310119 Commits

Author SHA1 Message Date
Tony Hutter 59dc88602e nvpair: Check for un-terminated strings in packed nvlist
Add additional checks to verify a packed string or string array nvpair
is terminated.  Or more specifically, verify doing a strlen() on the
prospective string does not overrun the packed nvlist buffer.

Also add additional checks in the libzfs_input_checks test case to
verify un-terminated strings, and add in a nvlist ioctl payload
fuzz test for good measure.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Tony Hutter <hutter2@llnl.gov>
Closes #18604
2026-06-01 14:55:20 -07:00
Alexander Motin 4bc8c39b62 zed: Prefer dRAID distributed spares to regular ones
One of the main dRAID features is avoiding single drive bottlenecks
by using distributed spares.  Activation of regular spare will take
more time, during which the dRAID redundancy is even lower than in
case of RAIDZ.  But regular spares might still be added to the pool
as a second line of defence, possibly shared by several vdevs.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Alexander Motin <alexander.motin@TrueNAS.com>
Closes #18578
2026-06-01 14:49:38 -07:00
Ed Maste f77d37cffd linuxulator: Return EINVAL for invalid inotify flags
We implement all of the currently-defined Linux inotify mask bits and
flags, with the same values as Linux.  Return EINVAL for unknown bits,
as Linux does.

This also moves the translation inline into linux_inotify_add_watch.

Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57387
2026-06-01 14:42:38 -04:00
Mark Johnston 68004e56fd net: Fix handling of unmapped user pages in if_getgroup()
We cannot call copyout() while in a net epoch section, unless the user
memory is wired.  Use the global ifnet lock to synchronize the accesses
instead.

Reported by:	emaste
Reviewed by:	zlei
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D57154
2026-06-01 18:22:57 +00:00
Mark Johnston 49d90d9ddf lagg: Handle a port count of zero
The sc_count check in lagg_transmit_ethernet() and
lagg_transmit_infiniband() is racy, as the lagg protocol handlers are
only synchronized by net_epoch.  Handle a count of 0 in each protocol
handler where it's needed, namely in the RR and LB handlers.

Reported by:	Yuxiang Yang, Yizhou Zhao, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM5.1 from Z.ai
Reviewed by:	pouria, zlei
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D56942
2026-06-01 18:22:57 +00:00
Dimitry Andric 86326398b7 Merge commit 63c29df8eceb from llvm git (by Dmitry Polukhin):
[Serialization] Fix assertion on re-deserialized friend template spec… (#200566)

  …ialization in PCH (#198133)

  A friend function-template specialization declared inside a class
  template is serialized into a PCH. When the class template is later
  instantiated while loading the PCH, the friend specialization can be
  deserialized re-entrantly (VisitFriendDecl -> VisitFunctionDecl -> ...
  -> VisitFunctionDecl for the same specialization) at the same time as
  the canonical copy, producing two redeclarations of the same
  specialization in the template's specialization set.

  ASTDeclReader::VisitFunctionDecl asserted that this collision could only
  happen when merging declarations from different modules. Since
  38b3d87bd384, friend functions defined inside dependent class templates
  are loaded eagerly, so the collision can now also occur within a single
  PCH/AST file (non-modules build), tripping the assertion:

    Assertion failed: (Reader.getContext().getLangOpts().Modules &&
    "already deserialized this template specialization"), function
    VisitFunctionDecl

  The merge that follows (mergeRedeclarable) already links the two
  redeclarations correctly regardless of whether modules are enabled, so
  the fix is to drop the modules-only assumption and let the merge run.

  Fixes https://github.com/llvm/llvm-project/issues/198133

This fixes (well, simply removes :) an assertion when building the
cad/OrcaSlicer port with precompiled headers turned on.

PR:		295296
MFC after:	3 days
2026-06-01 19:10:11 +02:00
Konstantin Belousov 16f21c5af3 amd64: there is no reason to copy ucode around in ucode_load_bsp()
PR:	294630
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differrential revision:	https://reviews.freebsd.org/D57368
2026-06-01 19:35:33 +03:00
Konstantin Belousov 606d3cb1be amd64: do not switch back and restore UEFI IDT in wrmsr_early_safe_end()
The memory where the pre-OS IDT was located might be already consumed by
kernel.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D57321
2026-06-01 19:35:33 +03:00
Ed Maste 72e34b3e39 get/setpriority: Add capability mode checks
Reviewed by: oshogbo
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57345
2026-06-01 12:30:20 -04:00
Olivier Certner 79d0dbc9c6 MAC/do: Fix double-free on parse error after "executable paths" feature
parse_rules() has been calling toast_rules() in case of a parse error in
order to deallocate the 'struct rule' objects it has constructed up to
that point.

toast_rules() would take a pointer to a full 'struct rules' object, and
besides freeing all 'struct rule' referenced by it, would also free the
holding 'struct rules' itself.

With the introduction of the "executable paths" feature, and the
embedding of 'struct rules' into 'struct conf', meaning that the
lifecycle for 'struct rules' was no longer independent, toast_rules()
was changed not to free the passed 'struct rules' (as it was a field of
a 'struct conf' object).  Unfortunately, this change was not completed
with a reinitialization of the rules list head, so the 'struct conf'
object would continue to reference just-freed rules, which then would be
freed a second time on destruction of that container.

So, make toast_rules() re-initialize the rules list in 'struct rules',
which it logically has been having to do since not freeing the enclosing
'struct rules'.  This alone is enough to fix the bug, but let's use the
occasion to change the contract of parse_rules() and bring its herald
comment up-to-date: On error, parse_rules() now simply leaves already
constructed 'struct rule' objects in 'conf'.  The latter is eventually
destroyed and the rule objects reclaimed at that point.

Add a test trying to set an invalid rules configuration with the first
rule being valid and the second being invalid, which triggers the bug
(and an immediate panic() on an INVARIANTS kernel).

Reported by:    impost0r(ret2plt) <impostor@ret2p.lt>
Reviewed by:    markj
Fixes:          9818224174 ("MAC/do: Executable paths feature (GSoC 2025's final state)")
Sponsored by:   The FreeBSD Foundation
2026-06-01 17:23:51 +02:00
Pietro Cerutti 84dd0acd1c dma: support relaying to an LMTP endpoint
Approved by:		bapt
Differential Revision:	https://reviews.freebsd.org/D55627
Upstream:		https://github.com/corecode/dma/pull/152
2026-06-01 12:19:57 +00:00
Dag-Erling Smørgrav dfd2273d27 sh: Fix pipebuf limit
Since the factor is not 1, we need to provide a unit.

MFC after:	1 week
Fixes:		5d92f20c7d ("bin/sh: support RLIMIT_PIPEBUF")
Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D57352
2026-06-01 10:51:41 +02:00
ShengYi Hung 4ccbceefeb spi: Remove incorrect pci id
This id is for SPI flash instead of spi bus

Fixes: 39e297bf54 ("ig4iic: Add PantherLake IDs")
MFC after:      2 weeks
Sponsored by:  The FreeBSD Foundation
Sponsored by:  Framework Computer Inc
2026-06-01 16:45:20 +08:00
Olivier Certner 1876f629b9 style.9: Fix a typo (missing word)
Fixes:          af2c7d9f64 ("style.9: Encourage style changes when doing significant modifications")
MFC after:      1 day
Sponsored by:   The FreeBSD Foundation
2026-06-01 09:40:11 +02:00
Stefan Eßer f983cb362d fs/msdosfs: add support for file namws with surrogate pairs
Long file names are using UTF-16 symbols to represent international or
special characters. The implementation in FreeBSD did not support the
"Supplementary Private Use Area-B" (PUA-B), which requires a surrogate
pair to be represented in UTF-16 (Unicode code points beyond U+FFFF).

The PUA-B is used to represent emoji characters, which are supported
in file names on other common operating systems. The motivation for
this change was that removable media written on another system were
only partially readable on FreeBSD, since they contained emojis in
file names.

A test script that verifies correct operations on files names with
emojis has been added to the tools/test/stress2/misc directory under
the name msdos24.sh.

Reported by:	Fabian Keil <fk@fabiankeil.de>
Reviewed by:	ib
Approved by:	mkcusick
MFC after:	1 week
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D57313
2026-06-01 08:22:31 +02:00
Daniel Schaefer 39e297bf54 ig4iic: Add PantherLake IDs
MFC after:      2 weeks
Sponsored by:   Framework Computer Inc
Signed-off-by: Daniel Schaefer <dhs@frame.work>
2026-06-01 14:02:52 +08:00
Warner Losh a1d78374b5 stand: Revert the EFI loader back to strict mode
The change to relaxed mode has had too many unintended breakages. Revert
back to strict mode until that works for all the cases that are
currently broken.

Fixes: 784150fd25, d69fc3a9dc
PR:  295289
Sponsored by: Netflix
2026-05-31 21:38:58 -06:00
Christos Longros 20d56830f9 CI: add concurrency support to zfs-arm
The zfs-arm workflow was the only build/test workflow without a
concurrency block, so superseded runs were not cancelled.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Christos Longros <chris.longros@gmail.com>
Closes #18608
2026-05-31 18:27:40 -07:00
Christos Longros bfb914ca58 CI: apt-get update before purging host packages
The package removal ran against a stale package index and failed to
fetch a package that had been removed from the repository. Refresh
the index first.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Christos Longros <chris.longros@gmail.com>
Closes #18607
Closes #18609
2026-05-31 18:25:26 -07:00
Robert Clausecker 439710cf00 assert.h: Revert "Remove leading tabs for whitespace consistency"
This reverts commit 157c184689.

As per style(9), a tab goes after #define.  This should not have been
removed.

Reported by:	kib
Fixes:		157c184689.
Pull Request:	https://github.com/freebsd/freebsd-src/pull/2203
2026-05-31 21:49:23 +02:00
Konstantin Belousov 963a92d63b amd64: explain in more details why the slop is needed
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2026-05-31 22:18:46 +03:00
Anaelle Cazuc 03c69dd901 pmc: add sapphire rapids model
This commit adds the sapphire rapids CPU model to hwpmc_intel.c,
allowing hwpmc to be used on this CPU family.

Reviewed by:	mhorne
MFC after:	3 days
Sponsored by:	Stormshield
Differential Revision:	https://reviews.freebsd.org/D57263
2026-05-31 14:50:20 -03:00
Konstantin Belousov 510ee6698d linux_ntsync: linux compat shim for ntsync(9)
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D57038
2026-05-31 20:17:07 +03:00
Konstantin Belousov d0ea3aff90 ntsync: add kinfo reporting
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D57038
2026-05-31 20:14:47 +03:00
Konstantin Belousov 0ac9aac81c ntsync: install headers for userspace consumption
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D57038
2026-05-31 20:14:47 +03:00
Konstantin Belousov 03ca6dbdb8 ntsync(4)
The driver implements the ntsync interface as specified in the Linux
7.0-rc3 document Documentation/userspace-api/ntsync.rst.  Only the
documentation and the userspace tests (Linux'
tools/testing/selftests/drivers/ntsync/ntsync.c) were used for
reference.  When the documentation contradicted the tests, tests
behavior was implemented.

One quirk is that Linux API needs to return an error from ioctl() and to
copyout the modified ioctl() argument.  Our generic ioctl() is not flexible
enough to implement this, so the ntsync_ioctl_copyout() hack allows to
copyout the ioctl parameter directly from the ioctl method, instead of
relying on the ioctl infra.

The FreeBSD port of the tests, that can be compiled both on FreeBSD and
Linux, is available at https://github.com/kostikbel/freebsd-ntsync-test.
The Linux binary compiled with the Linux test harness, cannot be run
under linuxolator due to unimplemented syscalls, but the shims in
freebsd-ntsync-test can be compiled on Linux and resulting Linux/glibc
binary run on linuxolator to test linux compat.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D57038
2026-05-31 20:10:46 +03:00
Ahmad Khalifa aef014de3f Revert "edk2: enable static asserts for *INT64 alignment"
This fails when using WITH_BEARSSL. It seems like we build the EFI bits
of libsecureboot (which is really just part of libsa in this case), even
when building the BIOS loader. Revert for now to unbreak the build.

This reverts commit 2fa4bdd7f9.

Reported by: freebsd@walstatt-de.de
2026-05-31 15:12:34 +03:00
Ahmad Khalifa 23996d940a stand/efi/Makefile: fix build order
Move liblua32efi and ficl32efi before .WAIT, otherwise there's a race
between the interpreter and the loader being built.

Reported by:	kbowling
Discussed with:	kevans
Fixes:		d15cc7625d
2026-05-31 14:48:05 +03:00
Joshua Rogers 8809ea46f1 ukbd: fix SET_REPORT wValue always using report ID 0 for LED output
ukbd_set_leds_callback() built the SET_REPORT control request with
USETW2(req.wValue, UHID_OUTPUT_REPORT, 0) before the loop that
determines the actual HID report ID from sc_id_numlock,
sc_id_scrolllock, or sc_id_capslock.  The data payload was already
correctly prefixed with the real report ID when id != 0, but the
control request's wValue told the device to set report ID 0, which
does not exist on devices that use non-zero report IDs for LED output.

Apple Internal Keyboard / Trackpad (0x05ac:0x0274) uses report ID 1
for LED output.  The mismatch caused the device to STALL every
SET_REPORT request, so the capslock LED could never be updated.

Move the USETW2 call to after the LED-detection loop so that wValue
carries the correct report ID.

Signed-off-by:	Joshua Rogers <Joshua@Joshua.Hu>
Reviewed by:	wulf
MFC after:	1 week
Pull Request:	https://github.com/freebsd/freebsd-src/pull/2210
2026-05-31 14:29:15 +03:00
Bjoern A. Zeeb b53eab3229 LinuxKPi: idr: use macros for lock idr lock operations
Our idr implementation is using a mtx lock which in the past has
already caused problems (613723bac2).
In order to make it easier to tackle the problem start by factoring
out all the operations related to the idr->lock into macros as we
have often done in other parts of code as well.

Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
Reviewed by:	wulf, emaste
Differential Revision: https://reviews.freebsd.org/D55392
2026-05-30 21:45:47 +00:00
Bjoern A. Zeeb d07460f194 LinuxKPI: 802.11 suspend/resume: fix the is_pci_dev check
Shortly before I committed the works from a year ago, jhb added a
function ("is_pci_device") so that the check against the devclass
does not have to be coded in every driver.  Use this instead in main
(and stable/15 in case the works get MFCed).

At the same time this fixes the check (the old one was wrong) as we
attach to the LinuxKPI 802.11 driver, e.g., iwlwifi and thus we need
to check the parent of the parent and not just the parent to be
of the devclass "pci" in the identify bus function.  The was the
first error.  The second was (and this is why it worked) that we
checked for == instead of != and so the wrong check became true again.

Discussed with:	jhb
Fixes:		11d69a4558 ("LinuxKPI: 802.11: add support for s/r")
MFC after:	3 days
X-MFC after:	ffcf5e3566 ("pci: Add is_pci_device helper function")
Sponsored by:	The FreeBSD Foundation
2026-05-30 21:33:51 +00:00
Bjoern A. Zeeb 49b413c4b0 rtwn/usb: add ID for D-Link DWA-121 rev B1 to rtwn RTL8188EU
Add the device ID to the usbdevs table in order to be able to use
it in the rtwn/usb driver for the RTL8188EU attachment.

(I adjusted the name to B1 compared to the original submission)

PR:		291839
MFC after:	3 days
2026-05-30 21:29:09 +00:00
Pawel Biernacki a64148e21b linux: Add support for PR_SET_VMA to prctl(2)
Implement dummy support for PR_SET_VMA with PR_SET_VMA_ANON_NAME in
prctl(2).  This prevents applications from receiving EINVAL when
attempting to name anonymous memory regions.
2026-05-30 19:52:58 +00:00
Aymeric Wibo eda74fe479 rand(3): Normalize function ordering
Align ordering between NAME & SYNOPSIS sections.

Obtained from:	https://github.com/apple-oss-distributions/libc
Sponsored by:	Klara, Inc.
2026-05-30 20:07:29 +01:00
Faraz Vahedi c115aad996 assert.3: Update as per C23
Signed-off-by:	Faraz Vahedi <kfv@kfv.io>
Reviewed by:	fuz
MFC after:	1 month
Pull Request:	https://github.com/freebsd/freebsd-src/pull/2203
2026-05-30 15:43:52 +02:00
Faraz Vahedi 0fe73dcf7c libc: Add <assert.h> C23 feature test macro
Signed-off-by:	Faraz Vahedi <kfv@kfv.io>
Reviewed by:	fuz
MFC after:	1 month
Pull Request:	https://github.com/freebsd/freebsd-src/pull/2203
2026-05-30 15:43:52 +02:00
Faraz Vahedi 867b51452e libc: Add variadic assert in accordance with C23
Signed-off-by:	Faraz Vahedi <kfv@kfv.io>
Reviewed by:	fuz
MFC after:	1 month
Pull Request:	https://github.com/freebsd/freebsd-src/pull/2203
2026-05-30 15:43:51 +02:00
Faraz Vahedi 157c184689 assert.h: Remove leading tabs for whitespace consistency
Signed-off-by:	Faraz Vahedi <kfv@kfv.io>
Reviewed by:	fuz
MFC after:	1 month
Pull Request:	https://github.com/freebsd/freebsd-src/pull/2203
2026-05-30 15:43:51 +02:00
Faraz Vahedi c5c7d18d01 libc: Restrict the static_assert macro to pre-C23 modes
Signed-off-by:	Faraz Vahedi <kfv@kfv.io>
Reviewed by:	fuz
MFC after:	1 month
Pull Request:	https://github.com/freebsd/freebsd-src/pull/2203
2026-05-30 15:43:51 +02:00
Faraz Vahedi 64502126e1 mdmfs: Use standard bool definition
Include `<stdbool.h>` instead of defining a local bool enum.
This avoids duplicating a standard type name and keeps the
source compatible with headers that provide bool as a macro,
or in case of C23 that compilers provide it as keyword.

Signed-off-by:	Faraz Vahedi <kfv@kfv.io>
Reviewed by:	fuz
MFC after:	1 month
Pull Request:	https://github.com/freebsd/freebsd-src/pull/2203
2026-05-30 15:43:51 +02:00
Faraz Vahedi 60c11e7c54 rpcsvc: Remove obsolete bool definition from yp_prot.h
`yp_prot.h` has carried a SunRPC-era typedef of `bool` guarded by
`BOOL_DEFINED`, but the header itself does not use it. The YP/RPC
interfaces use `bool_t` for protocol booleans.

Defining `bool` in a public header collides with modern C headers
that provide `bool` as a macro or keyword, such as `<stdbool.h>`
and C23-aware assert handling. Drop the compatibility typedef and
leave `bool` definition to the consumer's language mode.

Signed-off-by:	Faraz Vahedi <kfv@kfv.io>
Reviewed by:	fuz
MFC after:	1 month
Pull Request:	https://github.com/freebsd/freebsd-src/pull/2203
2026-05-30 15:43:51 +02:00
Konstantin Belousov 201090678e imgact_elf: add sysctl kern.elfXX.phnums for the number of program headers
that are accepted in the activated image or interpreter.

Requested by:	jhb
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D57328
2026-05-30 15:56:40 +03:00
Ahmad Khalifa 2fa4bdd7f9 edk2: enable static asserts for *INT64 alignment
The ia32 loader is now built with -malign-double, so these should pass.

Differential Revision:	https://reviews.freebsd.org/D55386
2026-05-30 05:40:58 +03:00
Ahmad Khalifa d15cc7625d stand: compile ia32 EFI loader with -malign-double
The UEFI spec says:
> Structures are aligned on boundaries equal to the largest internal
> datum of the structure and internal data are implicitly padded to
> achieve natural alignment.

Unlike the old Intel EFI toolkit, the EDK2 headers expect ia32 builds to
use -malign-double to achive this.

Make EFI versions of libsa32, liblua32, and ficl32. With the difference
being that they are compiled with -malign-double.

Differential Revision:	https://reviews.freebsd.org/D55385
2026-05-30 05:40:39 +03:00
Mark Johnston f048a1a1de tests/ipsec: Run in parallel
Use execenv=jail to enable this.

MFC after:	1 week
2026-05-30 01:16:51 +00:00
Alek P c90dc28089 enforce exact decompressed length for lz4, gzip, and zstd
Decompressors must expand a ZFS block to exactly the expected number
of bytes. Treat decompression to an unexpected length as failure, so
truncated or short output is not accepted as valid decompression. This
makes our handling of decompress return values consistent with the
decompression functions' APIs.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Alexander Motin <alexander.motin@TrueNAS.com>
Signed-off-by: Alek Pinchuk <Alek.Pinchuk@connectwise.com>
Closes #18599
2026-05-29 18:13:39 -07:00
Olivier Cochard e492ad08fc netlink/route: extend pre-2.6.19 Linux compat shim to del/getroute
Commit f34aca55ad ("netlink/route: provide pre-2.6.19 Linux compat shim",
2024-06) fixed the partial fix for net/bird2 on the netlink path by mapping the
legacy 8-bit struct rtmsg::rtm_table field onto the modern 32-bit RTA_TABLE
attribute when the latter is absent.

That fix, however, was only applied to rtnl_handle_newroute. The two sibling
handlers: rtnl_handle_delroute and rtnl_handle_getroute were left looking at
attrs.rta_table directly. They are reachable from exactly the same client
(bird, in its netlink scan path), so any FIB number that fits in 8 bits
silently maps to RT_TABLE_UNSPEC in those handlers.

Reviewed by:	melifaro (previous version)
Approved by:	emaste
MFC after:	1 week
Sponsored by:	Netflix
2026-05-30 01:23:12 +02:00
Ed Maste 96dbc9a8de netlink: Check permissions for interface flag changes
Reviewed by:	pouria, melifaro
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57332
2026-05-29 19:11:21 -04:00
Ed Maste 9ddb6064f8 netlink: Use early exit pattern in _nl_modify_ifp_generic
No functional change.

Reviewed by:	pouria, melifaro
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57349
2026-05-29 19:11:21 -04:00
Stefan Eßer 11f23d7c07 tools/test/stress2/misc: Fix and enable new tests
The previously committed versions of these tests failed to prevent
duplicate file names in the list of files to process, leading to
missing files when a "mv" commando tried to operate on a file that
had already been renamed.

The test for filenames containing UTF-16 surrogate pairs stays
disabled, since the required kernel changes have not been committed,
yet.
2026-05-30 01:10:35 +02:00