Commit Graph

306178 Commits

Author SHA1 Message Date
Siva Mahadevan 33f2f3049a committers-src: add myself (siva@)
Reviewed by:		lwhsu
Approved by:		lwhsu (mentor)
Differential Revision:	https://reviews.freebsd.org/D54744
2026-01-16 13:22:32 -05:00
Mark Johnston c527f58bb1 exterr: Regenerate exterr_cat_filenames.h 2026-01-16 15:56:51 +00:00
Mark Johnston bda6ed2ee4 exterr: Sort output from make_libc_exterr_cat_filenames.sh
Otherwise the script may permute the order of entries in the file since
find(1) output is not stable.

Reviewed by:	kib
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D54669
2026-01-16 15:56:33 +00:00
Hans Rosenfeld e2d7bec6bc bhyve: Want walk_config_nodes
Add a function to all nodes under a config option node. This allows
parsing an arbitrary number of similarly structured configuration
options in a config option group.

Reviewed by:	corvink, markj
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D51551
2026-01-16 10:48:34 -04:00
ShengYi Hung 87c4d6555b hwpstate_amd: Use ipi instead of sched_bind + thread_lock
Reviewed by:    olce
Approved by:    markj (mentor)
MFC after:      2 weeks
Differential Revision: https://reviews.freebsd.org/D54505
2026-01-16 22:38:15 +08:00
ShengYi Hung 5b61ef94d6 smp: add smp_rendezvous_cpu helper function
Reviewed by:    olce
Approved by:    markj (mentor)
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D54551
2026-01-16 22:38:12 +08:00
Dimitry Andric b39662fc38 vchiq: fix build with clang 21
When compiling vchiq with clang 21, the following -Werror warning is
produced:

    sys/contrib/vchiq/interface/vchiq_arm/vchiq_arm.c:728:27: error: default initialization of an object of type 'VCHIQ_QUEUE_MESSAGE32_T' with const member leaves the object uninitialized [-Werror,-Wdefault-const-init-field-unsafe]
      728 |                 VCHIQ_QUEUE_MESSAGE32_T args32;
          |                                         ^
    sys/contrib/vchiq/interface/vchiq_arm/vchiq_ioctl.h:151:40: note: member 'elements' declared 'const' here
      151 |         const /*VCHIQ_ELEMENT_T * */ uint32_t elements;
          |                                               ^

While the warning is formally correct, the 'args32' object is
immediately initialized after its declaration. Therefore, suppress the
warning.

MFC after:	3 days
2026-01-16 15:02:35 +01:00
Michael Tuexen bbd30927b1 bge: disable TXCSUM if UDP transmit checksum offloading is disabled
The bge interface is special with respect to transmit checksumi
offloading. In the default settings, an bge interface announces TXCSUM
capabilities, but only supports TCP/IPv4 and not UDP/IPv4 due to
limitations of some of the NICs. This results in problems when the bge
interface becomes a member of a bridge. Since currently only the
TXCSUM capabilities are synced when a member is added to a bridge and
not the protocol specific capabilities, this can result in a situation
where UDP packets are sent out using a bge interface without having a
correct checksum.
To mitigate this problem, initially don't announce TXCSUM capabilities,
when UDP transmit checksum is disabled. It is still possible to enable
TXCSUM capabilities via ifconfig.

PR:			291420
Reviewed by:		Timo Voelker
MFC after:		3 days
Differential Revision:	https://reviews.freebsd.org/D54486
2026-01-16 13:36:53 +01:00
Dag-Erling Smørgrav 77a6992bf5 MINIMAL: Add virtio_scsi
This allows a MINIMAL kernel to boot in qemu/kvm.

MFC after:	1 week
Sponsored by:	Klara, Inc.
Sponsored by:	NetApp, Inc.
2026-01-16 13:31:12 +01:00
Michael Tuexen 1f5b1de1fd ipv6: account for jumbo payload option
If a jumbo payload option is added, the length of the mbuf chain is
increased by 8 but the actual hop-by-hop extension header with the
jumbo playload option is only inserted in the packet if there are
other options. Therefore, adjust optlen to reflect the actual size
of IPv6 extension headers including the hop-by-hop extension header
containing the jumbo payload option.

Reported by:		syzbot+73fe316271df473230eb@syzkaller.appspotmail.com
Reviewed by:		markj, Timo Voelker
MFC after:		3 days
Differential Revision:	https://reviews.freebsd.org/D54394
2026-01-16 12:49:40 +01:00
Michael Tuexen f8ddf74175 dwc: improve IPv4 transmit checksum offloading
This patch provides two improvements for TCP/IPv4 and UDP/IPv4
transmit checksum offloading:
(1) Use *CIC_SEG instead of *CIC_FULL, since FreeBSD always provides
    a pseudo header checksum.
(2) Don't make transmit IPv4 header checksum offloading a prerequisite
    for TCP/IPv4 or UDP/IPv4 transmit checksum offloading.
This is the root cause of PR 291696, since right now the epair
interface does not support transmit IPv4 header checksum offloading,
but TCP/IPv4 and UDP/IPv4 transmit checksum offloading.

PR:			291696
Reviewed by:		Timo Voelker
Tested by:		Marek Benc
MFC after:		3 days
Differential Revision:	https://reviews.freebsd.org/D54395
2026-01-16 12:02:53 +01:00
Brooks Davis a01a4c0730 CODEOWNERS: register interest in some infrastructure 2026-01-16 09:43:12 +00:00
Brooks Davis d78291b0e9 lib/virtual_oss: don't (over)link to libsamplerate
These plugins require samplerate.h due to virtual_oss's int.h including
it, but don't use any symbols directly so don't link to the library.

Centralize adding the include path.

Reviewed by:	christos
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D54705
2026-01-16 09:34:18 +00:00
Brooks Davis 373c72ad50 virtual_oss: build system tidying
general:
 - find libsamplerate's headers in the temporary sysroot instead of
   digging in the source tree.
 - use LIBADD where possible

lib/virtual_oss:
 - centralize SHLIBDIR define
 - centralize include path for internal headers
 - don't try to find libsamplerate directly in .OBJDIR

No functional changes.

Reviewed by:	christos
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D54704
2026-01-16 09:33:56 +00:00
Brooks Davis adab1dd6a7 virtual_oss: build commands/libs in parallel
Reviewed by:	christos
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D54703
2026-01-16 09:33:50 +00:00
Brooks Davis 497a13601f virtual_oss: remove needless .include in intermediate Makefile
It doesn't define anything we use.

Reviewed by:	christos
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D54702
2026-01-16 09:33:22 +00:00
Kyle Evans 22569a1d80 Bump __FreeBSD_version for MAC changes 2026-01-16 03:06:38 -06:00
Kyle Evans c18631fe79 RELNOTES: document the MAC/jail integration
Reviewed by:	jamie, markj
Differential Revision:	https://reviews.freebsd.org/D54737
2026-01-16 03:04:39 -06:00
Kyle Evans 1e8c28712a jail: document the mac.label parameter
In particular, we should provide a hint about mac.conf(5), since libjail
will just use the mac_prepare_type(3) API to provide a reasonably sane
interface for system administrators.  Progammers wanting to fetch an
arbitrary MAC label would need to bypass libjail and use jail_get(2)
directly with their own prepared `struct mac`.

Differential Revision:	https://reviews.freebsd.org/D54067
2026-01-15 18:23:40 -06:00
Kyle Evans db3b39f063 libjail: extend struct handlers to included MAC labels
MAC label handling is a little special; to avoid being too disruptive,
we allocate a `mac_t *` here for the value so that we can mac_prepare()
or mac_from_text() into.  As a result, we need:

 - A custom free() handler to avoid leaking the *jp_value
 - A custom jailparam_get() handler to mac_prepare() the mac_t and
    populate the iove properly, so that the kernel doesn't have to
    do something funky like copyin, dereference, copyin again.
 - A custom jailparam_set() handler to similarly populate the iovec
    properly.

Reviewed by:	jamie
Differential Revision:	https://reviews.freebsd.org/D53960
2026-01-15 18:23:40 -06:00
Kyle Evans 1af8d5652a libjail: start refactoring struct ioctl support
Instead of ad-hoc comparisons against the struct type in a few places,
start to abstract out an interface for dealing with struct types.  For
now, this just means that we have some special jailparam_import and
jailparam_export handling for the ip addr types, but in the next commit
we'll extend it further to support MAC labels.

Reviewed by:	jamie
Differential Revision:	https://reviews.freebsd.org/D53959
2026-01-15 18:23:40 -06:00
Kyle Evans bd55cbb50c kern: add a mac.label jail parameter
Have it take a `struct mac` and we'll paper over the difference for
jail(8)/jls(8) in libjail(3).  The mac_syscalls.h model is taken from
mac_set_proc_*() that were previously done.

Reviewed by:	olce
Differential Revision:	https://reviews.freebsd.org/D53958
2026-01-15 18:23:39 -06:00
Kyle Evans 626fe12e28 kern: mac: pull mac_label_copyin_string out
A future commit to the area will further our jail integration and add
a use for this: the struct mac itself was already copied in as part of
vfs_buildopts(), so we only need to copyin the strings.

We add an explicit flag argument because the jail operation will need to
do it while holding the prison lock.

Reviewed by:	olce
Differential Revision:	https://reviews.freebsd.org/D53957
2026-01-15 18:23:39 -06:00
Kyle Evans 31c2728185 mac_set_fd(3): add support for jail descriptors
We'll still add an old-fashioned jail param to configure jail MAC
labels, but for testing it's really easy to grab a jaildesc and use
that.

Reviewed by:	jamie, olce
Differential Revision:	https://reviews.freebsd.org/D53956
2026-01-15 18:23:39 -06:00
Kyle Evans d7a517eb6d jaildesc: add an accessor for the struct prison in a jaildesc
We'll subsequently use this in the MAC framework to get a struct prison
when we already have the struct file in question, rather than an fd.

Reviewed by:	jamie, olce
Differential Revision:	https://reviews.freebsd.org/D53955
2026-01-15 18:23:39 -06:00
Kyle Evans 8254b0dec0 kern: mac: add various jail MAC hooks
This adds the following hooks:
 - mpo_prison_check_attach: check for subject capability to attach to
    a given jail
 - mpo_prison_check_create: check for subject capability to create a
    jail with the given option set
 - mpo_prison_check_get: check for subject capability to fetch the
    given parameters for a jail
 - mpo_prison_check_set: check for subject capability to set the
    given parameters for a jail
 - mpo_prison_check_remove: check for subject capability to remove the
    jail

check_get wouldn't typically be a privileged operation, but is included
to give MAC policies a wider range of capabilities at a relatively low
cost.  We also add two more for the purpose of label propagation:
 - mpo_prison_created: surface the creation of a jail so that one can
    do propagation to, e.g., the root vnode or any mounts
 - mpo_prison_attached: attach an existing process to the jail so that
    one can propagate the jail label to the process, as appropriate.

It is unclear if this is preferred vs. having separate associate entry
points for each type of object we might associate.  That would split
these up like so:

 - prison_created -> prison_associate_vnode
 - prison_attached -> prison_associate_proc

Some sample policy ideas that should be feasible to implement with this
set of hooks, in case it's inspiring:
 - mac_bomb: policy that allows a poudriere user to construct jails
    without root privilege, given a restricted set of jail parameters.
    Slap a warning label on it.
 - mac_capsule: policy that realizes the capsule idea that I pitched[0]
    on -jail@ to create jails that are effectively immutable once
    sealed, using these hooks and a label.

Perhaps a silly idea, but a downstream could consider a scenario where
it can implement special jail enumeration using a MAC policy and a
cooperating application that specifies non-parameter options to filter
the results.

[0] https://lists.freebsd.org/archives/freebsd-jail/2025-September/000550.html

Reviewed by:	olce (slightly earlier version)
Differential Revision:	https://reviews.freebsd.org/D53954
2026-01-15 18:23:39 -06:00
Kyle Evans 92b7366e43 mac: add macros for 5-argument SDT probes
A last-minute change to the jail MAC entry points in D53954 is going to
pass the jail_[gs]et(2) flags to mac_prison_check_[gs]et() so that a
policy can, e.g., reject or allow a change if the intent is to
immediately attach, or disallow some fetching of dying jails.

Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D54658
2026-01-15 18:23:39 -06:00
Kyle Evans 11d6ea47f0 kern: mac: add a MAC label to struct prison
Reviewed by:	olce
Differential Revision:	https://reviews.freebsd.org/D53953
2026-01-15 18:23:39 -06:00
Rick Macklem 4fc11c92d3 nfsd: Fix handling of attributes during Open/Create/Exclusive_41
When an NFSv4.n client specifies settings for attributes other
mode during a Open/Create/Exclusive_41, these other attributes
were not being set.

This patch resolves the problem by calling nfsrv_fixsattr()
after the VOP_CREATE() call in nfsvno_open() for this case.

There is no extant NFSv4.n client that currently does this,
as far as I know.

MFC after:	2 weeks
2026-01-15 15:27:22 -08:00
Gleb Smirnoff 51786cdeb0 sockets: remove unused pr_sosend_notsupp(), pr_soreceive_notsupp() 2026-01-15 13:57:31 -08:00
Gleb Smirnoff 77f453e9f9 tests/if_ovpn: add missing cleanup to the multihome6 test
Fixes:	0bfcfb3cb1
2026-01-15 13:40:33 -08:00
Gleb Smirnoff f9ae08a889 linux: on vnet detach call clean_unrhdr(9) always
The assumption was incorrect, and the current VIMAGE implementation leaves
a possibility for some interfaces still exist in a jail that is going
away.

Fixes:	607f11055d
2026-01-15 13:37:34 -08:00
Jose Luis Duran ce8cd5dab3 mtree: debug: Add missing krb5 entries
Reviewed by:	ivy
Differential Revision:	https://reviews.freebsd.org/D54681
2026-01-15 19:26:39 +00:00
John Baldwin 5bd84c4f0d acpi: Add a function to deregister all ioctl commands using the same function
This simplifies detach/cleanup for drivers that add multiple ACPI ioctls.

Reviewed by:	imp
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D54420
2026-01-15 13:24:08 -05:00
John Baldwin 6d6bf4a892 rtld: Use a helper variable to simplify a few lines
Reviewed by:	kib
Sponsored by:	AFRL, DARPA
Differential Revision:	https://reviews.freebsd.org/D54507
2026-01-15 13:23:42 -05:00
John Baldwin 4ba8df2a8b .github: Narrow sys/crypto warning to sys/crypto/skein
This is the only subdirectory of sys/crypto that is a vendor import.

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D54719
2026-01-15 13:23:07 -05:00
Christos Margiolis 241a43cf9d virtual_oss: Take MK_CUSE into account
Reported by:	brooks
Fixes:		f74f891581 ("src.opts: Introduce MK_SOUND")
Sponsored by:	The FreeBSD Foundation
MFC after:	4 days
Reviewed by:	brooks, emaste
Differential Revision:	https://reviews.freebsd.org/D54708
2026-01-15 19:54:22 +02:00
Christos Margiolis 37164224ee libexec/rc/rc.d/Makefile: Remove duplicate mixer entry
Fixes:		f74f891581 ("src.opts: Introduce MK_SOUND")
PR:		292436
Sponsored by:	The FreeBSD Foundation
MFC after:	4 days
Reviewed by:	ivy, emaste
Differential Revision:	https://reviews.freebsd.org/D54706
2026-01-15 19:53:55 +02:00
Kristof Provost 21d666a193 if_ovpn: add interface counters
Count input/output packets and bytes on the interface as well, not just
in openvpn-specific counters.

PR:		292464
MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-15 17:18:27 +01:00
Andrew Turner fb96702a03 depend-cleanup.sh: Clean up the old arm64 memset.S
This has moved from a generated file in objdir to the source tree.
Remove the old file and any .depend files that reference it.

Reviewed by:	bapt (via IRC)
Fixes:	41ccf82b29 ("libc/aarch64: Use MOPS implementations of memcpy/memmove/memset where availble")
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D54729
2026-01-15 15:05:28 +00:00
Johan Söllvander faa31fc0e7 netstat: Remove padding from cc and stack fields
Trim white space padding that gets added libxo fields cc and stack when
using -C and -c.

The padding is only visible if you're using multiple stacks or
congestion algorithms.

PR:             292262
MFC after:      5 days
Reviewed by:    asomers, tuexen
Approved by:    asomers (mentor)
Differential Revision:  https://reviews.freebsd.org/D54709
2026-01-15 15:21:07 +01:00
Mark Johnston 8bc63f01e3 nvme: Fix a typo
Fixes:	73c921ef1d ("nvme: Add ability to override ioq to put the request on")
2026-01-15 14:13:50 +00:00
Mark Johnston 6740cccb1e arm64/iommu: Fix a resource leak in smmu_domain_alloc()
We should free the allocated ASID if smmu_init_cd() fails.

Move the allocation of "domain" to simplify the first error path.

Reported by:	Kevin Day <kevin@your.org>
Reviewed by:	br
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D54676
2026-01-15 14:04:19 +00:00
Mark Johnston 6fef0c9ee6 arm64/vgic_v3: Fix an inverted test when reading GICD_I<C|S>ENABLER
On read, these registers' fields return 1 if forwarding of the
corresponding interrupt is enabled, and 0 otherwise.  The test in
read_enabler() was inverted.

Reported by:	Kevin Day <kevin@your.org>
Reviewed by:	andrew
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D54678
2026-01-15 14:04:06 +00:00
Mark Johnston 251662e5ab linuxkpi: Clean up linux_shmem_file_setup() a bit
- Free the pointer that was returned by the allocator, instead of the
  address of the first member.  These will be equal in practice, but
  it's sketchy and won't work on CHERI with subobject bounds checking.
- Use an anonymous struct, there's no need to name it.

Reviewed by:	bz, brooks, emaste
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D54673
2026-01-15 13:51:29 +00:00
Mark Johnston aa1eb62338 linuxkpi: Avoid a potential null pointer dereference in an error path
Reported by:	Kevin Day <kevin@your.org>
Reviewed by:	bz, emaste
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D54672
2026-01-15 13:51:17 +00:00
Mark Johnston a4955b0143 linuxkpi: Fix an error path in linux_alloc_current()
If the allocation fails we should free the task struct.

While here get rid of a couple of unnecessary assertions.

Reported by:	Kevin Day <kevin@your.org>
Reviewed by:	emaste
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D54671
2026-01-15 13:50:43 +00:00
Mark Johnston 9d015a9167 Remove the DEBUG_VFS_LOCKS kernel option
After commit 3bd8fab241 ("vfs: Move DEBUG_VFS_LOCKS checks to
INVARIANTS"), this option has no effect.  Let's finish the removal.

There are a couple of additional uses in zfs, I will submit a separate
patch upstream for them.

Reviewed by:	mckusick, kib
Differential Revision:	https://reviews.freebsd.org/D54662
2026-01-15 13:50:20 +00:00
Hans Rosenfeld 6a6f230d31 libc/stdlib: Port strtonumx() from Illumos
Add strtonumx(), a companion to strtonum(3) that preserves its safety
and error-reporting semantics while allowing the caller to specify a
conversion base, similar to the strtol(3) family of functions.

Reviewed by:	emaste, kib, ziaee
Obtained from:	https://www.illumos.org/issues/15365
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D54270
2026-01-15 09:45:42 -04:00
Warner Losh 73c921ef1d nvme: Add ability to override ioq to put the request on
Sometimes the client device needs to manage the IOQ the request goes
to. Expand the interface we have for the request to allow it to be set
for this special use case.

Sponsored by:		Netflix
Reviewed by:		jhb
Differential Revision:	https://reviews.freebsd.org/D54714
2026-01-15 06:31:53 -07:00