Commit Graph

308867 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav 67a63eae7b bc: Fix tests
Stop generating test scripts at build time.  The dc test script is
broken and simply fixing the code that generates it won't help as there
is no reliable way to ensure it gets regenerated if it already exists in
the object tree.

MFC after:	1 week
Reviewed by:	se
Differential Revision:	https://reviews.freebsd.org/D56511
2026-04-29 17:15:30 +02:00
Adrian Chadd 4c99836ac7 kerneldoc: also ingest .md (markdown files)
The doxygen tooling has supported ingesting markdown files for a number
of years.  Adding this option allows them to be ingested into the
subsys builds.

Reviewed by:	netchild
Differential Revision:	https://reviews.freebsd.org/D56652
2026-04-29 07:58:19 -07:00
Mariusz Zaborski e2219bbd63 libnv: fix heap overflow in nvlist_recv()
nvlist_check_header() validated nvlh_size for overflow before
performing conversion. An mallicous user can set
NV_FLAG_BIG_ENDIAN in the header and craft nvlh_size so that
the orginall value passes the check, but after the conversion the
sizeof(nvlist_header) + size can overflow.
This can lead to a heap buffer overflow.

Approved by:	so
Security:	FreeBSD-SA-26:17.libnv
Security:	CVE-2026-35547
Fixes:		36fa90dbde
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D56342
2026-04-29 14:39:28 +00:00
Mariusz Zaborski f5ea3dce2c libnv: switch fd_wait() from select(2) to poll(2)
The previous implementation used FD_SET() on a stack-allocated fd_set,
which is an out-of-bounds write whenever the socket fd is >= FD_SETSIZE
(1024).

Approved by:	so
Security:	FreeBSD-SA-26:16.libnv
Security:	CVE-2026-39457
Reported by:	Joshua Rogers of AISLE Research Team (https://aisle.com/)
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D56689
2026-04-29 14:39:28 +00:00
Kristof Provost 6f9ddb329b pf: improve SCTP validation
As per RFC5061 "4.2.  New Parameter Types" the add/delete IP address
parameters (0xc001, 0xc002) may not be present in an INIT or INIT-ACK
chunk. They are only allowed to be present in an ASCONF chunk.

This also prevents unbounded recursion while parsing an SCTP packet.

Approved by:	so
Security:	FreeBSD-SA-26:14.pf
Security:	CVE-2026-7164
PR:		294799
Reported by:	Igor Gabriel Sousa e Souza
Sponsored by:	Orange Business Services
2026-04-29 14:39:28 +00:00
Mark Johnston 5d8e32aad2 dhclient: Fix reallocation of dhclient script environments
When the number of DHCP options exceeds a threshold, script_set_env()
will reallocate the environment, stored as an array of pointers.  The
calculation of the array size failed to multiply by the pointer size,
resulting in a smaller than expected buffer which admits out-of-bounds
writes.

Approved by:	so
Security:	FreeBSD-SA-26:15.dhclient
Security:	CVE-2026-42511
Reported by:	Joshua Rogers of AISLE Research Team (https://aisle.com/)
2026-04-29 14:39:27 +00:00
Mark Johnston 8008e4b88d dhclient: Check for unexpected characters in some DHCP server options
Some options are written directly to the lease file, which may be parsed
by subsequent dhclient invocations.  We must make sure that a malicious
server can't control the "medium" field of a lease definition, otherwise
they can achieve RCE by injecting one into the lease file, whereupon it
will be passed to dhclient-script, which passes it through eval.

Approved by:	so
Security:	FreeBSD-SA-26:12.dhclient
Security:	CVE-2026-42511
Reported by:	Joshua Rogers of AISLE Research Team (https://aisle.com/)
2026-04-29 14:39:27 +00:00
Mark Johnston 8e8ddb05d0 execve: Fix an operator precedence bug
The buggy version allowed userspace to overflow the copy into adjacent
execve KVA regions, which enables, among other things, injecting
environment variables into privileged processes.

Approved by:	so
Security:	FreeBSD-SA-26:13.exec
Security:	CVE-2026-7270
Reported by:	Ryan Austin of Calif.io
Reviewed by:	brooks, kib
Fixes:		f373437a01 ("Add helper functions to copy strings into struct image_args.")
Differential Revision:	https://reviews.freebsd.org/D56665
2026-04-29 14:39:27 +00:00
Mark Johnston 6c09b76089 RELNOTES: Add an entry for recent improvements to multicast routing
Reviewed by:	kevans
Sponsored by;	Stormshield
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D56710
2026-04-29 14:36:50 +00:00
Andrew Turner 2783fb7e73 arm64: Fix a MTE check
It should be for FEAT_MTE2 as the registers aren't implemented for
FEAT_MTE.

While here fix the style of the comment explaining the check.

Reported by:	markj
Fixes:		58de791536 ("arm64: mte: configure initial state for system registers")
Sponsored by:	Arm Ltd
2026-04-29 12:39:29 +01:00
Andrew Turner 01ff0fa77d arm64: Support some per-thread sctlr_el1 fields
This will be used to enable MTE from userspace.

Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D55950
2026-04-29 12:34:39 +01:00
Chris Longros 91bfba010b cron: log when a crontab path is too long
Log via syslog when snprintf truncates the crontab path, instead of
silently skipping the entry.

Signed-off-by:	Christos Longros <chris.longros@gmail.com>
Reviewed by:	bcr, kevans
Differential Revision:	https://reviews.freebsd.org/D56235
2026-04-28 23:06:29 -05:00
Konstantin Belousov 2c2ec6bbc9 tests/sys/arch/amd64: add a program to check INT $0x80 behavior on amd64
Requested and reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D56654
2026-04-29 06:49:46 +03:00
Lexi Winter 454322c08b libifconfig: Skip bridge VLAN config for span members
bridge(4) doesn't support BRDGGIFVLANSET for span members, which
means if a span interface is configured, libifconfig will fail to
fetch bridge members.  Skip this for IFBIF_SPAN members.

PR:	292634
MFC after:	3 days
Reported by:	Emrion <kmachine@free.fr>
Reviewed by:	pouria, zlei
Sponsored by:	https://www.patreon.com/bsdivy
Differential Revision:	https://reviews.freebsd.org/D56694
2026-04-29 04:12:20 +01:00
Stéphane Rochoy 76de40889e efibootmgr: Show attributes, category and optional data when verbose
Also rework a bit the way device path are displayed for consistency.

Signed-off-by:	stephane.rochoy@stormshield.eu
Reviewed by:	imp
Sponsored by:	Stormshield
Pull-Request:	https://github.com/freebsd/freebsd-src/pull/2167
2026-04-29 00:28:59 +03:30
Stéphane Rochoy 48363f39f1 efivar: Move dump functions into libefivar
To allow their use by efibootmgr.

Signed-off-by:	stephane.rochoy@stormshield.eu
Reviewed by:	imp
Sponsored by:	Stormshield
Pull-Request:	https://github.com/freebsd/freebsd-src/pull/2167
2026-04-29 00:28:54 +03:30
Kyle Evans d9c0594191 ctld: kernel-sourced portal groups are not dummies
The current and historical versions of ctld would flag our initial set
of kernel ports as dummies, because their portal groups were empty since
portals come from the configuration on-disk.

As a result, we would never try to remove a kernel port at startup that
didn't exist in the configuration (possibly a feature if you wanted
concurrent ctld(8)), and we would always try to port->kernel_add() on
ports in the configuration (even if they actually did have an existing
kernel port).

Flag these portal groups as kernel groups so that we avoid trying to add
ports that already exist.  It may be the case that the kernel_remove()
loop in conf::apply() needs to do something other than the current
`oldport->is_dummy()` to avoid removing ports that it isn't supposed to
be managing, but that wuld also seem to apply to LUNs that would be
removed today.

Reviewed by:	jhb
Differential Revision:	https://reviews.freebsd.org/D51782
2026-04-28 15:51:50 -05:00
Kyle Evans fe9d81d7c6 libiscsiutil: preserve errno across warning logs
Various calls in the implementation can clobber errno; preserve it for
the caller since none of these will bubble up pass/fail to simplify
some future error handling in ctld.

Reviewed by:	jhb
Differential Revision:	https://reviews.freebsd.org/D56539
2026-04-28 15:51:50 -05:00
Lexi Winter 4429630d1c Makefile.inc1: Only copy locales to INSTALLTMP on FreeBSD
Makefile.inc1 copies locales to ${INSTALLTMP} to avoid issues when
running make installworld on a live system.  However, this can break
on non-FreeBSD systems, e.g. on openSUSE where /usr/share/locales
has mode 0555, which means after we copy it, we can't delete it,
so the build fails.

Since this functionality is only useful when installing over a
live system, disable it when the build host is not FreeBSD.

MFC after:	2 weeks
Reviewed by:	kevans, emaste
Sponsored by:	https://www.patreon.com/bsdivy
Differential Revision:	https://reviews.freebsd.org/D56677
2026-04-28 20:50:42 +01:00
Lexi Winter d1c176fedf packages: Make create-sets.sh more robust
Use ${PKG_CMD} rather than bare 'pkg' to fix the build when pkg is
not in the tools path.  Provide a default in case it's not set for
some reason (e.g., running the script by hand).

Since set -- $(...) does not trigger an exit from set -e if the
command fails, this failure was silent and resulted in sets not
being built correctly if we failed to run pkg.  Use a temporary
variable, which does trigger set -e, to fail correctly.

MFC after:	2 weeks
Reviewed by:	sjg
Sponsored by:	https://www.patreon.com/bsdivy
Differential Revision:	https://reviews.freebsd.org/D56676
2026-04-28 20:50:42 +01:00
Lexi Winter 7970815be4 llvm: Move libprivatelldb to the lldb package
Set PACKAGE=lldb in lldb.pre.mk rather than in individual Makefiles;
change lib/clang/Makefile.inc from PACKAGE=clang to PACKAGE?=clang to
avoid overwriting it.

This is safe to MFC to stable/15 since the moved library will be
picked up automatically by pkg.

MFC after:	2 weeks
Reviewed by:	emaste
Sponsored by:	https://www.patreon.com/bsdivy
Differential Revision:	https://reviews.freebsd.org/D56674
2026-04-28 20:50:42 +01:00
Lexi Winter c4b244af42 acpi: Remove userland bits on non-ACPI platforms
ACPI is only supported on amd64, arm64 and i386.  Don't install the
power_profile rc script or devd configuration on other platforms.

This avoids creating a useless FreeBSD-acpi package on those platforms.

MFC after:	2 weeks
Reviewed by:	imp
Sponsored by:	https://www.patreon.com/bsdivy
Differential Revision:	https://reviews.freebsd.org/D56650
2026-04-28 20:50:41 +01:00
Siva Mahadevan cb0e3a5fba contrib/openresolv: MFV openresolv 3.17.4
Reviewed by:	pfg
Approved by:	lwhsu (mentor)
Differential Revision:	https://reviews.freebsd.org/D56269
2026-04-28 15:26:59 -04:00
Chuck Tuffli e139a49b5d Revert "Vendor import of smart at 1.0.2"
This reverts commit 68e5b71517.
2026-04-28 12:03:38 -07:00
Andre Silva 146b30bad9 hwpmc: Add extra_mask sysctls per counter type
Expose kern.hwpmc.{ibs_fetch,ibs_op,amd_core,amd_l3,amd_df}_extra_mask
as RWTUN uint64s that OR into the CPUID-derived allow mask at
validation time. Default 0, so the strict policy applies unless an
administrator opts bits back in — intended for testing the wrmsr_safe
path in PR #2157.

Reviewed by:	mhorne, Ali Mashtizadeh <ali@mashtizadeh.com>
Sponsored by:	AMD
Signed-off-by:	Andre Silva <andasilv@amd.com>
Pull Request:	https://github.com/freebsd/freebsd-src/pull/2140
2026-04-28 15:49:22 -03:00
Andre Silva 39f48829a0 hwpmc: Add IBS capability control policy
Reject unsupported AMD IBS and PMU control bits before programming the
MSRs.

Initialize IBS fetch/op allow masks from CPUID feature bits and validate
user-provided IBS control values against those masks. Keep the
load-latency filter dependency on L3MissOnly, but avoid decoding fields
that are already constrained by the mask.

Apply the same reserved-bit policy to the AMD PMU raw-config path by
checking core, L3, and data fabric configs against subclass-specific
masks.

Fix the IBS CPUID feature bit definitions used by the policy.

Reviewed by:	mhorne, Ali Mashtizadeh <ali@mashtizadeh.com>
Sponsored by:	AMD
Signed-off-by:	Andre Silva <andasilv@amd.com>
Pull Request:	https://github.com/freebsd/freebsd-src/pull/2140
2026-04-28 15:49:22 -03:00
Andre Silva a9a562a08e hwpmc_ibs: Add external error handling
Add EXTERR_CAT_HWPMC_IBS to the external error categories and replace generic
EINVAL returns in ibs_allocate_pmc() with EXTERROR() calls that provide
detailed error messages.

This will be augmented with additional cases in the near future.

Reviewed by:	mhorne
Sponsored by:	AMD
Signed-off-by:	Andre Silva <andasilv@amd.com>
Pull Request:	https://github.com/freebsd/freebsd-src/pull/2134
2026-04-28 15:49:21 -03:00
Maxim Konovalov d5db883af2 group.7: spell priority 2026-04-28 17:44:40 +00:00
Mark Johnston c1650792b8 reallocarray.3: Fix formatting 2026-04-28 17:30:46 +00:00
Li-Wen Hsu 41c5a4a2f8 sys.net.if_wg.wg_key_peerdev_makeshared: Add require metadata
Add require.user root and require.kmods if_wg to
wg_key_peerdev_makeshared_head(), consistent with the other wg tests.

Without if_wg.ko causes ifconfig wg create to fail with EINVAL.  The
test also needs root to create jails.

Sponsored by:	The FreeBSD Foundation
2026-04-29 01:27:26 +08:00
Chuck Tuffli 68e5b71517 Vendor import of smart at 1.0.2
smart/diskhealth is a command line application to monitor disk health
from a storage device via SMART.

Reviewed by:	fuz, jrm
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D56638
2026-04-28 10:08:27 -07:00
Alexander Ziaee 5ed26c21e4 bsdinstall: Improve auto-partition message
Manually tuning ZFS for systems with <8GB ram hasn't been necessary at
least since the switch to OpenZFS. We have users reporting using 1GB RAM
with no manual tuning/issues. Further, the page this links to is a stale
wiki page, which is causing complaints. Remove this misleading note and
replace it with a similar message for UFS. While here, reword that note
to be a bit clearer.

PR:			287719
MFC after:		3 days
Differential Revision:	https://reviews.freebsd.org/D50971
2026-04-28 12:59:34 -04:00
Alexander Ziaee ab98fd3234 build.7: Explain update-packages repo signing
MFC after:		3 days
Reported by:		kevans
Reviewed by:		kevans, ngie
Differential Revision:	https://reviews.freebsd.org/D56607
2026-04-28 12:56:45 -04:00
Ed Maste ddabf7f3ea amd64: Make EFI runtime faults look less like panics
EFI runtime faults may be mistaken for kernel panics, and do not
necessarily represent actual problems.  Try to differentiate them some
more by printing "EFI runtime trap" rather than "Fatal trap".

PR:		291193
Reviewed by:	kib
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56309
2026-04-28 11:11:46 -04:00
Chandrakanth Patil c21c63fb56 bnxt_en: add bnxt_sriov.c to sys/conf/files for built-in kernel builds
The SR-IOV series added bnxt_sriov.c and listed it in sys/modules/bnxt/bnxt_en/Makefile,
but kernels that build bnxt into the image only compile sources named in sys/conf/files.
Add bnxt_sriov.c next to the other bnxt_en entries so built-in bnxt (including LINT)
links the SR-IOV implementation and avoids undefined symbols referenced from if_bnxt.c.

Fixes: f2f831b2c1 ("bnxt_en: Add core SR-IOV infrastructure")

MFC after:      1 month
Reviewed by:    ssaxena
Differential Revision: https://reviews.freebsd.org/D56688
2026-04-28 14:13:40 +00:00
Mark Johnston 448ec129bc git-arc: Add a create-draft mode
Make it possible to create a review without publishing it.  This should
be useful when one wants to restrict the visibility of a review, as that
cannot be done via the command line.  Note that a draft review is still
publicly visible if one can guess the URL, but creating one does not
result in email notifications to subscribers etc., nor does a draft
appear in the creating user's activity log.

Once a draft is ready, one can publish it via the web UI.

Reviewed by:	jrm
Differential Revision:	https://reviews.freebsd.org/D56664
2026-04-28 14:02:58 +00:00
Alexander Ziaee 0f91468c04 intro.7: Reference groups.7
PR:		264966
MFC after:	3 days
2026-04-28 09:56:49 -04:00
Artem Bunichev e09104dfb7 groups.7: New manual page of standard group names
Import groups(7) from NetBSD, with tweaks for our system. The group
list is sorted by GID. All the group names from /usr/src/etc/group
are described, except "uucp". The FILES section was added on top of
the original manual page.

PR:			264966
Relnotes:		yes
MFC after:		3 days
Obtained from:		NetBSD
Reviewed by:		des, ziaee
Differential Revision:	https://reviews.freebsd.org/D54114
2026-04-28 09:53:39 -04:00
Kristof Provost bea1c2fcd7 pf: improve ASCONF chunk validation
When processing an ASCONF chunk we failed to verify that the chunk
length was at least 8 bytes. As a result we might end up passing a
negative length to pf_multihome_scan(). Fortunately this merely meant
the function did nothing, but we should discard such invalid packets, so
explicitly check for this.

MFC after:	1 week
Reported by:	Mark Johnston
Sponsored by:	Orange Business Services
2026-04-28 14:00:35 +02:00
Chandrakanth Patil 7c450d1127 bnxt_en: Address review comments for core SR-IOV support
This patch addresses the code review comments provided for:
https://reviews.freebsd.org/D56197

* P7 VF PCI ID: rename NETXTREME_E_P7_VF to E_P7_VF (P7/Thor2 line drops the
  Netxtreme name in product strings; other VF device IDs are unchanged).
* Use the return value of bnxt_vf_parse_schema() in bnxt_iov_vf_add() to
  decide when to call bnxt_set_vf_admin_mac(); make parse_schema() return
  bool and remove the has_admin_mac field.
* In bnxt_free_vf_resources(), fix indentation after dma_free_coherent() so
  the NULL assignment is clearly separate from the call.
* In bnxt_hwrm_func_vf_resource_free(), use first_vf_id/last_vf_id in the
  HWRM_FUNC_VF_RESC_FREE loop.

MFC after:      1 month
Reviewed by:    ssaxena
Differential Revision: https://reviews.freebsd.org/D56644
2026-04-28 06:37:06 +00:00
Chandrakanth Patil c972c5acba bnxt_en: VF ring reservation, HWRM registration, and PF-only operation guards
VFs require separate HWRM commands for ring reservation and async
completion ring setup, so a common PF/VF dispatcher is introduced and
the async CR path is extended to handle both.  The PF must populate the
VF request forwarding bitmap during driver registration so the firmware
correctly forwards VF-originated HWRM commands.  VF reservation strategy
and min-guaranteed capability flags are now parsed for correct resource
partitioning, and PF-only operations (DCB, NVM, package version sysctl)
are guarded against VF invocation.

The short command buffer allocation is also reordered before the function
reset to ensure extended HWRM messages are available when needed, a
prerequisite uncovered during VF bring-up.

MFC after:      1 month
Reviewed by:    ssaxena
Differential Revision: https://reviews.freebsd.org/D56232
2026-04-28 06:35:09 +00:00
Chandrakanth Patil 8743209350 bnxt_en: Re-enable SR-IOV after firmware reset
When the firmware undergoes a hot-reset and the driver re-opens the
device, previously active Virtual Functions lose their resource
configuration.  bnxt_reenable_sriov() restores that configuration by
replaying bnxt_cfg_hw_sriov() with the saved resource parameters.

The function is called from bnxt_fw_reset_task() in the
BNXT_FW_RESET_STATE_OPENING state, guarded by #ifdef PCI_IOV.
Because bnxt_cfg_hw_sriov() is a no-op when active_vfs is zero the
call is safe on any PF regardless of whether VFs were ever created.

MFC after:      1 month
Reviewed by:    ssaxena
Differential Revision: https://reviews.freebsd.org/D56201
2026-04-28 06:34:31 +00:00
Chandrakanth Patil ea4ab7e36e bnxt_en: Add per-VF trust, spoof-check and promiscuous controls
Expose per-VF policy knobs via the FreeBSD sysctl tree and enforce
them at the data-path level.

Trust (dev.bnxt.<unit>.vfN.trusted):
  bnxt_set_vf_trust() sets/clears BNXT_VF_TRUST and sends
  HWRM_FUNC_CFG with FLAGS_TRUSTED_VF_ENABLE/DISABLE.
  bnxt_create_trusted_vf_sysctls() / bnxt_destroy_trusted_vf_sysctls()
  manage the sysctl lifetime with VF creation/teardown.

Spoof-check (dev.bnxt.<unit>.vfN.spoofchk):
  bnxt_set_vf_spoofchk() issues HWRM_FUNC_CFG with
  SRC_MAC_ADDR_CHECK_ENABLE/DISABLE.

Promiscuous gating:
  bnxt_is_trusted_vf() queries firmware via HWRM_FUNC_QCFG.
  bnxt_promisc_ok() returns false for untrusted VFs, preventing them
  from entering promiscuous mode.  bnxt_promisc_set() is updated to
  gate the PROMISCUOUS and ANYVLAN_NONVLAN mask bits on bnxt_promisc_ok().

bnxt_iov_vf_add() applies the initial trust/spoof-check policy from the
nvlist schema.  bnxt_iov_init() creates the sysctl trees after
bnxt_cfg_hw_sriov() succeeds.  bnxt_iov_uninit() tears them down.

MFC after:      1 month
Reviewed by:    ssaxena
Differential Revision: https://reviews.freebsd.org/D56200
2026-04-28 06:32:12 +00:00
Chandrakanth Patil fcf100da9b bnxt_en: Add VF forwarded HWRM request handling
Enable the Physical Function to proxy HWRM commands issued by Virtual
Functions through the firmware forwarded-request mechanism.

When a VF issues a command that requires PF arbitration, the firmware
delivers a CMPL_BASE_TYPE_HWRM_FWD_REQ completion to the PF async ring.

* bnxt_process_async_msg() recognises CMPL_BASE_TYPE_HWRM_FWD_REQ,
  identifies the originating VF by its firmware function ID, sets the
  corresponding bit in pf.vf_event_bmap, and raises
  BNXT_HWRM_EXEC_FWD_REQ_SP_EVENT to schedule deferred processing.

* bnxt_sp_task() dispatches to bnxt_hwrm_exec_fwd_req(), which iterates
  over all pending VF bits and calls bnxt_vf_req_validate_snd() for each.

* bnxt_vf_req_validate_snd() inspects the encapsulated request type:
  HWRM_FUNC_VF_CFG (MAC change) is handled by bnxt_vf_configure_mac()
  which enforces trust/existing-MAC rules; HWRM_CFA_L2_FILTER_ALLOC is
  handled by bnxt_vf_validate_set_mac(); HWRM_FUNC_CFG is forwarded
  as-is; all other commands are rejected.

All forwarded-request code is guarded by #ifdef PCI_IOV.

MFC after:      1 month
Reviewed by:    ssaxena
Differential Revision: https://reviews.freebsd.org/D56199
2026-04-28 06:29:37 +00:00
Chandrakanth Patil a5bedb41e5 bnxt_en: Add VF load path and PF/VF context differentiation
Teach the driver to distinguish a Physical Function from a Virtual
Function at probe time and configure each appropriately.

* Introduce bnxt_is_vf_device() to identify all known VF device IDs
  (NetXtreme-C/E Gen1-3, Thor1/2, Hyper-V variants).  Add corresponding
  PVID entries to bnxt_vendor_info_array.

* Refactor the iflib shared context: rename bnxt_sctx_init to
  bnxt_sctx_template, add a Thor2-specific bnxt_sctx_template_p7, and
  build per-call PF/VF instances via bnxt_init_sctx_variants(); the VF
  instance carries IFLIB_IS_VF.  bnxt_register() selects the correct sctx.

* bnxt_attach_pre(): replace the hard-coded NPAR/VF switch with
  bnxt_set_flags_by_devid(); on a VF call bnxt_approve_mac() to request
  PF approval for the firmware-assigned MAC address.

* bnxt_hwrm_func_qcaps(): populate fw_fid and MAC for PF and VF contexts
  separately; for PF call iflib_set_mac() and record max_msix_vfs; for VF
  handle the case where the PF has not yet assigned a MAC.

* bnxt_hwrm_func_qcfg(): populate the new alloc_* counters used by the VF
  resource configuration path; record registered_vfs for PF and VLAN/trust
  state for VF.

* bnxt_init(): call bnxt_update_vf_mac() on VFs after each bring-up.

MFC after:      1 month
Reviewed by:    ssaxena
Differential Revision: https://reviews.freebsd.org/D56198
2026-04-28 06:21:46 +00:00
Chandrakanth Patil f2f831b2c1 bnxt_en: Add core SR-IOV infrastructure
Introduce the foundational building blocks for SR-IOV Virtual Function
support on Broadcom NetXtreme-C/E adapters.

* Add bnxt_sriov.h: defines the extended bnxt_vf_info structure (per-VF
  firmware FID, MAC addresses, VLAN, flags, DMA command buffers, resource
  counts), the bnxt_resc_map helper, flag macros (BNXT_VF_TRUST,
  BNXT_VF_SPOOFCHK, etc.), and prototypes for all SR-IOV functions.

* Add bnxt_sriov.c: implements the SR-IOV attachment sequence
  (bnxt_sriov_attach), the iflib IOV callbacks (bnxt_iov_init,
  bnxt_iov_uninit, bnxt_iov_vf_add), VF resource allocation and
  firmware configuration helpers (bnxt_alloc_vf_resources,
  bnxt_cfg_hw_sriov, bnxt_hwrm_func_vf_resc_cfg, bnxt_hwrm_func_buf_rgtr,
  bnxt_hwrm_func_vf_resource_free), and the per-VF parameter helper.

* Extend bnxt.h: include bnxt_sriov.h; extend bnxt_pf_info with VF-
  tracking fields (vf array, firmware FID/MAC, resource-reservation
  strategy, DMA page management, sysctl context); replace the upstream
  bnxt_vf_info stub with the full definition from bnxt_sriov.h; extend
  bnxt_func_qcfg with allocation counters required by the VF resource
  configuration path; add vf_resc_cfg_input and sriov_lock to bnxt_softc.

* Update Makefile to build bnxt_sriov.c and include bnxt_sriov.h.

* Wire up PCI-IOV device methods (pci_iov_init / pci_iov_uninit /
  pci_iov_add_vf) and iflib IOV callbacks (ifdi_iov_init / ifdi_iov_uninit
  / ifdi_iov_vf_add) in if_bnxt.c; call bnxt_sriov_attach() from
  bnxt_attach_post() on P5+ Physical Functions.

MFC after:      1 month
Reviewed by:    ssaxena
Differential Revision: https://reviews.freebsd.org/D56197
2026-04-28 06:16:16 +00:00
Christos Margiolis 54922e4ec8 mixer(8) tests: Remove tests for deprecated control values
Fixes:		a28bb575c8 ("mixer(8): Deprecate some unintuitive control values")
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2026-04-28 01:00:46 +02:00
Lexi Winter e6d112bbbb packages: Fix clang conditional
Various src.conf options can cause us to build something that ends up
in the clang package, but MK_TOOLCHAIN is not one of them; copy the
proper conditional from lib/Makefile to decide if we need to build
the package.

This fixes the build when LLVM/clang is entirely disabled.

Fixes:	bb75b0d581 ("packages: Convert world to a subdir build")
MFC after:	2 weeks
Reviewed by:	emaste
Sponsored by:	https://www.patreon.com/bsdivy
Differential Revision:	https://reviews.freebsd.org/D56657
2026-04-27 23:15:13 +01:00
Lexi Winter 036ff38ebd libzpool: Set -Wno-error=typedef-redefinition for clang
In some versions of LLVM (at least 21), the <*intrin.h> headers contain
unguarded duplicate typedefs; this isn't permitted prior to C11, and
libzpool is built as C99.  FreeBSD's LLVM backported LLVM PR #153820
to fix this, but other versions of LLVM (e.g., upstream, or on Linux)
don't have the patch, so this breaks the build.

Add -Wno-error=typedef-redefinition to downgrade this from an error
to a warning.

MFC after:	2 weeks
Reviewed by:	dim, emaste
Sponsored by:	https://www.patreon.com/bsdivy
Differential Revision:	https://reviews.freebsd.org/D56653
2026-04-27 22:31:47 +01:00
Lexi Winter b866d05ea2 Makefile.inc1: Always use ${PKG_CMD}
Previously we had a mix of ${PKG_CMD} and bare 'pkg', which is
wrong, and breaks the build when 'pkg' isn't in the tools path,
e.g. when cross-building.

MFC after:	2 weeks
Reviewed by:	wosch, emaste
Sponsored by:	https://www.patreon.com/bsdivy
Differential Revision:	https://reviews.freebsd.org/D56655
2026-04-27 22:29:43 +01:00