Commit Graph

306114 Commits

Author SHA1 Message Date
Jose Luis Duran fef84fd8ae libexecinfo: tests: Expect failure on aarch64
Add a guard that expects a failure of the test on aarch64.

Reviewed by:	emaste
Fixes:		df1ea58873 ("tests: Test libexecinfo backtrace call througth signal trampoline")
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D54675
2026-01-14 17:07:56 +00:00
Jose Luis Duran fd26fb8987 CODEOWNERS: Add jlduran as a blocklist CODEOWNER
Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D54696
2026-01-14 17:07:56 +00:00
Jonathan T. Looney 9c4a41d33b mca(4): Add man page
Reviewed by:	markj
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D54115
2026-01-14 16:26:45 +00:00
Konstantin Belousov 6f41575a94 tuning.7: wording fixes
Submitted by:	markj
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D54572
2026-01-14 17:38:24 +02:00
Oliver Pinter 8cd687a726 tuning.7: use the correct word for collapsing
Fixes: 457b940bfb
Signed-off-by: Oliver Pinter <oliver.pntr+freebsd@gmail.com>
MFC after:	1 week
2026-01-14 17:38:18 +02:00
Baptiste Daroussin 52d19df19e nvi: import version 2.2.2 2026-01-14 16:28:57 +01:00
Jose Luis Duran b8480379ad mtree: usr: Add missing pkg/triggers entry
Reviewed by:	ivy
Fixes:		ea5e50c298 ("packages: Add a mandoc package")
Differential Revision:	https://reviews.freebsd.org/D54682
2026-01-14 14:29:35 +00:00
Jose Luis Duran 0d9fd06b03 gdb: Add missing mtree debug entry
Reviewed by:	markj
Fixes:		ea675a43f0 ("libexec/kgdb: Add new modules and install them together with debug info")
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D54680
2026-01-14 14:27:51 +00:00
Baptiste Daroussin 3110ba7750 Vendor import nvi 2.2.2 2026-01-14 14:57:09 +01:00
Baptiste Daroussin 68ad2b0d7a ncurses: merge update to ncurses 6.6
6.6 is ABI compatible with 6.5 (tested with abidiff)
Remove html documentation to ease updates

MFC After:	1 month
2026-01-14 14:48:32 +01:00
Baptiste Daroussin c5a1e08b52 Vendor import ncurses 6.6 2026-01-14 13:37:49 +01:00
Kristof Provost fc353e5e61 pfctl: allow new page character (^L) in pf.conf
PF configuration files can contains many things.

Using the new page characters (i.e. ^L, \014) to mark the beginning
of parts is useful because many editors such as emacs and vim has
facilities to jump next/previous ones.

PR:		86635
MFC after:	2 weeks
Submitted by:	MOROHOSHI Akihiko <moro@remus.dti.ne.jp>
Submitted by:	Simon Wollwage <rootnode+freebsd@wollwage.com>
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 12:31:58 +01:00
Kristof Provost 3a609881c8 pf: remove unused function
pf_qid2qname() was never used. Remove it

Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:44 +01:00
Kristof Provost 098febfcc1 pf tests: test block/no-match limiters
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:44 +01:00
Kristof Provost e28dfd6b55 pfctl: make the source limiter output match the input
When printing source limiters use the same keywords as we accept on
input, that is use 'entries' for the entries value (not 'limit') and
'limit' for the limit value (and not 'states').

Update the test case to match.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:43 +01:00
Kristof Provost 8716d8c7d9 pf: configurable action on limiter exceeded
This change extends pf(4) limiters so administrator
can specify action the rule executes when limit is
reached. By default when limit is reached the limiter
overrides action specified by rule to no-match.
If administrator wants to block packet instead then
rule with limiter should be changed to:

   pass in from any to any state limiter test (block)

OK dlg@

Obtained from:	OpenBSD, sashan <sashan@openbsd.org>, 04394254d9
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:43 +01:00
Kristof Provost 1ee4405a00 pf: avoid a shadowed variable in the pf_create_state() source limiter handling
the code that unwinds state creation when something fails needed
the pf_source variable at the function scope to be set, but this
was masked by a declaration in the scope that sets up the source
limiting. this results in a NULL deref in the unwind code when it
needs to clean up the accounting for a source limiter.

i found it funny that i left this comment for myself in the unwinding
code:

        /* who needs KASSERTS when we have NULL derefs */

ok jmatthew@

Obtained from:	OpenBSD, dlg <dlg@openbsd.org>, fc9311361f
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:43 +01:00
Kristof Provost 1550fcf802 pf.conf.5: s/State Limiter/&s/ in .Ss
linked with the plural from other text, and
matches "Source Limiters. From Atanas Vladimirov.

Obtained from:	OpenBSD, sthen <sthen@openbsd.org>, d4acfc5766
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:43 +01:00
Kristof Provost 7af7d6d61d pfctl: distinguish broadcast and PPP peer addresses
pfctl_parser.c, ifa_load() should distinguish between broadcast
and PPP peer address when it populates interface table for rule
parser.

OK @claudio, OK @dlg

Obtained from:	OpenBSD, sashan <sashan@openbsd.org>, 2e871bec67
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:42 +01:00
Kristof Provost 393243a38d pfctl: ifa_load() in pfctl_parser.c may attempt to read beyond the buffer.
The current ifa_load() is not paranoid enough when it deals with
information which comes from kernel. The function just ignores
sa_len member in socket address returned getifaddrs().

The issue has been reported by anton@. The idea for fix here comes
fromy claudio@.

OK @claudio, @deraadt

Obtained from:	OpenBSD, sashan <sashan@openbsd.org>, a48d060175
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:42 +01:00
Kristof Provost 95ee802f41 pf: state/source limiter finishing touches
Those finishing touches were supposed to land
with source/state limiter changes. I failed to
spot them during code review.

OK dlg@

Obtained from:	OpenBSD, sashan <sashan@openbsd.org>, 098c19176b
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:42 +01:00
Kristof Provost f2d2d6f010 pf: remove redundant range checks
the range checks are not needed because both members
(statelim and sourcelim) are uint8_t, they implicitly
fit desired range <0, 255>. Unbreaks gcc build.
Pointed out by deraadt@

OK deraadt@

Obtained from:	OpenBSD, sashan <sashan@openbsd.org>, 3a7be1e428
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:41 +01:00
Kristof Provost 02126f8cb3 pf.conf.5: spelling
Obtained from:	OpenBSD, jsg <jsg@openbsd.org>, 86739c769e
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:41 +01:00
Kristof Provost e3319f9190 pf tests: extend the source limiter test
Also enumerate and kill individual source addresses.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:41 +01:00
Kristof Provost 086a3cb4b8 pf tests: basic source limiters test case
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:41 +01:00
Kristof Provost cb7a5d9401 pf tests: state limiter rate test
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:40 +01:00
Kristof Provost a10e8e78c8 pf tests: basic state limiters test case
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:40 +01:00
Kristof Provost 445a3c86e6 pfctl tests: basic source and state limiter tests
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:40 +01:00
Kristof Provost 398ca30cb6 pfctl.8: mention -k source -k <IP>
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:39 +01:00
Kristof Provost 63d5d1b0b3 pfctl: improve limiters printing
Deviate a little from the OpenBSD code, to avoid unexpected output
changes.

Don't print limiter information when we show the rules (or labels).
Do include the source and state limiters in the 'all' (pfctl -sa) output
and give them their own titles.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:39 +01:00
Kristof Provost aafa123641 pfctl: resolve '-s' ambiguity
The 'introduce source and state limiters' commit added source and state
limiters, and used Stlimiters and Srclimiters as show options. However,
FreeBSD had 'Sources' as a show option already. This means that
'pfctl -sS' would now be ambiguous. Avoid this by renaming the new
options.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:39 +01:00
Kristof Provost c72fb110e4 pf: convert state limiter interface to netlink
This is a new feature with new ioctl calls, so we can safely remove them
right now.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:39 +01:00
Kristof Provost 4616481212 pf: introduce source and state limiters
both source and state limiters can provide constraints on the number
of states that a set of rules can create, and optionally the rate
at which they are created. state limiters have a single limit, but
source limiters apply limits against a source address (or network).
the source address entries are dynamically created and destroyed,
and are also limited.

this started out because i was struggling to understand the source and
state tracking options in pf.conf, and looking at the code made it
worse. it looked like some functionality was missing, and the code also
did some things that surprised me. taking a step back from it, even it
if did work, what is described doesn't work well outside very simple
environments.

the functionality i'm talking about is most of the stuff in the
Stateful Tracking Options section of pf.conf(4).

some of the problems are illustrated one of the simplest options:
the "max number" option that limits the number of states that a
rule is allowed to create:

- wiring limits up to rules is a problem because when you load a
  new ruleset the limit is reset, allowing more states to be created
  than you intended.
- a single "rule" in pf.conf can expand to multiple rules in the
  kernel thanks to things like macro expansion for multiple ports.
  "max 1000" on a line in pf.conf could end up being many times
  that in effect.
- when a state limit on a rule is reached, the packet is dropped.
  this makes it difficult to do other things with the packet, such a
  redirect it to a tarpit or another server that replies with an
  outage notices or such.

a state limiter solves these problems. the example from the pf.conf.5
change demonstrates this:

     An example use case for a state limiter is to restrict the number of
     connections allowed to a service that is accessible via multiple
     protocols, e.g. a DNS server that can be accessed by both TCP and UDP on
     port 53, DNS-over-TLS on TCP port 853, and DNS-over-HTTPS on TCP port 443
     can be limited to 1000 concurrent connections:

           state limiter "dns-server" id 1 limit 1000

           pass in proto { tcp udp } to port domain state limiter "dns-server"
           pass in proto tcp to port { 853 443 } state limiter "dns-server"

a single limit across all these protocols can't be implemented with
per rule state limits, and any limits that were applied are reset
if the ruleset is reloaded.

the existing source-track implementation appears to be incomplete,
i could only see code for "source-track global", but not "source-track
rule". source-track global is too heavy and unweildy a hammer, and
source-track rule would suffer the same issues around rule lifetimes
and expansions that the "max number" state tracking config above has.

a slightly expanded example from the pf.conf.5 change for source limiters:

     An example use for a source limiter is the mitigation of denial of
     service caused by the exhaustion of firewall resources by network or port
     scans from outside the network.  The states created by any one scanner
     from any one source address can be limited to avoid impacting other
     sources.  Below, up to 10000 IPv4 hosts and IPv6 /64 networks from the
     external network are each limited to a maximum of 1000 connections, and
     are rate limited to creating 100 states over a 10 second interval:

           source limiter "internet" id 1 entries 10000 \
                   limit 1000 rate 100/10 \
                   inet6 mask 64

           block in on egress
           pass in quick on egress source limiter "internet"
           pass in on egress proto tcp probability 20% rdr-to $tarpit

the extra bit is if the source limiter doesn't have "space" for the
state, the rule doesn't match and you can fall through to tarpitting
20% of the tcp connections for fun.

i've been using this in anger in production for over 3 years now.

sashan@ has been poking me along (slowly) to get it in a good enough
shape for the tree for a long time. it's been one of those years.

bluhm@ says this doesnt break the regress tests.
ok sashan@

Obtained from:	OpenBSD, dlg <dlg@openbsd.org>, 8463cae72e
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2026-01-14 07:44:38 +01:00
Abdelkader Boudih c498eaa2f9 asmc: Add support for MacBookPro11,5
Add support for the MacBookPro11,5 (Mid 2015, 15-inch with AMD Radeon R9 M370X GPU)
  to the Apple SMC driver.

  Debug testing revealed this model lacks several SMC keys present on MacBookPro11,4
  (IBLC, ICMC, IC2C), that model-specific sensor definitions.

Differential Revision:	https://reviews.freebsd.org/D54665
Reviewed by:	adrian
2026-01-13 19:14:49 -08:00
Abdelkader Boudih a24166d23d mtw(4): Fix warm reboot initialization failures for MT7601U
The mtw(4) driver works correctly on initial boot, but fails to initialize
  the MT7601U WiFi adapter after a warm reboot.

  Users must either physically unplug and replug the USB adapter, or perform a
  full power cycle to restore functionality, if usb power is always powered
  (only a replug works)

  The root cause is that warm reboot does not power-cycle USB devices,
  leaving the MT7601U in a stale state from the previous session.

  The MCU retains its ready flag and the device ignores initialization
  commands, resulting in timeout waiting for MCU to initialize errors.

  At the OS Level, pinging 1.1.1.1 will work, but the speed will be very
  slow. In addition in debug mode, we see thousand of error logs.

  This patch addresses the issue by:

  * Performing USB re-enumeration on attach to reset the device state
  * Detecting when the MCU is already marked ready (stale from previous
    session) and forcing a reset of the MCU before loading firmware
  * Increasing the firmware load timeout from 3s to 10s to accommodate
    slower initialization after reset
  * Increasing MCU ready poll attempts from 100 to 300 with longer delays
    to handle devices that take longer to become ready after reset

  Note: The increase was random, lower value might work.

Test Plan:

  Tested on MacBook Pro (late-2015) and a MacMini with MediaTek MT7601U
  USB adapter across multiple warm reboot cycles.

  With the mac-mini and a another desktop, the issue happens only if
  connected via an always powered usb hub port in the monitor.
  The laptop don't power cycle it power.

Differential Revision:	https://reviews.freebsd.org/D54659
Reviewed by:	adrian
2026-01-13 18:40:20 -08:00
Quentin Thébault 5e1c7867e1 vt(4): allow up to _SIG_MAXSIG (128) for VT_SETMODE
VT_SETMODE ioctl currently checks the provided signal numbers with its
own ISSIGVALID macro that uses NSIG (32) as a maximum, although the code
that will actually send the signal in sys/kern/kern_sig.c uses
_SIG_VALID which allows up to _SIG_MAXSIG (128).

This change aligns the vt code with the kernel internals and enables the
use of higher signal numbers so that applications are not limited to
SIGUSR1 and SIGUSR2 for vt release and acquire signals.

Signed-off-by:	Quentin Thébault <quentin.thebault@defenso.fr>
Reviewed by:	emaste, imp, kevans
Differential Revision:	https://reviews.freebsd.org/D53615
2026-01-13 18:15:30 -06:00
Aymeric Wibo 7669cbd0f0 acpi: Suspend-to-idle support (s2idle)
Implement STYPE_SUSPEND_TO_IDLE sleep type added in c43473dc9b
("sys/power: Generic sleep types").

This is a prerequisite for the firmware to enter the S0ix states. When
suspending to idle, the system stays in an ACPI S0 state, but the CPUs
are idled and devices are suspended/resumed before and after this as
they would be when entering any other sleep type (except for AWAKE and
POWEROFF).

Factor out do_standby, do_sleep, and add a new do_idle function for
idling the CPU (a future patch will make this an idle loop and not just
a simple cpu_idle() call). In do_idle, SCIs (interrupt 9) are enabled to
allow wake events to break the CPU out of idle.

Record all the steps made instead of just the last one in slp_state,
which allows for more flexible unwinding (will be useful to not have to
goto breakout if the SPMC entry call fails when that is committed).

A lot of this borrows from Ben Widawsky's patch: D17675. The main
functional difference with that patch is that suspend-to-idle is a
wholly separate sleep type in this one as opposed to being an
alternative implementation for s2mem (S3).

Reviewed by:	emaste, olce
Approved by:	olce
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D48734
2026-01-13 23:21:05 +01:00
Aymeric Wibo 38f941deb6 x86: Add intr_enable_src()
Function to enable specific IRQ source.

This will be used by the s2idle code to enable just SCIs on x86 to break
the CPU out of idle.

Reviewed by:	olce
Approved by:	olce
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D48734
2026-01-13 23:21:05 +01:00
Gleb Smirnoff e8348e2b35 enc: create an interface at SI_SUB_PROTO_IF stage
Creation of enc0 before SI_SUB_PROTO_MC mangles the MLD list as well as
encounters IGMP mutex not initialized yet.

Reported & tested by:	mjg

NB: the enc(4) is not a true interface indeed.  In a perfect world the
module shall not create a cloner, shall not enter if_attach(), shall not
trigger ifnet_arrival_event, neither shall have any protocol attached to
it. The enc0 exists for two purposes: 1) create a bpf(9) tap; 2) to allow
injection packets in the middle of ipsec(4) processing temporarily
rewriting m_pkthdr.rcvif to point at enc0.  While the problem 1 is already
solved with a recent divorce between bpf(9) and ifnet(9), the problem 2 is
harder to solve without breaking packet filter rules that use "via enc0".
2026-01-13 13:30:22 -08:00
Gleb Smirnoff c1376acb8a ipfw: find_tentry method is defined for any table algorithm
The error path is never taken.  Also the path was leaking a lock.

Noticed by:	ae
2026-01-13 10:08:49 -08:00
Mark Johnston 66eedcb022 sdt: Fix the probe ID type in struct sdt_probe
This is supposed to be a dtrace_id_t, which is a uint32_t, while id_t is
a uint64_t.  sdt.h avoids depending on dtrace.h so we can't use
dtrace_id_t directly.

Bump __FreeBSD_version since the layout of structures in the SDT probe
linker set has changed.

Sponsored by:	NetApp, Inc.
Sponsored by:	Klara, Inc.
2026-01-13 17:07:37 +00:00
Konstantin Belousov acb71820d6 vm_map_entry_delete(): fix the calculation of swap release
Reported and tested by:	andrew
Fixes:	d160447129
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2026-01-13 19:06:38 +02:00
Harry Moulton bdaa120b30 arm64: Fix MAIR_ATTR_MASK
Use the correct value when calculating the mask.

(commit message by andrew@)

Sponsored by:	Arm Ltd
2026-01-13 15:28:04 +00:00
Sarah Walker 2708369395 crypto: Update sha256 and sha512 ifuncs to use passed HWCAP flags
Reviewed by:	andrew
Sponsored by:   Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D54600
2026-01-13 15:28:04 +00:00
Sarah Walker 41ccf82b29 libc/aarch64: Use MOPS implementations of memcpy/memmove/memset where availble
Reviewed by:	andrew
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D54560
2026-01-13 15:28:04 +00:00
Sarah Walker 5eec353120 libc/csu: Pass HWCAP flags to ifunc resolver functions
Function arguments are based on Section 9.4.1 "GNU C Library IFUNC interface"
from "System V ABI for the Arm 64-bit Architecture (AArch64)", 2025Q1.
(https://github.com/ARM-software/abi-aa/releases/download/2025Q1/sysvabi64.pdf)

Reviewed by:	andrew
Sponsored by:   Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D54599
2026-01-13 15:28:04 +00:00
Sarah Walker a652357fb5 rtld-elf: Pass HWCAP flags to ifunc resolver functions
Function arguments are based on Section 9.4.1 "GNU C Library IFUNC interface"
from "System V ABI for the Arm 64-bit Architecture (AArch64)", 2025Q1.
(https://github.com/ARM-software/abi-aa/releases/download/2025Q1/sysvabi64.pdf)

Reviewed by:	kib, andrew
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D54559
2026-01-13 15:28:04 +00:00
Sarah Walker 449339bdba arm64: Provide ifunc HWCAP structure definitions
IFUNC structure is based on Section 9.4.1 "GNU C Library IFUNC interface"
from "System V ABI for the Arm 64-bit Architecture (AArch64)", 2025Q1.
(https://github.com/ARM-software/abi-aa/releases/download/2025Q1/sysvabi64.pdf)

Reviewed by:	andrew
Sponsored by:   Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D54598
2026-01-13 15:28:04 +00:00
Sarah Walker 591c7a08bf arm64: Enable MOPS in userspace
Detect presence of FEAT_MOPS, and enable instruction set and set HWCAP2 flag
if present.

Add handler for MOE exceptions.

Reviewed by:	andrew
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D54558
2026-01-13 15:28:03 +00:00
Sarah Walker 0685fc435c arm64: Add FEAT_MOPS register fields
(commit message by andrew@)

Reviewed by:	andrew
Sponsored by:	Arm Ltd
2026-01-13 15:27:57 +00:00