The tag is used to perform lookup in a different way.
New functions were introduced:
* to set, check and clear a tag
* to walk through a radix tree based on a given tag
Furthermore, the `radix_tree_delete()` function was modified to clear
tags on deletion.
The amdgpu DRM driver started to use this in Linux 6.10.
While here, the `radix_tree_gang_lookup()` function was added because it
is very close to `radix_tree_gang_lookup_tag()`, but it is not used by
the DRM drivers as of this commit.
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54503
Summary:
Doing so will let the upper layer know how to deal with software hash,
with benefits like inp_flowid can be set and m_pkthdr.flowid can be set
in output path.
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D54929
Google developed the Capsicum unit test suite[1] as part of the
Capsicum-Linux[2] project, based on unit tests that existed in FreeBSD
and unit tests developed as part of the initial Capsicum-Linux port.
Capsicum-Linux was archived as of October 31, 2022 and is no longer
being maintained. FreeBSD is currently the only consumer of and
contributor to the test suite. Move the src into tests/sys/capsicum to
simplify ongoing maintenance.
The makefiles were deleted as we (continue to) use the existing bespoke
FreeBSD Makefile, and CONTRIBUTING.md was removed as the Google CLA is
no longer applicable.
[1] https://github.com/google/capsicum-test
[2] https://github.com/google/capsicum-linux
Reviewed by: asomers, oshogbo
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54917
Avoid truncating 32-bit values. This would have saved me a bit of time
when I was looking at a cpuid leaf on my system and typed 0x80000001f
instead of 0x8000001f.
Reviewed by: kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D54919
Previously, setting an interface FIB to some invalid value would result
in a warning being printed, but the ifconfig command would exit with
status 0, but this is wrong.
Add a little regression test.
Reviewed by: pouria, zlei, melifaro
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54918
lposix is the last holdout of modules built into flua until we can fix
the module design to have the right parts require()able. Address a
valid bug in lua_read() found at a higher WARNS and drop the override
entirely. Some of the modules could possibly be re-evaluated.
Fixes: c2caf3b331 ("flua: lposix: add more useful functions [...]")
Reported by: des
Reviewed by: des
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
Previously, we would first call AcpiEvaluateObject() to execute \_Sx
before calling AcpiGetSleepTypeData(). This was unnecessary, as
AcpiGetSleepTypeData() performs the same call itself. While doing so,
the latter function logs any other error than AE_NOT_FOUND (which
indicates that a particular sleep state is not supported), which most
probably is an added benefit of this change.
Reviewed by: obiwac
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54624
Do not allocate or switch to the custom stack on non-x86.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54898
Instructions in /etc/pkg/FreeBSD.conf and elsewhere recommend putting
changes in /usr/local/etc/pkg/repos/FreeBSD.conf so bring OCI containers
into line as well.
Reviewed by: dfr, ivy
Differential Revision: https://reviews.freebsd.org/D54090
MFC after: 5 days
Sponsored by: SkunkWerks, GmbH
If net is all-zero, the loop to extract all leading non-zero octets will
iterate zero times and leave nn with the value 4, which the following
switch statement to initialise qbuf does not handle. As a result,
_dns_getnetbyaddr will look up the PTR record for this uninitialised
string, which will leak the pre-existing contents of that stack memory
to the DNS resolver and, if remote and not otherwise protected, network.
Note that _dns_getnetbyaddr is only used if nsswitch.conf is configured
to enable the "dns" source for the "networks" database, which is not the
default configuration in FreeBSD.
For glibc this same bug, in code also derived from BIND's, was issued
CVE-2026-0915. This commit adopts the same behaviour as glibc's fix,
which is to regard a net of 0 as being for 0.0.0.0. Apparently NetBSD
will return NS_UNAVAIL instead, which may or may not make more sense,
but in general glibc compatibility tends to cause less friction when
there's not a good reason to avoid it.
Reviewed by: markj (secteam)
Fixes: 1363f04ce1 ("get* rework and new bind code")
MFC after: 1 day
Security: Same bug as glibc's CVE-2026-0915
First problem is a trivial race that the client thread doesn't see updated
c.sbytes. Second problem applies only to the truncate test. On a machine
with huge default buffer sizes, there is a chance that sendfile(2) will
fill both buffers with amount of data that is larger than the size we plan
to truncate. To minimise chances for this scenario, increase file size
and truncate it less aggressively, also try to decrease buffer sizes.
The test sometimes crashes with ASLR enabled. This seems to happen when
regcomp() grows the process stack and happens to run into the virtual
memory limit set at the beginning of the test. ASLR triggers the
problem since it introduces a bit of fragmentation and thus introduces
cases where stack allocation can be the trigger of virtual memory
exhaustion, rather than dynamic memory allocation in regcomp().
Make the test stable by priming the stack before doing anything else.
This effectively reserves 16MB of virtual memory for the stack, which in
practice is enough to make the test stable on amd64.
PR: 259971
Reviewed by: ngie, emaste
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D54880
Mark the lock relationships defined in order_lists[] and use that
information to print better messages when a LOR violates one of these
relationships.
Suggested by: markj
Reviewed by: kib, markj
MFC after: 1 month
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D54903
This is a rollup commit from upstream to fix:
Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (CVE-2025-11187)
Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467)
NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (CVE-2025-15468)
"openssl dgst" one-shot codepath silently truncates inputs >16MB (CVE-2025-15469)
TLS 1.3 CompressedCertificate excessive memory allocation (CVE-2025-66199)
Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160)
Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418)
Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419)
Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420)
NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421)
Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795)
ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (CVE-2026-22796)
See https://openssl-library.org/news/secadv/ for additional details.
Approved by: so
Obtained from: OpenSSL
Security: FreeBSD-SA-26:01.openssl
Security: CVE-2025-11187
Security: CVE-2025-15467
Security: CVE-2025-15468
Security: CVE-2025-15469
Security: CVE-2025-66199
Security: CVE-2025-68160
Security: CVE-2025-69418
Security: CVE-2025-69419
Security: CVE-2025-69420
Security: CVE-2025-69421
Security: CVE-2026-22795
Security: CVE-2026-22796
Explicitly use an array of 6 zeroes instead of a C string containing
nul characters. GCC 15 warns about the truncation, but this is
cleaner regardless.
In file included from /usr/obj/.../amd64.amd64/tmp/usr/include/bluetooth.h:51,
from usr.sbin/virtual_oss/virtual_bt_speaker/bt_speaker.c:45:
usr.sbin/virtual_oss/virtual_bt_speaker/bt_speaker.c: In function 'register_sdp':
usr.sbin/virtual_oss/virtual_bt_speaker/bt_speaker.c:96:13: error: initializer-string for array of 'unsigned char' truncates NUL terminator but destination lacks 'nonstring' attribute (7 chars into 6 available) [-Werror=unterminated-string-initialization]
96 | NG_HCI_BDADDR_ANY, (const uint8_t *)&record, sizeof(record),
| ^~~~~~~~~~~~~~~~~
Reviewed by: dim
Differential Revision: https://reviews.freebsd.org/D54869
These warnings were already marked with -Wno-error=, but they trigger
so many false positives in libc++ headers to be utterly useless for
C++ code, so disable them entirely for C++.
Reviewed by: imp, dim
Differential Revision: https://reviews.freebsd.org/D54867
[libc++] Work around new GCC 15 type_traits builtins that can't be
used as Clang's can (#137871)
GCC 15 has added builtins for various C++ type traits that Clang
already had. Since `__has_builtin(...)` now finds these, the #if
branches previously only used for Clang are now used for GCC 15.
However, GCC 15 requires that these builtins only be used in type
aliases, not in template aliases.
For now, just don't use the `__has_builtin(...)` branches under newer
GCC versions, so both 14 and 15 work during the transition. This
can be cleaned up later to use all the GCC 15 builtins available.
Fixed: #137704Fixed: #117319
Reviewed by: dim
Differential Revision: https://reviews.freebsd.org/D54865
Commit cc81c44dd8 aimed to consolidate
duplicated code between the Book-E and AIM backends. For
cpu_thread_alloc cpu_thread_alloc and cpu_fork it used the AIM
functions which used a bogus alignment mask (~0x2f). The Book-E
functions used a proper alignment mask (~0x3f). The AIM functions
appear to have been busted since they were first imported in commit
919cb3362f.
To fix, use the Book-E mask which requests 64 byte alignment.
Probably this was harmless in practice since td_kstack is page aligned
and struct pcb is probably a multiple of 32 bytes in size, so the 0x10
bit should have been clear anyway.
Reviewed by: fuz, jhibbits
Fixes: cc81c44dd8 ("Unify ABI-related bits of the Book-E and AIM...")
Effort: CHERI upstreaming
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D54839
This function is not used outside of machdep.c and is already static
on arm64 and riscv.
Reviewed by: imp
Effort: CHERI upstreaming
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D54838
Build fails with BHYVE_SNAPSHOT enabled on non-amd64,
so add it to BROKEN_OPTIONS for these arches.
PR: 292686
Reviewed by: emaste, markj
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54873
This change fixes two NULL pointer dereferences caused by the
__bt_first function.
The first was caused by returning 0 (i.e., RET_SUCCESS) when a key
was not found, causing the caller to dereference an uninitalized
or NULL pointer. The second one was caused by an if statment clobbering
a local variable with a function call result that might be NULL.
Reported by: clang-tidy
Sponsored by: Klara, Inc.
Reviewed by: markj
Obtained from: https://github.com/apple-oss-distributions/libc (partially)
Differential Revision: https://reviews.freebsd.org/D54905
The multicast routing code was using spin mutexes for packet counting,
but there is no reason to use them instead of regular mutexes, given
that none of this code runs in an interrupt context. Convert to using
default mutexes.
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54603
pf's divert-to action can be used to pass packets to a divert socket,
but divert.4 didn't mention this, only referencing ipfw. Try to make
the text a bit more general.
Reviewed by: igoro, kp, glebius
MFC after: 2 weeks
Sponsored by: OPNsense
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54848
There is no particular limitation of divert sockets with respect to
IPv6, and the pf.conf man page does not mention the restriction to IPv4.
Extend the divert-to regression tests to exercise the v6 case.
Reviewed by: igoro, kp, glebius
MFC after: 3 weeks
Sponsored by: OPNsense
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54847
The Jumbo Payload option was intended to allow the deployment of IPv6 on
networks with a link MTU in excess of 65,735 octets.
Speaking to one of the authors of RFC2675 the networks which motivated
the Jumbo Payload option no longer exist.
FreeBSD does not currently support any links with this capacity and
discussion when this change was first proposed suggested that the loop
back interface had to be patched to test implementation.
As there are no known devices that can carry Jumbo Payloads remove
support.
Reviewed by: glebius, teuxen, kp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D19960
Variable size WQE means that each send Work Queue Entry to
HW can use different WQE sizes as opposed to the static WQE
size on the current devices. Set variable WQE mode for BCM576xx
devices. Depth of the Queue will be a multiple of slot which
is 16 bytes. The number of slots should be a multiple of 256
as per the HW requirement.
Initialize the Software shadow queue to hold requests equal to
the number of slots.
Reviewed by: ssaxena
Differential Revision: https://reviews.freebsd.org/D54525
MFC after: 3 days
Added support to display board_id in ibv_devinfo output.
ibv_devinfo util reads the board_id from below sysctl
attribute, so added this sysctl attribute.
sys.class.infiniband.bnxt_reX.board_id
Reviewed by: ssaxena
Differential Revision: https://reviews.freebsd.org/D54524
MFC after: 3 days
Currently driver is not considering the active_lanes while
displaying the speed & width of port and hence it showing
invalid active_speed and active_width values in the ibv_devinfo
command output when two ports are aggregated at hardware level.
Fixed the driver to consider the active_lanes while determining
the active_speed & active_width values.
Reviewed by: ssaxena
Differential Revision: https://reviews.freebsd.org/D54523
MFC after: 3 days
Check FW flags for status of Resource Limits. If bit
FUNC_QCAPS_RESP_FLAGS_EXT2_SW_MAX_RESOURCE_LIMITS_SUPPORTED
is set, that means FW set the resource limit for L2 and RoCE.
We'll then do the following:
L2 driver would allocate context memory based on what FW reported.
RoCE driver uses FW reported values without capping. These values
are the total FW reported value minus L2 and other components shares.
For example:
FW reported max_qps = 137217 in L2 query, this includes:
5120 for L2
1025 for QP1
131072 for RoCE
L2 will allocate backing store memory for the total.
In RoCE query, we'll get max_qp = 131072 and use it
without further capping.
Reviewed by: ssaxena
Differential Revision: https://reviews.freebsd.org/D54522
MFC after: 3 days
Added RoCE support for BCM576xx controllers with below changes,
1. Update the BAR offsets for handling BCM576xx controllers.
Use the values populated by the L2 driver for getting the
Doorbell offsets.
2. Use msn index instead of tail to pull psn table entry.
3. Temporarily disable dbr pacing feature untill it is
fully implemented.
4. Add support for 400G speed.
Reviewed by: ssaxena
Differential Revision: https://reviews.freebsd.org/D54521
MFC after: 3 days
The driver should look for active queues and one potential default-queue
in both halves of the split instead of stopping at the first valid
default-queue.
Fixes: a9f476580e cxgbe(4): fixes for netmap operation with only some queues active
MFC after: 1 week
Sponsored by: Chelsio Communications