Commit Graph

306537 Commits

Author SHA1 Message Date
Jonathan T. Looney 37d86e9487 witness: mark relationships defined in order_lists[]
Mark the lock relationships defined in order_lists[] and use that
information to print better messages when a LOR violates one of these
relationships.

Suggested by:	markj
Reviewed by:	kib, markj
MFC after:	1 month
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D54903
2026-01-27 20:27:51 +00:00
Gordon Tetlow 9c151e1fbf openssl: Fix multiple vulnerabilities
This is a rollup commit from upstream to fix:
  Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (CVE-2025-11187)
  Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467)
  NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (CVE-2025-15468)
  "openssl dgst" one-shot codepath silently truncates inputs >16MB (CVE-2025-15469)
  TLS 1.3 CompressedCertificate excessive memory allocation (CVE-2025-66199)
  Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160)
  Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418)
  Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419)
  Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420)
  NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421)
  Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795)
  ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (CVE-2026-22796)

See https://openssl-library.org/news/secadv/ for additional details.

Approved by:	so
Obtained from:	OpenSSL
Security:	FreeBSD-SA-26:01.openssl
Security:	CVE-2025-11187
Security:	CVE-2025-15467
Security:	CVE-2025-15468
Security:	CVE-2025-15469
Security:	CVE-2025-66199
Security:	CVE-2025-68160
Security:	CVE-2025-69418
Security:	CVE-2025-69419
Security:	CVE-2025-69420
Security:	CVE-2025-69421
Security:	CVE-2026-22795
Security:	CVE-2026-22796
2026-01-27 19:13:40 +00:00
John Baldwin 72a6991b80 bluetooth: Don't use a non-string to initialize NG_HCI_BDADDR_ANY
Explicitly use an array of 6 zeroes instead of a C string containing
nul characters.  GCC 15 warns about the truncation, but this is
cleaner regardless.

In file included from /usr/obj/.../amd64.amd64/tmp/usr/include/bluetooth.h:51,
                 from usr.sbin/virtual_oss/virtual_bt_speaker/bt_speaker.c:45:
usr.sbin/virtual_oss/virtual_bt_speaker/bt_speaker.c: In function 'register_sdp':
usr.sbin/virtual_oss/virtual_bt_speaker/bt_speaker.c:96:13: error: initializer-string for array of 'unsigned char' truncates NUL terminator but destination lacks 'nonstring' attribute (7 chars into 6 available) [-Werror=unterminated-string-initialization]
   96 |             NG_HCI_BDADDR_ANY, (const uint8_t *)&record, sizeof(record),
      |             ^~~~~~~~~~~~~~~~~

Reviewed by:	dim
Differential Revision:	https://reviews.freebsd.org/D54869
2026-01-27 13:40:38 -05:00
John Baldwin 5c504c625d kyua: Workaround unclear warning from GCC
GCC 15 does not like a push_back() invocation in utils::find_core()
and incorrectly believes libc++ will free a non-heap pointer.  Disable
the warning to pacify GCC.

In function 'void std::__1::__libcpp_operator_delete(_Args ...) [with _Args = {void*, long unsigned int}]',
    inlined from 'void std::__1::__do_deallocate_handle_size(void*, size_t, _Args ...) [with _Args = {}]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/new:298:39,
    inlined from 'void std::__1::__libcpp_deallocate(void*, size_t, size_t)' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/new:311:39,
    inlined from 'void std::__1::allocator<_Tp>::deallocate(_Tp*, size_t) [with _Tp = utils::fs::path]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/__memory/allocator.h:132:31,
    inlined from 'static void std::__1::allocator_traits<_Alloc>::deallocate(allocator_type&, pointer, size_type) [with _Alloc = std::__1::allocator<utils::fs::path>]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/__memory/allocator_traits.h:314:19,
    inlined from 'std::__1::__split_buffer<_Tp, _Allocator>::~__split_buffer() [with _Tp = utils::fs::path; _Allocator = std::__1::allocator<utils::fs::path>&]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/__split_buffer:365:31,
    inlined from 'std::__1::vector<_Tp, _Alloc>::pointer std::__1::vector<_Tp, _Alloc>::__push_back_slow_path(_Up&&) [with _Up = utils::fs::path; _Tp = utils::fs::path; _Allocator = std::__1::allocator<utils::fs::path>]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/vector:1504:1,
    inlined from 'void std::__1::vector<_Tp, _Alloc>::push_back(value_type&&) [with _Tp = utils::fs::path; _Allocator = std::__1::allocator<utils::fs::path>]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/vector:1526:34,
    inlined from 'utils::optional<utils::fs::path> utils::find_core(const fs::path&, const process::status&, const fs::path&)' at contrib/kyua/utils/stacktrace.cpp:217:25:
/usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/new:274:38: error: 'void operator delete(void*, size_t)' called on pointer '<unknown>' with nonzero offset [24, 9223372036854775807] [-Werror=free-nonheap-object]
  274 |   __builtin_operator_delete(__args...);
      |                                      ^
In function 'void* std::__1::__libcpp_operator_new(_Args ...) [with _Args = {long unsigned int}]',
    inlined from 'void* std::__1::__libcpp_allocate(size_t, size_t)' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/new:289:31,
    inlined from '_Tp* std::__1::allocator<_Tp>::allocate(size_t) [with _Tp = utils::fs::path]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/__memory/allocator.h:118:54,
    inlined from 'constexpr std::__1::__allocation_result<typename std::__1::allocator_traits<_Alloc>::pointer> std::__1::__allocate_at_least(_Alloc&, size_t) [with _Alloc = allocator<utils::fs::path>]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/__memory/allocate_at_least.h:41:27,
    inlined from 'std::__1::__split_buffer<_Tp, _Allocator>::__split_buffer(size_type, size_type, __alloc_rr&) [with _Tp = utils::fs::path; _Allocator = std::__1::allocator<utils::fs::path>&]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/__split_buffer:353:49,
    inlined from 'std::__1::vector<_Tp, _Alloc>::pointer std::__1::vector<_Tp, _Alloc>::__push_back_slow_path(_Up&&) [with _Up = utils::fs::path; _Tp = utils::fs::path; _Allocator = std::__1::allocator<utils::fs::path>]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/vector:1498:47,
    inlined from 'void std::__1::vector<_Tp, _Alloc>::push_back(value_type&&) [with _Tp = utils::fs::path; _Allocator = std::__1::allocator<utils::fs::path>]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/vector:1526:34,
    inlined from 'utils::optional<utils::fs::path> utils::find_core(const fs::path&, const process::status&, const fs::path&)' at contrib/kyua/utils/stacktrace.cpp:216:25:
/usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/new:265:42: note: returned from 'void* operator new(size_t)'
  265 |   return __builtin_operator_new(__args...);
      |                                          ^

Reviewed by:	imp, dim
Differential Revision:	https://reviews.freebsd.org/D54868
2026-01-27 13:39:41 -05:00
John Baldwin 6fb87a1a60 bsd.sys.mk: Silence a few GCC warnings for C++
These warnings were already marked with -Wno-error=, but they trigger
so many false positives in libc++ headers to be utterly useless for
C++ code, so disable them entirely for C++.

Reviewed by:	imp, dim
Differential Revision:	https://reviews.freebsd.org/D54867
2026-01-27 13:39:05 -05:00
John Baldwin 2dea50a661 netbsd-tests t_regex_att: Use __nonstring for a non-string constant
Fixes the following warning from GCC 15:

contrib/netbsd-tests/lib/libc/regex/t_regex_att.c:54:30: error: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (4 chars into 3 available) [-Werror=unterminated-string-initialization]
   54 | static const char delim[3] = "\\\\\0";
      |                              ^~~~~~~~

Reviewed by:	ngie, imp, dim
Differential Revision:	https://reviews.freebsd.org/D54866
2026-01-27 13:38:31 -05:00
John Baldwin bfc6e56f63 Merge commit 81b20e110b3f from llvm git (by Roland McGrath):
[libc++] Work around new GCC 15 type_traits builtins that can't be
    used as Clang's can (#137871)

    GCC 15 has added builtins for various C++ type traits that Clang
    already had.  Since `__has_builtin(...)` now finds these, the #if
    branches previously only used for Clang are now used for GCC 15.
    However, GCC 15 requires that these builtins only be used in type
    aliases, not in template aliases.

    For now, just don't use the `__has_builtin(...)` branches under newer
    GCC versions, so both 14 and 15 work during the transition.  This
    can be cleaned up later to use all the GCC 15 builtins available.

    Fixed: #137704
    Fixed: #117319

Reviewed by:	dim
Differential Revision:	https://reviews.freebsd.org/D54865
2026-01-27 13:34:58 -05:00
John Baldwin 093fffa296 sys: Use __is_aligned and __align_down for some kstack alignment operations
Reviewed by:	kib, jhibbits
Effort:		CHERI upstreaming
Sponsored by:	AFRL, DARPA
Differential Revision:	https://reviews.freebsd.org/D54840
2026-01-27 13:31:23 -05:00
John Baldwin 9272b78062 powerpc: Fix alignment of initial PCB on kstack
Commit cc81c44dd8 aimed to consolidate
duplicated code between the Book-E and AIM backends.  For
cpu_thread_alloc cpu_thread_alloc and cpu_fork it used the AIM
functions which used a bogus alignment mask (~0x2f).  The Book-E
functions used a proper alignment mask (~0x3f).  The AIM functions
appear to have been busted since they were first imported in commit
919cb3362f.

To fix, use the Book-E mask which requests 64 byte alignment.
Probably this was harmless in practice since td_kstack is page aligned
and struct pcb is probably a multiple of 32 bytes in size, so the 0x10
bit should have been clear anyway.

Reviewed by:	fuz, jhibbits
Fixes:		cc81c44dd8 ("Unify ABI-related bits of the Book-E and AIM...")
Effort:		CHERI upstreaming
Sponsored by:	AFRL, DARPA
Differential Revision:	https://reviews.freebsd.org/D54839
2026-01-27 13:30:46 -05:00
John Baldwin 05609c5eff arm: Make init_proc0 static
This function is not used outside of machdep.c and is already static
on arm64 and riscv.

Reviewed by:	imp
Effort:		CHERI upstreaming
Sponsored by:	AFRL, DARPA
Differential Revision:	https://reviews.freebsd.org/D54838
2026-01-27 13:30:23 -05:00
Gleb Smirnoff 29c3350f39 ipfw: fix my stupid error in casting void * to enum
Fixes:	349fcf079c
2026-01-27 10:02:46 -08:00
Gleb Smirnoff d8a78048a2 ipfw: don't recurse on the upper half lock in ipfw_iface_ref()
Fixes:	e3caa360d5
2026-01-27 09:38:20 -08:00
Roman Bogorodskiy b01763b2b2 bhyve: make BHYVE_SNAPSHOT amd64-only
Build fails with BHYVE_SNAPSHOT enabled on non-amd64,
so add it to BROKEN_OPTIONS for these arches.

PR:			292686
Reviewed by:		emaste, markj
MFC after:		3 days
Sponsored by:		The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D54873
2026-01-27 17:55:17 +01:00
Bojan Novković 4bcc5a3cdc btree/bt_seq.c: Fix two NULL pointer dereferences
This change fixes two NULL pointer dereferences caused by the
__bt_first function.

The first was caused by returning 0 (i.e., RET_SUCCESS) when a key
was not found, causing the caller to dereference an uninitalized
or NULL pointer. The second one was caused by an if statment clobbering
a local variable with a function call result that might be NULL.

Reported by:	clang-tidy
Sponsored by:	Klara, Inc.
Reviewed by:	markj
Obtained from:	https://github.com/apple-oss-distributions/libc (partially)
Differential Revision:	https://reviews.freebsd.org/D54905
2026-01-27 17:47:23 +01:00
Cy Schubert af9d11303c CODEOWNERS: Add myself to WPA 2026-01-27 07:52:05 -08:00
Cy Schubert 19a913c4ed CODEOWNERS: Add myself to Heimdal and MIT KRB5 2026-01-27 07:52:04 -08:00
Ed Maste 5b036b2585 CODEOWNERS: Add myself to capsicum-test 2026-01-27 10:29:01 -05:00
Mark Johnston a265c8b4a5 ip_mroute: Convert to using a regular mutex
The multicast routing code was using spin mutexes for packet counting,
but there is no reason to use them instead of regular mutexes, given
that none of this code runs in an interrupt context.  Convert to using
default mutexes.

Reviewed by:	glebius
MFC after:	2 weeks
Sponsored by:	Stormshield
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D54603
2026-01-27 14:58:02 +00:00
Mark Johnston ef389b7f58 atf_python: Fix a typo in a type annotation
No functional change intended.

MFC after:	1 week
Sponsored by:	Stormshield
Sponsored by:	Klara, Inc.
2026-01-27 14:57:31 +00:00
Mark Johnston 0f1e135070 ip_mroute: EVENTHANDLER_REGISTER does not fail
No functional change intended.

MFC after:	1 week
Sponsored by:	Stormshield
Sponsored by:	Klara, Inc.
2026-01-27 14:56:55 +00:00
Mark Johnston 0dba3626a1 RELNOTES: Document a pf enhancement 2026-01-27 14:05:42 +00:00
Mark Johnston 120c0bb833 divert: Update divert.4 to mention pf
pf's divert-to action can be used to pass packets to a divert socket,
but divert.4 didn't mention this, only referencing ipfw.  Try to make
the text a bit more general.

Reviewed by:	igoro, kp, glebius
MFC after:	2 weeks
Sponsored by:	OPNsense
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D54848
2026-01-27 14:04:48 +00:00
Mark Johnston b0d9970950 pf: Pass v6 packets to the divert socket
There is no particular limitation of divert sockets with respect to
IPv6, and the pf.conf man page does not mention the restriction to IPv4.

Extend the divert-to regression tests to exercise the v6 case.

Reviewed by:	igoro, kp, glebius
MFC after:	3 weeks
Sponsored by:	OPNsense
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D54847
2026-01-27 14:04:48 +00:00
Bojan Novković 1e233e393d btree/bt_split.c: Fix a misaligned if statement
Sponsored by:	Klara, Inc.
2026-01-27 14:52:29 +01:00
Tom Jones 069a67374e ip6: Remove support for RFC2675 (Jumbo Payload Option)
The Jumbo Payload option was intended to allow the deployment of IPv6 on
networks with a link MTU in excess of 65,735 octets.

Speaking to one of the authors of RFC2675 the networks which motivated
the Jumbo Payload option no longer exist.

FreeBSD does not currently support any links with this capacity and
discussion when this change was first proposed suggested that the loop
back interface had to be patched to test implementation.

As there are no known devices that can carry Jumbo Payloads remove
support.

Reviewed by:	glebius, teuxen, kp
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D19960
2026-01-27 13:20:33 +00:00
Sreekanth Reddy 823f158a01 bnxt_re/libbnxtre: Add support for Variable WQE on BCM576xx controllers
Variable size WQE means that each send Work Queue Entry to
HW can use different WQE sizes as opposed to the static WQE
size on the current devices. Set variable WQE mode for BCM576xx
devices. Depth of the Queue will be a multiple of slot which
is 16 bytes. The number of slots should be a multiple of 256
as per the HW requirement.
Initialize the Software shadow queue to hold requests equal to
the number of slots.

Reviewed by: ssaxena
Differential Revision: https://reviews.freebsd.org/D54525
MFC after: 3 days
2026-01-27 12:13:47 +00:00
Sreekanth Reddy 3a9565c2a8 bnxt_re: Add support to display board_id in ibv_devinfo output
Added support to display board_id in ibv_devinfo output.
ibv_devinfo util reads the board_id from below sysctl
attribute, so added this sysctl attribute.

sys.class.infiniband.bnxt_reX.board_id

Reviewed by: ssaxena
Differential Revision: https://reviews.freebsd.org/D54524
MFC after: 3 days
2026-01-27 12:13:09 +00:00
Sreekanth Reddy b7d6334df6 bnxt_re: Fix active_speed value when two ports are aggregated
Currently driver is not considering the active_lanes while
displaying the speed & width of port and hence it showing
invalid active_speed and active_width values in the ibv_devinfo
command output when two ports are aggregated at hardware level.
Fixed the driver to consider the active_lanes while determining
the active_speed & active_width values.

Reviewed by: ssaxena
Differential Revision: https://reviews.freebsd.org/D54523
MFC after: 3 days
2026-01-27 12:12:23 +00:00
Sreekanth Reddy 913e454f30 bnxt_en/re: Use FW defined resource limit for RoCE
Check FW flags for status of Resource Limits. If bit
FUNC_QCAPS_RESP_FLAGS_EXT2_SW_MAX_RESOURCE_LIMITS_SUPPORTED
is set, that means FW set the resource limit for L2 and RoCE.
We'll then do the following:

L2 driver would allocate context memory based on what FW reported.
RoCE driver uses FW reported values without capping. These values
are the total FW reported value minus L2 and other components shares.

For example:

FW reported max_qps = 137217 in L2 query, this includes:
5120 for L2
1025 for QP1
131072 for RoCE
L2 will allocate backing store memory for the total.
In RoCE query, we'll get max_qp = 131072 and use it
without further capping.

Reviewed by: ssaxena
Differential Revision: https://reviews.freebsd.org/D54522
MFC after: 3 days
2026-01-27 12:11:41 +00:00
Sreekanth Reddy 92ba9b2fe5 bnxt_re/libbnxtre: Add RoCE support for BCM576xx controllers
Added RoCE support for BCM576xx controllers with below changes,

1. Update the BAR offsets for handling BCM576xx controllers.
Use the values populated by the L2 driver for getting the
Doorbell offsets.

2. Use msn index instead of tail to pull psn table entry.

3. Temporarily disable dbr pacing feature untill it is
fully implemented.

4. Add support for 400G speed.

Reviewed by: ssaxena
Differential Revision: https://reviews.freebsd.org/D54521
MFC after: 3 days
2026-01-27 12:10:42 +00:00
Navdeep Parhar 77d71f5f36 cxgbe(4): Fix netmap rx behavior with nm_split_rss
The driver should look for active queues and one potential default-queue
in both halves of the split instead of stopping at the first valid
default-queue.

Fixes:		a9f476580e cxgbe(4): fixes for netmap operation with only some queues active
MFC after:	1 week
Sponsored by:	Chelsio Communications
2026-01-26 21:45:50 -08:00
Adrian Chadd 9a5baa9c58 powerpc: disable the TLBIE lock, it's not needed for POWER8
According to POWER8_UM_v1.3_16MAR2016 3.8.3 Translation Lookaside
Buffer (TLB), POWER8 supports lockless TLBIE operations.

Locally Tested:

* IBM POWER8 Revision 2.0, dual socket, 160 threads

Differential Revision:	https://reviews.freebsd.org/D54855
Approved by:	jhibbits
2026-01-26 20:39:37 -08:00
Adrian Chadd 422c8719ea powerpc: add a best-effort SMP time base sync for G5's that need it
There's no timebase freeze platform routine registered on my dual 2.3GHz
G5 PPC970FX Apple PowerMac.

For platforms without an explicit timebase freeze/unfreeze, we'll have to
make do with what we have - which for now is an explicit hand-crafted
spinlock/rendezvous method.

* For existing platforms, they'll still continue to clock freeze /
  rendezvous; albeit with some stronger atomic bits now (from jhibbits@.)
* Instead of the fallback being "no timesync", implement a
  best-effort one which does a similar rendezvous barrier between
  BSP and APs, but instead of freeze/unfreeze the first instruction
  after the CPUs all register they're ready is to set the timebase.

This has resulted in many reboots of my Powermac G5 dual-socket device
correctly starting and running in SMP mode.

Differential Revision:  https://reviews.freebsd.org/D54821
Reviewed by:	jhibbits
2026-01-26 20:38:23 -08:00
Konstantin Belousov d47c1c2cf5 sbin/setkey: add -Z option to disable receive timeouts
Sponsored by:	NVidia networking
MFC after:	1 week
2026-01-27 02:44:03 +02:00
Anaëlle CAZUC 69de2b4e96 bnxt: don't set media status if link is down
When the link is down don't set flags other than IFM_AVALID & IFM_ETHER
This avoids `media: Ethernet autoselect (Unknown <full-duplex>)` on ifconfig

Reviewed by:	zlei, pouria
Approved by:	glebius (mentor)
MFC after:	1 week
Sponsored by:	Stormshield
Differential Revision: https://reviews.freebsd.org/D54573
2026-01-27 02:51:48 +03:30
Gleb Smirnoff d1a8f1a62f ipfw: don't use the upper half lock to walk dynamic states buckets
The lock is sleepable and we can't grab it in dyn_tick().  Use the
individual bucket locks instead.

Fixes:	e3caa360d5
2026-01-26 15:05:17 -08:00
Mark Johnston 31e5decb18 arm64/vmm: Simplify vmmpmap_remove()
This function handles invalid intermediate PTP entries, but there's no
reason for this: the passed range should be mapped.  In particular, we
assert that all L3 entries encountered are mapped.  So let's simplify
the code a bit.  No functional change intended.

Reviewed by:	andrew
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D54738
2026-01-26 22:03:51 +00:00
Mark Johnston 1db1e4bdc6 bhyve: Use PCIOCGETCONF to find the host LPC bridge
pci_host_read_config() requires write access to /dev/pci so cannot be
used with unprivileged bhyve.  The lpc init code uses it to find the
host system's LPC bridge device and so was generating warnings with
bhyve running as a non-root user.

Refactor the implementation to use PCIOCGETCONF instead, which doesn't
require any special privileges.  This isn't formally necessary, as we
only care about copying the host system's identifiers in order to
support Intel GPU passthrough (see commit f4ceaff56d), but it's
straightforward and lets an unprivileged user run bhyve without seeing
warnings about failing to open /dev/pci with write permissions.

Reviewed by:	corvink, rew
MFC after:	3 weeks
Sponsored by:	The FreeBSD Foundation
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D54851
2026-01-26 22:03:51 +00:00
Konstantin Belousov 77c5f29453 libc: document posix_spawnattr_{get,set}procdescp_np(3)
Reviewed by:	asomers
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D54899
2026-01-26 23:47:50 +02:00
Alan Somers 6253212608 Add pdrfork to OpenBSM
It's necessary for auditd to be able to log its events.  Note that the
recently added pdwait() syscall is only auditable because an audit event
of that name was preemptively added back in 2012.

PR:		292739
MFC after:	1 week
Fixes:		5c2ee618d5 "sys: add pdrfork(2)"
Sponsored by:	ConnectWise
Reviewed by:	kib
Differential Revision: https://reviews.freebsd.org/D54897
2026-01-26 14:03:47 -07:00
Jonathan T. Looney fb4b0c9119 witness: Provide facility to print detailed lock tree
When witness(4) detects lock order reversals (LORs), it prints
information about the stack trace which caused the LOR. If available,
it can also print information about the first stack trace which
established the other lock ordering. However, it only does this for
"simple" LORs where the two locks in question were directly locked
in the opposite order. When the lock order was established through
a more complex pattern of intermediate locks, WITNESS only prints
the stack trace where it detected the LOR.

This commit provides new functionality to provide more verbose
information about the lock chain(s) which established the lock
ordering. The new functionality can be disabled by setting the
debug.witness.trace sysctl/tunable to 1. The new functionality
is also available through the debug.witness.badstacks sysctl,
which has been modified to always show the more verbose
information.

Reviewed by:	markj, glebius (previous version), kib (previous version)
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D54785
MFC after:	1 month
2026-01-26 20:22:57 +00:00
Jose Luis Duran fe962e33d8 METALOG: Order keyword entries
To facilitate comparison with mtree -C generated output, keep the
keywords ordered.

No functional change intended.

Reviewed by:	imp
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D54872
2026-01-26 20:19:44 +00:00
Konstantin Belousov 2a5b083c1f posix_spawnattr_getexecfd_np.3: add closing .Fc
Fixes:	9bf69c37f43e96292e97e41bf942d7aca4101362
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2026-01-26 22:09:40 +02:00
Konstantin Belousov 080d8ed7dd libc: add posix_spawnattr_{get,set}procdescp_np
Reviewed by:	asomers
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D54879
2026-01-26 21:30:14 +02:00
Konstantin Belousov 74a2bf1b7a libsys: add pdrfork_thread() on x86
Reviewed by:	asomers
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D54879
2026-01-26 21:30:05 +02:00
Mark Johnston 8934c3dc78 pf tests: Set require.kmods in divert-to tests
Tests should declare their dependencies rather than testing for them at
runtime.

Reviewed by:	igoro, kp, glebius
MFC after:	2 weeks
Sponsored by:	OPNsense
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D54846
2026-01-26 17:24:25 +00:00
Mark Johnston 39878d24a6 pf: Rationalize the ip_divert_ptr test
If a rule has a divert port set, then we can reasonably predict that
ipdivert.ko is loaded, and in particular that ip_divert_ptr is set.

Moreover, in this case, if ipdivert.ko is not loaded we should just drop
the packet instead of ignoring the divert rule.

Reviewed by:	igoro, kp, glebius
MFC after:	2 weeks
Sponsored by:	OPNsense
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D54845
2026-01-26 17:23:33 +00:00
Aymeric Wibo 49ec19f1e1 acpi: Add ACPI_SPMC debug layer define
Reported by:	des
Fixes:	c5daa5a4c3 ("acpi_spmc: Add system power management controller driver")
Sponsored by:	The FreeBSD Foundation
2026-01-26 18:02:41 +01:00
Dag-Erling Smørgrav 0eb2c9d39b freebsd32: Fix includes
The previous commit added <sys/cdefs.h>, which isn't actually needed.
Conversely, <sys/event.h> is needed (and has been for a long time) but
was not included.

MFC after:	1 week
Fixes:		a11d132f6c ("devstat: Provide 32-bit compatibility")
Reported by:	gallatin@
2026-01-26 17:37:40 +01:00
Doongar Singh 972c488bf4 riscv: Add macro for hfence.gvma instruction
Add an inline function hfence_gvma() for hfence.gvma instruction.

Signed-off-by:	Doongar Singh <doonbsd@gmail.com>
Reviewed by:	mhorne, markj
Differential Revision:	https://reviews.freebsd.org/D54857
2026-01-26 12:23:16 -04:00