.freebsd.org/D54481

Migrate to the new encryption key API rather than poking at the
key struct directly.

Differential Revision:  https://reviews.freebsd.org/D54482

Migrate to the new encryption key API rather than poking at the
key struct directly.

Notably this driver was very clear about its expectation the net80211
key layout w/ key, TX MIC and RX MIC matches the firmware layout
and just memcpy()'ed it.  That has been refactored.

Differential Revision:  https://reviews.freebsd.org/D54484

This is required so that ACPI power-off (entering S5) works as expected, as
the ACPI PM1a and PM1b blocks might not be accessible by dom0 directly.
Additionally, Xen also needs to do cleanup before entering a sleep state,
so it needs to be notified about it.

With this patch FreeBSD dom0 now powers off the host correctly:

acpi0: Powering system off...
(XEN) [   85.686598] arch/x86/hvm/emulate.c:415:d0v0 fixup p2m mapping for page fedc6 added
(XEN) [   85.687606] arch/x86/hvm/emulate.c:415:d0v0 fixup p2m mapping for page fbc10 added
(XEN) [   85.692357] Preparing system for ACPI S5 state.
(XEN) [   85.692702] Disabling non-boot CPUs ...
(XEN) [   85.694471] Broke affinity for IRQ9, new: {0-7}
[...]
(XEN) [   85.903118] Entering ACPI S5 state.

Should be a non-functional change when not running as a Xen dom0.

Reviewed by: kib
Sponsored by: Citrix Systems R&D
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D55504

If m_getjcl() fails we want to know the size we requested in order to
have a chance to evaluate the problem better.

MFC after:      3 days
Reviewed by:    tuexen
Differential Revision: https://reviews.freebsd.org/D55555

The asmc(4) driver should work for 32-bit Intel-based Macs, in theory, if
the model details were added to the detection list. That being said,
32-bit Intel Macs were only released and available to the general public
for 8 months [1], so the value in maintaining i386 support in the driver is
reduced due to limited hardware access.

Remove 32-bit support for the driver officially to make it clear its use is
not supported.

This should fix building `NOTES.i386` by proxy as well.

Relnotes:       yes
MFC after:      2 weeks
Fixes:          https://cgit.freebsd.org/src/commit/?id=f224591746b ("Add ASMC_DEBUG make option")
Fixes:          https://cgit.freebsd.org/src/commit/?id=8342d9f7b5f ("asmc(4): Stop building it on i386, as...")
Differential Revision:  https://reviews.freebsd.org/D55544

The PMC flags available for DF and L3 counters were not all implemented.
More importantly, the field encodings for the L3 counters changed in an
incompatible way between Family 17h and Family 19h.  Similarly, the
field encodings for the DF coutners changed between Family 19h and 1Ah.
I also added the precise retire flag for the 3rd core counter.

Lastly, I added a warning in the jevent parser because ignoring the
unknown fields results in counters incorrectly programmed.  We should
not just ignore that.

Sponsored by: Netflix

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2040

This patch adds support for AMD IBS.  It adds a new class of performance
counter that cotains two events: ibs-fetch and ibs-op events. Unlike
most existing sampled events, IBS events provide a number of values
containing extra information regarding the sample.  To support this we
use the existing callchain event, and introduce a new flag for multipart
payloads.  The first 8 bytes of the pc_sample contains a header that
defines up to four payloads.

Sponsored by: Netflix

Reviewed by: imp,mhorne
Pull Request: https://github.com/freebsd/freebsd-src/pull/2022

The pmu event definitions for AMD Zen 5 was updated since it was
imported into the tree.  As a bonus I also updated the recommended json
counters for Zen 1-3 even though we do not use that file yet.

Sponsored by: Netflix

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2048

Sponsored by: Netflix

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2049

Right now %cr4 defined bits fit into the low word, but this is not true
with FRED.

Sponsored by:   The FreeBSD Foundation
MFC after:      1 week

The SMC firmware revision can prove helpful when determining why the
behavior of a given controller varies from the maintainers' expected
behavior.

This should be a sysctl (eventually), but for now dumping out the
information via `device_printf(..)` suffices, given that only one
asmc(4) compatible device can exist in an Apple platform at any
given point in time. This will become a sysctl in the future after
additional improvements are incorporated from OpenBSD and NetBSD.

MFC after:      1 week
Obtained from:  https://github.com/openbsd/src/ (sys/dev/acpi/asmc.c @ 142d064)
Differential Revision: https://reviews.freebsd.org/D55577

Approved by:  so
Security:       FreeBSD-SA-26:05.route
Security:       CVE-2026-3038
Fixes:          https://cgit.freebsd.org/src/commit/?id=92be2847e845 ("rtsock: Avoid copying uninitialized padding bytes")

Rack will in theory send an extra rate limited ack when we get to a closing state (sending a FIN) so that
if we have only 1 packet outstanding we might encourage the connection to close out. However it does this
always which is not always wise. Change it so that it only does that if its been more than an srtt since
we have had some activity i.e. a send or a receive of a packet.
Reviewed by:tuexen, rscheff
Differential Revision:<https://reviews.freebsd.org/D55459>

So in testing I have found two interesting cases where ECN is going
to make it so that an ack will be sent right away. These cases need
to be limited to being in the ESTABLISHED state. You don't want ECN
sending ACK's when we are transitioning in front or end states.
Also we don't start a delayed ack timer <and> at the same time set
the ACKNOW flag, thats just plain wrong.

Reviewed by: tuexen, rscheff
Differential Revision:<https://reviews.freebsd.org/D55460>

PR:                   https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292293
Reviewed by:            rrs, rscheff, pouria, Nick Banks, Peter Lei
MFC after:              3 days
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D5546

The check for excluding duplicate ACKs needs to consider only TH_SYN
and TH_FIN. We know that TH_ACK is set and TH_RST is cleared. All
other flags, in particular TH_ECE, TH_CWR, and TH_AE needs to be
ignored for the check.

PR:                     https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292293
Reviewed by:            rrs
MFC after:              3 days
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D55489

If driver refused to install SA, record rejected handle for SA on the
interface always, not only for EOPNOTSUPP case.  The
ipsec_accel_output() function did the right thing if there is no
rejection handle, but not having the handle allows further attempts to
install the SA on the interface.

If driver installed the SA, but ipsec_accel_handle_sav() returned error,
uninstall the SA from the interface.  Hardware must not be set up to
process packets for which kernel expects no processing is done.

In both cases, free the drv_spi if a handle was not installed.  But keep
drv_spi allocated if the deinstall returned an error from the driver.

Reviewed by:    slavash
Tested by:      Wafa Hamzah <wafah@nvidia.com>
Sponsored by:   NVidia networking
MFC after:      1 week

Reviewed by:  slavash
Tested by:      Wafa Hamzah <wafah@nvidia.com>
Sponsored by:   NVidia networking
MFC after:      1 week

Before this change, netlink only shows nexthop
expire value if route is not multipath.
Now it can set expire time during route creation.
Also, show expire time of multipath nexthops.

Reviewed by: glebius
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D55442

Reviewed by: glebius
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D55440

These opaque IDs are used by netisr to distribute work among threads.
The mapping function is simply SourceID % numthreads, so using socket
addresses as source IDs isn't going to distribute packets well due to
alignment.

Use the divert socket's generation number instead, as that suits this
purpose much better.

Reviewed by:    zlei, glebius
MFC after:      1 week
Sponsored by:   OPNsense
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D55537

Only expose `dcb` when either `INET` or `INET6` is defined.

Reported by:    clang (`-Wunused`)
MFC after:      1 week
Fixes 5547a7bb39 ("divert: Use a better source identifier...")
Differential Revision: https://reviews.freebsd.org/D55548

- Move some of the braces under their respective conditionals to make the
statements more self-encapsulated and only define the `aliasreq` union
in the event either INET or INET6 is defined.

- Fix a copy-paste error: `in_gre_ioctl` should be `in6_gre_ioctl` in the
  INET6 case.

Reported by:    tinderbox
Fixes:          https://cgit.freebsd.org/src/commit/?id=e1e18cc12e68 ("if_gre: Add netlink support with tests")
Differential Revision: https://reviews.freebsd.org/D55546

There is no user for `rta_expires` member and it's
duplicate of `rta_expire`.

Reviewed By: melifaro
Differential Revision: https://reviews.freebsd.org/D55445

Some 32-bit architectures, e.g., armv7, require strict 8-byte
alignment while doing atomic 64-bit access. Hence aligning to the
pointer type (4-byte alignment) does not meet the requirement on
those architectures.

Make the space allocated by vnet_data_alloc() sufficent aligned to
avoid unaligned access.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=265639
Diagnosed by:   markj
Reviewed by:    jhb, markj
Co-authored-by: jhb
MFC after:      5 days
Differential Revision:  https://reviews.freebsd.org/D55560

Current radix-based implementation of lookup tables in ipfw does
not support non-contiguous prefixes while this type of lookup is
needed to write CPU-effective firewall configurations.

For some of the cases we can reach the goal using a masked table
lookup by adding masked (e.g. zero non-significant bits) records
into a table and then zero non-significant bits in lookup key
prior to making a table lookup.

Obtained from:  Yandex LLC
MFC after:      3 weeks
Relnotes:       yes
Sponsored by:   Yandex LLC
Differential Revision:  https://reviews.freebsd.org/D53694

Reviewed by:  christos
MFC after:      1 week
Signed-off-by:  Quentin Thébault <quentin.thebault@defenso.fr>
Sponsored by:   Defenso
PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293130
Pull Request:   https://github.com/freebsd/freebsd-src/pull/2043

I misremembered when I wrote this code: getline() returns -1 on EOF, not
zero, so the loop condition and the error check are both incorrect
(though in practice getline() will never return 0).

MFC after:      3 days
Fixes:          https://cgit.freebsd.org/src/commit/?id=3cbdcabf714d ("ngctl: Modernize code somewhat")
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D55487

As described in Serial ATA Revision 3.5a

Reviewed by:    mav
Pull Request:   https://github.com/freebsd/freebsd-src/pull/2044

The implementation was simply wrong.  It would always just return the
first entry in the iovec, even if the requested length is larger than
that first entry.

Note, this function will be removed soon, see D53468.

Reported by:    Vinod p n <vinod272@gmail.com>
Reviewed by:    des, emaste, Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D55438

update_uefi_bootentry assumes that the caller sets FREEBSD_BOOTNAME and
mntpt, which isn't the case anymore. The result is that there is no
"FreeBSD" boot entry created/updated after install. Most machines manage
to boot from the removable media path (if the loader is installed there
too), but some don't.

Take the loader's path as an argument and rename the variable used in
the ZFS mirror loop so mntpt can be reused below.

Also mark nentries as a local variable so it doesn't leak out of the
function.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293385
Fixes:          https://cgit.freebsd.org/src/commit/?id=494de51bc0074472d1b01604f085daea0844f240
MFC after:      2 days
Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D55469

* Check for integer overflow when receiving file sizes.

* Check for buffer overflow when receiving file names, and fully
  validate the names.

* Check for integer overflow when checking for available disk space.

* Check for I/O errors when sending status codes.

* Enforce one job per connection and one control file per job (see
  code comments for additional details).

* Simplify readfile(), avoiding constructs vulnerable to integer
  overflow.

* Don't delete files we didn't create.

* Rename read_number() to read_minfree() since that's all it's used
  for, and move all the minfree logic into it.

* Fix a few style issues.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293278
MFC after:      1 week
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D55399

Set a 120-second receive timeout on all client connections, and add a
command-line option to change that value.

MFC after:      1 week
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D55400

Also fixes nexthop expire value on route get using netlink.

Reviewed by: glebius
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D55444

Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D55514

Remove global uint64_t pool_guid and instead iterate over all pools that
efizfs_get_zfsinfo_list() provides.

The global pool_guid used to mark that we have constructed a ZFS pool and
the pool label that was used for that was stored on a partition that is
the EFI image device handle.

First problem here is that it is too restrictive.  If the very first
device to probe is a spare member of a pool, it will be used to
instantiate a pool but (pd->pd_handle == boot_img->DeviceHandle) won't be
true, thus global pool_guid won't be populated and ZFS boot won't be
tried.

Second problem is that potentially we may find several pools, and all
should be tried to boot.  Note that the code for that is already here -
efizfs_get_zfsinfo_list() is imported by efizfs.h but was not used until
now.

Reviewed by: imp
Differential Revision:  https://reviews.freebsd.org/D55094

The RELAXED boot policy will automatically search for any root
filesystem (currently zfs only) on any device. STRICT policy only
searches on the boot device. RELEAXED will still prefer the device we
booted from, which is the smallest behavior change we should do. STRICT
may be needed for releases, though.

Sponsored by:           Netflix
Reviewed by:            glebius
Differential Revision:  https://reviews.freebsd.org/D55107

After ~13 years of running the ftp.at.freebsd.org community mirror is
shutting down at the end of March.  Remove it from the mirrorselect
script.

Reported by:    Klaus P. Ohrhallinger <k@7he.at>

It's not at all clear why I wrote it like this, but we can do better.

I wouldn't think this really has any meaningful security implications
since the hierarchy in question can't really be modified by the guest
scripts, but it would seem to make it a little more robust.

Fixes:  https://cgit.freebsd.org/src/commit/?id=6779d44bd878e3c ("bhyveload: use a dirfd to support -h")
Reviewed by:    bnovkov, markj
Differential Revision:  https://reviews.freebsd.org/D55379

As written, we'll repeatedly jps_free() the first element, which is
obviously bogus.  Fix it to index appropriately.

Fixes:  https://cgit.freebsd.org/src/commit/?id=db3b39f063d9f ("libjail: extend struct handlers [...]")

POSIX.1-2024 states that the 'free' function "shall not modify errno if
ptr is a null pointer or a pointer previously returned as if by malloc()
and not yet deallocated". However this is a fairly recent addition
and non-compliant allocators might still clobber 'errno', causing
'mpool_get' to return the wrong error code. Fix this by saving
and restoring 'errno' after calling 'free'.

Sponsored by:   Klara, Inc.
Reviewed by:    obiwac
Differential Revision:  https://reviews.freebsd.org/D55463
MFC after:      1 week

Ignore SIGINT and SIGQUIT and block SIGCHLD, as POSIX requires.

To deal with the concurrency problem described in POSIX, we keep track
of the count of concurrent invocations.  We ignore and block signals
only when the counter was zero before we incremented it, and restore
them only when the counter reaches zero after we decrement it.

Note that this does not address the issue of thread cancellation.

MFC after:      1 week
Sponsored by:   Klara, Inc.
Reviewed by:    bnovkov, sef, kevans
Differential Revision:  https://reviews.freebsd.org/D55471

Our manual page states that if given a null pointer, system() returns
non-zero if the shell is available and zero if it is not.  This is
consistent with the C standard's description of system(), but it is not
what we actually do.  What we actually do is always return non-zero, as
required by POSIX.

As the POSIX rationale explains, implementing the logic required by the
C standard does not violate POSIX, since a conforming system always has
a shell, therefore the logic will always return non-zero.

Since our libc is commonly used in non-conforming situations such as
chroots or thin jails, we should implement the full logic required by
the C standard.

MFC after:      1 week
Sponsored by:   Klara, Inc.
Reviewed by:    obiwac, bnovkov, kevans
Differential Revision:  https://reviews.freebsd.org/D55484

- `math.h`: `isinff(..)`
- `sys/time.h`: `timespec*(x)`

These two headers are used by tests in newer snapshots of
`contrib/netbsd-tests`.

MFC after:      1 week

When kernel external errors are available they are included in the
err(3) library function messages. In addition to the extended error
itself, the kernel also tracks the kernel file and line number at
which the error was generated. This additional information is not
included in the err(3) messages unless the EXTERROR_VERBOSE environment
variable is present. Currently, when EXTERROR_VERBOSE is present,
all the internal extended error information associated with the
error is printed most of which is redundant with the formatted error
message printed by err(3). This change will add only the kernel
file and line number to the err(3) message when EXTERROR_VERBOSE
is present and set to "brief".

Sample output with bad protection bits to mmap:

guest_16 % ./Example bigfile
Example: mmap bigfile: Invalid argument (unknown PROT bits 0x8)

guest_16 % setenv EXTERROR_VERBOSE
guest_16 % ./Example bigfile
Example: mmap bigfile: Invalid argument (unknown PROT bits 0x8 errno 22 category 1 (src sys/vm/vm_mmap.c:200) p1 0x8 p2 0)

guest_16 % setenv EXTERROR_VERBOSE brief
guest_16 % ./Example bigfile
Example: mmap bigfile: Invalid argument (unknown PROT bits 0x8 (src sys/vm/vm_mmap.c:200))

Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D55494
MFC-after:    1 week
Sponsored-by: Netflix

These macros are used by some of the NetBSD tests which calculate the
size of types, e.g., `__type_max(time_t)`.

This wraps up the set of macros needed in order to update to the a
netbsd-tests snapshot from this past month.

Obtained from:  https://github.com/netbsd/src (55b4b44)
MFC after:      1 week

MFC after:    3 days
Fixes:          https://cgit.freebsd.org/src/commit/?id=6378393308bc ("Add an internal libiscsiutil library.")
Sponsored by:   Klara, Inc.
Sponsored by:   NetApp, Inc.
Reviewed by:    kevans
Differential Revision:  https://reviews.freebsd.org/D55596

nullfs_unlink_lowervp() is called with the lower vnode locked, so the
nullfs vnode is locked too.  The following can occur:
1. the vunref() call decrements the usecount 2->1,
2. a different thread calls vrele() on the vnode, decrements the
   usecount 0->1, then blocks on the vnode lock,
3. the first thread tests vp->v_usecount == 0 and observes that it is
   true,
4. the first thread incorrectly unlocks the lower vnode.

Fix this by testing VN_IS_DOOMED directly.  Since
nullfs_unlink_lowervp() holds the vnode lock, the value of the
VIRF_DOOMED flag is stable.

Thanks to leres@ for patiently helping to track this down.

PR:             https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288345
MFC after:      1 week
Reviewed by:    kib
Differential Revision:  https://reviews.freebsd.org/D55446

If the initial no-wait vn_start_write fails, we pass the old
PCATCH flag to the following sleepable vn_start_write.
Following a75d1ddd74, that flag should be V_PCATCH.

Sponsored by:           Dell Inc.
Differential Revision:  https://reviews.freebsd.org/D55512

GCC 12 has a strict definition of identity (all characters including
whitespace must be identical) when comparing "redefined" macros. Make
our definition exactly match the stddef.h that comes with GCC to fix
test-includes of netlink/netlink_snl.h.  (Note: later versions of GCC
are a bit more flexible and don't have this problem.)

Reported by:    des
Sponsored by:   DARPA, AFRL
Fixes:          https://cgit.freebsd.org/src/commit/?id=2adc3f0db187 ("stddef.h: centralize definition of offsetof()")

These various definitions are meant to be kept sorted by machine prefix.

Fixes:  https://cgit.freebsd.org/src/commit/?id=2bb61497ca76 ("elf_common.h: Add definitions for LoongArch ELF files")

Reviewed by:  jrtc27
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55488

This matches the behavior of the fallbacks for __builtin_align_up
and __builtin_is_aligned.

Reviewed by:    arichardson, ngie, kib
Differential Revision:  https://reviews.freebsd.org/D55161

Keep the dword labels as comments instead.  Anonymous structs and
unions don't have type names in C11+.

Differential Revision:  https://reviews.freebsd.org/D55144

<varp>_has_<var> returns true if the given IVAR can be read.

Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D55352

This macro is similar to __BUS_ACCESSOR in that it creates three
helper routines for an ivar, but the "get" wrapper returns a default
value if BUS_READ_IVAR does not return a value.

Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D55353

ACPI_IVAR_HANDLE is the only true "global" IVAR that can be used
across multiple bus drivers.  The other IVARs are private to direct
children of acpi0.  However, they need to be numbered after ISA IVARs
as ACPI mimics an ISA bus device.  To ensure this remains true, add an
ISA_IVAR_LAST to use in assert that the private ACPI IVARs do not
overlap with ISA IVARs.

Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D55354

ib_verbs.h still uses struct dma_attrs *dma_attrs everywhere.
It is beyond my knowledge when that struct got deprecated upstream but
it is still supported by our LinuxKPI.  The problem is that the
functions called with that argument (dma_map_single_attrs,
dma_unmap_single_attrs, dma_map_sg_attrs, dma_unmap_sg_attrs) so far
are #defines in LinuxKPI and drop the last argument (attrs) so it was
never a problem.

In preparation to pass the attrs to the actual implementation in LinuxKPI,
which has gained support for them, we now pass dma_sttrs->flags which
is the expected unsigned long bit field.

If anyone has serious interest in updating our ofed implementation they
could look into this some more and remove the usage of struct dma_attrs
entirely.

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days
Reviewed by:    kib
Differential Revision: https://reviews.freebsd.org/D55390

In certain cases we may tear down state of a node with 'ongoing'
BA sessions.  This can trigger a firmware crash with iwlwifi as
reported in [1] when trying to remove the sta from the firmware.

   0x2010303A | ADVANCED_SYSASSERT
   ..
   0x00000000 | umac data1 (sta id=0)
   ..
   0x0088030C | last host cmd (STA_RM)

[1] https://lists.freebsd.org/archives/freebsd-wireless/2025-November/003901.html

I hit the same problem while running regression tests after
reworking some LinuxKPI 802.11 sta state machine bits.

Add the missing calls to lkpi_sta_run_to_assoc() and lkpi_sta_run_to_init()
to make sure (through net80211) we call (*ampdu_action) with
IEEE80211_AMPDU_RX_STOP to avoid the firmware crash.

Note: this specific patch was not excessively tested.  The upcoming
change to the state machine including this fix has seen more testing
but also only needed the change in one place.
The reason for putting this in upfront is to document the case well.

Reported by:    Mohammad Amin (the.madamin20 gmail.com) [1]
Sponsored by:   The FreeBSSD Foundation
MFC after:      3 days

Reported by:  kevans
Reviewed by:    kevans, mhorne
Fixes:  https://cgit.freebsd.org/src/commit/?id=0d3652f67d246348e2c017205c6782caf4484449
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differrential revision: https://reviews.freebsd.org/D55490

Detaching the bhyve(4) ppt driver from an unsupported PCI device
should not raise a "Device not configured" error.  We do not expect
that a new driver must take over the device in this case.

Reviewed by:    imp, jhb
Differential Revision:  https://reviews.freebsd.org/D52050

LinuxKPI: 802.11: adjust assoc check before key deletion

There is a discrepancy between the vif assoc state and the sta state
(see comment in lkpi_sta_run_to_init()).
Adjust the check in lkpi_iv_key_delete() and add it to
lkpi_sta_del_keys() so that we can take way the keys after whatever
comes first: the sta went away from AUTHORIZED (RUN) or if the vif is
no longer marked assoc.
This is needed as we may only take the sta down partially back to
State 2 (cf. 802.11-2024, Figure 11-23) and key material is no longer
valid before the vif gets cleaned up and the sta is removed entirely.

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days

LinuxKPI: 802.11: improve crypto debug logging

Add a log entry to lkpi_ieee80211_iterate_keys() in order to be able
to determine if there are still keys available when a driver calls
into this (e.g., iwlwifi does before removing the sta to make sure
the keys are gone).

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days

LinuxKPI: 802.11: fold the sta state machine again

In and around d9f59799fc3e7 we adjusted the initial sta state machine
implementation and unfolded some functions, duplicating code.
This version tries to undo some of that as it seems that we can get
away with doing it more cleanly these days.

There are 5 main functions for the path from INIT to RUN (UP1,2,3.1,3.2,4)
and 4 main functions for the path from RUN to INIT (DOWN1,2,3,4).
The reason there is one more on the patch up is that we can go directly
from AUTH to RUN without going through ASSOC first.
In addition there are further functions relying only on these 9 base
state change functions in order to implement the remaining possible
state transitions net80211 can do (without CSA and SLEEP).

Another change is that we no longer take a sta always through INIT/SCAN
first and then back up to AUTH, that is, we are no longer deleting the
sta from the firmware unless net80211 would also take us down to that
state and in a follow-up back up.

This is a preparation for another fix to come in order to import a
newer version of iwlwifi (v6.19).

I have run a few days of mlme_assoc (see tools) and some other basic
regression tests.  The only thing I managed was to deadlock net80211
for other reasons (ieee80211_waitfor_parent()).  But this will need
excessive user testing as the various options which may have an
effect on the subtle details are great as we learnt in the past years.

Sponsored by:   The FreeBSD Foundation
MFC after:      5 days

sctp: fix so_proto when peeling off a socket

Reported by:            glebius
Reviewed by:            rrs
Fixes:                  https://cgit.freebsd.org/src/commit/?id=d195b3783fa4 ("sctp: fix socket type created by sctp_peeloff()")
Differential Revision:  https://reviews.freebsd.org/D55454

sctp: fix NOINET build

Reported by:            ngie
Fixes:                  https://cgit.freebsd.org/src/commit/?id=454212b9718b ("sctp: fix so_proto when peeling off a socket")
MFC after:              3 days

Obtained from the Memtag ABI Extension to ELF for the Arm® 64-bit
Architecture (AArch64) [1]

[1] https://github.com/ARM-software/abi-aa/blob/main/memtagabielf64/memtagabielf64.rst#dynamic-section

Reviewed by:    andrew
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55486

page_pool/helpers.h does exist in common/include/net/page_pool/helpers.h
so we can remove the dummy header file.

Sponosred by:   The FreeBSD Foundation
MFC after:      3 days

PR:           https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293423
MFC after:      3 days
Requested by:   bms

Both clang and gcc's stddef.h are designed to be included multiple times
with different combinations of __need_* macros defined (e.g
__need_size_t). Remove the #pragma once to accommodate this, ptraddr_t
is guarded by _PTRADDR_T_DECLARED anyways.

Also use __SIZE_TYPE__ instead of size_t since it's not guaranteed to be
defined.

Reviewed by:    brooks, imp, kib
Differential Revision:  https://reviews.freebsd.org/D55453

NO_SHARED is the proper way to declare linking a program without
shared libraries.

Obtained from:  Hewlett Packard Enterprise
MFC after:      1 week
Reviewed by:    emaste
Differential Revision:  https://reviews.freebsd.org/D44761

This was part of review D44761. It was separated into another commit for
better clarity.

Obtained from:  Hewlett Packard Enterprise
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D44761

Reported by:  wosch

Make it consistent with the other lifecycle scripts, thus making it
more findable.

Reviewed by:    ziaee
Signed-off-by:  Pat Maddox <pat@patmaddox.com>
Closes:         https://github.com/freebsd/freebsd-src/pull/2047

This matches non-pkgbase behavior as installworld/installkernel skip the
debug bits if these knobs are set.

MFC after:      1 week
Sponsored by:   Chelsio Communications
Reviewed by:    cperciva
Differential Revision:  https://reviews.freebsd.org/D55572

Requested by: des
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D55598

Update Mentor and Mentee Information to follow step
5 of the Committers Guide.

Reviewed by:    osa, vvd (mentors)
Approved by:    osa (mentor)
Differential Revision:  https://reviews.freebsd.org/D55457

This is a simple too to remove all comments, extra whitespace and other
unnecessary things that may have creative content. What remains can be
just the minimal interface described by the header file. When used with
care, this can mechanically sanitize files, like some device tree
bindings file, that are only #defines that are meant to be used in
multiple context (the dts files and in C code to interpret the resulting
dtb).

Sponsored by:           Netflix
Reviewed by:            kevans
Differential Revision:  https://reviews.freebsd.org/D55087

Replace the somewhat perfunctory NetBSD tests with our own.

MFC after:      1 week
Sponsored by:   Klara, Inc.
Reviewed by:    bnovkov, kevans
Differential Revision:  https://reviews.freebsd.org/D55482

Including examples in Cyrillic suggested by kib@

Differential Revusion:  https://reviews.freebsd.org/D55364

MFC after:            3 days
Reviewed by:            emaste, guest-seuros, sjg, ziaee
Differential Revision:  https://reviews.freebsd.org/D55416

This is the OG meat and potatoes.

MFC after:              3 days
Reviewed by:            0mp, carlavilla
Differential Revision:  https://reviews.freebsd.org/D55301

No functional changes.