Closed
Conversation
GCC does not like passing NULL (__null) to std::ostringstream::operator<<
inside of ATF_REQUIRE_EQ:
lib/libc/tests/net/inet_net_test.cc: In member function 'virtual void {anonymous}::atfu_tc_inet_net_ntop_invalid::body() const':
lib/libc/tests/net/inet_net_test.cc:306:9: error: passing NULL to non-pointer argument 1 of 'std::__1::basic_ostream<_CharT, _Traits>& std::__1::basic_ostream<_CharT, _Traits>::operator<<(long int) [with _CharT = char; _Traits = std::__1::char_traits<char>]' [-Werror=conversion-null]
306 | ATF_REQUIRE_EQ(ret, NULL);
| ^~~~~~~~~~~~~~
In file included from /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/sstream:317,
from /usr/obj/.../amd64.amd64/tmp/usr/include/atf-c++/macros.hpp:29,
from /usr/obj/.../amd64.amd64/tmp/usr/include/atf-c++.hpp:29,
from lib/libc/tests/net/inet_net_test.cc:33:
/usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/__ostream/basic_ostream.h:338:81: note: declared here
338 | basic_ostream<_CharT, _Traits>& basic_ostream<_CharT, _Traits>::operator<<(long __n) {
| ~~~~~^~~
...
Approved by: re (cperciva)
Fixes: 8f4a0d2 ("libc: Import OpenBSD's inet_net_{ntop,pton}")
(cherry picked from commit aa358ce)
(cherry picked from commit 848ca53)
GCC warns about the sign mismatch in comparisons:
lib/libc/tests/net/inet_net_test.cc: In member function 'virtual void {anonymous}::atfu_tc_inet_net_inet4::body() const':
lib/libc/tests/net/inet_net_test.cc:86:17: error: comparison of integer expressions of different signedness: 'int' and 'const unsigned int' [-Werror=sign-compare]
86 | ATF_REQUIRE_EQ(bits, addr.bits);
| ^~~~~~~~~~~~~~
lib/libc/tests/net/inet_net_test.cc: In member function 'virtual void {anonymous}::atfu_tc_inet_net_inet6::body() const':
lib/libc/tests/net/inet_net_test.cc:205:17: error: comparison of integer expressions of different signedness: 'int' and 'const unsigned int' [-Werror=sign-compare]
205 | ATF_REQUIRE_EQ(bits, addr.bits);
| ^~~~~~~~~~~~~~
Approved by: re (cperciva)
Fixes: 8f4a0d2 ("libc: Import OpenBSD's inet_net_{ntop,pton}")
(cherry picked from commit e1aeb58)
(cherry picked from commit 7ffd190)
Provide the IPPROTO_UDP in the arg2 parameter of udp_pcblist() and use this to determine the inpcbinfo. This allows the same function to be used in an upcoming commit to provide the list of pcbs for UDP-Lite just by providing IPPROTO_UDPLITE in the arg2 parameter. Approved by: re (cperciva) Reviewed by: rrs Differential Revision: https://reviews.freebsd.org/D53218 (cherry picked from commit be3c59f) (cherry picked from commit 3653781)
Export the list of pcbs for UDP-Lite to be consumed by sockstat and netstat. Approved by: re (cperciva) Reviewed by: Peter Lei, Nick Banks Differential Revision: https://reviews.freebsd.org/D53229 (cherry picked from commit be93b27) (cherry picked from commit da7a90f)
With this patch UDP-Lite endpoints are also shown per default. Approved by: re (cperciva) Reviewed by: Nick Banks Differential Revision: https://reviews.freebsd.org/D53252 (cherry picked from commit c2b08c1) (cherry picked from commit 372b604)
With this patch UDP-Lite endpoints are also show per default. Approved by: re (cperciva) Reviewed by: Peter Lei, Nick Banks Relnotes: yes Differential Revision: https://reviews.freebsd.org/D53230 (cherry picked from commit f48c639) (cherry picked from commit c10317b)
When copying the data in the first mbuf to get rid of the UDP header, use the correct length. It was copying too much (8 bytes, the length of the UDP header). This only applies to handling TCP over UDP packets. The support for TCP over UDP is disabled by default. Approved by: re (cperciva) Reported by: jtl Reviewed by: Peter Lei Sponsored by: Netflix, Inc. (cherry picked from commit bfda98a) (cherry picked from commit c566953)
Don't duplicate the last component. Approved by: re (cperciva) PR: 290362 Reported by: John F. Carr <jfc@mit.edu> Fixes: d06a009 Reviewed by: jilles, Goran Mekić <meka@tilda.center> Pull Request: freebsd#1878 (cherry picked from commit f6d767f) (cherry picked from commit be122b4)
This version is based on git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git e5f0a698b34ed76002dc5cff3804a61c80233a7a ( tag: v6.17 ). Some of the changes we reported upstream got incorporated in this (or the v6.16) release. This also includes a change from iwlwifi-next.git::next for missing symbols iwl_mvm_v3_rate_from_fw() and iwl_mvm_v3_rate_to_fw() were originally comitted to mvm/rs.[ch] which we do not have. That left us with unresolved symbols. For the never comitted v6.16 driver update I had started to piece these together but they have been migrated out to utils.c so take them from there until the next release hopefully ships this change. Approved by: re (cperciva) Obtained from: git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-next.git branch next, 1b49af228594452206d5c50a33b6a341428edb63 (cherry picked from commit 6b627f8) (cherry picked from commit e89beee)
One some systems, under some conditions, pulling a USB stick would read(2) returning EIO and not ENXIO, like it should and used to. Recoverdisk(1), which does not give up on EIO, like most programs would, spins furiously. Arguably, deadfs was always wrong in returning EIO, because once you get to deadfs no operation will ever work again, but we used to take a different path through devfs_vnops.c which got us the ENXIO. Something changed recently, and while testing this fix, I noticed that drm-kmod-66/i915kms may be the condition which trigger the different code-path. Approved by: re (cperciva) MFC to: stable/15 Fixes: 289785 Thanks to: imp, kib (cherry picked from commit 2612f1b) (cherry picked from commit 44e214f)
Currently mod_play_vchans() and mod_rec_vchans() run unconditionally, even if the direction (playback, recording) is not supported by the device. This results in the "autoconv" (see mod_autoconv()) control failing when run on simplex devices, because we'll be trying to modify vchans on an unsupported direction. Test whether the direction is supported and silently move on if it isn't. Approved by: re (cperciva) Sponsored by: The FreeBSD Foundation MFC after: 4 days Differential Revision: https://reviews.freebsd.org/D53233 (cherry picked from commit 70b34fb) (cherry picked from commit e015e07)
OpenZFS 2.4.0 rc3 Notable upstream pull request merges: #17750 964dfc3 FreeBSD: Correct _PC_MIN_HOLE_SIZE #17793 b9d1e28 ddt prune: Add SCL_ZIO deadlock workaround #17799 1585a10 Make mount/share errors non-fatal for zfs create/clone #17801 073b34b Fix display of default xattr to show 'sa' #17803 e09c86c zvol: verify IO type is supported #17807 -multiple zpool iostat: fix regressions in "all pools" mode after #17786 #17826 b9356f0 Explicit set ashift for non-leaf vdevs #17830 f0bff23 Suppress some ashift warnings #17833 c1f55bf Fix the type of the raidz_outlier_check_interval_ms parameter #17836 799bda7 Fix return value for setting zvol threading #17834 f0c76f8 libzpool/cmn_err: remove suppression, add stop option, cleanup #17843 1956417 mmap_seek: print error code and text on failure #17847 7987d4d Update device removal documentation #17851 6f6e1c9 FreeBSD: zfs_getpages: Don't zero freshly allocated pages Approved by: re (cperciva) Obtained from: OpenZFS OpenZFS commit: 814f9af OpenZFS tag: zfs-2.4.0-rc3 (cherry picked from commit ce7e1f8)
Approved by: re (cperciva) (cherry picked from commit 51d5e8c)
TCP stats are currently incremented for the persist and progress timeout conditions, but only the persist cause was saved in the connection end info status, which in turn is logged in the blackbox "connection end" event. Approved by: re (cperciva) Reviewed by: tuexen Sponsored by: Netflix, Inc. (cherry picked from commit 1a61a67) (cherry picked from commit 6b81787)
The MCA spin lock is acquired in the hardware interrupt context to record MCA messages. It is also acquired by a task handler to emit those messages. Reduce the amount of time the task handler holds the lock to reduce the maximum amount of time the hardware interrupt handler may need to spin on the lock. Approved by: re (cperciva) Reviewed by: glebius, markj Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D52938 (cherry picked from commit e770e32) (cherry picked from commit d83dee3)
Release notes at https://nlnetlabs.nl/news/2025/Sep/18/unbound-1.24.0-released/ Approved by: re (cperciva) MFC after: 1 week Merge commit '0064eb9cf1c8d526e87d3149249445d4bc8d0248' (cherry picked from commit b2efd60) (cherry picked from commit 0143f06)
Without this setting, Unbound 1.24.0 and newer will attempt to set the socket buffer size to 4 MB to mitigate issues that mostly affect servers with large numbers of clients on local networks, which is not a scenario local-unbound is intended for. This is not only a waste of resources, it can also fail, resulting in a warning message on daemon startup. Approved by: re (cperciva) Fixes: b2efd60 ("unbound: Vendor import 1.24.0") Reviewed by: jlduran, cy Differential Revision: https://reviews.freebsd.org/D52977 (cherry picked from commit de3faa8) (cherry picked from commit 65629ac)
Release notes at https://nlnetlabs.nl/news/2025/Oct/22/unbound-1.24.1-released/ Approved by: re (cperciva) Security: CVE-2025-11411 Merge commit '73dd92916f532cb3fe353220103babe576d30a15' (cherry picked from commit 8b29c37) (cherry picked from commit fc3c317)
Honor the IPPROTO_IPV6-level socket option IPV6_TCLASS when sending an UDP/IPv4 packet on an AF_INET6 socket. Approved by: re (cperciva) Reviewed by: bz, glebius Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D53346 (cherry picked from commit 3535546) (cherry picked from commit 8f5162f)
Honor the IPPROTO_IPV6-level cmsg of type IPV6_TCLASS when sending an UDP/IPv4 packet on an AF_INET6 socket. Approved by: re (cperciva) Reviewed by: bz Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D53347 (cherry picked from commit d3a3854) (cherry picked from commit e31ff08)
When adding a syncache entry, take a reference count of the credentials while the inp is still locked. Thanks to markj@ for providing a hint regarding the root cause. Approved by: re (cperciva) Reported by: David Marker Reviewed by: glebius Tested by: David Marker Fixes: cbc9438 ("tcp: improve ref count handling when processing SYN") Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D53380 (cherry picked from commit 44cb1e8) (cherry picked from commit 9611bf2)
It seems like _QUAD_LOWWORD was incorrectly expanded into 1, which is correct for big endian but not little endian. This means we always grab the padding word for the syscall number, which is usually 0, causing SIGSYS to be delivered to the caller. Reintroduce _QUAD_LOWWORD to fix the syscall. Approved by: re (cperciva) PR: 290411 MFC after: 1 week Discussed with: jrtc27 Reviewed by: cognet, emaste Approved by: markj (mentor) Fixes: 8c9c314 Differential Revision: https://reviews.freebsd.org/D53250 (cherry picked from commit 1ca0953) (cherry picked from commit c824960)
We have provided implementations for hard float of these for a while now. Add them to the header to make things official. This is required for a bunch of legacy programs in ports. Approved by: re (cperciva) Approved by: markj (mentor) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D53156 (cherry picked from commit a8079d4) (cherry picked from commit af39e51)
The pt hwt(4) backend uses NMIs to receive updates about the latest t racing buffer offsets from the tracing hardware. However, it uses taskqueue(9) to schedule the bottom-half handler. This can lead to a panic since the taskqueue(9) code isn't aware it's being called from an NMI context and uses the regular scheduling interfaces. Fix this by scheduling the bottom-half handler using swi(9) and the SWI_FROMNMI flag. Approved by: re (cperciva) Fixes: 310162e MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D52491 (cherry picked from commit 96d82d2) (cherry picked from commit 56b4719)
This defaults to plain "pkg", but being able to override it is useful when testing pkg itself. Approved by: re (cperciva) Reviewed by: cperciva MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D53307 (cherry picked from commit bbe65c5) (cherry picked from commit 79fbc4c)
We bump the object reference count prior to mapping it into the kernel map, at which point the vm_map_entry owns the reference. Then, if vm_map_wire() fails, vm_map_remove() will release the reference, so we should avoid decrementing it in the error path. Approved by: re (cperciva) Reported by: Ilja van Sprundel <ivansprundel@ioactive.com> Reviewed by: vmaffione MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D53066 (cherry picked from commit dfc1041) (cherry picked from commit 6e1f477)
* Always install the manual page as pam_krb5(8) regardless of which version we're using. * Regenerate it using pod2mdoc instead of pod2man so it doesn't claim to be part of “User Contributed Perl Documentation”. * Put the correct section number in the header and footer. * Don't cross-reference non-existent pam(7) manual page. Approved by: re (cperciva) Reviewed by: cperciva Differential Revision: https://reviews.freebsd.org/D53885 (cherry picked from commit 961b934) (cherry picked from commit 4166181)
For 15.0, apply a minimal fix which at least ensures that inotify can't trigger the latent race described in commit 99cb3dc ("vnode: Rework vput() to avoid holding the vnode lock after decrementing"). Approved by: re (cperciva) Reviewed by: olce, kib MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D53774 (cherry picked from commit ebc1787) (cherry picked from commit 1f6e3ab)
This will hopefully be the final RC build before the release. Approved by: re (implicit)
Approved by: re (cperciva) Reviewed by: imp Pull Request: freebsd#1890 (cherry picked from commit bf4c748) (cherry picked from commit 6162f86)
Approved by: re (cperciva) Reviewed by: imp Pull Request: freebsd#1890 (cherry picked from commit 80ec82a) (cherry picked from commit cbe0ccd)
The upstream refactoring of ndaregister() to split out ndasetgeom() accidentally used an uninitialed variable to decide whether or not to set DISKFLAG_UNMAPPED_BIO. Fix this by moving that portion of ndasetgeom() back up to ndaregister(). The check for PIM_UNMAPPED is not really needed because nvme devices always have that set, so it cannot change in the other path that ndasetgeom() is now called. Approved by: re (cperciva) Reviewed by: cperciva, gallatin, imp Fixes: dffd882 Sponsored by: Netflix MFC After: 1 minute (cherry picked from commit 2b4dbad) (cherry picked from commit e271f93)
Add a fix to apply scrubbing of unsolicited NS RRSets (and their respective address records) for YXDOMAIN and nodata non-referral answers. This prevents a malicious actor from exploiting a possible cache poison attack. Approved by: so Approved by: re (cperciva) Obtained from: NLnet Labs Security: FreeBSD-SA-25:10.unbound Security: CVE-2025-11411
Approved by: so Approved by: re (cperciva)
This is a manual page update describing the functionality that was added to mdo(1) in commit 3ca1e69 ("mdo(1): Add support and shortcuts for fully specifying users and groups"). Please either refer to that commit or the new manual page's content for more information. While here: - Add to the introduction a description of process credentials and some specific vocabulary that is used throughout the page, as well as the relationship between mdo(1) and mac_do(4). - Update the HISTORY section. - Add AUTHORS and SECURITY CONSIDERATIONS sections. Approved by: re (cperciva) Reviewed by: ziaee MFC after: 1 minute Sponsored by: The FreeBSD Foundation Sponsored by: Google LLC (GSoC 2025) Co-authored-by: Kushagra Srivastava <kushagra1403@gmail.com> Differential Revision: https://reviews.freebsd.org/D53905 (cherry picked from commit 73dd00f) (cherry picked from commit dc75034)
Rather than fetching packages directly from the CDN which currently
backs pkgbase.freebsd.org, requests will go to pkg.freebsd.org mirrors
and be 302ed to the correct servers. This adds ~70 seconds to the
process of installing or upgrading a pkgbase system; it also orphans
systems with 15.0-{PRERELEASE,ALPHA*,BETA*} installed since they are
expecting to see pkgbase files signed with the pkg keys, not the new
pkgbase signing keys.
Approved by: re (cperciva)
Reviewed by: dch, philip
MFC after: immediately (for 15.0-RELEASE)
With hat: re
Requested by: clusteradm, core
Differential Revision: https://reviews.freebsd.org/D53964
(cherry picked from commit a3b0902)
(cherry picked from commit 0c87d29)
- Bump BRANCH to RELEASE - Add the anticipated RELEASE announcement date - Set a static __FreeBSD_version Approved by: re (implicit)
FreeBSD: Fix a potential null dereference in zfs_freebsd_fsync() In general it's possible for a vnode to not have an associated VM object. This happens in particular with named pipes, which have some distinct VOPs, defined in zfs_fifoops. Thus, this chunk of zfs_freebsd_fsync() needs to check for the FIFO case, like other vm_object_mightbedirty() callers do. (Note that vn_flush_cached_data() calls are predicated on zn_has_cached_data() returning true, and it checks for a NULL v_object pointer already.) Fixes: ef4058f Reported-by: Collin Funk <collin.funk1@gmail.com> Reviewed-by: Sean Eric Fagan <sef@FreeBSD.org> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Alexander Motin <alexander.motin@TrueNAS.com> Signed-off-by: Mark Johnston <markj@FreeBSD.org> Closes #18015 MFC after: 3 days Approved by: so Security: FreeBSD-EN-25:19.zfs (cherry picked from commit fa259d1) (cherry picked from commit d988a0c)
This change fixes two checks that conflated memory mapping and memory segment idenitifers. In both cases the code iterates over all memory mappings but passes the index to `vm_memseg_sysmem`, which is wrong. Fix this by passing the memory mapping's segment identifier instead. Differential Revision: https://reviews.freebsd.org/D54210 Reviewed by: markj Fixes: c76c2a1 PR: 290920 Approved by: so Security: FreeBSD-EN-25:20.vmm (cherry picked from commit f1809ea) (cherry picked from commit 4f7436b)
Reported by: Kevin Day <kevin@your.org> Approved by: so Security: FreeBSD-SA-25:12.rtsold Security: CVE-2025-14558
Approved by: so
This broke the human output formatting in several ways. This reverts commit 4cf5878. This reverts commit e8d6b58. This reverts commit c759aca. Approved by: so Security: FreeBSD-EN-26:01.devinfo PR: 291511 Reviewed by: imp, des Differential Revision: https://reviews.freebsd.org/D54196 (cherry picked from commit 43b07bd) (cherry picked from commit ed6612d)
The SVE signal context needs to be correctly aligned. Fix this by creating a new macro to calculate the needed size to provide this alignment, and use it when setting and checking the saved SVE signal context. Approved by: so Security: FreeBSD-EN-26:02.arm64 Reported by: cperciva Reviewed by: cperciva, markj Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D54396 (cherry picked from commit a9e77eb) (cherry picked from commit 683decf)
This is a rollup commit from upstream to fix: Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (CVE-2025-11187) Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467) NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (CVE-2025-15468) "openssl dgst" one-shot codepath silently truncates inputs >16MB (CVE-2025-15469) TLS 1.3 CompressedCertificate excessive memory allocation (CVE-2025-66199) Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160) Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418) Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419) Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420) NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421) Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795) ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (CVE-2026-22796) See https://openssl-library.org/news/secadv/ for additional details. Approved by: so Obtained from: OpenSSL Security: FreeBSD-SA-26:01.openssl Security: CVE-2025-11187 Security: CVE-2025-15467 Security: CVE-2025-15468 Security: CVE-2025-15469 Security: CVE-2025-66199 Security: CVE-2025-68160 Security: CVE-2025-69418 Security: CVE-2025-69419 Security: CVE-2025-69420 Security: CVE-2025-69421 Security: CVE-2026-22795 Security: CVE-2026-22796
Approved by: so
The coredump logic calls get_arm64_sve twice: once to get the note size,
and once to get the data. The note size calculation depended on the
volatile `PCB_FP_SVEVALID` flag. If this flag was cleared between the
two calls (e.g., due to a context switch clearing the flag to comply
with the ABI), the second call would expect a smaller buffer size than
the first, triggering a KASSERT panic ("invalid size").
Fix this by ensuring the SVE state is saved to the PCB before we decide
whether to use SVE or VFP.
Approved by: so
Security: FreeBSD-EN-26:04.arm64
PR: 292195
Reviewed by: andrew
Differential Revision: https://reviews.freebsd.org/D54532
(cherry picked from commit 93d3ac1)
(cherry picked from commit c70a68b)
* Fix file descriptor leak in the server * Fix race between parent and child in popenve() * Don't assume fdopen() can't fail Approved by: so Security: FreeBSD-SA-26:03.blocklistd Security: CVE-2026-2261
Approved by: so
arm64: Add CPU identification for Apple M3 (Sawtooth/Malacca) and M4 (Seymour/Tahoe) series Extend the Apple CPU part definitions in cpu.h and the identification table in identcpu.c to include M3 and M4 models, as well as virtualized Apple CPUs (e.g., UTM/Framework fallback). This provides better strings in dmesg, sysctl hw.model, etc., on newer Apple Silicon hardware. No functional/behavioral changes; purely cosmetic/enhancement. Includes reordering for logical grouping (M3 before M4).
|
Thank you for taking the time to contribute to FreeBSD! There are a few issues that need to be resolved:
Note Please review CONTRIBUTING.md, then update and push your branch again. Some of files have special handling: Important @jillest wants to review changes to bin/sh |
Author
|
Superseded by new PR targeting main with clean changes (no custom config, proper Signed-off-by). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This extends CPU model detection beyond M1/M2 for better dmesg and sysctl hw.model output on newer Apple Silicon hardware.
The JackS config is a custom/personal kernel config for testing; happy to remove if not suitable for upstream.