Commit Graph

309106 Commits

Author SHA1 Message Date
John Hall e9912b7e88 smartpqi.4: Document runtime debug_level sysctl
Update smartpqi(4) to document the dev.smartpqi.<unit>.debug_level
sysctl for runtime debug level changes, and note that device
add/remove and controller event messages always appear in dmesg
regardless of the debug_level setting.

PR:		294161
Reviewed by:	imp
Approved by:	imp
MFC after:	2 weeks

Differential Revision:	https://reviews.freebsd.org/D56832
2026-05-07 11:08:27 -07:00
John Hall 0d48d6d7bb smartpqi: Add runtime sysctl for debug_level and log device state changes
The smartpqi driver did not log device add/remove or controller events
to syslog, and hw.smartpqi.debug_level could only be set at boot via
loader.conf with no runtime sysctl interface.

Add a read-write sysctl at dev.smartpqi.N.debug_level for runtime
debug level changes. Add device_printf calls for device addition,
removal, and controller events (hotplug, hardware, physical/logical
device, AIO state/config changes) so state changes always appear in
dmesg. Add DBG_DISC logging for discovery state transitions. Fix
spelling errors in strings and comments across the driver.

Bump driver version to 14.4691.1.2000 / 15.2.1.2000.

PR:		294161
Reviewed by:	imp
Approved by:	imp
MFC after:	2 weeks

Differential Revision:	https://reviews.freebsd.org/D56832
2026-05-07 11:08:26 -07:00
Ryan Libby 944a4eb089 stand/libsa/zfs: disable ZSTD_TRACE and DYNAMIC_BMI2 code paths
Enabling ZSTD_TRACE leaves behind undefined weak symbols, which causes a
problem for gcc builds.  The bfd linker emits an obscure error about
overlapping FDEs.  We don't need ZSTD_TRACE for libsa, so just disable
it.

Also disable BMI2 instruction optimizations.  The addition of the
optional BMI2 code paths caused the boot loader binaries to grow larger
(28 KiB for clang, 32 KiB for gcc).  The boot loader binaries are size
constrained, and this pushed the gcc-generated lua_loader.bin over the
500000 byte limit, and the clang one to within 4k of the limit.

Fixes:	8a62a2a565 ("zfs: merge openzfs/zfs@f8e5af53e")
Reviewed by:	delphij, imp, mm
Differential Revision:	https://reviews.freebsd.org/D56866
2026-05-07 10:30:05 -07:00
Mark Johnston 54625dfb36 git-arc: Update the usage message to mention create -d
Fixes:	448ec129bc ("git-arc: Add a create-draft mode")
2026-05-07 17:18:32 +00:00
Konstantin Belousov 18c5a26f8a vm_map_growstack(): give a hint to user that stack was blown out
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D56863
2026-05-07 20:00:14 +03:00
Konstantin Belousov 642dd17ee9 vm_map_growstack(): consistently use local vars instead of curthread/proc
Reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D56863
2026-05-07 20:00:14 +03:00
Kristof Provost 4e7c1ff95a pfctl: relax interface name requirement
The FreeBSD network stack, for better or worse, does not impose any
requirements on interface names. As such it's valid for an interface
name to start with a number (or indeed, be something like '').

Allow this in pfctl, and add a test case for the specific case of
interface names starting with a number.

Note that we don't support UTF-8 names fully, so those may still fail.

PR:		295064
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-05-07 17:07:23 +02:00
Kristof Provost 726ff260ec pfctl: optionally print the rule in the state overview
When dumping states optionally (at '-vv') also show the rule which
created the state. This can be helpful if the ruleset changed and we
want to know what rule created the state.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-05-07 17:06:56 +02:00
Mateusz Piotrowski 2b9301a22b d.7: Document macro variables
MFC after:	1 week
2026-05-07 16:20:46 +02:00
Mateusz Piotrowski 640af0d906 cam: Cross-reference dtrace_cam.4 and cam.4
While here, remove empty sections from cam.4.

MFC after:	3 days
Fixes:		1a7151f796 cam: Add probes for xpt actions
2026-05-07 15:13:47 +02:00
Konstantin Belousov ce4e8c478a bufspace_wait(): only try to help bufdaemon if there is a chance to help
Only call buf_flush() if there are some dirty buffers belonging to the
vnode we are allocating the buffer for.  Otherwise the bd dirty queue
scan cannot find anything and it makes no sense to spend CPU doing it.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2026-05-07 14:59:11 +03:00
Mateusz Piotrowski ef19cae253 dtrace_mib.4: Document the DTrace MIB provider
Reviewed by:	kp
MFC after:	1 week
Obtained from:	60d8dbbef0 netinet: add a probe point for IP, IP6, ICMP, ICMP6, UDP and TCP stats counters
Differential Revision:	https://reviews.freebsd.org/D53709
2026-05-07 13:53:50 +02:00
Mateusz Piotrowski 242050278a dtrace: Document the syscall provider
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D56831
2026-05-07 11:57:03 +02:00
Alex Richardson 40d59ee35d p9fs: Fix creating files with restrictive permissions
When a file is created via p9fs with restrictive permissions (like 000),
the 9P TCREATE request successfully creates and natively opens the file,
returning an open, writable file descriptor. Previously, p9fs would
attempt a subsequent TOPEN. That TOPEN would fail with EACCES due to the
restrictive mode, leaving a 0-byte file and causing operations like 'mv'
to abort.

We now preserve the writable descriptor returned by TCREATE so that the
subsequent VOP_OPEN can use it directly, avoiding the failing TOPEN.
Additionally, p9fs_compatible_mode now appropriately isolates the base
access intent when matching fids, preventing extended flags from
breaking the match.

A test case for this behavior has been submitted to pjdfstest:
https://github.com/pjd/pjdfstest/pull/87

Resolves: https://github.com/CTSRD-CHERI/cheribsd/issues/2617

Reviewed by:	markj
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D56494
2026-05-06 21:23:28 -07:00
Alex Richardson 96b2f4a912 p9fs: implement basic pathconf support
This is needed for various pjdfstest tests which fail with syntax errors
if pathconf _PC_NAME_MAX/_PC_PATH_MAX return -1. For NAME_MAX we can use
the 9P2000.L Tstatfs call to get namelen from the host. While this could
theoretically be different for nested filesystems in the shared mount it
is a much better guess than just returning 255.
There does not seem to be a way to get the host PATH_MAX, so we just
return the conservative kernel default.

Found while fixing https://github.com/CTSRD-CHERI/cheribsd/issues/2617.

Reviewed by:	markj, kib
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D56493
2026-05-06 21:23:04 -07:00
Alex Richardson 1ed2ef42e0 p9fs: Move UMA zone initialization to VFS module lifecycle
Previously, the UMA zones required for 9P requests (p9fs_buf_zone,
p9fs_req_zone, etc.) were initialized and destroyed in the
virtio_p9fs transport module. This caused issues when unloading
the core p9fs module.

This change moves p9_init_zones() and p9_destroy_zones() into
p9fs_init() and p9fs_uninit() inside p9fs_vfsops.c so that they
are correctly bound to the VFS filesystem module lifecycle via
vfs_modevent, aligning p9fs with standard FreeBSD VFS semantics.

Found while fixing https://github.com/CTSRD-CHERI/cheribsd/issues/2617.

Reviewed by:	kib
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D56492
2026-05-06 21:23:04 -07:00
Alex Richardson 3fe5069ce2 virtio_p9fs: Fix kernel panic on module unload
The virtio_p9fs module event handler can be invoked multiple times.
Previously, this caused p9_init_zones() and p9_register_trans() to be
executed multiple times, leaking UMA zones and corrupting the transport
list. During module unload, p9_destroy_zones() was also called multiple
times on the same zone pointers, triggering a duplicate free kernel panic
in uma_zdestroy().

This patch introduces a static reference counter in vt9p_modevent() to
ensure the zones and transports are only initialized and destroyed exactly
once, aligning with the approach used by other virtio drivers like vtnet.

Reviewed by:	kib, markj
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D56497
2026-05-06 21:23:03 -07:00
Alex Richardson 3daa43b1bb sys: Make priority.h and rtprio.h include all dependencies
This ensures this header can be included without an explicit or implicit
sys/types.h include first. This causes issues building SPEC2017 which
includes sys/rtprio.h and then we get an error due to missing u_char
definition.

Reviewed by:	emaste
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D52041
2026-05-06 21:23:03 -07:00
Simon J. Gerraty 586838724e Remove PROC_CHECK_PRIV macro from sys_process.c
Just put the priv_check calls in the code.

Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D56864
2026-05-06 20:49:06 -07:00
Maxim Konovalov 09d81767e3 freebsd-base.7: style 2026-05-07 01:50:45 +00:00
Marek Zarychta b2e4da0b53 devd: Use PF_LOCAL instead of PF_INET
Avoid dependency on INET (IPv4) by using PF_LOCAL,
allowing media check to work on systems without INET support.

PR:		295045
Reviewed by:	kevans
MFC after:	1 week
2026-05-06 20:28:08 -05:00
Jan Bramkamp 58811b0ae0 jail: open the fstab files with fopen("re")
This protects against accidentally leaking them past fork()+exec()
in future refactorings.

PR:		295052
Reviewed by:	kevans
2026-05-06 18:28:53 -05:00
Jan Bramkamp 276d9b88a9 jail: avoid leaking jail config fds to exec.* hooks
The jail(8) command must not leave parsed configuration files open
since the file descriptors will be leaked to child processes
including the untrusted exec.start or exec.stop hooks.

While fopen() doesn't provide direct access to O_CLOEXEC, it does
provide access to FD_CLOEXEC via "e" in the mode string which
provides the desired defense in depth against leaking file descriptors
into exec.* hooks since those always execve() into a shell.

Jail configuration is potentially sensitive and some hooks execute from
within the jail context, leaving some opening for the jail to exfiltrate
information about the host environment.

(Commit message wordsmithed by kevans)

PR:		295052
Reviewed by:	kevans
MFC after:	3 days
2026-05-06 18:28:53 -05:00
Enji Cooper 3348fa7a45 Revert "Skip sys.netinet6.frag6.frag6_19.frag6_19 in CI"
Per [siva@'s comment on the PR][1], this testcase now passes cleanly in CI.

PR:	274941
MFC after:	1 week

[1]: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274941#c6

This reverts commit 86e87c3bd1.
2026-05-06 16:08:26 -07:00
Martin Matuska efa8679e7f zfs: merge openzfs/zfs@a12c6ed62
Notable upstream pull request merges:
 #18473 b8d959640 Fix rare cksum errors after rebuild
 #18477 e78a51dd6 Fix off-by-one in PREVIOUSLY_REDACTED handler that drops
                  last block
 #18482 d5099c330 Initialize vr_last_txg for rebuild
 #18483 872f01019 Zstd: rework ZSTD_isError symbol renaming
 #18489 366b1f9a3 Fix long POSIX_FADV_DONTNEED for single block files

Obtained from:	OpenZFS
OpenZFS commit:	a12c6ed62f
2026-05-07 01:07:56 +02:00
Alexander Ziaee c4af3f13a4 freebsd-base.7: Document adding a local repo
MFC after:		1 day
Discussed with:		bcr, ivy, kevans, ngie
Differential Revision:	https://reviews.freebsd.org/D56608
2026-05-06 17:25:26 -04:00
Baptiste Daroussin 2a86992ab5 nuageninit: modify the test to show the issue fixed inc316ec259011
Ensure the script used is invalid when parsed by libyaml which
highlight the issue revealed in PR295062

while at here validate the mode of the file is properly changed

PR:		295062
MFC After:	1 day
2026-05-06 23:16:37 +02:00
John Baldwin 5df7dae10d kobj: Use M_WAITOK in kobj_init
Blocking allocation is safe in all of the current callers of kobj_init
(most of them do a M_WAITOK malloc of the structure passed as the
first argument to kobj_init just before calling it).  kobj_init
doesn't return an error code but instead panics if the nested malloc
in kobj_class_compile1 fails, so using M_WAITOK here is more robust.

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D56625
2026-05-06 16:53:46 -04:00
John Baldwin 5a6e5954d1 kobj: Assert class passed to kobj_init_static is compiled
Inspired by discussion in
https://github.com/freebsd/freebsd-src/pull/2016

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D56624
2026-05-06 16:53:46 -04:00
Ariel Ehrenberg bf636accdd mlx5en: destroy TIR before DEK during TLS RX teardown
Reorder the TLS RX teardown sequence so the TIR is destroyed before
the DEK.  DESTROY_TIR for a TLS-enabled TIR issues a TRA RX fence
that drains all in-flight packets from the crypto pipeline.  If the
DEK is destroyed first, packets still in flight hit a TPT encryption
error (vendor syndrome 0x55) because the key they reference is
already gone.

Reviewed by:	kib
Sponsored by:	Nvidia networking
MFC after:	1 week
2026-05-06 23:52:12 +03:00
Baptiste Daroussin c316ec2590 nuageinit: only parse user_data as yaml when necessary
This fixes a regression introduced in cae280931c which prevents
user_data as a shell script to be used

PR:		295062
Reported by:	Ross McKelvie <ross@exitzero.uk>
MFC After:	1 day
2026-05-06 22:20:45 +02:00
Hans Rosenfeld 84a9574180 sys/cdefs.h: Introduce __maybe_unused attribute
The __maybe_unused attribute should be used for variables which may or
may not be used, such as when their only use is in an assertion. This
attribute is functionally identical to __unused, suppressing compiler
warnings for particular variable if it remains unused.

Reviewed by:	Minsoo Choo <minsoo@minsoo.io>, imp
Differential Revision:	https://reviews.freebsd.org/D56517
2026-05-06 15:51:46 -04:00
tickerguy 103f9883d1 rtadvd(8): Honor pltime/vltime in interface declarations
Currently rtadvd ignores interface pltime/vltime specifications
unless the (static) address range is also included in the config file.
This extends the validity of a pltime and/or vltime stanza in
the config file for an interface to delegated addresses from
an upstream provider.

Signed-off-by:	tickerguy <karl@denninger.net>
PR:		288426
Reviewed by:	pouria
Pull Request:	https://github.com/freebsd/freebsd-src/pull/1863
2026-05-06 22:49:13 +03:30
Ed Maste 76d756eaa6 Makefile.vm: Split error condition
Make it clear which of two possible cases applies.

Reviewed by: cperciva
Differential Revision: https://reviews.freebsd.org/D56837
2026-05-06 13:50:07 -04:00
Hans Rosenfeld bc9f667eb1 bhyve/virtio-scsi: Don't invoke iov_to_buf() in an assert() expression
If anyone would build bhyve with -DNDEBUG, any code in the expression
in assert() won't be executed.  Instead put the return value in a
temporary variable to assert that it has the expected value.

Reviewed by: emaste, markj (earlier version)
Fixes: 2a514d377b ("bhyve/virtio-scsi: Preallocate all I/O requests")
Differential Revision: https://reviews.freebsd.org/D55803
2026-05-06 13:36:48 -04:00
Brian Behlendorf a12c6ed62f ZTS: Remove threadsappend_001_pos exception
Commit f828a80c may have resolved the underlying cause for
the occasional CI failures observed for this test.  Remove
the exception to ensure any new occurrences are noticed.

Reviewed-by: Tony Hutter <hutter2@llnl.gov>
Reviewed-by: Tino Reichardt <milky-zfs@mcmilk.de>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #6136
Closes #18495
2026-05-06 09:44:33 -07:00
Ryan Libby 872f010193 Zstd: rework ZSTD_isError symbol renaming
The import of Zstd v1.5.7 in a2ac9cd606
added an unconditional renaming of ZSTD_isError to zfs_ZSTD_isError
with an asm directive.  Instead, do it with a define that is conditioned
on whether zstd_compat_wrapper.h is actually in use.  Also add a define
to that header so that it can be detected.  This allows the build to
work without using the compat wrapper.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Ryan Libby <rlibby@FreeBSD.org>
Closes #18483
2026-05-06 09:42:54 -07:00
Gality ae37f05d87 linux: verify stale znodes in legacy fallocate
The mode=0 and FALLOC_FL_KEEP_SIZE preallocation path can reach
zfs_freesp() directly and call zfs_statvfs() before going through the
normal zpl_enter_verify_zp() boundary.

When zfs_rezget() tears down a failed SA reload, a stale inode may
remain alive in the VFS with z_sa_hdl cleared. The unchecked
fallocate path can then reach sa_lookup(zp->z_sa_hdl, ...) through
zfs_statvfs() or zfs_freesp() and crash on a NULL SA handle.

Use zfs_enter_verify_zp() in zfs_statvfs() so stale znodes are
rejected under the teardown lock for both fallocate and statfs.
Also wrap the direct zfs_freesp() call in
zpl_enter_verify_zp()/zfs_exit() so this path follows the same
validation rules as the other Linux ZPL file operations.

Fixes: f734301d22
("linux: add basic fallocate(mode=0/2) compatibility")

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: ZhengYuan Huang <gality369@gmail.com>
Co-authored-by: gality369 <gality369@example.com>
Closes #18458
2026-05-06 09:40:14 -07:00
Rick Macklem 448b4c3f7f nfs_clsubs.c: Fix ncl_getcookie() when "pos" is negative
In ncl_getcookie(), a very large value for "off" for
a directory can result in "pos" being set to a bogus
value (including a negative one), due to truncation.
When "pos" is negative, is can skip past the
while (pos >= NFSNUMCOOKIES) loop and return a
bogus pointer instead of NULL.

This patch changes the type to u_int and also adds
a sanity check for a very large "off" to ensure that
a NULL pointer is returned for this case.

This bug has been in the code for decades and I am
not aware of any report of it causing a problem for
users.

Reviewed by:	markj
Reported by:	Joshua Rogers of AISLE Research Team
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D56779
2026-05-06 07:54:55 -07:00
Lexi Winter e3e5b86e3b README.md: Add packages/ directory
Fixes:	bb75b0d581 ("packages: Convert world to a subdir build")
MFC after:	2 weeks
Reviewed by:	des, emaste
Differential Revision:	https://reviews.freebsd.org/D56839
2026-05-06 15:46:29 +01:00
Mark Johnston 3d8928114c eventhandler: Fix the NODEBUG build
Reported by:	Michael Butler <imb@protected-networks.net>
Fixes:		735b16d490 ("eventhandler: Fix a race when pruning eventhandlers")
2026-05-06 14:39:52 +00:00
Baptiste Daroussin 748402ebf2 devmatch: read linker.hints from all module paths
Previously, devmatch would stop at the first linker.hints file
found in kern.module_path. This meant modules installed in
/boot/modules/ were invisible to devmatch if /boot/kernel/
contained a linker.hints file (which it always does).

Merge hints from all directories in kern.module_path.
This allows third-party or out-of-tree kernel modules in
/boot/modules/ to be auto-loaded by devmatch just like
built-in modules.

Reviewed by:		imp
Differential Revivion:	https://reviews.freebsd.org/D56847
2026-05-06 16:16:54 +02:00
Mark Johnston 486c2dfaa7 if_vlan: Use the exclusive lock everywhere
Running sys/net tests in parallel reveals some panics which look like
the one below:

```
shared lock of (sx) vlan_sx @ /home/markj/sb/main/src/sys/net/if_vlan.c:2395
while exclusively locked from /home/markj/sb/main/src/sys/net/if_vlan.c:1850
panic: excl->share
cpuid = 9
time = 1776467219
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe00d84e0780
vpanic() at vpanic+0x136/frame 0xfffffe00d84e08b0
panic() at panic+0x43/frame 0xfffffe00d84e0910
witness_checkorder() at witness_checkorder+0xdb1/frame 0xfffffe00d84e0ad0
_sx_slock_int() at _sx_slock_int+0x64/frame 0xfffffe00d84e0b10
vlan_ioctl() at vlan_ioctl+0x25c/frame 0xfffffe00d84e0b70
if_setflag() at if_setflag+0xdc/frame 0xfffffe00d84e0be0
ifpromisc() at ifpromisc+0x27/frame 0xfffffe00d84e0c00
vlan_setflags() at vlan_setflags+0x64/frame 0xfffffe00d84e0c30
vlan_unconfig_locked() at vlan_unconfig_locked+0xb7/frame 0xfffffe00d84e0c70
vlan_clone_destroy() at vlan_clone_destroy+0x5d/frame 0xfffffe00d84e0cb0
if_clone_destroyif_flags() at if_clone_destroyif_flags+0x8c/frame 0xfffffe00d84e0cf0
if_clone_detach() at if_clone_detach+0x106/frame 0xfffffe00d84e0d20
vnet_destroy() at vnet_destroy+0x154/frame 0xfffffe00d84e0d50
prison_deref() at prison_deref+0xaf5/frame 0xfffffe00d84e0dc0
sys_jail_remove() at sys_jail_remove+0x1a7/frame 0xfffffe00d84e0e00
amd64_syscall() at amd64_syscall+0x169/frame 0xfffffe00d84e0f30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00d84e0f30
--- syscall (508, FreeBSD ELF64, jail_remove), rip = 0x25bd44705ca, rsp = 0x25bcfe72ab8, rbp = 0x25bcfe72b40 ---
```

All vlan interfaces are locked by a single recursive global lock.  There
are cases, like in the panic above where vlans are stacked on top of
each other, where the driver tries to acquire an exclusive lock while
holding a shared lock, and vice versa.

With longer-term goals of making the networking regression test suites
stable when run in parallel, and simplifying network control plane
locking, which I find is quite complex and buggy, let's change if_vlan
to use the exclusive lock everywhere.

Reviewed by:	pouria, zlei, kp, glebius
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D56778
2026-05-06 11:48:24 +00:00
Mark Johnston 735b16d490 eventhandler: Fix a race when pruning eventhandlers
By default, eventhandler_deregister() blocks until it reaches some point
where no threads are invoking the event.  At this point, it knows that
1) no threads are currently executing the handler,
2) some thread has freed the eventhandler structure by virtue of having
   called eventhandler_prune_list(),
so it is safe to return.

Suppose a thread is trying to deregister an event handler.  A different
thread prunes it, and wakes up the first thread.  Before the first
thread runs, a third thread grabs the event handler lock, and starts
executing handlers.  The first thread observes el_runcount > 0, and goes
back to sleep.  The third thread sees no event handlers to prune, and
doesn't wake up the first thread, which sleeps forever.

This change fixes the race and tries to make eventhandler_invoke() more
efficient: keep a count of the number of dead list entries and only
prune the list if there is at least one dead entry.  Also, in
eventhandler_deregister(), we only need to sleep if some dead entries
are present, rather than sleeping whenever some thread is running
handlers.

Reviewed by:	kib
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D56767
2026-05-06 11:48:05 +00:00
Xin LI 8223661346 Revert "zstd: disable weak-symbol tracing hooks in the kernel"
This reverts commit de2ea5423c which is
no longer needed after 1dddb580f9 .

Tested by:	mmel
2026-05-06 01:27:55 -07:00
Abdelkader Boudih 081d3ab24e ichsmb: add Ice Lake-LP (0x34a3) and Ice Lake-N (0x38a3) SMBus device IDs
Add PCI device IDs for two Ice Lake PCH SMBus controller variants:
- 0x34a3 (Ice Lake-LP), previously listed as the generic "Ice Lake" entry (ID_ICELAKE), renamed to ID_ICELAKELP for clarity.
- 0x38a3 (Ice Lake-N), a separate PCH variant not previously supported.

Reviewed by:	adrian
Differential Revision:	https://reviews.freebsd.org/D56732
2026-05-05 18:31:48 -07:00
Ed Maste 0979bfb0ec smsc: Add missing newline to PHY timeout error printf 2026-05-05 19:51:43 -04:00
Dag-Erling Smørgrav 2fef18ff59 certctl: Unstickify (un)trusted certificates
Ever since certctl was rewritten in C, the rehash command has reingested
TRUSTDESTDIR / UNTRUSTDESTDIR in addition to TRUSTPATH / UNTRUSTPATH.
This seemed like a good idea at the time but was, in retrospect, a
mistake, as it means a (un)trusted certificate remains (un)trusted
forever (or at least until it expires) even if it is removed from
(UN)TRUSTPATH.  Among other issues, it causes ports QA to fail for any
port that either installs certificates or depends on a port that does.

Although this behavior was undocumented, the change may surprise users
who have added certificates manually, so update the manual page to point
it out and add prominent warnings to the trust and untrust commands.

PR:		290078
MFC after:	1 week
Reviewed by:	kevans, bcr
Differential Revision:	https://reviews.freebsd.org/D56617
2026-05-06 00:30:52 +02:00
Kristof Provost c24b1d9359 pfctl: handle errors from PFNL_CMD_GETSTATES
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-05-05 22:20:42 +02:00
Kristof Provost a0e4c65f18 pf: do not reject rules with colliding hashes
We insert rules in pf_krule_global solely for the benefit of the
'keepcounters' feature. Failing to insert (beause the rule hash
collides, or an identical rule already exists) would be worse than
restoring counts to the wrong rule (or failing to restore them at all).

PR:		282863, 294860, 294859, 294858
MFC after:	3 days
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D56745
2026-05-05 22:20:42 +02:00