Commit Graph

309443 Commits

Author SHA1 Message Date
Martin Cracauer d2c21935e8 pxeboot: warn and abort on TCP-only NFS server, which doesn't work for pxeboot
When pxeboot gets a 0 as a port number from portmapper (indicating an
error), it currently happily sends NFS packets to the server's port 0
in an endless loop. Change this to instead bail out with a useful
message.

This happens, for example, with recent Linux NFS servers as many
distributions switched to TCP only NFS serving by default. FreeBSD's
pxeboot must have UDP. In this situation pxeboot asks the server's
portmapper for the UDP NFS port and since there is none gets 0.

Also add a hint to the manpage explaining this and how to fix it.

Reviewed by: ziaee, kevans, imp
2026-05-24 11:43:00 -04:00
Bjoern A. Zeeb 11d69a4558 LinuxKPI: 802.11: add support for suspend/resume
Add support for automatic suspend/resume as we know it for wireless.
The problem is that the PCI driver which would normally gets the code
is the LinuxKPI PCI framework/Linux wireless driver, which we cannot
ammend or generally add extra suspend/resume code to.
A further problem is that with growing support, the LinuxKPI 802.11
(mac80211) layer also is involved in suspend/resume for WoWLAN (not
yet supported) meaning that we need to hook the suspend/resume
framework into that as well.  Unlike Linux we do not have a general
suspend/resume "hook" we can hang into and we need to tie this one
to the hardware so cannot indepedently (after the driver one) run it.

The solution for FreeBSD, in order to not mangle the Linux native
drivers and get extra maintanace overhead, is to add a bus child
which inherits the general framework and thus is 2 lines + #includes
for each driver extra to add to.

The general suspend/resume framework lives in LinuxKPI (linuxkpi_80211_pm)
and imitates the normal suspend/resume path overloading it (there is
a slight code/logic duplication from the PCI code).
Given we are passed the LinuxKPI p(ci)dev, we can go and peel out the
net80211 ic from the native bsddev and that way get access to the
wireless stack.  We then call into LinuxKPI 802.11 in order to do
the suspend/resume dance there, and, if needed also call the
official suspend/resume routine from the device driver after
(reverse for resume).
If any in this fails, suspend will be blocked as we will return the
error (no different to any native driver could do).

The LinuxKPI 802.11 suspend/resume code has the initial code for
doing a WoWLAN suspend (one could change the sysctl) but other bits
like access to ifnet flags etc. has to be sorted out before we can
go and support that.
The default code path calles into net80211 to clear everything
like native wireless drivers do.  The one thing we need to do in
addition is to remove the vif devices from the firmware and restore
them prior to net80211 resume.
We also check for a possible HW SCAN to still be runinng on resume
and warn as that may cause problems though the scan should be stopped
before suspend (we may still get a callback).  You can easily see
these problems if you suspend/resume without stopping the wlan.

Enable the PM framework for iwlwifi in the module Makefile to
be able to use all this; others can follow as tested.

In case anyone has problems with this, they can change the sysctl
back to 0 until we can figure out any further problems.
The linuxkpi_wlan.4 man page got adjusted to document this.

Sponsored by:	The FreeBSD Foundation
Tested on:	Dell XPS 13 (AX200), Lenovo TP X270 (AX210)
MFC after:	3 days
PR:		263632
2026-05-24 01:15:02 +00:00
Bjoern A. Zeeb 8ead19207e LinuxKPI: 802.11: reset chanctx when recycling
When we no longer need a channel context and put it back on the
reserved list, zero it for all but the vif so that we get the same
state as if it was freshly allocated.

Sponsored by:	The FreeBSD Foundation
Fixes:		e62c92c0a5, 88cb1e17f4
MFC after:	3 days
2026-05-23 23:54:30 +00:00
Ed Maste 4d125ed6e7 netlink: Avoid potential undefined behaviour
Taking the address of an OOB array element is UB, even if not
dereferenced.

Reviewed by: des, bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57172
2026-05-23 16:59:52 -04:00
Michael Osipov c74645b0c8 mfiutil.8/mrsasutil.8: Use Broadcom/LSI consistently
Both tools support controllers from both companies, so document it.

Reviewed by:	ziaee (via IRC)
MFC after:	immediately
Differential Revision:	https://reviews.freebsd.org/D57212
2026-05-23 22:12:43 +02:00
Michael Osipov f30b1df048 mrsas.4: Use Broadcom/LSI consistently
Reviewed by:	ziaee (via IRC)
MFC after:	immediately
Differential Revision:	https://reviews.freebsd.org/D57211
2026-05-23 22:11:16 +02:00
Jilles Tjoelker 1df431576f sh/tests: Cut down builtins/read12.0 by 2 seconds
Since the test assumes a 250 ms response time, there is no need to delay
for 3 seconds. Instead, delay for the minimum possible 1 second.

Also, fix some assertions in builtins/read11.0 and builtins/read12.0. If
`set -e` is in effect, `foo` in `foo && bar` is considered tested and
therefore a failure does not cause the shell to exit.

Reviewed by:	bdrewery
Differential Revision:	https://reviews.freebsd.org/D55191
2026-05-23 21:47:15 +02:00
Ed Maste 1dbc104148 netlink: Check for NULL return from npt_alloc()
Reviewed by: glebius, pouria
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57171
2026-05-23 12:22:36 -04:00
Dag-Erling Smørgrav 50caa0ea0c unbound: Update to 1.25.1
Release notes at
	https://nlnetlabs.nl/news/2026/May/20/unbound-1.25.1-released/

Merge commit '22e58f330a151944c24e010d23ec3881df6681b6'

Security:	CVE-2026-33278
Security:	CVE-2026-42944
Security:	CVE-2026-42959
Security:	CVE-2026-32792
Security:	CVE-2026-40622
Security:	CVE-2026-41292
Security:	CVE-2026-42534
Security:	CVE-2026-42923
Security:	CVE-2026-42960
Security:	CVE-2026-44390
Security:	CVE-2026-44608
MFC after:	1 week
2026-05-23 03:57:43 +02:00
Dag-Erling Smørgrav 5fa84c6ec1 unbound: Update to 1.25.0
Release notes at
	https://nlnetlabs.nl/news/2026/Apr/29/unbound-1.25.0-released/

Merge commit '4dd0a17edce60370304a45f2c40251e09e193bd6'

MFC after:	1 week
2026-05-23 03:54:22 +02:00
Mark Johnston b133353310 amd64/vmm: Fix ppt_unmap_mmio() after commit 36b855f189
Fixes:		36b855f189 ("amd64/vmm: Lock global PCI passthrough structures")
MFC after:	3 days
Reported by:	bz
2026-05-22 22:18:48 +00:00
Pat Maddox c783d7181d syslogd: fix memory leak in casper_ttymsg()
nvlist_take_string_array(9) takes ownership of the array and its
strings. casper_ttymsg() freed neither, leaking memory on every
F_CONSOLE and F_TTY message. On long-running systems with high
error-rate syslog traffic routed to /dev/console, syslogd.casper grew
to hundreds of MB.

Use nvlist_get_string_array(9) to borrow the array instead. Update
casper_wallmsg() similarly.

Approved by:    src (des)
Closes:         https://github.com/freebsd/freebsd-src/pull/2222
Fixes:          61a29eca55 ("syslogd: Log messages using libcasper")
MFC after:      3 days
MFC to:         stable/15
PR:             295488
Reported by:    Pat Maddox <pat@patmaddox.com>
Reviewed by:    markj
Tested by:      dch
2026-05-22 21:45:30 +00:00
Dag-Erling Smørgrav 22fa41b4e8 unbound: Update to 1.24.2
Merge commit 'ec5b94f552d7cb2a9d456c67e9941bcf5e3698bf'

This is purely cosmetic as we already had the functional changes.

MFC after:	1 week
2026-05-22 20:16:26 +00:00
Dag-Erling Smørgrav 290190b26c unbound: Regenerate for 1.24.1
No functional changes intended.

Fixes:		8b29c373e6 ("unbound: Vendor import 1.24.1")
2026-05-22 20:14:47 +00:00
Dag-Erling Smørgrav cd69bc03cf unbound: Tweak freebsd-configure script
Regenerating the configure script is optional and can introduce noise
if the installed versions of autoconf, automake, and libtool do not
match those used upstream.  Tweak our script slightly so it will skip
this step if libtoolize is not found.
2026-05-22 21:55:22 +02:00
Dag-Erling Smørgrav dd64155367 ldns: Fix unused variable on big-endian
MFC after:	1 week
Fixes:		9ed998a81b ("ldns: Update to 1.9.0")
2026-05-22 21:38:34 +02:00
Ed Maste eff5f220c3 netlink: Fix interface type match
Reviewed by: bz, glebius, pouria
Fixes: 7e5bf68495 ("netlink: add netlink support")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57167
2026-05-22 14:34:13 -04:00
Andrew Gallatin fd9af1e708 sendfile: Fix bug when using headers with SW KTLS offload
When using SW KTLS, we must account for the headers in sf_iodone()
in terms of either freeing or enqueuing them for TLS work.
Not doing so can lead to a situation where we enqueue only
the payload, and not the header, for encryption. Rather than
leaking the header, the socket is left "hung" with the header marked
M_NOTREADY.

Sponsored by: Netflix
Reviewed by: glebius, kib
Differential Revision: https://reviews.freebsd.org/D57134
MFC After: 14 days
2026-05-22 14:33:41 -04:00
Alexander Ziaee 4e2bf6e90a mdoc.7: Revert upstream changes to Lb/LIBRARY
Since this manual describes the mdoc syntax throughout the ecosystem,
I had to blend what we had before with what upstream is doing now.

Thanks:		adrian
MFC after:	3 days (we shipped this doc in 15.0/14.4)
Reviewed by:	ivy, mhorne, des, adrian
Discussed with:	arch@
Differential Revision:	https://reviews.freebsd.org/D56153
2026-05-22 14:31:54 -04:00
Dag-Erling Smørgrav 70739f3499 ldns: Regenerate configuration after update
MFC after:	1 week
Fixes:		d44c9549ef ("ldns: Update to 1.8.4")
Fixes:		9ed998a81b ("ldns: Update to 1.9.0")
2026-05-22 20:12:26 +02:00
Dag-Erling Smørgrav 76c3387024 tftpd: Simplify packet drop macro
The first argument is always the function name, for which we can simply
use __func__.  This leaves only the optional return value, so we can use
a single variadic macro instead of two nearly-identical copies.

MFC after:	1 week
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D57076
2026-05-22 19:57:35 +02:00
Dag-Erling Smørgrav 9338937713 tftpd: Add missing bounds checks
In send_[rw]rq(), we were using strlcpy() to avoid overflowing our
packet buffer, then failing to check the result and blithely advancing
our pointer by the full length.

Luckily, this code is only ever used by tftp(1), not tftpd(8).

MFC after:	1 week
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D57075
2026-05-22 19:57:31 +02:00
Dag-Erling Smørgrav b94689d036 tftp: Add test case with over-long URL
This adds a test case that passes a very long URL on the command line,
which would previously have resulted in a benign buffer overflow in
urihandling(), detectable only by compiling tftp with ASAN enabled.

MFC after:	1 week
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D57074
2026-05-22 19:57:27 +02:00
Dag-Erling Smørgrav 29aaaa5e66 tftp: Style cleanup
MFC after:	1 week
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D57073
2026-05-22 19:57:23 +02:00
Dag-Erling Smørgrav 5fd928cf1c tftp: Replace fgets with getline
MFC after:	1 week
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D57072
2026-05-22 19:57:20 +02:00
Dag-Erling Smørgrav 47e4571df1 tftp: Fix handling of port name or number
MFC after:	1 week
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D57105
2026-05-22 19:57:16 +02:00
Dag-Erling Smørgrav 2935133570 tftp: Close files when we're done with them
Also, delete the file we created if receiving it failed.

MFC after:	1 week
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D57071
2026-05-22 19:57:12 +02:00
Dag-Erling Smørgrav a4b1759418 tftp: Simplify URI handling
* No need to copy our argument into a new buffer; it is writeable and
  will not be reused after we return.

* Instead of constructing the string "get path" and then splitting it
  into an argument vector, just construct the vector directly.  This
  avoid potentially overrunning the buffer.

* Call settftpmode() just once, with either the default mode or the
  user-provided value we already validated.

* Use errx() instead of fprintf(stderr) + exit().

Reported by:	Moyao, Minghao Fu
MFC after:	1 week
Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D57070
2026-05-22 19:57:08 +02:00
Dag-Erling Smørgrav 9ed998a81b ldns: Update to 1.9.0
Merge commit '5eb18e8576462f5bb33fbd60fcbd752fe5791f33'

MFC after:	1 week
Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D57170
2026-05-22 19:54:58 +02:00
Dag-Erling Smørgrav d44c9549ef ldns: Update to 1.8.4
Merge commit '3dcfa5af412125cd1bad1d383ff7c18c5effbd77'

MFC after:	1 week
Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D57169
2026-05-22 19:54:09 +02:00
Dag-Erling Smørgrav f103898935 Revert "import ldns 1.8.3"
Pre-push rebase bungled the metadata

This reverts commit 2bc6aa3c41.
2026-05-22 19:53:26 +02:00
Dag-Erling Smørgrav 399f9ca49b Revert "import ldns 1.9.0"
Pre-push rebase bungled the metadata

This reverts commit 597a090ff2.
2026-05-22 19:53:26 +02:00
Jitendra Bhati e624417db8 lib/libc/tests/gen: add fts_children() tests
Add ATF test cases covering fts_children() behaviour:

- before fts_read returns root entry list
- empty directory returns NULL with errno 0
- non-empty directory returns all children in order
- called twice returns equivalent results
- FTS_NAMEONLY fills only fts_name, fts_info is FTS_NSOK
- non-directory node returns NULL with errno 0
- invalid options returns NULL with EINVAL

Sponsored by:	Google LLC (GSoC 2026)
Reviewed by:	asomers
MFC after:	1 week
Pull Request:	https://github.com/freebsd/freebsd-src/pull/2218
2026-05-22 11:40:06 -06:00
Jitendra Bhati 113c262b2a lib/libc/tests/gen: add fts_open() error and edge case tests
Add ATF test cases covering fts_open() error conditions and
edge cases:

- invalid option bits (outside FTS_OPTIONMASK) yield EINVAL
- empty argv yields EINVAL
- empty path string yields FTS_NS with ENOENT
- nonexistent path yields FTS_NS, not open failure
- trailing slash does not crash (SVN r49851 regression)
- unreadable directory yields FTS_D then FTS_DNR, never FTS_DP
- multiple root paths are all visited left to right

Sponsored by: Google LLC (GSoC 2026)
Reviewed by:	asomers
MFC after:	1 week
Pull Request:	https://github.com/freebsd/freebsd-src/pull/2217
2026-05-22 11:38:21 -06:00
Dag-Erling Smørgrav 597a090ff2 import ldns 1.9.0
MFC after:	1 week
Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D57170
2026-05-22 19:23:59 +02:00
Dag-Erling Smørgrav 2bc6aa3c41 import ldns 1.8.3
MFC after:	1 week
Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D57169
2026-05-22 19:23:57 +02:00
Dag-Erling Smørgrav cbe037c970 ldns: Belatedly update for OpenSSL 3.0.0
MFC after:	1 week
Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D57168
2026-05-22 19:23:50 +02:00
Jitendra Bhati e030e4e73f lib/libc/gen/fts.3: use 'options' consistently in fts_set() description
The RETURN VALUES section used "instr" to describe the fts_set()
argument, while the SYNOPSIS and all other references use "options".
Fix the inconsistency.

MFC after:	1 week
Sponsored by:	Google LLC (GSoC 2026)
Reviewed by:	asomers
Pull Request:	https://github.com/freebsd/freebsd-src/pull/2213
2026-05-22 11:18:25 -06:00
Mark Johnston bed77cf7c2 vmm/arm64: Compile vmm_nvhe.c without SSP
This file implements a set of EL2 hypercall handlers and is used to
switch between guests and the host kernel when VHE is not in use.  There
is no SSP runtime available there.

Reported by:	Jenkins
Fixes:		8deebce931 ("kernel: Enable -fstack-protector-strong by default")
2026-05-22 16:10:04 +00:00
Mark Johnston c9546bb619 tests/procdesc: Use a more efficient mechanism to block
Reviewed by:	kib
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D57149
2026-05-22 14:56:47 +00:00
Mark Johnston bc041630fa tcp: Remove a no-op eventhandler
It has done nothing since commit bc7d18ae72.  No functional change
intended.

Reviewed by:	tuexen
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D57101
2026-05-22 14:51:15 +00:00
Mark Johnston 8deebce931 kernel: Enable -fstack-protector-strong by default
This extends stack canary use to all functions which define arrays on
the stack, not just those which operate on byte buffers.  This option
would have made it harder to exploit SA-26:18.setcred and
SA-26:08.rpcsec_gss.

The change bloats the amd64 kernel text by about 350KB and increases the
number of covered functions from ~1500 to ~9000 (within the kernel
itself, i.e., not counting kernel modules).

Reviewed by:	olce, olivier, emaste
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D56870
2026-05-22 14:45:52 +00:00
Mark Johnston 6ab30433a7 tests/net: Run all tests with execenv=jail and enable parallelism
This has been stable in my testing, and enabling parallelism speeds up
test runs considerably.  In particular, with -v parallelism=16 in a
16-vcpu bhyve VM my test runs go from ~50m to ~40m; the exact numbers
depend on the kernel config in use.

Reviewed by:	pouria
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D57094
2026-05-22 14:44:08 +00:00
Ed Maste 1a4ad649cb netlink: Avoid undefined behaviour
Even though it is not dereferenced, it is UB to take the address of an
out of bounds array element.

Reviewed by: pouria, bz, des, adrian
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57158
2026-05-22 10:21:11 -04:00
Dag-Erling Smørgrav 22e58f330a import unbound 1.25.1 2026-05-22 16:09:16 +02:00
Dag-Erling Smørgrav 4dd0a17edc import unbound 1.25.0 2026-05-22 16:08:07 +02:00
Dag-Erling Smørgrav ec5b94f552 import unbound 1.24.2 2026-05-22 16:07:12 +02:00
Dag-Erling Smørgrav 5eb18e8576 import ldns 1.9.0 2026-05-22 15:37:52 +02:00
Dag-Erling Smørgrav 3dcfa5af41 import ldns 1.8.3 2026-05-22 15:36:27 +02:00
Aymeric Wibo 0b2df68367 acpi_spmc: Remove useless __DECONSTs
Sponsored by:	The FreeBSD Foundation
2026-05-22 12:27:40 +01:00