Commit Graph

307139 Commits

Author SHA1 Message Date
Cy Schubert 3fdbd8a07a ipfilter: Avoid negative array indicies
Array indices must always be posive. We avoid this by making each index
unsigned. This mitigates out-of-bounds reads and writes.

Reported by:		Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed by:		glebius
MFC after:		3 days
Differential revision:	https://reviews.freebsd.org/D55260
2026-02-16 18:21:59 -08:00
Alan Somers fba81b33aa capsicum-tests: remove Linux support
Now that this project is part of freebsd-src, it no longer needs to be
portable.  Remove Linux-only tests, cross-os compatibility code, and
compatibility with older FreeBSD versions.  Leave in place some
originally Linux-only tests that could now be ported to FreeBSD, like the
pipe2 tests.

Sponsored by:	ConnectWise
Reviewed by:	oshogbo
Differential Revision: https://reviews.freebsd.org/D54985
2026-02-16 17:29:32 -07:00
Alan Somers dc9a8d300b aio(4) tests: do not rely on (int *)-1 being invalid address
Explicitly mmap guard and use it as the invalid address instead.

MFC after:	1 week
2026-02-16 17:27:38 -07:00
Alan Somers 05492ff6f6 pdwait(2) tests: do not rely on (int *)-1 being invalid address
Explicitly mmap guard and use it as the invalid address instead.

MFC after:	1 week
2026-02-16 17:27:38 -07:00
Gleb Smirnoff 11c1b69885 netlink: force uninline of nl_receive_message()
The entire netlink(4) message processing thread is all inlined into
nl_taskqueue_handler() making it difficult to dtrace(1) on a message
level.
2026-02-16 15:39:29 -08:00
Hayzam Sherif 757b0bf5cf bhyve: Propagate errors from rfb_recv_* functions
Update rfb_recv_* functions to return -1 on failure and 0 on success.
Update rfb_handle to check these return values and drop the connection
if an error occurs.

Signed-off-by: Hayzam Sherif <hayzam@gmail.com>

Reviewed by:	markj
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2026-02-16 20:16:12 +00:00
Mark Johnston 29ec3907f1 syslogd: Improve handling of configuration errors
Make parse_selector() print a warning to stderr and continue parsing the
config if it encounters an invalid facility or priority.  Note that
because the parsing is done from a casper service, there isn't a good
mechanism to log errors; the warnings are visible only when syslogd is
started in debug mode.

Reported by:	Doug Hardie <bc979@lafn.org>
MFC after:	1 week
Fixes:		f4b4a10abb ("syslogd: Move selector parsing into its own function")
Reviewed by:	jfree, jlduran, eugen, delphij
Differential Revision:	https://reviews.freebsd.org/D55033
2026-02-16 20:16:12 +00:00
Konstantin Belousov 793e891f4a pdrfork(2) tests: enable on x86
Use pfrfork_thread(3) instead of pdrfork(RFSPAWN) to make tests working
on x86.

Tested by:	pho
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D55306
2026-02-16 19:57:53 +02:00
Konstantin Belousov f90ee665d0 pdrfork(2) tests: should wait for the child to exit
Tested by:	pho
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D55306
2026-02-16 19:57:53 +02:00
Konstantin Belousov 94e4de77de pdrfork(2) tests: split basic_usage
into pdrfork(2) call itself, and basic_usage_tail() that checks the
pdrfork(2) results.

Tested by:	pho
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D55306
2026-02-16 19:57:53 +02:00
Konstantin Belousov 44843695bc pdrfork(2) tests: catch runaway child for EFAULT test
Reported and tested by:	pho
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D55306
2026-02-16 19:57:52 +02:00
Konstantin Belousov d6bf2d14a9 pdrfork(2) tests: do not rely on (int *)-1 being invalid address
Explicitly mmap guard and use it as the invalid address instead.

Tested by:	pho
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D55306
2026-02-16 19:57:52 +02:00
Konstantin Belousov 68ba270f4f pdrfork(2) tests: RFPROCDESC|RFPROC are required
Tested by:	pho
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D55306
2026-02-16 19:57:52 +02:00
Konstantin Belousov db80ea9b88 pdfork.2: add EFAULT as possible error, explain some consequences of it
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D55306
2026-02-16 19:57:52 +02:00
Konstantin Belousov b05be03cee pdrfork(2): do require RFPROCDESC | RFPROC
when RFSPAWN is not specified, as stated in the man page.
rfork(2) cannot modify non-curproc, which is why RFPROC is required,
the syscall cannot act on arbitrary process descriptor.
If RFPROCDESC is not specified, the syscall does not make sense,
use rfork(2).

Reported and tested by:	pho
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D55306
2026-02-16 19:57:52 +02:00
Adrian Chadd 995090202c powerpc: document the magic constants for 16MB page size
After discussion with jhibbits@, we pulled out what is supported here
and how it's supported.

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D55093
2026-02-16 09:49:52 -08:00
Adrian Chadd f412a5c565 powerpc: enable HPT superpages by default
It's time to flip these on and see if anything happens in -HEAD.
It can be turned back off before 16.0-RELEASE if there are problems.

Reviewed by:	jhibbits
Differential Revision:	https://reviews.freebsd.org/D55071
2026-02-16 09:49:46 -08:00
Artem Bunichev e5213ca4a3 sh.1: Fix ordering of Cm and Aq macros
MFC after:	3 days
Reviewed by:	ziaee
Fixes:	2711852bd9 (sh.1: Provide detailed job control documentation)
Differential Revision:	https://reviews.freebsd.org/D55194
2026-02-16 12:21:44 -05:00
Artem Bunichev 931d4f0ae4 sh.1: Document the exit status of return
It's not obvious that if `exitstatus` is omitted,
the exit status of the function is taken from the last executed command.

MFC after:		3 days
Reviewed by:		jilles, ziaee
Differential Revision:	https://reviews.freebsd.org/D55026
2026-02-16 12:19:40 -05:00
Konstantin Belousov f1f142c01d open.2: grammar improvements
Submitted by:	matteo
Fixes:	5bcccc702b
MFC after:	3 days
2026-02-16 17:36:14 +02:00
Mark Johnston 7ab5e3f29a bhyve: Fix a misleading error message
The ioctl might fail because it's run in a jail which doesn't have
permission to invoke ppt ioctls.

Reviewed by:	jhb
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D55070
2026-02-16 15:28:49 +00:00
Mark Johnston c71354030a vmm: Allow the use of PCI passthrough in a jail
After commit e11768e947 ("vmm: Add PRIV_DRIVER checks for passthru
ioctls"), it is not possible to use PCI passthru from jails, as
PRIV_DRIVER is not granted to jails.  Apparently some users expect this
to work, understanding that jailing bhyve provides little security
benefit in this configuration.

I believe we should disable ppt access in jails even when allow.vmm is
configured.  To provide an escape hatch for users, add a new
allow.vmm_ppt jail configuration knob, and check it when handling ppt
ioctls in jails.  Also add a new PRIV_VMM_PPTDEV to replace the use of
PRIV_DRIVER.

PR:		292750
Reviewed by:	corvink
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D55066
2026-02-16 15:28:49 +00:00
Konstantin Belousov 5bcccc702b open.2: stop making impression that fd must be directory
Reviewed by:	des, rmacklem
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
Differential revision:	https://reviews.freebsd.org/D55302
2026-02-16 15:59:43 +02:00
Kristof Provost 281282e935 pf: convert DIOCRTSTADDRS to netlink
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-02-16 13:42:50 +01:00
Olivier Certner 4ccca21008 sys/abi_types.h: time32_t is 64-bit on non-x86 architectures
As long as 'sys/compat/freebsd32/freebsd32.h' is used unconditionally on
all platforms (in 'kern_umtx.c' at least), the rule of thumb is to
ensure that 'struct foo32' on a 32-bit arch is type-compatible with
'struct foo' on the same arch.  In practice, this is very simple to
achieve: All 'foo32' types should be compatible with 'foo' on 32-bit
architectures, which is what we are supposed to do already for compat'
structures by design.  The recently introduced 'freebsd32_uint64_t' type
typically supports that.

This change fixes commit 87632ddf67 ("openzfs sys/types32.h: use
abi_compat.h for time32_t") which was defining 'time32_t' to 'in32_t'
for all 32-bit architectures, which is wrong but on i386.  By luck, this
did not change the size of whole 'struct ffclock_estimate32' (whose size
is compile-time asserted) because 'struct bintime32''s one would stay
the same, as even if its field 'sec' was incorrectly sized after that
commit, the 'frac' one is 64-bit and 64-bit aligned on all non-x86
architectures so its offset in 'struct bintime32' would stay the same.

Reviewed by:    kib
Fixes:          87632ddf67 ("openzfs sys/types32.h: use abi_compat.h for time32_t")
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D55283
2026-02-16 11:29:04 +01:00
Olivier Certner 7c2fc4419d sys/compat/freebsd32: FF clock struct: Don't pack, use 'ffcounter32'
Packing 'struct ffclock_estimate32', in absence of substitution of
'ffcounter' (some 'uint64_t') by a 32-bit compatible type, was necessary
on amd64 since 'uint64_t' is 8-byte aligned, which leaves a padding gap
of 4-byte between fields 'update_time' and 'update_ffcount'.  This gap
does not exist on i386 (or amd64 32-bit mode), as 'uint64_t' there is
only 4-byte aligned.

Change the type of the 'update_ffcount' and 'leapsec_next' fields to the
recently introduced 'freebsd32_uint64_t', and adapt copy-in and copy-out
accordingly.  Using `CP()` previously worked due to the '__packed__'
attribute.

Reviewed by:    kib
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D55282
2026-02-16 11:28:48 +01:00
Baptiste Daroussin 38c1833264 libusb: dequeue next transfer on completion to prevent stalls
The transfer proxy callbacks (bulk/interrupt, control, isochronous)
only called libusb10_submit_transfer_sub() in the START path to
pipeline the second kernel transfer slot. On completion or error,
no attempt was made to dequeue the next pending transfer from
tr_head onto the now-free slot.

When more than two async transfers were submitted on the same
endpoint, the third (and subsequent) transfers would remain stuck
on tr_head indefinitely, since no completion ever triggered their
submission. This caused a protocol-level deadlock in applications
like adb that submit header + payload + zero-length terminator as
three separate bulk transfers in sequence.

Fix by calling libusb10_submit_transfer_sub() after every
libusb10_complete_transfer() in all three proxy callbacks.

MFC After:	2 weeks
Reviewed by:	adrian
Differential Revision:	https://reviews.freebsd.org/D55289
2026-02-16 09:14:05 +01:00
Baptiste Daroussin be52217695 libusb: make libusb_hotplug_get_user_data actually return user_data
MFC After:	2 days
Reviewed by:	adrian
Differential Revision:	https://reviews.freebsd.org/D55291
2026-02-16 09:14:05 +01:00
Abdelkader Boudih e4bcfe4ebf ichsmb: Add Intel Raptor Lake SMBus controller support
Add PCI device ID 0x7a23 for Intel 700 Series (Raptor Lake) chipset SMBus controller.
This enables hardware monitoring functionality on 13th and 14th generation Intel Core platforms.

Reviewed by:	adrian
Differential Revision:	https://reviews.freebsd.org/D54957
2026-02-15 19:58:53 -08:00
Enji Cooper 35237ff987 t_access.c: remove unnecessary local modification
FreeBSD 11.x is no longer supported; there's no reason why the
`FreeBSD_version__` check is still required (now).

MFC after:	1 week
2026-02-15 11:40:00 -08:00
Enji Cooper faaeb6e62a libnetbsd: import the __nothing macro
This macro is widely used in new NetBSD tests. Please see the comment
next to the imported macro for more details on its use.

Obtained from:	NetBSD (c26cc77b3a0b2)
MFC after:	1 week
2026-02-15 10:43:00 -08:00
Enji Cooper 411a566d56 t_create.sh: use ATF_TESTS_SH_SED & remove local mods
This particular change replaces all local modifications to the test
script like so:
- Use `ATF_TESTS_SH_SED_test` with a sed(1) statement in the Makefile,
  instead of the equivalent local modifications.
- Remove the need for expecting the output of newfs_msdos to be empty.
  There isn't much to gain from deviating from the upstream NetBSD test--it's
  just another local modification that would need to be carried forward. If
  it's worth testing this FreeBSD-specific behavior, it should be in a
  FreeBSD-specific test.

This makes moving new modifications to the script easier moving forward.

MFC after:	1 week
2026-02-15 10:36:29 -08:00
Rick Parrish caf23c8e0b libusb20: Add dev_open + be_device_foreach manuals
Manual pages for libusb20_open(3) and libusb20_be_device_foreach(3).

PR:			291675
MFC after:		3 days
Reviewed by:		adrian (usb), ziaee (manpages)
Differential Revision:	https://reviews.freebsd.org/D54231
2026-02-15 13:00:28 -05:00
Ahmad Khalifa a404c2315b Revert "stand: compile ia32 EFI loader with -malign-double"
The loader shares types with various libraries that don't compile with
this flag. Revert for now.

Reported by:	jrtc27
2026-02-15 18:02:59 +02:00
Ahmad Khalifa a60e7e6ff0 stand: compile ia32 EFI loader with -malign-double
The UEFI spec says:
> Structures are aligned on boundaries equal to the largest internal
> datum of the structure and internal data are implicitly padded to
> achieve natural alignment.

By default, structs containing members of type "long long" have 4 byte
alignment on i386. This caused some EFI structures to be subtly wrong.

Fix this by compiling the ia32 EFI loader with -malign-double, which
bumps the alignment up to 8 if such members are present.

MFC after:	3 days
2026-02-15 15:30:06 +02:00
Abdelkader Boudih 90d79dd549 asmc: Add MacPro3,1 temperature sensor support
Test and verified with Sonicblue7

Reviewed by:	adrian
Differential Revision:	https://reviews.freebsd.org/D54952
2026-02-14 17:45:10 -08:00
Bruce M Simpson 79eff4ad64 netinet6: Return EAFNOSUPPORT for non-IPv6 addresses in mcast sockopts.
This is a non-functional change; it just returns the correct errno value
where IPv6 multicast socket options were passed non-AF_INET6 arguments,
in preparation for handling PR 193246 with a side-call into netinet as
xnu currently does.

Reviewed by:	glebius
Approved by:	glebius
PR:		193246 (with refinements)
Differential revision:  https://reviews.freebsd.org/D55233
2026-02-14 16:00:58 +00:00
Baptiste Daroussin 625dc44832 tr: fix class handling in unicode world
toupper/tolower logic was only handled for CCLASS_TOUPPER and
CCLASS_TOLOWER, add support for CCLASS ([:alpha:])

PR:		219900
MFC After: 	1 week
2026-02-14 06:56:00 +01:00
Kyle Evans 99e138f20a kern: mac: add a prison_cleanup entry point
The MAC framework provides a lot of useful functionality that can be
configured per-jail without requiring the use of labels.  Having another
entry point that we invoke just for general prison cleanup rather than
freeing the label is useful to allow a module that can otherwise work
off of a series of MAC entry points + sysctls for configuration to free
its per-jail configuration without having to bring in osd(9).

One such example in the wild is HardenedBSD's secadm, but some of my
own personal use had wanted it as well- it was simply overlooked in the
final version because my first policy made more sense with labels.  On
that note, it's expected that prison_cleanup and prison_destroy_label
will effectively be mutually exclusive -- the former only used when
a label isn't needed, the latter when it is.

Note that prison_cleanup isn't perfectly symmetrical w.r.t.
prison_created: the latter takes a label as well, because it's called
later in jail setup and a better point for propagation than when the
label is created.

As discussed with olce@, we may want to later revisit the notion that
struct labels get passed around explicitly along with the referenced
object and consider stripping them from all entry points in favor of
an object -> label accessor or something.

__FreeBSD_version bumped to force a rebuild of MAC policies.

Reviewed by:	olce
Differential Revision:	https://reviews.freebsd.org/D54833
2026-02-13 22:20:52 -06:00
Olivier Certner 07c4eb506b sys/compat/freebsd32: Fix i386 compilation
The compile assertion now failing is due to the change '__int64_t' =>
'__int32_t' as the type of 'time32_t' on i386, which is the correct
value.  The use of 'freebsd32.h' on i386 may seem strange, but it comes
from 'kern_umtx.c' including it unconditionally as it needs 'struct
umutex32'.

Fixes:          87632ddf67 ("openzfs sys/types32.h: use abi_compat.h for time32_t")
Sponsored by:   The FreeBSD Foundation
2026-02-13 23:21:51 +01:00
Olivier Certner 2ce028e8a2 sys: ELF: Rename SHN_FBSD_CACHED => SHN_FREEBSD_CACHED
All other FreeBSD-specific constants have FREEBSD fully spelled out in
their names.  Be consistent.

No functional change (intended).

Reviewed by:    kib
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D55224
2026-02-13 23:21:46 +01:00
Pouria Mousavizadeh Tehrani f2c2e5b0bf multicast.4: Fix disabling multicast forwarding
Reviewed by: markj, glebius
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D55266
2026-02-14 01:32:04 +03:30
Ed Maste fd52a9becc diff3: Use a format string to quiet a compiler warning
And bump WARNS to 2
2026-02-13 15:19:58 -05:00
Dag-Erling Smørgrav 08208cd694 timeout: Clean up
* Annotate logv() and fix format string bug.

* Don't reinvent str2sig(3).

* Reorganize kill_self() so we unblock signals as late as possible, and
  use raise(2) instead of kill(2).

* Explicitly close unused pipe descriptors.

* Use correct type to collect result of read(2) and write(2).

* Compare return values to 0, not -1.

* Sort local variables according to style(9).

* Reduce unnecessary nesting.

* Reindent.

* Fix typo in manual page.

MFC after:	1 week
Sponsored by:	Klara, Inc.
Reviewed by:	kevans
Differential Revision:	https://reviews.freebsd.org/D55277
2026-02-13 21:19:16 +01:00
Dag-Erling Smørgrav b253243297 diff: Tweak recursion tests
The -r flag is not required to compare two directories; it is only
required to compare them recursively, i.e. descend into their common
subdirectories.  Adjust tests that use -r needlessly, and adjust the
dirloop test to verify that these two cases remain distinct.

MFC after:	1 week
Sponsored by:	Klara, Inc.
Reviewed by:	kevans
Differential Revision:	https://reviews.freebsd.org/D55262
2026-02-13 21:19:16 +01:00
Dag-Erling Smørgrav 790f1d1cc5 diff: Tweak range of -C and -U arguments
POSIX uses the terms “positive decimal integer” for -C and “non-negative
decimal integer” for -U, which translates into lower bounds of 1 for -C
and 0 for -U.

POSIX does not specify a minimum upper bound for either mode, but as of
5fc739eb59 both our backends support context sizes up to and including
INT_MAX, so use that.

Having had the opportunity to consult the Unix System Test Suite, the
diff test cases found therein happen to precisely match these bounds.

While here, switch to using strtonum() to parse numerical arguments, and
try to be more consistent in how we report usage errors.

MFC after:	1 week
Sponsored by:	Klara, Inc.
Reviewed by:	kevans
Differential Revision:	https://reviews.freebsd.org/D55261
2026-02-13 21:19:16 +01:00
Gleb Smirnoff 596bf3485f bpf: don't call bpf_detachd() in bpf_setdlt()
The bpf_attachd() will perform bpf_detachd() itself.  Performing it twice
will lead to doing CK_LIST_REMOVE twice.

Reported & tested by:	bz
2026-02-13 11:39:37 -08:00
Mark Johnston d19fd2f349 ip_mroute: Make the routing socket private
I have some patches which make ip_mroute and ip6_mroute multi-FIB-aware.
This enables running per-FIB routing daemons, each of which has a
separate routing socket.

Several places in the network stack check whether multicast routing is
configured by checking whether the multicast routing socket is non-NULL.
This doesn't directly translate in my proposed scheme, as each FIB would
have its own socket.  I'd like to modify the ip(6)_mroute code to store
all state, including the socket, in a per-FIB structure.  So, take a
step towards that and 1) hide the socket, 2) add a boolean flag which
indicates whether a multicast router is registered.

Reviewed by:	pouria, zlei, glebius, adrian
MFC after:	2 weeks
Sponsored by:	Stormshield
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D55236
2026-02-13 19:35:18 +00:00
Baptiste Daroussin 284a0aa96e diff3: add 3 missing files from the testsuite
Fixes:	2cfca8e710
2026-02-13 20:26:02 +01:00
Baptiste Daroussin 06d07d4af1 src.conf.5: regenerate after switch to BSD diff3 2026-02-13 20:26:02 +01:00