Commit Graph

309175 Commits

Author SHA1 Message Date
Felipe Matarazzo a8cb5cb400 fix typo: remove extra 'the' in rack.c comment
Signed-off-by: Felipe Matarazzo <felipemps@protonmail.com>
Reviewed-by: ngie
Pull-Request: https://github.com/freebsd/freebsd-src/pull/2174
2026-04-30 09:29:17 -07:00
Felipe Matarazzo 0e235f7736 fix typo: seperate -> separate in tcp_ratelimit comment
Signed-off-by: Felipe Matarazzo <felipemps@protonmail.com>
Reviewed-by: ngie
Pull-Request: https://github.com/freebsd/freebsd-src/pull/2174
2026-04-30 09:29:17 -07:00
Felipe Matarazzo e1841a50d6 fix typo: lenght -> length in netlink comment
Signed-off-by: Felipe Matarazzo <felipemps@protonmail.com>
Reviewed-by: ngie
Pull-Request: https://github.com/freebsd/freebsd-src/pull/2174
2026-04-30 09:29:17 -07:00
Felipe Matarazzo 713332b4eb fix typo: duplicate 'the' in OP_NOTROOT comment
Signed-off-by: Felipe Matarazzo <felipemps@protonmail.com>
Reviewed-by: ngie
Pull-Request: https://github.com/freebsd/freebsd-src/pull/2174
2026-04-30 09:29:16 -07:00
Felipe Matarazzo 82525a8ead fix typo: remove duplicate 'the' in ffs_vfsops comment
Signed-off-by: Felipe Matarazzo <felipemps@protonmail.com>
Reviewed-by: ngie
Pull-Request: https://github.com/freebsd/freebsd-src/pull/2174
2026-04-30 09:29:16 -07:00
Christos Margiolis 549e740619 snd_uaudio: Support Roland UA-33
Apply the appropriate quirk. Also, introduce a new uaudio_vendor_audio
table, similar to uaudio_vendor_midi, which includes non-standard USB
audio devices. The Roland UA-33 needs this, bceause it comes with
bInterfaceClass = 0xff (vendor-specific), so snd_uaudio(4) doesn't
detect it.

PR:		294814
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Reviewed by:	emaste
Pull Request:	https://ron-dev.freebsd.org/FreeBSD/src/pulls/24
2026-04-30 17:18:30 +02:00
Artem Bunichev 0ed292531e debug.sh.8: Add FILES section
Which contains only the source code file.

While here, remove trailing empty lines in the end of the page.

Reviewed by:	mhorne
Differential Revision:	https://reviews.freebsd.org/D56659
2026-04-30 10:49:52 -03:00
Mitchell Horne 16dd592982 ddb.4: add 'show preload' entry
For the recently added command.

Fixes:	b683fd0b32 ("preload: add "show preload" DDB command")
2026-04-30 10:24:04 -03:00
Jean-Sébastien Pédron eebb643bb3 sx: Add sx_has_waiters() macro
This macro will return non-zero if there are threads waiting for this
lock; otherwise, it will return zero.

The function assumes (but does not assert) that the caller already holds
the lock and that it is interested in other threads waiting for it to
release the lock.

The motivation to add this is the implementation of
`rwsem_is_contended()` in linuxkpi.

This Linux function indicates the same thing to the caller: if other
threads are waiting for this semaphore.

The amdgpu DRM driver started to use `rwsem_is_contended()` in Linux
6.12.

Reviewed by:	bz, olce
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56443
2026-04-30 13:40:05 +02:00
Jean-Sébastien Pédron 65dc0e9071 linuxkpi: Define VFM_*() macros in <asm/cpu_device_id.h>
They use another set of constants and macros in <asm/intel-family.h>.

All these macros are defined regardless of the architecture, even though
they are specific to x86. Perhaps we should restrict them using #ifdefs.

The amdgpu DRM driver started to used `VFM_MODEL()` and the
`INTEL_*LAKE*` constants in Linux 6.12.x.

Reviewed by:	bz, olce
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56585
2026-04-30 13:40:01 +02:00
Boris Lytochkin 6d65c91b9a etcupdate: fix arguments order of diff command
Due to misplacement of the second -L argument of diff command, it is
treated by getopt_long as an error.

Also add -l option for a diff command that alters the way it shows
differences. Instead of printing full diff, it reports changed file
the same way as added/removed files are reported.

Reviewed by:	imp
Obtained from:	Yandex LLC
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D56708
2026-04-30 14:31:34 +03:00
Corvin Köhne 226b37dc3a dev/ichsmb: disable block buffer if supported
In order to improve the efficiency of block read/write calls, Intel has
introduced a block buffer. Instead of generating an interrupt after
receiving/sending a single byte, the data is buffered in the block buffer. It
allows the SMBus controller to generate a single interrupt for the whole
transfer. At the moment, we don't support that and don't expect the SMBus
controller to behave in that way. Unfortunately, BIOS code can also access the
SMBus controller and may enable the block buffer. Poorly written BIOS code may
also keep the block buffer enabled breaking our driver. Therefore, we should
check if the device supports a block buffer and disable it for every request
because we don't know if some BIOS code has reconfigured the SMBus controller
in between.

Reviewed by:		emaste
MFC after:		1 week
Sponsored by:		Beckhoff Automation GmbH & Co. KG
Pull Request:		https://github.com/freebsd/freebsd-src/pull/2161
2026-04-30 11:15:18 +02:00
Corvin Köhne 75909086a4 bhyve: allow read/write to full CRB buffer
For some reason, we've incorrectly calculated the size of the CRB data buffer
register. There's no need to divide the CRB data buffer size by 4. We should
allow access to the whole buffer instead.

Reviewed by:		markj
MFC after:		1 week
Sponsored by:		Beckhoff Automation GmbH & Co. KG
Pull Request:		https://github.com/freebsd/freebsd-src/pull/2169
2026-04-30 11:09:49 +02:00
Jean-Sébastien Pédron 713b4ce8ef linuxkpi: Add copy_from_user_inatomic_nontemporal() function
In Linux 7.1, `__copy_from_user_inatomic_nocache()` was renamed to
`copy_from_user_inatomic_nontemporal()`. This change was backported to
several LTS branches.

This includes Linux 6.12.x and the i915 DRM driver started to use it in
that version.

Reviewed by:	bz
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56719
2026-04-30 09:05:02 +02:00
Jean-Sébastien Pédron 796fff59a5 linuxkpi: Define DEFINE_XARRAY*() macros
The `DEFINE_XARRAY*()` macros are used to declare a static xarray.

As the structure embeds a mutex(9), we also need to declare the static
mutex after the `struct xarray`. Thus the slightly awkward definition
of `DEFINE_XARRAY_FLAGS()`.

The DRM generic code started to use `DEFINE_XARRAY_ALLOC()` in Linux
6.12.

Reviewed by:	bz
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56446
2026-04-30 09:05:02 +02:00
Jean-Sébastien Pédron 783d018cf9 linuxkpi: Add struct xa_limit support to xarray
The `xa_alloc*()` functions family takes a `struct xa_limit` to describe
the range of IDs the caller wants to allocate. We were using a single
mask to qualify a maximum ID only.

This commit changes that to use the same `struct xa_limit`. The logic
did not change, except it now supports a minimum ID as well.

The definition of `XA_LIMIT()` macro is adapted, as well as the
definitions of `xa_limit_*` (only `xa_limit_32b` existed, the other two
are added with this commit).

The DRM generic code started to use this `struct xa_limit` in Linux
6.12.

Reviewed by:	bz
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56445
2026-04-30 09:05:01 +02:00
Stephen J. Kiernan b683fd0b32 preload: add "show preload" DDB command
This is the DDB equivalent of the debug.dump_modinfo sysctl which
outputs pretty-printed bootloader metadata.

Move sbuf_db_printf_drain to subr_prf.c and expose it for general use.

Reviewed By: jmg
Differential Revision: https://reviews.freebsd.org/D53763
2026-04-30 01:20:12 -04:00
Abdelkader Boudih e7f4269dbf asmc: replace hardcoded model table with universal probing
Probe SMC keys at attach time to detect hardware capabilities,
supporting all Intel Apple machines without per-model entries.

Sensors are discovered by scanning sorted SMC key ranges for
known prefixes and types. Capabilities such as SMS, fan safe
speed, and ambient light are detected by key presence.

A global key description table provides human-readable names
for well-known temperature sensors.

Tested on:
 - MacBook Pro (Early 2007, Mid 2014, Mid 2015)
 - MacBook Air (Early 2015, Mid 2017)
 - iMac (Mid 2011, Late 2013)
 - Mac mini (Mid 2011)

Reviewed by:	adrian
Differential Revision:	https://reviews.freebsd.org/D56405
2026-04-29 17:38:38 -07:00
Justin Hibbits 59a844b9ce mpc85xx/msi: Add compat string for T208x/T4xxx SoCs 2026-04-29 20:14:35 -04:00
Justin Hibbits 0a705587e4 iicmux: Return the right error codes
I2C subsystem errors belong in the IIC_* error space.  It's pretty clear
this is what is intended in the code.
2026-04-29 20:14:19 -04:00
Justin Hibbits 787b5e1367 dtrace: Add missing file for powerpc kernel build 2026-04-29 20:14:19 -04:00
Justin Hibbits 605f53705d powerpc/openpic: Increase the maximum number of IRQs allowed
The Freescale MPIC supports up to 2048 IRQs, but since we only build an
array of 768 interrupts in intr_machdep, clamp the max at 512.  The most
any Freescale PowerPC chip actually supports is 452 on the T4240, so 512
is sufficient.

As part of this, increase the vector mask to the full openpic vector
mask, and use this limit as the terminator for the dispatch loop,
instead of a hard-coded 255.

Differential Revision:	https://reviews.freebsd.org/D56422
2026-04-29 20:13:48 -04:00
Justin Hibbits 40bcad56f1 powerpc/pic: Add a PIC_AP_INIT() to set up AP PIC info
pc_cpuid may not match the PIC's idea of a given CPU.  Since openpic
has a WHOAMI register, we can use that to get the PIC's idea of the CPU.
This needs to be done on each AP, so add a PIC_AP_INIT device method so
the PIC can perform any AP-specific initialization at AP bootstrap time.

This fixes SMP on e6500, which is still lacking SMT support.

Differential Revision:	https://reviews.freebsd.org/D56421
2026-04-29 20:13:48 -04:00
Andrew Gallatin 72e2ae505c tcp: release nic ktls send tags when entering time wait
When under heavy load or churn, inline ktls offload NICs may run out
of hardware resources described by ktls send tags.  Rather than
waiting for connections to pass through the time_wait state, reclaim
the ktls send tags early, at entry to time_wait. By preventing
potentially tens or hundreds of thousands of sessions from holding
send tags in time_wait, this allows more ktls sessions to be offloaded
to hardware.

Reviewed by: glebius, kib, nickbanks_netflix.com, rrs, tuexen
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D56610
2026-04-29 19:35:47 -04:00
Vincenzo Maffione 0216ea8598 netmap: check for possible out-of-bound write with options
Submitted by:	hari.thirusangu@sophos.com
MFC after:	2 weeks
2026-04-29 21:13:09 +00:00
Pouria Mousavizadeh Tehrani c5a92616c4 if_gre(4): Fix gre_clone_dump_nl address dump
Fix stack overflow by passing in_aliasreq instead of ifr
during netlink dump.

Fixes:	e1e18cc12e ("if_gre: Add netlink support with tests")
2026-04-29 22:27:46 +03:30
Dag-Erling Smørgrav 70fde0ed6b md5: Encode non-printable filenames
Encode filenames in the VIS_CSTYLE | VIS_OCTAL style regardless of
output mode.  When reading filenames from a checksum file, attempt to
decode them, and use the decoded name unless the decoded name does not
exist but the undecoded one does.

This breaks compatibility with GNU coreutils, which unfortunately uses
a non-reversible encoding when outputting filenames containing
non-printable characters.

While here, drop a sentence about preimage attacks against MD5 and SHA1
from the manual page, as I no longer trust it to be true.

MFC after:	1 week
Reviewed by:	bcr, markj
Differential Revision:	https://reviews.freebsd.org/D56615
2026-04-29 20:41:05 +02:00
Rob Norris 84ffe564df AUTHORS: add names of recent new contributors
"Speak, friend, and enter."

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Rob Norris <robn@despairlabs.com>
Closes #18475
2026-04-29 10:12:42 -07:00
Gleb Smirnoff 6883b120c5 inpcb: allow to specify different sizes for port and load balance hashes
Understand zero size as instruction to not allocate the hash.  Do not
allocate both hashes for rawip(4).  There are no functional changes to TCP
or UDP.

Reviewed by:		markj
Differential Revision:	https://reviews.freebsd.org/D56705
2026-04-29 09:19:14 -07:00
Gleb Smirnoff 9b8eb70ca9 inpcb: improve some internal function names
The 'hash' subword doesn't bring any additional information.  All inpcb
lookup functions operate on hashes.

For lookup functions that work on either exact hash or wild hash just
perform s/hash_//.  Rename in_pcblookup_hash() into
in_pcblookup_with_lock(), emphasizing its difference to
in_pcblookup_smr().  Rename in_pcblookup_hash_locked() to
in_pcblookup_internal(), as it doesn't return a locked inpcb and is used
only for internal purposes.  Note that the IPv6 sibling of this function
already lives by name in6_pcblookup_internal().  Some future changes will
make such naming more justified.

No functional change.

Reviewed by:		pouria, markj
Differential Revision:	https://reviews.freebsd.org/D56482
2026-04-29 09:19:03 -07:00
Dag-Erling Smørgrav 67a63eae7b bc: Fix tests
Stop generating test scripts at build time.  The dc test script is
broken and simply fixing the code that generates it won't help as there
is no reliable way to ensure it gets regenerated if it already exists in
the object tree.

MFC after:	1 week
Reviewed by:	se
Differential Revision:	https://reviews.freebsd.org/D56511
2026-04-29 17:15:30 +02:00
Adrian Chadd 4c99836ac7 kerneldoc: also ingest .md (markdown files)
The doxygen tooling has supported ingesting markdown files for a number
of years.  Adding this option allows them to be ingested into the
subsys builds.

Reviewed by:	netchild
Differential Revision:	https://reviews.freebsd.org/D56652
2026-04-29 07:58:19 -07:00
Mariusz Zaborski e2219bbd63 libnv: fix heap overflow in nvlist_recv()
nvlist_check_header() validated nvlh_size for overflow before
performing conversion. An mallicous user can set
NV_FLAG_BIG_ENDIAN in the header and craft nvlh_size so that
the orginall value passes the check, but after the conversion the
sizeof(nvlist_header) + size can overflow.
This can lead to a heap buffer overflow.

Approved by:	so
Security:	FreeBSD-SA-26:17.libnv
Security:	CVE-2026-35547
Fixes:		36fa90dbde
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D56342
2026-04-29 14:39:28 +00:00
Mariusz Zaborski f5ea3dce2c libnv: switch fd_wait() from select(2) to poll(2)
The previous implementation used FD_SET() on a stack-allocated fd_set,
which is an out-of-bounds write whenever the socket fd is >= FD_SETSIZE
(1024).

Approved by:	so
Security:	FreeBSD-SA-26:16.libnv
Security:	CVE-2026-39457
Reported by:	Joshua Rogers of AISLE Research Team (https://aisle.com/)
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D56689
2026-04-29 14:39:28 +00:00
Kristof Provost 6f9ddb329b pf: improve SCTP validation
As per RFC5061 "4.2.  New Parameter Types" the add/delete IP address
parameters (0xc001, 0xc002) may not be present in an INIT or INIT-ACK
chunk. They are only allowed to be present in an ASCONF chunk.

This also prevents unbounded recursion while parsing an SCTP packet.

Approved by:	so
Security:	FreeBSD-SA-26:14.pf
Security:	CVE-2026-7164
PR:		294799
Reported by:	Igor Gabriel Sousa e Souza
Sponsored by:	Orange Business Services
2026-04-29 14:39:28 +00:00
Mark Johnston 5d8e32aad2 dhclient: Fix reallocation of dhclient script environments
When the number of DHCP options exceeds a threshold, script_set_env()
will reallocate the environment, stored as an array of pointers.  The
calculation of the array size failed to multiply by the pointer size,
resulting in a smaller than expected buffer which admits out-of-bounds
writes.

Approved by:	so
Security:	FreeBSD-SA-26:15.dhclient
Security:	CVE-2026-42511
Reported by:	Joshua Rogers of AISLE Research Team (https://aisle.com/)
2026-04-29 14:39:27 +00:00
Mark Johnston 8008e4b88d dhclient: Check for unexpected characters in some DHCP server options
Some options are written directly to the lease file, which may be parsed
by subsequent dhclient invocations.  We must make sure that a malicious
server can't control the "medium" field of a lease definition, otherwise
they can achieve RCE by injecting one into the lease file, whereupon it
will be passed to dhclient-script, which passes it through eval.

Approved by:	so
Security:	FreeBSD-SA-26:12.dhclient
Security:	CVE-2026-42511
Reported by:	Joshua Rogers of AISLE Research Team (https://aisle.com/)
2026-04-29 14:39:27 +00:00
Mark Johnston 8e8ddb05d0 execve: Fix an operator precedence bug
The buggy version allowed userspace to overflow the copy into adjacent
execve KVA regions, which enables, among other things, injecting
environment variables into privileged processes.

Approved by:	so
Security:	FreeBSD-SA-26:13.exec
Security:	CVE-2026-7270
Reported by:	Ryan Austin of Calif.io
Reviewed by:	brooks, kib
Fixes:		f373437a01 ("Add helper functions to copy strings into struct image_args.")
Differential Revision:	https://reviews.freebsd.org/D56665
2026-04-29 14:39:27 +00:00
Mark Johnston 6c09b76089 RELNOTES: Add an entry for recent improvements to multicast routing
Reviewed by:	kevans
Sponsored by;	Stormshield
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D56710
2026-04-29 14:36:50 +00:00
Andrew Turner 2783fb7e73 arm64: Fix a MTE check
It should be for FEAT_MTE2 as the registers aren't implemented for
FEAT_MTE.

While here fix the style of the comment explaining the check.

Reported by:	markj
Fixes:		58de791536 ("arm64: mte: configure initial state for system registers")
Sponsored by:	Arm Ltd
2026-04-29 12:39:29 +01:00
Andrew Turner 01ff0fa77d arm64: Support some per-thread sctlr_el1 fields
This will be used to enable MTE from userspace.

Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D55950
2026-04-29 12:34:39 +01:00
Chris Longros 91bfba010b cron: log when a crontab path is too long
Log via syslog when snprintf truncates the crontab path, instead of
silently skipping the entry.

Signed-off-by:	Christos Longros <chris.longros@gmail.com>
Reviewed by:	bcr, kevans
Differential Revision:	https://reviews.freebsd.org/D56235
2026-04-28 23:06:29 -05:00
Konstantin Belousov 2c2ec6bbc9 tests/sys/arch/amd64: add a program to check INT $0x80 behavior on amd64
Requested and reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D56654
2026-04-29 06:49:46 +03:00
Lexi Winter 454322c08b libifconfig: Skip bridge VLAN config for span members
bridge(4) doesn't support BRDGGIFVLANSET for span members, which
means if a span interface is configured, libifconfig will fail to
fetch bridge members.  Skip this for IFBIF_SPAN members.

PR:	292634
MFC after:	3 days
Reported by:	Emrion <kmachine@free.fr>
Reviewed by:	pouria, zlei
Sponsored by:	https://www.patreon.com/bsdivy
Differential Revision:	https://reviews.freebsd.org/D56694
2026-04-29 04:12:20 +01:00
Stéphane Rochoy 76de40889e efibootmgr: Show attributes, category and optional data when verbose
Also rework a bit the way device path are displayed for consistency.

Signed-off-by:	stephane.rochoy@stormshield.eu
Reviewed by:	imp
Sponsored by:	Stormshield
Pull-Request:	https://github.com/freebsd/freebsd-src/pull/2167
2026-04-29 00:28:59 +03:30
Stéphane Rochoy 48363f39f1 efivar: Move dump functions into libefivar
To allow their use by efibootmgr.

Signed-off-by:	stephane.rochoy@stormshield.eu
Reviewed by:	imp
Sponsored by:	Stormshield
Pull-Request:	https://github.com/freebsd/freebsd-src/pull/2167
2026-04-29 00:28:54 +03:30
Kyle Evans d9c0594191 ctld: kernel-sourced portal groups are not dummies
The current and historical versions of ctld would flag our initial set
of kernel ports as dummies, because their portal groups were empty since
portals come from the configuration on-disk.

As a result, we would never try to remove a kernel port at startup that
didn't exist in the configuration (possibly a feature if you wanted
concurrent ctld(8)), and we would always try to port->kernel_add() on
ports in the configuration (even if they actually did have an existing
kernel port).

Flag these portal groups as kernel groups so that we avoid trying to add
ports that already exist.  It may be the case that the kernel_remove()
loop in conf::apply() needs to do something other than the current
`oldport->is_dummy()` to avoid removing ports that it isn't supposed to
be managing, but that wuld also seem to apply to LUNs that would be
removed today.

Reviewed by:	jhb
Differential Revision:	https://reviews.freebsd.org/D51782
2026-04-28 15:51:50 -05:00
Kyle Evans fe9d81d7c6 libiscsiutil: preserve errno across warning logs
Various calls in the implementation can clobber errno; preserve it for
the caller since none of these will bubble up pass/fail to simplify
some future error handling in ctld.

Reviewed by:	jhb
Differential Revision:	https://reviews.freebsd.org/D56539
2026-04-28 15:51:50 -05:00
Lexi Winter 4429630d1c Makefile.inc1: Only copy locales to INSTALLTMP on FreeBSD
Makefile.inc1 copies locales to ${INSTALLTMP} to avoid issues when
running make installworld on a live system.  However, this can break
on non-FreeBSD systems, e.g. on openSUSE where /usr/share/locales
has mode 0555, which means after we copy it, we can't delete it,
so the build fails.

Since this functionality is only useful when installing over a
live system, disable it when the build host is not FreeBSD.

MFC after:	2 weeks
Reviewed by:	kevans, emaste
Sponsored by:	https://www.patreon.com/bsdivy
Differential Revision:	https://reviews.freebsd.org/D56677
2026-04-28 20:50:42 +01:00
Lexi Winter d1c176fedf packages: Make create-sets.sh more robust
Use ${PKG_CMD} rather than bare 'pkg' to fix the build when pkg is
not in the tools path.  Provide a default in case it's not set for
some reason (e.g., running the script by hand).

Since set -- $(...) does not trigger an exit from set -e if the
command fails, this failure was silent and resulted in sets not
being built correctly if we failed to run pkg.  Use a temporary
variable, which does trigger set -e, to fail correctly.

MFC after:	2 weeks
Reviewed by:	sjg
Sponsored by:	https://www.patreon.com/bsdivy
Differential Revision:	https://reviews.freebsd.org/D56676
2026-04-28 20:50:42 +01:00