Commit Graph

306282 Commits

Author SHA1 Message Date
Sarah Walker 98cb4874e2 simd.7: Add Arm MOPS memcpy(), memmove() and memset() to manpage
Fixes:			41ccf82b29 (Use MOPS implementations)
Reviewed by:		ziaee
Sponsored by:		Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D54812
2026-01-21 11:51:10 -05:00
John Baldwin 5eb1d4eec6 rpctls_impl.c: Use a direct cast to uintptr_t instead of __DECONST
This fixes the build on CHERI architectures where the compiler warns
about a direct cast between uint64_t and const void * inside of
__DECONST.  However, GCC would also complain about this on 32-bit
kernels due to uint64_t not being the same size as a pointer.  Also,
a direct cast to uintptr_t to right-size the cookie value is more
direct than using __DECONST given that there is no "const" pointer
involved in the expression.

Reviewed by:	brooks, glebius
Obtained from:	CheriBSD
Sponsored by:	AFRL, DARPA
Differential Revision:	https://reviews.freebsd.org/D54797
2026-01-21 11:10:53 -05:00
Ed Maste 37de3763b8 CODEOWNERS: Add myself for openssh and makefs 2026-01-21 10:09:58 -05:00
Warner Losh 76ca619f10 MAINTAINERS: remove stale entry 2026-01-21 07:39:59 -07:00
Michael Tuexen d8b8dc776b dpaa2: cleanup
No functional change intended.

Reviewed by:		bz, dsl
MFC after:		3 days
Differential Revision:	https://reviews.freebsd.org/D54805
2026-01-21 08:16:46 +01:00
Xin LI 53d6b23765 cron.8: clarify system crontab format
PR:		234504
MFC after:	1 week
2026-01-20 22:33:48 -08:00
Justin Hibbits 21a7a9ef8b powerpc/mpc85xx: Fix PCI attach error cleanup
If an error occurs during attach after ofw_pcib_init() runs, the device
is torn down, leaving the rmans embedded in the softc attached to the
rman list, thus corrupting the rman list.  Fix this by undoing
everything that was done by this point.

MFC after:	1 week
2026-01-20 23:28:41 -05:00
Justin Hibbits 24d048be7a powerpc/mpc85xx: Set pc_hwref to the primary thread ID
On multithreaded cores (e6500) the CPU ID in the device tree (reg[0]) is
the primary core, which may not match the cpuid, until Book-E threading
is added.
2026-01-20 23:28:40 -05:00
Justin Hibbits c611ef5747 dpaa: Simplify CPU binding for bman and qman
If cpu-handle property doesn't exist simply iterate and assign the CPUs
in sequence rather than following the convoluted search which may not
bear fruit in some cases.  If cpu-handle doesn't exist for one portal it
probably doesn't exist for any of them.
2026-01-20 23:28:40 -05:00
Xin LI 12444a4da5 cron: Implement full PAM session lifecycle for user jobs
Extend PAM integration beyond account checks to include credential
establishment and session management, allowing PAM modules to configure
the execution environment for user cron jobs.

Previously, cron only called pam_acct_mgmt() to verify account validity
but immediately terminated the PAM handle before job execution. This
prevented PAM modules from establishing sessions, setting credentials
(e.g., Kerberos tickets), or exporting environment variables needed by
jobs.

The PAM handle now persists in the intermediate process throughout the
job execution, enabling proper session open/close pairing. Credentials
are established and sessions opened while still running as root, before
dropping privileges in the grandchild. PAM environment variables are
exported in the job process with user crontab variables taking precedence.

A session rule (pam_permit.so) is added to /etc/pam.d/cron to enable
session support without changing default behavior. Administrators can
replace this with other modules as needed.

System crontab entries continue to bypass all PAM operations.

PR:		bin/244844
Reviewed by:	des
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D54415
2026-01-20 18:47:16 -08:00
Rick Macklem 053449fa5c nfscl: Fix the build
Fixes:	f2155a6fb5 ("nfscl: Fix handling of case insensitive file systems")
2026-01-20 17:32:23 -08:00
Rick Macklem f2155a6fb5 nfscl: Fix handling of case insensitive file systems
Name caching must be handled somewhat differently
for case insensitive file systems.  Negative name
caching does not work and, for rename, all names
associated with the rename'd vnode must be disabled.

For a case insensitive ZFS file system that is exported,
the unpatched code did work, since the change in mtime
or ctime of the directory when other case names were
created or rename'd would disable the false name cache
hit.  However, an export of an msdosfs file system
breaks the NFS client, because it only works if ctime/mtime
is changed whenever a name is added/removed.  Depending
on what the server file system is, this may not happen,
due to clock resolution or lack of support for these
attributes.

This patch checks to see if the server file system is
case insensitive and modifies the name caching to handle
this.

There is still a problem if a case insensitive file system
is a subtree of a non-case insensitive is exported by the
NFSv4 server.  This can be fixed someday, when the NFSv4
client gets support for submounts within the mount.

Suggested by:	kib
MFC after:	2 weeks
2026-01-20 16:21:52 -08:00
Konstantin Belousov 6bb3f20861 ktrace: do not enqueue request if the process' ktrioparams are freed
The p_ktrioparms are freed on termination of tracing.  Any ktr requests
added to the queue after that would hang there and leak on the struct
proc recycling, or trigger an assert in the process destructor for debug
builds.

Reported and tested by:	pho
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D54804
2026-01-20 21:44:54 +02:00
Ed Maste 466bad427d src.conf.5: Add WITHOUT_SOUND description
Fixes: f74f891581 ("src.opts: Introduce MK_SOUND")
Sponsored by:	The FreeBSD Foundation
2026-01-20 13:13:10 -05:00
Cy Schubert 2d8ec3bab2 krb5: Fix another GCC build issue
Fixes:		1876de606e
X-MFC with:	1876de606e
MFC after:	2 weeks
2026-01-20 09:40:52 -08:00
Bjoern A. Zeeb c592d54a24 LinuxKPI: 802.11: fix build for non-debug kernels
lkpi_nl80211_band_name() is only available under LINUXKPI_DEBUG_80211.
IMPROVE in theory should be as well or defined to nothing but we cannot
do that in cfg80211.h mac80211.h where we possibly (re-)define this.

Put an #ifdef around the IMPROVE call for now (untested).

Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
Fixes:		768332d619
Reported by:	CI
2026-01-20 17:19:29 +00:00
Michael Tuexen 8d82dafa56 sctp: support bridge interfaces
Reported by:	Timo Völker
Tested by:	Timo Völker
MFC after:	3 days
2026-01-20 18:06:17 +01:00
John Baldwin 8e1c85f032 OptionalObsoleteFiles.inc: Treat compat runtime loaders as libraries
Binaries require the runtime loader to use shared libraries, and
removing the runtime loader in `make delete-old` while leaving the
libraries around makes it impossible to use those shared libraries.
Treat rtld as a de facto dependency of shared libraries to ensure it
is not removed until the corresponding shared libraries are removed.

Differential Revision:	https://reviews.freebsd.org/D52210
2026-01-20 12:07:21 -05:00
Jose Luis Duran eced166af0 nanobsd: Avoid unnecessary subshell execution
Mimic c99bb5747f ("nanobsd: minor formatting cleanup") and cleanup
_create_code_slice(), somehow I missed it when rebasing.

No functional change intended.

Fixes:		ecc039be7f ("nanobsd: Add a NO_ROOT build option")
MFC after:	3 days
2026-01-20 16:51:09 +00:00
Jose Luis Duran aed4089c25 nanobsd: Use NANO_DEF_{UNAME,GNAME}
Prefer to use NANO_DEF_UNAME and NANO_DEF_GNAME instead of a fixed
"root/wheel".

Fixes:		61ac7309c3 ("nanobsd: Add a provisional populate_part function")
MFC after:	3 days
2026-01-20 16:51:06 +00:00
Bjoern A. Zeeb c670af3725 net80211: correct return code for ieee80211_ampdu_request()
We used to return the result of (*ic_send_action) directly but
ieee80211_ampdu_request() returns 1 on success and 0 on error,
which is contrary to the result of (*ic_send_action).  Deal with
that accordingly and update the documentation of the function.

Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
Reviewed by:	emaste
Differential Revision: https://reviews.freebsd.org/D54794
2026-01-20 15:45:58 +00:00
Bjoern A. Zeeb 768332d619 LinuxKPI: 802.11: factor out rate logic for mandatory channels
I was looking at rate work for another problem and found more flags
in ath9k (which we will likely never need).  The documentation then
revealed the "mandatory" flags as well and with discussions about
cfg80211 going on I decided to use the momentum and split our
"supp_rates" setup between lkpi_lsta_alloc() and wiphy_register().

There should be no functional change.

While there also initialize max_rc_amsdu_len.

Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2026-01-20 15:44:30 +00:00
Cy Schubert 6637e8f616 krb5: Fix gcc14 build
Fixes:		1876de606e
X-MFC with:	1876de606e
MFC After:	2 weeks
2026-01-20 07:35:00 -08:00
Konstantin Belousov be1b2da855 sys/abi_compat.h: fix UB for bintime32 handling
Do not cast and then access potentially unaligned uint64_t in the BT_CP()
macro.  Use freebsd32_uint64_t type and FU64_CP() for the frac member.

Noted by:	des
Reviewed by:	des, emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D54663
2026-01-20 16:42:35 +02:00
Konstantin Belousov 96acaa9600 compat32: provide a type and a macro for (u)int64_t handling on non-x86 arches
uint64_t is 4-byte aligned on i386, but is 8-bytes aligned on all other
32bit arches FreeBSD supports.  Provide the freebsd32_uint64_t type and
the FU64_CP() macro, which are intended to be used where 32bit ABI uses
(u)int64_t type, and do proper layout and copying for the aggregate type.

Reviewed by:	des, emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D54663
2026-01-20 16:42:35 +02:00
Cy Schubert 1876de606e krb5: Expose missing symbols
Add symbols found in the port but not in base. This requires replacing
a shared libkrb5profile.so with libkrb5profile.a (with -fPIC so it can
be used by shared libraries). We do this by making libkrb5profile
INTERNALLIB.

Base currently has libkrb5profile in a shared library. The patch moves
those functions to the various "consumer" libraries as the port does.

Symbols that should be in the other libraries are in libkrb5profile.so.
This is causing some ports issues.

PR:		291695
Reported by:	michaelo, markj,  Chris Inacio <inacio@andrew.cmu.edu>
Tested by:	michaelo
Fixes:		ae07a5805b
Reviewed by:	michaelo (previous version)
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D54323
2026-01-20 05:41:02 -08:00
Timo Völker 6f15ba8004 ip: improve deferred computation of checksums
This patch adds the same functionality for the IPv4 header checksum
as was done erlier for the SCTP/TCP/UDP transport checksum.
When the IP implementation sends a packet, it does not compute the
corresponding checksum but defers that. It will determine whether the
network interface selected for the packet has the requested capability
and computes the checksum in software, if the selected network
interface does not have the requested capability.
Do this not only for packets being sent by the local IP stack, but
also when forwarding packets. Furthermore, when such packets are
delivered to a local IP stack, do not compute or validate the checksum,
since such packets have never been on the wire. This allows to support
checksum offloading also in the case of local virtual machines or
jails. Support for epair interfaces will be added in a separate commit.

Reviewed by:		pouria, tuexen
MFC after:		1 week
Differential Revision:	https://reviews.freebsd.org/D54455
2026-01-20 11:36:40 +01:00
Michael Tuexen 3d771e0db6 dwc: cleanup
No functional change intended.

Reviewed by:		Timo Völker
MFC after:		3 days
Differential Revision:	https://reviews.freebsd.org/D54788
2026-01-20 11:25:31 +01:00
Kyle Evans 3f3b53e68a jail(3): fix common usage after mac.label support
Nobody else's mac.conf(5) has any entries for jails, so they get a
trivial ENOENT and we fail before we can fetch any jail parameters.
Most notably, this breaks `jls -s` / `jls -n` if you do not have any
loaded policy that applies jail labels.

Add an entry that works for everyone, and hardcode that as an ENOENT
fallback in libjail to provide a smoother transition.  This is probably
not harmful to leave in long-term, since mac.conf(5) will override it.

This unearthed one additional issue, in that mac_get_prison() in the
MAC framework handled the no-label-policies bit wrong.  We don't want
to break jail utilities enumerating jail parameters automatically, so
we must ingest the label in all cases -- we can still use it as a small
optimization to avoid trying to copy out any label.  We will break
things if a non-optional element is specified in the copied in label,
but that's expected.

The APIs dedicated to jaildescs remain unphased, since they won't be
used in the same way.

Fixes:	db3b39f063 ("libjail: extend struct handlers [...]")
Fixes:	bd55cbb50c ("kern: add a mac.label jail parameter")
Reported by:	jlduran (on behalf of Jenkins)
Reviewed by:	jlduran
Differential Revision:	https://reviews.freebsd.org/D54786
2026-01-19 20:57:42 -06:00
Kyle Evans bef0475b68 mac(4): also list jails in the example enumeration of objects
The prison may also be considered part of the subject by way of its
ucred association, but I don't think this is significantly different
enough today than before recent work -- policies could have always
taken them into account, and some did (e.g., mac_bsdextended).

Reported by:	olce
Reviewed by:	olce, ziaee
Differential Revision:	https://reviews.freebsd.org/D54748
2026-01-19 20:57:42 -06:00
Kristof Provost 2e0e45a516 pfctl(8): change default limiter action from no-match to block
pf(4) users who use limiters in current should update the rules
accordingly to reflect the change in default behavior. The existing
rule which reads as follows:

    pass in from any to any state limiter test

needs to be changed to:

    pass in from any to any state limiter test (no-match)

OK dlg@

Obtained from:	OpenBSD, sashan <sashan@openbsd.org>, c600931321
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-19 23:04:55 +01:00
Michael Tuexen 68a449f09e sctp: improve compilation as module
When compiling SCTP as a module, don't compile sctp_crc32.c into
the module. This avoids code and variable duplication since
sctp_crc32.c is compiled into the kernel. In particular, the variable
system_base_info is not duplicated. This fixes the handling of the
statistic counters sctps_sendhwcrc and sctps_sendswcrc when using
sctp_delayed_cksum.

MFC after:	3 days
2026-01-19 21:38:37 +01:00
Mitchell Horne c0898bdc86 usbhidctl.1: adjust option list indent
For improved legibility.
2026-01-19 14:19:01 -04:00
Konstantin Belousov 902e3057cd lib/libthr: add pthread_tryjoin(3) test
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D54766
2026-01-19 18:50:08 +02:00
Konstantin Belousov 7f026a5869 Document pthread_tryjoin_np(3)
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D54766
2026-01-19 18:50:02 +02:00
Konstantin Belousov afa70a8496 libthr: add pthread_tryjoin_np()
Similar to the same glibc function.

Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D54766
2026-01-19 18:49:57 +02:00
Konstantin Belousov ce16be7370 libthr/thread/thr_join.c: deduplicate backout_join() helper
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D54766
2026-01-19 18:49:51 +02:00
Konstantin Belousov 002c50ea23 amd64/vmm: remove unused static function vcpu_state2str()
It is guarded by #ifdef KTR, so the warning does not show up under usual
kernel configs.

Fixes:	ed85203fb7
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D54781
2026-01-19 18:45:40 +02:00
Aymeric Wibo 4b534b814a acpi: Fix not calling AcpiLeaveSleepState() in S3 path
When resuming from ACPI suspend, the ACPI_SS_SLP_PREP bit in slp_state
was being checked and subsequently unset when calling resumeclock().
This bit was also being checked for the AcpiLeaveSleepState() call in
the non-s2idle path, but having just been unset, it was never actually
being called.

Change this so that resumeclock() is always being called (since we never
goto breakout between suspendclock() and resumeclock() anyway) and
ACPI_SS_SLP_PREP is purely used for AcpiEnterSleepStatePrep() and
AcpiLeaveSleepState() in the non-s2idle paths.

PR:		292568
Reported by:	Marek Zarychta
Reviewed by:	olce
Tested by:	Marek Zarychta
Approved by:	olce
Fixes:	7669cbd0f0 (“acpi: Suspend-to-idle support (s2idle)”)
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D54777
2026-01-19 17:30:10 +01:00
Konstantin Belousov 709a53c8b2 x86/local_apic.c: Properly calculate the number of LVT entries
First, the CMCI entry index is APIC_LVT_MAX, so it was excluded
unconditionall [1].

Second, the number of entries is reported by the version register, and
we must not access past the last reported entry.

Reported by:	olivier [1]
Fixes:	11f954b021
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D54773
2026-01-19 18:20:37 +02:00
Konstantin Belousov ad5e3cb950 x86/local_apic.c: add lapic_maxlvt() helper
that calculates the max index of the present LVT entry from the value of
the LAPIC version register.

Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D54773
2026-01-19 18:20:36 +02:00
Konstantin Belousov 83d9882886 sys: do not allow entering vm_fault() on boot until VM is initialized
On amd64, a hack sets td_critnest to 1 in hammer_time(), and then clear
it before returning from hammer_time(), which is too early.  Instead,
set TDP_NOFAULTING for thread0, and clear the flag after vm_init() finished.

Noted by:	adrian
Reviewed by:	adrian (previous version), markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D54768
2026-01-19 18:20:36 +02:00
John Baldwin 3a6289e1e5 .github: Disable checklist workflow on forks
Reviewed by:	imp
Obtained from:	CheriBSD
Sponsored by:	AFRL, DARPA
Pull Request:	https://github.com/freebsd/freebsd-src/pull/1973
2026-01-19 10:56:20 -05:00
Andrew Gallatin d91ae61f8f iflib: null out freed mbuf in iflib_txsd_free
When adding the IFLIB_GET_MBUF/FLAGS, I neglected to NULL out the
mbuf in the descriptor ring.  I didn't think this should matter as
the I thought this code was only used when the ring was about
to be freed. But I was wrong, and leaving a stale mbuf in there can
cause panics.

Reported by:  Marek Zarychta (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292547)
Fixes: 14d93f612f
Sponsored by: Netflix
2026-01-19 10:45:49 -05:00
Mark Johnston 99afbc5cc7 vmm: Avoid clobbering errors from vmm_modinit()
Reported by:	novel
Reviewed by:	bnovkov
Fixes:		e758074458 ("vmm: Move the module load handler to vmm_dev.c")
Differential Revision:	https://reviews.freebsd.org/D54750
2026-01-19 14:29:33 +00:00
Wolfram Schneider a2c87d4f88 symlink.7: add a new section "mount options"
Add a new section "mount options" to explain
the mount option nosymfollow in more details.

Differential Revision:	https://reviews.freebsd.org/D54530
2026-01-19 10:47:53 +00:00
Joseph Mingrone 8ac6427b1b periodic: Support RFC 5424 syslog timestamps
This is based on an initial implementation by michaelo in
https://reviews.freebsd.org/D54361.

PR:		270497
Reported by:	michaelo
Reviewed by:	michaelo
Tested by:	michaelo
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D54606
2026-01-18 18:11:37 -04:00
Bjoern A. Zeeb 0f0b833e4d modules: iwlwifi/rtw89 allow standalone build
The KERN_OPTS:MDEV_ACPI checks are fine for as long as we are building
modules along the kernel.  If one wants to just build the module
standalone out of the module directory this would fail.
Add the missing include for kmod.opts.mk (as was done for tcp
in 1319a76179).

Sponsored by:	The FreeBSD Foundation
Reported by:	Tassilo Philipp (tphilipp potion-studios.com)
Fixes:	f5a77dc8f8 ("improve module Makefile dependency on ACPI")
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D54769
2026-01-18 21:53:39 +00:00
Konstantin Belousov 11f954b021 x86: mask all LAPIC vectors early, before BSP interrupts are enabled
If APIC is left in somewhat bad state, with some source hot (not masked
and active, e.g. timers after kexec or due to BIOS bug), we get the
interrupt too early.

Reported by:	jmg
Reviewed by:	markj
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D54543
2026-01-18 21:47:26 +02:00
Konstantin Belousov 87ed56a5c4 x88/local_apic.c: for each lvt element, add LVT register index
Reviewed by:	markj
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D54543
2026-01-18 21:47:25 +02:00