Add documentation for the ATU (Address Translation Unit) commands
that were implemented but not documented in the man page:
- atu dump: display the MAC address table
- atu flush all: clear all dynamic ATU entries
- atu flush port <n>: clear ATU entries for a specific port
Also add atu to the SYNOPSIS section.
PR: 275413
Signed-off-by: Kit Dallege <xaum.io@gmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2096
The man page only mentioned jumbo frame support for the 8169, 8169S,
and 8110S chips. The 8168 and 8111 family also support jumbo frames,
with varying MTU limits depending on the chip revision (6K for C
variants, 9K for D and later). Update the documentation to reflect
the actual driver capabilities.
PR: 160399
Signed-off-by: Kit Dallege <xaum.io@gmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2097
Add documentation for the vt_font, vt_keymap, vt_repeat, vt_saver,
vt_screenmap, and vt_ttys commands which are available at runtime
but were not listed in the man page.
Also clarify that the existing syscons_* commands are for the
syscons(4) console driver and remove stale commented-out entries.
PR: 291051
Signed-off-by: Kit Dallege <xaum.io@gmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2100
Since commit 97e1303791, the -P flag works without -R as
required by POSIX. Update the man page to state that only -H
and -L are ignored without -R, while -P can be used independently.
PR: 289959
Signed-off-by: Kit Dallege <xaum.io@gmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2102
The --si option (human-readable output with SI units based on
powers of 1000) was implemented but missing from both the SYNOPSIS
and the options list.
PR: 265199
Signed-off-by: Kit Dallege <xaum.io@gmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2104
Improve error handling for invalid user names and UIDs in renice:
- Use warnx() and err() for consistent error reporting
- Set errno = EINVAL for invalid input
- Provide clearer error messages for invalid user names and UIDs
- Add test cases for invalid user input
Signed-off-by: androvonx95 <androvonx95@tutamail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1768
Update the GCE image creation process to automatically apply the
'public-image=true' label when publishing new images. This aligns
with standard labeling expectations for images hosted in public
projects.
MFC after: 3 days
Implement the getsockopt for TCP_INFO by mapping FreeBSD's version to
what Linux expects.
MFC after: 1 month
Relnotes: yes
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D55882
When `boot_policy` is `RELAXED`, `find_currdev()` tried ZFS pools on every
disk before searching the boot ESP and sibling partitions. Booting install
media from USB could therefore select an installed ZFS root on internal
storage instead of the intended memstick UFS image.
Extract the boot-device partition walk into `try_boot_device_partitions()`
and run it before relaxed foreign-pool probing. The ZFS search order is
preserved; pools on the boot device are tried first, followed by pools on
other devices when `boot_policy` is `RELAXED` and the boot device yields
no bootable root.
Signed-off-by: Faraz Vahedi <kfv@kfv.io>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2239
Recalculate it to iterate over the right set of processes.
Prevent reaper' struct proc reuse by holding the tree ref on it.
Since our reference is taken under the proctree lock and we know that
the process is reaper, it cannot go away. The process hold count
(p_lock) cannot be used there because p_lock intent is prevent exit, but
reaper owns its reap-children until reaped itself, i.e. even a zombie
reaper is still on duty.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57492
Owning the reference prevents reuse of the struct proc.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57492
This restores existing error code for connect(2) over unix domain socket
when the empty string is specified as socket address.
Reported by: eduardo
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57509
No existing tests require it, and I cannot understand what kinds of test
scenarios are supposed to require it. Just remove it.
While here, improve the documentation of test variables a bit.
Reviewed by: ngie
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56604
AMD does not have a CPUID bit to indicate the lack of K8 PMCs. If all
other PMC features are not present we should test an event selector to
see if it stores and returns a value. If the VM is implemented
correctly, this should result in a #GP on the initial wrmsr_safe. Bhyve
and a few other VMs ignore writes, so I got one step further and test
that it retains the OS and USR bits.
Tested on Zen 5 native and a Zen 5 Bhyve virtual machine. This code
should not run on any recent hardware, except in a VM, as it checks that
the core counter extension is missing.
PR: 268943
Reported by: Sandipan Das, John F. Carr <jfc@mit.edu>
Reviewed by: mhorne, imp
Sponsored by: Netflix
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/2272/changes
I've been the quasi-defacto component maintainer for OpenSSL since
14.0-RELEASE. Make it official via CODEOWNERS/MAINTAINERS.
The goal is to help guide those interested in making changes in this
space to solicit my input with the new vendor import process and
coordinate fixes with upstream until things are at a point where most of
this is automated a system of automated checks and balances to confirm
that the updates being made to the component help maintain a security
supply chain for this given component.
Thank you benl and jkim for your past efforts in this component area.
Hopefully I can do my part to help improve this critical space further
as you both did in your respective tenures.
MFC after: 3 days
This is a rollup commit from upstream to fix:
Reject oversized inputs in ASN1_mbstring_ncopy()
cms: kek_unwrap_key: Fix out-of-bounds read in check-byte validation
cms: kek_unwrap_key: test for fix out-of-bounds read in check-byte validation
Avoid length truncation in ASN1_STRING_set
pkcs12: verify that the pbmac1 key length is safe
Reject potentially forged encrypted CMS AuthEnvelopedData messages
QUIC stack must limit the number of PATH_CHALLENGE frames processed in RX
Fix NULL dereference in QUIC address validation
Fix potential NULL dereference processing CMS PasswordRecipientInfo
Fix potential NULL dereference in OSSL_CRMF_ENCRYPTEDVALUE_decrypt()
Enforce implicit rejection for CMS/PKCS#7 decryption
Use the correct issuer when validating rootCAKeyUpdate
Match the local q DHX parameter against the peer's q
Apply the buffered IV on the AES-OCB EVP_Cipher() path
Fix handling of empty-ciphertext messages in AES-GCM-SIV and AES-SIV
Fix possible use-after-free in OpenSSL PKCS7_verify()
Approved by: so
Obtained from: OpenSSL
Security: FreeBSD-SA-26:35.openssl
Security: CVE-2026-7383
Security: CVE-2026-9076
Security: CVE-2026-34180
Security: CVE-2026-34181
Security: CVE-2026-34182
Security: CVE-2026-34183
Security: CVE-2026-42764
Security: CVE-2026-42766
Security: CVE-2026-42767
Security: CVE-2026-42768
Security: CVE-2026-42769
Security: CVE-2026-42770
Security: CVE-2026-45445
Security: CVE-2026-45446
Security: CVE-2026-45447
Otherwise an unprivileged user can disable randomization of the base
address for PIEs even if they are setugid.
Add a regression test.
Approved by: so
Security: FreeBSD-SA-26:32.elf
Security: CVE-2026-49414
Reported by: David Berard
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57397
- ARM C1-Premium erratum 4193780
- ARM C1-Ultra erratum 4193780
- ARM Cortex-A76 erratum 4193800
- ARM Cortex-A76AE erratum 4193801
- ARM Cortex-A77 erratum 4193798
- ARM Cortex-A78 erratum 4193791
- ARM Cortex-A78AE erratum 4193793
- ARM Cortex-A78C erratum 4193794
- ARM Cortex-A710 erratum 4193788
- ARM Cortex-X1 erratum 4193791
- ARM Cortex-X1C erratum 4193792
- ARM Cortex-X2 erratum 4193788
- ARM Cortex-X3 erratum 4193786
- ARM Cortex-X4 erratum 4118414
- ARM Cortex-X925 erratum 4193781
- ARM Neoverse-N1 erratum 4193800
- ARM Neoverse-N2 erratum 4193789
- ARM Neoverse-V1 erratum 4193790
- ARM Neoverse-V2 erratum 4193787
- ARM Neoverse-V3 erratum 4193784
- ARM Neoverse-V3AE erratum 4193784
These are all variants on an erratum where TLBI+DSB instructions on
one CPU may incorrectly complete early leading to stores to an updated
address using an incorrect translation on another CPU.
In all cases the workaround is to add a second TLBI+DSB.
Approved by: so
Security: FreeBSD-SA-26:31.arm64
Security: CVE-2025-10263
Sponsored by: Arm Ltd
The runtime linker in glibc relies on the AT_SECURE auxv entry to know
whether the executable is set-ugid, if so then various dangerous
functionality such as LD_PRELOAD is disabled.
The check added in commit 669414e4fb failed to take into account the
fact that during execve, P_SUGID may not yet be set for a set-ugid
process. Correct the test.
Approved by: so
Security: FreeBSD-SA-26:30.linux
Security: CVE-2026-49413
Reported by: Minseong Kim
Fixes: 669414e4fb ("Implement AT_SECURE properly.")
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57350
We drop the inpcb lock in order to copy in the source list, but this
leaves a window where the multicast filter structure might be freed.
This can be exploited to obtain root privileges.
In the v4 code this race is mitigated by holding the global multicast
lock across the gap.
Restructure the code to copy in filters before doing anything else, so
that there's no need to drop the inpcb lock and reason about the
correctness of doing so. Do the same in the v4 code for consistency.
Approved by: so
Security: FreeBSD-SA-26:29.ip6_multicast
Security: CVE-2026-49412
Reported by: Andrew Griffiths <andrew@calif.io>
Reported by: Maik Münch <maik@secfault-security.com>
Reviewed by: glebius
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57347
The channel buffer mapped by dsp_mmap_single() may be freed when the
device handle is closed, but the mapping persists beyond that, allowing
userspace to read or write memory owned by a different consumer.
Fix the problem by adding a reference counter to the sound buffer.
Define pager ops for the VM object returned by dsp_mmap_single() and use
them to manage the extra reference.
Add a regression test.
Approved by: so
Security: FreeBSD-SA-26:27.sound
Security: CVE-2026-49417
Reported by: Lexpl0it, 75Acol, Liyw979, Rob1n
Reviewed by kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57393
Normally, data processed on the KTLS receive path is contained in
anonymous mbufs that can be modified in place. Either the data
originates in receive buffers from a NIC driver, or for loopback
connections the data is anonymous-backed mbufs created when writing to
a socket. One potential source of non-anonymous mbufs are mbufs
created by sendfile(2) which borrow the pages of the underlying file,
either via M_EXTPG or EXT_SFBUF that are sent over a loopback
connection. For a well-formed loopback TLS session, the sender should
only use sendfile(2) if KTLS is enabled. If TLS is fully handled in
userspace, the sender must use write(2) or send(2) which allocate
anonymous mbufs. If KTLS transmit is enabled, then sendfile(2) on a
loopback connection will always use crypto via OCF and will allocate
anonymous pages to hold the encrypted data.
However, if sendfile(2) is used to send file-backed data directly over
a loopback connection where KTLS is not enabled on the sender side,
the KTLS receive path can modify the file-backed pages in place
overwriting the file's data. One potential fix would be to replace
non-anonymous mbufs in a received TLS record with anonymous mbufs
(e.g. via m_dup()) before passing the record to OCF. However, there
is no legitimate use case for using sendfile(2) over a loopback TLS
connection without using KTLS on the sender side, so instead simply
fail decryption requests and close the connection if non-anonymous
mbufs are encountered in the RX decryption path.
Add a test for this that verifies that the original data backing the
file descriptor used as the source for sendfile() is unchanged after
being processed.
Approved by: so
Security: FreeBSD-SA-26:26.ktls
Security: CVE-2026-45257
Co-authored-by: Drew Gallatin <gallatin@FreeBSD.org>
Sponsored by: Chelsio Communications
Sponsored by: Netflix
Approved by: so
Security: FreeBSD-SA-26:25.thr
Security: CVE-2026-45256
Reported by: Igor Gabriel Sousa e Souza
Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
Reviewed by: emaste, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57237
This is consistent with allow_read_dir and allow_ptrace.
PR: 293485
Fixes: c289291a67 ("tty: Add sysctl knob to globally disable TIOCSTI")
Sponsored by: The FreeBSD Foundation
Shell variable names cannot be safely quoted with shell_escape() —
only alphanumeric characters are valid. Add validation that set-name
only matches [a-zA-Z0-9]+; invalid values are rejected with a
warning and the rename is skipped entirely.
The hostname value was written inside double quotes in
/etc/rc.conf.d/hostname. POSIX shell performs command substitution
inside double quotes, so a hostname containing $() or backticks would
be executed when the file is sourced (e.g., by rc(8)).
Switch to using the existing shell_escape() helper, which wraps values
in single quotes. In POSIX shell, single-quoted strings are completely
literal — no expansion or substitution of any kind is performed.
While the hostname is already validated to contain only
[a-zA-Z0-9.-], this change provides defense-in-depth so the output
format is safe regardless of future validation changes.
Reported by: Yazdan Soltani <yazdan.soltani@gmail.com>
If virtual_oss is not enabled when these rules run on startup, dmesg
will show the following messages:
Starting devd.
virtual_oss_cmd: Could not open control device: /dev/vdsp.ctl: No such file or directory
virtual_oss_cmd: Could not open control device: /dev/vdsp.ctl: No such file or directory
Reported by: olce, Mark Millard <marklmi@yahoo.com>
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Packets received with the following configuration are associated with
AXGE_RX_MII_ERR, which looks legit since there's no AXGE_RX_CRC_ERR
or AXGE_RX_DROP_PKT attached:
axge0: <ASIX Elec. Corp. AX88179, rev 2.10/1.00, addr 3> on usbus0
miibus0: <MII bus> on axge0
rgephy0: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 3 on miibus0
rgephy0: OUI 0x00e04c, model 0x0011, rev. 5
rgephy0: none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow
Without this, 'dhclient ue0' never gets valid lease as all the DHCP
replies are dropped by the driver.
This behaviour is align with the reference driver provided by the
vendor(ASIX_USB_NIC_Linux_Driver_Source_v3.5.0.tar.bz2).
MFC after: 2 weeks
C++ exposes cfenv functions via using ::func. Our name-mangling
mechanism rewrites all function calls causing symbols such as
std::feclearexcept to be transformed into std::__feclearexcept_int.
Since no such function exists, compilation fails.
The using ::feclearexpect declarations themselves are unaffected because
they are not function calls, which further exposes the mismatch
As a result, enable the fast path only for C and fall back to the slow
path in C++.
Reviewed by: kib
Fixes: 5bc64b7d41
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57450