From nobody Mon Mar 31 02:41:52 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZQwPr6KfXz5sTV9;
	Mon, 31 Mar 2025 02:41:52 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZQwPr4PG5z43KW;
	Mon, 31 Mar 2025 02:41:52 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743388912;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=BbnRGKPlhMU0CpkeXc0zRWrIAbkoq0JfleZTVxWpmbc=;
	b=DJ/R+XEotc8JHnDHJn7mKdK3apeZmZknmtSltOQkjPR/yjErWINg68zg1LI/Y8jZ9n4N4W
	1TDljw0W4azGcVJQpxLU0YCmA6W1VYMeh3FGLUOH/FTp9Qk1GNP99YwRsnDLMYI6iXykGK
	BrZR69aK0jQIUPSC7uxNDONK8papfO6VBoo/EHkI5h2ZI+8kT4uoWuXk+yS9SfJqemp4dD
	URWg3NBkIjDDK7+192NXD8Xzjohvu0+9+MHXcgoODWxIzIm5YbBteyv4zUHsRkB1IBHWmJ
	btVxFNF8U5vFOZ8gz+Wqo8i3yP+igt646Jn/oaCKIM41P01V5628t+9iayxlQA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743388912; a=rsa-sha256; cv=none;
	b=GNgVL8IumTbPF0lg/7bE1jC+0lKYb7LkM0ked3FXfsol1C2wb+SpfwE0W5lzup1wmKUzYG
	DcDROwmAcP9gVPk2pDB9+MgZSmByO28lyDv5+Nitmm/wHOOnOe8lrR30AWbOOpO9pYXJtN
	6OP0FCCu3C3IPWDjwfH+ueCdSqrJhWuvfk9tayV3ZL3zRa73xnThh+ObCBeU5QpJc03yIx
	/6ulUaYjnUm4JIVKnyOCNoXqsTTNQe/g76xFCQfM7XP7/bNm19Xr63ST2IFKWqcALvSPQh
	Fj8Nxhhpd16WlWHJcXZLwOfX3i1pqYNEbh3jYIv/MKYHKbLNMwK8PbloMhUnzQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743388912;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=BbnRGKPlhMU0CpkeXc0zRWrIAbkoq0JfleZTVxWpmbc=;
	b=qu6Lwb67GlLN+1pdXBGxM9jIbTpFlOxpMlD08jDAt8kFcfPV0IdDh+3gm8fxXcF7Vbc116
	Zz0j+juspmUsk9G1hP2Rgi3f3YfrN6ZbKSH1/7326BWY6KEjCnP9FG9yUqPmRBR7lrXfrU
	U+d8yJuoIwq8PeYySS3m0E3GzvREyO3/NvGsndj81cFh0xeVMjmEBbvviF7JeQpNoIHICZ
	E466tRb6p4h5elkcITHfs2ZTJdvmVYaodyrMJq3H/70WkGaspfOb5JesHIwlVlZ+hrjMqo
	LhFPmndZRX/vis3KcbrChJxcH2VvzCnQ5lSPUQJdESHMHfkEuVaAiMdKbncs6A==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZQwPr3w44z9SX;
	Mon, 31 Mar 2025 02:41:52 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52V2fqEF064275;
	Mon, 31 Mar 2025 02:41:52 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52V2fqLl064272;
	Mon, 31 Mar 2025 02:41:52 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 02:41:52 GMT
Message-Id: <202503310241.52V2fqLl064272@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Konstantin Belousov <kib@FreeBSD.org>
Subject: git: 8056c9649171 - stable/14 - libprocstat: change
  psc_type_info array to use designated initializers
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kib
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 8056c964917156e5a824a5fa78826b7746ce7567
Auto-Submitted: auto-generated

The branch stable/14 has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=8056c964917156e5a824a5fa78826b7746ce7567

commit 8056c964917156e5a824a5fa78826b7746ce7567
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2025-03-15 00:28:07 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2025-03-31 02:41:32 +0000

    libprocstat: change psc_type_info array to use designated initializers
    
    (cherry picked from commit ba2fb6b367fd513ea5812a496254d3a05ec380b8)
---
 lib/libprocstat/core.c | 60 ++++++++++++++++++++++++++++++++++++++++----------
 lib/libprocstat/core.h |  2 +-
 2 files changed, 49 insertions(+), 13 deletions(-)

diff --git a/lib/libprocstat/core.c b/lib/libprocstat/core.c
index cf3435a10c79..1f64e728b0af 100644
--- a/lib/libprocstat/core.c
+++ b/lib/libprocstat/core.c
@@ -62,18 +62,54 @@ static struct psc_type_info {
 	unsigned int	n_type;
 	int		structsize;
 } psc_type_info[PSC_TYPE_MAX] = {
-	{ .n_type  = NT_PROCSTAT_PROC, .structsize = sizeof(struct kinfo_proc) },
-	{ .n_type = NT_PROCSTAT_FILES, .structsize = sizeof(struct kinfo_file) },
-	{ .n_type = NT_PROCSTAT_VMMAP, .structsize = sizeof(struct kinfo_vmentry) },
-	{ .n_type = NT_PROCSTAT_GROUPS, .structsize = sizeof(gid_t) },
-	{ .n_type = NT_PROCSTAT_UMASK, .structsize = sizeof(u_short) },
-	{ .n_type = NT_PROCSTAT_RLIMIT, .structsize = sizeof(struct rlimit) * RLIM_NLIMITS },
-	{ .n_type = NT_PROCSTAT_OSREL, .structsize = sizeof(int) },
-	{ .n_type = NT_PROCSTAT_PSSTRINGS, .structsize = sizeof(vm_offset_t) },
-	{ .n_type = NT_PROCSTAT_PSSTRINGS, .structsize = sizeof(vm_offset_t) },
-	{ .n_type = NT_PROCSTAT_PSSTRINGS, .structsize = sizeof(vm_offset_t) },
-	{ .n_type = NT_PROCSTAT_AUXV, .structsize = sizeof(Elf_Auxinfo) },
-	{ .n_type = NT_PTLWPINFO, .structsize = sizeof(struct ptrace_lwpinfo) },
+	[PSC_TYPE_PROC] = {
+		.n_type  = NT_PROCSTAT_PROC,
+		.structsize = sizeof(struct kinfo_proc)
+	},
+	[PSC_TYPE_FILES] = {
+		.n_type = NT_PROCSTAT_FILES,
+		.structsize = sizeof(struct kinfo_file)
+	},
+	[PSC_TYPE_VMMAP] = {
+		.n_type = NT_PROCSTAT_VMMAP,
+		.structsize = sizeof(struct kinfo_vmentry)
+	},
+	[PSC_TYPE_GROUPS] = {
+		.n_type = NT_PROCSTAT_GROUPS,
+		.structsize = sizeof(gid_t)
+	},
+	[PSC_TYPE_UMASK] = {
+		.n_type = NT_PROCSTAT_UMASK,
+		.structsize = sizeof(u_short)
+	},
+	[PSC_TYPE_RLIMIT] = {
+		.n_type = NT_PROCSTAT_RLIMIT,
+		.structsize = sizeof(struct rlimit) * RLIM_NLIMITS
+	},
+	[PSC_TYPE_OSREL] = {
+		.n_type = NT_PROCSTAT_OSREL,
+		.structsize = sizeof(int)
+	},
+	[PSC_TYPE_PSSTRINGS] = {
+		.n_type = NT_PROCSTAT_PSSTRINGS,
+		.structsize = sizeof(vm_offset_t)
+	},
+	[PSC_TYPE_ARGV] = {
+		.n_type = NT_PROCSTAT_PSSTRINGS,
+		.structsize = sizeof(vm_offset_t)
+	},
+	[PSC_TYPE_ENVV] = {
+		.n_type = NT_PROCSTAT_PSSTRINGS,
+		.structsize = sizeof(vm_offset_t)
+	},
+	[PSC_TYPE_AUXV] = {
+		.n_type = NT_PROCSTAT_AUXV,
+		.structsize = sizeof(Elf_Auxinfo)
+	},
+	[PSC_TYPE_PTLWPINFO] = {
+		.n_type = NT_PTLWPINFO,
+		.structsize = sizeof(struct ptrace_lwpinfo)
+	},
 };
 
 static bool	core_offset(struct procstat_core *core, off_t offset);
diff --git a/lib/libprocstat/core.h b/lib/libprocstat/core.h
index d6cb60dc9e25..8f6aa40192da 100644
--- a/lib/libprocstat/core.h
+++ b/lib/libprocstat/core.h
@@ -31,7 +31,7 @@
 #define _CORE_H
 
 enum psc_type {
-	PSC_TYPE_PROC,
+	PSC_TYPE_PROC = 0,
 	PSC_TYPE_FILES,
 	PSC_TYPE_VMMAP,
 	PSC_TYPE_GROUPS,

From nobody Mon Mar 31 02:41:53 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZQwPt1FtTz5sTn7;
	Mon, 31 Mar 2025 02:41:54 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZQwPs52qBz43T0;
	Mon, 31 Mar 2025 02:41:53 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743388913;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=4VjpfIl8IgNzZq2enAlvT/PHYSHaJDUVKXsFG2VA2f0=;
	b=T7zEZ/+D9YEUih+JsxOjQ5DsU65z9hQE0Uo5xtu6dD1j20lLjO5XyWTW/ZAA6+WhOS5yM7
	UGLmSOiHkFOpU4K9b1jJT6Oh9Puz31pS7tNJp41gYJddJQ3piRhFc7IEnkqA/+t8hbJn7E
	OgRDvuG3W2/lI1U/rtiucjuUhHpB+h5dwXU8W0OzCwzyExCRUavRU/HjuyMFQCL8ubIK18
	Xxa1h8lgTk2rHBoFid+jaGEc5MykQ4fkD/qJNPncxsr0M+Z+wWX7/hXdjzdJi+HqJW/hsT
	OWuPT0MRjfWoFhmC0cnXgG8TDXSbjc19+7wwu43J8w5JqIdFCsBR+bRBKuXEFA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743388913; a=rsa-sha256; cv=none;
	b=F87Z3YLnVEvvhtbBCUNwDmut0cjXbfs4f93oAlWPHjW0U2cUNKzjOqfOTFHfUZhAlgdfBJ
	rlHz93VNSBKM3tPvsTHDedLzFhrkdVgxisRZ8o2yieo7rSwGLPKVfRuCMgOe8EqZWclBqX
	Vr4n1NpQlx/oGVE3wiNkrvc3GjMnxc//k5ivkTOXAehAS7BvC/RHMy7YgFbfU8yxKQsFk+
	K8mrUx2dkCmb2x5Jm3ODcihBPtmK7sb+u4gdrNCXo3RMbpuVaojSoW7r1ksFKKUY56tGLv
	f3DTiAeGLLNn05BVWN1WdnoKrk2IAI9x5BjwxWU3Ut+X51mDf6ma/xq8HVh9aw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743388913;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=4VjpfIl8IgNzZq2enAlvT/PHYSHaJDUVKXsFG2VA2f0=;
	b=B8+SnJml3vwN7UmRL3Mre7gvQTP97cSoUol3Hhi3QuDjsud+rhw567pIHC2SxeBcBks6AF
	v9CJOBbjXynNrLb8ssBz+3FIgsl0+rVFDwbrCRXhSLEm5nvHmv92Erlssvhf8f++EGfROq
	OPaCidTi8+NmOdyzMdD9b8yFJZ97TAlfhNHKUbCvo6Zl5OlZw7cyB4Xz3dBeB9FoEg5f1l
	0Pr2iXKY2GcDsREUbBr8I3GAI5iZUwEvX69Y6swPwZbY8Lnc+Rd3bmhPmF4bcDY2LeCdnb
	mn9b/7qKLSM3aI0pR/IrJG2gH4518zYVJsz6ggWpFi541uZQSnNXVaBhCuDibA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZQwPs4PFTz9x9;
	Mon, 31 Mar 2025 02:41:53 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52V2frOb064315;
	Mon, 31 Mar 2025 02:41:53 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52V2frWc064312;
	Mon, 31 Mar 2025 02:41:53 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 02:41:53 GMT
Message-Id: <202503310241.52V2frWc064312@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Konstantin Belousov <kib@FreeBSD.org>
Subject: git: 192aae0a9f62 - stable/14 - libprocstat: constify
  psc_type_info[]
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kib
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 192aae0a9f62417dd8558ee753f8853e224f0399
Auto-Submitted: auto-generated

The branch stable/14 has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=192aae0a9f62417dd8558ee753f8853e224f0399

commit 192aae0a9f62417dd8558ee753f8853e224f0399
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2025-03-18 01:43:54 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2025-03-31 02:41:32 +0000

    libprocstat: constify psc_type_info[]
    
    (cherry picked from commit debcd4c05701be0ff48c6b350ed6b3a80e5f0b1f)
---
 lib/libprocstat/core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/libprocstat/core.c b/lib/libprocstat/core.c
index 1f64e728b0af..a3e500367920 100644
--- a/lib/libprocstat/core.c
+++ b/lib/libprocstat/core.c
@@ -58,7 +58,7 @@ struct procstat_core
 	GElf_Phdr	pc_phdr;
 };
 
-static struct psc_type_info {
+static const struct psc_type_info {
 	unsigned int	n_type;
 	int		structsize;
 } psc_type_info[PSC_TYPE_MAX] = {

From nobody Mon Mar 31 02:41:54 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZQwPv0lWzz5sTPW;
	Mon, 31 Mar 2025 02:41:55 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZQwPt5KdWz43Kj;
	Mon, 31 Mar 2025 02:41:54 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743388914;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2gmD/b/ENDVYnioxdvZabTV27S2rBrN2L7W2UbiHWdU=;
	b=x8ayFZYmd4JAU9Fao9/yGkiowGUXXbIl5HAKPGfMSLnIPPSwDr4vZu8K1SUZFlcS81HEwA
	J/7hxgt1KkcjgZIZ5/p3X6im2OFJmVzDg4cNiCDeHIqXaRS1K3e/PSq+xHnqcm8oh1776d
	XPInzjfDePCsqE3DspKb4RqXqwOUlvbLS77wjf1w6jJkLh9RzBEuQox5DJhNEkNgZMGXSU
	tsSbyf8F5utHFgovZV01YnrJVP0N/TW8iluy54eeJC9GYQgUBeZYHp6VJjuKaWpev+Ut1q
	hs9zAtGpJ/DSxKjz0KPVLl4661J0WWHKN1hFqa0fsP2lsfxQG9Bt074Wpm/0Gg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743388914; a=rsa-sha256; cv=none;
	b=hJEr3m73KPmj7OBksWr25K+GnaZ/MtQrrmrbFoL449py12O70suIhmdGWc1cQ+cRwu1qBE
	oRAmnnuaBx0ngm1z65qPhBuuKKnoUdPkoRgmfQcpDQ7JyGI9/aYkRYIHK/Sbch5DJEWawE
	quYx/ueCLrkbI/tEHx2KwUc9/iMLCBmDJzxHpEV6V9vT/0f/ALWPID1Qw0SsqFc6zfwA0z
	bqcSz76Z20e/iK0L/CLwdtsHqzkxVeuU7EQ9H8Xh+yCejeuLXFGuFTKll8GsLZTwaym/gY
	RA49EEFzDgRVobaF7DqHYt/UAA01DqbstMgU8CJx4vIntQ/KqWVqpQLCeISdnQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743388914;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2gmD/b/ENDVYnioxdvZabTV27S2rBrN2L7W2UbiHWdU=;
	b=KdcppnX+8ahfvJoQosOgiwzkDp7ai1mslfxnOfH/loIdh+iJMHfPG/H1AoDRvLf7Blrpwd
	BZtjnNQ0JvV9yQO+Wm9oDIWH2VnRzwUB5g/wckFUQNSvVcBXibiFljyFrihGxihcWDBveo
	3pL4zhxOzGCelTIDNjD2RqzLonThtXUbzAZvat2BEg40MlqzGyjNpz9f2Ep/kU0pJnDcVr
	x0YRO4/RC0SOKq/loetD0Kb2SxbCwRT+deaTExWFVFawX7yh5XgHrAWN4XYTC9BxMrqxOb
	2chz3fZQYPaNFO0BTqIbsUTC4sojN4EH/xVVmvOu8/dBH2OSLDmz6TvkP+iAtQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZQwPt4l0BzBDH;
	Mon, 31 Mar 2025 02:41:54 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52V2fsqJ064349;
	Mon, 31 Mar 2025 02:41:54 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52V2fsIa064346;
	Mon, 31 Mar 2025 02:41:54 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 02:41:54 GMT
Message-Id: <202503310241.52V2fsIa064346@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Konstantin Belousov <kib@FreeBSD.org>
Subject: git: fb8c944d2b1f - stable/14 - procstat: decode SOCK_SEQPACKET
  unix domain socket type
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kib
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: fb8c944d2b1f704f1762d0757315db1b898f3413
Auto-Submitted: auto-generated

The branch stable/14 has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=fb8c944d2b1f704f1762d0757315db1b898f3413

commit fb8c944d2b1f704f1762d0757315db1b898f3413
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2025-03-26 18:42:31 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2025-03-31 02:41:32 +0000

    procstat: decode SOCK_SEQPACKET unix domain socket type
    
    (cherry picked from commit 8011df62f57f021a1b4f62d9beea4c25d9b37a23)
---
 usr.bin/procstat/procstat_files.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/usr.bin/procstat/procstat_files.c b/usr.bin/procstat/procstat_files.c
index 99a0580f50d4..fc1336f14c84 100644
--- a/usr.bin/procstat/procstat_files.c
+++ b/usr.bin/procstat/procstat_files.c
@@ -76,6 +76,8 @@ protocol_to_string(int domain, int type, int protocol)
 			return ("UDS");
 		case SOCK_DGRAM:
 			return ("UDD");
+		case SOCK_SEQPACKET:
+			return ("UDQ");
 		default:
 			return ("UD?");
 		}

From nobody Mon Mar 31 02:41:55 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZQwPw4C0Hz5sTnB;
	Mon, 31 Mar 2025 02:41:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZQwPv6QSQz43QV;
	Mon, 31 Mar 2025 02:41:55 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743388915;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=WK+fUtRu6KWxcDhfP4lpWRqGsY4FmrK/7J6ZlI4VCzk=;
	b=Dg6Y2MZsICcwMohYSDuLqsva7hT83vAncqaFAQO/lGAcd4UJRT3jGuKwCzInaUfPPDMccG
	FVC6TpW0E5C5L67WrEvhwqrujkuG8tXj8dlN0lvbfBkbvjTkYCT1Cv6GdGT7cmoriEQqR5
	G4u6iFVzdiuhfUG/cAoFYTrgNQGliJfrwjF1HqcH+P0x0v3ladm3PB+pHa8bx+OP/080QE
	ePBxlxOh5w8wZ2fVbfIXKfbMvwHmCBgtS97mk7k1Bqg47REIc2XMds0hQ/IfLroxDV+pcy
	xMArpaUkra1y7z+kSsz+8/B4zHXhTEo0Xd79D71bI5BuV0z7CLfzYlxNzBvXIA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743388915; a=rsa-sha256; cv=none;
	b=xCqrlO3Zz3/JQRudMI2+HXkUwmKqrRuXE23/coOG3uFW3QwRn01CfAQAClZrA7YiVr9czS
	d3XAFcwwNow9YiDvy0AXjCK078ud8ajYVYrilyxjPDJ2P3HlbnWpy1P+lQuM5CgYTwvtXb
	GkYe55W/juATvdZsN3lXa4cfTr7s7vRmeXSun99g82FnWy0YMUbDdu/jW3hHQQouZgyqnr
	v6FDcuQ+zO8AX0LNd6MwxOnocXaaA+l6+BpGFNdTMzfeasGGdKm8GtTH9495F2yM5olfAr
	zGGdOQjaHo4vB0ZQ/wDMddxfTbLC/tBACUDCiY1bVBJNvT8kfDmzPjkNAB5opA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743388915;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=WK+fUtRu6KWxcDhfP4lpWRqGsY4FmrK/7J6ZlI4VCzk=;
	b=qSGry43BsMogvfxhgcYwrWSOkiwBkOKxucZBD3CHRbz64Rg0NW8I7oKAx1CM9taxoGp9db
	ODGh/FlmKpjJlYNsTnJfgpcidkDJpgeRldG5YvaAMnNksyfKTzIm3VvnVOQn/q2c57/eP9
	8PXSVJQtcmSP8mEySaIsIgwxcGgaRzdQhiw8xYdhaLfO9fnIkE/fKHpkutf1Gd+a+Px0i6
	WLjduLg2p8Q6bZlDySdu2L2oF3i1A8/ZdIgtdW+w730JEnQIlmX2Z8dHLd6Qxmn1wp2AF7
	Mx3iTWXRLSEoAn1onSzb7hG8KWilxazgiLg1KG+RQr6kRELOyDbkleNkZYirJg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZQwPv606NzBDJ;
	Mon, 31 Mar 2025 02:41:55 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52V2ftT8064390;
	Mon, 31 Mar 2025 02:41:55 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52V2ftCe064387;
	Mon, 31 Mar 2025 02:41:55 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 02:41:55 GMT
Message-Id: <202503310241.52V2ftCe064387@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Konstantin Belousov <kib@FreeBSD.org>
Subject: git: a02f377d9579 - stable/14 - procstat.1: correct local
  socket types descriptions.
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kib
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: a02f377d9579e4335d50c7b38ad8cdcdcb2653b2
Auto-Submitted: auto-generated

The branch stable/14 has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=a02f377d9579e4335d50c7b38ad8cdcdcb2653b2

commit a02f377d9579e4335d50c7b38ad8cdcdcb2653b2
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2025-03-27 09:02:21 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2025-03-31 02:41:32 +0000

    procstat.1: correct local socket types descriptions.
    
    (cherry picked from commit 991329f507a893076a4119c90bb463de0ac15be9)
---
 usr.bin/procstat/procstat.1 | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/usr.bin/procstat/procstat.1 b/usr.bin/procstat/procstat.1
index c078b405d185..4f4c0df9575c 100644
--- a/usr.bin/procstat/procstat.1
+++ b/usr.bin/procstat/procstat.1
@@ -438,13 +438,9 @@ see
 .Pp
 .Bl -tag -width indent -compact
 .It UDD
-.Dv IPPROTO_UDP ;
-see
-.Xr udp 4 .
+Datagram socket.
 .It UDS
-.Dv IPPROTO_TCP ;
-see
-.Xr tcp 4 .
+Stream socket.
 .It UD?
 unknown protocol.
 .El

From nobody Mon Mar 31 02:41:56 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZQwPx2Sxzz5sTVD;
	Mon, 31 Mar 2025 02:41:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZQwPx01jSz43Nf;
	Mon, 31 Mar 2025 02:41:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743388917;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=5YA+eGrjTQqCEOYqwC9+6WprUnzwgv3kwwphslDFSII=;
	b=NP7qsxCdNjGgj61344yAXp1yn17p5X2vFEXRYmkRKdS+Cksja7wYyahlnt1yYG/fE0+hkY
	QWDMHTkRydMnHxSHZyXkNT62h0P12W/VTDgJZyftygT44OIy7X6unw1rhIwR6XqlV/3WUQ
	8wWUJo5IiJCummugOxC+cnc1ZzMv+LQavd2Za8qGA3TX9ZN+qZHDqZPCnqk3ZYIle7LJL/
	wiHjKos7oUzIUGIcsV+e8CpVj8swLDbEXTm1+Y/FDVaS3zTIwzLsaKBcs5L+N6C75XdOiK
	U1bz6Rb9fAodveHeIWVVAm6fuXn27Fr2jOoLuLKo2nDOxeXTSN4ckEXHYgyx4g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743388917; a=rsa-sha256; cv=none;
	b=WxLRyAAR/CeTUBaAZ+APCzl4XXm0NG2TDHeZDA6wuYHW6em4gw8YxKWCedNwXcnwKGWruv
	QjUemKLC6ZnsX+X2QC964JmDaza52thbxgvZyi9rSPan7YQKpG8bkQ/bbGA22jNrZomZmU
	w4B6csEoXtI/xcYVNzHJgCGhqVAmV7N9C0R5+E/G0RTW9AdyVtWaljEA6sA/ks97glVL2u
	HakAuDFL6lwf38o52gAfgC15U/Jhq0V9jdZZnE3Zw0tb/VehPFS5mLiNJHsGz8hy7XzkZQ
	WlzMkEL5bJ6SCjek85pYN9xoSW6IVa+IcQ+TJcKdz8m1ZXxgDb26XA6PaBLvSA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743388917;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=5YA+eGrjTQqCEOYqwC9+6WprUnzwgv3kwwphslDFSII=;
	b=i8iwX87micA7MuEkU62A8aDoNBSha2Wdv+I0fi3VGSKgwo6zj987Mo10kX1Hk+DShpiuAj
	rFcfHkKTJB/hQC3tHL2y014u+Ydfo9nJX8Mr+28ZDtQUgyNErfhS2+obKYERCPvhiJJSH3
	jbHPSLYR8q3AXf4xKPPRM0F6iqZ2cO6183u223kbmYxtTh2Ydj2RzT6o4WMnPpkRtXLgkP
	lf14+4FOKpNkH4MA9GaIboGJ3buUQMWzG0VvZdiIElUyVxM7/eU5FLsbmd7NvVZdD7oBjv
	GjVVeOnZaBIpoAf/UGKuLAtxGTOQ8rnxg5rSlNXvxxYhXCb56N0qojryNpH6Rg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZQwPw6dfvzB8V;
	Mon, 31 Mar 2025 02:41:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52V2fu60064426;
	Mon, 31 Mar 2025 02:41:56 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52V2fuQL064423;
	Mon, 31 Mar 2025 02:41:56 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 02:41:56 GMT
Message-Id: <202503310241.52V2fuQL064423@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Konstantin Belousov <kib@FreeBSD.org>
Subject: git: 04e4dda94f21 - stable/14 - procstat.1: document local
  SOCK_SEQPACKET socket display
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kib
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 04e4dda94f21a114409958c4948edaaaf2ad4721
Auto-Submitted: auto-generated

The branch stable/14 has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=04e4dda94f21a114409958c4948edaaaf2ad4721

commit 04e4dda94f21a114409958c4948edaaaf2ad4721
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2025-03-27 09:06:25 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2025-03-31 02:41:32 +0000

    procstat.1: document local SOCK_SEQPACKET socket display
    
    (cherry picked from commit 03dfb8d0211cf9d7405c4fd7d541dde28047001c)
---
 usr.bin/procstat/procstat.1 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/usr.bin/procstat/procstat.1 b/usr.bin/procstat/procstat.1
index 4f4c0df9575c..273d8339c42e 100644
--- a/usr.bin/procstat/procstat.1
+++ b/usr.bin/procstat/procstat.1
@@ -441,6 +441,8 @@ see
 Datagram socket.
 .It UDS
 Stream socket.
+.It UDQ
+Sequential Packet Stream socket.
 .It UD?
 unknown protocol.
 .El

From nobody Mon Mar 31 17:25:24 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRJ1K4LZ6z5sKND;
	Mon, 31 Mar 2025 17:25:25 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRJ1J6TyHz3b1B;
	Mon, 31 Mar 2025 17:25:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743441924;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=cMDlfS8xzBSaojwcJlRShVhzT2RddsfLbHypH/qSHEg=;
	b=hTGlWMtetKQoNGA7c+WxyRE9U7D4AmeozwlD0+WLs9iI3OiNvk39lh1oC0p9PixK6i3BrB
	V5lfZk9vctC4FJlDziAH2tet5gUmNNPnVtoTD8McSm2wp5C8heTsMDZDeWUruEB8Opllgl
	qcedQOb8J6n6FmbX1GzOreD2UqPnAUbtfMWyN4DHJeHKiEPAyMD87wJVGLz/aLr8KBRiYx
	/aFg0KOLWsaLNJ/Nlf+eONhGMscp+0dldAKV9TEplljS2mSQmQVARd3bExR6BEP9vzB9WH
	fPxZe/w+o17QZJCtOsgr0BmGr0RIKEAbhPYDWwc/kD284lbYDsqWV/z5aE5H9g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743441924; a=rsa-sha256; cv=none;
	b=QbRT5D8RlRht3Dq0uDAP8qKrmHx8DSoCecqscuIdOZoQ4vqhGR1/JMIxjZ+yxcF/TZRyM7
	RlFyn0BDPsIg7dDfIcCA+ccCyHZinQrICNo7PtJd/tqRZ3vl+YW7FOKUfIxzf3biIBykFS
	1uFP1JdHKlltwD/EYqyYSqVkWrfG68irJlk7NkqvL69WUbLwY79k4ZW5J6aOoIyPh1snbI
	vARoTSifQm27ZVOnHrWnmjcRx7/hqrGB554eNyFzwBA5cqBo1bDnz9e9N8G15dpaCrgXEs
	+KWMLzYYMMbdBqIMakKvIjRYlpWOQuPqzSu72kHCPTG4EDOFGx82sx0XVMXsog==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743441924;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=cMDlfS8xzBSaojwcJlRShVhzT2RddsfLbHypH/qSHEg=;
	b=w7PFlJo5V55VVaSP+aQc1R0QjmSVriWwvaWKfT+KKSAahMOIkC83uYJkzwkPUbyknqed1i
	QBrrmADTSDZAm2A1qMusd0X6YKhx9/byynYPivnPUpR5Lz3bNQkr67q3IZE4o56nXoa39+
	a2O5ePpEx1YMvF3w6acjY70yNWoZfPLKJA1MOUEJ4O+TnrErWsN18kFV5SuK1Z1amNHH8A
	8/jAUyBpg21JwdPKB18KtUdB8fM843iWcFBncftOivk3BzGS2L3lcfbAfLGoC7Miu2x38b
	C8qSIMfS12M6xSlIdHHLxrSav6ORsfWkkv9dBPAGd49hS5980XNydq+JGJ1AgA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRJ1J64PGzvFH;
	Mon, 31 Mar 2025 17:25:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VHPONY024797;
	Mon, 31 Mar 2025 17:25:24 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VHPOv3024793;
	Mon, 31 Mar 2025 17:25:24 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 17:25:24 GMT
Message-Id: <202503311725.52VHPOv3024793@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Alexander Ziaee <ziaee@FreeBSD.org>
Subject: git: 18b3e374f533 - stable/14 - hier.7: Add /dev/gpt
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ziaee
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 18b3e374f533e50daf1cd54a962a8194d2eebf7b
Auto-Submitted: auto-generated

The branch stable/14 has been updated by ziaee:

URL: https://cgit.FreeBSD.org/src/commit/?id=18b3e374f533e50daf1cd54a962a8194d2eebf7b

commit 18b3e374f533e50daf1cd54a962a8194d2eebf7b
Author:     Roman Schmidt <romasch909@gmail.com>
AuthorDate: 2025-03-19 06:05:56 +0000
Commit:     Alexander Ziaee <ziaee@FreeBSD.org>
CommitDate: 2025-03-31 17:24:07 +0000

    hier.7: Add /dev/gpt
    
    While here, fix a typo.
    
    MFC after:      3 days
    Reviewed by:    mhorne, emaste, ziaee
    Approved by:    mhorne (mentor)
    Pull Request:   https://github.com/freebsd/freebsd-src/pull/1608
    
    (cherry picked from commit f47cbb29e1c2bcb5b5ad838d2d5342a47b0c4692)
---
 share/man/man7/hier.7 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/share/man/man7/hier.7 b/share/man/man7/hier.7
index 82600ad7b53e..c95384fb1c30 100644
--- a/share/man/man7/hier.7
+++ b/share/man/man7/hier.7
@@ -156,6 +156,8 @@ file descriptor files; see
 .Xr fd 4
 .It Pa fd0
 first floppy drive
+.It Pa gpt/
+filesystems by GPT label
 .It Pa mmcsd0
 first SD storage device
 .It Pa mmcsd0s1
@@ -168,7 +170,7 @@ infinite loop that accepts anything and contains nothing
 .It Pa nvd0
 first NVMe storage device using NVMe namespaces
 .It Pa pts/
-pseduo-terminals; see
+pseudo-terminals; see
 .Xr pts 4
 .It Pa random
 source of weak randomness; see

From nobody Mon Mar 31 17:25:25 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRJ1L3PCzz5sKRK;
	Mon, 31 Mar 2025 17:25:26 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRJ1L0kClz3b39;
	Mon, 31 Mar 2025 17:25:26 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743441926;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=WajD4R087vlXnvOFzdqi/AvEvl3vgEwZFkzbWQ9XEEM=;
	b=IdpbNFpozuE96zzLpqIHzCPEa/kzn41KUhcQdVOlb6BZTMTjOvI0vb4tjyBd47YP6hXHJE
	E+USV/LF7958NZignA+5QT80MGoaeAFmeqRh1NSD1uP3eS/i0JX90Xc+XwHJ/yW2SyV2NY
	RorjFHYYSfqrML/6PvRMrwZZ7a2aLvXlonbyZZ7zSzqLgqb0XgNyeUqGSNX3hUJJjXk3jG
	X69lfUs4ZNMh3wFEcZx93e1SC5tqkiilTVqEM1mhGMGOovWAVWaJYU0YVQP40zAX1QKVTl
	HHJJLjUsSoTPqnT3+QjEv1+Awau3hEvyPSvdhNyT9vPJQCXO6DO88RVfz21KrA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743441926; a=rsa-sha256; cv=none;
	b=Zd8Sr6RCKZ9zJvEi/DmZnBLzWEXUZ+zkAm6PSZwxqt6KBTivnVQTVF+mGbYwpEDRRJOI4h
	TO4xZD01UMzUG1wad6gwRsuAQUiM/6YBj6G7FduZWYp3GWwkJuM1ruG+HV4BYO/PayZJYj
	WCijeTXcNos+4Rxh2/Cpky/ExvhkZFxFh8JKTTz6PXbo+mJHe4FifkeyGogkVvr61dc4W3
	7PQTMJF94tS/GCeAUmZXx+ybvNpIxXam5R+M21l8AiiTlAvQoY1uiff9ykCuLGGLGwerNK
	/MRLk4zbdODlbUvlnmtET5jDsaL/Tu1qB0eKql4YoALDYtmfiq1NtB4SgdgmvQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743441926;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=WajD4R087vlXnvOFzdqi/AvEvl3vgEwZFkzbWQ9XEEM=;
	b=awcNwqKU067WAwqo4q1SaIMRzW+ua0lT7i3MPh3fXBhhH3ndy0cHH1DVmF3MD0S9y9GUEr
	EdQgEXvEVgvVORJwsqf1d2XwIdbvbDU9hnfFlwb9cmCKO8260mLGqr4AmkCgBNnubVhevQ
	MA6CaXHyNKyewjCKhl+Vxfpt28O+afUVdZ4c5vjxGrro+/uA9Y+YCjRqV4XZN1VgAGDp/O
	rrfgX+0UIg2o/QQ/s6tOTprJLkWtGleGNyOpBTl+MYOKs+VXm3QAWXH9Y73cDaImRCZXhI
	BOT/yj62Sa6pkesNNe5/wkDqWgZUD5bvBrv8B2pJ4jfoRD2nnuzV6VG6QD2yqg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRJ1L04DRzvFJ;
	Mon, 31 Mar 2025 17:25:26 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VHPPUG024836;
	Mon, 31 Mar 2025 17:25:25 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VHPPGX024833;
	Mon, 31 Mar 2025 17:25:25 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 17:25:25 GMT
Message-Id: <202503311725.52VHPPGX024833@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Alexander Ziaee <ziaee@FreeBSD.org>
Subject: git: bb9c4de17bd1 - stable/14 - hier.7:        Storage
  partitions are not filesystems
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ziaee
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: bb9c4de17bd1c5144dac5ed16a523f77e464a392
Auto-Submitted: auto-generated

The branch stable/14 has been updated by ziaee:

URL: https://cgit.FreeBSD.org/src/commit/?id=bb9c4de17bd1c5144dac5ed16a523f77e464a392

commit bb9c4de17bd1c5144dac5ed16a523f77e464a392
Author:     Alexander Ziaee <ziaee@FreeBSD.org>
AuthorDate: 2025-03-26 17:51:04 +0000
Commit:     Alexander Ziaee <ziaee@FreeBSD.org>
CommitDate: 2025-03-31 17:24:36 +0000

    hier.7: Storage partitions are not filesystems
    
    I recommended the incorrect text to the submitter.
    
    MFC after:              3 days
    Fixes:                  f47cbb29e1c2 (Add /dev/gpt)
    Reported by:            Mark Millard <marklmi@yahoo.com>
    Reviewed by:            imp, mhorne
    Approved by:            mhorne (mentor)
    Differential Revision:  https://reviews.freebsd.org/D49523
    
    (cherry picked from commit 50296dccddf1a7734be2aef606cd8e0408ee8780)
---
 share/man/man7/hier.7 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/share/man/man7/hier.7 b/share/man/man7/hier.7
index c95384fb1c30..70cb9f208764 100644
--- a/share/man/man7/hier.7
+++ b/share/man/man7/hier.7
@@ -157,7 +157,7 @@ file descriptor files; see
 .It Pa fd0
 first floppy drive
 .It Pa gpt/
-filesystems by GPT label
+storage partitions by GPT label
 .It Pa mmcsd0
 first SD storage device
 .It Pa mmcsd0s1

From nobody Mon Mar 31 17:26:42 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRJ2p4YBzz5sKTD;
	Mon, 31 Mar 2025 17:26:42 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRJ2p3ts0z3bHB;
	Mon, 31 Mar 2025 17:26:42 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743442002;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=XN/M+tSgG+JezizPiodianONBqS7R+yQudjun2BfNsM=;
	b=RksyvFQJUkUeXbI1t8aWvo09IKZ3qzwcK12spikKUJnnXQXIycA7EbrV3tEHgc63jJuxxx
	wnLkeLIdL3AZwQLeHOErcDeqaaJczQAljrC4nBQKaqJuRVYHEvlcAK4AvZrPO0KSOTD1Wl
	PlIBjVaVenupI+hjkhbipLfPrG7x2MKRBBXYvGT7sZkjLxW/uarU4BrTcpHSsQ1+DF8HV/
	bUYSlqlgRiE5TdQNFCpy64FXENL0IED3b7joqo0i1IRnRx+vPE/UL7lJcYpRHlJ51UKEN7
	oEY5IK4mqGCKoKvDuGr7jctOFW642Lfqg5D1bmX5VbKSi7WNg5dJZ27Jhlc36A==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743442002; a=rsa-sha256; cv=none;
	b=tiwut4f0evkKL2ASOKCN4tAK2iKzDMdDA/quBu4I9jwwh7pTt8468wZYgdu3R+rGGtZwWm
	elHwRbRRvcDagkbJqO1klg3GgqpGBdbY69s3XGHAKY51D0Kc0K0WSmPn+vWLsTIpPbNPnI
	eRxDf3JbS+Bwtfyj/zhfGjLIYx+Z/G9N3WYNg92RoZR74Mpgcy9krZODraIUImLL03AIdT
	gdcvqeaY5u0ppWUbOXn7pramIPr9wx5AAjtxzwAw3T2vlASSfWjMo6yny9hyGKBCYf1zDQ
	7yfgVbxs3qbRUG41r/fg3xHbp/7u/9hC+RE/H4OG6hxDwVwGgLU7diHXrZfScg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743442002;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=XN/M+tSgG+JezizPiodianONBqS7R+yQudjun2BfNsM=;
	b=NIQ+DS8Vw8ThaQ+2Mtp7ZqRvQObWH5C9DvvGXbJvgIClOiGdcUqG32YIIaFJPvFO31q4Ua
	OF0GnHfLsrn53BgmXz85GVCkDrEhJThwh4igqsrsBt7vvIXhXZEz/89e49RoX1E4kJQ1yB
	QGCgyk/o0QILIY0sJzj2J8ieKtpOJQqUCoeTt76XGojSGE8BCOEo32k8nUI0mAPd2hb2kM
	vfS4G915HK/Mmd/5qIuieSas13Ul/Kn0Fagwk2iyeckMxwHoCXr1QIek/TgTSoIYDo6+m+
	71PruIaTHoOpxZNhdRQ4Cmc9FmpH6/LPlPFijFBaKHF3neaXGapLC9i1wwUVWw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRJ2p3JMxzvKx;
	Mon, 31 Mar 2025 17:26:42 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VHQgqs025321;
	Mon, 31 Mar 2025 17:26:42 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VHQgHt025318;
	Mon, 31 Mar 2025 17:26:42 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 17:26:42 GMT
Message-Id: <202503311726.52VHQgHt025318@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Alexander Ziaee <ziaee@FreeBSD.org>
Subject: git: 1fdca2a3a935 - stable/14 - top: Polish key bindings
  in usage and manual
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ziaee
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 1fdca2a3a935176ab307b8d8d25ad689b4188638
Auto-Submitted: auto-generated

The branch stable/14 has been updated by ziaee:

URL: https://cgit.FreeBSD.org/src/commit/?id=1fdca2a3a935176ab307b8d8d25ad689b4188638

commit 1fdca2a3a935176ab307b8d8d25ad689b4188638
Author:     Alexander Ziaee <ziaee@FreeBSD.org>
AuthorDate: 2025-03-23 18:28:53 +0000
Commit:     Alexander Ziaee <ziaee@FreeBSD.org>
CommitDate: 2025-03-31 17:26:15 +0000

    top: Polish key bindings in usage and manual
    
    Organize key bindings by ascii(7) for consistency and maintainability,
    mark them as Interactive Commands, wordsmith them, and sync their
    organization between the manual and help screen.
    
    MFC after:              3 days
    PR:                     282734
    Fixes:                  c8aa5e526 (move command mapping to commands.c)
    Reviewed by:            imp, mhorne, Jim Brown <jpb@jimby.name>
    Approved by:            mhorne (mentor)
    Differential Revision:  https://reviews.freebsd.org/D49462
    
    (cherry picked from commit 0a85254d5a33800600477ce57fbaab64591aa6ea)
---
 usr.bin/top/commands.c |  26 +++----
 usr.bin/top/top.1      | 183 +++++++++++++++++++++++++------------------------
 2 files changed, 105 insertions(+), 104 deletions(-)

diff --git a/usr.bin/top/commands.c b/usr.bin/top/commands.c
index e65f4ee6c4c4..3fa63459f2e1 100644
--- a/usr.bin/top/commands.c
+++ b/usr.bin/top/commands.c
@@ -51,35 +51,35 @@ static int str_addarg(char *str, int len, char *arg, bool first);
 
 const struct command all_commands[] =
 {
-	{'C', "toggle the displaying of weighted CPU percentage", false, CMD_wcputog},
+	{' ', "update the display", false, CMD_update},
+	{'/', "filter on command name (+ selects all commands)", false, CMD_grep},
+	{'a', "toggle the display of process titles", false, CMD_showargs},
+	{'C', "toggle the display of raw or weighted CPU percentage", false, CMD_wcputog},
 	{'d', "change number of displays to show", false, CMD_displays},
 	{'e', "list errors generated by last \"kill\" or \"renice\" command", false, CMD_errors},
-	{'H', "toggle the displaying of threads", false, CMD_thrtog},
+	{'H', "toggle the display of threads", false, CMD_thrtog},
 	{'h', "show this help text", true, CMD_help},
 	{'?', NULL, true, CMD_help},
-	{'/', "filter on command name (+ selects all commands)", false, CMD_grep},
-	{'i', "toggle the displaying of idle processes", false, CMD_idletog},
+	{'i', "toggle the display of idle processes", false, CMD_idletog},
 	{'I', NULL, false, CMD_idletog},
-	{'j', "toggle the displaying of jail ID", false, CMD_jidtog},
 	{'J', "display processes for only one jail (+ selects all jails)", false, CMD_jail},
+	{'j', "toggle the display of jail ID", false, CMD_jidtog},
 	{'k', "kill processes; send a signal to a list of processes", false, CMD_kill},
-	{'q', "quit" , true, CMD_quit},
 	{'m', "toggle the display between 'cpu' and 'io' modes", false, CMD_viewtog},
 	{'n', "change number of processes to display", false, CMD_number},
 	{'#', NULL, false, CMD_number},
 	{'o', "specify the sort order", false, CMD_order},
+	{'P', "toggle the display of per-CPU statistics", false, CMD_pcputog},
 	{'p', "display one process (+ selects all processes)", false, CMD_pid},
-	{'P', "toggle the displaying of per-CPU statistics", false, CMD_pcputog},
+	{'q', "quit" , true, CMD_quit},
 	{'r', "renice a process", false, CMD_renice},
+	{'S', "toggle the display of system processes", false, CMD_viewsys},
 	{'s', "change number of seconds to delay between updates", false, CMD_delay},
-	{'S', "toggle the displaying of system processes", false, CMD_viewsys},
-	{'a', "toggle the displaying of process titles", false, CMD_showargs},
-	{'T', "toggle the displaying of thread IDs", false, CMD_toggletid},
+	{'T', "toggle the display of thread IDs", false, CMD_toggletid},
 	{'t', "toggle the display of this process", false, CMD_selftog},
 	{'u', "display processes for only one user (+ selects all users)", false, CMD_user},
 	{'w', "toggle the display of swap use for each process", false, CMD_swaptog},
-	{'z', "toggle the displaying of the system idle process", false, CMD_kidletog},
-	{' ', "update the display", false, CMD_update},
+	{'z', "toggle the display of the system idle process", false, CMD_kidletog},
 	{0, NULL, true, CMD_NONE}
 };
 
@@ -108,7 +108,7 @@ show_help(void)
 		} else if (curcmd->c == ' '){
 			/* special case space rather than introducing a "display string" to
 			 * the struct */
-			sprintf(keys, "SPC");
+			sprintf(keys, "space");
 		} else {
 			sprintf(keys, "%c", curcmd->c);
 		}
diff --git a/usr.bin/top/top.1 b/usr.bin/top/top.1
index ca74860aaa35..3443df0f8c22 100644
--- a/usr.bin/top/top.1
+++ b/usr.bin/top/top.1
@@ -1,4 +1,4 @@
-.Dd November 18, 2021
+.Dd March 25, 2025
 .Dt TOP 1
 .Os
 .Sh NAME
@@ -235,7 +235,7 @@ or
 .Dq all .
 Boolean flags are toggles.
 A second specification of any of these options will negate the first.
-.Sh "INTERACTIVE MODE"
+.Sh INTERACTIVE MODE
 When
 .Nm
 is running in
@@ -255,9 +255,8 @@ is between displays; that is, while it is waiting for
 seconds to elapse.
 If this is the case, the command will be
 processed and the display will be updated immediately thereafter
-(reflecting any changes that the command may have specified).
-This
-happens even if the command was incorrect.
+.Pq reflecting any changes that the command may have specified .
+This happens even if the command was incorrect.
 If a key is pressed while
 .Nm
 is in the middle of updating the display, it will finish the update and
@@ -269,65 +268,54 @@ in, the user's erase and kill keys (as set up by the command
 .Xr stty 1 )
 are recognized, and a newline terminates the input.
 .Pp
-These commands are currently recognized (^L refers to control-L):
+The bindings are as follows:
 .Bl -tag -width indent
-.It ^L
-Redraw the screen.
-.It h
-Display a summary of the commands (help screen).
-Version information
-is included in this display.
-.It q
-Quit
-.Nm
-.It d
-Change the number of displays to show (prompt for new number).
-Remember that the next display counts as one, so typing 'd1' will make
-.Nm
-show one final display and then immediately exit.
-.It /
-Display only processes that contain the specified string in their
-command name.
-If displaying arguments is enabled, the arguments are searched
-too. '+' shows all processes.
-.It m
-Toggle the display between 'cpu' and 'io' modes.
-.It n or #
-Change the number of processes to display (prompt for new number).
-.It s
-Change the number of seconds to delay between displays
-(prompt for new number).
-.It S
-Toggle the display of system processes.
-.It a
-Toggle the display of process titles.
-.It k
+.It Ic space
+Update the display.
+.It Ic /
+Filter by command name.
+Prompt for
+.Ar string
+or
+.Ql Ic +
+to show all processes.
+.It Ic a
+Toggle display of process titles.
+.It Ic C
+Toggle display of raw or weighted CPU percentage.
+.It Ic d
+Change the number of remaining displays to show before exit.
+Prompt for new number.
+.It Ic e
+Display a list of system errors (if any) generated by the last command.
+.It Ic H
+Toggle display of threads.
+.It Ic h No or Ic \&?
+Display a summary of the commands (help screen) and version information.
+.It Ic i No or Ic I
+Toggle display of idle processes.
+.It Ic J
+Filter processes owned by a specific jail.
+Prompt for jail name or
+.Ql Ic +
+for all processes belonging to all jails and the host.
+This will also enable the display of JID.
+.It Ic j
+Toggle display of
+.Xr jail 8
+ID.
+.It Ic k
 Send a signal
 .Pq SIGKILL by default
 to a list of processes.
 This acts similarly to the command
 .Xr kill 1 .
-.It r
-Change the priority
-.Pq the Dq nice
-of a list of processes.
-This acts similarly to
-.Xr renice 8 .
-.It u
-Display only processes owned by a specific set of usernames (prompt for
-username).
-If the username specified is simply
-.Dq +
-or
-.Dq - ,
-then processes belonging to all users will be displayed.
-Usernames can be added
-to and removed from the set by prepending them with
-.Dq +
-and
-.Dq - ,
-respectively.
-.It o
+.It Ic m
+Toggle the display between 'cpu' and 'io' modes.
+.It Ic n No or Ic #
+Change the number of processes to display.
+Prompt for new number.
+.It Ic o
 Change the order in which the display is sorted.
 The sort key names include
 .Dq cpu ,
@@ -336,41 +324,54 @@ The sort key names include
 and
 .Dq time.
 The default is cpu.
-.It p
-Display a specific process (prompt for pid).
-If the pid specified is simply
-.Dq + ,
-then show all processes.
-.It e
-Display a list of system errors (if any) generated by the last
-command.
-.It H
-Toggle the display of threads.
-.It i or I
-Toggle the display of idle processes.
-.It j
-Toggle the display of
-.Xr jail 8
-ID.
-.It J
-Display only processes owned by a specific jail (prompt for jail).
-If the jail specified is simply
-.Dq + ,
-then processes belonging
-to all jails and the host will be displayed.
-This will also enable the display of JID.
-.It P
-Toggle the display of per-CPU statistics.
-.It T
-Toggle display of TID and PID
-.It t
-Toggle the display of the
+.It Ic P
+Toggle display of per-CPU statistics.
+.It Ic p
+Filter by exact process ID.
+Prompt for
+.Ar PID
+or
+.Ql Ic +
+to show all processes.
+.It Ic q
+Quit
+.Nm .
+.It Ic r
+Change the priority
+.Pq the Dq nice
+of a list of processes.
+This acts similarly to
+.Xr renice 8 .
+.It Ic S
+Toggle the display of system processes.
+.It Ic s
+Change the number of seconds to delay between displays.
+Prompt for new number.
+.It Ic T
+Toggle display between thread ID and process ID.
+.It Ic t
+Toggle display of the
 .Nm
 process.
-.It w
-Toggle the display of swap usage.
-.It z
-Toggle the display of the system idle process.
+.It Ic u
+Filter by exact process owner username.
+Prompt for
+.Ar username
+or
+.Ql Ic - Ns
+.No / Ns
+.Ql Ic +
+for all users.
+Usernames can be added
+to and removed from the set by prepending them with
+.Ql +
+and
+.Ql - ,
+respectively.
+.It Ic w
+Toggle display of swap usage.
+.It Ic z
+Toggle display of the system idle process.
 .El
 .Sh "THE DISPLAY"
 The top few lines of the display show general information

From nobody Mon Mar 31 17:26:43 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRJ2q5bFVz5sKPH;
	Mon, 31 Mar 2025 17:26:43 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRJ2q4rllz3bZW;
	Mon, 31 Mar 2025 17:26:43 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743442003;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=zvy7n21xtVAYknEuu2f1agsiIrcyXCd8tgjJl1P1Ujw=;
	b=KH0xfMRWZCnOUSO8wC03iBY/XHbAX1W2S4ivfADzyf4tIrYsS0dxi+TasE2BhPooSYN4su
	hvexZhACKl1mfY2iwu/P+fw6MRv4MhKp5xhnJA+FfyutQ3/BVeJVnefj97tI6S1/zHTkFy
	VbGgxHdedZoM8fprJctpRkJ8if/HNZbDN0b9Vrmy2wMMM++wUqS7xHUpKUUTxmjEqby62B
	H+Jv+KyGP+RC+O2bnvXoANQjZT77P7Kp79uerroKcuvjj36wwWnJcbR8cRMFP5wcjVIj6A
	KikIS/mUTu0q89Arq0VtejMvg8L/ExiRqm7Xj0xTza+7gGjZu/fnq5tBXm2xhA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743442003; a=rsa-sha256; cv=none;
	b=Pbt1Q6rfoGlrB9taqq9JfA0KMH4btt+WRHk4IkBdzvF2w2k/RF0pBFi3wDLZw5/KvjLviw
	wpFDFw6tajqVfCBaoUslGl417c1XUdCWUcKELg7uLdF3Ew+Sf7RKb7N0mvH41hMY6mHdjC
	sS59tXeIb+eyI1WNNy4KGV8T8v7jA2IqyBBddyPl+7w9ez961n+UK87MZWHlG+biYsYFeN
	hl5pLz4Hn6J6S9WxH0OgvmnQA3nXL5z6Va3vgIT0nZXTaAdRbKA+ttVQA1akpbCaL11jsM
	ujYemg8NcLU5It1p9qrf1GoIiHFGCx8kusy26eZ6d7f1afk+kgs3jXNoJCeEjw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743442003;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=zvy7n21xtVAYknEuu2f1agsiIrcyXCd8tgjJl1P1Ujw=;
	b=Go04ohsdJfVAqZNe1frTbIb2V6ipP1pcSe6DAFEUY6cDnoU4ofZjuMG9eDZs7DAshU5s6r
	/MAVlDgz6EH5YpkvwCS8UTD0ePa3HjPfE8ngRO8X9n32qkY1G7nJaqoW9eTEMQWK4KPS/P
	iWt6jIY9cExjOPN2Tmpn4KulZGBa8dzywuoktfvzDNptL1An+5XmMqDuyoOuUWaLlX973j
	bXSz7jqG3M0efrluj7bPnxWQcajyHs2V5fiB/tB1Pv0lactwa7+lUgm8jfVeA3kt70cyBQ
	dr4bKlS/zWPZRR5IaJjr813azcF3qlrxOFsgFWRx02+IwLgZhkvuH38NpZa2Tg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRJ2q4GKxzv4j;
	Mon, 31 Mar 2025 17:26:43 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VHQhDT025354;
	Mon, 31 Mar 2025 17:26:43 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VHQhiK025351;
	Mon, 31 Mar 2025 17:26:43 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 17:26:43 GMT
Message-Id: <202503311726.52VHQhiK025351@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Alexander Ziaee <ziaee@FreeBSD.org>
Subject: git: c5411382707f - stable/14 - top: Sync usage and synopsis
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ziaee
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: c5411382707f7b6dde9516166158ac15c50b7400
Auto-Submitted: auto-generated

The branch stable/14 has been updated by ziaee:

URL: https://cgit.FreeBSD.org/src/commit/?id=c5411382707f7b6dde9516166158ac15c50b7400

commit c5411382707f7b6dde9516166158ac15c50b7400
Author:     Alexander Ziaee <ziaee@FreeBSD.org>
AuthorDate: 2025-03-26 04:42:51 +0000
Commit:     Alexander Ziaee <ziaee@FreeBSD.org>
CommitDate: 2025-03-31 17:26:26 +0000

    top: Sync usage and synopsis
    
    Switching between io and cpu sorting uses a great example in the usage.
    [-m io | cpu]. Use that everywhere.
    
    MFC after:              3 days
    Reviewed by:            mhorne
    Approved by:            mhorne (mentor)
    Differential Revision:  https://reviews.freebsd.org/D49515
    
    (cherry picked from commit 187d954eab94fdcb33609d91966dbd727acfd720)
---
 usr.bin/top/top.1 | 4 ++--
 usr.bin/top/top.c | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/usr.bin/top/top.1 b/usr.bin/top/top.1
index 3443df0f8c22..03f042acc744 100644
--- a/usr.bin/top/top.1
+++ b/usr.bin/top/top.1
@@ -6,10 +6,10 @@
 .Nd display and update information about the top cpu processes
 .Sh SYNOPSIS
 .Nm
-.Op Fl abCHIijnPpqSTtuvxz
+.Op Fl abCHIijnPqSTtuvwz
 .Op Fl d Ar count
 .Op Fl J Ar jail
-.Op Fl m Ar mode
+.Op Fl m Ar cpu | io
 .Op Fl o Ar field
 .Op Fl p Ar pid
 .Op Fl s Ar time
diff --git a/usr.bin/top/top.c b/usr.bin/top/top.c
index d35d755fdc82..2b468c453e26 100644
--- a/usr.bin/top/top.c
+++ b/usr.bin/top/top.c
@@ -463,7 +463,7 @@ main(int argc, const char *argv[])
 
 	      default:
 		errx(1, 
-"[-abCHIijnPqStuvwz] [-d count] [-J jail] [-m cpu | io] [-o field]\n"
+"[-abCHIijnPqSTtuvwz] [-d count] [-J jail] [-m cpu | io] [-o field]\n"
 "     [-p pid] [-s time] [-U username] [number]");
 	    }
 	}

From nobody Mon Mar 31 17:31:38 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRJ8W3BnPz5sL18;
	Mon, 31 Mar 2025 17:31:39 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRJ8V74jZz3cnj;
	Mon, 31 Mar 2025 17:31:38 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743442299;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=PFdfmXUcA8ddZwk8HlfJyd76zGmx73VE1hyL2n7JaIw=;
	b=WqLQsa9oc+d41mPm+fD9ZlLNhqoOzJtV8u1D7DDYie8x7UsQ7cyVRAsR95XEOf3lf6PvCV
	iSHPcrjj9Mw2hsu9+22zDNy18/YVtCPehy+JNrhI2eKE8adM0fkgT79zFaLARvATSjIpVF
	DK3nFuCci9A35Yqoj4s0WyKgQULq29zSYegG++BXJp2ZShPxwSw4r4dKJX4av5xxt2IaT/
	k3g3cjVUOfAjRJQwl9Pc2aWPx5BGkSNrjoPiL4cBpzE/LFbtlwsDNxmtLbtkikGsPlSggM
	tq2KHzSAxDxhFfD0j6cywe2hmyvw7qSxP3b9CuSXREPVxTmRBHjev8x5uA1UqA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743442299; a=rsa-sha256; cv=none;
	b=ftNo9PfwwXW0NB9+oN7Ix9AUE+kvFBK1R8U3y39UTfErWOCrJBLrSftd9vq6Wqg1Cc+VS6
	VGfmEMoHMn5lCP2yqgS2//bUqTTF0zwIUhcXISwiF4lOtO45EmHO3OA6yELi7VrBPF5pKZ
	lzcnGclkEtrfK7FMWlHTR+SGq66HA3AliASbg/GufjIXCTiPb4kEkJ+Xxqnm3B0uBxSU2M
	8ELqu4+bZNL0hgRujxi3ZhMzNQqcjD+f3IP/j6MrTRBDQ5x1MElYfy21h3qAzONq2u3KV4
	yULTp4uogH026/Z1PPEFvTNsn9a7S97xs2sOvS3N2+mmmTnry5anCJ9xFt5fNw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743442299;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=PFdfmXUcA8ddZwk8HlfJyd76zGmx73VE1hyL2n7JaIw=;
	b=dioj6p3cwbjgGFkekUIL9tDmruIAZGClIYbmTjXMBUXcTCH4so0Q7TfKcVzfFAGKGiuHZ5
	A9w3sJza89ApcxNv/GVAq7lZSvdYJGAthOGlTn8IJ1We7BY6yeEOf6hIQwpZw+OFgCqp70
	nn7mqVgsEq3iEwpQi9hA6AvA5XRohW2Zn2IDhnhCGmvKLt/UGhj0w305KwMRLuhAlo21jf
	qtV2EAKZ292OrqLKSYsqguQE8ud7LAbpddN3LkqKSJlCKvAmw+KydBWQzoOLYCLLAu3TwE
	W8K5n20blRKG4nVq5cJkDpZEcjDg+ZUM2P+omHHoOekl3P+irys7k1fa7vRdwA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRJ8V4kmwzvLM;
	Mon, 31 Mar 2025 17:31:38 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VHVc2C036628;
	Mon, 31 Mar 2025 17:31:38 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VHVcBk036625;
	Mon, 31 Mar 2025 17:31:38 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 17:31:38 GMT
Message-Id: <202503311731.52VHVcBk036625@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Gleb Smirnoff <glebius@FreeBSD.org>
Subject: git: 1bda3fae784e - stable/14 - tcp: don't ever return
  ECONNRESET on close(2)
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: glebius
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 1bda3fae784ecb6e227220d20088cfde5f19eed6
Auto-Submitted: auto-generated

The branch stable/14 has been updated by glebius:

URL: https://cgit.FreeBSD.org/src/commit/?id=1bda3fae784ecb6e227220d20088cfde5f19eed6

commit 1bda3fae784ecb6e227220d20088cfde5f19eed6
Author:     Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2024-12-23 18:35:49 +0000
Commit:     Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2025-03-31 17:31:21 +0000

    tcp: don't ever return ECONNRESET on close(2)
    
    The SUS doesn't mention this error code as a possible one [1]. The FreeBSD
    manual page specifies a possible ECONNRESET for close(2):
    
    [ECONNRESET]    The underlying object was a stream socket that was
                    shut down by the peer before all pending data was
                    delivered.
    
    In the past it had been EINVAL (see 21367f630d72), and this EINVAL was
    added as a safety measure in 623dce13c64ef.  After conversion to
    ECONNRESET it had been documented in the manual page in 78e3a7fdd51e6, but
    I bet wasn't ever tested to actually be ever returned, cause the
    tcp-testsuite[2] didn't exist back then.  So documentation is incorrect
    since 2006, if my bet wins.  Anyway, in the modern FreeBSD the condition
    described above doesn't end up with ECONNRESET error code from close(2).
    The error condition is reported via SO_ERROR socket option, though.  This
    can be checked using the tcp-testsuite, temporarily disabling the
    getsockopt(SO_ERROR) lines using sed command [3].  Most of these
    getsockopt(2)s are followed by '+0.00 close(3) = 0', which will confirm
    that close(2) doesn't return ECONNRESET even on a socket that has the
    error stored, neither it is returned in the case described in the manual
    page.  The latter case is covered by multiple tests residing in tcp-
    testsuite/state-event-engine/rcv-rst-*.
    
    However, the deleted block of code could be entered in a race condition
    between close(2) and processing of incoming packet, when connection had
    already been half-closed with shutdown(SHUT_WR) and sits in TCPS_LAST_ACK.
    This was reported in the bug 146845.  With the block deleted, we will
    continue into tcp_disconnect() which has proper handling of INP_DROPPED.
    
    The race explanation follows.  The connection is in TCPS_LAST_ACK.  The
    network input thread acquires the tcpcb lock first, sets INP_DROPPED,
    acquires the socket lock in soisdisconnected() and clears SS_ISCONNECTED.
    Meanwhile, the syscall thread goes through sodisconnect() which checks for
    SS_ISCONNECTED locklessly(!).  The check passes and the thread blocks on
    the tcpcb lock in tcp_usr_disconnect().  Once input thread releases the
    lock, the syscall thread observes INP_DROPPED and returns ECONNRESET.
    
    - Thread 1: tcp_do_segment()->tcp_close()->in_pcbdrop(),soisdisconnected()
    - Thread 2: sys_close()...->soclose()->sodisconnect()->tcp_usr_disconnect()
    
    Note that the lockless operation in sodisconnect() isn't correct, but
    enforcing the socket lock there will not fix the problem.
    
    [1] https://pubs.opengroup.org/onlinepubs/9799919799/
    [2] https://github.com/freebsd-net/tcp-testsuite
    [3] sed -i "" -Ee '/\+0\.00 getsockopt\(3, SOL_SOCKET, SO_ERROR, \[ECONNRESET\]/d' $(grep -lr ECONNRESET tcp-testsuite)
    
    PR:                     146845
    Reviewed by:            tuexen, rrs, imp
    Differential Revision:  https://reviews.freebsd.org/D48148
    
    (cherry picked from commit 053a988497342a6fd0a717cc097d09c23f83e103)
---
 lib/libc/sys/close.2     | 5 +----
 sys/netinet/tcp_usrreq.c | 5 -----
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/lib/libc/sys/close.2 b/lib/libc/sys/close.2
index aba9cac5ae8a..1392541d91c4 100644
--- a/lib/libc/sys/close.2
+++ b/lib/libc/sys/close.2
@@ -27,7 +27,7 @@
 .\"
 .\"     @(#)close.2	8.2 (Berkeley) 4/19/94
 .\"
-.Dd December 1, 2017
+.Dd December 18, 2024
 .Dt CLOSE 2
 .Os
 .Sh NAME
@@ -113,9 +113,6 @@ is not an active descriptor.
 An interrupt was received.
 .It Bq Er ENOSPC
 The underlying object did not fit, cached data was lost.
-.It Bq Er ECONNRESET
-The underlying object was a stream socket that was shut down by the peer
-before all pending data was delivered.
 .El
 .Pp
 In case of any error except
diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c
index 67645827cb58..3bdbd968216f 100644
--- a/sys/netinet/tcp_usrreq.c
+++ b/sys/netinet/tcp_usrreq.c
@@ -697,11 +697,6 @@ tcp_usr_disconnect(struct socket *so)
 	inp = sotoinpcb(so);
 	KASSERT(inp != NULL, ("tcp_usr_disconnect: inp == NULL"));
 	INP_WLOCK(inp);
-	if (inp->inp_flags & INP_DROPPED) {
-		INP_WUNLOCK(inp);
-		NET_EPOCH_EXIT(et);
-		return (ECONNRESET);
-	}
 	tp = intotcpcb(inp);
 
 	if (tp->t_state == TCPS_TIME_WAIT)

From nobody Mon Mar 31 17:31:39 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRJ8X2xLLz5sKVW;
	Mon, 31 Mar 2025 17:31:40 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRJ8W5ld8z3cnk;
	Mon, 31 Mar 2025 17:31:39 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743442299;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=O01j8w9nfOknz98VKoU7NezWfjrxDyQqlQMF3qJDsy8=;
	b=ekpxFucmuqEDBJx/lYFWYNSD4LWOh8XOk6fZe/qaMD7tbJ9LRuF+2aREHi9rNk/iZVs6HN
	wLyaNFKwjZWmdtFf/Ouxcygwti31b9btE6tiILq45rWgJIjR6y8TFDDcm38/wqRpfV0b6+
	AHTy3+BBLP/2dJPwtNvBGbft5ebHrC5LsUg90Wq0wuZMWOGEgTKaUlbSx0umyyh7ebJMpx
	UKDjozoy1afXVM2nVuhUmmsRbSq/bOqlzaiqLHXhTCw7TSZD0WgkywFnW+glrwrxnn9ud0
	btSg3vdNCRdzdGMrf2LLkxcGvW0n3FxRfoDBG2sMRGyAIGe2FyJGsSP3NOyfYw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743442299; a=rsa-sha256; cv=none;
	b=Zy1zCGpqP+8Hy0P11VksjJOo/r3xqrExR2yAr3K6AnYI0bZMFTQm+qUY7Qsm3kDhFShuWu
	YV8+5V9db3tjLLbsmuhQ3zkzDlGv4EeUpEi2QXuFnrAgFfGX2TzQNl9GgH1KfeRkyAGGSz
	qO4/viEQ9I21EujyU878QZJoQU4JI0AHPa+5LjMVjVuPbhHRCK99kU7WYiqP71ycYTlhxF
	Ul+WWyH3YpZbidv2OV/Sj/cvuBTfHMxj+wkywaZ3HtMfNRinlM+phlvLHQee7Dm0CY7Uym
	CnBSrk1HMeBzgRKLcNjjKBnpYRDXhYDvvZxeTd2DYRYLkPet/uk0pk5AjYPscQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743442299;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=O01j8w9nfOknz98VKoU7NezWfjrxDyQqlQMF3qJDsy8=;
	b=wemSjjeVI9obYz+O8ZNL25UAMhD2iQY4aWdjdori3owr/7ex5KRzRIL4INKlKpTNmu0jho
	YDkko9gkNN2fjR9H/Kp8Kp+7qBg8frjDgzmMlhON+cfVltPdKcU2H/fbayZqQIpEstTOIO
	mPu9P70zd4S6PvCag4SNdbYFnCqd8aCxiRkUKLZzwHr5I7EBerqjf2S3gZMX0Od2FF7b2R
	MHdTQiRTPte3Rn6hw/rG4kzFp7fTZde4RoSS+RU7MfH2RP3aFj6A5uACfFCHIKEIrcaqdR
	SYHhDpyUA7zivgfAOGwwEBQ2Ck4eQ6KCE5DTonTIbolL977rhXPOK8hN91w3Lw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRJ8W5Md2zvJ9;
	Mon, 31 Mar 2025 17:31:39 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VHVdDO036663;
	Mon, 31 Mar 2025 17:31:39 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VHVdBi036660;
	Mon, 31 Mar 2025 17:31:39 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 17:31:39 GMT
Message-Id: <202503311731.52VHVdBi036660@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Gleb Smirnoff <glebius@FreeBSD.org>
Subject: git: 886fcbde46c7 - stable/14 - acpi_ibm: pass brightness
  events to evdev(4)
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: glebius
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 886fcbde46c79ede25b41eddcf9795dfd600d082
Auto-Submitted: auto-generated

The branch stable/14 has been updated by glebius:

URL: https://cgit.FreeBSD.org/src/commit/?id=886fcbde46c79ede25b41eddcf9795dfd600d082

commit 886fcbde46c79ede25b41eddcf9795dfd600d082
Author:     Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2024-12-24 02:10:56 +0000
Commit:     Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2025-03-31 17:31:21 +0000

    acpi_ibm: pass brightness events to evdev(4)
    
    unless the dev.acpi_ibm.0.handlerevents sysctl is set to process
    them internally.  The default for the latter is to ignore them,
    so passing to evdev(4) is enabled by default.
    
    Reviewed by:            wulf, imp
    Tested on:              Lenovo Thinpad X11 Carbon 7Th Gen
    Differential Revision:  https://reviews.freebsd.org/D48174
    
    (cherry picked from commit c21f5751ef0932796676e55953461e0679020e28)
---
 sys/dev/acpi_support/acpi_ibm.c    | 43 ++++++++++++++++++++++++++++++++++++++
 sys/modules/acpi/acpi_ibm/Makefile |  2 +-
 2 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/sys/dev/acpi_support/acpi_ibm.c b/sys/dev/acpi_support/acpi_ibm.c
index a617088d4246..c1302508b8a2 100644
--- a/sys/dev/acpi_support/acpi_ibm.c
+++ b/sys/dev/acpi_support/acpi_ibm.c
@@ -37,6 +37,7 @@
  */
 
 #include "opt_acpi.h"
+#include "opt_evdev.h"
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
@@ -55,6 +56,11 @@
 #include <sys/sysctl.h>
 #include <isa/rtc.h>
 
+#ifdef EVDEV_SUPPORT
+#include <dev/evdev/input.h>
+#include <dev/evdev/evdev.h>
+#endif
+
 #define _COMPONENT	ACPI_OEM
 ACPI_MODULE_NAME("IBM")
 
@@ -198,6 +204,9 @@ struct acpi_ibm_softc {
 
 	struct sysctl_ctx_list	*sysctl_ctx;
 	struct sysctl_oid	*sysctl_tree;
+#ifdef EVDEV_SUPPORT
+	struct evdev_dev	*evdev;
+#endif
 };
 
 static struct {
@@ -363,6 +372,9 @@ static driver_t	acpi_ibm_driver = {
 
 DRIVER_MODULE(acpi_ibm, acpi, acpi_ibm_driver, 0, 0);
 MODULE_DEPEND(acpi_ibm, acpi, 1, 1, 1);
+#ifdef EVDEV_SUPPORT
+MODULE_DEPEND(acpi_ibm, evdev, 1, 1, 1);
+#endif
 static char    *ibm_ids[] = {"IBM0068", "LEN0068", "LEN0268", NULL};
 
 static int
@@ -482,6 +494,20 @@ acpi_ibm_attach(device_t dev)
 	}
 	sc->ec_handle = acpi_get_handle(sc->ec_dev);
 
+#ifdef EVDEV_SUPPORT
+	sc->evdev = evdev_alloc();
+	evdev_set_name(sc->evdev, device_get_desc(dev));
+	evdev_set_phys(sc->evdev, device_get_nameunit(dev));
+	evdev_set_id(sc->evdev, BUS_HOST, 0, 0, 1);
+	evdev_support_event(sc->evdev, EV_SYN);
+	evdev_support_event(sc->evdev, EV_KEY);
+	evdev_support_key(sc->evdev, KEY_BRIGHTNESSUP);
+	evdev_support_key(sc->evdev, KEY_BRIGHTNESSDOWN);
+
+	if (evdev_register(sc->evdev) != 0)
+		return (ENXIO);
+#endif
+
 	/* Get the sysctl tree */
 	sc->sysctl_ctx = device_get_sysctl_ctx(dev);
 	sc->sysctl_tree = device_get_sysctl_tree(dev);
@@ -627,6 +653,10 @@ acpi_ibm_detach(device_t dev)
 	if (sc->led_dev != NULL)
 		led_destroy(sc->led_dev);
 
+#ifdef EVDEV_SUPPORT
+	evdev_free(sc->evdev);
+#endif
+
 	return (0);
 }
 
@@ -1499,6 +1529,19 @@ acpi_ibm_notify(ACPI_HANDLE h, UINT32 notify, void *context)
 			/* Execute event handler */
 			if (sc->handler_events & (1 << (arg - 1)))
 				acpi_ibm_eventhandler(sc, (arg & 0xff));
+#ifdef EVDEV_SUPPORT
+			else if ((arg & 0xff) == IBM_EVENT_BRIGHTNESS_UP ||
+			    (arg & 0xff) == IBM_EVENT_BRIGHTNESS_DOWN) {
+				uint16_t key;
+
+				key = arg == IBM_EVENT_BRIGHTNESS_UP ?
+				    KEY_BRIGHTNESSUP : KEY_BRIGHTNESSDOWN;
+				evdev_push_key(sc->evdev, key, 1);
+				evdev_sync(sc->evdev);
+				evdev_push_key(sc->evdev, key, 0);
+				evdev_sync(sc->evdev);
+			}
+#endif
 
 			/* Notify devd(8) */
 			acpi_UserNotify("IBM", h, (arg & 0xff));
diff --git a/sys/modules/acpi/acpi_ibm/Makefile b/sys/modules/acpi/acpi_ibm/Makefile
index 9e815ccc9e80..272204432f83 100644
--- a/sys/modules/acpi/acpi_ibm/Makefile
+++ b/sys/modules/acpi/acpi_ibm/Makefile
@@ -2,6 +2,6 @@
 .PATH:		${SRCTOP}/sys/dev/acpi_support
 KMOD=		acpi_ibm
 SRCS=		acpi_ibm.c opt_acpi.h device_if.h bus_if.h acpi_if.h
-SRCS+=		opt_ddb.h
+SRCS+=		opt_ddb.h opt_evdev.h
 
 .include <bsd.kmod.mk>

From nobody Mon Mar 31 17:31:40 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRJ8Y2gvJz5sL19;
	Mon, 31 Mar 2025 17:31:41 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRJ8Y0gglz3cwp;
	Mon, 31 Mar 2025 17:31:41 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743442301;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=yA/IhFwEcr90Y8QbhQJojJeHTb8yKc4zxrH1IlcFyHU=;
	b=Uxfb+cC73Kzi6YolyKYH77H+0syhX1CQik9tVoHgFL6tvXuCo53layh1aHb2CCvxI8zcPN
	yrYGFGW31rfrY9hvxZQ5EGcUq4Z7q2mKAEGOp9owcMhYy0jpi8G4R/V8kTbhiGxDT2dFHS
	2N7tL1LG60ou94Aky3QzFSDfg74TqQlGX0vr3s4WUh+hfmpzcOjlcoKq4/piEZ8E+S3N8C
	o05AVsZ97O6uJbfIu88yL7HSXeihl+fP3nsiDo16T84naXIsv17URUa05RyrQ+Pp1gsdXz
	OOvJ5JwYlFOY8ZxolqElC3+quw1A6zb8R3C2LyjVGD70mPbhlZUjzhiF5qFv6A==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743442301; a=rsa-sha256; cv=none;
	b=MjX+Qr6xsKXpRvN7Dci1RSwoxEKNVn660AYJKcULApWNxPvOGxYunIDokl0ZNHldjwfYP3
	LsdC2SvIrtDq4vDQdayuF9zaqa1QBBhRujprfmksi/IqsG3YW7tWFe3ZWqvZ2OLhdkDWFU
	BSS+gje0LAKUjaVTzSxb5rysQzUVjKnT0z6s1yBIoHc9lbUJX0yhaVQuCj3kCYUcEOey9p
	XnxWl5MYtscQOFbVPaHvXDRNyjcsBF59KC8lawbBl7+1SlzGXAj0az0vzMhET+FTADvu3Z
	DbvXW1CC7Yq6CGdphNMi0Oxd2vktbj6tkKrw7edZ5T7z6XCjRtOc+8lUqcQYsg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743442301;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=yA/IhFwEcr90Y8QbhQJojJeHTb8yKc4zxrH1IlcFyHU=;
	b=fQV/r6F+kIuLectP+ZHT2GLHy/fLW1XheBxKNEgkCriTu4MHaf03tyL/UtKMZW99tn54sx
	/2wr5rp8b6899vJZlhJ7cDfNPagZhULY3bEKT2/dhE97GxzTxDhKwGUFQyPVYcYY7+jBmn
	BpsGAf9ls9OInIamtZgt7oTvYEiwJOB0PkpwkGuAfmvRmTDgBtq1eOhFx0Bvpyhd0tA8er
	aXHuaQuY93fh1q7zNLkaLih1ltoPvEB0ZBSyPxQTbz//Rj3msCn4WEMShIa6eqOZbJBUGl
	AivPhbURb32fGgv5w+2mCYXLHtB+al8xDNJVOWT2Fj9vZXk30421oEAnJAmrjQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRJ8X6c1YzvLP;
	Mon, 31 Mar 2025 17:31:40 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VHVeGj036697;
	Mon, 31 Mar 2025 17:31:40 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VHVetf036694;
	Mon, 31 Mar 2025 17:31:40 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 17:31:40 GMT
Message-Id: <202503311731.52VHVetf036694@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Gleb Smirnoff <glebius@FreeBSD.org>
Subject: git: e215460dae3a - stable/14 - netlink/route: fix
  nlattr_get_multipath() to check length
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: glebius
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: e215460dae3a8ff00ed0e78f978425464da36a3e
Auto-Submitted: auto-generated

The branch stable/14 has been updated by glebius:

URL: https://cgit.FreeBSD.org/src/commit/?id=e215460dae3a8ff00ed0e78f978425464da36a3e

commit e215460dae3a8ff00ed0e78f978425464da36a3e
Author:     Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2025-01-29 18:22:46 +0000
Commit:     Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2025-03-31 17:31:21 +0000

    netlink/route: fix nlattr_get_multipath() to check length
    
    of supplied nexthop sub-attributes.  While here, use unsigned types for
    length calculations and improve style(9).
    
    PR:                     283860
    (cherry picked from commit 49a6e213416b5c0c9eccdff0af1c6b01f34c3693)
---
 sys/netlink/route/rt.c | 32 ++++++++++++++++++++++----------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/sys/netlink/route/rt.c b/sys/netlink/route/rt.c
index 679260e54322..410b1b04b6fc 100644
--- a/sys/netlink/route/rt.c
+++ b/sys/netlink/route/rt.c
@@ -425,33 +425,45 @@ post_p_rtnh(void *_attrs, struct nl_pstate *npt __unused)
 NL_DECLARE_PARSER_EXT(mpath_parser, struct rtnexthop, NULL, nlf_p_rtnh, nla_p_rtnh, post_p_rtnh);
 
 struct rta_mpath {
-	int num_nhops;
+	u_int num_nhops;
 	struct rta_mpath_nh nhops[0];
 };
 
 static int
-nlattr_get_multipath(struct nlattr *nla, struct nl_pstate *npt, const void *arg, void *target)
+nlattr_get_multipath(struct nlattr *nla, struct nl_pstate *npt,
+    const void *arg, void *target)
 {
-	int data_len = nla->nla_len - sizeof(struct nlattr);
+	struct rta_mpath *mp;
 	struct rtnexthop *rtnh;
+	uint16_t data_len, len;
+	u_int max_nhops;
+	int error;
 
-	int max_nhops = data_len / sizeof(struct rtnexthop);
+	data_len = nla->nla_len - sizeof(struct nlattr);
+	max_nhops = data_len / sizeof(struct rtnexthop);
 
-	struct rta_mpath *mp = npt_alloc(npt, (max_nhops + 2) * sizeof(struct rta_mpath_nh));
+	mp = npt_alloc(npt, (max_nhops + 2) * sizeof(struct rta_mpath_nh));
 	mp->num_nhops = 0;
 
 	for (rtnh = (struct rtnexthop *)(nla + 1); data_len > 0; ) {
-		struct rta_mpath_nh *mpnh = &mp->nhops[mp->num_nhops++];
+		struct rta_mpath_nh *mpnh;
 
-		int error = nl_parse_header(rtnh, rtnh->rtnh_len, &mpath_parser,
+		if (__predict_false(rtnh->rtnh_len <= sizeof(*rtnh) ||
+		    rtnh->rtnh_len > data_len)) {
+			NLMSG_REPORT_ERR_MSG(npt, "%s: bad length %u",
+			    __func__, rtnh->rtnh_len);
+			return (EINVAL);
+		}
+		mpnh = &mp->nhops[mp->num_nhops++];
+		error = nl_parse_header(rtnh, rtnh->rtnh_len, &mpath_parser,
 		    npt, mpnh);
 		if (error != 0) {
-			NLMSG_REPORT_ERR_MSG(npt, "RTA_MULTIPATH: nexhop %d: parse failed",
+			NLMSG_REPORT_ERR_MSG(npt,
+			    "RTA_MULTIPATH: nexthop %u: parse failed",
 			    mp->num_nhops - 1);
 			return (error);
 		}
-
-		int len = NL_ITEM_ALIGN(rtnh->rtnh_len);
+		len = NL_ITEM_ALIGN(rtnh->rtnh_len);
 		data_len -= len;
 		rtnh = (struct rtnexthop *)((char *)rtnh + len);
 	}

From nobody Mon Mar 31 17:31:41 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRJ8Z35srz5sKxy;
	Mon, 31 Mar 2025 17:31:42 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRJ8Z0gGMz3ctj;
	Mon, 31 Mar 2025 17:31:42 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743442302;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=0ZL06qbk139NWkcizBYR3A/+K7Zx4L3FazQQi5tybi0=;
	b=QjKWRbKo5+itAeU0KiD/WhFhbMNNKgBeVPIJsRzs0htUtVEWPbgEwCl1II9m5vBgdQGr2X
	dnXVXiFQskmDe493cHNW5Q7AbaqJkOafTJmIOXku11+nMTsVxov62c4Y2NOJvPEEzsjxS2
	hwbWJvUnholZohMsyiXsxEyT+EMXepxunWX1Bj02LZSrV/grGMhccLqtfJju3ZqAa9Xa/A
	S5iQndk/OpNc6YuraiIR+UgjgYKIdYHe8JbPmi6lmymJ6W05928ejUPeeGVSV9ngxzolA6
	wnaOYYtpPkyCCw5DpQiMHbf2KxPQLK1/0NmZtBvRFhrElARcA/zzC+3c/rmdMg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743442302; a=rsa-sha256; cv=none;
	b=mUo4x/Cbe3CcKiBnbSBjtcrA9TT1rk68HZxt3Nsk/WygiEvPfSWNDl6FSWPBjrONA7f48D
	0++iRZLK15+yte0fbb8+xLVc5dUPW6DQmgb5vyyzcswa31/cIHh78grH+fZxPVBsRTnqiI
	qm6hPyYmmxM8EEIPP6A64sPkBA7LEny9mo5t85mp3YIQhW5alTgedPFpY0KnyqThsRCmL/
	I+3MFNAFrPa9+5W0eeZk3hojoZwqiKRCpuh4deQ7cc7xXTDAesELIUr+7OUyNyBw78AA7L
	gLWXm48QVspApwUqpLWunBzH511Z+njYhdrMCCzbkcrRQVxD0i1U0PCpH2D73g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743442302;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=0ZL06qbk139NWkcizBYR3A/+K7Zx4L3FazQQi5tybi0=;
	b=Ahwnz0wdvhzOtvKVxZScmuEnnQLai3psNvsdV7+wDUF+kNILPPYJmPF3D2iKIDmugFblZK
	nwBCiAhBkXgkE5eLOcQtzKrtnS4he91I1luROdrwhaw55lfD//njBBZ/6AuG5BnTM9GWak
	ycgh7nQK4MRnmAavsyR+fZ0GYG02ItvhEp00TO8Q21pjQgH/GL779/WesbN7GVy2CuF/be
	c5iK3q2jdOj6RQjGdwz2O5bmdIVmNeuuyPtcbMMcztfsMmcAh+dz3hkYUB3LdRNUVKpCa/
	nVxSxmaOQsJFyMMyRFD3joPtg/dKbbfEB6jtvT1zC+1FbU+8W1WrS0gIJaqN+w==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRJ8Z0HC9zvFd;
	Mon, 31 Mar 2025 17:31:42 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VHVfQw036731;
	Mon, 31 Mar 2025 17:31:41 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VHVfZW036728;
	Mon, 31 Mar 2025 17:31:41 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 17:31:41 GMT
Message-Id: <202503311731.52VHVfZW036728@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Gleb Smirnoff <glebius@FreeBSD.org>
Subject: git: f2a49434b550 - stable/14 - netlink/route: fix fib
  number validation in old Linux compat mode
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: glebius
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: f2a49434b550df350bb5b311f701c6e3e6d9af36
Auto-Submitted: auto-generated

The branch stable/14 has been updated by glebius:

URL: https://cgit.FreeBSD.org/src/commit/?id=f2a49434b550df350bb5b311f701c6e3e6d9af36

commit f2a49434b550df350bb5b311f701c6e3e6d9af36
Author:     Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2025-01-29 22:06:57 +0000
Commit:     Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2025-03-31 17:31:21 +0000

    netlink/route: fix fib number validation in old Linux compat mode
    
    The value passed via old field also needs to be validated.
    
    PR:                     283848
    Fixes:                  f34aca55adef1e28cd68b2e6705a0cac03f0238e
    (cherry picked from commit 031fbf8dc962ca8d458b217ba2b4a9e637b7e932)
---
 sys/netlink/route/rt.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sys/netlink/route/rt.c b/sys/netlink/route/rt.c
index 410b1b04b6fc..abbcc075dde3 100644
--- a/sys/netlink/route/rt.c
+++ b/sys/netlink/route/rt.c
@@ -953,10 +953,10 @@ rtnl_handle_newroute(struct nlmsghdr *hdr, struct nlpcb *nlp,
 		return (EINVAL);
 	}
 
-	if (attrs.rtm_table > 0 && attrs.rta_table == 0) {
-		/* pre-2.6.19 Linux API compatibility */
+	/* pre-2.6.19 Linux API compatibility */
+	if (attrs.rtm_table > 0 && attrs.rta_table == 0)
 		attrs.rta_table = attrs.rtm_table;
-	} else if (attrs.rta_table >= V_rt_numfibs) {
+	if (attrs.rta_table >= V_rt_numfibs) {
 		NLMSG_REPORT_ERR_MSG(npt, "invalid fib");
 		return (EINVAL);
 	}

From nobody Mon Mar 31 17:31:43 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRJ8b5gfHz5sKrR;
	Mon, 31 Mar 2025 17:31:43 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRJ8b1cwzz3d0D;
	Mon, 31 Mar 2025 17:31:43 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743442303;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=rTueZPtTo6m/e0aCH7PP3iR/3XlJJjkUxNWRsFkUz5o=;
	b=Zb6oP7IkBHo0OPIMKVKApb62+tF4QvYB20XJ1kIKmuECgG5zK1Jz7OF5nLSVfkEeTomelc
	IKHJp7mcve+siWJNW8oewLyfmkcy8mSxxrd/SH4ggAoe49SZ+lfO9Mfj4t8VNbLEJqs4Vv
	IxMpfjuTYM7kKKrUEYlCFVuKIqazVa/BXRCL2Feoa6rYwABh7PYyIMfdn3WZzc8t/wrTlJ
	PoXtKwU72Ic2Y9kxrVINtKOLeyOyVk3pTQJGJjxXQHTWqW6B601rCI7drY17hWLu0AssQY
	vVDSDVHa6ChDXc4OhM0t2RN56Mpw2xQQBN3Rque1NxCXSgtsScuzf3hbLr6XoQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743442303; a=rsa-sha256; cv=none;
	b=XRw0172lYCQgYfKIunFnfFg/jyZPeCFRhfcDeWiEbcawPkm124lh9lW3kI7+B8Qa9sEtyv
	jdhEYWqEjrwchCXweuHxxhEp6dXkymRRtmRPdXWFukOGRD+PgIW2ZlyTfCH6XG5r/P0qVp
	Tt+/bjitDjggdSFaCulSy0UuU4EkLV6MkY72nbL+fO0U0ispAH9f0qFBKR9khYAJnu9z3+
	cNqJfJIZxqA4CFNe1ANNvUlJHgfXWYu1TuLZk/nsQrkg+DM+F0r4h+4rttsENRC/TX428Q
	PCUKKPRAG1fDlfG40EoN4VfwSi+R7kE8eaDMXg6MxMWteO4VqgAjrvtEt/Uipg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743442303;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=rTueZPtTo6m/e0aCH7PP3iR/3XlJJjkUxNWRsFkUz5o=;
	b=mhQu0kSU/hgW8S7Ms3t8pRMD9xi+8sVyiNqwKxhsKti6ULWaAz5tOXPqrwdWmNsDA1mF2H
	rqcTSjALrlNxvqIn6vaqdjdcPcynrf/GuEhaXu8GUwUohBP9NPJ2m55BH5RXHLBi43N/kB
	RHtrpTuxGAqJ8tWwMdkFROtYksy0yCKCt6FUsMy8lps4m9t0pDBiVsjflfixrmGMI/O1kc
	ZsGGL4A2j5zizZUrADjKajBo7GJU9rP+AmefPFbygZ+AqCOxGnfRp6k1UVqlIdFbcuS6v1
	M2GGEQgTQLFrb26hlS55s6RMpr0tcNzAa3QcvNU5Ueedic71Iqjh9R5xEMNwlw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRJ8b0zVdzvLQ;
	Mon, 31 Mar 2025 17:31:43 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VHVhYf036764;
	Mon, 31 Mar 2025 17:31:43 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VHVhXB036761;
	Mon, 31 Mar 2025 17:31:43 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 17:31:43 GMT
Message-Id: <202503311731.52VHVhXB036761@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Gleb Smirnoff <glebius@FreeBSD.org>
Subject: git: 96e6fc517ffe - stable/14 - netlink/route: validate
  family attribute
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: glebius
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 96e6fc517ffec074dbdb6a44b9c2daa7449fd91d
Auto-Submitted: auto-generated

The branch stable/14 has been updated by glebius:

URL: https://cgit.FreeBSD.org/src/commit/?id=96e6fc517ffec074dbdb6a44b9c2daa7449fd91d

commit 96e6fc517ffec074dbdb6a44b9c2daa7449fd91d
Author:     Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2025-01-29 23:40:56 +0000
Commit:     Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2025-03-31 17:31:21 +0000

    netlink/route: validate family attribute
    
    PR:                     283818
    (cherry picked from commit cdacb12065e4d85416655743da5bc6b17a9d9119)
---
 sys/netlink/route/rt.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sys/netlink/route/rt.c b/sys/netlink/route/rt.c
index abbcc075dde3..7cd6e0045f01 100644
--- a/sys/netlink/route/rt.c
+++ b/sys/netlink/route/rt.c
@@ -956,7 +956,7 @@ rtnl_handle_newroute(struct nlmsghdr *hdr, struct nlpcb *nlp,
 	/* pre-2.6.19 Linux API compatibility */
 	if (attrs.rtm_table > 0 && attrs.rta_table == 0)
 		attrs.rta_table = attrs.rtm_table;
-	if (attrs.rta_table >= V_rt_numfibs) {
+	if (attrs.rta_table >= V_rt_numfibs || attrs.rtm_family > AF_MAX) {
 		NLMSG_REPORT_ERR_MSG(npt, "invalid fib");
 		return (EINVAL);
 	}
@@ -1019,7 +1019,7 @@ rtnl_handle_delroute(struct nlmsghdr *hdr, struct nlpcb *nlp,
 		return (ESRCH);
 	}
 
-	if (attrs.rta_table >= V_rt_numfibs) {
+	if (attrs.rta_table >= V_rt_numfibs || attrs.rtm_family > AF_MAX) {
 		NLMSG_REPORT_ERR_MSG(npt, "invalid fib");
 		return (EINVAL);
 	}
@@ -1042,7 +1042,7 @@ rtnl_handle_getroute(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate *
 	if (error != 0)
 		return (error);
 
-	if (attrs.rta_table >= V_rt_numfibs) {
+	if (attrs.rta_table >= V_rt_numfibs || attrs.rtm_family > AF_MAX) {
 		NLMSG_REPORT_ERR_MSG(npt, "invalid fib");
 		return (EINVAL);
 	}

From nobody Mon Mar 31 17:44:13 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRJR21dpCz5sLDc;
	Mon, 31 Mar 2025 17:44:14 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRJR20qG2z3hRP;
	Mon, 31 Mar 2025 17:44:14 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743443054;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=gO2046srpOYnifb2Abh/Qsu8x6IxEt6FR3tQ6VBSrYU=;
	b=gvDJqLw3+M2DwZMQIQDtEeWNCrzEb8xP1if+lrK99ydYbqzFpW92F8MApjAfwbfuhc0nXA
	8ylMDsznXkH+DYB5VbBDF31iUZ+oep1MOBJkb3cBOTyQuBewLGhTJgSPkle5CR9yVSgAjr
	0PYQ/UCcen5bqBMyVxnqRZWab5iTxGMETUjF5RQUZ2oZWUfRZgO7empWjkNg4AnkR6urVJ
	0XjqIxQjiVdXKNLMxuX8ADKcbmP1an0QrQc3i27/sz/agiWeY/pD+yIG7H+la7GvQho2zp
	4WsTEDajO74RqEdanjg90DZ3i3WucHVdhmElEUAVz7La3exhodFyKm6S5sKJ+g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743443054; a=rsa-sha256; cv=none;
	b=ZNebnQAXhsfMRJpyvhfFo8HTRAPhmbOur07eau6fYLXi5VMq1Y/tmhhVPS8PpGi7VzwZv6
	ZmCqlchldq1ztZyCkOw/ctjVmmOQl2l45y1wm4NpJ9Nk5GhR0WM3nKV88IWSSxwRT01rKF
	4GSwzkSMxbb5VzZVO2Pbd8LEPl6jE9rlGcr/JtWq676r0rMcj0V19/AWehBO6htGkmHwG4
	NLMpde0YRTCjOro188XrN/jBR5iTEllGGSQjvq+h8qqOTQ7Vg15OY4jEwC6aTvkzflofa2
	wD6BzWGfRpED6CnUhrp6I6rWff2gNf9fbTogpxm2JQ3RoWB9t1KZhzYhCAIfyw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743443054;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=gO2046srpOYnifb2Abh/Qsu8x6IxEt6FR3tQ6VBSrYU=;
	b=fEj/kB2BPOVbzaSdgtqWLqtVcqzo1emjx8EVgx+Cp4EZ1JFcLEdJPGsAl9854s+brHzuG9
	JjeW+77HcmEVrcf8TGZq14NdQQW0Xr9y7Wdb1ebnWWuObf0iC6r4oNRF79IR4yJ5msHnbx
	5X9VOtV/LozW5d2Fub9jYdak8yQH7fFSZPplkJ816mgbbqatPnLbQ0PnICk/y+WD87Zh1e
	QQUy/OP0VTsXJ82hwlrcGf5xAedp5aJfH0A51l5ux92tAy0SxTuUnubXowNYV3unoAgkdh
	n0g8CglolsaBXTC3T35eOm4wJdOrR8+X6hcJ/4n4Ra8Pqp3yICKB7inY7Tqckg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRJR20PJdzvgq;
	Mon, 31 Mar 2025 17:44:14 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VHiDNC061449;
	Mon, 31 Mar 2025 17:44:13 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VHiDeF061446;
	Mon, 31 Mar 2025 17:44:13 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 17:44:13 GMT
Message-Id: <202503311744.52VHiDeF061446@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Gleb Smirnoff <glebius@FreeBSD.org>
Subject: git: eca3c0515b3f - stable/14 - linprocfs: Correct sysfs
  /proc/<pid>/mountinfo entry
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: glebius
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: eca3c0515b3f60102ba0f62b72135e6d6dcd4b75
Auto-Submitted: auto-generated

The branch stable/14 has been updated by glebius:

URL: https://cgit.FreeBSD.org/src/commit/?id=eca3c0515b3f60102ba0f62b72135e6d6dcd4b75

commit eca3c0515b3f60102ba0f62b72135e6d6dcd4b75
Author:     Alex S <iwtcex@gmail.com>
AuthorDate: 2025-03-10 18:12:36 +0000
Commit:     Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2025-03-31 17:42:48 +0000

    linprocfs: Correct sysfs /proc/<pid>/mountinfo entry
    
    Technically mount source could be an arbitrary string (since it's
    effectively ignored), but it's common to repeat fs type there.
    
    (cherry picked from commit b9752d5d1cea30a39e89c83ea3aeb539581418cb)
---
 sys/compat/linprocfs/linprocfs.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/sys/compat/linprocfs/linprocfs.c b/sys/compat/linprocfs/linprocfs.c
index 9e69c92dc014..d4f38b491471 100644
--- a/sys/compat/linprocfs/linprocfs.c
+++ b/sys/compat/linprocfs/linprocfs.c
@@ -448,9 +448,6 @@ linprocfs_docpuinfo(PFS_FILL_ARGS)
 }
 #endif /* __i386__ || __amd64__ */
 
-static const char *path_slash_sys = "/sys";
-static const char *fstype_sysfs = "sysfs";
-
 static int
 _mtab_helper(const struct pfs_node *pn, const struct statfs *sp,
     const char **mntfrom, const char **mntto, const char **fstype)
@@ -478,8 +475,7 @@ _mtab_helper(const struct pfs_node *pn, const struct statfs *sp,
 	}
 
 	if (strcmp(*fstype, "linsysfs") == 0) {
-		*mntfrom = path_slash_sys;
-		*fstype = fstype_sysfs;
+		*mntfrom = *fstype = "sysfs";
 	} else {
 		/* For Linux msdosfs is called vfat */
 		if (strcmp(*fstype, "msdosfs") == 0)

From nobody Mon Mar 31 17:44:15 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRJR3332vz5sLbL;
	Mon, 31 Mar 2025 17:44:15 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRJR31mMtz3hX2;
	Mon, 31 Mar 2025 17:44:15 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743443055;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=WDyr9uKwKuuME6fAIXjOLrMNegmipEexMREA56GN4I0=;
	b=wC2YpjOWfcGS66Rll/uTMT3uOETlkDuFm16/OFyUtcY0MDw7OS2u+RUB0sISoC0nxnvhnG
	hSSE+/RDve0jxUVyUV6qXELX3Lvd1okZqXemPZnInltMtZVIqSS+9Aj38ZeiKODugFZk0z
	gaBb8mu7+FO/Uyb6zYeux8V1EnZ2DOBJiG1mFQIC9UyQXYPq/nvVsFUI8PUWWwFgpjpNZs
	CROz1jkvobaIBZGF4SqiGHjjEDp+EsQFtmF67X7OQL29iThMJMwYR7QOXEgITiLD4Kbu9J
	fusX+IedPUMAon7cKpgJC4kJHmh4u10zcTIYcl2znEFOeBsSXpsR4fa167I2iQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743443055; a=rsa-sha256; cv=none;
	b=wGMId8lwOxwi+IThbj903d6hIKygvy/0Dkrm5T81fbO9eHeM+8N9twBFCG4NaBoLLAzDyt
	+3bhBC+tqTGECBt1KPkNqZ9bNXsHId3//rOuuwdKy3bsCKgIfD8A0VsUbd+/LA7CwhfxzT
	SPkrnErXzoHBpjwBo02b9zOCaaj9KpGcdyaNezS/dhusHFK5MlFrzm0AFmwl7orJUSQmRa
	UKFf55Q5H+YBMChU1rGxyeXCU/kI0gNQ+UxKHzYAYUNT2D+nkr/3y0TUOBBRqsWuntMS21
	jeD4bmPTnA0slDACs84q7gKjNkEkIWZKbMpZZB5KnrvSTA+hYkqiherVw49b6g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743443055;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=WDyr9uKwKuuME6fAIXjOLrMNegmipEexMREA56GN4I0=;
	b=UWb+dhtx+OdRr3N+2p1/G54VSmiKfJRtP36Vlhm97jDEsYuJk24HER0uVOuO0e4Z25soBW
	JSId9dXH4NfSM3RssoLsM+D/xZkx9ZGxOqc5a7IEbeGA/0nR7OiiqIk3gL3V6oiPleZWMi
	EMjxXdMOf/tA/7whLDPR9IBboL8Q8vO8s2SoT4Wa7ASAUN+REPyTkEln9o89MX6owigJbs
	R1yHT5WmyFKyD2hKRE0LiSKUdRz/SpFThbZSQFKK9/C1jja00b7MbDD1KFsxOO0TlltLLY
	gSVEoFpPibk83/wvcSBnnv7BVHqN45hVZnt1l2Wm7D1aEwttSsrOWuHEKz5bUg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRJR31KVXzw1c;
	Mon, 31 Mar 2025 17:44:15 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VHiFvV061484;
	Mon, 31 Mar 2025 17:44:15 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VHiF7D061481;
	Mon, 31 Mar 2025 17:44:15 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 17:44:15 GMT
Message-Id: <202503311744.52VHiF7D061481@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Gleb Smirnoff <glebius@FreeBSD.org>
Subject: git: a5918bfbf9ac - stable/14 - linux: Fix a typo in
  linux_recvmsg_common
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: glebius
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: a5918bfbf9ac512ce2840541e9b66c2ffed44dc6
Auto-Submitted: auto-generated

The branch stable/14 has been updated by glebius:

URL: https://cgit.FreeBSD.org/src/commit/?id=a5918bfbf9ac512ce2840541e9b66c2ffed44dc6

commit a5918bfbf9ac512ce2840541e9b66c2ffed44dc6
Author:     Alex S <iwtcex@gmail.com>
AuthorDate: 2025-03-10 18:12:36 +0000
Commit:     Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2025-03-31 17:42:56 +0000

    linux: Fix a typo in linux_recvmsg_common
    
    We are supposed to check the result of bsd_to_linux_sockopt_level here
    rather than its input.
    
    (cherry picked from commit 9f55630b8d72602f6ec86b15b607f5fc5fde911e)
---
 sys/compat/linux/linux_socket.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/compat/linux/linux_socket.c b/sys/compat/linux/linux_socket.c
index d35ff37aee98..bed772d56684 100644
--- a/sys/compat/linux/linux_socket.c
+++ b/sys/compat/linux/linux_socket.c
@@ -1856,7 +1856,7 @@ linux_recvmsg_common(struct thread *td, l_int s, struct l_msghdr *msghdr,
 		lcm->cmsg_level = bsd_to_linux_sockopt_level(cm->cmsg_level);
 
 		if (lcm->cmsg_type == -1 ||
-		    cm->cmsg_level == -1) {
+		    lcm->cmsg_level == -1) {
 			LINUX_RATELIMIT_MSG_OPT2(
 			    "unsupported recvmsg cmsg level %d type %d",
 			    cm->cmsg_level, cm->cmsg_type);

From nobody Mon Mar 31 17:44:16 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRJR60FfTz5sL8T;
	Mon, 31 Mar 2025 17:44:18 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRJR466Ndz3hlf;
	Mon, 31 Mar 2025 17:44:16 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743443056;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=mrNFMyFUu8GwTWTttkWevYIoVYvr/jZ0mufZ9/JuH8Y=;
	b=cJtGlzNJrva1vC8egK4YpP4zct7EC23MjE+53u4DlY4OcBZaxS35Bm46FBkmZkeoH5eP4t
	teKbs0AUjmB8vsGiOG7Dp/49UUQbrG5xPPJ/pDVZEe5rn2GDz2u6QXpb2niR5tVJ6TjcRu
	RVWem/jHZF5xQwF1m7AgSKwh4wrOffZrSAfYshsf3YFkuqu5l45FxX8p6M57h8TVel4IyI
	2HS/Kb/OPWdwp1va+JAdkpBNLo1xSkSG+h43USBrEHfXR591iQJL1XhU+e9pyh0QJpAxky
	eqK55W6IL9gn2LND3WSXaEjLfcLbvBMBrI/qKGab5SSuF+jnKFb3PRJd1z7nxw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743443056; a=rsa-sha256; cv=none;
	b=M9JsPkEpKo4Jd2hosZVy5+B5dve0iSrziFioMRXr/WNjqU61Rr991LygxZptOONzKSabzR
	NSsAIbGyrvKPqGSIaWJd0kWzkxDBZLQ7ZdL29l6m98BM90VH0q7NyWxqc2Fm5jcMZ+KD4X
	4Rry4otQVd/g58d3CacWezvh4OQjhH2P1nZ9dhx/aT1Fc+SpVawiNdTJPkDT67V5AgEpyq
	iNO7inF3q25ja5PGe7VNDSYb31ZwEjKu3yyesVPDIRS1E0ZHgsR9rNMs200PkMgy/gBwPh
	RiojjiG5h9nBUT0+ub1ivQAqL7j3QHTyfuE6iemO3jsdPjwzBecL7oe++aw/DA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743443056;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=mrNFMyFUu8GwTWTttkWevYIoVYvr/jZ0mufZ9/JuH8Y=;
	b=CjGQrrz34oXP8k8vvjmNCPcM+97Fmi0/JLOI2C+kxzehxjLoN1fm+tpPmXB8YKjJut8Tgq
	ZMnPUoDhlewmbRYN5RScCefa+Hh1cl+Bkc7Vm+NO8kBwKFw/KM7IjrbPW5Eor7y4TeYJvg
	7PvB0WZvdRtMvypVnWYvMBHnPHVS2RPjE9FhFDkCGZWiHAlNqsV3/yF456Bk8DWZP0RBBi
	sNHMjiRd+AxNhl1qU95XdeHlVUtz1WyN+/aZYfiLbdQMGJGB4GfONN2GXYZNEHFta3u2RS
	Yt0ZcHPJw4v4cxT9V1FGdSM/GpcVhHoX6lmpYIECAo3SqvWH7rcxdXPxUvFh6g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRJR42GbnzvmL;
	Mon, 31 Mar 2025 17:44:16 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VHiGNV061516;
	Mon, 31 Mar 2025 17:44:16 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VHiGoA061513;
	Mon, 31 Mar 2025 17:44:16 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 17:44:16 GMT
Message-Id: <202503311744.52VHiGoA061513@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Gleb Smirnoff <glebius@FreeBSD.org>
Subject: git: 9e7af40094f7 - stable/14 - linux: Handle IP_RECVTOS
  cmsg type
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: glebius
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 9e7af40094f73670a09edf09936f084234102d58
Auto-Submitted: auto-generated

The branch stable/14 has been updated by glebius:

URL: https://cgit.FreeBSD.org/src/commit/?id=9e7af40094f73670a09edf09936f084234102d58

commit 9e7af40094f73670a09edf09936f084234102d58
Author:     Alex S <iwtcex@gmail.com>
AuthorDate: 2025-03-10 18:12:36 +0000
Commit:     Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2025-03-31 17:43:06 +0000

    linux: Handle IP_RECVTOS cmsg type
    
    This unbreaks apps using GameNetworkingSockets from Valve.
    
    (cherry picked from commit 186dc094cf1ce14b26c6dfa329a445357121238a)
---
 sys/compat/linux/linux_socket.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sys/compat/linux/linux_socket.c b/sys/compat/linux/linux_socket.c
index bed772d56684..4fcdd9517bda 100644
--- a/sys/compat/linux/linux_socket.c
+++ b/sys/compat/linux/linux_socket.c
@@ -135,7 +135,6 @@ linux_to_bsd_ip_sockopt(int opt)
 		LINUX_RATELIMIT_MSG_NOTTESTED("IPv4 socket option IP_RECVTTL");
 		return (IP_RECVTTL);
 	case LINUX_IP_RECVTOS:
-		LINUX_RATELIMIT_MSG_NOTTESTED("IPv4 socket option IP_RECVTOS");
 		return (IP_RECVTOS);
 	case LINUX_IP_FREEBIND:
 		LINUX_RATELIMIT_MSG_NOTTESTED("IPv4 socket option IP_FREEBIND");
@@ -663,6 +662,8 @@ bsd_to_linux_ip_cmsg_type(int cmsg_type)
 	switch (cmsg_type) {
 	case IP_RECVORIGDSTADDR:
 		return (LINUX_IP_RECVORIGDSTADDR);
+	case IP_RECVTOS:
+		return (LINUX_IP_TOS);
 	}
 	return (-1);
 }

From nobody Mon Mar 31 18:35:49 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRKZZ36PWz5sPCl;
	Mon, 31 Mar 2025 18:35:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRKZY6SjCz44Mx;
	Mon, 31 Mar 2025 18:35:49 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743446149;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=EPLs5XPaS/y3BzoiFcomgjGX9DMcrACAs7apQJKCa+Q=;
	b=N3PWsPTEND2hkMGNBOxb7Pm/yfHMAaX64EMMRot6LGpBHYWWid0UfAtl1MvFbk4PgOw14+
	6uoN8PRYKk2YmzVlWL7zsxvxbZUdWmE1qyIzlgjAaAyE9Ks3BobWWhF3TJAnXTZv47KgcQ
	5NJU1yZyhIFUDLsTmnsrgLhWw5pNbszqk2UAQKfWN1HPO2IdcW13NVslMcWCNM9zJKjY25
	0+RNIR3/yGFn1vEtnlzn1yYoxmEwuXqzi98EaVNhBgoLMUy3P98hhoJrox/n1QLa//cCTk
	mGgNtPYP6T3CfOtawowx+siI2tYMXMV0w+qsRUK+7WFFaqv4k4PJDx4qgGp2Vw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743446149; a=rsa-sha256; cv=none;
	b=graeeJmNmwjArUB1lfJ/hukkj4e8bnKxRNenpNiygH0j4F1PzwVWy25fUxlShijhy/oEaN
	/tGtu78BrEGYnCZYFyhUz0t9n5cl/W6mEmgSgkjrY6pyDk213z0Jf6kaHf8aBIvgFevUqM
	nUzqWbQcxDyBAbReyGx1hJH23pl6bIER0v3NxnPsP98/S2vwDrvSGIiy35yqier11DyAJQ
	RiDKx4rB05PQbGzeW8rH8VCUu6nbZOOmisjNyvgB0ysKrfUK43RdlqdJOLgK8C8gRWP1fU
	EZluk735f4sAsXmFkPDOiuHagH5QImWbotCm4LNoCT5fRkreM9yd5L6guF5DOA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743446149;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=EPLs5XPaS/y3BzoiFcomgjGX9DMcrACAs7apQJKCa+Q=;
	b=Oy/KODkuZUTvzrr2jRnanQa42yvzzsbPBBKHNfbBSRSpHkDEr7buzqpRrRPKqMsutdeuOh
	s2D9utdLtUy3qxpQ3rLTdKbyXGoct4m3L7mZQgjAWjGXCumXoX1GY+DqUYcpPCfAetrYJH
	usJqPgXLhXjUO2cjOpcwcHhGVbgLds+1WEhhJ0uO8BrSSCmvVBAaJGmmw5eY1TIlNWEXG7
	BoEKLyKjRf9CxAza1tE7mNdWopAsoqXD6pPadOOLm9ui3zvs9Fq5Us4YLplsMFApK34m/q
	zIU/MFg+055e5DNlsbTH/+GTGih3iWlAKg28BRXAlisJ1Qytb1Zbes5Ho5wDYA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRKZY62MlzxCZ;
	Mon, 31 Mar 2025 18:35:49 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VIZnNZ056743;
	Mon, 31 Mar 2025 18:35:49 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VIZnG6056740;
	Mon, 31 Mar 2025 18:35:49 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 18:35:49 GMT
Message-Id: <202503311835.52VIZnG6056740@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Dag-Erling =?utf-8?Q?Sm=C3=B8rgrav?= <des@FreeBSD.org>
Subject: git: a4251e93f8cb - stable/14 - top: Make locale issues
  non-fatal.
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: des
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: a4251e93f8cb008607bf9b50bd2fd95d3223dad1
Auto-Submitted: auto-generated

The branch stable/14 has been updated by des:

URL: https://cgit.FreeBSD.org/src/commit/?id=a4251e93f8cb008607bf9b50bd2fd95d3223dad1

commit a4251e93f8cb008607bf9b50bd2fd95d3223dad1
Author:     Dag-Erling Smørgrav <des@FreeBSD.org>
AuthorDate: 2025-03-06 13:43:44 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2025-03-31 18:35:33 +0000

    top: Make locale issues non-fatal.
    
    If the `setlocale()` call fails, emit a warning and sleep briefly so the
    user has a chance to see the warning before we redraw the screen.  Note
    that we have no way of knowing exactly what is wrong, but at least we
    can suggest that they check their environment.
    
    MFC after:      1 week
    Sponsored by:   Klara, Inc.
    Reviewed by:    kevans
    Differential Revision:  https://reviews.freebsd.org/D49230
    
    (cherry picked from commit 180065eb09e699820a1e1c45d3d00156e0effe29)
---
 usr.bin/top/top.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/usr.bin/top/top.c b/usr.bin/top/top.c
index 2b468c453e26..856ad838dc1c 100644
--- a/usr.bin/top/top.c
+++ b/usr.bin/top/top.c
@@ -266,8 +266,8 @@ main(int argc, const char *argv[])
 #endif
 
     if (setlocale(LC_ALL, "") == NULL) {
-        fprintf(stderr, "invalid locale.\n");
-	exit(1);
+	warnx("invalid locale, check your environment");
+	sleep(2);
     }
 
     mypid = getpid();

From nobody Mon Mar 31 18:35:51 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRKZc2fkGz5sPMg;
	Mon, 31 Mar 2025 18:35:52 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRKZb2kJKz44W9;
	Mon, 31 Mar 2025 18:35:51 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743446151;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=7vuUyd5rtdYaPd5pGGdMx0TSDqMIkDWUF5azjiTXFOE=;
	b=i39WJvdqae9njkLgPumolGdu6lmdZ6PGjJQ0e4DkbVj6Q9nD6rtrr6a2C09xmqOuKNAlyN
	7dbDadsSt17NNhTIgfdC6b2zBq1Mn5888mhLjXKHmL99aXNWWZ7MkMHJY6Rv61YoC4Tr0Z
	0JD8oJBcLQOrQ20n/HmY9fBsVCqf4L26oldOy/b6Aj7EgJwr6fGWnxuXjUeHVQDaFD/C/8
	PppuBMpqt38fdF9Ww+DFtGEqrvhlfwR68DwvCgP5JLuhxm34rJmSwYakpxdedlPhfan6ef
	Qi92mC7ZKV53JuTHjCG4mbzo5iptV4mzlFRzk/wD45ape4nOlWQBxUIV1c6K3A==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743446151; a=rsa-sha256; cv=none;
	b=fL+x4lJKZKK+7iw41Oy925Eu8N5wrzz1kW6n2+Z4OOOBAFP40bmtH6wkbjrjQaKXOvTqvj
	lL0TSThL2Dwg09WIquyYE7Hxtnqw1G0sjCjbVsvtAwQLEpWNEalQXCo6Cao3fid9TDhjXX
	FU/+DUl+NztGJbD8AQ5H8nl60zkXGXp/gLesz0n3OJvqn8pKzYa5OwCzV2iEVtQdXvFs8U
	7DG8Qi1Lo9QRv1itMy1zCMMiM6h+ic/P+Gk3lPTz3h9gpAYx28kdoxbkZYihlRTGf9e8YI
	0Kmf+EGBHIjv8NV+nZ+r2MXUMDIb1uIxfNor+jb3q54AI9KLlVmY3AFcsscIew==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743446151;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=7vuUyd5rtdYaPd5pGGdMx0TSDqMIkDWUF5azjiTXFOE=;
	b=YWbgKPf2S1/44jlGNj81ZDgpYQCqJW3MF7MjQY/8+ifuERCBuUM9ONhZ6ZhIQlQnPMx68b
	2mGfD0o51pOKhzVG8NafJYYclstO1n4TQn8ZZOiZTFf4+r0zlvWfjZAALYN+xojGQcDIZ3
	rihyGlW7MAjzXKbWccTrLVor/Np3IILoHioBJRdYi53gYJYFaYw+ySDkzF+yhTAlehK9A/
	wKRxjHo6stl00t67pUQwl4vXGHoHMLiKuodM6TZcMHqybPZ++e+iOcExhU6brpqt0f41Pv
	9kDz88BHcv3pGsm7idOFZN4R6sJQVlYJZBKAGfwG6GgFK6GSJ3CynzTcE9k+uA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRKZb22tkzxCc;
	Mon, 31 Mar 2025 18:35:51 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VIZpef056880;
	Mon, 31 Mar 2025 18:35:51 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VIZp7f056877;
	Mon, 31 Mar 2025 18:35:51 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 18:35:51 GMT
Message-Id: <202503311835.52VIZp7f056877@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Dag-Erling =?utf-8?Q?Sm=C3=B8rgrav?= <des@FreeBSD.org>
Subject: git: 227c1270719f - stable/13 - top: Make locale issues
  non-fatal.
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: des
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 227c1270719f1add47b70d13b3a8cbf3cb188e13
Auto-Submitted: auto-generated

The branch stable/13 has been updated by des:

URL: https://cgit.FreeBSD.org/src/commit/?id=227c1270719f1add47b70d13b3a8cbf3cb188e13

commit 227c1270719f1add47b70d13b3a8cbf3cb188e13
Author:     Dag-Erling Smørgrav <des@FreeBSD.org>
AuthorDate: 2025-03-06 13:43:44 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2025-03-31 18:36:01 +0000

    top: Make locale issues non-fatal.
    
    If the `setlocale()` call fails, emit a warning and sleep briefly so the
    user has a chance to see the warning before we redraw the screen.  Note
    that we have no way of knowing exactly what is wrong, but at least we
    can suggest that they check their environment.
    
    MFC after:      1 week
    Sponsored by:   Klara, Inc.
    Reviewed by:    kevans
    Differential Revision:  https://reviews.freebsd.org/D49230
    
    (cherry picked from commit 180065eb09e699820a1e1c45d3d00156e0effe29)
---
 usr.bin/top/top.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/usr.bin/top/top.c b/usr.bin/top/top.c
index d35d755fdc82..8712e56d43ba 100644
--- a/usr.bin/top/top.c
+++ b/usr.bin/top/top.c
@@ -266,8 +266,8 @@ main(int argc, const char *argv[])
 #endif
 
     if (setlocale(LC_ALL, "") == NULL) {
-        fprintf(stderr, "invalid locale.\n");
-	exit(1);
+	warnx("invalid locale, check your environment");
+	sleep(2);
     }
 
     mypid = getpid();

From nobody Mon Mar 31 18:35:52 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRKZc4wW7z5sP5Z;
	Mon, 31 Mar 2025 18:35:52 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRKZc34qqz44N4;
	Mon, 31 Mar 2025 18:35:52 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743446152;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=3AxXQrSsi2FDFSULG3KnccdOwnK6G/g7FMroDxTLicQ=;
	b=iCQyRIKMLvnWomAb9B1UW7NiDQm1tfjst42burrBaJC0ZD/pPaiBEGT8mcRVGqFM/KXpLX
	oES30LN+SLf/9dXbprwJLAKJjfARvQQkdwFHSioh+lhRvjweL8l3z7JHek6cYJy6Mx+q3E
	EzO2FwXdNRsAwe5XmXC8QQ9GOLLFTeXBCAHQ9mQfbVVuPWUUyc8gyRf9NXV+Qh7Q0eyr+n
	bQt3tIJS/Gwq0d2/n9MG/QInsJkXbDgVp/dsIUJhEiiY+dhYRgSYUAqm/ySJ67bsw3NlIK
	SutDyokXj+WExwCVNqrozKbF6l5Wg/ow5VUUMTRsLghrN3VXkl/dmDV+IJbSrA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743446152; a=rsa-sha256; cv=none;
	b=qFBhHBUsIn9DY9Cb/q4SpqCG1yFUATUtawFmuVo1CssKp3c+BTdFPxhxBhhkztnFlfPVZF
	1srp2cp6VCiZNwRTopfUVqsJghJPvPBRsIAZyw/YBB6FXo0t39Ih5vunRZEHiB7URw2fFS
	OOUnjL84P3ljy4kMiwicnRJC/X+aW/6OnzTSx62ROKgBVT2fYGM0mGhUlQR6Zfd6kyp7/O
	7tJBQEh8mPYVRI7Ot+ZcygiY19aEbvZQYHrw3oGgBeRdZ6XPD5i9ZsFoyd/Fstaf/EQqTp
	C2zXgM9jXfHQa9ig9LF60dHEIK0eBBkANo2b2Cg9iwp6/mnS6X9tx7NG9B+BMg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743446152;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=3AxXQrSsi2FDFSULG3KnccdOwnK6G/g7FMroDxTLicQ=;
	b=ehMm/lFUaOCjIaqjEMZ1WSNvjh2B7eUSJldnU2hSvRoY7hxdLu4iJtixgHLuNpeRFyeP+C
	ygRu1LDwnWrXE9tRLdAJXh6u3tu4kZKJKam6ytGuKNXqC/RNLMRhlOcO2Q1GA/9x2SC6dn
	nHR6GTYqAQ8aB/gM/g98Zz8lu6KhhlRFHmZvzfDZwjRKk8KedQaAZpHTXxXmjvFIGfbl9m
	+NhFmBmXiuUF+1tUqzQ+7xTHmh2qfVSWFp86rpnKX7FVRd7VpAkx6vQ7G+DyWntp6ViXKx
	MxRZA0AmQOE7ZRhSZS0bpmmvc85ydqIOSTdgA7WJ5teFx7L7t2bgZEj0hEsywQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRKZc2YwYzwkq;
	Mon, 31 Mar 2025 18:35:52 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VIZq4n056952;
	Mon, 31 Mar 2025 18:35:52 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VIZqPB056949;
	Mon, 31 Mar 2025 18:35:52 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 18:35:52 GMT
Message-Id: <202503311835.52VIZqPB056949@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Dag-Erling =?utf-8?Q?Sm=C3=B8rgrav?= <des@FreeBSD.org>
Subject: git: 910535a82a29 - stable/13 - uma: Avoid excessive per-CPU
  draining
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: des
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 910535a82a29d71eb3951b2368aef358a207f18d
Auto-Submitted: auto-generated

The branch stable/13 has been updated by des:

URL: https://cgit.FreeBSD.org/src/commit/?id=910535a82a29d71eb3951b2368aef358a207f18d

commit 910535a82a29d71eb3951b2368aef358a207f18d
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-03-17 19:12:58 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2025-03-31 18:36:01 +0000

    uma: Avoid excessive per-CPU draining
    
    After commit 389a3fa693ef, uma_reclaim_domain(UMA_RECLAIM_DRAIN_CPU)
    calls uma_zone_reclaim_domain(UMA_RECLAIM_DRAIN_CPU) twice on each zone
    in addition to globally draining per-CPU caches. This was unintended
    and is unnecessarily slow; in particular, draining per-CPU caches
    requires binding to each CPU.
    
    Stop draining per-CPU caches when visiting each zone, just do it once in
    pcpu_cache_drain_safe() to minimize the amount of expensive sched_bind()
    calls.
    
    Fixes:          389a3fa693ef ("uma: Add UMA_ZONE_UNMANAGED")
    MFC after:      1 week
    Sponsored by:   Klara, Inc.
    Sponsored by:   NetApp, Inc.
    Reviewed by:    gallatin, kib
    Differential Revision:  https://reviews.freebsd.org/D49349
    
    (cherry picked from commit f506d5af50fccc37f5aa9fe090e9a0d5f05506c8)
---
 sys/vm/uma_core.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/sys/vm/uma_core.c b/sys/vm/uma_core.c
index 2236df90dfc0..7334db2a9bbd 100644
--- a/sys/vm/uma_core.c
+++ b/sys/vm/uma_core.c
@@ -5198,6 +5198,13 @@ uma_reclaim_domain(int req, int domain)
 		zone_foreach(uma_reclaim_domain_cb, &args);
 		break;
 	case UMA_RECLAIM_DRAIN_CPU:
+		/*
+		 * Reclaim globally visible free items from all zones, then drain
+		 * per-CPU buckets, then reclaim items freed while draining.
+		 * This approach minimizes expensive context switching needed to
+		 * drain each zone's per-CPU buckets.
+		 */
+		args.req = UMA_RECLAIM_DRAIN;
 		zone_foreach(uma_reclaim_domain_cb, &args);
 		pcpu_cache_drain_safe(NULL);
 		zone_foreach(uma_reclaim_domain_cb, &args);

From nobody Mon Mar 31 18:35:50 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRKZb5pvwz5sPGV;
	Mon, 31 Mar 2025 18:35:51 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRKZZ6n01z44T9;
	Mon, 31 Mar 2025 18:35:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743446151;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=P3Sn1n9+uLkQA7LbOyMJzy0+Nfhxw8ND6fELLA5tojc=;
	b=kTF3Y6uBtlaCSzU7dkglrpPHlo5xN1tdx4hnislMjBQLy9s+7nBCHpWd6mHpnpriK2YPIX
	Q+MHJEVUmLOWfJX5Chp73Yj+S/QFP+wsB3bsvTvlMw4a2Hojatdk7EZ5a8wspowF8S0zew
	wT469HvxUeMFxk1rSeflfQDiics6/1ZpT9WVLmbJr4vY+LSyLNVu0uCwRZFUVRT3l3eOyp
	YttrmsAbIaMQbmq6TP7hlMG1cT6RmBDJE4FQ8AXDMVnoFqxi4duoW+eqoMGu9oysWpVd8u
	sD/x6ueyk85DvuoqhbnDqngCFAOUkYigUl1FFWMLTENQddMZNaITee8llhNxEQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743446151; a=rsa-sha256; cv=none;
	b=ezvybUZtuogdU/rMWuOctfvocArVAqszb8P6C0Eyi+bi8mSSaukkn+2D46UaNpqFmiD8eS
	zkgVCdr8EUD2aOgFlGyfWZJ9V/nZYqRk/rUTbVMHIeyNlcZwak+kwKnvaKQetvci0ZUHQn
	QD3K+qkE9XteDNFypX0RMoY+Ga4lUFbrjKdHep2ZHLMk0pBk+ISam+MVCQdNY0VUMvz62W
	Qy5zGvPoAe6vybyFjw4AF9QXa3I0v1kW7dg54X/y0c94oFRRREOLvvCycmFBQCdpE64PPW
	I6s/sjS2lBbUN7cvVHpWs4je2OAMJIewy/iYOURkLrcfrmtauv2Qeb6u9USazw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743446150;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=P3Sn1n9+uLkQA7LbOyMJzy0+Nfhxw8ND6fELLA5tojc=;
	b=n1tbPWd629iBUwuiH7MZaKT6MRcQoHdrDyzpBDz4yE3tWsmN1Ytg73f+OsZqpgk3Pu94x/
	WncfDn0CoOlxpYk8IG42KAHeDPGHdM2rrdQAzvZWETq1kzUXwei74kcIBFbetKqT4yw3Ch
	i0f5ej5n+pRYCJXDEMN8MW4Oz1b9ecyzKdkUK5i6EtEBXZunt5qlwSuZ24d1Cb7LVmc1dU
	Nve7jg+mheWz70nB8aHjL1e5G7Y9roEiUcpy692VBRL1nZAE5jwepFsOjJxy11VBekiWQV
	WYv+AQlm+CaPoBDLATplzexWA/GIqD99MFA0Zu8b5NI+v3QPiCrdhRwObymBQA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRKZZ6GVhzxCb;
	Mon, 31 Mar 2025 18:35:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VIZojK056791;
	Mon, 31 Mar 2025 18:35:50 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VIZovc056788;
	Mon, 31 Mar 2025 18:35:50 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 18:35:50 GMT
Message-Id: <202503311835.52VIZovc056788@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Dag-Erling =?utf-8?Q?Sm=C3=B8rgrav?= <des@FreeBSD.org>
Subject: git: 02324ae8279a - stable/14 - uma: Avoid excessive per-CPU
  draining
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: des
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 02324ae8279a977e4fd4a8d05e136ec8a471d5ce
Auto-Submitted: auto-generated

The branch stable/14 has been updated by des:

URL: https://cgit.FreeBSD.org/src/commit/?id=02324ae8279a977e4fd4a8d05e136ec8a471d5ce

commit 02324ae8279a977e4fd4a8d05e136ec8a471d5ce
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-03-17 19:12:58 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2025-03-31 18:35:33 +0000

    uma: Avoid excessive per-CPU draining
    
    After commit 389a3fa693ef, uma_reclaim_domain(UMA_RECLAIM_DRAIN_CPU)
    calls uma_zone_reclaim_domain(UMA_RECLAIM_DRAIN_CPU) twice on each zone
    in addition to globally draining per-CPU caches. This was unintended
    and is unnecessarily slow; in particular, draining per-CPU caches
    requires binding to each CPU.
    
    Stop draining per-CPU caches when visiting each zone, just do it once in
    pcpu_cache_drain_safe() to minimize the amount of expensive sched_bind()
    calls.
    
    Fixes:          389a3fa693ef ("uma: Add UMA_ZONE_UNMANAGED")
    MFC after:      1 week
    Sponsored by:   Klara, Inc.
    Sponsored by:   NetApp, Inc.
    Reviewed by:    gallatin, kib
    Differential Revision:  https://reviews.freebsd.org/D49349
    
    (cherry picked from commit f506d5af50fccc37f5aa9fe090e9a0d5f05506c8)
---
 sys/vm/uma_core.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/sys/vm/uma_core.c b/sys/vm/uma_core.c
index 661c98b272da..56b7cc601754 100644
--- a/sys/vm/uma_core.c
+++ b/sys/vm/uma_core.c
@@ -5296,6 +5296,13 @@ uma_reclaim_domain(int req, int domain)
 		zone_foreach(uma_reclaim_domain_cb, &args);
 		break;
 	case UMA_RECLAIM_DRAIN_CPU:
+		/*
+		 * Reclaim globally visible free items from all zones, then drain
+		 * per-CPU buckets, then reclaim items freed while draining.
+		 * This approach minimizes expensive context switching needed to
+		 * drain each zone's per-CPU buckets.
+		 */
+		args.req = UMA_RECLAIM_DRAIN;
 		zone_foreach(uma_reclaim_domain_cb, &args);
 		pcpu_cache_drain_safe(NULL);
 		zone_foreach(uma_reclaim_domain_cb, &args);

From nobody Mon Mar 31 21:29:44 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRPRD3qyZz5sZtr;
	Mon, 31 Mar 2025 21:29:44 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRPRD321xz44q0;
	Mon, 31 Mar 2025 21:29:44 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743456584;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=yrtJtDkFGgljKihHv8ARVMiKqyyJCmyBwUyE0CtgX7E=;
	b=H4XYw7CACI04n1fMu42/7PUvZiUeHxyiiR1+c8MdDkC99tZZRajtYb3sV+37jtNXXbJL/7
	eicqSuvv1OqsU4tmQHcPyG5jzb4EqGDjnyTKF88taqXscAhFRKKoIc3+R8ZfusG9WnU5UV
	qs16lClKf3QbaS0sbKJ3PIR5wry3+AO79z8A84aDXCQ6dJOQVc2qulHDkXSPTJse2H+5gM
	KwMAus0RQNLdAPGpLWYA08jkMBTjnp1EUO429NKQ5f3LQzLieiL/J0Pfh9gaU0+PNuDAiR
	+ctr5zPHqfA+rENoGKwdARdPMdet0d+b2NAjJCYCLPn/kSPsekRZ6wyQBKOcMw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743456584; a=rsa-sha256; cv=none;
	b=rkXSV121ttu1S1j3IVbVRD0bYtdthQhfWj3X2Whe+S+dj+IsWcCdKJroBx4YtHt9qHnlQT
	Co2Qxtt7BJcDhrl+5JaVGGw1+Njw3h2QcGE2QGhDEzm/yHAQyuApygR+wEa1/l401coTFp
	+fVxqVbVIrff9VRofVUZdGIkyvM34Q0FV3a8HsshvCyx880vURlmj4kjZE6EZdNxug4O+I
	x+6JYqv5DADpGcPe3XLscQp0SyyOfLJ6FDufFWKBDoVqL6Bk4xUVgZL4sNleA3cORFgYPe
	8m/j5svKOU7yHENCMNFPMWqb0wi99kGiDHP4ElgqM6xhrolhYn3JGp6QpUodug==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743456584;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=yrtJtDkFGgljKihHv8ARVMiKqyyJCmyBwUyE0CtgX7E=;
	b=J4DRuSBO1uKqGE8+IQGNCdAp+DQZifa/fRGEEvHO5Ue2pVxGg1/1j8/gEFQZNof/HtwVpo
	6Uoxb7J1coVpM0TrmZtzBNvSjzLy3imFosspOayJvGZqvbLxL8IICILdhbpkcJJbsRcyc8
	7XIImRpK+5ajE75mpfLrCiJv0xQtQO8qO+gVt8z12YuCifHGGLlFM5PkvEJ5BgswwjvhEI
	RKcrSzHCeCc8rkcG9o6UK4tCpLXVJvqRkNwuwzq3SdppEBqNURnN1Maw79bl5yCQvBD9IJ
	aKd8Nwgf4YvuEclpJHC6eyLGjBIVbE5/eT2szUafA8lvHXKWKM2OLROwOnRgIg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRPRD2dcxz126d;
	Mon, 31 Mar 2025 21:29:44 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VLTia2077300;
	Mon, 31 Mar 2025 21:29:44 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VLTiSV077297;
	Mon, 31 Mar 2025 21:29:44 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 21:29:44 GMT
Message-Id: <202503312129.52VLTiSV077297@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Enji Cooper <ngie@FreeBSD.org>
Subject: git: 8d95e941d4cc - stable/14 - netbsd-tests: Update a
  test case to chase grep symlink handling changes
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ngie
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 8d95e941d4ccd0bed8678e20f85dbaf008bd714f
Auto-Submitted: auto-generated

The branch stable/14 has been updated by ngie:

URL: https://cgit.FreeBSD.org/src/commit/?id=8d95e941d4ccd0bed8678e20f85dbaf008bd714f

commit 8d95e941d4ccd0bed8678e20f85dbaf008bd714f
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2024-09-07 19:39:49 +0000
Commit:     Enji Cooper <ngie@FreeBSD.org>
CommitDate: 2025-03-31 21:27:25 +0000

    netbsd-tests: Update a test case to chase grep symlink handling changes
    
    This test case verifies that grep detects symlink loops when traversing
    a directory hierarchy.
    
    Fixes:          fc12c191c087 ("grep: Default to -p instead of -S.")
    Reviewed by:    ngie, jhb
    Reported by:    Jenkins
    MFC after:      2 weeks
    Differential Revision:  https://reviews.freebsd.org/D46544
    
    (cherry picked from commit a700bef1e4ee3e6f4e1a86a374bf9b4044f69a70)
---
 contrib/netbsd-tests/usr.bin/grep/t_grep.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/netbsd-tests/usr.bin/grep/t_grep.sh b/contrib/netbsd-tests/usr.bin/grep/t_grep.sh
index d2539a8250de..b1412a7a0715 100755
--- a/contrib/netbsd-tests/usr.bin/grep/t_grep.sh
+++ b/contrib/netbsd-tests/usr.bin/grep/t_grep.sh
@@ -81,7 +81,7 @@ recurse_symlink_body()
 
 	atf_check -o file:"$(atf_get_srcdir)/d_recurse_symlink.out" \
 	    -e file:"$(atf_get_srcdir)/d_recurse_symlink.err" \
-	    grep -r string test
+	    grep -rS string test
 }
 
 atf_test_case word_regexps

From nobody Mon Mar 31 21:31:00 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRPSh6BZcz5sZmb;
	Mon, 31 Mar 2025 21:31:00 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRPSh4yltz46Gd;
	Mon, 31 Mar 2025 21:31:00 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743456660;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=3d3nwMjK0iDfCE9f9h/nliKBA68q09UZUysQvpBwYwU=;
	b=GD4Dcmm0LtSIrlhtJWhkura/0TGwuR4kucok/PTOZEl9iWgT7NvqwVF12VkgYb+N/ileh0
	xM6hejZt/IYCdbTAk59G+U/lLdlEzUKJyM+lSxD1rqDKhlKdDEseHPx6L1oo0QOi0Q9WtO
	n2J1gntcvRlgbt0ivWC4oves9pbOZUX6q5Cq3DsgWqBYxUXsBbNQt8IhZDX0ETc4cY0Uxh
	Uxf35YxuEl14iOFTN8W0D967qk2LT1+yMUwR4ZCYQ84rWue07EXht9sFYMEJqgdZE1OkwL
	BRzOHXhqdbCHwHJPS/L+yCBO2L66MvyCGH03uyoK+jEOlKh5xvTcnGevz+lqSA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743456660; a=rsa-sha256; cv=none;
	b=HEcOwDe9cOxkqp5bmzr19H4FMd80Rh43sVtNXLNaouXP4tNG9Gx0mPcf9Jn7zHZAOkfyxo
	MhahlbNENchHB3MT7Yih4suLcbet0nQplC+X3GMajDUR1hU2nmsLJvVPnd1BUsCpFYxVeC
	Zb813UUNEcqLEUiqREGkeI1yLgzlkwp6RRt3t5rUT7NDthIsDLj3mETdCHJjtBkxUutJLK
	SjdcA+t42V3CX7SVqTqauP8lExuQJjO5pJGigskJskBX1kdruY5RtV1CjZ4tmuXukNS2JH
	hWMmQ1uhGwQ2WsAo7S+DZTGzOQC0ITXefxnzzsEct1Etsgxppg8TA9bTePcNjg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743456660;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=3d3nwMjK0iDfCE9f9h/nliKBA68q09UZUysQvpBwYwU=;
	b=CGvj9ZjiGMHBEhuDQ5MFyGzUNSJAgSG56jVssk1Ie+NCvdU6sgU3p4F2Z0Bs5CchzsBPMz
	B1J925ri/I+BKyXAQ1AZumxMFciHH6PmnEaXFwGxWA/Nz+kJN0QBsIJAE2mwjtoj3MCJRq
	/Xhrsrqrm9RwLumkXonQb/azXTcpbaxVgtKix+YvA8t2Hl/nTl2ZnEBzP6TGSfKUa80+hX
	Zcqeo+3KALq4mHosNfwJiiTcxTP8Jm6UmoELiPm6/D4yBd4nMVWc5hh76JVhsVOGFb4FQe
	f52gsgmKXyhzgqI1uP/TOFHw3O+2Kv9GKk+BSVluGdg9elomT2vFKRZT1+KJbQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRPSh4QCzz12ZN;
	Mon, 31 Mar 2025 21:31:00 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VLV01e089023;
	Mon, 31 Mar 2025 21:31:00 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VLV0Cp089020;
	Mon, 31 Mar 2025 21:31:00 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 21:31:00 GMT
Message-Id: <202503312131.52VLV0Cp089020@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Enji Cooper <ngie@FreeBSD.org>
Subject: git: 18c4022e9fdc - stable/13 - netbsd-tests: Update a
  test case to chase grep symlink handling changes
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ngie
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 18c4022e9fdc6d7f4f5da713de0e9d34d170536e
Auto-Submitted: auto-generated

The branch stable/13 has been updated by ngie:

URL: https://cgit.FreeBSD.org/src/commit/?id=18c4022e9fdc6d7f4f5da713de0e9d34d170536e

commit 18c4022e9fdc6d7f4f5da713de0e9d34d170536e
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2024-09-07 19:39:49 +0000
Commit:     Enji Cooper <ngie@FreeBSD.org>
CommitDate: 2025-03-31 21:30:41 +0000

    netbsd-tests: Update a test case to chase grep symlink handling changes
    
    This test case verifies that grep detects symlink loops when traversing
    a directory hierarchy.
    
    Fixes:          fc12c191c087 ("grep: Default to -p instead of -S.")
    Reviewed by:    ngie, jhb
    Reported by:    Jenkins
    MFC after:      2 weeks
    Differential Revision:  https://reviews.freebsd.org/D46544
    
    (cherry picked from commit a700bef1e4ee3e6f4e1a86a374bf9b4044f69a70)
---
 contrib/netbsd-tests/usr.bin/grep/t_grep.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/netbsd-tests/usr.bin/grep/t_grep.sh b/contrib/netbsd-tests/usr.bin/grep/t_grep.sh
index d2539a8250de..b1412a7a0715 100755
--- a/contrib/netbsd-tests/usr.bin/grep/t_grep.sh
+++ b/contrib/netbsd-tests/usr.bin/grep/t_grep.sh
@@ -81,7 +81,7 @@ recurse_symlink_body()
 
 	atf_check -o file:"$(atf_get_srcdir)/d_recurse_symlink.out" \
 	    -e file:"$(atf_get_srcdir)/d_recurse_symlink.err" \
-	    grep -r string test
+	    grep -rS string test
 }
 
 atf_test_case word_regexps

From nobody Mon Mar 31 21:35:12 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRPYY0K43z5sb6N;
	Mon, 31 Mar 2025 21:35:13 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRPYX6BpSz49dt;
	Mon, 31 Mar 2025 21:35:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743456912;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=iDawhuA8u2CSppTx7Cz170MQNx/X8D8uHU/BRd7zePA=;
	b=Q6M9SCEa2d/D9nvMUnalS1CJWkhkegwYS4sMQctOssEUAaP9McZko8rXSYhJqv2FBHfAXo
	lp1GFZVxNCvhv8PRrcz8RtWvdWqwfFH7c/7GAIoMSWBL2XW3ESsRSFD9gqScAxwBAW6lBc
	bkoRfrL9nFpgcwg6QUrFQTwBaWLa4ziAcB1NA8rEzsHf5f+5nCIsY0IAvW/2FdG9Q7nOan
	7nYJ78KejBB0IhLXPyKKl89cZOMZWWG6yesjQhiYo9mFBFaO8VwevkEVJzUaKejayrDMBA
	2fd6NI04f9ipSlmVIWzPbmxahhpdbkkbJ7MCksN3IuqHxe5fXq+rsmpWr2ysUg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743456912; a=rsa-sha256; cv=none;
	b=q7dXvrt5cApsnDJcXmGJq0ZhurZzmvMleXs7Xx5u1FdxtmZkYUjB3hQNENzyEvWa8HdVB5
	CXOCYg78T3ag5wyayDL/JvNVsC4TYM5ZS8a/it01HYWIPJ9zPm7dUkwf6dHLcsJn0iBwjS
	XXZApoOCTajSB5MMD08OjeCRf57So4pTKSlaeiDAPGfXR5nyBBfU4rjVpJPP0SDRGChp0X
	uK1iaEijLyYj/oqneeexSuUQj0xm/Rt5KwXoApfAUdJ3XoaZcLSx9NyrokAA8R29ZPhfGN
	a8nK/55sSGLPRKZm8KSHKDlAwPbJhqtx0bc+0O02iipSNfbFwRRVv04fKkoc7Q==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743456912;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=iDawhuA8u2CSppTx7Cz170MQNx/X8D8uHU/BRd7zePA=;
	b=th+QxSM24ZxGi96wfvjGSHbqy0ZgW6MpnPjbq6FWYJf417aRrEADAV+XeWm38HHpILjd2x
	+KsL5eE6P9R3stvVTsAiIi9EZTeS9kCw58xP0LIHCxIOLvpfPZ1jryRiJAy8epAxQYcQ+J
	TxtcFisfa/wDr3Uv9gxnujg9g+LDz2IjF5LLcBatt2DdflU+OtlaoKEFEAbkykKmxZgpQe
	T5Ue0U1Aydt0R+ZN4woDvaMJ7P84to+0i9uENdqwJz7+lwmFjlxAZfE7rWSUZAP1YMSr3C
	GSgF8DQGIQsKoOEc6rY+520/C1bcCborcQMn5UwQ3WlV0dYYIuZP90YxIYABoA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRPYX5my6z11vh;
	Mon, 31 Mar 2025 21:35:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52VLZCig093047;
	Mon, 31 Mar 2025 21:35:12 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52VLZC0o093044;
	Mon, 31 Mar 2025 21:35:12 GMT
	(envelope-from git)
Date: Mon, 31 Mar 2025 21:35:12 GMT
Message-Id: <202503312135.52VLZC0o093044@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Enji Cooper <ngie@FreeBSD.org>
Subject: git: ebd127c3e36c - stable/13 - file: Support testing
  multiple magic files.
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ngie
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: ebd127c3e36c1f02a7a9b2d63621040e7d1a00d4
Auto-Submitted: auto-generated

The branch stable/13 has been updated by ngie:

URL: https://cgit.FreeBSD.org/src/commit/?id=ebd127c3e36c1f02a7a9b2d63621040e7d1a00d4

commit ebd127c3e36c1f02a7a9b2d63621040e7d1a00d4
Author:     Xin LI <delphij@FreeBSD.org>
AuthorDate: 2023-10-09 06:06:20 +0000
Commit:     Enji Cooper <ngie@FreeBSD.org>
CommitDate: 2025-03-31 21:34:46 +0000

    file: Support testing multiple magic files.
    
    This is based on upstream b74150490be904801378b2712fe0d532e1700124
    but adapted to ATF.
    
    Reviewed by: jlduran@gmail.com, markj, vangyzen
    Differential Revision: https://reviews.freebsd.org/D42129
    
    (cherry picked from commit 8f75390c66bdcde95e1b383aecaa27b4adf88279)
---
 usr.bin/file/tests/Makefile     |  2 +-
 usr.bin/file/tests/file_test.sh | 22 +++++++++++++++++-----
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/usr.bin/file/tests/Makefile b/usr.bin/file/tests/Makefile
index ea0ebaa12ce2..cd3d00ae742c 100644
--- a/usr.bin/file/tests/Makefile
+++ b/usr.bin/file/tests/Makefile
@@ -2,7 +2,7 @@ PACKAGE=	tests
 ATF_TESTS_SH=	file_test
 
 SRCDIR=		${SRCTOP}/contrib/file/tests
-_files!=	echo ${SRCDIR}/*.testfile ${SRCDIR}/*.result ${SRCDIR}/*.magic
+_files!=	echo ${SRCDIR}/*.testfile ${SRCDIR}/*.flags ${SRCDIR}/*.result ${SRCDIR}/*.magic
 ${PACKAGE}FILES+=${_files}
 
 .include <bsd.test.mk>
diff --git a/usr.bin/file/tests/file_test.sh b/usr.bin/file/tests/file_test.sh
index 02d494b0f643..490274c05892 100644
--- a/usr.bin/file/tests/file_test.sh
+++ b/usr.bin/file/tests/file_test.sh
@@ -32,14 +32,26 @@ contrib_file_tests_body() {
 	for testfile in "${srcdir}"/*.testfile; do
 		test_name="${testfile%.testfile}"
 		result_file="${test_name}.result"
-		magic_file="${test_name}.magic"
 		file_args=
-		if [ -e "${magic_file}" ]; then
-			file_args="${file_args} --magic-file ${magic_file}"
+		magic_files=
+		for magic_file in ${test_name}*.magic; do
+			if [ -f "${magic_file}" ]; then
+				if [ -z "${magic_files}" ]; then
+					magic_files="${magic_file}"
+				else
+					magic_files="${magic_files}:${magic_file}"
+				fi
+			fi
+		done
+		if [ -z "${magic_files}" ]; then
+			magic_files=/usr/share/misc/magic
+		fi
+		if [ -f "${test_name}.flags" ]; then
+			file_args="${file_args} -$(cat "${test_name}.flags")"
 		fi
 		# The result files were created in UTC.
-		TZ=Z atf_check -o save:actual_output file ${file_args} \
-		    --brief "$testfile"
+		atf_check -o save:actual_output -e ignore env TZ=Z MAGIC="${magic_files}" \
+			file ${file_args} --brief "$testfile"
 		atf_check cmp actual_output "$result_file"
 	done
 }

From nobody Tue Apr  1 01:57:24 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRWN426FBz5rhZt;
	Tue, 01 Apr 2025 01:57:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRWN41Q1tz3NMv;
	Tue, 01 Apr 2025 01:57:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743472644;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=GQ9w8J5qLP2VlTyaiU3oC1ONwVg4Rp/Ck8F51Ij1US8=;
	b=F7S9DkY/5erCg/bLkdOHlCWxM3hqpcygh9BGRy5CaTzKn40kJh8Z/NeVdX9GftsB58c20G
	nYH4g8ySYZx2ZioHHxrDerLHiXQIZA/wbq8jXcU3J2zM476lyGqgIEJn656A/iu/j5/7I1
	qYEkNR3uUdCYwpiFCaWqWWvsiNhoh/cLQVnqkbj4uvHDyr0+bXQZxBY4h92xAAwRwJXV7R
	JyCu4yJesUlKvisnM/zMJ/zcm6315RYhMuuhyuTpd+Pmjn3+fskUeVbnDf0jpXl0JJooHe
	9P/gUjHftfwwn29Dwwg15GjZFz3QrPXMJDyJqbiqbE2TjLDb5Y+DvC64viyEYQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743472644; a=rsa-sha256; cv=none;
	b=iL3cJkNf0gCusX9ZcL+sx49l0AlxZkspghTsRrs+gNHw32yiVpQZdEDHq9oV7+K3S5Dv3N
	yHlAkoql0KAKRAQ467SO7oPyXB2YMjkXfkzirZ3VT1vBKkW2a6wM8+xkB4PxHJZimv7nPp
	apXo6Tq+LuoRWUzAotvjHpYnjzsehLiSvlIa4NpSV/kHi9NSUvHacejOT4XzAVbWg7dqWu
	1EwTSSIJMA3lkXX1amrZCpJxOS1LexY/SwyEV6tkfua/CMHB6+tNPpmp5H/nTNOroyYVQE
	/aXnrE+fBzxhE4MXLGjGj1wWrZ5Lpd+OqRJXbT4nONPJj4AhAZxc+r2Gcw00Bw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743472644;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=GQ9w8J5qLP2VlTyaiU3oC1ONwVg4Rp/Ck8F51Ij1US8=;
	b=kJqnYOAi126Xpkcei4Af4bAKZxGzlxxFh23PIyxuWKa1kTC0vdh9tIo5/Da/XDuZdTNy0M
	GMfkysdbulzHEXoY5Uuu0zXFbRZvMO5hh+/q5cyMuWOZ/vvoVhnQ5ha5ryeGsDlXyOISji
	VRh+wOoAwcqUll1nUtl1HI8bUfnk5SzmOwtHqMtf4blJ/ZEFE/Aicvg+3ZHxBkSOdYP7aW
	nz+cWhPQtDBKt42SQZfKrvyczxtMjzPhlGyQGEgzQC8kodOThNUClBCKnXhIzzRx5xs8RA
	6PC/IO4q6v6NcGDQ4ZMUMgF19jqRGTTfU9JqpquxhQeisp2Xmnsm0RszxnJxyQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRWN40zFqz19N3;
	Tue, 01 Apr 2025 01:57:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5311vOVd076862;
	Tue, 1 Apr 2025 01:57:24 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5311vOwq076859;
	Tue, 1 Apr 2025 01:57:24 GMT
	(envelope-from git)
Date: Tue, 1 Apr 2025 01:57:24 GMT
Message-Id: <202504010157.5311vOwq076859@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Enji Cooper <ngie@FreeBSD.org>
Subject: git: bcd9c0cfb622 - stable/14 - getentropy tests: Update
  after commit 473681a1a506da
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ngie
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: bcd9c0cfb62287b4df4bb030fb56e8a96d30e102
Auto-Submitted: auto-generated

The branch stable/14 has been updated by ngie:

URL: https://cgit.FreeBSD.org/src/commit/?id=bcd9c0cfb62287b4df4bb030fb56e8a96d30e102

commit bcd9c0cfb62287b4df4bb030fb56e8a96d30e102
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-01-19 16:17:05 +0000
Commit:     Enji Cooper <ngie@FreeBSD.org>
CommitDate: 2025-04-01 01:52:46 +0000

    getentropy tests: Update after commit 473681a1a506da
    
    - Use GETENTROPY_MAX instead of hard-coding the value.
    - Check for EINVAL instead of EIO
    
    Fixes:  473681a1a506 ("libc: Fix getentropy POSIX 2024 conformance issues")
    (cherry picked from commit c5056a3931b41a803a24b89400d38d5c5f843612)
---
 lib/libc/tests/gen/getentropy_test.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/lib/libc/tests/gen/getentropy_test.c b/lib/libc/tests/gen/getentropy_test.c
index 156d3a94a7de..6ac9d5678ea6 100644
--- a/lib/libc/tests/gen/getentropy_test.c
+++ b/lib/libc/tests/gen/getentropy_test.c
@@ -28,6 +28,7 @@
 
 #include <sys/param.h>
 #include <errno.h>
+#include <limits.h>
 #include <signal.h>
 #include <unistd.h>
 
@@ -62,13 +63,13 @@ ATF_TC_BODY(getentropy_sizes, tc)
 	char buf[512];
 
 	ATF_REQUIRE_EQ(getentropy(buf, sizeof(buf)), -1);
-	ATF_REQUIRE_EQ(errno, EIO);
-	ATF_REQUIRE_EQ(getentropy(buf, 257), -1);
-	ATF_REQUIRE_EQ(errno, EIO);
+	ATF_REQUIRE_EQ(errno, EINVAL);
+	ATF_REQUIRE_EQ(getentropy(buf, GETENTROPY_MAX + 1), -1);
+	ATF_REQUIRE_EQ(errno, EINVAL);
 
 	/* Smaller sizes always succeed: */
-	ATF_REQUIRE_EQ(getentropy(buf, 256), 0);
-	ATF_REQUIRE_EQ(getentropy(buf, 128), 0);
+	ATF_REQUIRE_EQ(getentropy(buf, GETENTROPY_MAX), 0);
+	ATF_REQUIRE_EQ(getentropy(buf, GETENTROPY_MAX / 2), 0);
 	ATF_REQUIRE_EQ(getentropy(buf, 0), 0);
 }
 

From nobody Tue Apr  1 02:03:59 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRWWg25GGz5rhl0;
	Tue, 01 Apr 2025 02:03:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRWWg160bz3SJf;
	Tue, 01 Apr 2025 02:03:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743473039;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=ppjXOwAdxA7UnlVmly/TWr6KzXjelYQPQIZ+qaZ5TO0=;
	b=ULKKhTBZMLuQTKGuHNurpdXy6Xid+hhYglwPUOBUnb0Z8i6lN3AsVIe8qHFKFk7R1jCl3/
	71mw6zI6KHhMlc2NAUJ7sP5WRDLkOi5qQvMx1QMdYvEuDHCL4PKft820e5ZFNv+ge4YV+i
	EnluJoPHw5g485PVxzAPCgwResQJc9+x4lKTz+ZEq1DLUpFGMpTkOWfaAFrWS8S3fPTeXR
	5Xu0sGbl5y29zhY02w7zHwqY4PDln5j3gGnWyy4JQCYrc94v+hvy5E+ZhHox3wjCkiskR6
	zga9EAwe476SlJGC8DvjBuq7bH1k8zkvHDvGfsitKtSxzcwxb5QTpF4G37B+Fg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743473039; a=rsa-sha256; cv=none;
	b=Pm0WRCl6A1KeXRel5QxG5WJ7bc7JTXwSavYMdpUpDiGB3SD+8x/6gaIwgkUTD5gpfdRzL/
	O12sbI906sPpCNyG6OQWQtm3cVWXcFRQvbdyP1ms53w6eOgTMcBrKYNSIBodKZ40KYh9tk
	gYCZC4sNV0ysxeydxuxckTA1if2BdYl5Di3g4jd3xRvZad89CJJyAnQnj4sNCVt4z/JtWp
	3rwNAhvnLjjIYEyJfJZUArvtTwW4Z8PKWaGsUAAeRQFzsfb2qdIse18SNcTKo7eDxdMYSx
	Zq9XtsC7V7JozZR0kF9V33ljZzcQs86m/CkhJMBHTSG9ENWajBZCjdwjZKBXfA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743473039;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=ppjXOwAdxA7UnlVmly/TWr6KzXjelYQPQIZ+qaZ5TO0=;
	b=ubwhG49rEh4Lzr1StN9T1eblPrSjKparI05UvxWVQqnX3SDHBMjNDA2u+fue8DGNl3KPAf
	0A2eLDbXHXMdvAH0CM2yjUORn/qMcG8f6JeLDOn0nhgHFCe34sfqPF5dUMT3ukNy06Rs5y
	wNplBklS3NE8gMamcNEvmS4UerwOIectuSjfb3tNUl5pmuaZrkHYVKwECj2Ce/hQraO/8P
	2uY3L8yxpGQeQqxNcLKIcMl3i14Nc8aXX5dOqXIeEP/3XHlpvRai44XloUxnuvzpWSzyQ9
	hSMta/LttSTowBK3F2ozJvTJQyO5SPnQ4HJPulXMFsAX43lbme1nIjrLpuZbQw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRWWg0gsnz19fj;
	Tue, 01 Apr 2025 02:03:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 53123xKE094989;
	Tue, 1 Apr 2025 02:03:59 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 53123x15094986;
	Tue, 1 Apr 2025 02:03:59 GMT
	(envelope-from git)
Date: Tue, 1 Apr 2025 02:03:59 GMT
Message-Id: <202504010203.53123x15094986@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Enji Cooper <ngie@FreeBSD.org>
Subject: git: 39775a21add6 - stable/14 - tests/netlink: mark a test
  that requires tun(4)
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ngie
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 39775a21add6b7cbb4b28dd30eb44cb577f10964
Auto-Submitted: auto-generated

The branch stable/14 has been updated by ngie:

URL: https://cgit.FreeBSD.org/src/commit/?id=39775a21add6b7cbb4b28dd30eb44cb577f10964

commit 39775a21add6b7cbb4b28dd30eb44cb577f10964
Author:     Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2024-01-11 04:51:53 +0000
Commit:     Enji Cooper <ngie@FreeBSD.org>
CommitDate: 2025-04-01 02:02:20 +0000

    tests/netlink: mark a test that requires tun(4)
    
    (cherry picked from commit effa0f6c0aad54a07917af6986d71cd0a57223b8)
---
 tests/sys/netlink/test_rtnl_route.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/sys/netlink/test_rtnl_route.py b/tests/sys/netlink/test_rtnl_route.py
index 20f2c3ce3ee2..370c8a74a2de 100644
--- a/tests/sys/netlink/test_rtnl_route.py
+++ b/tests/sys/netlink/test_rtnl_route.py
@@ -48,6 +48,7 @@ class TestRtNlRoute(NetlinkTestTemplate, SingleVnetTestTemplate):
 
     @pytest.mark.timeout(5)
     def test_add_route6_ll_if_gw(self):
+        self.require_module("if_tun")
         tun_ifname = IfaceFactory().create_iface("", "tun")[0].name
         tun_ifindex = socket.if_nametoindex(tun_ifname)
 
@@ -68,6 +69,7 @@ class TestRtNlRoute(NetlinkTestTemplate, SingleVnetTestTemplate):
 
     @pytest.mark.timeout(5)
     def test_add_route4_ll_if_gw(self):
+        self.require_module("if_tun")
         tun_ifname = IfaceFactory().create_iface("", "tun")[0].name
         tun_ifindex = socket.if_nametoindex(tun_ifname)
 

From nobody Tue Apr  1 02:39:34 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRXJl2Rnzz5rl8g;
	Tue, 01 Apr 2025 02:39:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRXJl1N4Kz3wVX;
	Tue, 01 Apr 2025 02:39:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743475175;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=ogGOTyFanSMCRe/X8bxmqS13slHfPPSjQ1lpONagByI=;
	b=oknv+76oxLI4r3xQSA2efxg84kES62jqOp525DFmvOfV8c+HkOxAkyOrznJIZ071Ns2WbF
	xehQAqnrVwsfzlpKNKFBg7TBhLnHb5X6Z0ycTDt+rE4JjmnVXYc+/QhmmiYgViyIaFPi81
	1wvsFL7swowRpUfmNwOvHJV5NCapWA3Be4WbF58lOzyK2dKKg60L38SWbYw/igJKG9XLl+
	2t5WHwvkIo0xBe3a1SVDaLS79qQlVpyWqux5HFXAYVd60Zn95yUhRGoQfvyEWoahaaM0qG
	FE444uadu/Kf5HUbmLLZIc6X/wvaoMQPCpzUWdV+dHMbLOdzPSjFL2cGtKLipw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743475175; a=rsa-sha256; cv=none;
	b=kiBOwtFh9jYLCfc0N9gmUKop23spM3tlU5tMMu6j1Fn90QlfMuwik1zdcD3cgdcbUt4vbW
	08tbqcbKM4bJTrmKHgJ9el8VurK+Iloi86OyYnAB1QlCASFNWGFADfIFSHQtdmzmStfR5s
	/h4dFqYHszKTONWn32EB0Ky3GLGfTkDUK49j+l5Lp6XiNODCGvq5ZUFP+p0wYHa9S0fwco
	BNicGEqtcy80hJg4BthiAs+ESdqVesDmPdUcyIjkVrDIW2aOyyrdI5d2e39RtdNQX18Xwz
	LTLo9j61iuqMxh1xpshxus2Auuk1nIJS7HQFDpLs2aljPm5jmtZ1NbVf92zW9g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743475175;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=ogGOTyFanSMCRe/X8bxmqS13slHfPPSjQ1lpONagByI=;
	b=LnkcUoskNcP/ozZAmo7vuV5BfJBP9yC119Z9ez7xsKSBDJ9P2FWKkjfjHAE1FwPET4XlHQ
	u7l/ieS84RTFvvIFnmYMrPk6OmbHK4HAI81P3Ke7ooY1H/w4WITzRZI6Jeh0ctYiHHxX0E
	fLWQ6Qu/jPSTaaV5PckvxK5w5MYWejuV+T4NjeQLSWOTWFooOBbmfGuDt8XgLRK9wZ7IpR
	iG7DZeEC16IhSHnXNyvUzTDTW0ZFnpJ0IGk/bQM61KbhutXRGhkz1/6vFfn+2EBHSIX62V
	VzNiBZXRlnkX0AQ5+P2WpWLeKz+Nc15zsoor34u0AASzhZSdW0jfrRtJla9pEg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRXJl0fLZz1B9v;
	Tue, 01 Apr 2025 02:39:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5312dYad052456;
	Tue, 1 Apr 2025 02:39:34 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5312dYw6052453;
	Tue, 1 Apr 2025 02:39:34 GMT
	(envelope-from git)
Date: Tue, 1 Apr 2025 02:39:34 GMT
Message-Id: <202504010239.5312dYw6052453@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Enji Cooper <ngie@FreeBSD.org>
Subject: git: b84a505d2eae - stable/13 - m4 tests: Update tests
  after $FreeBSD$ removal
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ngie
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: b84a505d2eaea45a873f7a9778e73443ad0c65bb
Auto-Submitted: auto-generated

The branch stable/13 has been updated by ngie:

URL: https://cgit.FreeBSD.org/src/commit/?id=b84a505d2eaea45a873f7a9778e73443ad0c65bb

commit b84a505d2eaea45a873f7a9778e73443ad0c65bb
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-08-23 19:43:33 +0000
Commit:     Enji Cooper <ngie@FreeBSD.org>
CommitDate: 2025-04-01 02:39:18 +0000

    m4 tests: Update tests after $FreeBSD$ removal
    
    Fixes:  d54a7d337331 ("Remove $FreeBSD$: one-line m4 tag")
    (cherry picked from commit d5b5497e10fd11dfea350d229406fa63fd0ea70f)
---
 usr.bin/m4/tests/regress.gnusofterror.out | 2 +-
 usr.bin/m4/tests/regress.quotes.out       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/usr.bin/m4/tests/regress.gnusofterror.out b/usr.bin/m4/tests/regress.gnusofterror.out
index 322fa4c409fe..5c23eb237b6c 100644
--- a/usr.bin/m4/tests/regress.gnusofterror.out
+++ b/usr.bin/m4/tests/regress.gnusofterror.out
@@ -1,2 +1,2 @@
-m4: gnusofterror.m4 at line 3: include(hey I do not exit): No such file or directory
+m4: gnusofterror.m4 at line 2: include(hey I do not exit): No such file or directory
 abc
diff --git a/usr.bin/m4/tests/regress.quotes.out b/usr.bin/m4/tests/regress.quotes.out
index fe5b8a4b45be..cf34ba42a8d0 100644
--- a/usr.bin/m4/tests/regress.quotes.out
+++ b/usr.bin/m4/tests/regress.quotes.out
@@ -1,5 +1,5 @@
 m4: unclosed quote:
-   quotes.m4 at line 55
+   quotes.m4 at line 54
 1: normal
 quoted string
 [quoted STRING]

From nobody Tue Apr  1 05:31:03 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRc6c22q6z5ry4n;
	Tue, 01 Apr 2025 05:31:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRc6b6yWKz422P;
	Tue, 01 Apr 2025 05:31:03 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743485463;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=qpIZSNbcV638juhlijuio7VzQGTLSgGI2e7j2vqDwQI=;
	b=KlAf5xWZMbrT+NNX0MooJ4QGjbif4wg5N4ZBP3jAKQdvBh3eveiCYyffnlTPP+9Zes4WZv
	O40HgGx3yb/+FYpYXiLzMc+cxzWoS5ZhhWlcECyWp0YSW45Cb+AiDWwswpZNMkliPgGIax
	hltxEYXsL+qXYOYno9Cl1RjdA/w8TBr7WcBBWWsU3zw4GGj0DDV6PbGsyJeisdqYyzjQIV
	mVcvuyzLLjFDo546K1R0+b4GdSEOCpxnYOED9xGvXsD52WFl6o2cW22FBhGzBx/p3QqSw2
	Ku0UMzjgbaKZySBIYUX1GgAl9umxtlCpCSYX/BVkuyw1P4r2dKSeK8FFUYxKyQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743485463; a=rsa-sha256; cv=none;
	b=MvQHxXlPLYEmChUII8NxgnS+aUdrmAEAExGRttLVJ5745cxptOKyKIHAhQfNaaLWl+88Q/
	evSPZ7HS0IwaAfHGM40dj52971VU2bdeF+pc6HeMdKc/PrbaZ2ZBKPIake4FTh6QlXJKMx
	Tnk7+FnmsyAiB6RMn0J+ULnTONG/vkN3KVAxVksZ6eh+BqSxNqa2c9FjlhDvZd3e6u51w4
	HKYFJmJCV12TnfmUwp9SGiDwHxVykihihSPKHPLMvuK3H8aP5zcV6zD7NV9lwp0SQDqV59
	ah3391gV/ma1uD/JzxVn4X2PDOUhmG83Hk5XofoQHA8FhACkT3IiaIFn5hFfSA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743485463;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=qpIZSNbcV638juhlijuio7VzQGTLSgGI2e7j2vqDwQI=;
	b=nRl7h8PSnHhESJ5OeUacqV4gFvrnvcERr/z2HHv5otSj1xUkG9j4bAPyQohxfPuun/In4x
	PMl97LT0QROBfPLQ/GZha8p22Hl3VEPAIG7CMdPaavEH4IFN+nT+qEPWKjUlowmOP2qiVQ
	E7WcdG6V0/8wkO+AScvZnXepWcBAq2yKYQ/7C2sPaawVny1AiHqAil1PW0TVV0PmunvgAP
	3zP2EmSTJE2uXy/OnNeee+VPUCYnOM6+r6ZXbPmafjYCElqKxJeKQo3a57EpX19BvHvkCn
	V9L39qBLjxno/Xu6LQDbFlp3QSspy8WUBwF/CfGVswuO3OZHQONd/5dv7fcTQQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRc6b6LRvz30v;
	Tue, 01 Apr 2025 05:31:03 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5315V3fU084676;
	Tue, 1 Apr 2025 05:31:03 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5315V3Pa084673;
	Tue, 1 Apr 2025 05:31:03 GMT
	(envelope-from git)
Date: Tue, 1 Apr 2025 05:31:03 GMT
Message-Id: <202504010531.5315V3Pa084673@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Enji Cooper <ngie@FreeBSD.org>
Subject: git: 4b98fe9def2d - stable/13 - Fix GoogleTest 1.14.0
  import
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ngie
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 4b98fe9def2d182c45bc86fc6716c47e957902c3
Auto-Submitted: auto-generated

The branch stable/13 has been updated by ngie:

URL: https://cgit.FreeBSD.org/src/commit/?id=4b98fe9def2d182c45bc86fc6716c47e957902c3

commit 4b98fe9def2d182c45bc86fc6716c47e957902c3
Author:     Enji Cooper <ngie@FreeBSD.org>
AuthorDate: 2023-08-18 11:28:13 +0000
Commit:     Enji Cooper <ngie@FreeBSD.org>
CommitDate: 2025-04-01 05:30:20 +0000

    Fix GoogleTest 1.14.0 import
    
    - Prune headers and tests no longer installed after the upgrade.
    - Remove GoogleTest-related files when MK_GOOGLETEST == no.
    - Disable `-Werror` with gcc to unbreak the gcc12 CI run with
      `lib/googletest`. Any issues found by g++ will be filed
      upstream and hopefully resolved in a future version.
    - Remove clang -Werror issues which are resolved in version 1.14.0 to
      avoid masking valid issues.
    
    Conflicts:
            ObsoleteFiles.inc
            tools/build/mk/OptionalObsoleteFiles.inc
    
    MFC after:      1 week
    MFC with:       28f6c2f292806bf31230a959bc4b19d7081669a7
    
    (cherry picked from commit 0c785f06020f3b02e34c97eb27fecd3af8eb2a7b)
---
 ObsoleteFiles.inc                        |  16 ++++
 lib/googletest/tests/gmock_main/Makefile |   1 +
 lib/googletest/tests/gtest/Makefile      |   1 +
 lib/googletest/tests/gtest_main/Makefile |   1 +
 share/mk/googletest.test.inc.mk          |  11 ---
 tools/build/mk/OptionalObsoleteFiles.inc | 157 ++++++++++++++++---------------
 6 files changed, 98 insertions(+), 89 deletions(-)

diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc
index eca0397d899a..7d17e95aca27 100644
--- a/ObsoleteFiles.inc
+++ b/ObsoleteFiles.inc
@@ -1419,6 +1419,22 @@ OLD_FILES+=usr/share/certs/trusted/E-Tugra_Global_Root_CA_ECC_v3.pem
 OLD_FILES+=usr/share/certs/trusted/E-Tugra_Global_Root_CA_RSA_v3.pem
 OLD_FILES+=usr/share/certs/trusted/Hongkong_Post_Root_CA_1.pem
 
+# 20230807: GoogleTest 1.14.0 upgrade.
+OLD_FILES+=usr/include/private/gmock/gmock-generated-actions.h
+OLD_FILES+=usr/include/private/gmock/gmock-generated-function-mockers.h
+OLD_FILES+=usr/include/private/gmock/gmock-generated-matchers.h
+OLD_FILES+=usr/include/private/gmock/gmock-generated-nice-strict.h
+OLD_FILES+=usr/include/private/gmock/internal/gmock-generated-internal-utils.h
+OLD_FILES+=usr/include/private/gtest/internal/gtest-linked_ptr.h
+OLD_FILES+=usr/include/private/gtest/internal/gtest-param-util-generated.h
+OLD_FILES+=usr/include/private/gtest/internal/gtest-tuple.h
+OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-generated-actions_test
+OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-generated-function-mockers_test
+OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-generated-internal-utils_test
+OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-generated-matchers_test
+OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-matchers_test
+OLD_FILES+=usr/tests/lib/googletest/gtest_main/googletest-linked-ptr-test
+
 # 20230806: Removal of support for the VTOC8 partitioning scheme
 OLD_FILES+=usr/include/sys/disk/vtoc.h
 OLD_FILES+=usr/include/sys/vtoc.h
diff --git a/lib/googletest/tests/gmock_main/Makefile b/lib/googletest/tests/gmock_main/Makefile
index 737c64b653a4..7523b585ac2c 100644
--- a/lib/googletest/tests/gmock_main/Makefile
+++ b/lib/googletest/tests/gmock_main/Makefile
@@ -34,5 +34,6 @@ CXXFLAGS.clang+=	-Wno-error=inconsistent-missing-override
 CXXFLAGS.clang+=	-Wno-error=missing-variable-declarations
 CXXFLAGS.clang+=	-Wno-error=sign-compare
 CXXFLAGS.clang+=	-Wno-error=unused-parameter
+MK_WERROR.gcc=		no
 
 .include <bsd.test.mk>
diff --git a/lib/googletest/tests/gtest/Makefile b/lib/googletest/tests/gtest/Makefile
index e95101738322..0000167dfe70 100644
--- a/lib/googletest/tests/gtest/Makefile
+++ b/lib/googletest/tests/gtest/Makefile
@@ -36,6 +36,7 @@ SRCS.googletest-param-test-test=       \
 LIBADD+=	gtest
 
 CXXFLAGS.clang+=	-Wno-error=missing-variable-declarations
+MK_WERROR.gcc=		no
 
 # XXX: explicitly listing -lpthread is incorrect. src.libnames.mk should be
 #      handling this.
diff --git a/lib/googletest/tests/gtest_main/Makefile b/lib/googletest/tests/gtest_main/Makefile
index 49831d7513af..3124042f8b95 100644
--- a/lib/googletest/tests/gtest_main/Makefile
+++ b/lib/googletest/tests/gtest_main/Makefile
@@ -38,5 +38,6 @@ LIBADD.gtest_unittest+=		pthread
 
 CXXFLAGS.clang+=	-Wno-error=missing-variable-declarations
 CXXFLAGS.clang+=	-Wno-error=unused-but-set-variable
+MK_WERROR.gcc=		no
 
 .include <bsd.test.mk>
diff --git a/share/mk/googletest.test.inc.mk b/share/mk/googletest.test.inc.mk
index 2034e12eaf30..05415775448b 100644
--- a/share/mk/googletest.test.inc.mk
+++ b/share/mk/googletest.test.inc.mk
@@ -1,4 +1,3 @@
-
 GTESTS_CXXFLAGS+= -DGTEST_HAS_POSIX_RE=1
 GTESTS_CXXFLAGS+= -DGTEST_HAS_PTHREAD=1
 GTESTS_CXXFLAGS+= -DGTEST_HAS_STREAM_REDIRECTION=1
@@ -6,16 +5,6 @@ GTESTS_CXXFLAGS+= -frtti
 
 .include <bsd.compiler.mk>
 
-.if ${COMPILER_TYPE} == "clang" && ${COMPILER_VERSION} >= 100000
-# Required until googletest is upgraded to a more recent version (after
-# upstream commit efecb0bfa687cf87836494f5d62868485c00fb66).
-GTESTS_CXXFLAGS+= -Wno-deprecated-copy
-
-# Required until googletest is upgraded to a more recent version (after
-# upstream commit d44b137fd104dfffdcdea103f7de11b9eccc45c2).
-GTESTS_CXXFLAGS+= -Wno-signed-unsigned-wchar
-.endif
-
 # XXX: src.libnames.mk should handle adding this directory for libgtest's,
 # libgmock's, etc, headers.
 CXXFLAGS+=	-I${DESTDIR}${INCLUDEDIR}/private
diff --git a/tools/build/mk/OptionalObsoleteFiles.inc b/tools/build/mk/OptionalObsoleteFiles.inc
index be2c26296828..a9436af31b77 100644
--- a/tools/build/mk/OptionalObsoleteFiles.inc
+++ b/tools/build/mk/OptionalObsoleteFiles.inc
@@ -2215,88 +2215,82 @@ OLD_FILES+=usr/share/man/man1/llvm-profdata.1.gz
 .endif
 
 .if ${MK_GOOGLETEST} == no
-OLD_FILES+=usr/include/gmock/gmock-actions.h
-OLD_FILES+=usr/include/gmock/gmock-cardinalities.h
-OLD_FILES+=usr/include/gmock/gmock-generated-actions.h
-OLD_FILES+=usr/include/gmock/gmock-generated-function-mockers.h
-OLD_FILES+=usr/include/gmock/gmock-generated-matchers.h
-OLD_FILES+=usr/include/gmock/gmock-generated-nice-strict.h
-OLD_FILES+=usr/include/gmock/gmock-matchers.h
-OLD_FILES+=usr/include/gmock/gmock-more-actions.h
-OLD_FILES+=usr/include/gmock/gmock-more-matchers.h
-OLD_FILES+=usr/include/gmock/gmock-spec-builders.h
-OLD_FILES+=usr/include/gmock/gmock.h
-OLD_FILES+=usr/include/gmock/internal/custom/gmock-generated-actions.h
-OLD_FILES+=usr/include/gmock/internal/custom/gmock-matchers.h
-OLD_FILES+=usr/include/gmock/internal/custom/gmock-port.h
-OLD_FILES+=usr/include/gmock/internal/gmock-generated-internal-utils.h
-OLD_FILES+=usr/include/gmock/internal/gmock-internal-utils.h
-OLD_FILES+=usr/include/gmock/internal/gmock-port.h
-OLD_DIRS+=usr/include/gmock
-OLD_FILES+=usr/include/gtest/gtest_pred_impl.h
-OLD_FILES+=usr/include/gtest/gtest_prod.h
-OLD_FILES+=usr/include/gtest/gtest-death-test.h
-OLD_FILES+=usr/include/gtest/gtest-message.h
-OLD_FILES+=usr/include/gtest/gtest-param-test.h
-OLD_FILES+=usr/include/gtest/gtest-printers.h
-OLD_FILES+=usr/include/gtest/gtest-spi.h
-OLD_FILES+=usr/include/gtest/gtest-test-part.h
-OLD_FILES+=usr/include/gtest/gtest-typed-test.h
-OLD_FILES+=usr/include/gtest/gtest.h
-OLD_FILES+=usr/include/gtest/internal/custom/gtest-port.h
-OLD_FILES+=usr/include/gtest/internal/custom/gtest-printers.h
-OLD_FILES+=usr/include/gtest/internal/custom/gtest.h
-OLD_FILES+=usr/include/gtest/internal/gtest-death-test-internal.h
-OLD_FILES+=usr/include/gtest/internal/gtest-filepath.h
-OLD_FILES+=usr/include/gtest/internal/gtest-internal.h
-OLD_FILES+=usr/include/gtest/internal/gtest-linked_ptr.h
-OLD_FILES+=usr/include/gtest/internal/gtest-param-util-generated.h
-OLD_FILES+=usr/include/gtest/internal/gtest-param-util.h
-OLD_FILES+=usr/include/gtest/internal/gtest-port-arch.h
-OLD_FILES+=usr/include/gtest/internal/gtest-port.h
-OLD_FILES+=usr/include/gtest/internal/gtest-string.h
-OLD_FILES+=usr/include/gtest/internal/gtest-tuple.h
-OLD_FILES+=usr/include/gtest/internal/gtest-type-util.h
-OLD_DIRS+=usr/include/gtest
-OLD_FILES+=usr/lib/libprivategmock_main.a
-OLD_FILES+=usr/lib/libprivategmock_main.so
-OLD_LIBS+=usr/lib/libprivategmock_main.so.0
-OLD_FILES+=usr/lib/libprivategmock_main_p.a
+OLD_FILES+=usr/include/private/gmock/gmock-actions.h
+OLD_FILES+=usr/include/private/gmock/gmock-cardinalities.h
+OLD_FILES+=usr/include/private/gmock/gmock-function-mocker.h
+OLD_FILES+=usr/include/private/gmock/gmock-matchers.h
+OLD_FILES+=usr/include/private/gmock/gmock-more-actions.h
+OLD_FILES+=usr/include/private/gmock/gmock-more-matchers.h
+OLD_FILES+=usr/include/private/gmock/gmock-nice-strict.h
+OLD_FILES+=usr/include/private/gmock/gmock-spec-builders.h
+OLD_FILES+=usr/include/private/gmock/gmock.h
+OLD_FILES+=usr/include/private/gmock/internal/custom/gmock-generated-actions.h
+OLD_FILES+=usr/include/private/gmock/internal/custom/gmock-matchers.h
+OLD_FILES+=usr/include/private/gmock/internal/custom/gmock-port.h
+OLD_FILES+=usr/include/private/gmock/internal/gmock-internal-utils.h
+OLD_FILES+=usr/include/private/gmock/internal/gmock-port.h
+OLD_FILES+=usr/include/private/gmock/internal/gmock-pp.h
+OLD_FILES+=usr/include/private/gtest/gtest-assertion-result.h
+OLD_FILES+=usr/include/private/gtest/gtest-death-test.h
+OLD_FILES+=usr/include/private/gtest/gtest-matchers.h
+OLD_FILES+=usr/include/private/gtest/gtest-message.h
+OLD_FILES+=usr/include/private/gtest/gtest-param-test.h
+OLD_FILES+=usr/include/private/gtest/gtest-printers.h
+OLD_FILES+=usr/include/private/gtest/gtest-spi.h
+OLD_FILES+=usr/include/private/gtest/gtest-test-part.h
+OLD_FILES+=usr/include/private/gtest/gtest-typed-test.h
+OLD_FILES+=usr/include/private/gtest/gtest.h
+OLD_FILES+=usr/include/private/gtest/gtest_pred_impl.h
+OLD_FILES+=usr/include/private/gtest/gtest_prod.h
+OLD_FILES+=usr/include/private/gtest/internal/custom/gtest-port.h
+OLD_FILES+=usr/include/private/gtest/internal/custom/gtest-printers.h
+OLD_FILES+=usr/include/private/gtest/internal/custom/gtest.h
+OLD_FILES+=usr/include/private/gtest/internal/gtest-death-test-internal.h
+OLD_FILES+=usr/include/private/gtest/internal/gtest-filepath.h
+OLD_FILES+=usr/include/private/gtest/internal/gtest-internal.h
+OLD_FILES+=usr/include/private/gtest/internal/gtest-param-util.h
+OLD_FILES+=usr/include/private/gtest/internal/gtest-port-arch.h
+OLD_FILES+=usr/include/private/gtest/internal/gtest-port.h
+OLD_FILES+=usr/include/private/gtest/internal/gtest-string.h
+OLD_FILES+=usr/include/private/gtest/internal/gtest-type-util.h
 OLD_FILES+=usr/lib/libprivategmock.a
-OLD_FILES+=usr/lib/libprivategmock.so
-OLD_LIBS+=usr/lib/libprivategmock.so.0
 OLD_FILES+=usr/lib/libprivategmock_p.a
-OLD_FILES+=usr/lib/libprivategtest_main.a
-OLD_FILES+=usr/lib/libprivategtest_main.so
-OLD_LIBS+=usr/lib/libprivategtest_main.so.0
-OLD_FILES+=usr/lib/libprivategtest_main_p.a
+OLD_LIBS+=usr/lib/libprivategmock.so
+OLD_LIBS+=usr/lib/libprivategmock.so.0
+OLD_FILES+=usr/lib/libprivategmock_main.a
+OLD_FILES+=usr/lib/libprivategmock_main_p.a
+OLD_LIBS+=usr/lib/libprivategmock_main.so
+OLD_LIBS+=usr/lib/libprivategmock_main.so.0
 OLD_FILES+=usr/lib/libprivategtest.a
-OLD_FILES+=usr/lib/libprivategtest.so
-OLD_LIBS+=usr/lib/libprivategtest.so.0
 OLD_FILES+=usr/lib/libprivategtest_p.a
-OLD_FILES+=usr/tests/lib/googletest/gmock/gmock_stress_test
+OLD_LIBS+=usr/lib/libprivategtest.so
+OLD_LIBS+=usr/lib/libprivategtest.so.0
+OLD_FILES+=usr/lib/libprivategtest_main.a
+OLD_FILES+=usr/lib/libprivategtest_main_p.a
+OLD_LIBS+=usr/lib/libprivategtest_main.so
+OLD_LIBS+=usr/lib/libprivategtest_main.so.0
+OLD_FILES+=usr/tests/lib/googletest/Kyuafile
 OLD_FILES+=usr/tests/lib/googletest/gmock/Kyuafile
-OLD_DIRS+=usr/tests/lib/googletest/gmock
-OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock_ex_test
-OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock_link_test
-OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock_test
+OLD_FILES+=usr/tests/lib/googletest/gmock/gmock_stress_test
+OLD_FILES+=usr/tests/lib/googletest/gmock_main/Kyuafile
 OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-actions_test
 OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-cardinalities_test
-OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-ex_test
-OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-generated-actions_test
-OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-generated-function-mockers_test
-OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-generated-internal-utils_test
-OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-generated-matchers_test
+OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-function-mocker_test
 OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-internal-utils_test
-OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-matchers_test
+OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-matchers-arithmetic_test
+OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-matchers-comparisons_test
+OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-matchers-containers_test
+OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-matchers-misc_test
 OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-more-actions_test
 OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-nice-strict_test
 OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-port_test
 OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock-spec-builders_test
-OLD_FILES+=usr/tests/lib/googletest/gmock_main/Kyuafile
-OLD_DIRS+=usr/tests/lib/googletest/gmock_main
+OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock_ex_test
+OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock_link_test
+OLD_FILES+=usr/tests/lib/googletest/gmock_main/gmock_test
+OLD_FILES+=usr/tests/lib/googletest/gtest/Kyuafile
 OLD_FILES+=usr/tests/lib/googletest/gtest/googletest-param-test-test
-OLD_FILES+=usr/tests/lib/googletest/gtest/gtest_all_test
+OLD_FILES+=usr/tests/lib/googletest/gtest/gtest-unittest-api_test
 OLD_FILES+=usr/tests/lib/googletest/gtest/gtest_environment_test
 OLD_FILES+=usr/tests/lib/googletest/gtest/gtest_no_test_unittest
 OLD_FILES+=usr/tests/lib/googletest/gtest/gtest_premature_exit_test
@@ -2308,9 +2302,9 @@ OLD_FILES+=usr/tests/lib/googletest/gtest/gtest-death-test_ex_nocatch_test
 OLD_FILES+=usr/tests/lib/googletest/gtest/gtest-unittest-api_test
 OLD_FILES+=usr/tests/lib/googletest/gtest/Kyuafile
 OLD_DIRS+=usr/tests/lib/googletest/gtest
+OLD_FILES+=usr/tests/lib/googletest/gtest_main/Kyuafile
 OLD_FILES+=usr/tests/lib/googletest/gtest_main/googletest-death-test-test
 OLD_FILES+=usr/tests/lib/googletest/gtest_main/googletest-filepath-test
-OLD_FILES+=usr/tests/lib/googletest/gtest_main/googletest-linked-ptr-test
 OLD_FILES+=usr/tests/lib/googletest/gtest_main/googletest-listener-test
 OLD_FILES+=usr/tests/lib/googletest/gtest_main/googletest-message-test
 OLD_FILES+=usr/tests/lib/googletest/gtest_main/googletest-options-test
@@ -2318,21 +2312,17 @@ OLD_FILES+=usr/tests/lib/googletest/gtest_main/googletest-port-test
 OLD_FILES+=usr/tests/lib/googletest/gtest_main/googletest-printers-test
 OLD_FILES+=usr/tests/lib/googletest/gtest_main/googletest-test-part-test
 OLD_FILES+=usr/tests/lib/googletest/gtest_main/gtest_help_test_
+OLD_FILES+=usr/tests/lib/googletest/gtest_main/gtest-typed-test_test
 OLD_FILES+=usr/tests/lib/googletest/gtest_main/gtest_main_unittest
 OLD_FILES+=usr/tests/lib/googletest/gtest_main/gtest_pred_impl_unittest
 OLD_FILES+=usr/tests/lib/googletest/gtest_main/gtest_prod_test
+OLD_FILES+=usr/tests/lib/googletest/gtest_main/gtest_skip_in_environment_setup_test
+OLD_FILES+=usr/tests/lib/googletest/gtest_main/gtest_skip_test
 OLD_FILES+=usr/tests/lib/googletest/gtest_main/gtest_sole_header_test
 OLD_FILES+=usr/tests/lib/googletest/gtest_main/gtest_unittest
-OLD_FILES+=usr/tests/lib/googletest/gtest_main/gtest_xml_outfile1_test_
-OLD_FILES+=usr/tests/lib/googletest/gtest_main/gtest_xml_outfile2_test_
-OLD_FILES+=usr/tests/lib/googletest/gtest_main/gtest-typed-test_test
-OLD_FILES+=usr/tests/lib/googletest/gtest_main/Kyuafile
-OLD_DIRS+=usr/tests/lib/googletest/gtest_main
-OLD_FILES+=usr/tests/lib/googletest/Kyuafile
-OLD_DIRS+=usr/tests/lib/googletest/
 OLD_FILES+=usr/tests/share/examples/tests/googletest/Kyuafile
-OLD_FILES+=usr/tests/share/examples/tests/googletest/sample1_unittest
 OLD_FILES+=usr/tests/share/examples/tests/googletest/sample10_unittest
+OLD_FILES+=usr/tests/share/examples/tests/googletest/sample1_unittest
 OLD_FILES+=usr/tests/share/examples/tests/googletest/sample2_unittest
 OLD_FILES+=usr/tests/share/examples/tests/googletest/sample3_unittest
 OLD_FILES+=usr/tests/share/examples/tests/googletest/sample4_unittest
@@ -2340,6 +2330,17 @@ OLD_FILES+=usr/tests/share/examples/tests/googletest/sample5_unittest
 OLD_FILES+=usr/tests/share/examples/tests/googletest/sample6_unittest
 OLD_FILES+=usr/tests/share/examples/tests/googletest/sample7_unittest
 OLD_FILES+=usr/tests/share/examples/tests/googletest/sample8_unittest
+OLD_DIRS+=usr/include/private/gmock/
+OLD_DIRS+=usr/include/private/gmock/internal
+OLD_DIRS+=usr/include/private/gmock/internal/custom
+OLD_DIRS+=usr/include/private/gtest/
+OLD_DIRS+=usr/include/private/gtest/internal
+OLD_DIRS+=usr/include/private/gtest/internal/custom
+OLD_DIRS+=usr/tests/lib/googletest
+OLD_DIRS+=usr/tests/lib/googletest/gmock
+OLD_DIRS+=usr/tests/lib/googletest/gmock_main
+OLD_DIRS+=usr/tests/lib/googletest/gtest
+OLD_DIRS+=usr/tests/lib/googletest/gtest_main
 OLD_DIRS+=usr/tests/share/examples/tests/googletest
 .endif
 

From nobody Tue Apr  1 12:32:02 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRnSM3L7zz5rSPr;
	Tue, 01 Apr 2025 12:32:03 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRnSL6hy3z4Kn5;
	Tue, 01 Apr 2025 12:32:02 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743510722;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=utZ1Hw0mnO/aB7yOvjC9G73Ffoc64rcRvIjYZZo1jeo=;
	b=FuHbBs4UGsDwhYvMYsfg3eVG70cB02tnm7pWU1+mfH/GC/TsZaf72t5aZh/sCBRU5Y/yPP
	5pXdz7J6ImZqqFqSxwq4OHuwbvpfs161lP2Fi8v73fuC+fTvxLfoY8xvbGnvtT54ZXbqXe
	RQGow+YJBbdlWFEE9kUue9huyqxe2LyctO70MzTI1VueITTRs3rEYZcedyyVigj7uKkby6
	G4ciyxw4aZjDv/cmw6zw23LFqjaETnSr0zrmNpsztNYgNEZuRzjttmoy3jiKRNh55Id3kG
	YYzkjvVKErymYd6wR44+PwrQmtWnm7f+ItSGNXiQZ4+nZJPGPOpWVMG5UecB1Q==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743510722; a=rsa-sha256; cv=none;
	b=eKVwuoX0w1Eyw1kCs0EvTaz0bhwzLZvMpW5tN8vMwMksJM0Uhoe2oZcXVOIL4jSYJkq3qD
	ltg8l0pONd8BLRDtY5CTrADXeJ0rOQAr1/TQUpuaCxcKIMOLBQJurwWmNid+/eUhph0Y6r
	+7d+jjhW7fGf3MQ3KkL3Fx7S8Q6VAe9rw7kSCSC/KQSG1rPg3XyOm3P7XfvZGjImkhRRbo
	KhT1++FXiYRt/P+reB4wwR4FfV7lHPW/P277USNr5BaiGVKOp94ULKicZie8bYcKkuF4Kq
	MMX9lmK9CBLE7f5mjB2tkRVMbea5w9cuYuW2O1h6+v20mmPmXrEZ7lRt90FhpA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743510722;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=utZ1Hw0mnO/aB7yOvjC9G73Ffoc64rcRvIjYZZo1jeo=;
	b=sH07ZE98AaFtu4sU6R8rfU0NQOyf/UwnmfaXR5Lw6gd3ISrAWXtjP/lAJ1o+i9+9HU/VEE
	bmPrwJzG/tVfPTcqaoMMPwx+npYWLo1Nioag0lPdhdLG+tMEakC+pKOuvjgbwU8QZ0JlT4
	BjSzfmpKvAiD54fezYrQHJCUZWAqJsZBRDmTWaAEGmgjr82WJw2c6iE9uaCl+B31/ze7xh
	Bcv5Dj7fhW1YcygYZ8NDIYEWafxflcAbgseeUsDO6WdnMpVVnT7ofDait2O0WbVZyciHLG
	v1lHHVsxSaKpUxGqGRTOJdAWN3Fjt+501AxdOJAW4xZlzgdY7PJkdo4IUyFEzQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRnSL534lzX1v;
	Tue, 01 Apr 2025 12:32:02 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 531CW2Xd069704;
	Tue, 1 Apr 2025 12:32:02 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 531CW2Sk069701;
	Tue, 1 Apr 2025 12:32:02 GMT
	(envelope-from git)
Date: Tue, 1 Apr 2025 12:32:02 GMT
Message-Id: <202504011232.531CW2Sk069701@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Baptiste Daroussin <bapt@FreeBSD.org>
Subject: git: 9157372d3e57 - stable/14 - devd: raise the maximum
  allowed client to 50
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: bapt
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 9157372d3e579c4f0f47f6d0507e0b7a7b57ae82
Auto-Submitted: auto-generated

The branch stable/14 has been updated by bapt:

URL: https://cgit.FreeBSD.org/src/commit/?id=9157372d3e579c4f0f47f6d0507e0b7a7b57ae82

commit 9157372d3e579c4f0f47f6d0507e0b7a7b57ae82
Author:     Baptiste Daroussin <bapt@FreeBSD.org>
AuthorDate: 2025-03-20 08:53:16 +0000
Commit:     Baptiste Daroussin <bapt@FreeBSD.org>
CommitDate: 2025-04-01 12:31:59 +0000

    devd: raise the maximum allowed client to 50
    
    since the creation of libudev-devd, but also with powerd, recent libusb
    changes etc. 10 client is not enough anymore to cover the desktop needs
    
    and end users often ends up with:
    sonewconn: pcb 0xfffff8004dd43780 (local:/var/run/devd.seqpacket.pipe)...
    
    raise the maximum allowed client to 50, which should be enough to cover
    user requirements.
    
    MFC After:      1 week
    
    (cherry picked from commit 5682eee1efd35fb65751641181ae2a50d86efaab)
---
 sbin/devd/devd.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sbin/devd/devd.cc b/sbin/devd/devd.cc
index 05715c18708f..28aab82803c8 100644
--- a/sbin/devd/devd.cc
+++ b/sbin/devd/devd.cc
@@ -939,7 +939,7 @@ create_socket(const char *name, int socktype)
 	return (fd);
 }
 
-static unsigned int max_clients = 10;	/* Default, can be overridden on cmdline. */
+static unsigned int max_clients = 50;	/* Default, can be overridden on cmdline. */
 static unsigned int num_clients;
 
 static list<client_t> clients;

From nobody Tue Apr  1 12:53:45 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRnxP4zjZz5rVHQ;
	Tue, 01 Apr 2025 12:53:45 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRnxP49Nrz3D8r;
	Tue, 01 Apr 2025 12:53:45 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743512025;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=CCt27zinJ2OWYbOZg7orIh5gJA+80VLQ8oT/uFz97ec=;
	b=yxU/kSDAygLbxe7+toJWjFY2sXiiClrAOCMTM58sxA2wRfvR9FVD8vU42NJd++2MlQtwgo
	hK6rLgNk/iNbSFmf9NfBrnBIvvKzYEsoMN95xxrxdO7gunW++KIRVg9z1Dh18yGeLD8zbj
	lgZt4W52WSUecOj4o2R+CELsdjuwcYF7Rf462nMlPPHn3Zj8tsomkPEqfHUCoLXIgD2jgh
	NXAP1AjYiPTTNdq5on0K3GyNOSP1gb9sDE9Ik+45gbHhLw57lkL/aDugmmtMGj4ilQxxeZ
	FMJf7bZXIw44JDxSz2Rvyw/+tQQHRdblaK5oSa/sdxXtpz+H0Vb+ojdfFsCtNA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743512025; a=rsa-sha256; cv=none;
	b=rRCmBcA7Yv8TbLCElY/nR3dL8rJtMRJmQxnnEeKLUQOwKLkdEiGjISKPg9zLwXVE9xLTsL
	fPnpT3ipRwB8mzpL3rRIbjTv8DLHS0TsaKq2jUsvhYbpwOBQqkionQ30cM5hbopVguv+Vi
	ub6Qn3VcurNfqQNsHgcvsZF3y/9Fs6U4m0LkopyHPu2lhp1SVELOIBDgRlMhwfWuttm7Iz
	srlG4qvqwL3g7/A/j/gKSeDrIe4z2Hw6F3CnUCVsWZtzXmGjcuO1TB8Y8YFIcKrVPmuWTK
	69nW37YpzRQr1sRWsoC42qLVB4IC2LKaed/Ik2EBgrm6SuN8c6SzDoQfwvZ11Q==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743512025;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=CCt27zinJ2OWYbOZg7orIh5gJA+80VLQ8oT/uFz97ec=;
	b=ppQ4SQ0LP2KG6qG3JmLEaaWK1ztXu6LYHmLtDRjDaeR3EoGEBbLuOj8keuPRBe0x9DBZWj
	LVCXDyXvbXjUkn1ElyqTlMFAUEqprwDyfxt87h6Ko7uF0HBzQDYMab4jsR6P3eSk0X1HNY
	GqR1LXlZ9m7rQUG030L3nTyqa+psLJbaIui4cHVyk9geNzb8GhqReSYS2xyvw572pHuOLQ
	KI+vZExkk0OK8Xvj0gXcu8Jbf2dAsu846Irifgydiu7Lao8X0nTh1QNcE2Xn/YkoMi9aRG
	hw4BHZgtjDUulukDqaZ3zlrgZ212hAQJ9MzhhNQiD4ZpijOrMtyCwlZUUuY+bg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRnxP3fhJzXZk;
	Tue, 01 Apr 2025 12:53:45 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 531CrjmN009212;
	Tue, 1 Apr 2025 12:53:45 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 531CrjcW009209;
	Tue, 1 Apr 2025 12:53:45 GMT
	(envelope-from git)
Date: Tue, 1 Apr 2025 12:53:45 GMT
Message-Id: <202504011253.531CrjcW009209@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Ed Maste <emaste@FreeBSD.org>
Subject: git: e683e7e0f887 - stable/14 - usr.bin/Makefile: always
  build ELF Tool Chain strings(1)
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: emaste
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: e683e7e0f887216b52dfd64db226f0a6d3ce853a
Auto-Submitted: auto-generated

The branch stable/14 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=e683e7e0f887216b52dfd64db226f0a6d3ce853a

commit e683e7e0f887216b52dfd64db226f0a6d3ce853a
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2025-03-20 17:47:29 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2025-04-01 12:52:53 +0000

    usr.bin/Makefile: always build ELF Tool Chain strings(1)
    
    strings(1) is not conditional on WITH_/WITHOUT_TOOLCHAIN, as it is a
    small utility that is also useful outside of the toolchain context.
    As of commit 1cae7121c667 we switched to WITH_LLVM_BINUTILS by default.
    
    After this change building world with default options but installing
    WITHOUT_TOOLCHAIN failed, because we would build LLVM's strings but
    attempt to install ELF Tool Chain's version, which did not exist.
    Address this by always including ELF Tool Chain strings in non-install
    make targets, so that it will be available if options are changed at
    install time.
    
    PR:             285556
    Reported by:    Michael Butler
    Reviewed by:    brooks
    Sponsored by:   The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D49425
    
    (cherry picked from commit fdc4db57224ce19b867c60fce4c410068be40c27)
---
 usr.bin/Makefile | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/usr.bin/Makefile b/usr.bin/Makefile
index 58945f7ecb18..02c6018af6e1 100644
--- a/usr.bin/Makefile
+++ b/usr.bin/Makefile
@@ -258,6 +258,12 @@ SUBDIR.${MK_TOOLCHAIN}+=	nm
 SUBDIR.${MK_TOOLCHAIN}+=	objcopy
 SUBDIR.${MK_TOOLCHAIN}+=	readelf
 SUBDIR.${MK_TOOLCHAIN}+=	size
+.endif
+# Include elftoolchain's strings in build targets even if using LLVM_BINUTILS,
+# as we may later install with different options.  In particular, the release
+# artifact builds use default options for buildworld but install with
+# MK_TOOLCHAIN=no which implies MK_LLVM_BINUTILS=no.
+.if ${MK_LLVM_BINUTILS} == "no" || !make(install)
 SUBDIR+=			strings
 .endif
 SUBDIR.${MK_TOOLCHAIN}+=	c89

From nobody Tue Apr  1 13:20:10 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRpWv2Vfcz5rWcG;
	Tue, 01 Apr 2025 13:20:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRpWt5NThz3MrH;
	Tue, 01 Apr 2025 13:20:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743513610;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=mJqqfgjhbFW32NPlL1ndUlKrPXyq/sg/ui7EvqGu+NY=;
	b=SkNSwbaUxok921ZsPmuTt1IHQQREgWEdwlKoH98/kEEczwzyUkKlSuvqjuGEvPLKNdw+H+
	pOd4icBLmUNVXjrEcCymIKQCxqp6/nhXOFFLqGJKgxWHCj+KlaVYUOK/mG/SYA7zKyErdl
	uM/bKTSVnzLv0BSjCUYpWhHkr1V111VAajmejRtYPEfxJg8kWPl0TbJgUW0hhjZqlI3WQL
	6C1Xe73myTG9kgvYSKgFE9jM0aaKITR56KO1dpUvr7hjp9pcCp1EVEpgEMn8AXchj1lIkQ
	QDMVa7GpMjfOr9heJgfx5xf0of4boEdJ8gHWFH2P1LY/6NLYkLuTfITS7ujyvg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743513610; a=rsa-sha256; cv=none;
	b=xPpu4yf0lpF+cVrigT9YVyfMRSHD8TTTIyG2Kfn5itqjd03SkmqeLPY6Rd8mx4Btke48gM
	2Rrz+exRSOvywVDqriEC5DYBnArtrFfdbtppqVNBfZVPSgwq8U1J+0jP8acFm+hna1QwDf
	tpd0kuge/pLZD9c1kImQQKWcQKMMat2hfB5KD6YE3T43OGzIPim8xX7MojOV5d2dUpRN/e
	OJ3S9boA0sCRQddnaddH/23l9efvBx0oOx4Ykloah72OcguCvLxToM4Cc7yczH25MS1J9X
	yzOUwc/zcK323hsWk/atW0NdpwkmiZDMH40fr0nm3kSw2w5RsGpxR/R/IctH4g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743513610;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=mJqqfgjhbFW32NPlL1ndUlKrPXyq/sg/ui7EvqGu+NY=;
	b=Qwlx0UENXAfwhPOUjGRloXqmv+z+rclxrrNoC6niP47uvslArzN4T61u7o1KyWZT3rKeOm
	/oailuKGGz+cHBILuTIPmSzFFbhWY6tqvSNFLmJ8b/kUBBHtah+0jJA1Btw85FBPuVhiwe
	fShopmkMrqAs0RuWpF08RHsyRiZ9bI4I8vwbG3hne2HeGZL2CUdu7Ch/XnMTOMAWw1dNFL
	Kx0WV12dxFv17WjaXhgbDLSRjlEsr69fp3ywKdUP0csBNkAkhLqP8LYHzwrMtvVQoVfoEf
	6pCcl/342dqZSj2i3dlajlc6dPCxS/LFzk/mAjKCqRzFm18f6XzMv/jVhGWecg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRpWt4hT0zY8X;
	Tue, 01 Apr 2025 13:20:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 531DKAuU054392;
	Tue, 1 Apr 2025 13:20:10 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 531DKAF3054383;
	Tue, 1 Apr 2025 13:20:10 GMT
	(envelope-from git)
Date: Tue, 1 Apr 2025 13:20:10 GMT
Message-Id: <202504011320.531DKAF3054383@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Christos Margiolis <christos@FreeBSD.org>
Subject: git: e431b38b0f77 - stable/14 - snd_hda: Patch Framework
  16 AMD
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: christos
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: e431b38b0f77a6deff9f6f214fe520b689c38bd2
Auto-Submitted: auto-generated

The branch stable/14 has been updated by christos:

URL: https://cgit.FreeBSD.org/src/commit/?id=e431b38b0f77a6deff9f6f214fe520b689c38bd2

commit e431b38b0f77a6deff9f6f214fe520b689c38bd2
Author:     Christos Margiolis <christos@FreeBSD.org>
AuthorDate: 2025-03-25 19:13:49 +0000
Commit:     Christos Margiolis <christos@FreeBSD.org>
CommitDate: 2025-04-01 13:20:05 +0000

    snd_hda: Patch Framework 16 AMD
    
    Reported by:    jrm
    Tested by:      jrm
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 week
    Reviewed by:    jrm
    Differential Revision:  https://reviews.freebsd.org/D49416
    
    (cherry picked from commit 2f1f523a45fb7f9fddd36a3402edbf7b111996c3)
---
 sys/dev/sound/pci/hda/hdaa_patches.c | 14 ++++++++++++++
 sys/dev/sound/pci/hda/hdac.h         |  1 +
 2 files changed, 15 insertions(+)

diff --git a/sys/dev/sound/pci/hda/hdaa_patches.c b/sys/dev/sound/pci/hda/hdaa_patches.c
index 8ad1c845c254..233ba1ae8d13 100644
--- a/sys/dev/sound/pci/hda/hdaa_patches.c
+++ b/sys/dev/sound/pci/hda/hdaa_patches.c
@@ -340,6 +340,20 @@ hdac_pin_patch(struct hdaa_widget *w)
 			patch_str = "as=3 seq=15 color=Black loc=Left";
 			break;
 		}
+	} else if (id == HDA_CODEC_ALC295 &&
+	    subid == FRAMEWORK_LAPTOP_0005_SUBVENDOR) {
+		switch (nid) {
+		case 20:
+			/*
+			 * This pin is a duplicate of pin 23 (both as=1 seq=0),
+			 * which ends up in the driver disabling the
+			 * association altogether. Since sound quality from pin
+			 * 23 seems to be better, configure this one as a back
+			 * speaker.
+			 */
+			patch_str = "as=1 seq=2";
+			break;
+		}
 	} else if (id == HDA_CODEC_ALC295 &&
 	    subid == FRAMEWORK_LAPTOP_0006_SUBVENDOR) {
 		switch (nid) {
diff --git a/sys/dev/sound/pci/hda/hdac.h b/sys/dev/sound/pci/hda/hdac.h
index 9b11dcba32a8..cb383d3be498 100644
--- a/sys/dev/sound/pci/hda/hdac.h
+++ b/sys/dev/sound/pci/hda/hdac.h
@@ -530,6 +530,7 @@
 #define FRAMEWORK_LAPTOP_0001_SUBVENDOR HDA_MODEL_CONSTRUCT(FRAMEWORK, 0x0001)
 #define FRAMEWORK_LAPTOP_0002_SUBVENDOR HDA_MODEL_CONSTRUCT(FRAMEWORK, 0x0002)
 #define FRAMEWORK_LAPTOP_0003_SUBVENDOR HDA_MODEL_CONSTRUCT(FRAMEWORK, 0x0003)
+#define FRAMEWORK_LAPTOP_0005_SUBVENDOR HDA_MODEL_CONSTRUCT(FRAMEWORK, 0x0005)
 #define FRAMEWORK_LAPTOP_0006_SUBVENDOR HDA_MODEL_CONSTRUCT(FRAMEWORK, 0x0006)
 
 /* All codecs you can eat... */

From nobody Tue Apr  1 17:46:09 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRwQp3TnSz5rsdW;
	Tue, 01 Apr 2025 17:46:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRwQp0mbPz3KhS;
	Tue, 01 Apr 2025 17:46:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743529570;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=pSODX4SI2yCjo79YrR7l+MvGIJQp+rpck4Uy6Da87H8=;
	b=jCVaEPTqPOZHcZaib7ocN6xwj9sZVBDoDRXoynaPO7JWf/S9THirVOhgqn/ywiFbZTaPR3
	7HEiaYDizHKMf8RPOaa69436lVhWWlg2eyHeuWXTxnVQ7u4R5XzgsoE2SfrmxW8bF6lda1
	wy2VKJb+FI/Il7DdbESuFVyIpfNCZF1dSrLACm4tYiszh+MrYn4CdNwqxxN2+g10CcDh1q
	tKSPrk1r2yLeQSQn2/ecQqIB43iYStVZvXVyqsNItF4hRBLd9bhGoNpFr+k/za7WLKgj86
	u8Xa1uSDxFGeRT+iT1jymQD9nPeWdS9vWltJ7l8s28sRO6jgdhEmQjkt6xGT8g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743529570; a=rsa-sha256; cv=none;
	b=P2Xi/xcjpPZbjvc4Zs/HYoJSKxov7hhwQHmQJ21YGrjFvcBLYoGCMODIcP32fWxhkuXseY
	6ko65WuxH1A45VopDMcFArRsVpsHOq5rfe2KM8zsLOBWjOhyGrqa43YEur0MlzkrUSexJx
	iRTMapH/CNlvQJQxnZ4r52A5XepiQoeJsX1b7AI40IPNvHix0WDZYY74svc3PiPnhdYytx
	OKA1sS7WD+jFA2Q6B2mxTtzRt3sWkFLUdUZscCueddhZm1fqiNnajvISc/ylNxudpW6nWU
	Eg18X39/8zFjVzZ8xQp3G52ui3tNa60FWnI5e+PFxEbG2LDnNvIZ39+9FE5aoA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743529570;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=pSODX4SI2yCjo79YrR7l+MvGIJQp+rpck4Uy6Da87H8=;
	b=ibi5VgMU8iAZZVA5/bo7lQUL2NRo1+4rxq6Ifrx66ouol+SzoAgiHih8hyGrm11X6W2hdj
	I8e1XmbyjaslAwvzlkaTKbAYTFMDzI80rxZlaBxYhpGl0tgjpf2fU6Ho7bzCCko5y6jerg
	QIYFcRuZ7OKdXdojZw60QKKLptzLmx+QvVQvwkyPjt+O4WF6gSJlwVBNzx0WdzEJGvRXZr
	uzzng8EFEuFb1L5CZknyMYVnafhB2k3q1n7T3RSi/8gEERI4MZCHjCxzXKli8YTzqxvQz5
	IeLoESauvbqozM9E4IwzKKcODxWPegZuAHgXFLLiKjjV98IWKNtRqC4Gj9ZcnQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRwQp02jCzh3C;
	Tue, 01 Apr 2025 17:46:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 531Hk9DF050098;
	Tue, 1 Apr 2025 17:46:09 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 531Hk9fG050095;
	Tue, 1 Apr 2025 17:46:09 GMT
	(envelope-from git)
Date: Tue, 1 Apr 2025 17:46:09 GMT
Message-Id: <202504011746.531Hk9fG050095@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Colin Percival <cperciva@FreeBSD.org>
Subject: git: 3af851edd0b9 - stable/14 - acpica: Extract _OSC parsing
  to a common file
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: cperciva
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 3af851edd0b986eea6f13f09e6960fe075322028
Auto-Submitted: auto-generated

The branch stable/14 has been updated by cperciva:

URL: https://cgit.FreeBSD.org/src/commit/?id=3af851edd0b986eea6f13f09e6960fe075322028

commit 3af851edd0b986eea6f13f09e6960fe075322028
Author:     Andrew Turner <andrew@FreeBSD.org>
AuthorDate: 2024-12-12 16:29:45 +0000
Commit:     Colin Percival <cperciva@FreeBSD.org>
CommitDate: 2025-04-01 17:43:57 +0000

    acpica: Extract _OSC parsing to a common file
    
    This will be used by pci_host_generic_acpi.c so needs to be in a
    common location.
    
    Reviewed by:    imp, jhb
    Sponsored by:   Arm Ltd
    Differential Revision:  https://reviews.freebsd.org/D48044
    
    (cherry picked from commit ba1904937d9ae0539e39001467a1519b17177118)
---
 sys/dev/acpica/acpi_pcib.c      | 59 ++++++++++++++++++++++++++++++++++++++++
 sys/dev/acpica/acpi_pcib_acpi.c | 60 ++---------------------------------------
 sys/dev/acpica/acpi_pcibvar.h   |  1 +
 3 files changed, 62 insertions(+), 58 deletions(-)

diff --git a/sys/dev/acpica/acpi_pcib.c b/sys/dev/acpica/acpi_pcib.c
index b16457ec853d..dfb4f143d5c4 100644
--- a/sys/dev/acpica/acpi_pcib.c
+++ b/sys/dev/acpica/acpi_pcib.c
@@ -38,6 +38,7 @@
 #include <dev/acpica/acpivar.h>
 #include <dev/acpica/acpi_pcibvar.h>
 
+#include <dev/pci/pcireg.h>
 #include <dev/pci/pcivar.h>
 #include "pcib_if.h"
 
@@ -277,3 +278,61 @@ acpi_pcib_get_cpus(device_t pcib, device_t dev, enum cpu_sets op,
 
 	return (bus_get_cpus(pcib, op, setsize, cpuset));
 }
+
+int
+acpi_pcib_osc(device_t pcib, uint32_t *ap_osc_ctl, uint32_t osc_ctl)
+{
+	ACPI_STATUS status;
+	ACPI_HANDLE handle;
+	uint32_t cap_set[3];
+
+	static uint8_t pci_host_bridge_uuid[ACPI_UUID_LENGTH] = {
+		0x5b, 0x4d, 0xdb, 0x33, 0xf7, 0x1f, 0x1c, 0x40,
+		0x96, 0x57, 0x74, 0x41, 0xc0, 0x3d, 0xd7, 0x66
+	};
+
+	/*
+	 * Don't invoke _OSC if a control is already granted.
+	 * However, always invoke _OSC during attach when 0 is passed.
+	 */
+	if (osc_ctl != 0 && (*ap_osc_ctl & osc_ctl) == osc_ctl)
+		return (0);
+
+	/* Support Field: Extended PCI Config Space, PCI Segment Groups, MSI */
+	cap_set[PCI_OSC_SUPPORT] = PCIM_OSC_SUPPORT_EXT_PCI_CONF |
+	    PCIM_OSC_SUPPORT_SEG_GROUP | PCIM_OSC_SUPPORT_MSI;
+	/* Active State Power Management, Clock Power Management Capability */
+	if (pci_enable_aspm)
+		cap_set[PCI_OSC_SUPPORT] |= PCIM_OSC_SUPPORT_ASPM |
+		    PCIM_OSC_SUPPORT_CPMC;
+
+	/* Control Field */
+	cap_set[PCI_OSC_CTL] = *ap_osc_ctl | osc_ctl;
+
+	handle = acpi_get_handle(pcib);
+	status = acpi_EvaluateOSC(handle, pci_host_bridge_uuid, 1,
+	    nitems(cap_set), cap_set, cap_set, false);
+	if (ACPI_FAILURE(status)) {
+		if (status == AE_NOT_FOUND) {
+			*ap_osc_ctl |= osc_ctl;
+			return (0);
+		}
+		device_printf(pcib, "_OSC failed: %s\n",
+		    AcpiFormatException(status));
+		return (EIO);
+	}
+
+	/*
+	 * _OSC may return an error in the status word, but will
+	 * update the control mask always.  _OSC should not revoke
+	 * previously-granted controls.
+	 */
+	if ((cap_set[PCI_OSC_CTL] & *ap_osc_ctl) != *ap_osc_ctl)
+		device_printf(pcib, "_OSC revoked %#x\n",
+		    (cap_set[PCI_OSC_CTL] & *ap_osc_ctl) ^ *ap_osc_ctl);
+	*ap_osc_ctl = cap_set[PCI_OSC_CTL];
+	if ((*ap_osc_ctl & osc_ctl) != osc_ctl)
+		return (EIO);
+
+	return (0);
+}
diff --git a/sys/dev/acpica/acpi_pcib_acpi.c b/sys/dev/acpica/acpi_pcib_acpi.c
index 451a8d8b736d..c0274e84fdeb 100644
--- a/sys/dev/acpica/acpi_pcib_acpi.c
+++ b/sys/dev/acpica/acpi_pcib_acpi.c
@@ -311,62 +311,6 @@ get_decoded_bus_range(struct acpi_hpcib_softc *sc, rman_res_t *startp,
 }
 #endif
 
-static int
-acpi_pcib_osc(struct acpi_hpcib_softc *sc, uint32_t osc_ctl)
-{
-	ACPI_STATUS status;
-	uint32_t cap_set[3];
-
-	static uint8_t pci_host_bridge_uuid[ACPI_UUID_LENGTH] = {
-		0x5b, 0x4d, 0xdb, 0x33, 0xf7, 0x1f, 0x1c, 0x40,
-		0x96, 0x57, 0x74, 0x41, 0xc0, 0x3d, 0xd7, 0x66
-	};
-
-	/*
-	 * Don't invoke _OSC if a control is already granted.
-	 * However, always invoke _OSC during attach when 0 is passed.
-	 */
-	if (osc_ctl != 0 && (sc->ap_osc_ctl & osc_ctl) == osc_ctl)
-		return (0);
-
-	/* Support Field: Extended PCI Config Space, PCI Segment Groups, MSI */
-	cap_set[PCI_OSC_SUPPORT] = PCIM_OSC_SUPPORT_EXT_PCI_CONF |
-	    PCIM_OSC_SUPPORT_SEG_GROUP | PCIM_OSC_SUPPORT_MSI;
-	/* Active State Power Management, Clock Power Management Capability */
-	if (pci_enable_aspm)
-		cap_set[PCI_OSC_SUPPORT] |= PCIM_OSC_SUPPORT_ASPM |
-		    PCIM_OSC_SUPPORT_CPMC;
-
-	/* Control Field */
-	cap_set[PCI_OSC_CTL] = sc->ap_osc_ctl | osc_ctl;
-
-	status = acpi_EvaluateOSC(sc->ap_handle, pci_host_bridge_uuid, 1,
-	    nitems(cap_set), cap_set, cap_set, false);
-	if (ACPI_FAILURE(status)) {
-		if (status == AE_NOT_FOUND) {
-			sc->ap_osc_ctl |= osc_ctl;
-			return (0);
-		}
-		device_printf(sc->ap_dev, "_OSC failed: %s\n",
-		    AcpiFormatException(status));
-		return (EIO);
-	}
-
-	/*
-	 * _OSC may return an error in the status word, but will
-	 * update the control mask always.  _OSC should not revoke
-	 * previously-granted controls.
-	 */
-	if ((cap_set[PCI_OSC_CTL] & sc->ap_osc_ctl) != sc->ap_osc_ctl)
-		device_printf(sc->ap_dev, "_OSC revoked %#x\n",
-		    (cap_set[PCI_OSC_CTL] & sc->ap_osc_ctl) ^ sc->ap_osc_ctl);
-	sc->ap_osc_ctl = cap_set[PCI_OSC_CTL];
-	if ((sc->ap_osc_ctl & osc_ctl) != osc_ctl)
-		return (EIO);
-
-	return (0);
-}
-
 static int
 acpi_pcib_acpi_attach(device_t dev)
 {
@@ -394,7 +338,7 @@ acpi_pcib_acpi_attach(device_t dev)
     if (!acpi_DeviceIsPresent(dev))
 	return (ENXIO);
 
-    acpi_pcib_osc(sc, 0);
+    acpi_pcib_osc(dev, &sc->ap_osc_ctl, 0);
 
     /*
      * Get our segment number by evaluating _SEG.
@@ -819,7 +763,7 @@ acpi_pcib_request_feature(device_t pcib, device_t dev, enum pci_feature feature)
 		return (EINVAL);
 	}
 
-	return (acpi_pcib_osc(sc, osc_ctl));
+	return (acpi_pcib_osc(dev, &sc->ap_osc_ctl, osc_ctl));
 }
 
 static bus_dma_tag_t
diff --git a/sys/dev/acpica/acpi_pcibvar.h b/sys/dev/acpica/acpi_pcibvar.h
index 2b75c276f9d1..c763eeea1941 100644
--- a/sys/dev/acpica/acpi_pcibvar.h
+++ b/sys/dev/acpica/acpi_pcibvar.h
@@ -40,6 +40,7 @@ int	acpi_pcib_route_interrupt(device_t pcib, device_t dev, int pin,
     ACPI_BUFFER *prtbuf);
 int	acpi_pcib_power_for_sleep(device_t pcib, device_t dev,
     int *pstate);
+int	acpi_pcib_osc(device_t pcib, uint32_t *ap_osc_ctl, uint32_t osc_ctl);
 
 #endif /* _KERNEL */
 

From nobody Tue Apr  1 17:46:10 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRwQq2QlMz5rsk2;
	Tue, 01 Apr 2025 17:46:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRwQq0TBTz3L0l;
	Tue, 01 Apr 2025 17:46:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743529571;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=1Xw9jURhhwzIYZdkOG5SKYY2XMC809JO4L1jYpq9+8M=;
	b=T3pgxlr8STwIaH6FGQJhKhDBqN5g3oUYXlpSWp9izGxcwK1CrbOJpoNRPIprEmQg7Vm0PY
	IgZlwdQWRLzJh0OJ7OM6YMwFuIXajIpU7/ZxMQTQG0eDaTnAbnuKsFXmqOPlewNrPQjPc9
	n0QLutw+5MTU30X3UgyUDvMv1tjyD905sCeWq2DqeGfDYZuygoabkq2QyZENQIqcs1LWIL
	gZn/uR5OgfFKyht+5AjNfP/cwkfAaHhj+u36+ouBwPdso9bh1/sQMSyZ8Mu+zM+zNsD1Di
	JRwHD3IKBDB/dTfsXGefO7cWjEBgYVuBC2apqvRYLvXbaiOwdj3xczS8ksz7Lg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743529571; a=rsa-sha256; cv=none;
	b=aRKggAHBJDmlKh2JW/R3j0Vyet22MlTeUxDQ7C0/HVFpGkM+9antuZoUSv1W79+tcFOkkw
	63u7rTV0RFDLFtRpwdGAIJpncKo/2TZWLvZMWqhPHKrg++Z7QrkiPNKIduXogL0Yhi68zu
	AAWh1NovjP01P7QoZ2D+C1NNEq1fvmNS5OhtMz6P0mTWmunuTXkDli38HBp3ubYEw9PEvv
	vzYeWVzxOjWuCSpYEdo0xy7ANA0c3jBWAXMJmv3Cu2C8/hKn/RCQ7oFSTeVBbQ/5t1Y/s0
	Uoc9GsJ9VaSeWo2iwTbu7HG2wOhT7HDRTiBwUOw+Zf3bLpMv0NMUuKCW+ZcGeQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743529571;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=1Xw9jURhhwzIYZdkOG5SKYY2XMC809JO4L1jYpq9+8M=;
	b=JkjZgVe9M5sMEUxQYuHeb7VTLi0XZu76Eg1ljxB9CBGjjTjLJJn3mQnn7bSejUfCJzMNjI
	9RjmRHnlBOPK9NS6U6DEHwf5T1G0iicnkTagwFCoSBy/mteVWL1xWS1wik3dW1jrZDklQK
	wgvPc4aeSPzfNMOtM21gQdgf3KAtnx3HbUYPtjJf35dQWINgYea0IGJjCKWSc8vGbwXQlW
	CljIBma4Te0K74/3ZSq5MK1la0Uy1S3DnRnJHqSaEHg6B4SO6PPvQY/iOyGmop7i4F3nOl
	cRWimncgfU1lcPq/lj9crt5Z3l+NyEBaw0tLNwqwcF36W2tFE85LFEO1ZgChuA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRwQq03djzh3D;
	Tue, 01 Apr 2025 17:46:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 531HkAke050130;
	Tue, 1 Apr 2025 17:46:10 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 531HkAQb050127;
	Tue, 1 Apr 2025 17:46:10 GMT
	(envelope-from git)
Date: Tue, 1 Apr 2025 17:46:10 GMT
Message-Id: <202504011746.531HkAQb050127@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Colin Percival <cperciva@FreeBSD.org>
Subject: git: d3916945e4e1 - stable/14 - pci: Use a switch statement
  when reading ivars
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: cperciva
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: d3916945e4e11fae3898d497deccefb5143796d0
Auto-Submitted: auto-generated

The branch stable/14 has been updated by cperciva:

URL: https://cgit.FreeBSD.org/src/commit/?id=d3916945e4e11fae3898d497deccefb5143796d0

commit d3916945e4e11fae3898d497deccefb5143796d0
Author:     Andrew Turner <andrew@FreeBSD.org>
AuthorDate: 2024-12-12 16:30:02 +0000
Commit:     Colin Percival <cperciva@FreeBSD.org>
CommitDate: 2025-04-01 17:43:57 +0000

    pci: Use a switch statement when reading ivars
    
    In pci_host_generic.c use a switch statement rather than a series
    of if statements.
    
    Reviewed by:    imp
    Sponsored by:   Arm Ltd
    Differential Revision:  https://reviews.freebsd.org/D48045
    
    (cherry picked from commit fafb43abd0dcaf2d36ec7344f46e7e19c42be888)
---
 sys/dev/pci/pci_host_generic.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/sys/dev/pci/pci_host_generic.c b/sys/dev/pci/pci_host_generic.c
index 19a2ec419ad0..37864da9baa4 100644
--- a/sys/dev/pci/pci_host_generic.c
+++ b/sys/dev/pci/pci_host_generic.c
@@ -369,13 +369,11 @@ generic_pcie_read_ivar(device_t dev, device_t child, int index,
 	struct generic_pcie_core_softc *sc;
 
 	sc = device_get_softc(dev);
-
-	if (index == PCIB_IVAR_BUS) {
+	switch (index) {
+	case PCIB_IVAR_BUS:
 		*result = sc->bus_start;
 		return (0);
-	}
-
-	if (index == PCIB_IVAR_DOMAIN) {
+	case PCIB_IVAR_DOMAIN:
 		*result = sc->ecam;
 		return (0);
 	}

From nobody Tue Apr  1 17:46:12 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRwQr5jW4z5rsbT;
	Tue, 01 Apr 2025 17:46:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRwQr1gQKz3KrY;
	Tue, 01 Apr 2025 17:46:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743529572;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=x9gUswcE2OiSc8EcO+V3hBU5ewBIeWCDGG9zZajvJFk=;
	b=Rk/mpTgI891KZFaDGCijIPT3wpfufP/qPAdHgWvtDlOK0U9+VDStOp6SrPh7jfJIfM9VsK
	Ekl6T5qNNt+lJ+KqSqX1P/aa5Xwm1uj8EMooB1m3iMZTm5aJBOO6gJhiDeij8kecxZWRc2
	R18JQ+zWlv/Iav4pWBgeVvXnsU2LoXswMKEH8rhNXB8Yh+jsBB+gNjUeURiycbnfOvmiwK
	SGNDBa9NDzd1wRF+NeBPfeDSkW97A/0zWXm0tCuxT89NpBpOsDuwlD/xdrsbexNC8IzrGi
	iik+/bOIc0AddFTeWLSJhk837qGPScLV93ffDEkxEWkD4t9oievn6tsSC5V4RA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743529572; a=rsa-sha256; cv=none;
	b=a2+oh5sPzuRNlt4lH2gRDUiqDLSpJasEGd70EggQci3YFiznYBEOWdxvJEfcHz3SRDz9Zp
	K9tfgsPiFYUiPpd4cCArVm1jH1ESaRh/KIO3OzJBsmlIoaUo71z2QIHg1B/C+6VtcoidaM
	0qCJmKcd1eCBJqA5JjWT+hPiDQ0N+LIyCFc593BBJkB+2vTy7MyJ430cdrM4/Y5KkXky/d
	xLoV8pqYlxfMQYnPeqRXIoYqEP1qnOdIa3YriX4ZBLlLjp4M/8WVEBDFjlkq5u9RoMI62t
	aVCeekbAh0uBw8DzVLEQ+RT4PPfGYcXiqQJO/Bz3onWe5NjduUgUaio96/ySvw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743529572;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=x9gUswcE2OiSc8EcO+V3hBU5ewBIeWCDGG9zZajvJFk=;
	b=CwpuMhhxJD5HsMOOMsjLNlsHdp/jlnPCJH6gu3J8bnTFFrw3nr4A+C5WNMo4hVD4KnrVvD
	/URcOU/I3xEjSx052HRwWZiyneygCSa2JoOU5UcW3bytuhMzMTSg8hj3txWlUGS5ZZbFE/
	kFiNFkC02yr60XUaKIKUYyZEYObYtVjOanyto1tV6p7pRaOK2CfDxnMqPrpI82yCAdKAQc
	nB10XK7kTWzD2Qv6PN3MHQpMv2pEGBhWoYkxJXmhRM3Xyb5i/UYB+wgWi6vZTrf7vjLbX0
	t1roA2KL7EbWiQTVJy/WKoJo7jD9weEn2WIq/inGin1DLQInVMkYjyc5Q5z6TA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRwQr10SHzhS7;
	Tue, 01 Apr 2025 17:46:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 531HkCgV050162;
	Tue, 1 Apr 2025 17:46:12 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 531HkChB050159;
	Tue, 1 Apr 2025 17:46:12 GMT
	(envelope-from git)
Date: Tue, 1 Apr 2025 17:46:12 GMT
Message-Id: <202504011746.531HkChB050159@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Colin Percival <cperciva@FreeBSD.org>
Subject: git: 506e41a1517e - stable/14 - pci: Make generic_pcie_read_ivar
  non static
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: cperciva
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 506e41a1517e1d1cfd7e15829679299bc58e406d
Auto-Submitted: auto-generated

The branch stable/14 has been updated by cperciva:

URL: https://cgit.FreeBSD.org/src/commit/?id=506e41a1517e1d1cfd7e15829679299bc58e406d

commit 506e41a1517e1d1cfd7e15829679299bc58e406d
Author:     Andrew Turner <andrew@FreeBSD.org>
AuthorDate: 2024-12-12 16:30:16 +0000
Commit:     Colin Percival <cperciva@FreeBSD.org>
CommitDate: 2025-04-01 17:43:57 +0000

    pci: Make generic_pcie_read_ivar non static
    
    Allow this to be called from attachments to allow more ivars to be
    implemented.
    
    Reviewed by:    imp
    Sponsored by:   Arm Ltd
    Differential Revision:  https://reviews.freebsd.org/D48046
    
    (cherry picked from commit 7cafe75c8c52deffcb3e64200eb4187a52cf202d)
---
 sys/dev/pci/pci_host_generic.c | 4 +---
 sys/dev/pci/pci_host_generic.h | 1 +
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/sys/dev/pci/pci_host_generic.c b/sys/dev/pci/pci_host_generic.c
index 37864da9baa4..ff8d222e3fd3 100644
--- a/sys/dev/pci/pci_host_generic.c
+++ b/sys/dev/pci/pci_host_generic.c
@@ -67,8 +67,6 @@ static uint32_t generic_pcie_read_config(device_t dev, u_int bus, u_int slot,
 static void generic_pcie_write_config(device_t dev, u_int bus, u_int slot,
     u_int func, u_int reg, uint32_t val, int bytes);
 static int generic_pcie_maxslots(device_t dev);
-static int generic_pcie_read_ivar(device_t dev, device_t child, int index,
-    uintptr_t *result);
 static int generic_pcie_write_ivar(device_t dev, device_t child, int index,
     uintptr_t value);
 
@@ -362,7 +360,7 @@ generic_pcie_maxslots(device_t dev)
 	return (31); /* max slots per bus acc. to standard */
 }
 
-static int
+int
 generic_pcie_read_ivar(device_t dev, device_t child, int index,
     uintptr_t *result)
 {
diff --git a/sys/dev/pci/pci_host_generic.h b/sys/dev/pci/pci_host_generic.h
index 2d7583b861c8..65f69fc05314 100644
--- a/sys/dev/pci/pci_host_generic.h
+++ b/sys/dev/pci/pci_host_generic.h
@@ -97,5 +97,6 @@ struct resource *pci_host_generic_core_alloc_resource(device_t, device_t, int,
     int *, rman_res_t, rman_res_t, rman_res_t, u_int);
 int pci_host_generic_core_release_resource(device_t, device_t, int, int,
     struct resource *);
+int generic_pcie_read_ivar(device_t, device_t, int, uintptr_t *);
 
 #endif /* __PCI_HOST_GENERIC_H_ */

From nobody Tue Apr  1 17:46:13 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRwQs73qYz5rsW7;
	Tue, 01 Apr 2025 17:46:13 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRwQs2Lysz3L88;
	Tue, 01 Apr 2025 17:46:13 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743529573;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=msZiYxftCzCSlMZfw+FNcS3VnV5R0zccEDPlC+/tZPQ=;
	b=aq27FdfXb+CqtyV9pdV/SPz6ymbKTwI+3FyZgxI3yaCqk4wouL+rthBpCRplhvHZAo+0GU
	jXp4/jCnt+MKcpo2Xflp2/6U1rZLXTdtl8eutMROSiB4NIqTcQbUueCfhG2B1xKch+OwxX
	rpX1LIW5zYDEqrM2bXdwW38giHV4aea0kkL50OT4uvgP0wtzsvmq4zySeFoQsSjKvrDKjS
	yKDTjbAaLg33gdOo4n7AJ1Zpdqs/qvPyYzzUL3sm93n+glOfUPtdOJ6vBjyZ+GiTUjqo9k
	DRej6LyjdUORjZRJi6ATvxZxMJ8cO9OkMeGMlcderulW9uiztl0OQsptOsc8pw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743529573; a=rsa-sha256; cv=none;
	b=PxGZFbDSXaQHj8vtk5ht/y2r3NHTa5Zsrnd7NtgMESHPlfG9Na+9TkZynN6KFi5JkU0RqO
	dktpZB4u25TcX2uRHECF9modJlXYyDrDVDXgW1/GhL7N68Qa3D3JB4z1hHvdowUh+ar0/M
	MWdhQfvceuTIOgGyQsUNY1qxGQgGOJUGE0aP6TUTZ4TQAUEW7eqCSTIGD9GyhZmd5ofQuV
	OKF5MT2t9BH1PiX2y+zTc83lhhUBgDQBtf95p+XHAagNpOhK3VxCPPPZ7nkCr5ID4BNht5
	5oPxw71lAeRqv28edXlsy3+kvWjY/R0dMfRcDFWtlSEhNMFiTjP97Rf424L6Aw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743529573;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=msZiYxftCzCSlMZfw+FNcS3VnV5R0zccEDPlC+/tZPQ=;
	b=LvVP81toDX5C8l6qN24b+K1N+L46GDP9aMaAsiV5PiC3LPSpRJ1HETVoZ/waSSL3BnWoOX
	8j8iFbzOFcz8CVBRMoMIN2quHQhr9oT90MD8LbOllM3FQCE26gnLkrok5N8CP6pVBDX6SK
	qVdtWq96KfOqQ/gwyCKictygN+k37N+n44SmwsckgVbSxJzl1OkPNqrVs+b2ckSgOxtEy6
	Rz86r+WnbrDHb7kOEN0U51hdJcMVJYxujo4kMmQW+jNPbu5AQZU7VnygsB+r/Q9PyU/oc2
	QL86PYKS5Sd+W7R8pP5kjeezlXXM6NTd5hF8PNA9qi6TgEFcO4tFbVDEoj5MqA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRwQs1yDTzhXn;
	Tue, 01 Apr 2025 17:46:13 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 531HkD1t050194;
	Tue, 1 Apr 2025 17:46:13 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 531HkDCV050191;
	Tue, 1 Apr 2025 17:46:13 GMT
	(envelope-from git)
Date: Tue, 1 Apr 2025 17:46:13 GMT
Message-Id: <202504011746.531HkDCV050191@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Colin Percival <cperciva@FreeBSD.org>
Subject: git: 479872ce9194 - stable/14 - pci_host_generic: Support
  ACPI_IVAR_HANDLE
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: cperciva
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 479872ce91942466a4c421541acbe5865da66bd8
Auto-Submitted: auto-generated

The branch stable/14 has been updated by cperciva:

URL: https://cgit.FreeBSD.org/src/commit/?id=479872ce91942466a4c421541acbe5865da66bd8

commit 479872ce91942466a4c421541acbe5865da66bd8
Author:     Andrew Turner <andrew@FreeBSD.org>
AuthorDate: 2024-12-12 16:30:28 +0000
Commit:     Colin Percival <cperciva@FreeBSD.org>
CommitDate: 2025-04-01 17:43:57 +0000

    pci_host_generic: Support ACPI_IVAR_HANDLE
    
    In the ACPI attachment support the ACPI_IVAR_HANDLE ivar. While here
    use the common ivar function to support the common ivars.
    
    Reviewed by:    imp, jhb
    Sponsored by:   Arm Ltd
    Differential Revision:  https://reviews.freebsd.org/D48047
    
    (cherry picked from commit deb36d0c65436d16b04f99cc2a27bd0f3980a6f0)
---
 sys/dev/pci/pci_host_generic_acpi.c | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)

diff --git a/sys/dev/pci/pci_host_generic_acpi.c b/sys/dev/pci/pci_host_generic_acpi.c
index 0cd17d5f5555..b389eeb16fcf 100644
--- a/sys/dev/pci/pci_host_generic_acpi.c
+++ b/sys/dev/pci/pci_host_generic_acpi.c
@@ -343,23 +343,16 @@ static int
 generic_pcie_acpi_read_ivar(device_t dev, device_t child, int index,
     uintptr_t *result)
 {
-	struct generic_pcie_acpi_softc *sc;
-
-	sc = device_get_softc(dev);
-
-	if (index == PCIB_IVAR_BUS) {
-		*result = sc->base.bus_start;
-		return (0);
-	}
+	ACPI_HANDLE handle;
 
-	if (index == PCIB_IVAR_DOMAIN) {
-		*result = sc->base.ecam;
+	switch (index) {
+	case ACPI_IVAR_HANDLE:
+		handle = acpi_get_handle(dev);
+		*result = (uintptr_t)handle;
 		return (0);
 	}
 
-	if (bootverbose)
-		device_printf(dev, "ERROR: Unknown index %d.\n", index);
-	return (ENOENT);
+	return (generic_pcie_read_ivar(dev, child, index, result));
 }
 
 static int

From nobody Tue Apr  1 17:46:14 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRwQt6Klyz5rsKG;
	Tue, 01 Apr 2025 17:46:14 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRwQt3Qnvz3Krg;
	Tue, 01 Apr 2025 17:46:14 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743529574;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Kk1ACLrwTWjw1pmuYrnYSA36KO4cS/USoKAyIYZ0EgI=;
	b=FtUCBh2RFYPu5wPK7nB4oozV156xe+FKCMFlGQIt6CQ951ckqyp5VbRVKZWerkOZIm3ADk
	mIS03zEDWSx0g5qX8BQNvkez4wNHo2yVMTCK92FJ+p2JDhh5WuqATPL6gb/goWI2t9rNn0
	m99DG+esQiK9rBvEjgI1S6gUWf0ovZEV5XSFbgBvlIK93OWijYdso5XSh45Z/4lx/nOR80
	cYaZIaIgyHPWCPRsk2ppBBmAIjYTsmVrs7h3x1rpUGF0D7rnD4tkaFcfO4V0iqyEVypAwd
	CTWOwjFLJxpCQ2nGBwGGrPJMOlgj/WgiieLNkgsUzByzoovMCPjf9Cbv/DB7iQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743529574; a=rsa-sha256; cv=none;
	b=DHmFg90Qb1YcKqKP1geoAl86MGsKoPe4/VXodKT9gE5zEltBttAbFSv9VwLhvr/wR7vlKj
	BpPHn4x5ZNijoshEDYThwc2LbRlsX0+ZTZKsyjGpzXURpt1B/s/WT9XBXfrRY/3rTsU8nl
	SaTsWdxRncGXY/QrJcs9cQUaS2dnKcwxl7rOPCkOW5D7M7eeg4riJrPcSCcibBbyEl9Jrg
	87W1VxoG5zNEaMxyVt/RwzJHJyhezjLhxuyIpSGnlUexrhlz6oc8BxVlVuhKz2xT3+7tCE
	Sc49Z2VjCD2p67T+BthTJpXowzbysuq8tt5s7aNe5YIfmD2oPhEc7rTC9Yq4bA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743529574;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Kk1ACLrwTWjw1pmuYrnYSA36KO4cS/USoKAyIYZ0EgI=;
	b=lQnv5UUHlONaAEPvPLhxGnKuxpdS6uHsxulzE/rpcgC4lsMUJ3XmPpJ7fjZ2FbYgkWQxql
	YbU9fksSHaV7IenIeSS5qbqe6GvtXGhz9THYaq4MKPu96rLZsY5brRDmxULOU0vQ1smOD4
	NG3JB5OFrmEZ2wP3bl7c2wZDyIiiLOazW5S0iX0R51B6Q4ILTeTxXdIOfZGnhQeCVr68ZH
	m9XiSDes3BIHF65rRGOAcYYCetwkGaa3cOohlj4zBUvh+ykMDH6gUG7B2BlHOCjtDhx7WN
	VQOE97fTYKzze7cCbUrOBL8lkgSnckbjqYQ/7UL6WeWs7LbzngDlw2biHEnLXw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRwQt2Sj1zh3F;
	Tue, 01 Apr 2025 17:46:14 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 531HkEl1050226;
	Tue, 1 Apr 2025 17:46:14 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 531HkEAd050223;
	Tue, 1 Apr 2025 17:46:14 GMT
	(envelope-from git)
Date: Tue, 1 Apr 2025 17:46:14 GMT
Message-Id: <202504011746.531HkEAd050223@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Colin Percival <cperciva@FreeBSD.org>
Subject: git: 3c9eae3c11da - stable/14 - pci_host_generic:Add
  pcib_request_feature on ACPI
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: cperciva
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 3c9eae3c11da69103389c2a1fd5a7c34948e6e13
Auto-Submitted: auto-generated

The branch stable/14 has been updated by cperciva:

URL: https://cgit.FreeBSD.org/src/commit/?id=3c9eae3c11da69103389c2a1fd5a7c34948e6e13

commit 3c9eae3c11da69103389c2a1fd5a7c34948e6e13
Author:     Andrew Turner <andrew@FreeBSD.org>
AuthorDate: 2024-12-12 16:30:39 +0000
Commit:     Colin Percival <cperciva@FreeBSD.org>
CommitDate: 2025-04-01 17:43:57 +0000

    pci_host_generic:Add pcib_request_feature on ACPI
    
    In the ACPI attachment add support for the pcib_request_feature method.
    This uses the common _OSC handling.
    
    Reviewed by:    imp, jhb
    Sponsored by:   Arm Ltd
    Differential Revision:  https://reviews.freebsd.org/D48048
    
    (cherry picked from commit 1f5c50a8617355758510675cb9412f56fed12efc)
---
 sys/dev/pci/pci_host_generic_acpi.c | 27 +++++++++++++++++++++++++++
 sys/dev/pci/pci_host_generic_acpi.h |  1 +
 2 files changed, 28 insertions(+)

diff --git a/sys/dev/pci/pci_host_generic_acpi.c b/sys/dev/pci/pci_host_generic_acpi.c
index b389eeb16fcf..992e8b5c8b8d 100644
--- a/sys/dev/pci/pci_host_generic_acpi.c
+++ b/sys/dev/pci/pci_host_generic_acpi.c
@@ -287,6 +287,8 @@ pci_host_generic_acpi_init(device_t dev)
 	sc = device_get_softc(dev);
 	handle = acpi_get_handle(dev);
 
+	acpi_pcib_osc(dev, &sc->osc_ctl, 0);
+
 	/* Get Start bus number for the PCI host bus is from _BBN method */
 	status = acpi_GetInteger(handle, "_BBN", &sc->base.bus_start);
 	if (ACPI_FAILURE(status)) {
@@ -503,6 +505,30 @@ generic_pcie_acpi_get_id(device_t pci, device_t child, enum pci_id_type type,
 	return (pcib_get_id(pci, child, type, id));
 }
 
+static int
+generic_pcie_acpi_request_feature(device_t pcib, device_t dev,
+    enum pci_feature feature)
+{
+	struct generic_pcie_acpi_softc *sc;
+	uint32_t osc_ctl;
+
+	sc = device_get_softc(pcib);
+
+	switch (feature) {
+	case PCI_FEATURE_HP:
+		osc_ctl = PCIM_OSC_CTL_PCIE_HP;
+		break;
+	case PCI_FEATURE_AER:
+		osc_ctl = PCIM_OSC_CTL_PCIE_AER;
+		break;
+	default:
+		return (EINVAL);
+	}
+
+	return (acpi_pcib_osc(pcib, &sc->osc_ctl, osc_ctl));
+}
+
+
 static device_method_t generic_pcie_acpi_methods[] = {
 	DEVMETHOD(device_probe,		generic_pcie_acpi_probe),
 	DEVMETHOD(device_attach,	pci_host_generic_acpi_attach),
@@ -516,6 +542,7 @@ static device_method_t generic_pcie_acpi_methods[] = {
 	DEVMETHOD(pcib_release_msix,	generic_pcie_acpi_release_msix),
 	DEVMETHOD(pcib_map_msi,		generic_pcie_acpi_map_msi),
 	DEVMETHOD(pcib_get_id,		generic_pcie_acpi_get_id),
+	DEVMETHOD(pcib_request_feature,	generic_pcie_acpi_request_feature),
 
 	DEVMETHOD_END
 };
diff --git a/sys/dev/pci/pci_host_generic_acpi.h b/sys/dev/pci/pci_host_generic_acpi.h
index 802099abb9d7..5617da971306 100644
--- a/sys/dev/pci/pci_host_generic_acpi.h
+++ b/sys/dev/pci/pci_host_generic_acpi.h
@@ -35,6 +35,7 @@
 struct generic_pcie_acpi_softc {
 	struct generic_pcie_core_softc base;
 	int segment;
+	uint32_t		osc_ctl;
 	ACPI_BUFFER		ap_prt;		/* interrupt routing table */
 };
 

From nobody Tue Apr  1 17:46:15 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRwQw4vzTz5rsQW;
	Tue, 01 Apr 2025 17:46:16 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRwQv5D52z3L3N;
	Tue, 01 Apr 2025 17:46:15 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743529575;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=OlKjjqJcJUBIJ5CqtD81XNKXZrQ6Roa3VJD8hRoCeJQ=;
	b=XgL0sCYE5FnAFTigkZUMPcgPwk8Tw2rnRuM2JDZSbQyc0AIN7rZLETywlbdDeF5752pJnb
	th89hIqOLjvozFNoPxvMAdbuoGYavX+gfksYPywjghmb1zfq32sG37Fhi8ZVidE7S6xP6J
	qaWqs/UBon0tyf9DXdjNf3enLQPo++LYnxEF5oEweXv0g8RslzsQaGjgklsChgdarr18G6
	BxRT7MMwHvP1Teb5WfLluEjAHrqibyzY11jGekaqGrn2fwlNBKZsTGEnxZwYlj4GOe3qBB
	D1MRaCVHBM2+bQtm92N6XN1fzF7/jy/qwR9OSzPrnmRKist9kI/cmmXMpukX7g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743529575; a=rsa-sha256; cv=none;
	b=WMaJJb8mFlHWEtkNveEaELsBZrHo8xc+5QZyOpYUqMJkzHrODCXgXksScccSgNmf1NVuIN
	NRTLlU1eBZ9UiowA34RaI+NhDxq39WiqdAXlLKOEj5TvrpBwByVG9hFeIjort7dGZjfchA
	OpbxkIq2NPgDG8nCwad4Wl2XRYAWRIOJgkhW+KFYpQK9ILkZ2PQq7+kxCtHa1ja/XDc+du
	mczOyz4X0ONSWUr4Wt8DosB5FLstDz66H3bjA+fuBxjn3bOS0zmKBpGzb7KEXo4xgtHdGK
	KolS8M5tsEbTPmU3vpNxsaaElK1zzyTFmlJO8Pi3n8Gysz9UPau/HVurlk/j6A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743529575;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=OlKjjqJcJUBIJ5CqtD81XNKXZrQ6Roa3VJD8hRoCeJQ=;
	b=Si3wWRxrELiAPhRo3QbxEz6+xX3Gg8qA+PimgskKCNJINLvW2NtHq6abpQdo2roKEgpMUR
	lT7FpzU0GR5uQJ/GEY4eq/8JaKoFccIgQ0n6luVa1Vql4acVO38Ce02JCYCK4HWeapuu9B
	cyMlTja1opWAbkQm9CNKqN3Anl44AVn5X+Q/LCsSGcW44uk5X2g897B3pcjMPD/CTtMRmq
	CXbbekJTwJdq86U2agPGImS0TtH4CU55C5TCz7ab21wIDvl1FxVsyybhfFqjVJS32NuEV1
	TX70krJCSPcaamZLBRhK1EPyQYA8qyuZ8HWIttyQJpEx4HNkMfN3w0Nd1Ih8cg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRwQv35rpzhS9;
	Tue, 01 Apr 2025 17:46:15 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 531HkFi3050265;
	Tue, 1 Apr 2025 17:46:15 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 531HkF70050262;
	Tue, 1 Apr 2025 17:46:15 GMT
	(envelope-from git)
Date: Tue, 1 Apr 2025 17:46:15 GMT
Message-Id: <202504011746.531HkF70050262@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Colin Percival <cperciva@FreeBSD.org>
Subject: git: 355f02cddbf0 - stable/14 - conf: Add acpi_pci.c to
  the arm64 build
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: cperciva
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 355f02cddbf017706d3293f09ed6c2b5570936c1
Auto-Submitted: auto-generated

The branch stable/14 has been updated by cperciva:

URL: https://cgit.FreeBSD.org/src/commit/?id=355f02cddbf017706d3293f09ed6c2b5570936c1

commit 355f02cddbf017706d3293f09ed6c2b5570936c1
Author:     Andrew Turner <andrew@FreeBSD.org>
AuthorDate: 2024-12-12 16:30:50 +0000
Commit:     Colin Percival <cperciva@FreeBSD.org>
CommitDate: 2025-04-01 17:43:58 +0000

    conf: Add acpi_pci.c to the arm64 build
    
    Reviewed by:    jhb, emaste, cperciva
    Relnotes:       yes (Support PCIe hotplug on arm64)
    Sponsored by:   Arm Ltd
    Differential Revision:  https://reviews.freebsd.org/D48049
    
    (cherry picked from commit 38cb1ba8637d08ce3f6b3c614f39698db153cd4d)
---
 sys/conf/files.arm64 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/conf/files.arm64 b/sys/conf/files.arm64
index 563a8e93c3ad..cf2e1d22da88 100644
--- a/sys/conf/files.arm64
+++ b/sys/conf/files.arm64
@@ -150,6 +150,7 @@ crypto/openssl/aarch64/vpaes-armv8.S		optional ossl		\
 
 dev/acpica/acpi_bus_if.m			optional acpi
 dev/acpica/acpi_if.m				optional acpi
+dev/acpica/acpi_pci.c				optional acpi pci
 dev/acpica/acpi_pci_link.c			optional acpi pci
 dev/acpica/acpi_pcib.c				optional acpi pci
 dev/acpica/acpi_pxm.c				optional acpi

From nobody Tue Apr  1 17:46:16 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRwQx2Hyyz5rsk4;
	Tue, 01 Apr 2025 17:46:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRwQw5JY9z3L8K;
	Tue, 01 Apr 2025 17:46:16 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743529576;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=ITbOZEq6NrVNqm+XJ/jezUzjQNi7I6wI14hLo3bnj5M=;
	b=lvOFeRqLNhrxy3LsFK1VgOkUiUVj++8Piy7sxlj7/3BD2MbxuxVTI++MmAORp1M2dM1TXk
	gZLIbh9U+DQgbfKGTC7zE6S0PGkeA8uOxhNIsnHLO4JJkcWpz7UYcrjXvakWHEMSvOm+sR
	L0mPyVBnE6+Mq0II7ajFm2gCaWY1gtrELKOflZemTGVWOkdy4yrDXSssdBirm3GFlWstIx
	mq5vvHCPzrEta2Gom74xtr/uxn4BGoaUwcYCRVdyEviaQrfHFkdcVi8HOVAcXuwwYHHl/X
	dnMwFQ1KCHwkCexzg6DPGtNXkgFx/AST2NzZ/I3uqfSZY5jBrVwcYDezbdqlyA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743529576; a=rsa-sha256; cv=none;
	b=gmwcDwXOx4xgDrIDKL7Av5jx7CMxUbN2H7k3uCA90n3U+mOpkuspUYVtYu7Sfv7VlIK3VC
	e2gkYHZimVUs6WICngomCmL/KGqJnkn8PdyVO1wpWnP/oYULswOPhx7oPU7t67wZijdDLn
	jud4Y0pDOvvm/SYXlLqiujPv2lI6E4fDAMRbnrkruaiUtyjzPDlnf2Z56oDpCOnDKWd3PF
	53CgoMa2XC/dPwz9CgTCH4s9P6LW5rygQ011+V0IUO+nR5eJre9kv63h5rWsi4h7e8kTkz
	QrI8v8F2Pv/e9lj8Ug8kW5eg32mCGlqdSEwoLSSq1NuasINwo+woeeYsTrMzKw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743529576;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=ITbOZEq6NrVNqm+XJ/jezUzjQNi7I6wI14hLo3bnj5M=;
	b=N84tBCluqMYXdUoQxzwm0Sps46ABRF9ML3iRiAltqWMhwpgqzpt6MdtW+mzi8OUHoU/2rE
	jof9hB+ww5JmegOCK4EyOre4hUZpx8DBZca12delXsSbIQ05kgMOimF/vSv+B+oPVOWwdV
	p8tLUpBH0RRFpeb1sTndw91OIivv+3Qy5xXNPluwyfhivWEOldEMkb4UpwZT9MFY2XQ5BV
	IBdoGBMJJFqr4SdqkRRgq7tFTaVM4oULSK4SgL9yqqKiu1SIxPVuSxnbFHrj2jgwcbSTmq
	eceA+bHhudVMd9jg7lK82eCbd6tJpmHDipt6DqJc6UDt3h8YFzR3aGKWdnpqZA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRwQw4MKtzh7f;
	Tue, 01 Apr 2025 17:46:16 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 531HkGJW050299;
	Tue, 1 Apr 2025 17:46:16 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 531HkGCF050296;
	Tue, 1 Apr 2025 17:46:16 GMT
	(envelope-from git)
Date: Tue, 1 Apr 2025 17:46:16 GMT
Message-Id: <202504011746.531HkGCF050296@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Colin Percival <cperciva@FreeBSD.org>
Subject: git: 423362c3d8d6 - stable/14 - pci: Only claim to support
  PCI ASPM on x86
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: cperciva
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 423362c3d8d6a236c49e7f9d667032c05d5c170d
Auto-Submitted: auto-generated

The branch stable/14 has been updated by cperciva:

URL: https://cgit.FreeBSD.org/src/commit/?id=423362c3d8d6a236c49e7f9d667032c05d5c170d

commit 423362c3d8d6a236c49e7f9d667032c05d5c170d
Author:     Andrew Turner <andrew@FreeBSD.org>
AuthorDate: 2025-01-03 15:50:38 +0000
Commit:     Colin Percival <cperciva@FreeBSD.org>
CommitDate: 2025-04-01 17:43:58 +0000

    pci: Only claim to support PCI ASPM on x86
    
    We claim to support Active State Power Management, but don't appear to
    do anything different in the kernel when it's enabled other than tell
    the firmware we do.
    
    This breaks VMware Fusion on Apple Silicon when it's enabled as it
    expects the kernel to enable the ports. As it is reported to be needed
    on some x86 servers keep it enabled there, but disable on non-x86
    architectures.
    
    Reported by:    kp, tuexen
    Reviewed by:    tuexen, mav, imp, jhb
    Sponsored by:   Arm Ltd
    Differential Revision:  https://reviews.freebsd.org/D48303
    
    (cherry picked from commit 143dff0f9ce9a6f03ae5701368c7144b30e2dc39)
---
 sys/dev/pci/pci.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/sys/dev/pci/pci.c b/sys/dev/pci/pci.c
index b40a352a4818..102027123976 100644
--- a/sys/dev/pci/pci.c
+++ b/sys/dev/pci/pci.c
@@ -409,7 +409,15 @@ static int pci_enable_ari = 1;
 SYSCTL_INT(_hw_pci, OID_AUTO, enable_ari, CTLFLAG_RDTUN, &pci_enable_ari,
     0, "Enable support for PCIe Alternative RID Interpretation");
 
+/*
+ * Some x86 firmware only enables PCIe hotplug if we claim to support aspm,
+ * however enabling it breaks some arm64 firmware as it powers off devices.
+ */
+#if defined(__i386__) || defined(__amd64__)
 int pci_enable_aspm = 1;
+#else
+int pci_enable_aspm = 0;
+#endif
 SYSCTL_INT(_hw_pci, OID_AUTO, enable_aspm, CTLFLAG_RDTUN, &pci_enable_aspm,
     0, "Enable support for PCIe Active State Power Management");
 

From nobody Tue Apr  1 17:46:17 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZRwQy3HxFz5rsbl;
	Tue, 01 Apr 2025 17:46:18 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZRwQx5N5Hz3L3m;
	Tue, 01 Apr 2025 17:46:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743529577;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Nc9koE9+2DFL6FhNTg//1tLGvJtwEotWnIA4a9D6Lp0=;
	b=fV97jL+mkNmdWWhMnsiymzHCALJNdkBtBn9tN7JCtwGcgbr70bOG3IDUArL1Kxb26jp67l
	+t5g7kWGt/zB4WBKdavHEysW5cSQ/ez/Cs9VcT/sr65V7nXOW3hwpy4krNctZ7xlmlUrAs
	J2ckhPxXFfVHXsdxQvQxs/4NUqxJPJV9GVYbdyHQ6AyF80dr72wffCBx0Kr9gPaxyFtHGv
	Xe2hiwC4dRuwjiiEN2STD87Ka1LVwL4VOvWazt4rOLkGE5+8wCH0wzkK/ZcE2If+lcK1w8
	B1t3QMKo5eZ1pDV2py8c2ptnnE2E37L7glLtz7Qv0QzcyQ1oDWtXDVuUlYzFuA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743529577; a=rsa-sha256; cv=none;
	b=lV+FAQ/8TrwmQ1iyvv6wGcr/5ma70K2dSh9CaLBV3PQmZT7KVJ46yQpgh1MfgXYA0GmwXm
	+6zDDPHB5WCG1SoVwWA4fPzR/txsodh2eAl9CP/AAN9662PFYoL3lhx1WM/m7OXdqotEyO
	dEj/9WTWtpybf66GEEBic5WByxs3wbM9oRCK4rs/399Lv21gG738YmxquCptg9KoFw6gvl
	OsjO202BCxPYxpiukANqWuidaCkTRuitIBduOkjIUt2Ydytp8X6V4MtDpaYzG/RsAuBNMr
	IQBXgX8ce6N9kj5146C20dl4uvWgDTiI+wD4cVcnh3RbDhWpHrBLRpLSOUKMsg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743529577;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Nc9koE9+2DFL6FhNTg//1tLGvJtwEotWnIA4a9D6Lp0=;
	b=PxdL4iZa1kIaqgN/OfUOtO5ZLoc5P1qfErbOeSeK84TG7W8GY9NoYzTC5ZVdpk+MsBeTVs
	jOBSh7HjJnFLjQqwJCx5Q2KNuQeO5DZjKCvZzVKgfKD0spswq5vTghODLe5PE+eO3mjnlx
	VNAAz3wQa5uqGjtIhGY79wu+WuXJi+8d8zbUGv0/gDraPEt/GUJo5SeNr//Esor/KTRVHU
	3rib4xfCM5VLtH79wPInjtiMDIEMi8ZbgEVMIRuB2hWPxJdqrYjcQcssWpW4xmOaesUB8n
	NjWkupmHbVkCv/KLnLFmzPdk7vR4820+SA5600ZCkuWrYAT/pVYA6lqVY1ijMw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZRwQx4yf3zh7g;
	Tue, 01 Apr 2025 17:46:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 531HkHts050331;
	Tue, 1 Apr 2025 17:46:17 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 531HkHLJ050328;
	Tue, 1 Apr 2025 17:46:17 GMT
	(envelope-from git)
Date: Tue, 1 Apr 2025 17:46:17 GMT
Message-Id: <202504011746.531HkHLJ050328@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Colin Percival <cperciva@FreeBSD.org>
Subject: git: a64357f31b7c - stable/14 - acpi_pci: Add quirk for
  PSTAT_PME-before-detach
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: cperciva
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: a64357f31b7c798452e7aca4e6ec34c2842a4fc1
Auto-Submitted: auto-generated

The branch stable/14 has been updated by cperciva:

URL: https://cgit.FreeBSD.org/src/commit/?id=a64357f31b7c798452e7aca4e6ec34c2842a4fc1

commit a64357f31b7c798452e7aca4e6ec34c2842a4fc1
Author:     Colin Percival <cperciva@FreeBSD.org>
AuthorDate: 2025-02-27 00:31:08 +0000
Commit:     Colin Percival <cperciva@FreeBSD.org>
CommitDate: 2025-04-01 17:43:58 +0000

    acpi_pci: Add quirk for PSTAT_PME-before-detach
    
    In order to signal to Graviton [123] systems that a device is ready
    to be "ejected" (after a detach request is made via the EC2 API) we
    need to set PCIM_PSTAT_PME to 1 and PCIM_PSTAT_PMEENABLE to 0.  We are
    not aware of any rationale for this requirement beyond "another OS
    kernel happens to do this", i.e. this is effectively bug-for-bug
    compatibility.
    
    Arguably this should be done by the ACPI _EJ0 method on these systems,
    but it is not.
    
    Create a new ACPI_Q_CLEAR_PME_ON_DETACH quirk and set it in EC2 AMIs,
    and add the PCI register write to acpi_pci_device_notify_handler when
    that quirk is set.
    
    Reviewed by:    jhb
    MFC after:      1 month
    Sponsored by:   Amazon
    Differential Revision:  https://reviews.freebsd.org/D49146
    
    (cherry picked from commit d70bac252d30adec4feba0c866dabe2c16a756d9)
---
 release/tools/ec2.conf    | 7 +++++--
 sys/dev/acpica/acpi_pci.c | 9 +++++++++
 sys/dev/acpica/acpivar.h  | 3 +++
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/release/tools/ec2.conf b/release/tools/ec2.conf
index 1fe44118fd3e..21ea56d109ca 100644
--- a/release/tools/ec2.conf
+++ b/release/tools/ec2.conf
@@ -65,8 +65,11 @@ ec2_common() {
 
 	# Graviton 1 through Graviton 4 have a bug in their ACPI where they
 	# mark the PL061's pins as needing to be configured in PullUp mode
-	# (in fact the PL061 has no pullup/pulldown resistors).
-	echo 'debug.acpi.quirks="8"' >> ${DESTDIR}/boot/loader.conf
+	# (in fact the PL061 has no pullup/pulldown resistors).  Graviton 1
+	# through Graviton 3 have non-functional PCI _EJ0 and need a value
+	# written to the PCI power status register in order to eject a
+	# device.
+	echo 'debug.acpi.quirks="24"' >> ${DESTDIR}/boot/loader.conf
 
 	# Load the kernel module for the Amazon "Elastic Network Adapter"
 	echo 'if_ena_load="YES"' >> ${DESTDIR}/boot/loader.conf
diff --git a/sys/dev/acpica/acpi_pci.c b/sys/dev/acpica/acpi_pci.c
index 6411af02ee58..97704111839b 100644
--- a/sys/dev/acpica/acpi_pci.c
+++ b/sys/dev/acpica/acpi_pci.c
@@ -391,6 +391,8 @@ acpi_pci_device_notify_handler(ACPI_HANDLE h, UINT32 notify, void *context)
 {
 	device_t child, dev;
 	ACPI_STATUS status;
+	int pmc;
+	uint16_t pmstat;
 	int error;
 
 	dev = context;
@@ -416,6 +418,13 @@ acpi_pci_device_notify_handler(ACPI_HANDLE h, UINT32 notify, void *context)
 			    device_get_nameunit(child), error);
 			return;
 		}
+		if ((acpi_quirks & ACPI_Q_CLEAR_PME_ON_DETACH) &&
+		    (pci_find_cap(child, PCIY_PMG, &pmc) == 0)) {
+			pmstat = pci_read_config(child, pmc + PCIR_POWER_STATUS, 2);
+			pmstat &= ~PCIM_PSTAT_PMEENABLE;
+			pmstat |= PCIM_PSTAT_PME;
+			pci_write_config(child, pmc + PCIR_POWER_STATUS, pmstat, 2);
+		}
 		status = acpi_SetInteger(h, "_EJ0", 1);
 		if (ACPI_FAILURE(status)) {
 			bus_topo_unlock();
diff --git a/sys/dev/acpica/acpivar.h b/sys/dev/acpica/acpivar.h
index 668d0b51a1f3..830764434f48 100644
--- a/sys/dev/acpica/acpivar.h
+++ b/sys/dev/acpica/acpivar.h
@@ -230,6 +230,8 @@ extern struct mtx			acpi_mutex;
  *	compatible flag and ignoring overrides that redirect IRQ 0 to pin 2.
  * ACPI_Q_AEI_NOPULL: Specifies that _AEI objects incorrectly designate pins
  *	as "PullUp" and they should be treated as "NoPull" instead.
+ * ACPI_Q_CLEAR_PME_ON_DETACH: Specifies that PCIM_PSTAT_(PME & ~PMEENABLE)
+ *	should be written to the power status register as part of ACPI Eject.
  */
 extern int	acpi_quirks;
 #define ACPI_Q_OK		0
@@ -237,6 +239,7 @@ extern int	acpi_quirks;
 #define ACPI_Q_TIMER		(1 << 1)
 #define ACPI_Q_MADT_IRQ0	(1 << 2)
 #define ACPI_Q_AEI_NOPULL	(1 << 3)
+#define ACPI_Q_CLEAR_PME_ON_DETACH	(1 << 4)
 
 #if defined(__amd64__) || defined(__i386__)
 /*

From nobody Wed Apr  2 07:53:25 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZSHDQ2Pxyz5rty7;
	Wed, 02 Apr 2025 07:53:26 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZSHDQ0Vl6z48N4;
	Wed, 02 Apr 2025 07:53:26 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743580406;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=tbdBvr5xcWtnX2QajG2ZNYSVG7qB95c7dfvftwUOdIo=;
	b=V8gv/Z1aoK9hL21hidGNgHNEmRknQyAqgDfzMz9r7K0U5+A7hAsr1+sQaRl+zSLumZS7Or
	tjNue7ovnSAH9Agb6ULboxPef9qZbNdd3KtpoBezmkLiyNlDaBMw29PnCwp/D0oBxcQwJd
	Ch5NhecbuyChIfA4p1bRL3usfgGTcKdhtuBL36UbgwfnrvSEWB00Pewt32El6nIhNMFobx
	qfM58ddTughz3R4sVOEyP3Qmx5d0f12ZCCrNlBf7RjAnZuzoiV4DVxdNWJoeqiJZn0qVWA
	ls3tOzepfQY41ARibF/bXiI0HLZRZ+SNKreVdyw0dX92N2ozjhkK1RVE1Ye6XQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743580406; a=rsa-sha256; cv=none;
	b=NfMQIAjtVlgGX/bDElp0LPOXT64pqv0c3r5JVoMiyRH+axZB/mjqkxQ+kKdwhOGNGBcyXr
	l6ijpSszXbd15OkK1f7ZYMCW+IWU79V06Gtvm+WZSo/1WMPCHAR1vpDws25l+83Fb0aY5U
	6H1xpyWyx8K26+zgc6EJaHQLyEfqp+TqAYntqrh5JYtxwlW7cq/bBYWDAdS9BODujxNbme
	exyIKarv/PN6QSTGOWpiuP69fg+7HnOya2RoORVKQDZNUT/y3WXF4P00EAEHq4pEofgFU7
	m7gBQi3S/JdSJiz8Ice7WBJPNmSD0/anVHUFOC7QPVtT5JFo6xIsR30S93oxUg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743580406;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=tbdBvr5xcWtnX2QajG2ZNYSVG7qB95c7dfvftwUOdIo=;
	b=AaYqZIoXbvNyYCSLglXq7QUBU7StfGmFMDa0bzGaf79ozp2g9O7jnGGpC50HNkcM/4gJ6r
	TMfySfqlyoSYqAJ/lDPWHoox4/DUy2d1RVrlQSki0ufzsVFrFLB60KMyC/baELBZ50Y4TH
	fXlXjtxCexvFAn0XwkHgCY5MMhL1L1G/1vmjBKdNohT/LnO6b0SiuG8aJ1yq3tmJ7GcEWn
	wedGfS7XVVC0UYdU4kbk2i71sSQCB7L6MrnlR22IzWNuXL6Dh6m9NB4qlbWv7e4rmJLfc2
	TfQYzeVRzaeVnfUEUamglDy2sh7QMDOVgHjxIKclo9aiGBkvr7dHweTVG+2WyQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZSHDQ042Gz16dm;
	Wed, 02 Apr 2025 07:53:26 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5327rPGQ038964;
	Wed, 2 Apr 2025 07:53:25 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5327rPq6038961;
	Wed, 2 Apr 2025 07:53:25 GMT
	(envelope-from git)
Date: Wed, 2 Apr 2025 07:53:25 GMT
Message-Id: <202504020753.5327rPq6038961@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Subject: git: 5b6d576d22bc - stable/14 - tests: fix test for NULL
  encription
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ae
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 5b6d576d22bc15e8f6e71358c86d6e0df6ab8bcd
Auto-Submitted: auto-generated

The branch stable/14 has been updated by ae:

URL: https://cgit.FreeBSD.org/src/commit/?id=5b6d576d22bc15e8f6e71358c86d6e0df6ab8bcd

commit 5b6d576d22bc15e8f6e71358c86d6e0df6ab8bcd
Author:     Andrey V. Elsukov <ae@FreeBSD.org>
AuthorDate: 2025-03-25 07:23:40 +0000
Commit:     Andrey V. Elsukov <ae@FreeBSD.org>
CommitDate: 2025-04-02 07:52:32 +0000

    tests: fix test for NULL encription
    
    After 04207850a9b9 it is required that key length is not zero.
    Add some key to avoid error.
    
    Reported by:    markj
    
    (cherry picked from commit b6708045590712930c533e916e3d6fdfe48ec5ba)
---
 tests/sys/netipsec/tunnel/empty.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/sys/netipsec/tunnel/empty.sh b/tests/sys/netipsec/tunnel/empty.sh
index dc1d3708f744..56480d21f4ec 100755
--- a/tests/sys/netipsec/tunnel/empty.sh
+++ b/tests/sys/netipsec/tunnel/empty.sh
@@ -11,7 +11,7 @@ v4_head()
 v4_body()
 {
 	# Can't use filename "null" for this script: PR 223564
-	ist_test 4 null ""
+	ist_test 4 null "1234"
 }
 
 v4_cleanup()
@@ -28,7 +28,7 @@ v6_head()
 
 v6_body()
 {
-	ist_test 6 null ""
+	ist_test 6 null "5678"
 }
 
 v6_cleanup()

From nobody Wed Apr  2 07:54:31 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZSHFg4S7Lz5rtyl;
	Wed, 02 Apr 2025 07:54:31 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZSHFg3lKXz4945;
	Wed, 02 Apr 2025 07:54:31 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743580471;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=eodzRu6LPNUbHuYImpE5HxgNUFlNvp4cH2Vz/cSHuDc=;
	b=x6P+C+v3+UstSzKF/0k51/cp7p8BnKgx1Y5SFWxeb4NXcPk/iCemmQMfVMTnHEa9XkD7tb
	2gGzYgMfeO30Kd079vAjz7wysSZqvYHsTMvK3RGg84LfNGq1T+L3TQCECi3DIp86MRUzau
	IrSshslOMSb2LFkQq6uAZhIIWY2bBA7Wn8/ww0cCl/rFgbNm/vDLEmokS+8wAKBJtTF3wY
	iBeAmayoFzyVwed0IgEj+i/K/XsHTQWoKcXFvyGCd3yHFk5Kdz5vjCiIEQo65b0wO1VHdF
	8HNJ39KQN0sfyiHkr/JOscF7d6LpuLarNU1mQgha12GwtdgupqN/mwmlUB81pQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743580471; a=rsa-sha256; cv=none;
	b=PW97dWW28tVKnG5IKkSnqJ81pyawkiR+5c9xPSrx4ToAK5QePaDP6O4oUp4BZaXrH+INpY
	ywVq11mW70d+cEvsROCP4DFc9RYwuU5XQNg+XKp2sOj4hhFwo08h/MQbZC0t/8NPoJJGUy
	gjtQ5uExin0yzTtLT1NYoUz76WEfRA1sSL/nK92zz46+6Sq4ENMKxkoZ/RNw13PJ58yKC5
	HhSn4MBzx9iDrrPp7tSMz8m3xNyZulgHSCJT+jO0fsCIZFEKGdvj/9lrWeGzDIIAVKcPUP
	7FZbaFvmWalqql1JIC8UBLEL3bHHmU/U5MTkjUJd4Ru3N8RSQmzRl0VRqACCCA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743580471;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=eodzRu6LPNUbHuYImpE5HxgNUFlNvp4cH2Vz/cSHuDc=;
	b=OhywG/2OLZI1hKu+3ThGhL7BMDVQiWVGfhZa2Ql5GrGsmbLZW2Vpz1/3BK2DdZqUk4UnBj
	wXY9MLF5Rcx+QDNpL2SoBCXCYtnH1m+Nbe4Bu4uhip2AimglL7lZP1a/U/96B/HxtmvB0A
	5tY4Kgafsha4BXBitaliAtLvAw/KhtNtVc/UaFa0lOknZizg7v02rCkXdelSJYtnQk1+Xg
	8ETM2YKfragg/4fbAiUd9Hl0iVXk00Y6ZeuXzxvt/qgMVld1U6GYIdITjOhldEJb+GjOlx
	4xC7PrJPOsMycNvWFj0ueM3Rxjip7tfyxS/KSNQ8UXdGKBf/B9lGHIAGwNSeJA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZSHFg3CV7z16pq;
	Wed, 02 Apr 2025 07:54:31 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5327sVfx039441;
	Wed, 2 Apr 2025 07:54:31 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5327sVRZ039438;
	Wed, 2 Apr 2025 07:54:31 GMT
	(envelope-from git)
Date: Wed, 2 Apr 2025 07:54:31 GMT
Message-Id: <202504020754.5327sVRZ039438@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: "Andrey V. Elsukov" <ae@FreeBSD.org>
Subject: git: f8cd0c8e20b0 - stable/13 - tests: fix test for NULL
  encription
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ae
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: f8cd0c8e20b0be367c9508770a92ea7649f5da4b
Auto-Submitted: auto-generated

The branch stable/13 has been updated by ae:

URL: https://cgit.FreeBSD.org/src/commit/?id=f8cd0c8e20b0be367c9508770a92ea7649f5da4b

commit f8cd0c8e20b0be367c9508770a92ea7649f5da4b
Author:     Andrey V. Elsukov <ae@FreeBSD.org>
AuthorDate: 2025-03-25 07:23:40 +0000
Commit:     Andrey V. Elsukov <ae@FreeBSD.org>
CommitDate: 2025-04-02 07:54:12 +0000

    tests: fix test for NULL encription
    
    After 04207850a9b9 it is required that key length is not zero.
    Add some key to avoid error.
    
    Reported by:    markj
    
    (cherry picked from commit b6708045590712930c533e916e3d6fdfe48ec5ba)
---
 tests/sys/netipsec/tunnel/empty.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/sys/netipsec/tunnel/empty.sh b/tests/sys/netipsec/tunnel/empty.sh
index dc1d3708f744..56480d21f4ec 100755
--- a/tests/sys/netipsec/tunnel/empty.sh
+++ b/tests/sys/netipsec/tunnel/empty.sh
@@ -11,7 +11,7 @@ v4_head()
 v4_body()
 {
 	# Can't use filename "null" for this script: PR 223564
-	ist_test 4 null ""
+	ist_test 4 null "1234"
 }
 
 v4_cleanup()
@@ -28,7 +28,7 @@ v6_head()
 
 v6_body()
 {
-	ist_test 6 null ""
+	ist_test 6 null "5678"
 }
 
 v6_cleanup()

From nobody Wed Apr  2 15:14:49 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZST1j3Ff9z5sQ3r;
	Wed, 02 Apr 2025 15:14:49 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZST1j2fz3z3gMS;
	Wed, 02 Apr 2025 15:14:49 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743606889;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=qCfEbRJ1oXBIgdCsQJ3XHY59MyVKGCc3aAEQG7oIx+Q=;
	b=GBa4xENWD72yrxhsPO5Gu94ziWwXP+mV5glD0N9LPyxMg7ehRcByXUUXZh3PF+8eCkFnUG
	vAefkVJBfPTryCTla/Rd7ioD0DQAu53lIpEJ5IiDu1yhKb167p6Q62+1BLS8Y41wv5DONS
	uQjRpZusLtHgzAepirnyzh7WAxPfH87edwiwZH/YQUq0oU/mbQKQ96cNR5O297rFhpUXn9
	uImeHocKap3rmsHE3VXtHAewSsWi9WeGoQX6n7syrBY4kF3hNe7KJdNwuGRtuH+FY3OTK/
	NiviLlSwqIfxnoTMlCLZKzEgE7qkmKENcgjtgUIY7BEYoUB53PzVLjh33eKgrw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743606889; a=rsa-sha256; cv=none;
	b=Us8oRjm40oefiwiDtLuRBbww05pT35IypctWpViYDWee/ubUj/DqXpO66WZ3MGk1nFxuJl
	b0JVtbfxpz0HF7WanAqSAFCA/mOQOznErhEj2Sj68KSfiZlCdOPJ+7F8bI2DMYfYycihhF
	Q6YPOc0uAtwZWeqae0rzIaRke2V6QfpHz5Es01PNDNsQfgghV+0DVI9pzdwG1s1R90ssjP
	hyWoEhBp2Hy1KOVaTufWZTRLwZr9XCSAwr2q5HaSjKDEnC0HLByONGljuWGInnH71iUYgE
	J1ksAUfEKqp0FwTNFhorJUjLr8HDfm9JU0GxL68Z11xIgCg6WzYpkcSqV7BdTA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743606889;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=qCfEbRJ1oXBIgdCsQJ3XHY59MyVKGCc3aAEQG7oIx+Q=;
	b=IoqKe0gfkFdVH8FjZhmwfC1PGexElzF+HDl30oFTqeJhlVEmt9lWjhPQH1m/qcl9fZREAA
	WA6NA5mcp2tHlwlRyXCNS85tF8j1mXgnoZz67ezn+CulcAEjgJNWwpQta7khYIMaUo2Xr7
	8msd65MagCOSfUi+ouRy8HcHS4xDCbEvBYj2TPETt8uObr0qlDV9gZ3jX2H1f9lBqRJRFl
	+xT5KuhtvP+t/c3hU6LgOxx5eDF8007A9is36ZRXsA5Gx/wRVBZHZP487HVrJ0ll/2JYwv
	88CFgTEohatdQyIf+IQegbJ11OAOzTm4UbLZD7Jc+s5m4lcSzhACPCvV1bL/8w==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZST1j22PMz6NY;
	Wed, 02 Apr 2025 15:14:49 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 532FEnll061373;
	Wed, 2 Apr 2025 15:14:49 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 532FEnJt061370;
	Wed, 2 Apr 2025 15:14:49 GMT
	(envelope-from git)
Date: Wed, 2 Apr 2025 15:14:49 GMT
Message-Id: <202504021514.532FEnJt061370@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: 1cbe8781642e - stable/14 - libdtrace: Fix an off-by-one
  in the priority queue implementation
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 1cbe8781642e0dc961838b87793ffb145f70719a
Auto-Submitted: auto-generated

The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=1cbe8781642e0dc961838b87793ffb145f70719a

commit 1cbe8781642e0dc961838b87793ffb145f70719a
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-03-10 03:00:42 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-04-02 15:14:36 +0000

    libdtrace: Fix an off-by-one in the priority queue implementation
    
    The zero'th index in the array is unused, so a priority queue of N elements
    needs N+1 array slots.  Fix the allocation.
    
    Also fix the assertion in dt_pq_insert(): the assertion needs to be checked
    after incrementing the count of items in the priority queue, otherwise it can
    miss an overflow.
    
    Reported by:    CHERI
    MFC after:      2 weeks
    Sponsored by:   Innovate UK
    Differential Revision:  https://reviews.freebsd.org/D49242
    
    (cherry picked from commit 7ee1bdd094d376fdc547e8ca33e472f1d37a7d79)
---
 cddl/contrib/opensolaris/lib/libdtrace/common/dt_pq.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cddl/contrib/opensolaris/lib/libdtrace/common/dt_pq.c b/cddl/contrib/opensolaris/lib/libdtrace/common/dt_pq.c
index 0cd556abd8f5..ffbac8b6ea1e 100644
--- a/cddl/contrib/opensolaris/lib/libdtrace/common/dt_pq.c
+++ b/cddl/contrib/opensolaris/lib/libdtrace/common/dt_pq.c
@@ -37,7 +37,7 @@ dt_pq_init(dtrace_hdl_t *dtp, uint_t size, dt_pq_value_f value_cb, void *cb_arg)
 	if ((p = dt_zalloc(dtp, sizeof (dt_pq_t))) == NULL)
 		return (NULL);
 
-	p->dtpq_items = dt_zalloc(dtp, size * sizeof (p->dtpq_items[0]));
+	p->dtpq_items = dt_zalloc(dtp, (size + 1) * sizeof (p->dtpq_items[0]));
 	if (p->dtpq_items == NULL) {
 		dt_free(dtp, p);
 		return (NULL);
@@ -73,9 +73,9 @@ dt_pq_insert(dt_pq_t *p, void *item)
 {
 	uint_t i;
 
-	assert(p->dtpq_last < p->dtpq_size);
-
 	i = p->dtpq_last++;
+	assert(i <= p->dtpq_size);
+
 	p->dtpq_items[i] = item;
 
 	while (i > 1 && dt_pq_getvalue(p, i) < dt_pq_getvalue(p, i / 2)) {

From nobody Wed Apr  2 15:14:50 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZST1k5jzSz5sQMq;
	Wed, 02 Apr 2025 15:14:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZST1k34qbz3gMm;
	Wed, 02 Apr 2025 15:14:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743606890;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=4lpPZQiTWomBBpLtGfFZ8hCmag8wRvoMukytbRLL3J0=;
	b=sPpMBdYzcVq7Z2Lu7m7WJnqgeOznZxQv+n+lh7W25++jdKgtJKmlikq/88clpjX5Onl8gd
	z9ySG/iHTdMSZcYUjWnzFErGzZJi3diov7WCDEDv4CEpkm/4SwedGf97BHbCFXXHrIhl+Z
	gHmRSFBueMYG7XdVog14+YeSnTq+hT/Dc13G+SUJIYaS1HC1IycDh8B7mvdm+u4rKPKbKD
	2Ly4hTxS/6OpNGlqPan9fJkSBLIaEXqKnMlV3BdFNhKm+EQ6o6imKrQuqvNpkU3ia4703+
	LdA4y76btaMCHYyFg1eJJtqEuHeORaXrXywQRsTeG9HtcuG4Xyct1KVp3f1jGQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743606890; a=rsa-sha256; cv=none;
	b=G/2nv0dmwWmpOeXJxo+251T1onsEJAkuyJGRlqqtXVQNEtFl/KfcAkVOoPAG6BMYKVhtFx
	rcI3/idvLwEzlv/St1w7OyoFs/UII3ePBvcIwAX8I3XF8sWlAxaAt/hdxjIYPY9wCgdLBy
	CSUjnjW6mQ9fEDhrIc/rZMnrDgGtZ787yAzl0GLQXMtW5TuI0oIXU7B4Bw8ItsRsmUbtti
	hMqAy2TzN0lT9nxyaoxFplTabMXEqz+qQ0FmdodCBuo7tyiF022OgFJWjmXq3MbbgNjfnf
	BcEhIjK8vOa62xFFGPl7jicmmWtAjzIcJ4CfE5ZjaSbnM9ZCURSXL7K7SatjMQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743606890;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=4lpPZQiTWomBBpLtGfFZ8hCmag8wRvoMukytbRLL3J0=;
	b=PVBGiDZxikASlBL+aNVm2dHe5zGdCrvKhceZNYRX+nFYbfU1Gu+x+4wflgeM5Cv4Fq+m0/
	OzNtPNWTJAgZKbGvNi7k3xtNThhUnSZTnadLCfu0f08uVWhcIkN+E1qdD4/apUNEn3ZYkf
	4UL4+swKN1EwB5Kliu4MWgXOYIbVUZiwWEoKZSu2blCza86BuzrUok9BnK02pyqmPObwpK
	haPFFD8kFK6Z41u7wPnOAndK+AtkKS3eidN+E1mZiEhAKYDPLD8H7ehRJN2/gpDOmjJhBn
	rddwjwuQN/SiMWvKfGHo2VllOizXQ1N2K+1BPorUt28Oyndd3e8HnsW1f3iugA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZST1k2TDJz61N;
	Wed, 02 Apr 2025 15:14:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 532FEoTk061409;
	Wed, 2 Apr 2025 15:14:50 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 532FEoLv061406;
	Wed, 2 Apr 2025 15:14:50 GMT
	(envelope-from git)
Date: Wed, 2 Apr 2025 15:14:50 GMT
Message-Id: <202504021514.532FEoLv061406@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: 294cda7e4e33 - stable/14 - dtrace/arm64: Fix
  dtrace_gethrtime()
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 294cda7e4e33cc3f7adcd0300e3868db62cd46f8
Auto-Submitted: auto-generated

The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=294cda7e4e33cc3f7adcd0300e3868db62cd46f8

commit 294cda7e4e33cc3f7adcd0300e3868db62cd46f8
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-03-10 03:01:13 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-04-02 15:14:37 +0000

    dtrace/arm64: Fix dtrace_gethrtime()
    
    This routine returns a monotonic count of the number of nanoseconds elapsed
    since the previous call.  On arm64 it uses the generic system timer.  The
    implementation multiplies the counter value by 10**9 then divides by the counter
    frequency, but this multiplication can overflow.  This can result in trace
    records with non-monotonic timestamps, which breaks libdtrace's temporal
    ordering algorithm.
    
    An easy fix is to reverse the order of operations, since the counter frequency
    will in general be smaller than 10**9.  (In fact, it's mandated to be 1Ghz in
    ARMv9, which makes life simple.)  However, this can give a fair bit of error.
    Adopt the calculation used on amd64, with tweaks to handle frequencies as low as
    1MHz: the ARM generic timer documentation suggests that ARMv8 timers are
    typically in the 1MHz-50MHz range, which is true on arm64 systems that I have
    access to.
    
    MFC after:      2 weeks
    Sponsored by:   Innovate UK
    Differential Revision:  https://reviews.freebsd.org/D49244
    
    (cherry picked from commit 36ae5ce2f2fda35763c2655a19bf1b0ee22fdf3c)
---
 sys/cddl/dev/dtrace/aarch64/dtrace_subr.c | 33 +++++++++++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/sys/cddl/dev/dtrace/aarch64/dtrace_subr.c b/sys/cddl/dev/dtrace/aarch64/dtrace_subr.c
index 20418e3a475b..32e84d8fbfe9 100644
--- a/sys/cddl/dev/dtrace/aarch64/dtrace_subr.c
+++ b/sys/cddl/dev/dtrace/aarch64/dtrace_subr.c
@@ -151,6 +151,32 @@ dtrace_sync(void)
 	dtrace_xcall(DTRACE_CPUALL, (dtrace_xcall_t)dtrace_sync_func, NULL);
 }
 
+static uint64_t nsec_scale;
+
+#define SCALE_SHIFT	25
+
+/*
+ * Choose scaling factors which let us convert a cntvct_el0 value to nanoseconds
+ * without overflow, as in the amd64 implementation.
+ *
+ * Documentation for the ARM generic timer states that typical counter
+ * frequencies are in the range 1Mhz-50Mhz; in ARMv9 the frequency is fixed at
+ * 1GHz.  The lower bound of 1MHz forces the shift to be at most 25 bits.  At
+ * that frequency, the calculation (hi * scale) << (32 - shift) will not
+ * overflow for over 100 years, assuming that the counter value starts at 0 upon
+ * boot.
+ */
+static void
+dtrace_gethrtime_init(void *arg __unused)
+{
+	uint64_t freq;
+
+	freq = READ_SPECIALREG(cntfrq_el0);
+	nsec_scale = ((uint64_t)NANOSEC << SCALE_SHIFT) / freq;
+}
+SYSINIT(dtrace_gethrtime_init, SI_SUB_DTRACE, SI_ORDER_ANY,
+    dtrace_gethrtime_init, NULL);
+
 /*
  * DTrace needs a high resolution time function which can be called from a
  * probe context and guaranteed not to have instrumented with probes itself.
@@ -161,10 +187,13 @@ uint64_t
 dtrace_gethrtime(void)
 {
 	uint64_t count, freq;
+	uint32_t lo, hi;
 
 	count = READ_SPECIALREG(cntvct_el0);
-	freq = READ_SPECIALREG(cntfrq_el0);
-	return ((1000000000UL * count) / freq);
+	lo = count;
+	hi = count >> 32;
+	return (((lo * nsec_scale) >> SCALE_SHIFT) +
+	    ((hi * nsec_scale) << (32 - SCALE_SHIFT)));
 }
 
 /*

From nobody Wed Apr  2 15:14:51 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZST1l6tFfz5sQMt;
	Wed, 02 Apr 2025 15:14:51 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZST1l4QVYz3gBy;
	Wed, 02 Apr 2025 15:14:51 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743606891;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=bPrL7SeIp2CzeNI8abD6cNVDmoqVK9p2lYt77rt9e44=;
	b=FSDmUtqT2uKjcQwPvbGQHnXQ/zXAs8w0/Ix1NGiwkDKC1ldG08WNEwJxaIQ5aFnB7FIrZQ
	38/HKWUK8A5yslhRL1eyq8LOASAjeahVmK7DbJFs6m6C8qSc8IBTUhVEO9MgFKDJEaf28O
	q6TFOamcIQMO9AOGPMhk3cJNDpuwULxvQXfUNECpmQC3XwE4ZU9bUMQs0KwnSEgd1+8qVi
	USbSKwJnj4Pd3dp5E5xllUxGeVsLT0SMDruu8UirieoTSLvCVhOtA+VV8vVi2kjxkm1CBc
	pJwPqx/l6gWMQb9CwScZf6mn+iyHrLS65l9gK85udQHHcQKVXqIUyQ+08fj8+g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743606891; a=rsa-sha256; cv=none;
	b=ghEPKRN7+p9N7v6sgfKuvIWng6180l5MJlJ8DNg/DBxJijR26V2ceKxozg85AKQ5z86UnI
	kcGzHtLPk28qOQ+eEDrhHmzE+tyx132tTct1PxA89OHmB6CEK1C7WtJcK+aMvfzhnhUXOd
	d83hD64P15zQLLFJkLl/H7JuMpV3F5C90VIdotAcmL6zHakWWY11qVOx4h9kSbpsdL3Cj8
	n3kMK6gL+O+uyaImiHI7BEe8xCjtqiTyFDeDVYVxVHnkKrYdWe7ufXH6hNX8XMSuCW97f0
	Mq3xYZAMoOJr7Wgu58RcdXS4U4nV8jeIHYueJs8lCPNOOCLcmTQHYzhXqqG7rA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743606891;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=bPrL7SeIp2CzeNI8abD6cNVDmoqVK9p2lYt77rt9e44=;
	b=MfwrTvK1OdAFOY9sk1pnbhr+B4etD+WM9oPyQiON14yGUHVsekk+Mk6J51itD+jVCIXa9x
	Xkbzlv/7qCCZqg17NYU+qBY8rs/TKORU9VRzuqN9KLjpNfsDx2NjB5k1JQ/9+c8KWyYEb2
	mSeD7P7LheLQ79eIHAzab635kVcUf+R8MiP+uI8ZWVSp6hw+m9bNBVa1IQpihkL6xnCuUb
	MVCxM34+gUKlqXPPcbQzBgBN7W1yYoJwEtJXRwjL2L2I8KOXmhTSDIMjXmeLM7uuvtEJRW
	n4xZ65t4+rgXA+mCmOGSMIJD5I0tnNWtq/UE9qBwZeP3F+xU/dzRZnrAdjyBhg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZST1l3R0jz6Kt;
	Wed, 02 Apr 2025 15:14:51 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 532FEpLl061448;
	Wed, 2 Apr 2025 15:14:51 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 532FEpuj061445;
	Wed, 2 Apr 2025 15:14:51 GMT
	(envelope-from git)
Date: Wed, 2 Apr 2025 15:14:51 GMT
Message-Id: <202504021514.532FEpuj061445@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: 0ae0226cd12a - stable/14 - libdtrace: Fix an off-by-one
  in CPU ID handling
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 0ae0226cd12a0c77ad0c299896fa8792ea7f9cbe
Auto-Submitted: auto-generated

The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=0ae0226cd12a0c77ad0c299896fa8792ea7f9cbe

commit 0ae0226cd12a0c77ad0c299896fa8792ea7f9cbe
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-03-10 03:00:59 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-04-02 15:14:37 +0000

    libdtrace: Fix an off-by-one in CPU ID handling
    
    The illumos-specific _SC_CPUID_MAX is the largest CPU ID in the system.  This
    was mapped to _SC_NPROCESSORS_CONF, which is the total number of CPUs recognized
    by the kernel.  If CPU IDs are contiguous, as is the case on amd64 and arm64,
    this value is one greater than the maximum ID.   As a result, when consuming
    per-CPU dtrace buffers, libdtrace tries to fetch from a non-existent CPU.  This
    is mostly harmless in practice, but still wrong.
    
    As we don't have a sysconf value for the maximum CPU ID, add a wrapper which
    fetches it using the kern.smp.maxid sysctl.
    
    MFC after:      2 weeks
    Sponsored by:   Innovate UK
    Differential Revision:  https://reviews.freebsd.org/D49243
    
    (cherry picked from commit 9a30c8d347bf9aaa89277b6e5a275f737be8edce)
---
 .../opensolaris/lib/libdtrace/common/dt_aggregate.c        |  6 ++++--
 cddl/contrib/opensolaris/lib/libdtrace/common/dt_consume.c |  8 ++++----
 cddl/contrib/opensolaris/lib/libdtrace/common/dt_impl.h    |  1 +
 cddl/contrib/opensolaris/lib/libdtrace/common/dt_subr.c    | 14 ++++++++++++++
 cddl/contrib/opensolaris/lib/libdtrace/common/dtrace.h     |  5 -----
 5 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/cddl/contrib/opensolaris/lib/libdtrace/common/dt_aggregate.c b/cddl/contrib/opensolaris/lib/libdtrace/common/dt_aggregate.c
index 643e7fae8ace..1c3131e74cb0 100644
--- a/cddl/contrib/opensolaris/lib/libdtrace/common/dt_aggregate.c
+++ b/cddl/contrib/opensolaris/lib/libdtrace/common/dt_aggregate.c
@@ -1092,8 +1092,10 @@ dt_aggregate_go(dtrace_hdl_t *dtp)
 	assert(agp->dtat_ncpu == 0);
 	assert(agp->dtat_cpus == NULL);
 
-	agp->dtat_maxcpu = dt_sysconf(dtp, _SC_CPUID_MAX) + 1;
-	agp->dtat_ncpu = dt_sysconf(dtp, _SC_NPROCESSORS_MAX);
+	agp->dtat_maxcpu = dt_cpu_maxid(dtp) + 1;
+	if (agp->dtat_maxcpu <= 0)
+		return (-1);
+	agp->dtat_ncpu = dt_sysconf(dtp, _SC_NPROCESSORS_CONF);
 	agp->dtat_cpus = malloc(agp->dtat_ncpu * sizeof (processorid_t));
 
 	if (agp->dtat_cpus == NULL)
diff --git a/cddl/contrib/opensolaris/lib/libdtrace/common/dt_consume.c b/cddl/contrib/opensolaris/lib/libdtrace/common/dt_consume.c
index 6a32235f7e39..a760642c33bb 100644
--- a/cddl/contrib/opensolaris/lib/libdtrace/common/dt_consume.c
+++ b/cddl/contrib/opensolaris/lib/libdtrace/common/dt_consume.c
@@ -3949,8 +3949,8 @@ dt_consume_begin(dtrace_hdl_t *dtp, FILE *fp,
 		return (rval);
 	}
 
-	if (max_ncpus == 0)
-		max_ncpus = dt_sysconf(dtp, _SC_CPUID_MAX) + 1;
+	if (max_ncpus == 0 && (max_ncpus = dt_cpu_maxid(dtp) + 1) <= 0)
+		return (-1);
 
 	for (i = 0; i < max_ncpus; i++) {
 		dtrace_bufdesc_t *nbuf;
@@ -4040,8 +4040,8 @@ dtrace_consume(dtrace_hdl_t *dtp, FILE *fp,
 	if (!dtp->dt_active)
 		return (dt_set_errno(dtp, EINVAL));
 
-	if (max_ncpus == 0)
-		max_ncpus = dt_sysconf(dtp, _SC_CPUID_MAX) + 1;
+	if (max_ncpus == 0 && (max_ncpus = dt_cpu_maxid(dtp) + 1) <= 0)
+		return (-1);
 
 	if (pf == NULL)
 		pf = (dtrace_consume_probe_f *)dt_nullprobe;
diff --git a/cddl/contrib/opensolaris/lib/libdtrace/common/dt_impl.h b/cddl/contrib/opensolaris/lib/libdtrace/common/dt_impl.h
index 1be984f28001..b73ecc3e57f4 100644
--- a/cddl/contrib/opensolaris/lib/libdtrace/common/dt_impl.h
+++ b/cddl/contrib/opensolaris/lib/libdtrace/common/dt_impl.h
@@ -620,6 +620,7 @@ extern int dt_version_defined(dt_version_t);
  */
 extern char *dt_cpp_add_arg(dtrace_hdl_t *, const char *);
 extern char *dt_cpp_pop_arg(dtrace_hdl_t *);
+extern int dt_cpu_maxid(dtrace_hdl_t *);
 
 #ifdef illumos
 extern int dt_set_errno(dtrace_hdl_t *, int);
diff --git a/cddl/contrib/opensolaris/lib/libdtrace/common/dt_subr.c b/cddl/contrib/opensolaris/lib/libdtrace/common/dt_subr.c
index 5976333e1b16..5dc8e1648fd3 100644
--- a/cddl/contrib/opensolaris/lib/libdtrace/common/dt_subr.c
+++ b/cddl/contrib/opensolaris/lib/libdtrace/common/dt_subr.c
@@ -463,6 +463,20 @@ dt_cpp_pop_arg(dtrace_hdl_t *dtp)
 	return (arg);
 }
 
+int
+dt_cpu_maxid(dtrace_hdl_t *dtp)
+{
+	size_t len;
+	u_int count;
+	int error;
+
+	len = sizeof(count);
+	error = sysctlbyname("kern.smp.maxid", &count, &len, NULL, 0);
+	if (error != 0)
+		return (dt_set_errno(dtp, errno));
+	return (count);
+}
+
 /*PRINTFLIKE1*/
 void
 dt_dprintf(const char *format, ...)
diff --git a/cddl/contrib/opensolaris/lib/libdtrace/common/dtrace.h b/cddl/contrib/opensolaris/lib/libdtrace/common/dtrace.h
index 1f4c5a2efd6b..c9496c2df5ba 100644
--- a/cddl/contrib/opensolaris/lib/libdtrace/common/dtrace.h
+++ b/cddl/contrib/opensolaris/lib/libdtrace/common/dtrace.h
@@ -620,11 +620,6 @@ extern int _dtrace_debug;
 }
 #endif
 
-#ifndef illumos
-#define _SC_CPUID_MAX		_SC_NPROCESSORS_CONF
-#define _SC_NPROCESSORS_MAX	_SC_NPROCESSORS_CONF
-#endif
-
 /*
  * Values for the dt_oformat property.
  */

From nobody Thu Apr  3 04:39:50 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZSptZ3vNdz5sSJy;
	Thu, 03 Apr 2025 04:39:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZSptZ36f5z3xyH;
	Thu, 03 Apr 2025 04:39:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743655190;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Mqlr8Vxi0qWpMd9mWOOEYYmC6zfvRdMDMGVFYzUZdqU=;
	b=Z2R+oRuP2Mx1BX2mFcI/MN2WreDYt6WaZUxPzEP9+FifBTt7KQyR+y+13YxmQcUzxLc08c
	4WPjAFE7ock32w1i9tTrvY2MeHUFWmQIrMz3GI0gr35wijMGtl7rJB9daLO4/vzqnYxzdU
	pnM3zEvjuGSpU6OFHmetNi+VnLRoECAWi5Spf4ViAUjIvTUDiJ5S4bcwHVxUNOZUXu7AnZ
	BAJyfprIavetRAyTeeGB6BwxJqehnNzoFSLYhl6xmIlu3OVfs6ZtG907fhIVzDw9Peqdix
	KAm6yKvNI/9vl5fAb81A2nQVmx7wOw/ueCk9V6C+xak2Mrh4sCXBqFytaECseQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743655190; a=rsa-sha256; cv=none;
	b=Um39vbkGHvUBCBtz0whDgdNccJLzYMLE85Pv5OOTD9SSli/DLhB/ZYOh+eHFLwYTO3yneI
	g6TeXsdPjVN7TP0pNkgWFrS2mOuoyBdGst0XyLpSph99KSJkkyHDlqeuBoUV9xp9tCdugr
	4EHxtM70FeleMWg+bDa9PeU7V5xPTh/PldA3Y/ROfptJwByrqIv3omqGZB7IHT319WqAqH
	lcJ7KBUG4uHKQePDRXLHfxM+hyP85kYMw50oc0sGFQYdioQ6egL3qJnAMDUkaOoCefY7Ma
	m3sT1eu/gDc9pWU2uc6Mg1tjSw9Fz2j7omkLoKcULY9Lf9hJgAeeV6g+sJlklQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743655190;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Mqlr8Vxi0qWpMd9mWOOEYYmC6zfvRdMDMGVFYzUZdqU=;
	b=bshPdFfiTxdxjfTcSEvmAzG2CZHYPFkBY7yidKggql8ecblpAvCkBCWtDzPmFHKmIAKKYf
	EvmA8E2duaoUejBSaEh5dgYqjXnd31aJmy+iyRzTZ1YxVqC2flMivOvoObVYEGPIBMXJmB
	vvNsqRBMMavN53tGfYtTTyJoI72Aj0mH3y2exFLgVd7l3AlJOuEGI/YJ9VPvmiCkqtF25O
	X5QY4uuNq9ZYCY242E/nsCKBeD0ljU07mZKg/+uqvlKEW1Vlt26nOOEAK4N8OPtBnDnGmU
	jXjnYmkb/7TKyht3593nEPhmmeVM8Z8TFkuajqSjDVZO+KXazT3/DIwFFrO1Zg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZSptZ2Qs5zmj6;
	Thu, 03 Apr 2025 04:39:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5334doJH060455;
	Thu, 3 Apr 2025 04:39:50 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5334doFV060452;
	Thu, 3 Apr 2025 04:39:50 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 04:39:50 GMT
Message-Id: <202504030439.5334doFV060452@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Jose Luis Duran <jlduran@FreeBSD.org>
Subject: git: bebe2fea1946 - stable/14 - openssh: Request the OpenSSL
  1.1 API
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: jlduran
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: bebe2fea194624ce2116eadb48e5b99f29f48a14
Auto-Submitted: auto-generated

The branch stable/14 has been updated by jlduran:

URL: https://cgit.FreeBSD.org/src/commit/?id=bebe2fea194624ce2116eadb48e5b99f29f48a14

commit bebe2fea194624ce2116eadb48e5b99f29f48a14
Author:     Jose Luis Duran <jlduran@FreeBSD.org>
AuthorDate: 2025-03-27 00:19:14 +0000
Commit:     Jose Luis Duran <jlduran@FreeBSD.org>
CommitDate: 2025-04-03 04:33:21 +0000

    openssh: Request the OpenSSL 1.1 API
    
    Upstream OpenSSH commit f51423bda ("request 1.1x API compatibility for
    OpenSSL >=3.x") requests OPENSSL_API_COMPAT version 0x10100000L (OpenSSL
    1.1.0), in order to avoid warnings about deprecated functions.
    
    Do the same here, to avoid getting those warnings.
    
    Reviewed by:    emaste
    Approved by:    emaste (mentor)
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D49517
    
    (cherry picked from commit d4f438357e90ee1cb12819d092913fdbce813626)
---
 secure/ssh.mk | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/secure/ssh.mk b/secure/ssh.mk
index 8411fb11fb16..f522e1a927fc 100644
--- a/secure/ssh.mk
+++ b/secure/ssh.mk
@@ -24,3 +24,5 @@ CFLAGS+= -DLIBWRAP=1
 # Built-in security key support
 CFLAGS+= -include sk_config.h
 .endif
+
+CFLAGS+= -DOPENSSL_API_COMPAT=0x10100000L

From nobody Thu Apr  3 10:21:57 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZSyTL14M1z5rNmh;
	Thu, 03 Apr 2025 10:21:58 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZSyTL0X3Fz3gWm;
	Thu, 03 Apr 2025 10:21:58 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743675718;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Af0zGa2YSq4wk4FCrDKJV3ZcRQlM5zNK353Pu8s/Ao8=;
	b=lQr6zMFFkLNwl4mp5Fgkx/GdnOIaTf3EsvJgMyv2Ui6DiQ6AvYSjP76betdQ1iFj+ku87K
	UY3uvecpdMPv0JMMPfV7XQ343BkuDSKAbDS8jDyY8dZinQqf4/YhBXzZg/Ll8zhKX5IFT5
	dTnhxjAxKdbC/SO0mEsnyhvp3NjrkH7I81RUzDCGRd2T2Hp86S8UvV26+7BuWY0QC6/qQ1
	j5ng0tOrsQOiPpbfiP6M2bzzFKjKsva4D3jbNDVHTdtO+PUf6DXT9SIUUS0nU7v+6kFy7V
	iKRoJUK8L9q5ynZMu5QaHVn/Pp9KAOxjrv4gh7GRREKd8oeQrZGh9h5txEXB9A==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743675718; a=rsa-sha256; cv=none;
	b=Lr1CSA2YMk/iQlk0yWXH9xZtuO8cNIosTz8KKm8UBQzwluoD6agtEiu3abG3q0MgUJJEHo
	wSHKmbEFHfvzfcEccOJYY68TZgN1FsocMflUS0MgkKPoPcIPWIpEUEB0cc7XRXueSqhYcT
	psj7TZL8Ve1qx+j14m/wc+kCeA1mHgi+qPmHFyxo5DMj1mxvbqGpxTkxyVKRRLmLHkKUDu
	sCkCTsrwb0mgTHT9XKf4U8qURn/APSUr8q3kjjPz6I/KqmV7TXvUKV6TGj9/4CgzdTrskJ
	N2WqfZ2/DKyouLymFoKdVRYO4U+16NPGuPtYlhXrCDWghA3UUHQfI55kNFAwcw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743675718;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Af0zGa2YSq4wk4FCrDKJV3ZcRQlM5zNK353Pu8s/Ao8=;
	b=GznD60mZTeUhKwA6r+Y74tJDjJAN3XPLa9FsUldolazESGQMLMRcZgMH9PHZBUuKc3NJB+
	Uv28XY8DrprCUL9WwuWFBd6GTlZV7Yfwlvk5eU2MSToEJYN84iu6lDPKmlM5i5SKxW9AEJ
	wZL4jLm0TSwQDy5/p3e4kv8bsR6fISWgaoI0y0i0IEG3pGu5MzVdM6A07boI+z9YBwDNY6
	VGra4yUm5nAWyy9kB/Mx78xzQrD25bddtbx4cOUa7wzT9lTBkz4lXcjp5p6wB5VlQAvild
	QZAzO5WdUE3cqBlwcMvWab6kFpIWS4A4edrKhtMYFqHTQ87gdF0NDrsrLTwacw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZSyTL0714zxhj;
	Thu, 03 Apr 2025 10:21:58 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533ALvtg009884;
	Thu, 3 Apr 2025 10:21:57 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533ALvur009881;
	Thu, 3 Apr 2025 10:21:57 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 10:21:57 GMT
Message-Id: <202504031021.533ALvur009881@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Piotr Kubaj <pkubaj@FreeBSD.org>
Subject: git: 1e84a6ba21fd - stable/14 - ipmi: fix runtime on
  powerpc64le
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: pkubaj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 1e84a6ba21fddc77c33ad059e476a302f40cd544
Auto-Submitted: auto-generated

The branch stable/14 has been updated by pkubaj:

URL: https://cgit.FreeBSD.org/src/commit/?id=1e84a6ba21fddc77c33ad059e476a302f40cd544

commit 1e84a6ba21fddc77c33ad059e476a302f40cd544
Author:     Piotr Kubaj <pkubaj@FreeBSD.org>
AuthorDate: 2025-03-27 11:55:48 +0000
Commit:     Piotr Kubaj <pkubaj@FreeBSD.org>
CommitDate: 2025-04-03 10:21:38 +0000

    ipmi: fix runtime on powerpc64le
    
    Differential Revision: https://reviews.freebsd.org/D49530
    
    (cherry picked from commit 2e16618fe789f110bd8d297b1c65b166fa60c2fe)
---
 sys/dev/ipmi/ipmi_opal.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/dev/ipmi/ipmi_opal.c b/sys/dev/ipmi/ipmi_opal.c
index c69757b7d020..6f8ab50c1bd2 100644
--- a/sys/dev/ipmi/ipmi_opal.c
+++ b/sys/dev/ipmi/ipmi_opal.c
@@ -94,6 +94,7 @@ opal_ipmi_recv(struct opal_ipmi_softc *sc, uint64_t *msg_len, int timo)
 		opal_call(OPAL_POLL_EVENTS, NULL);
 		err = opal_call(OPAL_IPMI_RECV, sc->sc_interface,
 		    vtophys(sc->sc_msg), vtophys(msg_len));
+		*msg_len = be64toh(*msg_len);
 		if (err != OPAL_EMPTY)
 			break;
 

From nobody Thu Apr  3 16:42:52 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZT6ws0ml6z5s8NJ;
	Thu, 03 Apr 2025 16:42:53 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZT6wr6bFtz4HbG;
	Thu, 03 Apr 2025 16:42:52 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743698572;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=E8jR30DhfkIXBY0NK14td3HeYVomR+ByzAARPvRMt4Y=;
	b=fxPDwo83WMwh+rW1JkJ+Hxr6OKGIPhw2wiozQRdgN9+BIgQ9IQYOqSw6plyUZ3ABAFViap
	qUSevHOzIpEZTXcSpBOSzqBx39B/pMiK1qDSZ9f5bv2Gs3mkrocfy7d9AJgXk79XgMjGHe
	ENkcK5pfBvKOzoMGgBGQ0NQ6UYiyu2P7ysI0N8ae2hB8J4oNpC58kM+yNA8zeWb0w3v5I3
	gZP999kgh9gDYWAt+CTnZENwgpbnMt5O3ov4JRKGm7buLbyGMjzlzO3y3C1Psy7n5mOwoc
	q4eYG4cSYLgscXAt+v4pZWst/02stzUD9kq6Tveq2nSW/e/0IIhCdhob1i0KNA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743698572; a=rsa-sha256; cv=none;
	b=Bnx0tBf5WHvsXPVdDF9DCZfRjlW6s2+zyl1xl9dafblTtI9oSa3pvFmkRU5eQLqiqDKrjW
	e/yQuwSQrp+PRSpZ5b/rfapgpAB8dSap6MW8Ur6c8o+Hk7qgaHUqeuSPDcm2Wxq/Q2yJho
	whuLaxsFEookZyRS21iT/XBdvn+kJaDGxCFuZUARVaoGNAWsdz0VVT4S7Tf8LHLsjnQ5z3
	vIqekU1fcC71ZUvn3LSsEOlHW2l62h/KM8BTsx1DyjCSTkhxNojNReSH7Co+hYR58ss14h
	qnNrWe7KDU9FbAjRrZOlipTfoszZc80v0auKru1Jk28kfrI4IlX2ovlnXugTzw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743698572;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=E8jR30DhfkIXBY0NK14td3HeYVomR+ByzAARPvRMt4Y=;
	b=XFs6ILFUykd99/g3dqZ5/DjN/UxEaU0ZF1arhD99VxmF5a9aGy6L8WiT9XJbNHwzlsIpXL
	g1MoG3zPbLMsiY9sY4co+ZSiM0r/STw/T2o+lqqHSeLq0qdtpeDwF3bP+L44Y2890DWPn2
	uzIXH4f8Z4tO1tec0slSg/01pAQHjlqkBdBZi8s1werMZ2zoSQhVU1SvTePfAg3b6wrkop
	KlpCbM/knzYwLSP60dGNXX0XciNY3xckfQVW+erRg2+F+Nqt/lqMMmhxtPPZILPVIk2W1I
	m22tbSFXlUpHhyqftVfkBbCYbKEav5PkpMvVsj92aHF0uCYonZPWd7oK5W8wTw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZT6wr6025z18TW;
	Thu, 03 Apr 2025 16:42:52 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533GgqQC022469;
	Thu, 3 Apr 2025 16:42:52 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533GgqHL022466;
	Thu, 3 Apr 2025 16:42:52 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 16:42:52 GMT
Message-Id: <202504031642.533GgqHL022466@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: c844e848458f - stable/14 - snmp_pf: fix
  pfInterfacesIfRefsState
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: c844e848458f50d77e9fa39b77d6f6e30c39f593
Auto-Submitted: auto-generated

The branch stable/14 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=c844e848458f50d77e9fa39b77d6f6e30c39f593

commit c844e848458f50d77e9fa39b77d6f6e30c39f593
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-03-19 06:08:55 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-04-03 16:41:25 +0000

    snmp_pf: fix pfInterfacesIfRefsState
    
    pfInterfacesIfRefsState was described as 'Null', which upset bsnmpwalk's attempt
    to resolve OIDs to symbolic names:
    
    > bsnmpwalk: Error adding leaf pfInterfacesIfRefsState to list
    
    This was done back in d6d3f01e0a339, because we don't return this value any
    more. Return it to 'Unsigned32', which fixes things, even if we still don't
    actually return this value.
    
    While here update the ORGANIZATION to reflect current ownership.
    
    Reviewed by:    philip
    MFC after:      2 weeks
    Event:          Tokyo Hackathon 202503
    Differential Revision:  https://reviews.freebsd.org/D49413
    
    (cherry picked from commit 712309a64512c7e4ebf0e10de8a5c59d5a185ae8)
---
 usr.sbin/bsnmpd/modules/snmp_pf/BEGEMOT-PF-MIB.txt | 14 ++++++--------
 usr.sbin/bsnmpd/modules/snmp_pf/pf_tree.def        |  2 +-
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/usr.sbin/bsnmpd/modules/snmp_pf/BEGEMOT-PF-MIB.txt b/usr.sbin/bsnmpd/modules/snmp_pf/BEGEMOT-PF-MIB.txt
index 13a4a646a669..8127eb92601f 100644
--- a/usr.sbin/bsnmpd/modules/snmp_pf/BEGEMOT-PF-MIB.txt
+++ b/usr.sbin/bsnmpd/modules/snmp_pf/BEGEMOT-PF-MIB.txt
@@ -21,19 +21,17 @@ IMPORTS
 	FROM BEGEMOT-MIB;
 
 begemotPf MODULE-IDENTITY
-    LAST-UPDATED "201003180000Z"
-    ORGANIZATION "NixSys BVBA"
+    LAST-UPDATED "202503190000Z"
+    ORGANIZATION "Alternative Enterprises (HK) Limited"
     CONTACT-INFO
 	    "		Philip Paeps
 
-	     Postal:	NixSys BVBA
-			Louizastraat 14
-			BE-2800 Mechelen
-			Belgium
-
 	     E-Mail:	philip@FreeBSD.org"
     DESCRIPTION
 	    "The Begemot MIB for the pf packet filter."
+    REVISION	"202503190000Z"
+    DESCRIPTION
+		"Reverted pfInterfacesIfRefsState to Unsigned32"
     REVISION	"201003180000Z"
     DESCRIPTION
 		"Modified pfTablesAddrEntry to support IPv6
@@ -583,7 +581,7 @@ PfInterfacesIfEntry ::= SEQUENCE {
     pfInterfacesIfDescr		    OCTET STRING,
     pfInterfacesIfType		    INTEGER,
     pfInterfacesIfTZero		    TimeTicks,
-    pfInterfacesIfRefsState	    Null,
+    pfInterfacesIfRefsState	    Unsigned32,
     pfInterfacesIfRefsRule	    Unsigned32,
     pfInterfacesIf4BytesInPass	    Counter64,
     pfInterfacesIf4BytesInBlock	    Counter64,
diff --git a/usr.sbin/bsnmpd/modules/snmp_pf/pf_tree.def b/usr.sbin/bsnmpd/modules/snmp_pf/pf_tree.def
index dcdf676aa752..7a517a876fab 100644
--- a/usr.sbin/bsnmpd/modules/snmp_pf/pf_tree.def
+++ b/usr.sbin/bsnmpd/modules/snmp_pf/pf_tree.def
@@ -107,7 +107,7 @@
                     (2 pfInterfacesIfDescr OCTETSTRING GET)
                     (3 pfInterfacesIfType ENUM ( 0 group 1 instance 2 detached ) GET)
 		    (4 pfInterfacesIfTZero TIMETICKS GET)
-                    (5 pfInterfacesIfRefsState NULL GET)
+                    (5 pfInterfacesIfRefsState UNSIGNED32 GET)
                     (6 pfInterfacesIfRefsRule UNSIGNED32 GET)
                     (7 pfInterfacesIf4BytesInPass COUNTER64 GET)
                     (8 pfInterfacesIf4BytesInBlock COUNTER64 GET)

From nobody Thu Apr  3 16:42:53 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZT6wt2Vm6z5s8Dx;
	Thu, 03 Apr 2025 16:42:54 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZT6wt0Qg2z4Hm3;
	Thu, 03 Apr 2025 16:42:54 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743698574;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=BwGgJep3d2Ztwi1GOgSNrjt/xFzDOI3vt7C/OYq2xT0=;
	b=Sd4Nlt1wKJ35VnVJijIadOrg9xQcxZmKGR9NONF4mJUiWSIU6o2tAcOZdDsgOQSdIXiPIn
	2GzI43VdL0DRhnTxrwkH9ae0u8mi1KqmIswmJj7Lpl9Nv7TOatuWhwKgsRaS1PV7bgZJWr
	KalF5yC7lNV8OO1HxbWzhCWS/nTp8crlaNGv0mdPVbe2jleKZ86SJLeSLHnCHGCmXqb0SQ
	m5EN9QzneCYTBkSA07kqf2jlrIJPtyJZbnRFfhC1fiQFdC611pddm+sgdG/MIqLyiDxREu
	107XTerFyn6jRH8KjuAnn9GANQcoM0D1Lsbosf/E4bzZUAgEy7SlI4JXOhI18A==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743698574; a=rsa-sha256; cv=none;
	b=du8lQVIW5HhI7ToztnRAemFjkgT1C4HMMdKjmfbl9MtZ/brOYvyVQzYU0aA/c/7hhtny+l
	tVomIFVBpVCuD5pKP07J1DeOrSFyZcnP3rWaGJrXvCSMKvq7k3gyKtLDmF4MyKYXEyuTsQ
	z3TXtwbsEDNNKKDPvd8Lk2H6WiPo8ViuSvrvlCL91TxhL6OV/5C7Q4lXunby3lTiaRzbUE
	Y8dMkd3tDtZsh17FJQ+3tOxVDs8KoSgVg4smAEueP2ua+EH3QQspD8YQZaSAoIn6OXHpwO
	YkYwwDR/zqGLullGupre8Wag9U+wbtoBLzqpEIkuuyvT5YD5lnHSkhnIJZ0JFg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743698574;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=BwGgJep3d2Ztwi1GOgSNrjt/xFzDOI3vt7C/OYq2xT0=;
	b=h+bIxNNXr/FWwAlpxPQNd7Ecbl+xR8FwjMKbsXkiuzbDEJrmRTaqxAFEX0/V9TzW7pcRlr
	CufYzp7oqw2u4r0fX0VnuObt0PlmOrmiD+c/E8Frpvesh01mqId4QbO8XrSkEiedolNP/S
	pvFD0NVgsTxe8m1BuO1Nv+RL69Ry02BTfYfwVS6x/5Ugt4i5SW9SY3ESIj2Rj/tPqvKD9m
	LVl/gicJYdB8enC3RNkbKVW+QXL7kdxNZLkAsy4K8nVBYSCxEiXNVFyatA2oqmyF03E+Mj
	esStsQNvJgOr8BlimQ9QASG4Su9cGKQdn+WRDR1t3e2HDsPPRQXAEbfEQEHIAg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZT6ws6vdLz17kC;
	Thu, 03 Apr 2025 16:42:53 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533GgrcD022516;
	Thu, 3 Apr 2025 16:42:53 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533Ggr2T022513;
	Thu, 3 Apr 2025 16:42:53 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 16:42:53 GMT
Message-Id: <202504031642.533Ggr2T022513@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 3410b98ce2c3 - stable/14 - pf tests: add a basic
  snmp_pf test case
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 3410b98ce2c36a49fffa9a975425333c1f05b0bc
Auto-Submitted: auto-generated

The branch stable/14 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=3410b98ce2c36a49fffa9a975425333c1f05b0bc

commit 3410b98ce2c36a49fffa9a975425333c1f05b0bc
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-03-19 06:42:42 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-04-03 16:41:25 +0000

    pf tests: add a basic snmp_pf test case
    
    Event:          Tokyo Hackathon 202503
    (cherry picked from commit c849f533326026501c28cb2c344b16723862551a)
---
 tests/sys/netpfil/pf/Makefile    |  6 +++-
 tests/sys/netpfil/pf/bsnmpd.conf | 47 ++++++++++++++++++++++++++
 tests/sys/netpfil/pf/snmp.sh     | 71 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 123 insertions(+), 1 deletion(-)

diff --git a/tests/sys/netpfil/pf/Makefile b/tests/sys/netpfil/pf/Makefile
index f2ccd5aa6ec2..1d9c685b2565 100644
--- a/tests/sys/netpfil/pf/Makefile
+++ b/tests/sys/netpfil/pf/Makefile
@@ -38,6 +38,7 @@ ATF_TESTS_SH+=	altq \
 		sctp \
 		set_skip \
 		set_tos \
+		snmp \
 		src_track \
 		syncookie \
 		synproxy \
@@ -54,7 +55,9 @@ TEST_METADATA+= execenv_jail_params="vnet allow.raw_sockets"
 
 PROGS=	divapp
 
-${PACKAGE}FILES+=	CVE-2019-5597.py \
+${PACKAGE}FILES+=	\
+			bsnmpd.conf \
+			CVE-2019-5597.py \
 			CVE-2019-5598.py \
 			daytime_inetd.conf \
 			echo_inetd.conf \
@@ -69,6 +72,7 @@ ${PACKAGE}FILES+=	CVE-2019-5597.py \
 			rdr-srcport.py \
 			utils.subr
 
+${PACKAGE}FILESMODE_bsnmpd.conf=		0555
 ${PACKAGE}FILESMODE_CVE-2019-5597.py=	0555
 ${PACKAGE}FILESMODE_CVE-2019-5598.py=	0555
 ${PACKAGE}FILESMODE_fragcommon.py=	0555
diff --git a/tests/sys/netpfil/pf/bsnmpd.conf b/tests/sys/netpfil/pf/bsnmpd.conf
new file mode 100644
index 000000000000..27abdda6cbd3
--- /dev/null
+++ b/tests/sys/netpfil/pf/bsnmpd.conf
@@ -0,0 +1,47 @@
+location := "A galaxy far, far away"
+contact := "skywalker@Tatooine"
+system := 1
+
+read := "public"
+write := "geheim"
+trap := "mytrap"
+
+NoAuthProtocol		:= 1.3.6.1.6.3.10.1.1.1
+HMACMD5AuthProtocol	:= 1.3.6.1.6.3.10.1.1.2
+HMACSHAAuthProtocol	:= 1.3.6.1.6.3.10.1.1.3
+NoPrivProtocol		:= 1.3.6.1.6.3.10.1.2.1
+DESPrivProtocol		:= 1.3.6.1.6.3.10.1.2.2
+AesCfb128Protocol	:= 1.3.6.1.6.3.10.1.2.4
+
+securityModelAny	:= 0
+securityModelSNMPv1	:= 1
+securityModelSNMPv2c	:= 2
+securityModelUSM	:= 3
+
+MPmodelSNMPv1		:= 0
+MPmodelSNMPv2c		:= 1
+MPmodelSNMPv3		:= 3
+
+noAuthNoPriv := 1
+authNoPriv := 2
+authPriv := 3
+
+%snmpd
+begemotSnmpdDebugDumpPdus	= 2
+begemotSnmpdDebugSyslogPri	= 7
+
+begemotSnmpdCommunityString.0.1	= $(read)
+begemotSnmpdCommunityDisable	= 1
+
+begemotSnmpdTransInetStatus.1.4.0.0.0.0.161.1 = 4
+begemotSnmpdTransInetStatus.2.16.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.161.1 = 4
+
+begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1
+begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4
+
+sysContact	= $(contact)
+sysLocation	= $(location)
+sysObjectId 	= 1.3.6.1.4.1.12325.1.1.2.1.$(system)
+
+begemotSnmpdModulePath."mibII"	= "/usr/lib/snmp_mibII.so"
+begemotSnmpdModulePath."pf"	= "/usr/lib/snmp_pf.so"
diff --git a/tests/sys/netpfil/pf/snmp.sh b/tests/sys/netpfil/pf/snmp.sh
new file mode 100644
index 000000000000..0d6b2eb10ec7
--- /dev/null
+++ b/tests/sys/netpfil/pf/snmp.sh
@@ -0,0 +1,71 @@
+#
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2025 Kristof Provost <kp@FreeBSD.org>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+. $(atf_get_srcdir)/utils.subr
+
+atf_test_case "basic" "cleanup"
+basic_head()
+{
+	atf_set descr 'Basic pf_snmp test'
+	atf_set require.user root
+}
+
+basic_body()
+{
+	pft_init
+
+	epair=$(vnet_mkepair)
+
+	ifconfig ${epair}b 192.0.2.2/24 up
+
+	vnet_mkjail alcatraz ${epair}a
+	jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up
+
+	# Start bsnmpd
+	jexec alcatraz bsnmpd -c $(atf_get_srcdir)/bsnmpd.conf
+
+	jexec alcatraz pfctl -e
+	pft_set_rules alcatraz \
+	    "pass"
+
+	# Sanity check, and create state
+	atf_check -s exit:0 -o ignore \
+	    ping -c 1 192.0.2.1
+
+	# pf should be enabled
+	atf_check -s exit:0 -o match:'pfStatusRunning.0 = true' \
+	    bsnmpwalk -s public@192.0.2.1 -i pf_tree.def begemot
+}
+
+basic_cleanup()
+{
+	pft_cleanup
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "basic"
+}

From nobody Thu Apr  3 16:42:54 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZT6wv38xgz5s8CJ;
	Thu, 03 Apr 2025 16:42:55 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZT6wv17CVz4HgT;
	Thu, 03 Apr 2025 16:42:55 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743698575;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=QuUX8OR6Roo/oltdnZBBgjmcXPJE725k1WuELF123bU=;
	b=KMs7eae61c2xX2DAyQofMGfj3WBtQUjudszTGlkjoqtJafEzIk/kqivEft6pc87k+s7azn
	SBWGfL8OYcaVv/wMzBQvGhzZda5rp7JRvVGEjJjpFGwVcPHU7r0r0Ea7ExdjfXWyVcT5Dp
	pJloMq1myrrL9ITReStjw4o9WFeyxSU+tC2gEX2whP2CQmiNuSQb+YuqWhbCdpwtPSEiub
	nijuccnCQ2/EpmyvlPGyEDoEbO9AcMrJrKlzMzTZu5UQ5R1EakeO1J86RQQ3X78eGNeSLV
	Km3JE1bb7z4gzjFU1E7uKayhLhY3Kw8z0sC/juNeIStHOAhqJeO40Ijp1DoBtw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743698575; a=rsa-sha256; cv=none;
	b=oMc2W44fN1C9CS9h/bfOfwlhkB5/4P8pzkct8qanMCHYIczyUZIeSYLOEM3vXr4ieIyhuT
	9KYZfSlX36irl17G6TFZwrWMdt0NK2OMjehviGfX/NB7UArr+CNw6hF8yHYWrwBQ69y31k
	w5lthsXQ6Iw33UsbR3hUeNn1JdRYxCgIqvs8BjNztzPnqVuesWSjcSPxQaJYrcBTMRq0vS
	jcGovnKZOcM0xFhX3V2Yo4mRv9B0Lx8MfRP/OPzSY8JpHIZW4Br8gKESVwMf7DbQ6PXmEk
	HV2mhh6cwMKzh7aTWsOVdhP/P7Ng8JfuoD7DaWtZeHohCaU6XJ4hgeumDF4vLg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743698575;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=QuUX8OR6Roo/oltdnZBBgjmcXPJE725k1WuELF123bU=;
	b=q/SQjbh8ldBFYpBb6D56RBwz/iO6xU2BELenK4r1kn6wc2iqTafjIThlpzPR5AuR5a8Ce/
	mqxayXpNrrl730fdTO9kRaoV+qGuDUDU0rym4WzF0ZRECIr6MrWuKjtxmL3WSf2V0JAtPx
	YsQQyVXC3woJ8JcWkKdhE/bqF8XFnelalEsQ1CfqacxU+4Wc0rCMendGVkb2+zbwltL+1m
	xnkYh9c4SRmFe3UZyaEAwzAkyF5xhBwvmTVWyLPVttlDphP4lANAAcGnlb/cVFABj2IrkP
	zJVcc3g5XR5vUlP4lu/zqx2VWPBAfrmZjeoVr+99MXd7q1d9YWTbhWRSbTc7cA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZT6wv0krVz17kD;
	Thu, 03 Apr 2025 16:42:55 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533GgtXf022553;
	Thu, 3 Apr 2025 16:42:55 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533GgsFZ022550;
	Thu, 3 Apr 2025 16:42:54 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 16:42:54 GMT
Message-Id: <202504031642.533GgsFZ022550@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 7fa5f4995f06 - stable/14 - pf tests: test table
  information export via snmp_pf
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 7fa5f4995f0657c9992bf09df43b2a815938b33d
Auto-Submitted: auto-generated

The branch stable/14 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=7fa5f4995f0657c9992bf09df43b2a815938b33d

commit 7fa5f4995f0657c9992bf09df43b2a815938b33d
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-03-20 01:27:52 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-04-03 16:41:25 +0000

    pf tests: test table information export via snmp_pf
    
    Event:          Tokyo Hackathon 202503
    (cherry picked from commit 36586800803d24f1137d861bbaf487a6bde16a09)
---
 tests/sys/netpfil/pf/snmp.sh | 52 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/tests/sys/netpfil/pf/snmp.sh b/tests/sys/netpfil/pf/snmp.sh
index 0d6b2eb10ec7..37cc4b75cf92 100644
--- a/tests/sys/netpfil/pf/snmp.sh
+++ b/tests/sys/netpfil/pf/snmp.sh
@@ -65,7 +65,59 @@ basic_cleanup()
 	pft_cleanup
 }
 
+atf_test_case "table" "cleanup"
+table_head()
+{
+	atf_set descr 'Test tables and pf_snmp'
+	atf_set require.user root
+}
+
+table_body()
+{
+	pft_init
+
+	epair=$(vnet_mkepair)
+
+	ifconfig ${epair}b 192.0.2.2/24 up
+
+	vnet_mkjail alcatraz ${epair}a
+	jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up
+
+	jexec alcatraz pfctl -e
+	pft_set_rules alcatraz \
+	    "table <foo> counters { 192.0.2.0/24 }" \
+	    "pass in from <foo>"
+
+	# Start bsnmpd after creating the table so we don't have to wait for
+	# a refresh timeout
+	jexec alcatraz bsnmpd -c $(atf_get_srcdir)/bsnmpd.conf
+
+	# Sanity check, and create state
+	atf_check -s exit:0 -o ignore \
+	    ping -c 1 192.0.2.1
+
+	# We should have one table
+	atf_check -s exit:0 -o match:'pfTablesTblNumber.0 = 1' \
+	    bsnmpwalk -s public@192.0.2.1 -i pf_tree.def begemot
+
+	# We have the 'foo' table
+	atf_check -s exit:0 -o match:'pfTablesTblDescr.* = foo' \
+	    bsnmpwalk -s public@192.0.2.1 -i pf_tree.def pfTables
+
+	# Which contains address 192.0.2.0/24
+	atf_check -s exit:0 -o match:'pfTablesAddrNet.* = 192.0.2.0' \
+	    bsnmpwalk -s public@192.0.2.1 -i pf_tree.def pfTables
+	atf_check -s exit:0 -o match:'pfTablesAddrPrefix.* = 24' \
+	    bsnmpwalk -s public@192.0.2.1 -i pf_tree.def pfTables
+}
+
+table_cleanup()
+{
+	pft_cleanup
+}
+
 atf_init_test_cases()
 {
 	atf_add_test_case "basic"
+	atf_add_test_case "table"
 }

From nobody Thu Apr  3 16:43:04 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZT6x45T5zz5s8NK;
	Thu, 03 Apr 2025 16:43:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZT6x433CYz4JJT;
	Thu, 03 Apr 2025 16:43:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743698584;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=+jb0CTBcF9votHOCyF3ERUOYvuDkngNuzI6ez97FGK4=;
	b=CV4Jw2qIpdyzSmTwgRbtfKlfcGjYSVITyS08veBSMwx4njXNkBR++zTc3o5HAdmJuxuzNM
	TMe/9RoV+ZX0b876mH5elL7CO3kWVBqY0ihHDXPyOPUqy3gj2P5JYVOmvrqtj8KIxxpeki
	Ydh8ch6BRvl9CmX9kgZLo0Ph8o5lr4hnSxyrL9/0uNEiyid74CCBtMpyHGC9nYVyQkr6pm
	63gPpscC37W57u7pKLgwqNhmNaOt2gmIzSVWIYqhszvIBPkuezo5cQl9vghjZzedqPHs34
	/0W9mmmzrJMC+5P67ppc2O6nHY5ZnGW/ze+vVysKUIVljrl92cNJiAFzzCZXqw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743698584; a=rsa-sha256; cv=none;
	b=UCCg1Iejrxu77mWyBrAKLJHV2DFqMNgIoUFaUswUsVLDuUl96o6tDGX2qP1v684ywo6XqF
	yal8EP/nVUAml6L/CLSyrd+Su+YnRaFusxV9cKj0DU3lxFPVxoARjDtM5H1Ztw87BkKhGo
	LYhcwWGTs37kHul3sEd4ktQGNFymuUt3/4ZYYM2wbkqbQYdFvJ3A7ZoiE/bh05amV9j5Wq
	kkz3xVJ5WVf2BhvMaydhDUUokjcVQVabnG83c046g3+DhAZDeY8nmMYNRHemEeYJ17FGWS
	6GSsYnXP3grBhtFJ+uT7aWJDuS5+/nrFWX6fMhPM2OpZmQ6Six1NWRT8MgmLTQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743698584;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=+jb0CTBcF9votHOCyF3ERUOYvuDkngNuzI6ez97FGK4=;
	b=BBNDIk+Mx27P0j8inDv1lD1TJb4ve2k1/Jt/H1a22v+bzK8+IEf6LF4MbdVIjqcPBDAZKv
	b4hWaK7GJUlsB4Me1FwrNh0l5+4AlM8C+KvyVutD9rsZ1Dog48W7TtR1UkQOfSdyEJcndQ
	EDRFTdSzlLVeYc+Ef2QHIspwi7U/c6/GsnxvmTHlMBz8jS34RbHhcmPfySUruNpgZ70wje
	npZbLQN2zb5KVRf1mSwm4MnVFYDz2sF1oAGbb/eDlm0HI+E1fMsTV+LKyhRxk2qKf2Kaly
	6i+sfFHjE55j8+Y5z4fr7rjvwUEErLMA8ZZtC8vR6ui8P6QjM8V/lJUmba+Ttg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZT6x42TXVz18Fx;
	Thu, 03 Apr 2025 16:43:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533Gh4KK022748;
	Thu, 3 Apr 2025 16:43:04 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533Gh4Zq022746;
	Thu, 3 Apr 2025 16:43:04 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 16:43:04 GMT
Message-Id: <202504031643.533Gh4Zq022746@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 861b8faca9e3 - stable/13 - snmp_pf: fix
  pfInterfacesIfRefsState
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 861b8faca9e3644cc88e391e852bf034e5cfc298
Auto-Submitted: auto-generated

The branch stable/13 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=861b8faca9e3644cc88e391e852bf034e5cfc298

commit 861b8faca9e3644cc88e391e852bf034e5cfc298
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-03-19 06:08:55 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-04-03 05:57:30 +0000

    snmp_pf: fix pfInterfacesIfRefsState
    
    pfInterfacesIfRefsState was described as 'Null', which upset bsnmpwalk's attempt
    to resolve OIDs to symbolic names:
    
    > bsnmpwalk: Error adding leaf pfInterfacesIfRefsState to list
    
    This was done back in d6d3f01e0a339, because we don't return this value any
    more. Return it to 'Unsigned32', which fixes things, even if we still don't
    actually return this value.
    
    While here update the ORGANIZATION to reflect current ownership.
    
    Reviewed by:    philip
    MFC after:      2 weeks
    Event:          Tokyo Hackathon 202503
    Differential Revision:  https://reviews.freebsd.org/D49413
    
    (cherry picked from commit 712309a64512c7e4ebf0e10de8a5c59d5a185ae8)
---
 usr.sbin/bsnmpd/modules/snmp_pf/BEGEMOT-PF-MIB.txt | 14 ++++++--------
 usr.sbin/bsnmpd/modules/snmp_pf/pf_tree.def        |  2 +-
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/usr.sbin/bsnmpd/modules/snmp_pf/BEGEMOT-PF-MIB.txt b/usr.sbin/bsnmpd/modules/snmp_pf/BEGEMOT-PF-MIB.txt
index 13a4a646a669..8127eb92601f 100644
--- a/usr.sbin/bsnmpd/modules/snmp_pf/BEGEMOT-PF-MIB.txt
+++ b/usr.sbin/bsnmpd/modules/snmp_pf/BEGEMOT-PF-MIB.txt
@@ -21,19 +21,17 @@ IMPORTS
 	FROM BEGEMOT-MIB;
 
 begemotPf MODULE-IDENTITY
-    LAST-UPDATED "201003180000Z"
-    ORGANIZATION "NixSys BVBA"
+    LAST-UPDATED "202503190000Z"
+    ORGANIZATION "Alternative Enterprises (HK) Limited"
     CONTACT-INFO
 	    "		Philip Paeps
 
-	     Postal:	NixSys BVBA
-			Louizastraat 14
-			BE-2800 Mechelen
-			Belgium
-
 	     E-Mail:	philip@FreeBSD.org"
     DESCRIPTION
 	    "The Begemot MIB for the pf packet filter."
+    REVISION	"202503190000Z"
+    DESCRIPTION
+		"Reverted pfInterfacesIfRefsState to Unsigned32"
     REVISION	"201003180000Z"
     DESCRIPTION
 		"Modified pfTablesAddrEntry to support IPv6
@@ -583,7 +581,7 @@ PfInterfacesIfEntry ::= SEQUENCE {
     pfInterfacesIfDescr		    OCTET STRING,
     pfInterfacesIfType		    INTEGER,
     pfInterfacesIfTZero		    TimeTicks,
-    pfInterfacesIfRefsState	    Null,
+    pfInterfacesIfRefsState	    Unsigned32,
     pfInterfacesIfRefsRule	    Unsigned32,
     pfInterfacesIf4BytesInPass	    Counter64,
     pfInterfacesIf4BytesInBlock	    Counter64,
diff --git a/usr.sbin/bsnmpd/modules/snmp_pf/pf_tree.def b/usr.sbin/bsnmpd/modules/snmp_pf/pf_tree.def
index dcdf676aa752..7a517a876fab 100644
--- a/usr.sbin/bsnmpd/modules/snmp_pf/pf_tree.def
+++ b/usr.sbin/bsnmpd/modules/snmp_pf/pf_tree.def
@@ -107,7 +107,7 @@
                     (2 pfInterfacesIfDescr OCTETSTRING GET)
                     (3 pfInterfacesIfType ENUM ( 0 group 1 instance 2 detached ) GET)
 		    (4 pfInterfacesIfTZero TIMETICKS GET)
-                    (5 pfInterfacesIfRefsState NULL GET)
+                    (5 pfInterfacesIfRefsState UNSIGNED32 GET)
                     (6 pfInterfacesIfRefsRule UNSIGNED32 GET)
                     (7 pfInterfacesIf4BytesInPass COUNTER64 GET)
                     (8 pfInterfacesIf4BytesInBlock COUNTER64 GET)

From nobody Thu Apr  3 16:43:06 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZT6x732C6z5s8ft;
	Thu, 03 Apr 2025 16:43:07 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZT6x644l3z4J3F;
	Thu, 03 Apr 2025 16:43:06 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743698586;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=nUHsz9t2Blv7buWGJwHLavDL2PC5/M1n+M+3z0+LPhs=;
	b=kJ8s8+SdmKGqLvpdn1Gveanw8s15/hzy3o8k/93dOPBrk9ZsB0yx1jjl5n4nQTdSMzjhle
	dI7uD4Masd0WR84yby+kVWppPQ6CjzO2O9NBWyQwp1NsUWYfOcYMwiqMWRcMX8PD9ku5mN
	bAEuAsxZoupWEKYOg1SK+/rSkpTbhmsiL3Dff6WSrsu71IONTRQofDPKgUOEW8fTOiXDbT
	KjixHdWRGbjm2+t8oqAlbBY73nFer+KqJyo0l8fp9PueqcLbd2o0EpxhRW/+npCh3waUGA
	eMpG3UofdArpMZFHAk5HSzXg2OqsxPIIDJcm+IjWY5UGoyj44kAyi8M6SFOJhg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743698586; a=rsa-sha256; cv=none;
	b=K5yrfp/SJPel/apI0oJ3B8Kzu3mBM2x3QMM1GwyoozCkI5rB8e+C1sXrK4It05p2zAXIsj
	np5h2GagKac4jhhDnH2tjxm5qDOM36q7bGH05hbsezo7M9aU5CAT6UgsmCQrBxyX5mwFY0
	Jgg0I6ccJSu/uhVLjZthrjxcpv2Rm0fjyEn+K7TJATwfCD3OMXaB4Z9q9pt6MPkHsY+IUV
	5unWUuEK/0X3fJMwnKxJuk9KfpAZU6G1V8eSaKyHY+4bC0NlEIxLPgqw3ZzOwvBJmMeyu7
	KnUayFrQXGSoiVKIU4dALMSt5loR33NL08f6Cubk1GUL/q70B8TgTPojXtlIHw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743698586;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=nUHsz9t2Blv7buWGJwHLavDL2PC5/M1n+M+3z0+LPhs=;
	b=UFaJ7NVNWV2sPLhHJ1h+LBIllCp7abB5gtbi/GzqksZbdSBo2Jh4f8PRtoN+un57vyiX3P
	mFBYE4T0nnxvAGLcef31u9vJ31LiF5pTwMPNtTAHAf2oUY5Uw5m43EEq2ImTDkVlE/wDTR
	S2nKzi5T0W2M3zMiL+3hj6xQfxMeciL90YAuUf64cCxQwK1uvuJJ2h0riMpOGsaHivaxPV
	4TYo7hP2vLYGsM6hWmRoj+NcV1JaZUMySwJahg5RRBMepMbJW3oZGa9eGeCZKiK++lQbXq
	A8b0OUcr2tbo20Lzo7EazMms37z8phhq2GRMAd7wmiLzB4/4iYRBRxNypDhnvA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZT6x63hMzz1806;
	Thu, 03 Apr 2025 16:43:06 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533Gh60I022821;
	Thu, 3 Apr 2025 16:43:06 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533Gh6rw022818;
	Thu, 3 Apr 2025 16:43:06 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 16:43:06 GMT
Message-Id: <202504031643.533Gh6rw022818@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: 42aa0d02c281 - stable/13 - pf tests: test table
  information export via snmp_pf
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 42aa0d02c281d790c77ce18789ccab20e9274260
Auto-Submitted: auto-generated

The branch stable/13 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=42aa0d02c281d790c77ce18789ccab20e9274260

commit 42aa0d02c281d790c77ce18789ccab20e9274260
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-03-20 01:27:52 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-04-03 05:58:58 +0000

    pf tests: test table information export via snmp_pf
    
    Event:          Tokyo Hackathon 202503
    (cherry picked from commit 36586800803d24f1137d861bbaf487a6bde16a09)
---
 tests/sys/netpfil/pf/snmp.sh | 52 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/tests/sys/netpfil/pf/snmp.sh b/tests/sys/netpfil/pf/snmp.sh
index 0d6b2eb10ec7..37cc4b75cf92 100644
--- a/tests/sys/netpfil/pf/snmp.sh
+++ b/tests/sys/netpfil/pf/snmp.sh
@@ -65,7 +65,59 @@ basic_cleanup()
 	pft_cleanup
 }
 
+atf_test_case "table" "cleanup"
+table_head()
+{
+	atf_set descr 'Test tables and pf_snmp'
+	atf_set require.user root
+}
+
+table_body()
+{
+	pft_init
+
+	epair=$(vnet_mkepair)
+
+	ifconfig ${epair}b 192.0.2.2/24 up
+
+	vnet_mkjail alcatraz ${epair}a
+	jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up
+
+	jexec alcatraz pfctl -e
+	pft_set_rules alcatraz \
+	    "table <foo> counters { 192.0.2.0/24 }" \
+	    "pass in from <foo>"
+
+	# Start bsnmpd after creating the table so we don't have to wait for
+	# a refresh timeout
+	jexec alcatraz bsnmpd -c $(atf_get_srcdir)/bsnmpd.conf
+
+	# Sanity check, and create state
+	atf_check -s exit:0 -o ignore \
+	    ping -c 1 192.0.2.1
+
+	# We should have one table
+	atf_check -s exit:0 -o match:'pfTablesTblNumber.0 = 1' \
+	    bsnmpwalk -s public@192.0.2.1 -i pf_tree.def begemot
+
+	# We have the 'foo' table
+	atf_check -s exit:0 -o match:'pfTablesTblDescr.* = foo' \
+	    bsnmpwalk -s public@192.0.2.1 -i pf_tree.def pfTables
+
+	# Which contains address 192.0.2.0/24
+	atf_check -s exit:0 -o match:'pfTablesAddrNet.* = 192.0.2.0' \
+	    bsnmpwalk -s public@192.0.2.1 -i pf_tree.def pfTables
+	atf_check -s exit:0 -o match:'pfTablesAddrPrefix.* = 24' \
+	    bsnmpwalk -s public@192.0.2.1 -i pf_tree.def pfTables
+}
+
+table_cleanup()
+{
+	pft_cleanup
+}
+
 atf_init_test_cases()
 {
 	atf_add_test_case "basic"
+	atf_add_test_case "table"
 }

From nobody Thu Apr  3 16:43:05 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZT6x62wtNz5s8M4;
	Thu, 03 Apr 2025 16:43:06 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZT6x54Kkhz4J0M;
	Thu, 03 Apr 2025 16:43:05 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743698585;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=p8RQMEb/MLNBZhJTr/EHrnSn6eMoHZLfOY4XRrMsS4c=;
	b=mNoKoKUrzkn9mBluW/MJxBDyibV0BRDu46PzBmZ8D0MYPszuQLE8W0OJF7H3kpXNqOaGKS
	W93sB4kGttPihpywQICmIpE6McGCIVaRn6S5WmXMY+Er1nXaqThapALDt/a4dVG/VOwWkg
	bLGkDam9HzuUph7mFYiiG4VaiHQwVEF8/s2VjPGaOxqZEXHrhTz1ryGCEO9asuxOpVjvRD
	12vHQhw+l+LkaiSn3KalcZJHWngPaigNAiYobAXUOgY7yRAzSxkh9upPAP173ENkMQcOb4
	31tdb/bxK0cCUpNH/hafB9EF2Lq1QIdHvtuF/SKy+fg3WKFz+GLGYIXglnMstg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743698585; a=rsa-sha256; cv=none;
	b=xr2FLwx4X75/T0DQeMIyRsGVqoR8z0yBvTU/mh64bitV48yOatVRFnZgg4mLQ9c8xz4ADf
	XONCXn6TpQGT65OiJnaDq7Ea02xXXwzp2OOtlSkGioBirN4pxKD2N4mblSkiMVYSTmDvVK
	fW84yUvhgIjnqhYgZnPFRHLzkBQg7hM2JSh1c/s1faxtJhloptY40HwIqr9GI/oa0sWMCt
	TLLqIL6De4ZzMwFkPyA3CsjFKauw5Erg2mvD2/+6PvS5GBRbaxHF4Fug5U3omyTQpUudcl
	9ZntQ2/v7sFnx1kSy5U7FCNyFOLg/y7u+38MaLwN5ffDf2ECtAOucyyNyw4ZIQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743698585;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=p8RQMEb/MLNBZhJTr/EHrnSn6eMoHZLfOY4XRrMsS4c=;
	b=Cz+JG9B6wH1lXO0kJkGiz/XwjR5HrPnqyOIkRuIsXaesRTBeGKhbMb2qDy6eDF1U6wx37/
	z7eZ726BY1q6AboEEKWoZeDAcrdgNEcsNRBhqPlBgSB9kx0tid5QQBJu9O48rn/y6XgAxz
	OCQN5gCo12JUmKCDPfpwqYFvmwnIfZSL4Q2ReS7RQRmSDAT27c9J+q/NLSyN4jqfw6jgVf
	Kyo855kPExo6o/LUWCnhU/jXQ1rY43BjAVHFa9Eei5RaRYK4nII4vxtHaELuUwQt1TNXfL
	puz24927tLO9SAKEwgwrqtRCvaBxLfNeq8WQc3eqVbJr7qANquB74Ag/afpgCg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZT6x53NR8z181n;
	Thu, 03 Apr 2025 16:43:05 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533Gh5Cw022788;
	Thu, 3 Apr 2025 16:43:05 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533Gh5YO022785;
	Thu, 3 Apr 2025 16:43:05 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 16:43:05 GMT
Message-Id: <202504031643.533Gh5YO022785@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: ca1bf31177d2 - stable/13 - pf tests: add a basic
  snmp_pf test case
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: ca1bf31177d2cdf7618f63f2317558fa089af54e
Auto-Submitted: auto-generated

The branch stable/13 has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=ca1bf31177d2cdf7618f63f2317558fa089af54e

commit ca1bf31177d2cdf7618f63f2317558fa089af54e
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-03-19 06:42:42 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-04-03 05:58:48 +0000

    pf tests: add a basic snmp_pf test case
    
    Event:          Tokyo Hackathon 202503
    (cherry picked from commit c849f533326026501c28cb2c344b16723862551a)
---
 tests/sys/netpfil/pf/Makefile    |  6 +++-
 tests/sys/netpfil/pf/bsnmpd.conf | 47 ++++++++++++++++++++++++++
 tests/sys/netpfil/pf/snmp.sh     | 71 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 123 insertions(+), 1 deletion(-)

diff --git a/tests/sys/netpfil/pf/Makefile b/tests/sys/netpfil/pf/Makefile
index f033940b4564..eaec2c9d5203 100644
--- a/tests/sys/netpfil/pf/Makefile
+++ b/tests/sys/netpfil/pf/Makefile
@@ -27,6 +27,7 @@ ATF_TESTS_SH+=	altq \
 		sctp \
 		set_skip \
 		set_tos \
+		snmp \
 		src_track \
 		syncookie \
 		synproxy \
@@ -40,7 +41,9 @@ ATF_TESTS_PYTEST+=	sctp.py
 # Tests reuse jail names and so cannot run in parallel.
 TEST_METADATA+=	is_exclusive=true
 
-${PACKAGE}FILES+=	CVE-2019-5597.py \
+${PACKAGE}FILES+=	\
+			bsnmpd.conf \
+			CVE-2019-5597.py \
 			CVE-2019-5598.py \
 			echo_inetd.conf \
 			fragcommon.py \
@@ -50,6 +53,7 @@ ${PACKAGE}FILES+=	CVE-2019-5597.py \
 			pfsync_defer.py \
 			utils.subr
 
+${PACKAGE}FILESMODE_bsnmpd.conf=		0555
 ${PACKAGE}FILESMODE_CVE-2019-5597.py=	0555
 ${PACKAGE}FILESMODE_CVE-2019-5598.py=	0555
 ${PACKAGE}FILESMODE_fragcommon.py=	0555
diff --git a/tests/sys/netpfil/pf/bsnmpd.conf b/tests/sys/netpfil/pf/bsnmpd.conf
new file mode 100644
index 000000000000..27abdda6cbd3
--- /dev/null
+++ b/tests/sys/netpfil/pf/bsnmpd.conf
@@ -0,0 +1,47 @@
+location := "A galaxy far, far away"
+contact := "skywalker@Tatooine"
+system := 1
+
+read := "public"
+write := "geheim"
+trap := "mytrap"
+
+NoAuthProtocol		:= 1.3.6.1.6.3.10.1.1.1
+HMACMD5AuthProtocol	:= 1.3.6.1.6.3.10.1.1.2
+HMACSHAAuthProtocol	:= 1.3.6.1.6.3.10.1.1.3
+NoPrivProtocol		:= 1.3.6.1.6.3.10.1.2.1
+DESPrivProtocol		:= 1.3.6.1.6.3.10.1.2.2
+AesCfb128Protocol	:= 1.3.6.1.6.3.10.1.2.4
+
+securityModelAny	:= 0
+securityModelSNMPv1	:= 1
+securityModelSNMPv2c	:= 2
+securityModelUSM	:= 3
+
+MPmodelSNMPv1		:= 0
+MPmodelSNMPv2c		:= 1
+MPmodelSNMPv3		:= 3
+
+noAuthNoPriv := 1
+authNoPriv := 2
+authPriv := 3
+
+%snmpd
+begemotSnmpdDebugDumpPdus	= 2
+begemotSnmpdDebugSyslogPri	= 7
+
+begemotSnmpdCommunityString.0.1	= $(read)
+begemotSnmpdCommunityDisable	= 1
+
+begemotSnmpdTransInetStatus.1.4.0.0.0.0.161.1 = 4
+begemotSnmpdTransInetStatus.2.16.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.161.1 = 4
+
+begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1
+begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4
+
+sysContact	= $(contact)
+sysLocation	= $(location)
+sysObjectId 	= 1.3.6.1.4.1.12325.1.1.2.1.$(system)
+
+begemotSnmpdModulePath."mibII"	= "/usr/lib/snmp_mibII.so"
+begemotSnmpdModulePath."pf"	= "/usr/lib/snmp_pf.so"
diff --git a/tests/sys/netpfil/pf/snmp.sh b/tests/sys/netpfil/pf/snmp.sh
new file mode 100644
index 000000000000..0d6b2eb10ec7
--- /dev/null
+++ b/tests/sys/netpfil/pf/snmp.sh
@@ -0,0 +1,71 @@
+#
+# SPDX-License-Identifier: BSD-2-Clause
+#
+# Copyright (c) 2025 Kristof Provost <kp@FreeBSD.org>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+. $(atf_get_srcdir)/utils.subr
+
+atf_test_case "basic" "cleanup"
+basic_head()
+{
+	atf_set descr 'Basic pf_snmp test'
+	atf_set require.user root
+}
+
+basic_body()
+{
+	pft_init
+
+	epair=$(vnet_mkepair)
+
+	ifconfig ${epair}b 192.0.2.2/24 up
+
+	vnet_mkjail alcatraz ${epair}a
+	jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up
+
+	# Start bsnmpd
+	jexec alcatraz bsnmpd -c $(atf_get_srcdir)/bsnmpd.conf
+
+	jexec alcatraz pfctl -e
+	pft_set_rules alcatraz \
+	    "pass"
+
+	# Sanity check, and create state
+	atf_check -s exit:0 -o ignore \
+	    ping -c 1 192.0.2.1
+
+	# pf should be enabled
+	atf_check -s exit:0 -o match:'pfStatusRunning.0 = true' \
+	    bsnmpwalk -s public@192.0.2.1 -i pf_tree.def begemot
+}
+
+basic_cleanup()
+{
+	pft_cleanup
+}
+
+atf_init_test_cases()
+{
+	atf_add_test_case "basic"
+}

From nobody Thu Apr  3 19:31:50 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBgp5RsKz5sLtp;
	Thu, 03 Apr 2025 19:31:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBgp4tM8z3Rtx;
	Thu, 03 Apr 2025 19:31:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708710;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=53E9a8aU0cijSwhr9OOdOK51TdkU9tugbXobjf79boM=;
	b=h0b0Dfs17oV4VWyTM5GT4fSmHNbC783ApWfDCac9oxYbqZgnq++OBl86zHoaoURFlY9BEW
	q2cmvg9zPeJdReI/6dxaj7KC9BxLD8/jd28FEe9wVUFu9/F9WsAplZJOTMB8pJRRetFG0/
	BnWq8efDPpLPPRT8Va9oKFJ7wtopqAVfCKsMXwn4ZhtWQ8v87BjPIb/xA6oczk5tW1Y6+4
	LKpsMaMf/rWxLGZ6gqNJxtek7VdMAYBej2ScN5IHf2RXrBenptdAOvKt6vLgkOQavEJZ74
	T4b9Frbp3K7TlLhS9/EVIkZfsg8k87lGr21LQhH0NJTP7mvq7gZTfKTeh/hMZw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708710; a=rsa-sha256; cv=none;
	b=gwWgQG3YSGpKDyhBX/m7ERQQs3kkfCEzvyH/Hsugpelll/rSO/YeJt+CoUjkl3JgVAzeiK
	ffsjujo/THcLgNrd71CCrWG3mLpA1mOIjHfu1y8oCJvNzocjkkDj8wvQ80P0svrpuk32U0
	7Ql/zDnaW4DAT2jCjbH7brnJuMBbViwXvDEKDK59b/6yOGGZ8tPC8IUW46wp2+vZ9hvK5H
	CJrPje2efUlt7veCUZnAIuBbJ1wpdcKSWDxiAhx+rErVfRuJR/kqaVhWO+9TvNELTOh5qi
	Mc+A5mnIDTILxngGP7CLcvv01dEkXxbqJV2yrmWbsO8f0QLHVeT8Kg3gly9Nqg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708710;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=53E9a8aU0cijSwhr9OOdOK51TdkU9tugbXobjf79boM=;
	b=MAsC8HcDGBvXgZZDOvHRSeaEwxgmTGVYiMo9XYtcKysdMf0VnyIMo+67QkfQwWdIxDlgjF
	T4ZNXvpN4Fv3RnA5gijENIKM1xBFAUxDq4/x4PGxAUgjDYYPsPefWtg+vdbvagLUI0GLpo
	QvnYjXOStePl84acaGzxlE2hd5rG2k+ojTlY9Y6CvDDuBm/d1qVAHn574joMw4a61glVvg
	XI+KQB5KGFb7ej7ymCsJSiRu+p8NW5eSDTAWDRCetkeCZ50XUPsXz1UUzD8pGVZClrxXGv
	IDtkB54oLSr+mb1m+SuuIYc719zp9I/hTREwu/cR/vNPHLIStvq6gFKUIhAx5A==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBgp4RQtz1Cpk;
	Thu, 03 Apr 2025 19:31:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JVoFR033750;
	Thu, 3 Apr 2025 19:31:50 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JVoh1033747;
	Thu, 3 Apr 2025 19:31:50 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:31:50 GMT
Message-Id: <202504031931.533JVoh1033747@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 4b4bd20e17e0 - stable/14 - mac_do(4): Enhance GID
  rule validation to check all groups in cr_groups
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 4b4bd20e17e0cc57a085f96d5a2b73f2e631e1b5
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=4b4bd20e17e0cc57a085f96d5a2b73f2e631e1b5

commit 4b4bd20e17e0cc57a085f96d5a2b73f2e631e1b5
Author:     Li-Wen Hsu <lwhsu@FreeBSD.org>
AuthorDate: 2024-10-28 18:58:12 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:30:49 +0000

    mac_do(4): Enhance GID rule validation to check all groups in cr_groups
    
    Previously, the rule validation only checked the primary GID (cr_gid).
    This caused issues when applying GID-based rules, as users with matching
    secondary groups were not considered valid. This patch modifies both
    functions to iterate through all groups in cr_groups to ensure all group
    memberships are considered when validating GID-based rules.
    
    For example, a user's primary group is staff (20) and they are also in
    the wheel (0) group, this change allows the rule gid=0:any to enable
    them to run commands as any user.
    
    Reviewed by:    delphij (earlier version), bapt
    Differential Revision:  https://reviews.freebsd.org/D47304
    
    (cherry picked from commit 7937bfbc0ca53fe7cdd0d54414f9296e273a518e)
---
 sys/security/mac_do/mac_do.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 507e64ea0175..1aad37f549bc 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -411,7 +411,7 @@ rule_is_valid(struct ucred *cred, struct rule *r)
 {
 	if (r->from_type == RULE_UID && r->f_uid == cred->cr_uid)
 		return (true);
-	if (r->from_type == RULE_GID && r->f_gid == cred->cr_gid)
+	if (r->from_type == RULE_GID && groupmember(r->f_gid, cred))
 		return (true);
 	return (false);
 }
@@ -516,7 +516,7 @@ check_setuid(struct ucred *cred, uid_t uid)
 			}
 		}
 		if (r->from_type == RULE_GID) {
-			if (cred->cr_gid != r->f_gid)
+			if (!groupmember(r->f_gid, cred))
 				continue;
 			if (r->to_type == RULE_ANY) {
 				error = 0;

From nobody Thu Apr  3 19:31:51 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBgr0j2lz5sLxV;
	Thu, 03 Apr 2025 19:31:52 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBgq5wkRz3RZY;
	Thu, 03 Apr 2025 19:31:51 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708711;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=4OtTjirvvIFcwk1wsnJ9OHmPf1h0MzIT7X2UtObHMj8=;
	b=fIt84fA1t28okRmTi9+ED6CExi50glRVVwWkcBBH3ImFJSEdMqpOPloRxtwPUVoCXi49j/
	fRk9JQmqFxqqy1x3Ps8n9hZpwbUgQfS+optRC3hZxdon1gx6PfsOk8vYhn7zPXJNZ90suQ
	QrOKBilocfyLgQGoK975RY51njsu3F2p8yTgLgWRMFV4h5FDSAKZHJjWanmpPU+3SGD0e0
	LP+d9fJzXVNgBWBtEWtE5lLc8Sc4zEsb2howP4/jqBQAbsb9gWwmFtory26YlROAwqX6Z0
	tPOhacepk83dVTF5NZGMhOGbaxiU1ujXTcpikuYVFPK1CpqWQLbOCJ/EvRYctQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708711; a=rsa-sha256; cv=none;
	b=lU93OZ/Te0oe1NSIZU+nn4lCu13T9gTxgKF1IwsjNNdl4vMMnQWxbxwLUdWTcT5c5bGseY
	F1srFNvAxOSv3dudazVFd4AIlbvG6KUtrIMIZdY6Rc/z9UZYKyaKmnKZTG0zgA1VZfIzz4
	bK0QaveP1HkDnX76B463bEZ7CIMGwF4DRgOFB/OKNNYQdn/h1LvLIKDwN+qIYfO81EiWZH
	OhuVWCLME5woXZ/JnCes8murN8Axdk8r8My3Rf1wH/U+WeljHGsMVWtGy2D5l2ZijPLtrD
	jm+k0AMTB+/klMgayDxvK6pIVPw/7DGvf6V/wqAX8NrOycvlsgM5CE9KiJa4bw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708711;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=4OtTjirvvIFcwk1wsnJ9OHmPf1h0MzIT7X2UtObHMj8=;
	b=BPH3KXB8SqUWPqs+Cr+1kjNGzTny2C6apx1PCFpQgGqiqX5UcY5GKQka+rEan9xN/aIE8N
	gftnP1zjIyjuzIIkOHxxrBIV/X/eDEbBt3Vxx0TDRxYL6XnAsaFwBlRtD8akbBRr0dCAG2
	0rK3uTP8/1U+Swa1CGrnD7m8kO/w3hqiLK0eKyhxeBmOw/SfpoVKb5McNlsl0qn3+clFF8
	JRA+57rKDX/y4/hZFtIaruWa5j7stBFTaHROPfzWZVYWOzeCzZUauNvfRxpDxZJEIIY0/d
	I/i9/reUDZf+F2G1ueKcovLQd+SeRq1CDFe5tB3zuAWRTLWUpNMspWkGZnh4sw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBgq5N15zZj;
	Thu, 03 Apr 2025 19:31:51 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JVpUe033785;
	Thu, 3 Apr 2025 19:31:51 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JVpqN033782;
	Thu, 3 Apr 2025 19:31:51 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:31:51 GMT
Message-Id: <202504031931.533JVpqN033782@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: ea3d86ea5774 - stable/14 - MAC/do: Sort header
  inclusions
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: ea3d86ea5774450581f58e4cbdb45530f120b05a
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=ea3d86ea5774450581f58e4cbdb45530f120b05a

commit ea3d86ea5774450581f58e4cbdb45530f120b05a
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-11-25 14:46:41 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:30:55 +0000

    MAC/do: Sort header inclusions
    
    In accordance with style(9).
    
    Reviewed by:    bapt, emaste
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47771
    
    (cherry picked from commit f0600c41e754f32b388af804fb542b0f0ea89dee)
---
 sys/security/mac_do/mac_do.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 1aad37f549bc..e72ffed2ff04 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -5,10 +5,11 @@
  */
 
 #include <sys/param.h>
-#include <sys/malloc.h>
+#include <sys/systm.h>
 #include <sys/jail.h>
 #include <sys/kernel.h>
 #include <sys/lock.h>
+#include <sys/malloc.h>
 #include <sys/module.h>
 #include <sys/mount.h>
 #include <sys/mutex.h>
@@ -17,7 +18,6 @@
 #include <sys/socket.h>
 #include <sys/sx.h>
 #include <sys/sysctl.h>
-#include <sys/systm.h>
 #include <sys/ucred.h>
 #include <sys/vnode.h>
 

From nobody Thu Apr  3 19:31:52 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBgs4xKTz5sLrS;
	Thu, 03 Apr 2025 19:31:53 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBgs0mjRz3RRH;
	Thu, 03 Apr 2025 19:31:53 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708713;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=YvJrzkxohOKcEg/7sg5PJo8GIKzMqozntT73W1rgzEU=;
	b=WkHURHb6EkQGrnHiH0Et6Z9UeeMdEo6Z2dr7a7nT67ISOGDyZWgTprweBxiM1cX3C/EZ3c
	xjmr+5UDONQIVvjj1z7EkHGr/9Ea0tEzQvz779oPWSaa+/EOr1UqFJhvRwZgsSTxkkvhMB
	l6dIkggXlVD9qrTtaV/nH15OAM/4QCxLWDDuEq+kFI4NajmG83EEDfrmEoaf3MTFuBk4Fy
	7JzxnUoqVDqqeA/kxk/LzTVhyUeq3inOqcECCFnN1rv7gz/dFh7C+MR+aw/itNHdHClbXc
	SkAtEGbpE9W8PK13PxaSXZ31XDBPQm9MsnUb6u3q3NnzzFZAR2/55vwEu2YRUQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708713; a=rsa-sha256; cv=none;
	b=AqP26yyiJInnKCmzCDtoSjkkroXLYcc++4xE9JqnCzdF2amCe7r/NXi+n2rSwzS2lF9LN/
	dFi9+Q0771b6vdBjW53BioQAbvfBJC8DA3vbbp/qHd1vXNmBEQOv1/WRa+IALyw4vAbN9C
	slVd6QFza9BW7/Euh3c6DluHrm9vFAj7Iyw4Tr3+jOd1MGWoGoqOxnYgtGaDfb4dYNMZcZ
	rsPGXo0FV3MKwWgSQ//7t519quGNSIKOUwZM7CwZmL13E6mGIo85Mnp+eRPBH0bjGCuuDc
	mgku6Ska9XgGCzWomN3/3MaUXtB7rYsqs1Iq2EaFJbkfvi7yrXIJ8liqtaQh1g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708713;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=YvJrzkxohOKcEg/7sg5PJo8GIKzMqozntT73W1rgzEU=;
	b=Wznwyg5KzqsfMmsThXpL5cFY+On5Br/bah1TDv0Idm8AYsjAhO81+rK1Y/oK/OU1g/wnn4
	pQLJkMAyBGRGwpLWU74rzQhn4WWot/eCkgLvxYnynreWOm2d1Sn4ZqbOpehdRpllXIYBCa
	UeAuw/ROK5LmVxrd0SboaMq2/pMUgcFzBMb5HM/fm/KcShBC8xInFI3aYiigGIHmOeVekt
	SzR7m7bcU9JZzSWowErcALL0BQIZmOSMpx5fNmoGgXMgpRYU7nUebsPl7Q4N1FiiPZhSwJ
	OAEktjZRrbWUfUAMtXMampdWF20StK6uDpBCkQYI7zeUYtd0nML0EFivPqE3ow==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBgr6K24zLp;
	Thu, 03 Apr 2025 19:31:52 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JVqpc033820;
	Thu, 3 Apr 2025 19:31:52 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JVqQD033817;
	Thu, 3 Apr 2025 19:31:52 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:31:52 GMT
Message-Id: <202504031931.533JVqQD033817@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: d84014ce3aae - stable/14 - MAC/do: parse_rules():
  Copy input string on its own
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: d84014ce3aae885af3a7a0a737f38c5d758a830a
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=d84014ce3aae885af3a7a0a737f38c5d758a830a

commit d84014ce3aae885af3a7a0a737f38c5d758a830a
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-06-28 15:14:30 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:30:55 +0000

    MAC/do: parse_rules(): Copy input string on its own
    
    Since all callers have to do it, save them that burden and do it in
    parse_rules() instead.
    
    While here, replace "strlen(x) == 0" with the simpler and more efficient
    "x[0] == '\0'".
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47591
    
    (cherry picked from commit 2200a3ec711baa98c20a4b65868957dc40912f0f)
---
 sys/security/mac_do/mac_do.c | 27 +++++++++++++--------------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index e72ffed2ff04..2ddc13d62b4f 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -130,23 +130,26 @@ out:
 }
 
 static int
-parse_rules(char *string, struct rulehead *head)
+parse_rules(const char *const string, struct rulehead *const head)
 {
 	struct rule *new;
+	char *const copy = strdup(string, M_DO);
+	char *p = copy;
 	char *element;
 	int error = 0;
 
-	while ((element = strsep(&string, ",")) != NULL) {
-		if (strlen(element) == 0)
+	while ((element = strsep(&p, ",")) != NULL) {
+		if (element[0] == '\0')
 			continue;
 		error = parse_rule_element(element, &new);
-		if (error)
+		if (error != 0) {
+			toast_rules(head);
 			goto out;
+		}
 		TAILQ_INSERT_TAIL(head, new, r_entries);
 	}
 out:
-	if (error != 0)
-		toast_rules(head);
+	free(copy, M_DO);
 	return (error);
 }
 
@@ -175,7 +178,7 @@ mac_do_rule_find(struct prison *spr, struct prison **prp)
 static int
 sysctl_rules(SYSCTL_HANDLER_ARGS)
 {
-	char *copy_string, *new_string;
+	char *new_string;
 	struct rulehead head, saved_head;
 	struct prison *pr;
 	struct mac_do_rule *rules;
@@ -196,10 +199,8 @@ sysctl_rules(SYSCTL_HANDLER_ARGS)
 	if (error)
 		goto out;
 
-	copy_string = strdup(new_string, M_DO);
 	TAILQ_INIT(&head);
-	error = parse_rules(copy_string, &head);
-	free(copy_string, M_DO);
+	error = parse_rules(new_string, &head);
 	if (error)
 		goto out;
 	TAILQ_INIT(&saved_head);
@@ -272,7 +273,7 @@ mac_do_prison_set(void *obj, void *data)
 	struct vfsoptlist *opts = data;
 	struct rulehead head, saved_head;
 	struct mac_do_rule *rules;
-	char *rules_string, *copy_string;
+	char *rules_string;
 	int error, jsys, len;
 
 	error = vfs_copyopt(opts, "mdo", &jsys, sizeof(jsys));
@@ -293,10 +294,8 @@ mac_do_prison_set(void *obj, void *data)
 		mac_do_alloc_prison(pr, &rules);
 		if (rules_string == NULL)
 			break;
-		copy_string = strdup(rules_string, M_DO);
 		TAILQ_INIT(&head);
-		error = parse_rules(copy_string, &head);
-		free(copy_string, M_DO);
+		error = parse_rules(rules_string, &head);
 		if (error)
 			return (1);
 		TAILQ_INIT(&saved_head);

From nobody Thu Apr  3 19:31:53 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBgt38ZJz5sLty;
	Thu, 03 Apr 2025 19:31:54 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBgt0bYWz3Rcq;
	Thu, 03 Apr 2025 19:31:54 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708714;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=ar0DUZ6wHtr3ER4oNM3YTT1HO5Ec3ffMriCAHhd8Tyc=;
	b=KtLHKrnJaXO3KtL5PU94JfJ8x6MKn2wdq3Pkc/8lX2S6nn+XdpYoFRjHVO1uaxcI126flB
	jnR+MLB4uyc2tT0Yj6zAe9wYiDHTVWOAbalUHIYNUFpC3dd6AqHle/S0uHTIEYjAWDfkvo
	t1t3CzmW4cmC+KIktUGI8nVdyhX07y559BtxUeAtqqoVvvSbaXBpHbsls2Pm0DlHLETJT3
	raUwpCsy72wqvtJTO3pUoMrrH5cg6t5VKfEBEQs5hwxgEh0+dpG/39C8P135spGjl207EQ
	IUIsBfzpQyL/K5RM1MkUXUb26OA55VquQt2RkF+rIBXjPOK4e4ZIhP1ACR7zzw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708714; a=rsa-sha256; cv=none;
	b=MTuPxWhFH6lY5TsEjnYHhr+6t1LyJKsM/EJuBXOXK2SB+8z9aXYtjSZoK3MdyLxnUPbEee
	qeBmUwCRfrB381scLPvzHPgklGY39BduvwlfbqPYaRgZ+GZctJWIC4EbTrXbqlPZ++ASPf
	AP4fk6pslSwxLCQpDkb4vKiATpbz3d3uAfrOJak+L8lxNYKXEQ4GptClBNHwddskE+6r/2
	A9+2A6skPLwdi7LYFM2dr65yVC95Fc8XLVPyKvwX6ZIRJbftOLCi30JxKJqP/uRNyFassQ
	GIlYSesYRcrryTDZzyiicKDrXxNM9E1yf5mh/pnfVRiKXQO7atdVDVJL9HiiXg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708714;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=ar0DUZ6wHtr3ER4oNM3YTT1HO5Ec3ffMriCAHhd8Tyc=;
	b=ev9J0L3aN8sxc8lNw4rXeqlM6Wzaas8XIw3TboktrRqq3usPmhGO8r1V6BV94J31DjmHdK
	pzlX9ATpeNCjM7vg1rSJFGjpgcxYR3zo4bhQh3eIwXXZC1NHxF/WWWgHgOO451h3NkAZB5
	kibGqOUh1p1tf4QR5GjJVrlp1I7mGG0vdog9mGDxcNiBK2zWWZCwaayTDDe3NN6VSvVlFv
	b5G6I1u6O2Vu1C9+kRJqTeDPAwuQeRb4bYduElsrn93IsRG0QnAif5OZ0CHm75/JbmIj+A
	yGlzrwj3ZKf8wDRXa7iSr3YUCbuvmaPkySlCz46ecgeH3iYM1d0cH37R2/uztg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBgt09B6zLq;
	Thu, 03 Apr 2025 19:31:54 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JVrZ0033855;
	Thu, 3 Apr 2025 19:31:53 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JVrpf033852;
	Thu, 3 Apr 2025 19:31:53 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:31:53 GMT
Message-Id: <202504031931.533JVrpf033852@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 41d1660fcf39 - stable/14 - MAC/do: Rename rule_is_valid()
  => rule_applies()
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 41d1660fcf39a44a14756b97ec067c63b3de64a2
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=41d1660fcf39a44a14756b97ec067c63b3de64a2

commit 41d1660fcf39a44a14756b97ec067c63b3de64a2
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-01 13:24:47 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:30:56 +0000

    MAC/do: Rename rule_is_valid() => rule_applies()
    
    This function checks whether a rule applies in the current context,
    i.e., if the subject's users/groups match that of the rule.  By
    contrast, it doesn't check if the rule as specified by the user is valid
    (i.e., consistent).
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47592
    
    (cherry picked from commit ccae2774897c1f8bb11f696d5895fb686db98176)
---
 sys/security/mac_do/mac_do.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 2ddc13d62b4f..4cc2a7971545 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -406,7 +406,7 @@ init(struct mac_policy_conf *mpc)
 }
 
 static bool
-rule_is_valid(struct ucred *cred, struct rule *r)
+rule_applies(struct ucred *cred, struct rule *r)
 {
 	if (r->from_type == RULE_UID && r->f_uid == cred->cr_uid)
 		return (true);
@@ -427,7 +427,7 @@ priv_grant(struct ucred *cred, int priv)
 
 	rule = mac_do_rule_find(cred->cr_prison, &pr);
 	TAILQ_FOREACH(r, &rule->head, r_entries) {
-		if (rule_is_valid(cred, r)) {
+		if (rule_applies(cred, r)) {
 			switch (priv) {
 			case PRIV_CRED_SETGROUPS:
 			case PRIV_CRED_SETUID:
@@ -466,7 +466,7 @@ check_setgroups(struct ucred *cred, int ngrp, gid_t *groups)
 
 	rule = mac_do_rule_find(cred->cr_prison, &pr);
 	TAILQ_FOREACH(r, &rule->head, r_entries) {
-		if (rule_is_valid(cred, r)) {
+		if (rule_applies(cred, r)) {
 			mtx_unlock(&pr->pr_mtx);
 			return (0);
 		}

From nobody Thu Apr  3 19:31:55 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBgv34SJz5sLmS;
	Thu, 03 Apr 2025 19:31:55 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBgv1WxYz3RRp;
	Thu, 03 Apr 2025 19:31:55 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708715;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=b+7NUhcM7VN9YBdhn5qrjWGnC5XyxARl/I8qAlevRac=;
	b=MUuggiG3iybbKooHnMCx3eru96CgwFi8Q85Ylr4GprMgJwi0AsQAwtVFInJlnWfG85teeX
	EfY+VrdPm+n2nKml82QMythOH6Zl4IiMg8NVAhXIbZeOmHtLnJZSSuE+dob4vWrdXRxlny
	nyL5NUf6B6H6oukXM+cMiZVZqp+ALaK+yhJeXMTJNtKOnLQr0GezVvivj69pwUxzc0Usas
	rLvujJAigKm6ZZgJ+udta4so8Lk8+ifMilJeZjb4TDcC/Cx9thds2kaCb1MN5qD4rl7eQq
	F+th2WrM0GD8AZgzCK3MgYdiRKaS1j5kgloCcXvdXuQ4fjnL5RGltXjulsIBrA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708715; a=rsa-sha256; cv=none;
	b=gV5bC8swKINt+581VTrA10iKBzazZCIKXadNu3z+iaE/tv1ug402iTULQTxBFpVEIZ2SGH
	ubcwy+h8ywIQkuKHfcf6yURXhdkoCe03+rt3atuKwbSPeWG1/60NBD81TZ/20+JKhmOPZA
	LQQJSgyij4uDpeW//7CG2HzdROKjGVOzbBH5CQooipMbQs/gKE63fBaw3gZQk0x40U+BR/
	kUUPHScwd0Nmftzkj9JcRUjkhYTWkO7bAus+dIZH5hL7I8sXFkQN5x73KDF8UnztBpBc83
	2j0X/O5wvFPYRnsxBYKA4LCWfBBQlCp17ftWUcoK8QIemCIMVllm72rnK4r/wA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708715;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=b+7NUhcM7VN9YBdhn5qrjWGnC5XyxARl/I8qAlevRac=;
	b=BWh8uaegk6N9hfzh6T8zo1AwhWj+srbHz2kyq3rPdavZp7IRBoRqIpFCrUqVulHIquST0P
	EOBJSAPZcpINVWz20o5lKUSTsMicAf+vQXqtOJdkjs6WV8LLQDJSPQQGaPfVHSXL4SR6Bw
	Qy6DjUag0M/qLxkcBYq+XiWnK62HjZcjR3BRHPs5FrmBGYMVsU0P0xPMD2PYsY5tqBfSDW
	kXQhIECt0nuHr+iQwbxOBLWizIEztzPmZgYcTEpi+XK+cMQ9tP6MSyCK7Wk9EY3uW6f2Po
	S6BTi7JM47n8n59averUw+SC06CpBJOK6gI8XFjpUaa8K0qHNKhfqGDlXzCipg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBgv17jjzZk;
	Thu, 03 Apr 2025 19:31:55 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JVtaq033895;
	Thu, 3 Apr 2025 19:31:55 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JVtOC033892;
	Thu, 3 Apr 2025 19:31:55 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:31:55 GMT
Message-Id: <202504031931.533JVtOC033892@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: d50dbaf784de - stable/14 - MAC/do: Rename private
  struct 'mac_do_rule' => 'rules'
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: d50dbaf784de92fea98a5116184537f3dc012be0
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=d50dbaf784de92fea98a5116184537f3dc012be0

commit d50dbaf784de92fea98a5116184537f3dc012be0
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-01 14:28:20 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:30:56 +0000

    MAC/do: Rename private struct 'mac_do_rule' => 'rules'
    
    To simplify and be consistent with 'struct rule'.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47593
    
    (cherry picked from commit 02ed945ccec43340208d3a9c152fb98f55dbed69)
---
 sys/security/mac_do/mac_do.c | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 4cc2a7971545..5ac77974379c 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -53,12 +53,12 @@ struct rule {
 	TAILQ_ENTRY(rule) r_entries;
 };
 
-struct mac_do_rule {
+struct rules {
 	char string[MAC_RULE_STRING_LEN];
 	TAILQ_HEAD(rulehead, rule) head;
 };
 
-static struct mac_do_rule rules0;
+static struct rules rules0;
 
 static void
 toast_rules(struct rulehead *head)
@@ -153,11 +153,11 @@ out:
 	return (error);
 }
 
-static struct mac_do_rule *
+static struct rules *
 mac_do_rule_find(struct prison *spr, struct prison **prp)
 {
 	struct prison *pr;
-	struct mac_do_rule *rules;
+	struct rules *rules;
 
 	for (pr = spr;; pr = pr->pr_parent) {
 		mtx_lock(&pr->pr_mtx);
@@ -181,7 +181,7 @@ sysctl_rules(SYSCTL_HANDLER_ARGS)
 	char *new_string;
 	struct rulehead head, saved_head;
 	struct prison *pr;
-	struct mac_do_rule *rules;
+	struct rules *rules;
 	int error;
 
 	rules = mac_do_rule_find(req->td->td_ucred->cr_prison, &pr);
@@ -229,10 +229,10 @@ destroy(struct mac_policy_conf *mpc)
 }
 
 static void
-mac_do_alloc_prison(struct prison *pr, struct mac_do_rule **lrp)
+mac_do_alloc_prison(struct prison *pr, struct rules **lrp)
 {
 	struct prison *ppr;
-	struct mac_do_rule *rules, *new_rules;
+	struct rules *rules, *new_rules;
 	void **rsv;
 
 	rules = mac_do_rule_find(pr, &ppr);
@@ -261,7 +261,7 @@ done:
 static void
 mac_do_dealloc_prison(void *data)
 {
-	struct mac_do_rule *r = data;
+	struct rules *r = data;
 
 	toast_rules(&r->head);
 }
@@ -272,7 +272,7 @@ mac_do_prison_set(void *obj, void *data)
 	struct prison *pr = obj;
 	struct vfsoptlist *opts = data;
 	struct rulehead head, saved_head;
-	struct mac_do_rule *rules;
+	struct rules *rules;
 	char *rules_string;
 	int error, jsys, len;
 
@@ -319,7 +319,7 @@ mac_do_prison_get(void *obj, void *data)
 {
 	struct prison *ppr, *pr = obj;
 	struct vfsoptlist *opts = data;
-	struct mac_do_rule *rules;
+	struct rules *rules;
 	int jsys, error;
 
 	rules = mac_do_rule_find(pr, &ppr);
@@ -348,7 +348,7 @@ static int
 mac_do_prison_remove(void *obj, void *data __unused)
 {
 	struct prison *pr = obj;
-	struct mac_do_rule *r;
+	struct rules *r;
 
 	mtx_lock(&pr->pr_mtx);
 	r = osd_jail_get(pr, mac_do_osd_jail_slot);
@@ -420,7 +420,7 @@ priv_grant(struct ucred *cred, int priv)
 {
 	struct rule *r;
 	struct prison *pr;
-	struct mac_do_rule *rule;
+	struct rules *rule;
 
 	if (do_enabled == 0)
 		return (EPERM);
@@ -449,7 +449,7 @@ check_setgroups(struct ucred *cred, int ngrp, gid_t *groups)
 	char *fullpath = NULL;
 	char *freebuf = NULL;
 	struct prison *pr;
-	struct mac_do_rule *rule;
+	struct rules *rule;
 
 	if (do_enabled == 0)
 		return (0);
@@ -484,7 +484,7 @@ check_setuid(struct ucred *cred, uid_t uid)
 	char *fullpath = NULL;
 	char *freebuf = NULL;
 	struct prison *pr;
-	struct mac_do_rule *rule;
+	struct rules *rule;
 
 	if (do_enabled == 0)
 		return (0);

From nobody Thu Apr  3 19:31:56 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBgw3sykz5sLrT;
	Thu, 03 Apr 2025 19:31:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBgw2D95z3Rgb;
	Thu, 03 Apr 2025 19:31:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708716;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=zFk/K4vHx4qeODhZE5Zl7jCiocrGOsPFx+ibwGAlTpA=;
	b=oa98za7MrGeJYHBUdbwx1iYfW9YPCunsCMzvJ74lGsqGvc8poockhr3F+XEi/BxhMusg3i
	3I7NY7oaOq2bJWVLCem7km7KwSCHgqhVLB/yTtAAxt2Kb1/RFfcAxLpY7YfXmdiUc5Ea/m
	aAjzqPAHidhdW+SYuLFNv89Sgcrdv4A0rrt/qGUo9k3A5tY4n2RBUK7RVjj2D52oV5YF6Y
	OU0ODW24D7vpxXWbEagslH+K5MifO9CuQMfcaiA9WYAFgX0XerFYbwXurOSekFcesMfqGD
	dM9sfcHqIcOZWYMxDfC7s3kKjykiTY6nV8Sq3xQVhpwVaLRUU0UhbNwLW0o4Zw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708716; a=rsa-sha256; cv=none;
	b=uoggP4wnO+F1PtkqlnjIkrX3bMmBK32Qt+vLqOtnAC7JV1JrmhCptlLeFnyhRs5fUffA+l
	6gxChwFrVXPsguXlzgtHonQURUrjutm0GRcJ2WNuAgu67qE4TkhsVsW1Lvti0V+R8L2yCM
	ZKmBudtXMopdP9oDAycp+urke2Cg85WBrrU1NjuC+Ht4kZTjF4RghgbDZso5eh4Id8HJzu
	8Rp5Fppw8iJFr/5ZUTTRc/yROlWz0OGkONmLVl/4t1weiqwbMNFT0fiyU5j9XKE62BN8+K
	BjSFgbSxArza3dYDXAyrJkuQre124LNO1QBzAynpHDG/YpEEiXWyUD1+cdw0Mg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708716;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=zFk/K4vHx4qeODhZE5Zl7jCiocrGOsPFx+ibwGAlTpA=;
	b=hsXFp9QmWWzQGtk0tbLGbAzWv08XMG2yrSL6iCb/KEejMdhdKRx+7V1DGW7h7UPPe+vjgB
	nabYCI1KNJtcIg8RzNSa/Xm4HUmh6686Fs8P2CNbnGiPyHKDXaYB78ztnMRtqF1InrsW17
	WddEnrVpO05/TV+OBi3CQcUEOmyVjP2sObwK030vJ9RYKDlX6seIA4f/mmC7gJjIJy9UIS
	pbksreqr0ilKC3zY7NenPKPKrpAR8bN085X8UGGWwsQz5bjVtw8FmAADc/tlGPQQ2IJ2A/
	LiHYSUrJPfz+092m70oc++usoHk0prNjAPs9Z6s2T+sJq8z/XOVaWLkwmheV8A==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBgw1qgtzLr;
	Thu, 03 Apr 2025 19:31:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JVuoS033931;
	Thu, 3 Apr 2025 19:31:56 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JVuRh033928;
	Thu, 3 Apr 2025 19:31:56 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:31:56 GMT
Message-Id: <202504031931.533JVuRh033928@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 546477d560ab - stable/14 - MAC/do: Rename internal
  mac_do_rule_find() => find_rules()
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 546477d560abfda2dfaf18dad7d0541194837f7e
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=546477d560abfda2dfaf18dad7d0541194837f7e

commit 546477d560abfda2dfaf18dad7d0541194837f7e
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-01 14:35:12 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:30:56 +0000

    MAC/do: Rename internal mac_do_rule_find() => find_rules()
    
    To simplify, be consistent with the rename 'struct mac_do_rule' =>
    'struct rules' and other functions, and because this function is
    internal (and thus is never the first mac_do(4)'s function to appear in
    a stack trace).
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47594
    
    (cherry picked from commit 8ce5770604981a19884604ad532f9528e087c69a)
---
 sys/security/mac_do/mac_do.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 5ac77974379c..1037a4811ada 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -154,7 +154,7 @@ out:
 }
 
 static struct rules *
-mac_do_rule_find(struct prison *spr, struct prison **prp)
+find_rules(struct prison *spr, struct prison **prp)
 {
 	struct prison *pr;
 	struct rules *rules;
@@ -184,7 +184,7 @@ sysctl_rules(SYSCTL_HANDLER_ARGS)
 	struct rules *rules;
 	int error;
 
-	rules = mac_do_rule_find(req->td->td_ucred->cr_prison, &pr);
+	rules = find_rules(req->td->td_ucred->cr_prison, &pr);
 	mtx_unlock(&pr->pr_mtx);
 	if (req->newptr == NULL)
 		return (sysctl_handle_string(oidp, rules->string, MAC_RULE_STRING_LEN, req));
@@ -235,14 +235,14 @@ mac_do_alloc_prison(struct prison *pr, struct rules **lrp)
 	struct rules *rules, *new_rules;
 	void **rsv;
 
-	rules = mac_do_rule_find(pr, &ppr);
+	rules = find_rules(pr, &ppr);
 	if (ppr == pr)
 		goto done;
 
 	mtx_unlock(&ppr->pr_mtx);
 	new_rules = malloc(sizeof(*new_rules), M_PRISON, M_WAITOK|M_ZERO);
 	rsv = osd_reserve(mac_do_osd_jail_slot);
-	rules = mac_do_rule_find(pr, &ppr);
+	rules = find_rules(pr, &ppr);
 	if (ppr == pr) {
 		free(new_rules, M_PRISON);
 		osd_free_reserved(rsv);
@@ -322,7 +322,7 @@ mac_do_prison_get(void *obj, void *data)
 	struct rules *rules;
 	int jsys, error;
 
-	rules = mac_do_rule_find(pr, &ppr);
+	rules = find_rules(pr, &ppr);
 	error = vfs_setopt(opts, "mdo", &jsys, sizeof(jsys));
 	if (error != 0 && error != ENOENT)
 		goto done;
@@ -425,7 +425,7 @@ priv_grant(struct ucred *cred, int priv)
 	if (do_enabled == 0)
 		return (EPERM);
 
-	rule = mac_do_rule_find(cred->cr_prison, &pr);
+	rule = find_rules(cred->cr_prison, &pr);
 	TAILQ_FOREACH(r, &rule->head, r_entries) {
 		if (rule_applies(cred, r)) {
 			switch (priv) {
@@ -464,7 +464,7 @@ check_setgroups(struct ucred *cred, int ngrp, gid_t *groups)
 	}
 	free(freebuf, M_TEMP);
 
-	rule = mac_do_rule_find(cred->cr_prison, &pr);
+	rule = find_rules(cred->cr_prison, &pr);
 	TAILQ_FOREACH(r, &rule->head, r_entries) {
 		if (rule_applies(cred, r)) {
 			mtx_unlock(&pr->pr_mtx);
@@ -500,7 +500,7 @@ check_setuid(struct ucred *cred, uid_t uid)
 	free(freebuf, M_TEMP);
 
 	error = EPERM;
-	rule = mac_do_rule_find(cred->cr_prison, &pr);
+	rule = find_rules(cred->cr_prison, &pr);
 	TAILQ_FOREACH(r, &rule->head, r_entries) {
 		if (r->from_type == RULE_UID) {
 			if (cred->cr_uid != r->f_uid)

From nobody Thu Apr  3 19:31:57 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBgx57YNz5sLmX;
	Thu, 03 Apr 2025 19:31:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBgx30gNz3S1F;
	Thu, 03 Apr 2025 19:31:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708717;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=ZwAYr4qTNHWAJgj4v+ddQX0MQynnYLmb5NtCNdDgK/I=;
	b=dyrUfQk4x5WsVltY9/ncKPU9cpVG4EhCa5ARFABdrIDwBvMWD3yKJwpgWOPQpSsQ/M7kEo
	s5iUI3Z/7XAmyM+0e//dN5Z8Okn/odnHWnnbddxkyhVfr0U+I/lIkEuPBy+/bkOHOtBZpQ
	OibxufxvLjKqKojdrtFczkzxb1jEG+o3HxLDlt2RrmbYoXv6AykUK1wE/xM5gMn4GGPI6Y
	bk5vSZKmMr2kB8oiqugXp3XaalZ+gMYfdohDH+8snf27DpqeWSFe2I4PG0Bw7aeIy6kfKo
	31x9PwjGfkeZfVoM0fci7pg9Cx6izKnctcFJVXN81TH0Z3IQaAGfBCtPuZQJ5g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708717; a=rsa-sha256; cv=none;
	b=q7BcyVdivTnaiVvm/z6XmkqREflYn8CPsMJK4knIKoQ0g79HiRSAOuBY4X4Zv1SqnAr4E2
	xUchNZ03UyC4RopIMhZNw01tLaV8vS4d/HaeNQGPKudptOC8xM1xNPXhifhaZpIgZrM9XV
	ITH0rWXGUe2oAhg83fXDlkKoixl7osyOoNITCLBalk22c3kBFfTSEnn1sVU3e1xn2fMlNj
	HbdNB+em7O9iuzmQFUn29/dOLzqlogPDkqDsglnD3eRHJGHuCv6i+DXQyFbrEmlPUhZIV7
	EjaBGaZRcDiJ8FBnQVUMLvIG/2yMFnfFugDPKWwxfMBztxxsc4ra7v3EzecqKg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708717;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=ZwAYr4qTNHWAJgj4v+ddQX0MQynnYLmb5NtCNdDgK/I=;
	b=ZsgNZtMcG9QWyQhf9TmV/GFM/+z9ym2Nb8bJ9l1Prmcu9PwsadKtfOaKoCK+s66H5Qm5r2
	9eLU6wHZuJcx3dcakY0255fYa2o7/3jnDNWlf9tDcVkGex2tkyaeYmFOgPI8pofqNy6jqt
	m1OlSbCZHKUoUYQVrtqjgBkpy0Tpjz136UaHOZgbI/kcVkpR0JO8m6JFcSq8KWZz637iD6
	gM0B7vIDqVXBT8TfZT5NRi7qQ+2nT4M5/NByNiHlUnVD4XfO8MlXLoN5x3/jTCV0aB1UVa
	MvZvPZim4Jy6nr+mXqdUP+3xWSN63eReBWJ4ntgWNfmajqD5+3mRJPwWJaVtiA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBgx2WGkzXH;
	Thu, 03 Apr 2025 19:31:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JVvLA033966;
	Thu, 3 Apr 2025 19:31:57 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JVv3Y033963;
	Thu, 3 Apr 2025 19:31:57 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:31:57 GMT
Message-Id: <202504031931.533JVv3Y033963@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 75870a3ebc92 - stable/14 - MAC/do: Use
  prison_lock()/prison_unlock()
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 75870a3ebc929a3f154c0f80db7f3bc0864a874d
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=75870a3ebc929a3f154c0f80db7f3bc0864a874d

commit 75870a3ebc929a3f154c0f80db7f3bc0864a874d
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-01 14:50:40 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:30:56 +0000

    MAC/do: Use prison_lock()/prison_unlock()
    
    Instead of fiddling directly with 'pr_mtx'.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47595
    
    (cherry picked from commit 83fcbbff6b01ebbd1d8538cb5396d87d0a816db6)
---
 sys/security/mac_do/mac_do.c | 46 ++++++++++++++++++++++----------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 1037a4811ada..ce4ab7fa9e3a 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -160,7 +160,7 @@ find_rules(struct prison *spr, struct prison **prp)
 	struct rules *rules;
 
 	for (pr = spr;; pr = pr->pr_parent) {
-		mtx_lock(&pr->pr_mtx);
+		prison_lock(pr);
 		if (pr == &prison0) {
 			rules = &rules0;
 			break;
@@ -168,7 +168,7 @@ find_rules(struct prison *spr, struct prison **prp)
 		rules = osd_jail_get(pr, mac_do_osd_jail_slot);
 		if (rules != NULL)
 			break;
-		mtx_unlock(&pr->pr_mtx);
+		prison_unlock(pr);
 	}
 	*prp = pr;
 
@@ -185,15 +185,15 @@ sysctl_rules(SYSCTL_HANDLER_ARGS)
 	int error;
 
 	rules = find_rules(req->td->td_ucred->cr_prison, &pr);
-	mtx_unlock(&pr->pr_mtx);
+	prison_unlock(pr);
 	if (req->newptr == NULL)
 		return (sysctl_handle_string(oidp, rules->string, MAC_RULE_STRING_LEN, req));
 
 	new_string = malloc(MAC_RULE_STRING_LEN, M_DO,
 	    M_WAITOK|M_ZERO);
-	mtx_lock(&pr->pr_mtx);
+	prison_lock(pr);
 	strlcpy(new_string, rules->string, MAC_RULE_STRING_LEN);
-	mtx_unlock(&pr->pr_mtx);
+	prison_unlock(pr);
 
 	error = sysctl_handle_string(oidp, new_string, MAC_RULE_STRING_LEN, req);
 	if (error)
@@ -204,11 +204,11 @@ sysctl_rules(SYSCTL_HANDLER_ARGS)
 	if (error)
 		goto out;
 	TAILQ_INIT(&saved_head);
-	mtx_lock(&pr->pr_mtx);
+	prison_lock(pr);
 	TAILQ_CONCAT(&saved_head, &rules->head, r_entries);
 	TAILQ_CONCAT(&rules->head, &head, r_entries);
 	strlcpy(rules->string, new_string, MAC_RULE_STRING_LEN);
-	mtx_unlock(&pr->pr_mtx);
+	prison_unlock(pr);
 	toast_rules(&saved_head);
 
 out:
@@ -239,7 +239,7 @@ mac_do_alloc_prison(struct prison *pr, struct rules **lrp)
 	if (ppr == pr)
 		goto done;
 
-	mtx_unlock(&ppr->pr_mtx);
+	prison_unlock(ppr);
 	new_rules = malloc(sizeof(*new_rules), M_PRISON, M_WAITOK|M_ZERO);
 	rsv = osd_reserve(mac_do_osd_jail_slot);
 	rules = find_rules(pr, &ppr);
@@ -248,14 +248,14 @@ mac_do_alloc_prison(struct prison *pr, struct rules **lrp)
 		osd_free_reserved(rsv);
 		goto done;
 	}
-	mtx_lock(&pr->pr_mtx);
+	prison_lock(pr);
 	osd_jail_set_reserved(pr, mac_do_osd_jail_slot, rsv, new_rules);
 	TAILQ_INIT(&new_rules->head);
 done:
 	if (lrp != NULL)
 		*lrp = rules;
-	mtx_unlock(&pr->pr_mtx);
-	mtx_unlock(&ppr->pr_mtx);
+	prison_unlock(pr);
+	prison_unlock(ppr);
 }
 
 static void
@@ -286,9 +286,9 @@ mac_do_prison_set(void *obj, void *data)
 		jsys = JAIL_SYS_NEW;
 	switch (jsys) {
 	case JAIL_SYS_INHERIT:
-		mtx_lock(&pr->pr_mtx);
+		prison_lock(pr);
 		osd_jail_del(pr, mac_do_osd_jail_slot);
-		mtx_unlock(&pr->pr_mtx);
+		prison_unlock(pr);
 		break;
 	case JAIL_SYS_NEW:
 		mac_do_alloc_prison(pr, &rules);
@@ -299,11 +299,11 @@ mac_do_prison_set(void *obj, void *data)
 		if (error)
 			return (1);
 		TAILQ_INIT(&saved_head);
-		mtx_lock(&pr->pr_mtx);
+		prison_lock(pr);
 		TAILQ_CONCAT(&saved_head, &rules->head, r_entries);
 		TAILQ_CONCAT(&rules->head, &head, r_entries);
 		strlcpy(rules->string, rules_string, MAC_RULE_STRING_LEN);
-		mtx_unlock(&pr->pr_mtx);
+		prison_unlock(pr);
 		toast_rules(&saved_head);
 		break;
 	}
@@ -329,7 +329,7 @@ mac_do_prison_get(void *obj, void *data)
 	error = vfs_setopts(opts, "mdo.rules", rules->string);
 	if (error != 0 && error != ENOENT)
 		goto done;
-	mtx_unlock(&ppr->pr_mtx);
+	prison_unlock(ppr);
 	error = 0;
 done:
 	return (0);
@@ -350,9 +350,9 @@ mac_do_prison_remove(void *obj, void *data __unused)
 	struct prison *pr = obj;
 	struct rules *r;
 
-	mtx_lock(&pr->pr_mtx);
+	prison_lock(pr);
 	r = osd_jail_get(pr, mac_do_osd_jail_slot);
-	mtx_unlock(&pr->pr_mtx);
+	prison_unlock(pr);
 	toast_rules(&r->head);
 	return (0);
 }
@@ -431,14 +431,14 @@ priv_grant(struct ucred *cred, int priv)
 			switch (priv) {
 			case PRIV_CRED_SETGROUPS:
 			case PRIV_CRED_SETUID:
-				mtx_unlock(&pr->pr_mtx);
+				prison_unlock(pr);
 				return (0);
 			default:
 				break;
 			}
 		}
 	}
-	mtx_unlock(&pr->pr_mtx);
+	prison_unlock(pr);
 	return (EPERM);
 }
 
@@ -467,11 +467,11 @@ check_setgroups(struct ucred *cred, int ngrp, gid_t *groups)
 	rule = find_rules(cred->cr_prison, &pr);
 	TAILQ_FOREACH(r, &rule->head, r_entries) {
 		if (rule_applies(cred, r)) {
-			mtx_unlock(&pr->pr_mtx);
+			prison_unlock(pr);
 			return (0);
 		}
 	}
-	mtx_unlock(&pr->pr_mtx);
+	prison_unlock(pr);
 
 	return (EPERM);
 }
@@ -527,7 +527,7 @@ check_setuid(struct ucred *cred, uid_t uid)
 			}
 		}
 	}
-	mtx_unlock(&pr->pr_mtx);
+	prison_unlock(pr);
 	return (error);
 }
 

From nobody Thu Apr  3 19:31:58 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBgz4lMDz5sLmY;
	Thu, 03 Apr 2025 19:31:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBgy3xPnz3S62;
	Thu, 03 Apr 2025 19:31:58 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708718;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=hBwnXaTP91AWbYxYKGooUHQ27We8yWFD3FjUmFIZZqA=;
	b=siTSYJRjCZzI/N3ULWOBNMRdpl4gI1hY5T4HZoZ2xvYqYcfX1bY5podgnVB0G3XwFGHc1g
	Yf6XXx7y9wmdH8EAJa+qyPm+oOa0afPcVej1OgGMcS+sW2T1ferK9PX5TZ9gwxDOJAhSBL
	3oYqDivzo6OU217UW+1u7lOQTsAf2WB7FIksBA54ZiLkAIOX1aJctj+ZHodHWLT4cveUTg
	BwVgiCB3vT+H1JasnCUeS/5DheJBc7dCCIGwx3xArX0WIyaxbev7A9TylrJDunGLi8RVsY
	q83lSbKddiDGgrgaReieGn4THpnlZ1OAiNlKrqhdH9zat/R3Hy9YeNIHmU42lQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708718; a=rsa-sha256; cv=none;
	b=ZfMbG9zT0hGNXx+YonvoZ6FE720r9rq9ZQAx/9RQ3pVjULxG15/WzCqPJ0cBiUD5RfZdZU
	RWB1cg5+WQUwd/dAx3+4Q1oMfBtnCEIzfBe/fCDhTJgjUTVIFZZIK4znmA4Pok+4/V+A/N
	PP7O6w8LV9vumU/v6EuZQLK2Zw2SbVqDkPvzoquW9ONIODcbrdcNyNxrcMIkzUWPJmYoEa
	NoQtZQWU6jPZnDnJfOS+CSaIm2GGtZV3YbZPdRBu3OAeGDkylvHbF8jLQS+dbOwKj2KBmy
	ER6P9ZfDtj7tCLZQRTfhcryTDyaMcLaBXD0p6W1AKqrFawQW53K/AX2i/5Re8g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708718;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=hBwnXaTP91AWbYxYKGooUHQ27We8yWFD3FjUmFIZZqA=;
	b=Yy68Sn7xRhj/Vs2zHr5PbFr709QIstAl0LTqMao9vW1gyHq/Ky0HSZ0xlUYur+oWCI1uf0
	Q2VRLcxdbRMcwgW3o78tvTNuudXXjSH2Jx82z9qFTqY4/HxqZ34fNA/iLoU6GbR3qLpzlM
	c4MaMFS/q4zPSnXIk8BCsJ/tPqVFHo6dlpjdMrDXxGIxUjP118AYOhlCaQij08hhcKGpOF
	Uf/zo+9UTFO3KpPx1ZO7mbVws4z7Z99/mQbOt0pHNUu/hASdMWCmI2LP85/aA1PyKhS6AJ
	6eMmzWFhNTy6x1bntnJWj8D3yPPO86KweIC2MoJm7v1piTX6TzSQYSnFzvzaLA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBgy3S65zmq;
	Thu, 03 Apr 2025 19:31:58 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JVwoa034000;
	Thu, 3 Apr 2025 19:31:58 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JVwxj033997;
	Thu, 3 Apr 2025 19:31:58 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:31:58 GMT
Message-Id: <202504031931.533JVwxj033997@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 9b6284bda25a - stable/14 - MAC/do: find_rules():
  Clarify the contract
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 9b6284bda25ad0921ad2c0a72f759e542831f251
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=9b6284bda25ad0921ad2c0a72f759e542831f251

commit 9b6284bda25ad0921ad2c0a72f759e542831f251
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-03 13:11:12 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:30:57 +0000

    MAC/do: find_rules(): Clarify the contract
    
    While here, rename an internal variable.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47596
    
    (cherry picked from commit b2c661fe7e0b0dff859767a6a8714198b38dc235)
---
 sys/security/mac_do/mac_do.c | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index ce4ab7fa9e3a..dca5a1809966 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -153,24 +153,32 @@ out:
 	return (error);
 }
 
+/*
+ * Find rules applicable to the passed prison.
+ *
+ * Returns the applicable rules (and never NULL).  'pr' must be unlocked.
+ * 'aprp' is set to the (ancestor) prison holding these, and it must be unlocked
+ * once the caller is done accessing the rules.  '*aprp' is equal to 'pr' if and
+ * only if the current jail has its own set of rules.
+ */
 static struct rules *
-find_rules(struct prison *spr, struct prison **prp)
+find_rules(struct prison *const pr, struct prison **const aprp)
 {
-	struct prison *pr;
+	struct prison *cpr;
 	struct rules *rules;
 
-	for (pr = spr;; pr = pr->pr_parent) {
-		prison_lock(pr);
-		if (pr == &prison0) {
+	for (cpr = pr;; cpr = cpr->pr_parent) {
+		prison_lock(cpr);
+		if (cpr == &prison0) {
 			rules = &rules0;
 			break;
 		}
-		rules = osd_jail_get(pr, mac_do_osd_jail_slot);
+		rules = osd_jail_get(cpr, mac_do_osd_jail_slot);
 		if (rules != NULL)
 			break;
-		prison_unlock(pr);
+		prison_unlock(cpr);
 	}
-	*prp = pr;
+	*aprp = cpr;
 
 	return (rules);
 }

From nobody Thu Apr  3 19:32:01 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBh23r47z5sLfy;
	Thu, 03 Apr 2025 19:32:02 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBh16LbMz3S28;
	Thu, 03 Apr 2025 19:32:01 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708721;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=qdcgcq9RbtG84TxAkcXTnNRfEiDXCgIFuFgACB+5dMU=;
	b=WZrDSl7GRTIdqjyk7it/VRjA9asrfTHVNUX+eUubp3FPwD7O7ugRGhwKCgK5VTWyRDrD28
	tPJF50hcKzZwd1LucbeN0RVRgetQeGWCZlgTFaCKt/CqTFYIKlhEltjEy2Gb+g8WVc4ZmF
	LVrK/aAKsoH3qw+v8VMDXMDHamyNOLYMDy5InrjLi3svBxTvDOiVkTmo0gw4r9cp/7Lkyr
	Jl6XnFq4XrUTey2cHyt95hQ0cogJZWqpj7O7t4b1OK4ZuIK+y4KEk5P/MwwrBwBrxOkZFb
	5v4wQYcsMhwzQSs3dI7grk9aWCeDUjkwequ+bQSCvGvShJ6Qe1IUK0pcbPsV2g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708721; a=rsa-sha256; cv=none;
	b=R0qQlBzKNqS1ibalKSn5j1NMjRD2JqbCFwgwjifoe+I6BUnUfiJVM9ze9YrzEyeJIZUFlI
	njOWaAuqXFMUajeBIcLQj5lLRIYMfpSD0+7Qvs+psyWvaQWcYRNjrUhKXTDHbWJIv5D86V
	+0RcWxYd+4LGJTHSAV76ACnFE33ykQjUVkniMlYUDel2VpM47zHfngInX1utVgngStuHru
	Sv+qKJ9gc2LnNTPbzbmUqHCpiDLpKts2ILnQYu8nMBgR8jyTf+fCsgB8Rg6jPYPYE7E7aA
	JZk+4sWyZMJR1G9yq/Yn0mW6Wafs4GQF2+q7UQSFBmhu4WgrAUEARZZlZYw3OQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708721;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=qdcgcq9RbtG84TxAkcXTnNRfEiDXCgIFuFgACB+5dMU=;
	b=tgtAEWjnmPAxur8QyrRsktMVNH4xsIlAT+hHvGjKFBZYlT3iO1kucWl3DpsLpjDUFl815/
	iMM6yOIdNw0cn/dT8VmaYNLw6DfeK2trVooqU0Pzz2GwvgYXQJ98QLBBeS+wff7faqa2oZ
	daaJhBTGiKuWgpkROgXMUOKhPHyKsCpyC0ZH9YVngI6Qh8VypV4iavcL7X6UbYz0TI0YDG
	Sz7Tq666FfzBWm3iSMQv3grGxasESb338dGFh3nG9aB7Q8zc0wbL/U1kR/o5hTnNC0YT7h
	+lY3ifFh2h1u2Agk92GPt6TK8NRJwPDur1mozU1zZasukqVMZK9B8zv/qOVm8g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBh15fYhz1Cly;
	Thu, 03 Apr 2025 19:32:01 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JW1ee037358;
	Thu, 3 Apr 2025 19:32:01 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JW1Mj037355;
	Thu, 3 Apr 2025 19:32:01 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:01 GMT
Message-Id: <202504031932.533JW1Mj037355@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 750580d15588 - stable/14 - MAC/do: Remove PR_METHOD_REMOVE
  method
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 750580d15588c295aedced21a84b3fd8986fe6bb
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=750580d15588c295aedced21a84b3fd8986fe6bb

commit 750580d15588c295aedced21a84b3fd8986fe6bb
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-03 12:22:35 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:30:58 +0000

    MAC/do: Remove PR_METHOD_REMOVE method
    
    It isn't really needed, since common jail code destroys jail OSD storage
    at jail destruction (via osd_jail_exit()), triggering our destructor
    dealloc_osd().  Leveraging this mechanism is arguably even better as it
    causes deallocation to always happen without the 'allprison_lock' lock.
    
    While here, make the static definition of 'methods' top-level, renaming
    it to 'osd_methods'.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47599
    
    (cherry picked from commit 301eeb10dc197986b2b6261b064cbfe96333f7fb)
---
 sys/security/mac_do/mac_do.c | 32 +++++++++++++++-----------------
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 3f7964220ca4..ed4c984ff559 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -410,15 +410,6 @@ mac_do_prison_create(void *obj, void *data __unused)
 	return (0);
 }
 
-static int
-mac_do_prison_remove(void *obj, void *data __unused)
-{
-	struct prison *pr = obj;
-
-	remove_rules(pr);
-	return (0);
-}
-
 static int
 mac_do_prison_check(void *obj, void *data)
 {
@@ -447,19 +438,26 @@ mac_do_prison_check(void *obj, void *data)
 	return (error);
 }
 
+/*
+ * OSD jail methods.
+ *
+ * There is no PR_METHOD_REMOVE, as OSD storage is destroyed by the common jail
+ * code (see prison_cleanup()), which triggers a run of our dealloc_osd()
+ * destructor.
+ */
+static const osd_method_t osd_methods[PR_MAXMETHOD] = {
+	[PR_METHOD_CREATE] = mac_do_prison_create,
+	[PR_METHOD_GET] = mac_do_prison_get,
+	[PR_METHOD_SET] = mac_do_prison_set,
+	[PR_METHOD_CHECK] = mac_do_prison_check,
+};
+
 static void
 init(struct mac_policy_conf *mpc)
 {
-	static osd_method_t methods[PR_MAXMETHOD] = {
-		[PR_METHOD_CREATE] = mac_do_prison_create,
-		[PR_METHOD_GET] = mac_do_prison_get,
-		[PR_METHOD_SET] = mac_do_prison_set,
-		[PR_METHOD_CHECK] = mac_do_prison_check,
-		[PR_METHOD_REMOVE] = mac_do_prison_remove,
-	};
 	struct prison *pr;
 
-	mac_do_osd_jail_slot = osd_jail_register(dealloc_osd, methods);
+	mac_do_osd_jail_slot = osd_jail_register(dealloc_osd, osd_methods);
 	rules0 = alloc_rules();
 	sx_slock(&allprison_lock);
 	TAILQ_FOREACH(pr, &allprison, pr_list)

From nobody Thu Apr  3 19:32:00 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBh13Y7Dz5sLmd;
	Thu, 03 Apr 2025 19:32:01 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBh05YW5z3S1m;
	Thu, 03 Apr 2025 19:32:00 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708720;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=8TAMQBb/21OBNMv9hsKR9iDs1ecaNWW3MSzCnCgs1qU=;
	b=YGH7CXCCbBAZut1mo0A864TVzK2jqIgZHMhB+UJqCPP4BBgJ9P2PWQPiZEpp3NNlDtEM4V
	snKgYCoI1Wpp9cqk0S3FcgN+O+Zb9eXnMArCx7z4U8f/SUF5q2iDg3UvbPsKbX+f2lb7l7
	b/F/6Kj8GlVr/EgG2S+KueUez++4IDp4N26m+BvPH+/dBC/3bgmKkfZQM09iOlxrk/KsUt
	idycFsAvESy8lkVvkYfq0axPXQH+Ys4fXEVK5L0/juTRLeydrW2t7oSFH1bW6q8xU5dCki
	3bM7C+HY42inZS/FMEMpenmCDeDVKBLliVCnMuWx3dEA2hw0blKsF24/sk/wFg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708720; a=rsa-sha256; cv=none;
	b=o/OLg3jpTEGoOJ5RPrvRs/xgQVenl4gpTmoUfUqk3M8JZxcC8bFpo2FuL6yFKM1hMIV/KV
	lIA+1B9ee4YkfNJ5IthlTyJjgqNDlK0SfQcH8W3yZXNEKhKR3NSdnOaxl8f83sefMGvl0G
	aYnDzK5rJZmGQf5O1Ds5aDCBIIXUwjEgLtWfnAybt9uTslgD6eT/lHevR82S81gdIq4Xgn
	wGNBnht1r7rWTO44RvkpgK5x2HuvUsW6vyTWbNEC+0zBggEf1JT3nEXUX9AyRtZlJ9bSMp
	BDBa8WCQJHgVp5lGwly4zOTOEs7GDFqEybNY7X+EUTTBc4yr5EsNYf6HIO8HUw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708720;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=8TAMQBb/21OBNMv9hsKR9iDs1ecaNWW3MSzCnCgs1qU=;
	b=dVC8U/EX+a+QVx3bz6yiecftuvCAhNh3cOTFKs38cm1/43CSIDcUiNCxsxxkWrhf5JNQq+
	f2wP4UzLzUVF6s6i34vj+GQVatAoiSaPhe9rPBixLj9vh59TL61EIqdTQcdRtQr5pzBGhU
	WHZXUEM8YN3AQxVaOrklYOsP0/aH8ziUNyfjn/buE4VEXE/Rb3iRBQeWjS1/i3goV/1m3b
	tjH3YbpFTj2rV0izt5IS2+sMEAULQ3LhVU8RSA2vHD/Lb6x8CIKm2DSIm83SgyvCyWLNSo
	4+O0TsF0chnyS52K15fDEIX1gtUHL8uJJgw+dXFG6JSrGVwJRnPJzDUxo0wglw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBh04s4FzLs;
	Thu, 03 Apr 2025 19:32:00 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JW0QG036472;
	Thu, 3 Apr 2025 19:32:00 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JW0CQ036457;
	Thu, 3 Apr 2025 19:32:00 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:00 GMT
Message-Id: <202504031932.533JW0CQ036457@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 72edbeb06172 - stable/14 - MAC/do: Allocate/deallocate
  rules as a whole
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 72edbeb061721b808fdd1b070fdf90ee6a05adac
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=72edbeb061721b808fdd1b070fdf90ee6a05adac

commit 72edbeb061721b808fdd1b070fdf90ee6a05adac
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-15 15:12:47 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:30:57 +0000

    MAC/do: Allocate/deallocate rules as a whole
    
    Stop recycling the top-level 'struct rules' already assigned to jails.
    This considerably simplifies the code, as now changing rules on a jail
    amounts to just changing the OSD pointer.
    
    Also, this is to increase potential concurrency in preparation for
    incoming fixes about enforcing rules.  Indeed, keeping these changes
    relatively simple requires rules assigned to a jail to slightly outlive
    resetting them, which is most easily done by just operating on pointers
    to separate rules objects.
    
    The (negligible) price to pay for this change is that setting rules on
    a jail now systematically needs to allocate memory (and also that the
    OSD slot needs to be accessed twice, once to get the old rules to free
    them and another one to set the rules, which was already the case before
    when memory had to be allocated).
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47598
    
    (cherry picked from commit 3186b192e4db7896bae22a9116ab915bf852fa27)
---
 sys/security/mac_do/mac_do.c | 173 +++++++++++++++++++------------------------
 1 file changed, 75 insertions(+), 98 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 61c305547d39..3f7964220ca4 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -58,18 +58,30 @@ struct rules {
 	TAILQ_HEAD(rulehead, rule) head;
 };
 
-static struct rules rules0;
+static struct rules *rules0;
 
 static void
-toast_rules(struct rulehead *head)
+toast_rules(struct rules *const rules)
 {
-	struct rule *r;
+	struct rulehead *const head = &rules->head;
+	struct rule *rule;
 
-	while ((r = TAILQ_FIRST(head)) != NULL) {
-		TAILQ_REMOVE(head, r, r_entries);
-		free(r, M_DO);
+	while ((rule = TAILQ_FIRST(head)) != NULL) {
+		TAILQ_REMOVE(head, rule, r_entries);
+		free(rule, M_DO);
 	}
-	TAILQ_INIT(head);
+	free(rules, M_DO);
+}
+
+static struct rules *
+alloc_rules(void)
+{
+	struct rules *const rules = malloc(sizeof(*rules), M_DO, M_WAITOK);
+
+	_Static_assert(MAC_RULE_STRING_LEN > 0, "MAC_RULE_STRING_LEN <= 0!");
+	rules->string[0] = 0;
+	TAILQ_INIT(&rules->head);
+	return (rules);
 }
 
 static int
@@ -133,30 +145,32 @@ out:
 /*
  * Parse rules specification and produce rule structures out of it.
  *
- * 'head' must be an empty list head. Returns 0 on success, with 'head' filled
- * with structures representing the rules.  On error, 'head' is left empty and
- * the returned value is non-zero.  If 'string' has length greater or equal to
+ * Returns 0 on success, with '*rulesp' made to point to a 'struct rule'
+ * representing the rules.  On error, the returned value is non-zero and
+ * '*rulesp' is unchanged.  If 'string' has length greater or equal to
  * MAC_RULE_STRING_LEN, ENAMETOOLONG is returned.  If it is not in the expected
  * format (comma-separated list of clauses of the form "<type>=<val>:<target>",
  * where <type> is "uid" or "gid", <val> an UID or GID (depending on <type>) and
  * <target> is "*", "any" or some UID), EINVAL is returned.
  */
 static int
-parse_rules(const char *const string, struct rulehead *const head)
+parse_rules(const char *const string, struct rules **const rulesp)
 {
 	const size_t len = strlen(string);
 	char *copy;
 	char *p;
 	char *element;
+	struct rules *rules;
 	struct rule *new;
 	int error = 0;
 
-	QMD_TAILQ_CHECK_TAIL(head, r_entries);
-	MPASS(TAILQ_EMPTY(head));
-
 	if (len >= MAC_RULE_STRING_LEN)
 		return (ENAMETOOLONG);
 
+	rules = alloc_rules();
+	bcopy(string, rules->string, len + 1);
+	MPASS(rules->string[len] == '\0'); /* Catch some races. */
+
 	copy = malloc(len + 1, M_DO, M_WAITOK);
 	bcopy(string, copy, len + 1);
 	MPASS(copy[len] == '\0'); /* Catch some races. */
@@ -167,11 +181,13 @@ parse_rules(const char *const string, struct rulehead *const head)
 			continue;
 		error = parse_rule_element(element, &new);
 		if (error != 0) {
-			toast_rules(head);
+			toast_rules(rules);
 			goto out;
 		}
-		TAILQ_INSERT_TAIL(head, new, r_entries);
+		TAILQ_INSERT_TAIL(&rules->head, new, r_entries);
 	}
+
+	*rulesp = rules;
 out:
 	free(copy, M_DO);
 	return (error);
@@ -194,7 +210,7 @@ find_rules(struct prison *const pr, struct prison **const aprp)
 	for (cpr = pr;; cpr = cpr->pr_parent) {
 		prison_lock(cpr);
 		if (cpr == &prison0) {
-			rules = &rules0;
+			rules = rules0;
 			break;
 		}
 		rules = osd_jail_get(cpr, mac_do_osd_jail_slot);
@@ -207,53 +223,6 @@ find_rules(struct prison *const pr, struct prison **const aprp)
 	return (rules);
 }
 
-/*
- * Ensure the passed prison has its own 'struct rules'.
- *
- * On entry, the prison must be unlocked, but will be returned locked.  Returns
- * the newly allocated and initialized 'struct rules', or the existing one.
- */
-static struct rules *
-ensure_rules(struct prison *const pr)
-{
-	struct rules *rules, *new_rules;
-	void **rsv;
-
-	if (pr == &prison0) {
-		prison_lock(pr);
-		return (&rules0);
-	}
-
-	/* Optimistically try to avoid memory allocations. */
-restart:
-	prison_lock(pr);
-	rules = osd_jail_get(pr, mac_do_osd_jail_slot);
-	if (rules != NULL)
-		return (rules);
-	prison_unlock(pr);
-
-	new_rules = malloc(sizeof(*new_rules), M_DO, M_WAITOK|M_ZERO);
-	TAILQ_INIT(&new_rules->head);
-	rsv = osd_reserve(mac_do_osd_jail_slot);
-	prison_lock(pr);
-	rules = osd_jail_get(pr, mac_do_osd_jail_slot);
-	if (rules != NULL) {
-		/*
-		 * We could cleanup while holding the prison lock (given the
-		 * current implementation of osd_free_reserved()), but be safe
-		 * and a good citizen by not keeping it more than strictly
-		 * necessary.  The only consequence is that we have to relookup
-		 * the rules.
-		 */
-		prison_unlock(pr);
-		osd_free_reserved(rsv);
-		free(new_rules, M_DO);
-		goto restart;
-	}
-	osd_jail_set_reserved(pr, mac_do_osd_jail_slot, rsv, new_rules);
-	return (new_rules);
-}
-
 /*
  * OSD destructor for slot 'mac_do_osd_jail_slot'.
  *
@@ -264,17 +233,19 @@ dealloc_osd(void *const value)
 {
 	struct rules *const rules = value;
 
-	toast_rules(&rules->head);
-	free(rules, M_DO);
+	toast_rules(rules);
 }
 
 /*
- * Deallocate the rules associated to a prison.
+ * Remove the rules specifically associated to a prison.
+ *
+ * In practice, this means that the rules become inherited (from the closest
+ * ascendant that has some).
  *
  * Destroys the 'mac_do_osd_jail_slot' slot of the passed jail.
  */
 static void
-dealloc_rules(struct prison *const pr)
+remove_rules(struct prison *const pr)
 {
 	prison_lock(pr);
 	/* This calls destructor dealloc_osd(). */
@@ -283,25 +254,38 @@ dealloc_rules(struct prison *const pr)
 }
 
 /*
- * Assign already parsed rules to a jail.
+ * Assign already built rules to a jail.
  */
 static void
-set_rules(struct prison *const pr, const char *const rules_string,
-    struct rulehead *const head)
+set_rules(struct prison *const pr, struct rules *const rules)
 {
-	struct rules *rules;
-	struct rulehead old_head;
+	struct rules *old_rules;
+	void **rsv;
 
-	MPASS(rules_string != NULL);
-	MPASS(strlen(rules_string) < MAC_RULE_STRING_LEN);
+	rsv = osd_reserve(mac_do_osd_jail_slot);
 
-	TAILQ_INIT(&old_head);
-	rules = ensure_rules(pr);
-	strlcpy(rules->string, rules_string, MAC_RULE_STRING_LEN);
-	TAILQ_CONCAT(&old_head, &rules->head, r_entries);
-	TAILQ_CONCAT(&rules->head, head, r_entries);
+	prison_lock(pr);
+	if (pr == &prison0) {
+		old_rules = rules0;
+		rules0 = rules;
+	} else {
+		old_rules = osd_jail_get(pr, mac_do_osd_jail_slot);
+		osd_jail_set_reserved(pr, mac_do_osd_jail_slot, rsv, rules);
+	}
 	prison_unlock(pr);
-	toast_rules(&old_head);
+	if (old_rules != NULL)
+		toast_rules(old_rules);
+}
+
+/*
+ * Assigns empty rules to a jail.
+ */
+static void
+set_empty_rules(struct prison *const pr)
+{
+	struct rules *const rules = alloc_rules();
+
+	set_rules(pr, rules);
 }
 
 /*
@@ -312,13 +296,13 @@ set_rules(struct prison *const pr, const char *const rules_string,
 static int
 parse_and_set_rules(struct prison *const pr, const char *rules_string)
 {
-	struct rulehead head;
+	struct rules *rules;
 	int error;
 
-	error = parse_rules(rules_string, &head);
+	error = parse_rules(rules_string, &rules);
 	if (error != 0)
 		return (error);
-	set_rules(pr, rules_string, &head);
+	set_rules(pr, rules);
 	return (0);
 }
 
@@ -361,7 +345,7 @@ static void
 destroy(struct mac_policy_conf *mpc)
 {
 	osd_jail_deregister(mac_do_osd_jail_slot);
-	toast_rules(&rules0.head);
+	toast_rules(rules0);
 }
 
 static int
@@ -382,7 +366,7 @@ mac_do_prison_set(void *obj, void *data)
 		jsys = JAIL_SYS_NEW;
 	switch (jsys) {
 	case JAIL_SYS_INHERIT:
-		dealloc_rules(pr);
+		remove_rules(pr);
 		error = 0;
 		break;
 	case JAIL_SYS_NEW:
@@ -422,8 +406,7 @@ mac_do_prison_create(void *obj, void *data __unused)
 {
 	struct prison *const pr = obj;
 
-	(void)ensure_rules(pr);
-	prison_unlock(pr);
+	set_empty_rules(pr);
 	return (0);
 }
 
@@ -431,12 +414,8 @@ static int
 mac_do_prison_remove(void *obj, void *data __unused)
 {
 	struct prison *pr = obj;
-	struct rules *r;
 
-	prison_lock(pr);
-	r = osd_jail_get(pr, mac_do_osd_jail_slot);
-	prison_unlock(pr);
-	toast_rules(&r->head);
+	remove_rules(pr);
 	return (0);
 }
 
@@ -481,12 +460,10 @@ init(struct mac_policy_conf *mpc)
 	struct prison *pr;
 
 	mac_do_osd_jail_slot = osd_jail_register(dealloc_osd, methods);
-	TAILQ_INIT(&rules0.head);
+	rules0 = alloc_rules();
 	sx_slock(&allprison_lock);
-	TAILQ_FOREACH(pr, &allprison, pr_list) {
-		(void)ensure_rules(pr);
-		prison_unlock(pr);
-	}
+	TAILQ_FOREACH(pr, &allprison, pr_list)
+	    set_empty_rules(pr);
 	sx_sunlock(&allprison_lock);
 }
 

From nobody Thu Apr  3 19:31:59 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBh05t7Dz5sM0n;
	Thu, 03 Apr 2025 19:32:00 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBgz4nGDz3S6G;
	Thu, 03 Apr 2025 19:31:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708719;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=HOpQ4JLs/8qRk6WUkCGZChXLEo9JyFbRJ/B/zCu9+uA=;
	b=dv4FTHgYxDF6ZTOX6F9oxbqZ7+5HgmBNJwqjCvqbgV412zWraaduN6PWjh0MjTaSjsKTBM
	QsgN7C9TFkZwHUGPlf2vVlN4tmnrw+SHOQ8ZjkW+k6BZ5mjjJ3HQNqDl2tZv+qqq81mnJs
	fiYOPc3jan+bzAaBfOBglaZ+36qPCjmlY0kWQiFgDz/7Orhbrea3bJ9N3Qq5GPGZxjwwYq
	g8m6CQRxgFjoJKpqHsgDTAg193YrwoM+j2Ll4e+dmlVKFFFUZA14v0SfhiUUSN6ugIuVGP
	xJZ8NtABkD7YvzxwV2o7eKZGU+2ZJfVZsWZW3jx+aF+t0vGJrSEX+pOuz0X9OQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708719; a=rsa-sha256; cv=none;
	b=ntRJTjdV+CbbnhpofKDKMwWBU9tRymwRQ176HLdClNtLUGWZ/V+g+5AtLvyp9k7tHQrbLn
	pHFPHo05EtNEENSLs3xKq1ivJy8a8wjKMfzVirzL2uoRrZJjX06L9x1ARZ+59eOKyqkye1
	BV2DxKyIhsq6sY1fsI0BXIzr+G6Dwozp6LNuwAsAGVKFMYLnT1Mt+U1SFUO6ZFVYwB7cm+
	mvDFqYwkenmy53/9ImtIetEtMHGH0dJ5Eu8qNglenbleyIddIKX2vPIaxeyvSF1oXXgLe6
	bvfBcNkSee2pBP359ckcxl9qm3QbkwJMMrL76sd7EsewZ373AuPpDY0mbaWrLg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708719;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=HOpQ4JLs/8qRk6WUkCGZChXLEo9JyFbRJ/B/zCu9+uA=;
	b=hEKPCa3WImHcdBflcrsesqCXC1oCziXfivZwKJ5mfhGu9c/Qx8yxJi3cJvCTUCezwUZ/H5
	O3v85pH0/yH0xe0I3rS4qOQsIZuWBaNE2T+067rBkFo4qhi/P9/I1AdTqIlNQRX4JimL24
	CtQJXo8ak1KiheojblpVPFC9tpGSpcEorG5HKwNNWZBrJsrQjnCLNqYoqQl9bsd2RVHlYN
	M4QU4l9q25SELTTw1Rl8yWiFwnTntQbVIbn2+aA1749EwNU766e7kgtLS3cm7CWwhheOce
	qPRezWpLkwYNr9JbXss6qi9OAe/b7WJsXnEg7uCqYmDxqT30upDS2qAYmH+9FQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBgz4GvPzZl;
	Thu, 03 Apr 2025 19:31:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JVx4G035074;
	Thu, 3 Apr 2025 19:31:59 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JVxng035059;
	Thu, 3 Apr 2025 19:31:59 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:31:59 GMT
Message-Id: <202504031931.533JVxng035059@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 862665e3805c - stable/14 - MAC/do: Factor out
  setting/destroying rule structures
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 862665e3805ca092498c34eca356adb797eeaa6e
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=862665e3805ca092498c34eca356adb797eeaa6e

commit 862665e3805ca092498c34eca356adb797eeaa6e
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-02 17:07:25 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:30:57 +0000

    MAC/do: Factor out setting/destroying rule structures
    
    This generally removes duplicate code and clarifies higher-level
    operations, allowing to fix several important bugs.
    
    New (internal) functions:
    - ensure_rules(): Ensure that a jail has a populated
      'mac_do_osd_jail_slot', and returns the corresponding 'struct rules'.
    - dealloc_rules(): Destroy the 'mac_do_osd_jail_slot' slot of a jail.
    - set_rules(): Assign already parsed rules to a jail.  Leverages
      ensure_rules().
    - parse_and_set_rules(): Combination of parse_rules() and set_rules().
    
    Bugs fixed in mac_do_prison_set():
    - A panic if "mdo" is explicitly passed to JAIL_SYS_NEW but "mdo.rules"
      is absent, in which case 'rules_string' wasn't set (setting 'rules' at
      this point would do nothing).
    - In the JAIL_SYS_NEW case, would release the prison lock and reacquire
      it, but still using the same 'rules' pointer that can have been freed
      and changed concurrently, as the prison lock is temporary
      unlocked. (This is generally a bug of the mac_do_alloc_prison()'s
      interface when 'lrp' is not NULL.)
    
    Suppress mac_do_alloc_prison(), as it has the following bugs:
    - The interface bug mentioned just above.
    - Wrong locking, leading to deadlocks in case of setting jail parameters
      multiple times (concurrently or not).
    It has been replaced by either parse_and_set_rules(), or by
    ensure_rules() directly coupled with prison_unlock().
    
    Rename mac_do_dealloc_prison(), the OSD destructor, to dealloc_osd(),
    and make it free the 'struct rules' itself (which was leaking).
    
    While here, in parse_rules(): Clarify the contract by adding comments,
    and check (again) for the rules specification's length.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47597
    
    (cherry picked from commit bbf8af664dc94804c219cd918788c0c127a5c310)
---
 sys/security/mac_do/mac_do.c | 235 ++++++++++++++++++++++++++++---------------
 1 file changed, 156 insertions(+), 79 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index dca5a1809966..61c305547d39 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -69,6 +69,7 @@ toast_rules(struct rulehead *head)
 		TAILQ_REMOVE(head, r, r_entries);
 		free(r, M_DO);
 	}
+	TAILQ_INIT(head);
 }
 
 static int
@@ -129,15 +130,38 @@ out:
 	return (error);
 }
 
+/*
+ * Parse rules specification and produce rule structures out of it.
+ *
+ * 'head' must be an empty list head. Returns 0 on success, with 'head' filled
+ * with structures representing the rules.  On error, 'head' is left empty and
+ * the returned value is non-zero.  If 'string' has length greater or equal to
+ * MAC_RULE_STRING_LEN, ENAMETOOLONG is returned.  If it is not in the expected
+ * format (comma-separated list of clauses of the form "<type>=<val>:<target>",
+ * where <type> is "uid" or "gid", <val> an UID or GID (depending on <type>) and
+ * <target> is "*", "any" or some UID), EINVAL is returned.
+ */
 static int
 parse_rules(const char *const string, struct rulehead *const head)
 {
-	struct rule *new;
-	char *const copy = strdup(string, M_DO);
-	char *p = copy;
+	const size_t len = strlen(string);
+	char *copy;
+	char *p;
 	char *element;
+	struct rule *new;
 	int error = 0;
 
+	QMD_TAILQ_CHECK_TAIL(head, r_entries);
+	MPASS(TAILQ_EMPTY(head));
+
+	if (len >= MAC_RULE_STRING_LEN)
+		return (ENAMETOOLONG);
+
+	copy = malloc(len + 1, M_DO, M_WAITOK);
+	bcopy(string, copy, len + 1);
+	MPASS(copy[len] == '\0'); /* Catch some races. */
+
+	p = copy;
 	while ((element = strsep(&p, ",")) != NULL) {
 		if (element[0] == '\0')
 			continue;
@@ -183,11 +207,125 @@ find_rules(struct prison *const pr, struct prison **const aprp)
 	return (rules);
 }
 
+/*
+ * Ensure the passed prison has its own 'struct rules'.
+ *
+ * On entry, the prison must be unlocked, but will be returned locked.  Returns
+ * the newly allocated and initialized 'struct rules', or the existing one.
+ */
+static struct rules *
+ensure_rules(struct prison *const pr)
+{
+	struct rules *rules, *new_rules;
+	void **rsv;
+
+	if (pr == &prison0) {
+		prison_lock(pr);
+		return (&rules0);
+	}
+
+	/* Optimistically try to avoid memory allocations. */
+restart:
+	prison_lock(pr);
+	rules = osd_jail_get(pr, mac_do_osd_jail_slot);
+	if (rules != NULL)
+		return (rules);
+	prison_unlock(pr);
+
+	new_rules = malloc(sizeof(*new_rules), M_DO, M_WAITOK|M_ZERO);
+	TAILQ_INIT(&new_rules->head);
+	rsv = osd_reserve(mac_do_osd_jail_slot);
+	prison_lock(pr);
+	rules = osd_jail_get(pr, mac_do_osd_jail_slot);
+	if (rules != NULL) {
+		/*
+		 * We could cleanup while holding the prison lock (given the
+		 * current implementation of osd_free_reserved()), but be safe
+		 * and a good citizen by not keeping it more than strictly
+		 * necessary.  The only consequence is that we have to relookup
+		 * the rules.
+		 */
+		prison_unlock(pr);
+		osd_free_reserved(rsv);
+		free(new_rules, M_DO);
+		goto restart;
+	}
+	osd_jail_set_reserved(pr, mac_do_osd_jail_slot, rsv, new_rules);
+	return (new_rules);
+}
+
+/*
+ * OSD destructor for slot 'mac_do_osd_jail_slot'.
+ *
+ * Called with 'value' not NULL.
+ */
+static void
+dealloc_osd(void *const value)
+{
+	struct rules *const rules = value;
+
+	toast_rules(&rules->head);
+	free(rules, M_DO);
+}
+
+/*
+ * Deallocate the rules associated to a prison.
+ *
+ * Destroys the 'mac_do_osd_jail_slot' slot of the passed jail.
+ */
+static void
+dealloc_rules(struct prison *const pr)
+{
+	prison_lock(pr);
+	/* This calls destructor dealloc_osd(). */
+	osd_jail_del(pr, mac_do_osd_jail_slot);
+	prison_unlock(pr);
+}
+
+/*
+ * Assign already parsed rules to a jail.
+ */
+static void
+set_rules(struct prison *const pr, const char *const rules_string,
+    struct rulehead *const head)
+{
+	struct rules *rules;
+	struct rulehead old_head;
+
+	MPASS(rules_string != NULL);
+	MPASS(strlen(rules_string) < MAC_RULE_STRING_LEN);
+
+	TAILQ_INIT(&old_head);
+	rules = ensure_rules(pr);
+	strlcpy(rules->string, rules_string, MAC_RULE_STRING_LEN);
+	TAILQ_CONCAT(&old_head, &rules->head, r_entries);
+	TAILQ_CONCAT(&rules->head, head, r_entries);
+	prison_unlock(pr);
+	toast_rules(&old_head);
+}
+
+/*
+ * Parse a rules specification and assign them to a jail.
+ *
+ * Returns the same error code as parse_rules() (which see).
+ */
+static int
+parse_and_set_rules(struct prison *const pr, const char *rules_string)
+{
+	struct rulehead head;
+	int error;
+
+	error = parse_rules(rules_string, &head);
+	if (error != 0)
+		return (error);
+	set_rules(pr, rules_string, &head);
+	return (0);
+}
+
 static int
 sysctl_rules(SYSCTL_HANDLER_ARGS)
 {
 	char *new_string;
-	struct rulehead head, saved_head;
 	struct prison *pr;
 	struct rules *rules;
 	int error;
@@ -207,17 +345,7 @@ sysctl_rules(SYSCTL_HANDLER_ARGS)
 	if (error)
 		goto out;
 
-	TAILQ_INIT(&head);
-	error = parse_rules(new_string, &head);
-	if (error)
-		goto out;
-	TAILQ_INIT(&saved_head);
-	prison_lock(pr);
-	TAILQ_CONCAT(&saved_head, &rules->head, r_entries);
-	TAILQ_CONCAT(&rules->head, &head, r_entries);
-	strlcpy(rules->string, new_string, MAC_RULE_STRING_LEN);
-	prison_unlock(pr);
-	toast_rules(&saved_head);
+	error = parse_and_set_rules(pr, new_string);
 
 out:
 	free(new_string, M_DO);
@@ -236,51 +364,11 @@ destroy(struct mac_policy_conf *mpc)
 	toast_rules(&rules0.head);
 }
 
-static void
-mac_do_alloc_prison(struct prison *pr, struct rules **lrp)
-{
-	struct prison *ppr;
-	struct rules *rules, *new_rules;
-	void **rsv;
-
-	rules = find_rules(pr, &ppr);
-	if (ppr == pr)
-		goto done;
-
-	prison_unlock(ppr);
-	new_rules = malloc(sizeof(*new_rules), M_PRISON, M_WAITOK|M_ZERO);
-	rsv = osd_reserve(mac_do_osd_jail_slot);
-	rules = find_rules(pr, &ppr);
-	if (ppr == pr) {
-		free(new_rules, M_PRISON);
-		osd_free_reserved(rsv);
-		goto done;
-	}
-	prison_lock(pr);
-	osd_jail_set_reserved(pr, mac_do_osd_jail_slot, rsv, new_rules);
-	TAILQ_INIT(&new_rules->head);
-done:
-	if (lrp != NULL)
-		*lrp = rules;
-	prison_unlock(pr);
-	prison_unlock(ppr);
-}
-
-static void
-mac_do_dealloc_prison(void *data)
-{
-	struct rules *r = data;
-
-	toast_rules(&r->head);
-}
-
 static int
 mac_do_prison_set(void *obj, void *data)
 {
 	struct prison *pr = obj;
 	struct vfsoptlist *opts = data;
-	struct rulehead head, saved_head;
-	struct rules *rules;
 	char *rules_string;
 	int error, jsys, len;
 
@@ -289,33 +377,19 @@ mac_do_prison_set(void *obj, void *data)
 		jsys = -1;
 	error = vfs_getopt(opts, "mdo.rules", (void **)&rules_string, &len);
 	if (error == ENOENT)
-		rules = NULL;
+		rules_string = "";
 	else
 		jsys = JAIL_SYS_NEW;
 	switch (jsys) {
 	case JAIL_SYS_INHERIT:
-		prison_lock(pr);
-		osd_jail_del(pr, mac_do_osd_jail_slot);
-		prison_unlock(pr);
+		dealloc_rules(pr);
+		error = 0;
 		break;
 	case JAIL_SYS_NEW:
-		mac_do_alloc_prison(pr, &rules);
-		if (rules_string == NULL)
-			break;
-		TAILQ_INIT(&head);
-		error = parse_rules(rules_string, &head);
-		if (error)
-			return (1);
-		TAILQ_INIT(&saved_head);
-		prison_lock(pr);
-		TAILQ_CONCAT(&saved_head, &rules->head, r_entries);
-		TAILQ_CONCAT(&rules->head, &head, r_entries);
-		strlcpy(rules->string, rules_string, MAC_RULE_STRING_LEN);
-		prison_unlock(pr);
-		toast_rules(&saved_head);
+		error = parse_and_set_rules(pr, rules_string);
 		break;
 	}
-	return (0);
+	return (error);
 }
 
 SYSCTL_JAIL_PARAM_SYS_NODE(mdo, CTLFLAG_RW, "Jail MAC/do parameters");
@@ -346,9 +420,10 @@ done:
 static int
 mac_do_prison_create(void *obj, void *data __unused)
 {
-	struct prison *pr = obj;
+	struct prison *const pr = obj;
 
-	mac_do_alloc_prison(pr, NULL);
+	(void)ensure_rules(pr);
+	prison_unlock(pr);
 	return (0);
 }
 
@@ -405,11 +480,13 @@ init(struct mac_policy_conf *mpc)
 	};
 	struct prison *pr;
 
-	mac_do_osd_jail_slot = osd_jail_register(mac_do_dealloc_prison, methods);
+	mac_do_osd_jail_slot = osd_jail_register(dealloc_osd, methods);
 	TAILQ_INIT(&rules0.head);
 	sx_slock(&allprison_lock);
-	TAILQ_FOREACH(pr, &allprison, pr_list)
-		mac_do_alloc_prison(pr, NULL);
+	TAILQ_FOREACH(pr, &allprison, pr_list) {
+		(void)ensure_rules(pr);
+		prison_unlock(pr);
+	}
 	sx_sunlock(&allprison_lock);
 }
 

From nobody Thu Apr  3 19:32:02 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBh35DpLz5sLqT;
	Thu, 03 Apr 2025 19:32:03 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBh26hYgz3SFL;
	Thu, 03 Apr 2025 19:32:02 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708722;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=W8YW+2fddAPgGj2VwWxWxESa3KO8MdIRAaZSRKSEtQE=;
	b=K/ivd1OOADrckDcItAccckZDfzIl8ZkTrELJhtX7ioJE5XIph3S9IW3sMqUEolkJGIiMpK
	5bQizIdD3SQMAOgQQKF3l/ADau4aszqCOxSD7zdL0SP5PC7LKdaHmUKZvLf6221Lb/3oTi
	tojcGP4OY+W6zqhEqUPzJxFM9NTQBLOOpp14QiVn3mvVaekgPKn5oOwPaJOEuFx2GEH34H
	MnsNOu075tj8277DjxV5v11sijEMh00KOL76d6L2KPfje+LIvb48tOD+E+613CgY//7WbG
	eXSh6xvpgSUtFld4tsJJNsqU081tg5kbUtYlO1CTSljHPJjfXBJ4h3tA5m0F6w==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708722; a=rsa-sha256; cv=none;
	b=ZlUJHk0Wms2BlUueIHOzQrwm43NxbvdwG11dq1qRrxCh/ZVLM+mMvfgPtnDi5z1VkSDLpD
	SiNFrPD/+nkVQefNkzcIszb91kGainWbId48L3oHRW+h7qbl5Y6cxnl+lVSs0rSzPA1vVW
	OewiM0UwAjZVvg5ePN3dxyp2A1q3TX6TwCyJ65wUAiDKfcnhLv0PjlBP625etIK/NNnnMM
	XU6BrROxOV5qmMgk4AHgH8QnbGjjiv+HVAiiCRW56tdVEAXXN0etYL9lGXDWjmadzyxTnd
	3XFIRM+TS4km/7WIfE5Ke7zbWGzUKMIvvXIVwfejInEReSI9R0hX2BVVJ7ANpQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708722;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=W8YW+2fddAPgGj2VwWxWxESa3KO8MdIRAaZSRKSEtQE=;
	b=SPrWwTPZL8NIi9PJuhrm9nigYRSYWWAdmCnEOl87xpi0RV1qRussgZz6dP6Hb1qtCVt2mk
	OlZpCObYTCAOGRd5aHbNTJVxJfR3PUnoJ6V0gUEYpL8aZ//RZeOTSa3IiqrWWMahDokXCw
	xkqik616yyzO5wSFkwGGRSaMZeBCVGrgGX8qqFH5WYQXIjw9nEMr/9XJexXDTsucWIqIYM
	fNlYQxVbrubDwRg9srdqYkLw8bimXeBLM5Tx9jhvoSlf6CwY2dHU12nZq1QmiznkLZvBJg
	JjYkSzIQP9BfSEdh8QYqPikQQfSeuD4myvhi8J0SmL9uRSwvXiCyecyaSra3/Q==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBh26F2NzWW;
	Thu, 03 Apr 2025 19:32:02 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JW2ZB037392;
	Thu, 3 Apr 2025 19:32:02 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JW2aq037389;
	Thu, 3 Apr 2025 19:32:02 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:02 GMT
Message-Id: <202504031932.533JW2aq037389@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 4d2b20daf4d4 - stable/14 - MAC/do: sysctl_rules():
  Always copy the rules specification string
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 4d2b20daf4d416a0d748f9ec27cfa112caafa7e1
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=4d2b20daf4d416a0d748f9ec27cfa112caafa7e1

commit 4d2b20daf4d416a0d748f9ec27cfa112caafa7e1
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-03 12:52:38 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:30:58 +0000

    MAC/do: sysctl_rules(): Always copy the rules specification string
    
    We are not guaranteed that the 'rules' storage stays stable if we don't
    hold the prison lock.  For this reason, always copy the specification
    string (under the lock).
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47600
    
    (cherry picked from commit 292c814931d975d56d5ffa7c3c85191d56a059c4)
---
 sys/security/mac_do/mac_do.c | 20 ++++++--------------
 1 file changed, 6 insertions(+), 14 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index ed4c984ff559..94fe7b99fc9d 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -309,30 +309,22 @@ parse_and_set_rules(struct prison *const pr, const char *rules_string)
 static int
 sysctl_rules(SYSCTL_HANDLER_ARGS)
 {
-	char *new_string;
+	char *const buf = malloc(MAC_RULE_STRING_LEN, M_DO, M_WAITOK);
 	struct prison *pr;
 	struct rules *rules;
 	int error;
 
 	rules = find_rules(req->td->td_ucred->cr_prison, &pr);
+	strlcpy(buf, rules->string, MAC_RULE_STRING_LEN);
 	prison_unlock(pr);
-	if (req->newptr == NULL)
-		return (sysctl_handle_string(oidp, rules->string, MAC_RULE_STRING_LEN, req));
 
-	new_string = malloc(MAC_RULE_STRING_LEN, M_DO,
-	    M_WAITOK|M_ZERO);
-	prison_lock(pr);
-	strlcpy(new_string, rules->string, MAC_RULE_STRING_LEN);
-	prison_unlock(pr);
-
-	error = sysctl_handle_string(oidp, new_string, MAC_RULE_STRING_LEN, req);
-	if (error)
+	error = sysctl_handle_string(oidp, buf, MAC_RULE_STRING_LEN, req);
+	if (error != 0 || req->newptr == NULL)
 		goto out;
 
-	error = parse_and_set_rules(pr, new_string);
-
+	error = parse_and_set_rules(pr, buf);
 out:
-	free(new_string, M_DO);
+	free(buf, M_DO);
 	return (error);
 }
 

From nobody Thu Apr  3 19:32:03 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBh42lPxz5sLkl;
	Thu, 03 Apr 2025 19:32:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBh40lHQz3S0V;
	Thu, 03 Apr 2025 19:32:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708724;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=dunC5dbTo8yV8wxECdhO4ZypmzfNyv4zd0uhZbpXA7Y=;
	b=L2pV0BwebwWj6Itq0kZ+ON1z/hYt53Z+tQ9Dj1HpUU4H4SRDA003ckYf5pBf8bcthGUTYP
	+i6cSYeXzDZBOiA8yNNNTjwbYx3m3jXEiqRr5GMvgNHZXNuCS7G6PJjLhm//EHl3jcmpIW
	QRqC2Kbc3Gv+I9ymzfmcfuTTJvPRvDOOg/W29D55eghVUuQiMCc0GcbUcVE0SHqKLtbJho
	kXrDkVcGu37cysH6L4RIJMNmx8jSYDuvzWFrqltW3PQragpq0Tg614d65aSg9Epjao486O
	iOfszHxzv3mFGzso8Jp/xGe+eHDvy9Y9bRz21BNbVWjg7sLUfhErZMM5iQ34/w==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708724; a=rsa-sha256; cv=none;
	b=wNIrBNtPBUVoRf4kmtIfOHLXEqAvPwqsBPs3paDNqZuDLVeNbGYqVDJN5IIN17X5EV6KR1
	kwJZGkHbfhp5LDZmf4IJw5Pxoipi4WqPTElrNMaq8wWA1BqDDcLlfp8E+t0faARqTpe2JA
	3LOB7sBU1TedYw8KuweaRes51UiPqNb8foZiLl+MiEFlQg0IP8cgq0sLXHl0V6Kp7rrbGh
	eqSW4Fcrhi5SiUHByDANp4hYHiLh7g+WYT8FiFra1EMmpHcguznCUOTSwV2yxmyDTtji1H
	9FmKCV6IERevvBOUx7NfTBK1GFzQrJOzRVpw8gWsDfnL8JGo4PXTbzw21esWvQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708724;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=dunC5dbTo8yV8wxECdhO4ZypmzfNyv4zd0uhZbpXA7Y=;
	b=N1v3FM2rzeHJTK2gtkRjimFT/wIqRHqiq894sq+nXEFLEIHabOBHB/MqFb/3zDLCWfbEB5
	XmAFzdtHeKcy41sUyf1eVsLlgIJUPrKe7NNyCUzljW06IBqkaNTWfR7AMzmV7kCs1mqT6Q
	Gl8+NCi2/pBT7I2rAvsJAG6rzGhEuExgIUzoJyBFpq8hF3bNVBAOy1SMv0iuhl37qvhtKn
	3CzUbk7+xkzTemMH/fpLiSwC64haZ8yd3fCCqsOISrdAMS7IWLkTuylY70TVgltMmuidHL
	Na0fpd+lNgfEDxOek2DfaKEzCRRgJJHpaq8H8L5M5fouPlCva/RsmbTGKK009w==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBh40LNGzXL;
	Thu, 03 Apr 2025 19:32:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JW3KR037432;
	Thu, 3 Apr 2025 19:32:03 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JW3wd037429;
	Thu, 3 Apr 2025 19:32:03 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:03 GMT
Message-Id: <202504031932.533JW3wd037429@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 37a72b0ce427 - stable/14 - MAC/do: sysctl_rules():
  Set the requesting's thread's jail's rules
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 37a72b0ce4276ba9da54210638d714444c0e8100
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=37a72b0ce4276ba9da54210638d714444c0e8100

commit 37a72b0ce4276ba9da54210638d714444c0e8100
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-03 12:59:12 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:30:58 +0000

    MAC/do: sysctl_rules(): Set the requesting's thread's jail's rules
    
    Allowing to change the rules specification on a jail other than the
    requesting's thread one is a security issue, as it will immediately
    apply to the jail we inherited from and all its other descendants that
    inherit from it.
    
    With this change, setting the 'mdo_rules' sysctl in a jail forces that
    jail to no more inherit from its parent.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47601
    
    (cherry picked from commit 53d2e0d4854997005271ee60791ab114bd6e0099)
---
 sys/security/mac_do/mac_do.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 94fe7b99fc9d..98bace7052f6 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -310,11 +310,12 @@ static int
 sysctl_rules(SYSCTL_HANDLER_ARGS)
 {
 	char *const buf = malloc(MAC_RULE_STRING_LEN, M_DO, M_WAITOK);
+	struct prison *const td_pr = req->td->td_ucred->cr_prison;
 	struct prison *pr;
 	struct rules *rules;
 	int error;
 
-	rules = find_rules(req->td->td_ucred->cr_prison, &pr);
+	rules = find_rules(td_pr, &pr);
 	strlcpy(buf, rules->string, MAC_RULE_STRING_LEN);
 	prison_unlock(pr);
 
@@ -322,7 +323,8 @@ sysctl_rules(SYSCTL_HANDLER_ARGS)
 	if (error != 0 || req->newptr == NULL)
 		goto out;
 
-	error = parse_and_set_rules(pr, buf);
+	/* Set our prison's rules, not that of the jail we inherited from. */
+	error = parse_and_set_rules(td_pr, buf);
 out:
 	free(buf, M_DO);
 	return (error);

From nobody Thu Apr  3 19:32:05 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBh53zLYz5sM12;
	Thu, 03 Apr 2025 19:32:05 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBh520ZTz3SHs;
	Thu, 03 Apr 2025 19:32:05 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708725;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=WMElTZAMATZ/16025R4zGa2S3Py2D02TS/H/tj6+74A=;
	b=eFj/Ud64YAM/yzMLfvo+1IBce+kLM5JhWS5GFAfvMKiqSR0CIeFtmLgUMd5UvzX1h6pcTq
	NGJfviE6DjPTX6FT/8Bt7iUzHoRQQoU8DAMdJ0N8+2zP6EFQI0lejfPDlf0XUaCYlBCcy7
	WfNPR4TJrFTi1g919ICfOFnx3Z13cGVnlkaYWhADY16V3A1/DWx7jvDn41qVsYDQZlISdc
	NsIJ4608g4OHev6jPvIC9QLmyeKjhGhdBDzB3SPcbYWS/LJYdyl5sPk2fhXafWKFM5Vmn9
	CyunzD4D/U0laJi26znOsS33rnw/FUwtjfx7SIg1ePZA2hujskYhDHuvCW6ecQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708725; a=rsa-sha256; cv=none;
	b=qDwhIFnww/KsYiIoV+fRO4XgyIafLmUMJGfCy183DuPUamPIH5z7FLt0p89flb2BGSCqk4
	5VfiK6K//dhyiNV+xjqfyJv1yDLvCUIB/l1rnw+ID2zPpTCqoLQP89IU4vxBSkfoaler3M
	mmjYkky3jWsgoNP7CjDYMsAKEApt5U52cCy2S1jn7G/fKiRZWGiduabgy+uN05+AOFxovf
	/sCK2iORPR47g9YL3ExUbMDRJvn3oOjKLOK7YjnlGyAYhh6vz2HJ242FO5QcTNLGll0kSQ
	WzhYUgqAe3Ke/AilzVILXufuk5qsbXHCVVZIUZM/0Md5CDlh41z47TdYAE0YHw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708725;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=WMElTZAMATZ/16025R4zGa2S3Py2D02TS/H/tj6+74A=;
	b=vtqczLrksXdI/ni4mdQrJ/C0LWrXEfVZt2+J5jIZab+GCbspY+O60gz39WPfLTXGiLQB4r
	F+sqpyQn4drFHzb+Lx3XRF+dEZ8sK6bTKAnLg83muSdkCM1AlP9Qbskl8b+hfm+WRTpSSS
	rTuDe35sVfQTHvBJfXNp8d57Ge9LbWHZIqBevIb9euHDyYZd00vAlDaUtWCr7AsD//O2hP
	py4xPYfvlVG957Eewp3zWfzVefCn2kw9UjwfXeDjncAf+ZWzYY6T+sN737XRKpWwWcLki9
	5d+wfPJxwLqAc4FBbGve7SKM11ZsRSFi+breSlrLTT9NJmIxl0VuZbCsnF9s8A==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBh51HsMzWX;
	Thu, 03 Apr 2025 19:32:05 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JW5s6037465;
	Thu, 3 Apr 2025 19:32:05 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JW5tE037462;
	Thu, 3 Apr 2025 19:32:05 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:05 GMT
Message-Id: <202504031932.533JW5tE037462@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: e553ebd516fa - stable/14 - MAC/do: Enable changing
  'security.mac.do.rules' from a jail
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: e553ebd516fa7cbc7822f8a822e24345d0d26838
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=e553ebd516fa7cbc7822f8a822e24345d0d26838

commit e553ebd516fa7cbc7822f8a822e24345d0d26838
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-03 13:49:51 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:30:58 +0000

    MAC/do: Enable changing 'security.mac.do.rules' from a jail
    
    Now that sysctl_rules() has been fixed to behave.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47602
    
    (cherry picked from commit b3f93680e39b90c02ddabdaf98f9c9a669d24c00)
---
 sys/security/mac_do/mac_do.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 98bace7052f6..787790cb2b34 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -331,7 +331,7 @@ out:
 }
 
 SYSCTL_PROC(_security_mac_do, OID_AUTO, rules,
-    CTLTYPE_STRING|CTLFLAG_RW|CTLFLAG_MPSAFE,
+    CTLTYPE_STRING|CTLFLAG_RW|CTLFLAG_PRISON|CTLFLAG_MPSAFE,
     0, 0, sysctl_rules, "A",
     "Rules");
 

From nobody Thu Apr  3 19:32:06 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBh65wvfz5sM15;
	Thu, 03 Apr 2025 19:32:06 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBh62KBsz3S9n;
	Thu, 03 Apr 2025 19:32:06 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708726;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=ntcj8PUveMCjXHTLcqO7VJyZX/rz4bbrbyUxZujAAPU=;
	b=SHvBxt4YM3I434bO4oG5qRL5zYuczd1JpArrYYbbON6ds8qKDCMrKpF1iybdGYnJb4ACio
	s7VY/2LlfpjmgHR31Sif54R8QldposRLSdQEIGx9XOtRAKqL5EaAhpX+xSoHNbf4joRk3Z
	kSjkwdIcNzrWA4qBbUuTnXa3eYduFxjgQqa0/BbsB/agLOmUYRWxuQVljjql8R1+IAeQ85
	8mIKzCVMnnHyNgJYgPJ21nCPoT8ZYJraWAZVMY8o3q8sgQpD+5/mPV5zHgKIp0KMaAIyob
	Y4tbEzqJIlOTFWt+YQ+EJLdccHwHM91aQUhtQ8e5zt5cInehCNOLU7P6SJtRbg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708726; a=rsa-sha256; cv=none;
	b=XDCl9kvZhpMk1k5jr27IHk48qabNQ2hvKPC6mxYtra0QRxkRsgKpMoK8xb89u8yS9JDUyj
	0BfFl5g5BVb4Zm/EdGzaVr5A52yi3e2RlIoB/GTvgwN+R630vgZFche9Okz/Nbi6C1m8ol
	VHZsZkJqp/zfoxvPQBi5LUOiyOZwjrCUm/iQQ/nsd/rdmvK93szVpNFjyFGXHTyyESpfi1
	rhKZvc3Dn7X51lHBFvl7VnHMnsrLUKMcM5GJl4eql7XFIzXGlYb+nocQI7A+MXIWStmUqx
	7Vqn8nMN8otk5N6lsE5YV/Ts66iO9moqPoR/5MxEZ3mWf90EwXVVsPf0DfCUdw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708726;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=ntcj8PUveMCjXHTLcqO7VJyZX/rz4bbrbyUxZujAAPU=;
	b=Ta5qKLf0hjFnwzA5kBmpzJMB8O0ptbx6h17pAw+j61CojBMtRwcptAzHDK3c4kqJ2WjB/D
	7dhtNMDzkMVB25q8WqVyMBhVYkh8l5MZ055mM+FvkLCq+qyymajReCN2KeAb+Y33GAa0vJ
	MwvmoSv5J8cO6dU6fVc4xzJiGb4ow4E4vWQzpF+LJTUMDGY5LE3CH7dtwKYZmt8mrlmcY7
	l6vYeAOGAtavGGB43ptT7x3YMmj9yRrHyNUkU1BiKKYjoDpbuAzHnNVblEZlGW3z2Z5H/T
	ULQTAClhj7DOLAUusdy3SkuPCT3ePnRdD9lrqiID3vLfKA1NCucLG0tmeS0kOQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBh61r7fzXM;
	Thu, 03 Apr 2025 19:32:06 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JW6PG038369;
	Thu, 3 Apr 2025 19:32:06 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JW61D038353;
	Thu, 3 Apr 2025 19:32:06 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:06 GMT
Message-Id: <202504031932.533JW61D038353@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: ae2ee5470d9d - stable/14 - MAC/do: Remove the 'prison0'
  special cases in the common paths
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: ae2ee5470d9d0630d8f03c3ea4e4b2852a33d055
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=ae2ee5470d9d0630d8f03c3ea4e4b2852a33d055

commit ae2ee5470d9d0630d8f03c3ea4e4b2852a33d055
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-03 13:23:26 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:30:59 +0000

    MAC/do: Remove the 'prison0' special cases in the common paths
    
    The rules on 'prison0' are initialized in init(), now using
    set_empty_rules().
    
    Until the jail is destroyed, they can never be uninitialized by a call
    to osd_jail_del(), since the only chain to call it is
    mac_do_prison_set() -> remove_rules() -> osd_jail_del(), and
    mac_do_prison_set() (method PR_METHOD_SET) can never be called on
    'prison0'.  This guarantees that find_rules() always find a valid
    'rules' pointer to return.
    
    There's no need to do anything special in destroy() for 'prison0', as
    osd_jail_deregister() now takes care of it.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47603
    
    (cherry picked from commit beb5603c51e0323e267ceff8f83b3c95151f0822)
---
 sys/security/mac_do/mac_do.c | 27 ++++++++++-----------------
 1 file changed, 10 insertions(+), 17 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 787790cb2b34..8ce84d7ba099 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -58,8 +58,6 @@ struct rules {
 	TAILQ_HEAD(rulehead, rule) head;
 };
 
-static struct rules *rules0;
-
 static void
 toast_rules(struct rules *const rules)
 {
@@ -204,19 +202,20 @@ out:
 static struct rules *
 find_rules(struct prison *const pr, struct prison **const aprp)
 {
-	struct prison *cpr;
+	struct prison *cpr, *ppr;
 	struct rules *rules;
 
-	for (cpr = pr;; cpr = cpr->pr_parent) {
+	cpr = pr;
+	for (;;) {
 		prison_lock(cpr);
-		if (cpr == &prison0) {
-			rules = rules0;
-			break;
-		}
 		rules = osd_jail_get(cpr, mac_do_osd_jail_slot);
 		if (rules != NULL)
 			break;
 		prison_unlock(cpr);
+
+		ppr = cpr->pr_parent;
+		MPASS(ppr != NULL); /* prison0 always has rules. */
+		cpr = ppr;
 	}
 	*aprp = cpr;
 
@@ -265,13 +264,8 @@ set_rules(struct prison *const pr, struct rules *const rules)
 	rsv = osd_reserve(mac_do_osd_jail_slot);
 
 	prison_lock(pr);
-	if (pr == &prison0) {
-		old_rules = rules0;
-		rules0 = rules;
-	} else {
-		old_rules = osd_jail_get(pr, mac_do_osd_jail_slot);
-		osd_jail_set_reserved(pr, mac_do_osd_jail_slot, rsv, rules);
-	}
+	old_rules = osd_jail_get(pr, mac_do_osd_jail_slot);
+	osd_jail_set_reserved(pr, mac_do_osd_jail_slot, rsv, rules);
 	prison_unlock(pr);
 	if (old_rules != NULL)
 		toast_rules(old_rules);
@@ -339,7 +333,6 @@ static void
 destroy(struct mac_policy_conf *mpc)
 {
 	osd_jail_deregister(mac_do_osd_jail_slot);
-	toast_rules(rules0);
 }
 
 static int
@@ -452,7 +445,7 @@ init(struct mac_policy_conf *mpc)
 	struct prison *pr;
 
 	mac_do_osd_jail_slot = osd_jail_register(dealloc_osd, osd_methods);
-	rules0 = alloc_rules();
+	set_empty_rules(&prison0);
 	sx_slock(&allprison_lock);
 	TAILQ_FOREACH(pr, &allprison, pr_list)
 	    set_empty_rules(pr);

From nobody Thu Apr  3 19:32:07 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBh773NZz5sLxt;
	Thu, 03 Apr 2025 19:32:07 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBh72vl6z3SB9;
	Thu, 03 Apr 2025 19:32:07 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708727;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=vEgEdTGbr54huzJnqGKMFj7ufB0VYGpSmo5Jsx2W1LM=;
	b=onkSx2lnp+XZQNfbN6bOreEuDchI8CcImeSmrLQKq7BcxZXM4VvcINJagOLNZkU9FS1sF6
	HBuynwepBWAgbLMCgAvueI/sh5m/Cqp97K7YMcAJMb7L0KeOYfzJR/RcHVt0L1+NiSuZXY
	VFo36Tq97Cmxb5C5Ttrsd1lV5J5g27BTpbKqFFwv5f19dcXsPfLQQE5hf1e2oUxwJklhvf
	ojbQMvBuIbeXDI0HH3zYIdM+hys+7zvLpkaGUogTadAxi/QhYLbsMWL4POLozw3FEgcAVA
	p4SR1at2sXfOiFO0OSy/zxruSQTt7mki4FyF3QJqVcXAZshNQfkjJdy6hk9jlA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708727; a=rsa-sha256; cv=none;
	b=q4kjb+k2G8yE1ILvDISrbGtlm6zZewUMzW5KD0746LhzsKpMIcSO5lO9MaQgLy0Mmnczgz
	O9Wt5ppHBOkxB+8wlCdRCxU1aJUhvYtM+WMwFwT8KdfPuwW25CWQ37pPEIfHKFa0NG2sOp
	QcHIgHKMNDF01ujz+6hQBaMyv4RahkuAFEBbcE6dXRI+5c06If+hPTfLe1e1XBqn3z3dP3
	WvwOf16qwKQko0LT/RB675Swh0V4tVn6MjWvJNtvTdM6aYH2AEfg2UinsOUS+dmqRsrV0p
	bwZ2w8zfoBQvMN3vuZ3JBX7c7Va4jLW8JaguLqXpgOZh2ofK8vQmMJ9ULX/qZg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708727;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=vEgEdTGbr54huzJnqGKMFj7ufB0VYGpSmo5Jsx2W1LM=;
	b=THEJrQAUdr4wyQxwNm4vM/qxVoo+hvwenmzeRTwQVP6sSeBpWCJY0hLxM/fmCdmnCTwtkN
	W7+T70wkEeIYI9PfZz3g6u50ewvdORJYV9LcRQ2D7PlrQaJUiKeaVpdz7Z3lhqkfgN3kbb
	WdQX7mWVXbhFLBs6pFewUP3ZLYE63yk748ihJrM0RKc7xwit6I6+pmTQ7ErH/8mLSktlQR
	R6P7dYjiXvfQs4lYqo3HFj5P7m2vNuhxjJwUDJhVL0vXNjDqk4M5EtLJ6PBw04kS3PXqSB
	KcIOUmsHVdIiL/KKaR5D5aJFBYrJ8/P7Q/0dgYupQA3+COLuYdNces64iATMIg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBh72RKczZm;
	Thu, 03 Apr 2025 19:32:07 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JW7XE039520;
	Thu, 3 Apr 2025 19:32:07 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JW7ka039507;
	Thu, 3 Apr 2025 19:32:07 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:07 GMT
Message-Id: <202504031932.533JW7ka039507@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 8d8c3948544c - stable/14 - MAC/do: Move destroy() to
  a better place
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 8d8c3948544c6e8a4c93cdcec3de428132d9ac28
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=8d8c3948544c6e8a4c93cdcec3de428132d9ac28

commit 8d8c3948544c6e8a4c93cdcec3de428132d9ac28
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-03 13:52:33 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:30:59 +0000

    MAC/do: Move destroy() to a better place
    
    No functional change intended.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47604
    
    (cherry picked from commit 73cecc0ef78e49295cd9cd8df1bf271f5b8c437d)
---
 sys/security/mac_do/mac_do.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 8ce84d7ba099..cb166cfd6128 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -329,12 +329,6 @@ SYSCTL_PROC(_security_mac_do, OID_AUTO, rules,
     0, 0, sysctl_rules, "A",
     "Rules");
 
-static void
-destroy(struct mac_policy_conf *mpc)
-{
-	osd_jail_deregister(mac_do_osd_jail_slot);
-}
-
 static int
 mac_do_prison_set(void *obj, void *data)
 {
@@ -452,6 +446,12 @@ init(struct mac_policy_conf *mpc)
 	sx_sunlock(&allprison_lock);
 }
 
+static void
+destroy(struct mac_policy_conf *mpc)
+{
+	osd_jail_deregister(mac_do_osd_jail_slot);
+}
+
 static bool
 rule_applies(struct ucred *cred, struct rule *r)
 {

From nobody Thu Apr  3 19:32:08 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBh91bhSz5sLvH;
	Thu, 03 Apr 2025 19:32:09 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBh84LXRz3SBN;
	Thu, 03 Apr 2025 19:32:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708728;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2S7ePLUjj+8EgRjsn1ee7c/K556UPTgR6/Ij1Bg7xMU=;
	b=EyfjCLm1WaK3GzGCT6uYv8P4flKAdrXLw2x46K8+oidXfLADhvpZ7tpnLIQC12x6rK8yf1
	N8eqxVq9xtxPZcM6daqBsEqX1uJuHMhdLX/n80Fmn/hgo917SnCwcusDhv34v7LFOX+Lio
	UOt0h3a7ej/Hs5sAiICD8oI8/iqOc3eXRINYaqx75DfqTPapbsODIXn+SsWEwiivRYUU9r
	y91ZFO9aNC+RHhRr+Ssl+mlBiXR8vG3bcKZtvf43L0CAoDi+Q5GetXAkzB9kx+eY4CPdvE
	NR7mwvoTQ/yESkBMQowzP/fIYdQa5g1iP9TzIRhKRoQlnB//St1KgQXxWgM/ig==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708728; a=rsa-sha256; cv=none;
	b=KPUS13/L8a3yOlu5dilheDQ9NCASmSqwQJR23ELf6f1fSTPFoDUGDsfJYY8wil+XG3cJ9l
	vmyu+Gd4I1o6krT8lyCCDABrcOY2yfzL4uWdL+5aZEDAZ/LDt78CUwbVBLc7TP1YUiEmFH
	z3nck51cfg6V7FIWIKtezmR6lzY1apO+5LHrH6QeMsM4pmoLfeLB+oQ6VV9cDCQFJUER1+
	PmVHFfgNAK+5hv3w4BoFyK2kmmphyyixL7ALcpg8x5vcM0rmDha8ZXIH3I7wBBcwrMpKyg
	wzPAYEBmu7gl1/s3DRkY9FSaGYYMYkv8TOVzukI4WSbVuMdXrW43gCW5Bjr7YQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708728;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2S7ePLUjj+8EgRjsn1ee7c/K556UPTgR6/Ij1Bg7xMU=;
	b=n2oFSsr6nRjMbV/RlP9sM2WRPS/DRSMS2rL02uQbSOfR25QSqaQ/bsP/WCO5BCAcmLZyKq
	IRqaki1f38qEq6Qve+lLZLvCnRc8bVp/tN+UPcFEMdkNB2piEx5GYWMuRkC4sHcVivUc6G
	GFdClnbDnBk57yMBociIdTT2S4ELZQkHVm4RicLiaQxbXiwM05N5iLr0faw/bNe9OioBEh
	mEgtDlW2zofyKN9496UEZqpY8XpiwqaMvEDX/oX/UEkBaarVvFR59iqRhJNXsbZseRY7Yz
	i4JfSDWQv9vUONdyoWJcZcwi9sQyqibOTXpT+fJ8A7vPX5xDeBJSxZcOsVGwJA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBh83qsDz1Cpq;
	Thu, 03 Apr 2025 19:32:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JW8rU039922;
	Thu, 3 Apr 2025 19:32:08 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JW8SL039919;
	Thu, 3 Apr 2025 19:32:08 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:08 GMT
Message-Id: <202504031932.533JW8SL039919@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 6b76b0f95c62 - stable/14 - MAC/do: parse_rule_element():
  Fix a panic, harden, simplify
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 6b76b0f95c6255237a462eb20bf7966e3e7e35a9
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=6b76b0f95c6255237a462eb20bf7966e3e7e35a9

commit 6b76b0f95c6255237a462eb20bf7966e3e7e35a9
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-03 14:13:33 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:30:59 +0000

    MAC/do: parse_rule_element(): Fix a panic, harden, simplify
    
    The panic is caused by dereferencing 'element' at a point where it can
    be NULL (if string ends at the ':').
    
    Harden and simplify by enforcing the control flow rule in this function
    that jumping to the end is reserved for error cases.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47605
    
    (cherry picked from commit add521c1a5d21ec84454009d42d1dcd688d77008)
---
 sys/security/mac_do/mac_do.c | 38 +++++++++++++++++++++++---------------
 1 file changed, 23 insertions(+), 15 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index cb166cfd6128..3327711fa9b9 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -94,7 +94,7 @@ parse_rule_element(char *element, struct rule **rule)
 	type = strsep(&element, "=");
 	if (type == NULL) {
 		error = EINVAL;
-		goto out;
+		goto error;
 	}
 	if (strcmp(type, "uid") == 0) {
 		new->from_type = RULE_UID;
@@ -102,24 +102,30 @@ parse_rule_element(char *element, struct rule **rule)
 		new->from_type = RULE_GID;
 	} else {
 		error = EINVAL;
-		goto out;
+		goto error;
 	}
 	id = strsep(&element, ":");
 	if (id == NULL) {
 		error = EINVAL;
-		goto out;
+		goto error;
 	}
-	if (new->from_type == RULE_UID)
+	switch (new->from_type) {
+	case RULE_UID:
 		new->f_uid = strtol(id, &p, 10);
-	if (new->from_type == RULE_GID)
+		break;
+	case RULE_GID:
 		new->f_gid = strtol(id, &p, 10);
+		break;
+	default:
+		__assert_unreachable();
+	}
 	if (*p != '\0') {
 		error = EINVAL;
-		goto out;
+		goto error;
 	}
-	if (*element == '\0') {
+	if (element == NULL || *element == '\0') {
 		error = EINVAL;
-		goto out;
+		goto error;
 	}
 	if (strcmp(element, "any") == 0 || strcmp(element, "*") == 0) {
 		new->to_type = RULE_ANY;
@@ -128,15 +134,17 @@ parse_rule_element(char *element, struct rule **rule)
 		new->t_uid = strtol(element, &p, 10);
 		if (*p != '\0') {
 			error = EINVAL;
-			goto out;
+			goto error;
 		}
 	}
-out:
-	if (error != 0) {
-		free(new, M_DO);
-		*rule = NULL;
-	} else
-		*rule = new;
+
+	MPASS(error == 0);
+	*rule = new;
+	return (0);
+error:
+	MPASS(error != 0);
+	free(new, M_DO);
+	*rule = NULL;
 	return (error);
 }
 

From nobody Thu Apr  3 19:32:09 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhB1g6vz5sLmr;
	Thu, 03 Apr 2025 19:32:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBh941Cdz3SBY;
	Thu, 03 Apr 2025 19:32:09 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708729;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=KI1hqC11xUpZMXXXJVuAordSDBhJ6b7aMBly7YS0pMI=;
	b=P8xQlbmoHmIVODaTxx7imVjtYTEBTf4Y6Fh9Q4VbL9OaO7CTU3q9xBzF6ZkkrSveAIaOOy
	Ys61g0FgrwPq0NUaZqZ0ZmJPbjCoA9b7KqnbEPEgj5XUzv6h0gtnezRcfoQYM+YyYSmtKN
	DH8cxTn2quGcGvC7HM/BvbJnj9SVegjUbZ2/lj39LtrVPTpCf5/ygBSeyT2los/KzoLCSy
	XKasGZVKJUFECO3O+qp2uu0B6v7PIcELAPsrFNcxT+M4lRU3qSCp1LWplgH/bJcN05Xdty
	swE/+L8fRai3GlbULA2+9P+WmvBjLnxJ0zaJMe1wMePWXCOgGizDkS/vze58vQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708729; a=rsa-sha256; cv=none;
	b=U3vQOeMMJJ2jZSitPS9vhPR+YyJd84TPUW3eH14HZ40VMJ3tiOY83a2axDpxfGn8YAWAlb
	uNZFrDuX8Urx9NsRC3EyW19LvEvbfOvGDZ4lKawWl0dqsFQIX6VxYpA/6kUKpajlgYGpvc
	lNnHOgmZ7ZYfOMUJH3LpJTCVAgKExctvdCc2UweEM77TPfEzLLxGsBJAJ8D/pyVrnKmMO5
	py3AFWL20RtFMIq63iKMzr3fEmYH/WGLjrwbh4E7ZV1QrRt1IebumN90FHGttNSky8o/wT
	Y15LVpBK6ozfbdCDaXwmAQfZVUy4XGpTyCgbrTjiBjWuFPwmw5HUiPUgSbrypA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708729;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=KI1hqC11xUpZMXXXJVuAordSDBhJ6b7aMBly7YS0pMI=;
	b=QQUHKRIcFrXCoZyCORUALi2Dkopz4sNRT/Mc0A8VzKcR3fMdLb98nwI13N0Gb1TECdAfwI
	smu3zudiH8BqcG4aiJKLini3bm779mWPd499r2QcE2oJFT43VzUMgu0HG63WEpp2THrWp6
	yaI5Fp3SdaJQTMd0NWSq4XSYf3v8p/Tovngojs0GDmiZ2lbKJiqxdIGYCWv7n3lBtOLlqJ
	Y8RzrXLfPtzaX/ifKEXvNaPAjN56vgNfBmVaZyOHj3oUuLXJ3RSAQL44sBshbIzZVeiYgF
	H7aLLxTqaNmDtwz9engI7OtHXnuFCciBpAlDcBxpDDiHLpeC5b7+6sCbE619iQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBh93d1GzLw;
	Thu, 03 Apr 2025 19:32:09 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JW9BZ039955;
	Thu, 3 Apr 2025 19:32:09 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JW9kA039952;
	Thu, 3 Apr 2025 19:32:09 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:09 GMT
Message-Id: <202504031932.533JW9kA039952@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 9b7e21d9187c - stable/14 - MAC/do: Re-order jail
  methods more logically, rename
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 9b7e21d9187cfff32d190fabadee20561afeaba2
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=9b7e21d9187cfff32d190fabadee20561afeaba2

commit 9b7e21d9187cfff32d190fabadee20561afeaba2
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-03 15:00:43 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:00 +0000

    MAC/do: Re-order jail methods more logically, rename
    
    No functional change intended.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47606
    
    (cherry picked from commit 2b2c19b7f697cc88d4da3e8e13051139cd0a4f96)
---
 sys/security/mac_do/mac_do.c | 87 +++++++++++++++++++++++---------------------
 1 file changed, 45 insertions(+), 42 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 3327711fa9b9..78c05e9be260 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -337,40 +337,23 @@ SYSCTL_PROC(_security_mac_do, OID_AUTO, rules,
     0, 0, sysctl_rules, "A",
     "Rules");
 
-static int
-mac_do_prison_set(void *obj, void *data)
-{
-	struct prison *pr = obj;
-	struct vfsoptlist *opts = data;
-	char *rules_string;
-	int error, jsys, len;
-
-	error = vfs_copyopt(opts, "mdo", &jsys, sizeof(jsys));
-	if (error == ENOENT)
-		jsys = -1;
-	error = vfs_getopt(opts, "mdo.rules", (void **)&rules_string, &len);
-	if (error == ENOENT)
-		rules_string = "";
-	else
-		jsys = JAIL_SYS_NEW;
-	switch (jsys) {
-	case JAIL_SYS_INHERIT:
-		remove_rules(pr);
-		error = 0;
-		break;
-	case JAIL_SYS_NEW:
-		error = parse_and_set_rules(pr, rules_string);
-		break;
-	}
-	return (error);
-}
 
 SYSCTL_JAIL_PARAM_SYS_NODE(mdo, CTLFLAG_RW, "Jail MAC/do parameters");
 SYSCTL_JAIL_PARAM_STRING(_mdo, rules, CTLFLAG_RW, MAC_RULE_STRING_LEN,
     "Jail MAC/do rules");
 
+
 static int
-mac_do_prison_get(void *obj, void *data)
+mac_do_jail_create(void *obj, void *data __unused)
+{
+	struct prison *const pr = obj;
+
+	set_empty_rules(pr);
+	return (0);
+}
+
+static int
+mac_do_jail_get(void *obj, void *data)
 {
 	struct prison *ppr, *pr = obj;
 	struct vfsoptlist *opts = data;
@@ -391,16 +374,7 @@ done:
 }
 
 static int
-mac_do_prison_create(void *obj, void *data __unused)
-{
-	struct prison *const pr = obj;
-
-	set_empty_rules(pr);
-	return (0);
-}
-
-static int
-mac_do_prison_check(void *obj, void *data)
+mac_do_jail_check(void *obj, void *data)
 {
 	struct vfsoptlist *opts = data;
 	char *rules_string;
@@ -427,6 +401,34 @@ mac_do_prison_check(void *obj, void *data)
 	return (error);
 }
 
+static int
+mac_do_jail_set(void *obj, void *data)
+{
+	struct prison *pr = obj;
+	struct vfsoptlist *opts = data;
+	char *rules_string;
+	int error, jsys, len;
+
+	error = vfs_copyopt(opts, "mdo", &jsys, sizeof(jsys));
+	if (error == ENOENT)
+		jsys = -1;
+	error = vfs_getopt(opts, "mdo.rules", (void **)&rules_string, &len);
+	if (error == ENOENT)
+		rules_string = "";
+	else
+		jsys = JAIL_SYS_NEW;
+	switch (jsys) {
+	case JAIL_SYS_INHERIT:
+		remove_rules(pr);
+		error = 0;
+		break;
+	case JAIL_SYS_NEW:
+		error = parse_and_set_rules(pr, rules_string);
+		break;
+	}
+	return (error);
+}
+
 /*
  * OSD jail methods.
  *
@@ -435,12 +437,13 @@ mac_do_prison_check(void *obj, void *data)
  * destructor.
  */
 static const osd_method_t osd_methods[PR_MAXMETHOD] = {
-	[PR_METHOD_CREATE] = mac_do_prison_create,
-	[PR_METHOD_GET] = mac_do_prison_get,
-	[PR_METHOD_SET] = mac_do_prison_set,
-	[PR_METHOD_CHECK] = mac_do_prison_check,
+	[PR_METHOD_CREATE] = mac_do_jail_create,
+	[PR_METHOD_GET] = mac_do_jail_get,
+	[PR_METHOD_CHECK] = mac_do_jail_check,
+	[PR_METHOD_SET] = mac_do_jail_set,
 };
 
+
 static void
 init(struct mac_policy_conf *mpc)
 {

From nobody Thu Apr  3 19:32:10 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhC2JVhz5sM19;
	Thu, 03 Apr 2025 19:32:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhB4y5fz3SGR;
	Thu, 03 Apr 2025 19:32:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708730;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Ge2eM/1xAFnGDifZ0bDSLdVWRr9s61cQ3FuA91ETudM=;
	b=CV0aSrPfk6jnAPxsgdRZJDZPtFa9XAim4EG3DJjq0mKIHFYK4pfwSCMr6L/0pyEVWgEsmq
	oGwNobXhyymiSDqTdsmqRKQVTPWb5GY3A/lnFP9j9TUCrwy+k4IBTYV0BFWnx3fEU60itT
	arMigqe0ajzPXkuhglERb6ccHK1ZrT6abPeVacUFm/V4q0azah6bdVkV02fQ0cR85DezBg
	PRxCXHHJLAqGjjWqBY0TMutOTi4kGgaGmKGGHkJZvlFtiW5yRRHbDwDfN9g178c7eQq7WJ
	CBAPI5N3gz+UExTU307buYvA1ZXKSM691L+tI4y0b/yM8RodUPEzAov2U8jg8Q==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708730; a=rsa-sha256; cv=none;
	b=VaBVG7oy/03h7nWlfORt3scuRXOxUI9SO58cIVE7Y/CdBL1ceCKWRVfY9VmZHq98olsVtZ
	gj1vnutM0Cz4cWIlHXjna0gQ2EwGX9E6kKAAEUi1SjmZdzpfF4XSo5IdPWD0iNLA4MWca/
	kapT1HqGyXHy4E5JnDTNEOHN3XtnlqaPdubYXpUEHLcApWsVLP9Xc6wjhETW5t6CLiDfVX
	/JyV1wX7Y5637vrR93HsiCNxejewAeW4pdYbnZN6ysY0mg/dKg6Ax/fYkAujBPsX4EdFQA
	MZLVocW8sud44G9ciasc5xGivJS7ZYKJDTkPvKGbdDvPJlsB8bh2pAhY+GHSZw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708730;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Ge2eM/1xAFnGDifZ0bDSLdVWRr9s61cQ3FuA91ETudM=;
	b=ZuQ6AirRwmUZVPsK6C+FuGPesYCn+EryzTby53fuMeUyEFaX4MZxDfMFfeYAOBNuVjekvx
	hAZyzJJMe8jETjG8VSx0c16LSSXDzB5LzsgULtZuOCq41cGYXymA+aAbcCBfrv2QArFnfw
	bFH5t0yfRd5ziGtSiCLX2c37EcyBF9Fr3buziGQ1uDjmQyJ3drQN35/Xu6vH17ibgv/RZV
	71+hUyond37fMpWMc8FXv6VmdHxD+5Eyse7ZxsvtViuxu3484dXpC3YWXmqg0TYNAok0hT
	mYBDf8QLNQXXMVnTrdqzBI887FJMzocby5g3cTJzNH87iWLY8u80b8kKz6A3bg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhB4W8BzkJ;
	Thu, 03 Apr 2025 19:32:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWA8N039988;
	Thu, 3 Apr 2025 19:32:10 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWAiC039985;
	Thu, 3 Apr 2025 19:32:10 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:10 GMT
Message-Id: <202504031932.533JWAiC039985@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: e014e1fd4b54 - stable/14 - MAC/do: Prefix internal
  functions used as hooks/callbacks
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: e014e1fd4b54e9936d8a73121ed6dcd9a81ed504
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=e014e1fd4b54e9936d8a73121ed6dcd9a81ed504

commit e014e1fd4b54e9936d8a73121ed6dcd9a81ed504
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-30 13:14:02 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:00 +0000

    MAC/do: Prefix internal functions used as hooks/callbacks
    
    So that we immediately know whether a kernel stack involves MAC/do.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47607
    
    (cherry picked from commit 11ba1f2fe2d4e151ffc0a66d03a0691a7b8d2866)
---
 sys/security/mac_do/mac_do.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 78c05e9be260..a57c29c407b8 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -309,7 +309,7 @@ parse_and_set_rules(struct prison *const pr, const char *rules_string)
 }
 
 static int
-sysctl_rules(SYSCTL_HANDLER_ARGS)
+mac_do_sysctl_rules(SYSCTL_HANDLER_ARGS)
 {
 	char *const buf = malloc(MAC_RULE_STRING_LEN, M_DO, M_WAITOK);
 	struct prison *const td_pr = req->td->td_ucred->cr_prison;
@@ -334,7 +334,7 @@ out:
 
 SYSCTL_PROC(_security_mac_do, OID_AUTO, rules,
     CTLTYPE_STRING|CTLFLAG_RW|CTLFLAG_PRISON|CTLFLAG_MPSAFE,
-    0, 0, sysctl_rules, "A",
+    0, 0, mac_do_sysctl_rules, "A",
     "Rules");
 
 
@@ -445,7 +445,7 @@ static const osd_method_t osd_methods[PR_MAXMETHOD] = {
 
 
 static void
-init(struct mac_policy_conf *mpc)
+mac_do_init(struct mac_policy_conf *mpc)
 {
 	struct prison *pr;
 
@@ -458,7 +458,7 @@ init(struct mac_policy_conf *mpc)
 }
 
 static void
-destroy(struct mac_policy_conf *mpc)
+mac_do_destroy(struct mac_policy_conf *mpc)
 {
 	osd_jail_deregister(mac_do_osd_jail_slot);
 }
@@ -474,7 +474,7 @@ rule_applies(struct ucred *cred, struct rule *r)
 }
 
 static int
-priv_grant(struct ucred *cred, int priv)
+mac_do_priv_grant(struct ucred *cred, int priv)
 {
 	struct rule *r;
 	struct prison *pr;
@@ -501,7 +501,7 @@ priv_grant(struct ucred *cred, int priv)
 }
 
 static int
-check_setgroups(struct ucred *cred, int ngrp, gid_t *groups)
+mac_do_check_setgroups(struct ucred *cred, int ngrp, gid_t *groups)
 {
 	struct rule *r;
 	char *fullpath = NULL;
@@ -535,7 +535,7 @@ check_setgroups(struct ucred *cred, int ngrp, gid_t *groups)
 }
 
 static int
-check_setuid(struct ucred *cred, uid_t uid)
+mac_do_check_setuid(struct ucred *cred, uid_t uid)
 {
 	struct rule *r;
 	int error;
@@ -590,11 +590,11 @@ check_setuid(struct ucred *cred, uid_t uid)
 }
 
 static struct mac_policy_ops do_ops = {
-	.mpo_destroy = destroy,
-	.mpo_init = init,
-	.mpo_cred_check_setuid = check_setuid,
-	.mpo_cred_check_setgroups = check_setgroups,
-	.mpo_priv_grant = priv_grant,
+	.mpo_destroy = mac_do_destroy,
+	.mpo_init = mac_do_init,
+	.mpo_cred_check_setuid = mac_do_check_setuid,
+	.mpo_cred_check_setgroups = mac_do_check_setgroups,
+	.mpo_priv_grant = mac_do_priv_grant,
 };
 
 MAC_POLICY_SET(&do_ops, mac_do, "MAC/do",

From nobody Thu Apr  3 19:32:12 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhF6ZVBz5sM32;
	Thu, 03 Apr 2025 19:32:13 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhF0773z3SRn;
	Thu, 03 Apr 2025 19:32:13 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708733;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2Ei5lxwUJn7V90/CIL5wltbKekV9rDztVA1PcTK2iUo=;
	b=HV9H5PjM3Cjx2iT/pvNHa7zg2hvngyRKgnDOTuFel0YrzpbblxDAAtWE+b/kGvMSC+aBjS
	RPKmMyeRsYatd/pvflKm8dPpXRWL3twQZd22GYS2J4VbULzIwiiCRnW5Uf5+MimIr4TPJ5
	nGDkniRsuTMJSI7DANlTglFlNDCDNHMiFlMasIcE0oNyOjWksED9dxDiy/oLmQvCLnx5Uv
	yTCkJ3C/ADy/7v/TAl/AuAlyd1FH3Nh2A1r0bUgWBy7WLniUYGNzb6CGqKYXixGCTzLR2+
	J6Wvx+XXaj+o6AxB+NN+uEMq3frvsNt3CMG53PXLUnIHJmoHrYR9Iw9+U3+PaQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708733; a=rsa-sha256; cv=none;
	b=uZ+uhnagkLVvuJPtncJ/iAbuZLG5ChgOg3lXN/nkFTRIKvrmjO8Dxb8KPd3LTFuvsAw0bV
	LmUKP1ysiHnArp0qVugZoGISO4T/G2WO9hf847G39AX9X/g2ujg0rm4V8wwiZMAHrFdCEt
	ZFJnsfWSWBXkoch22tL+TG4Xc5frNWWcydG7ullNajSmydrbRAxQ+ynVvIvmTo3Hv6hyI1
	mxKSH63gDzFxdxKNgUV5vqYNrPauEdXyefhyPdrmEw4twcuZtLvTaaG5EO+uKXJOdwDYM5
	BbGAwnwQmnJ7PoSuSPsLcV9Z3I5HrqaQhS/taEtev67Uy5VvvrjcsweoVi0mhA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708733;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2Ei5lxwUJn7V90/CIL5wltbKekV9rDztVA1PcTK2iUo=;
	b=eXhB2sjzYD3F4BpuF+IJx0U5Nz6AQs+OXhFw9RnbHxOcjLmw3i3TNPbni8x6hbCtfSP3mm
	S9pZn/6aZHKZssGZKPpZoqOhFpNFo252QjTZdLEdGpJdR0hEINJpPErFJNFmx//gAqYS7k
	BqrWFTcG2/yTOseWS3rGefcPUsc4lmkSZ8kcdCwjHV0NRKJtrA0tB3w4a8t6g7OQFHgHFy
	0UzyCWJJhsL+zdB/TCBOv+Bz/SuJX3WEBxcDRkVUxMBmDkmEN6iv64Ge8//0QyOq/GGvtL
	dqiQwTuqdAAneUh6q/lvy91+cKqkrwZqijwZx7hmZ9SGJOCinMDelNVOEvQuaw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhD6RdJzLx;
	Thu, 03 Apr 2025 19:32:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWCY2040058;
	Thu, 3 Apr 2025 19:32:12 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWCxW040055;
	Thu, 3 Apr 2025 19:32:12 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:12 GMT
Message-Id: <202504031932.533JWCxW040055@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: bd9e3fcaa064 - stable/14 - MAC/do: Fix jail_get()
  (PR_METHOD_GET)
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: bd9e3fcaa064779618353cb45fd03d2d5c66a804
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=bd9e3fcaa064779618353cb45fd03d2d5c66a804

commit bd9e3fcaa064779618353cb45fd03d2d5c66a804
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-03 15:22:28 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:00 +0000

    MAC/do: Fix jail_get() (PR_METHOD_GET)
    
    - Properly fill 'jsys' before copying it out (we would leak bytes from
      the kernel stack).  When the current jail has its own 'struct rules',
      set it to the special value JAIL_SYS_DISABLE if it in fact holds no
      rules.
    - Don't forget to unlock the jail holding rules on error.
    - Correctly return errors.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47609
    
    (cherry picked from commit 2a20ce91dc29e5a80f4eeb9352cf3169cd1891b9)
---
 sys/security/mac_do/mac_do.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 6f68a6f62a79..2482221e43a3 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -353,22 +353,28 @@ mac_do_jail_create(void *obj, void *data __unused)
 static int
 mac_do_jail_get(void *obj, void *data)
 {
-	struct prison *ppr, *pr = obj;
-	struct vfsoptlist *opts = data;
+	struct prison *ppr, *const pr = obj;
+	struct vfsoptlist *const opts = data;
 	struct rules *rules;
 	int jsys, error;
 
 	rules = find_rules(pr, &ppr);
+
+	jsys = pr == ppr ?
+	    (TAILQ_EMPTY(&rules->head) ? JAIL_SYS_DISABLE : JAIL_SYS_NEW) :
+	    JAIL_SYS_INHERIT;
 	error = vfs_setopt(opts, "mac.do", &jsys, sizeof(jsys));
 	if (error != 0 && error != ENOENT)
 		goto done;
+
 	error = vfs_setopts(opts, "mac.do.rules", rules->string);
 	if (error != 0 && error != ENOENT)
 		goto done;
-	prison_unlock(ppr);
+
 	error = 0;
 done:
-	return (0);
+	prison_unlock(ppr);
+	return (error);
 }
 
 static int

From nobody Thu Apr  3 19:32:11 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhD01VMz5sLmv;
	Thu, 03 Apr 2025 19:32:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhC6240z3SKZ;
	Thu, 03 Apr 2025 19:32:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708731;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=HvsYpVAfW+GpM/xhazlkhItOFkcUZHct+DYC+2RibMk=;
	b=mchdALnMB62g2FCzgWktg9WlG4pu1E5mJmAKte46Hny7UE2vJNivWzLLSJlBoAnlh70hWP
	mN2GezrDbnrZlgq6EtOubVmHz+J3cvErLm5RIHr58Dq9Vuw1CUaDb1kflfCmRgGy43yPHw
	/Ppf160E0nUt1iFFQS1paLKVbd2QANC2B/NUsIKx+yEEeijOTzQHrZYN3tcMzs/4auAYRK
	YZCixQcGPpaIhALx0nqHr9el9WVwHjpmeYRBCdeQX1dhlLc/C2j1MhNIa9ZuU09nstt7QP
	JrmAVD70U3hsYPf9QnwAmcNWRYeY5AEwISM3JpP0js1XMlQUMimeNKEEJZsSWQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708731; a=rsa-sha256; cv=none;
	b=HF48X2FWAcBHcDKmov2Qfu06aHjAn3yvolXKimY7ef4Jyv4+sJKDrqZWLjtdMkcQMQjFXl
	1fGoucj9slE1/Z2BlBNwRAX2HX5ALx1ZY+2XkPoPk4v93ZvwxfiN5cBAjmsAIzW4N+beIV
	dsReqhvcw2hwtHzLv7N8qFhm/ME9yXar/yP/IKsIOGXGzXPKaU5JHjYQUUtJ9Uds7qgaYQ
	Jo9LfOw0Cx8pGMTEKq+KF8kTagGVJFCTFrc3gEvgbhcMWEnl4ZOmJ7MXsr8+l/YpanCu9x
	Chhj4vo8KGltfE0vsS3Y9yoH+zk6QD9JfxIm6A6OPHcAEwSsegFe9r9xJxKP9g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708731;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=HvsYpVAfW+GpM/xhazlkhItOFkcUZHct+DYC+2RibMk=;
	b=T/SW+BLVxIX6aRcVGTWn0P57ultyJaHjBDTbB+/eLvh+Nm9lHcMCyk4UFblZ8KoyKfj87E
	LoAp2PXRBmKpolQ+MRhFd+wKz0VQDrnYfmOFOTVYUQXjbXwSi1iWF2NoyBto8bBUcSAQKx
	7lEUtB0k3n8kgKJE/CdYjCrWp5Zxy2GAo4u/vZUIk3CUfc2rZt9cOjU61HGNBN/HnxNuhZ
	Maa7DKuia39uvNSqKNbkQvFTir8RFiTXlqVVwFWDE7cKYOSYOu0l/yHsat5qn3TgWGtsx0
	OyDusF3h/bDmZYp0+f24JvxOHNbQ0EvubUohB5EFCwPY1FDaNAyR9d4Y90xCaQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhC5QsHzmt;
	Thu, 03 Apr 2025 19:32:11 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWBbs040020;
	Thu, 3 Apr 2025 19:32:11 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWBpK040017;
	Thu, 3 Apr 2025 19:32:11 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:11 GMT
Message-Id: <202504031932.533JWBpK040017@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 3c77f39d2ae6 - stable/14 - MAC/do: Sysctl knobs/jail
  parameters under MAC's common nodes
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 3c77f39d2ae647114b6ad4c5b108387f3c6818c1
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=3c77f39d2ae647114b6ad4c5b108387f3c6818c1

commit 3c77f39d2ae647114b6ad4c5b108387f3c6818c1
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-04 09:51:00 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:00 +0000

    MAC/do: Sysctl knobs/jail parameters under MAC's common nodes
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47608
    
    (cherry picked from commit f3a06ced25681b6da40c652203f882ba18be227d)
---
 sys/security/mac_do/mac_do.c | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index a57c29c407b8..6f68a6f62a79 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -23,8 +23,6 @@
 
 #include <security/mac/mac_policy.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, do,
     CTLFLAG_RW|CTLFLAG_MPSAFE, 0, "mac_do policy controls");
 
@@ -338,8 +336,8 @@ SYSCTL_PROC(_security_mac_do, OID_AUTO, rules,
     "Rules");
 
 
-SYSCTL_JAIL_PARAM_SYS_NODE(mdo, CTLFLAG_RW, "Jail MAC/do parameters");
-SYSCTL_JAIL_PARAM_STRING(_mdo, rules, CTLFLAG_RW, MAC_RULE_STRING_LEN,
+SYSCTL_JAIL_PARAM_SYS_SUBNODE(mac, do, CTLFLAG_RW, "Jail MAC/do parameters");
+SYSCTL_JAIL_PARAM_STRING(_mac_do, rules, CTLFLAG_RW, MAC_RULE_STRING_LEN,
     "Jail MAC/do rules");
 
 
@@ -361,10 +359,10 @@ mac_do_jail_get(void *obj, void *data)
 	int jsys, error;
 
 	rules = find_rules(pr, &ppr);
-	error = vfs_setopt(opts, "mdo", &jsys, sizeof(jsys));
+	error = vfs_setopt(opts, "mac.do", &jsys, sizeof(jsys));
 	if (error != 0 && error != ENOENT)
 		goto done;
-	error = vfs_setopts(opts, "mdo.rules", rules->string);
+	error = vfs_setopts(opts, "mac.do.rules", rules->string);
 	if (error != 0 && error != ENOENT)
 		goto done;
 	prison_unlock(ppr);
@@ -380,14 +378,14 @@ mac_do_jail_check(void *obj, void *data)
 	char *rules_string;
 	int error, jsys, len;
 
-	error = vfs_copyopt(opts, "mdo", &jsys, sizeof(jsys));
+	error = vfs_copyopt(opts, "mac.do", &jsys, sizeof(jsys));
 	if (error != ENOENT) {
 		if (error != 0)
 			return (error);
 		if (jsys != JAIL_SYS_NEW && jsys != JAIL_SYS_INHERIT)
 			return (EINVAL);
 	}
-	error = vfs_getopt(opts, "mdo.rules", (void **)&rules_string, &len);
+	error = vfs_getopt(opts, "mac.do.rules", (void **)&rules_string, &len);
 	if (error != ENOENT) {
 		if (error != 0)
 			return (error);
@@ -409,10 +407,10 @@ mac_do_jail_set(void *obj, void *data)
 	char *rules_string;
 	int error, jsys, len;
 
-	error = vfs_copyopt(opts, "mdo", &jsys, sizeof(jsys));
+	error = vfs_copyopt(opts, "mac.do", &jsys, sizeof(jsys));
 	if (error == ENOENT)
 		jsys = -1;
-	error = vfs_getopt(opts, "mdo.rules", (void **)&rules_string, &len);
+	error = vfs_getopt(opts, "mac.do.rules", (void **)&rules_string, &len);
 	if (error == ENOENT)
 		rules_string = "";
 	else

From nobody Thu Apr  3 19:32:15 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhH42KYz5sM34;
	Thu, 03 Apr 2025 19:32:15 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhH1WY5z3SSm;
	Thu, 03 Apr 2025 19:32:15 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708735;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=8bWInagmaisdctugBFzThOVGojwk1hwhOGYQ35WIfao=;
	b=uHkSu9FeGnrYdcNdRmDqhAgBwSt7YCa9Cv2NfAOTNF6BMHrKFTYieN2odrya/qZMOgytOi
	AFppxpP4PxPQ4yvirNBZToV+IfWmfzutIC75xRyzlMloFGIlwryDU1WSXjTBErlD0WyXv3
	sHQD8+XkgSKp0f2/H0oTb9bt+TVMDitcZuIUr2U6+usQI3UflF0UHhIqjrWtwX4k0EVBNG
	xsusR082ji3We9k6ViLlwflO2fdoKHt6L5RA/OOe6ocUIgEzLYbAbsWsefcuBpZVoTNfZa
	cZrOCDEPYZ9t8GLtID6+Twdy8DfggJjDnjrzqc4hB2JUkPud1HL1nDoopZ8wmg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708735; a=rsa-sha256; cv=none;
	b=Et8wO2QrfKBnxbMxTPn0BUzKzYXo11j+wKF5NYV6zxNfvScyCA6ZaICqIe6FNnfZYCBWmM
	iKkkmnp2sGjjcoEXA6s8HIr7ub0G5EvZ6u/mmZ8ibCgwvthiLPJmGCXkIcMNfM2fexGtzW
	3GlQWu+eCxW4rki/rFPPCvyUTd8tBGz93iwH/R6l+h+Bfo0Df5XEsA0W0/0x1oaKGIec5/
	btosMQR8vlwbAvVBntnmq2m4NkA7YXcOhe+oW0hmD4v7BFMh+G4gWcO0cmCQM9nBt4ZTQt
	LN0F2GlOPiQ2iMdcrWV4DrZOujpz+zfEkL54pcK1JgGmlpdLSqhfJ+0saCbCgQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708735;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=8bWInagmaisdctugBFzThOVGojwk1hwhOGYQ35WIfao=;
	b=WoXezcXGppCJ+cEQjB2VzkghytkrGG0e0QEFXbxRQxwItz20Jr6UMus4KtqzThEpos8VFR
	t1naVtzn6s65nLNBVxqLOC0zhAVCcUdq4U+0nwTeaFuk6U8RcBBZDd9sLkQaVpYB61pgyJ
	abLLzlCpK/86/4G71stB8zujY4KX97MtvwoSgBdLZBcH1XDAXb98tJgNuoXsP241feVYVB
	pSAEgQghQVQ/TMaUgq9a5r5a4DJvSoN+t7ojSLXIrm0TyM4HRfSW6BvZpF/nACYikeVirg
	jP8QmBJbM1VOZcZmG2C5VIcXFNiOn0y1aTOweH/TWiIJwZh6UA0JbCTcP1HoEg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhH15G3z1Cm1;
	Thu, 03 Apr 2025 19:32:15 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWF41040123;
	Thu, 3 Apr 2025 19:32:15 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWFgD040120;
	Thu, 3 Apr 2025 19:32:15 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:15 GMT
Message-Id: <202504031932.533JWFgD040120@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 9195f21e0f34 - stable/14 - MAC/do: parse_rule_element():
  Style, more clarity
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 9195f21e0f34bc4132e4a4fc9229bf828b0e7164
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=9195f21e0f34bc4132e4a4fc9229bf828b0e7164

commit 9195f21e0f34bc4132e4a4fc9229bf828b0e7164
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-04 16:35:47 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:01 +0000

    MAC/do: parse_rule_element(): Style, more clarity
    
    Add newlines to separate logical blocks.  Remove braces around 'if's
    non-compound substatements.
    
    No functional change (intended).
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47611
    
    (cherry picked from commit e4ce30f8da612db96410b66cccf9fc12ccce282a)
---
 sys/security/mac_do/mac_do.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index ed1d0bcfa43c..4ef9b68bf513 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -94,19 +94,22 @@ parse_rule_element(char *element, struct rule **rule)
 		error = EINVAL;
 		goto error;
 	}
-	if (strcmp(type, "uid") == 0) {
+
+	if (strcmp(type, "uid") == 0)
 		new->from_type = RULE_UID;
-	} else if (strcmp(type, "gid") == 0) {
+	else if (strcmp(type, "gid") == 0)
 		new->from_type = RULE_GID;
-	} else {
+	else {
 		error = EINVAL;
 		goto error;
 	}
+
 	id = strsep(&element, ":");
 	if (id == NULL) {
 		error = EINVAL;
 		goto error;
 	}
+
 	switch (new->from_type) {
 	case RULE_UID:
 		new->f_uid = strtol(id, &p, 10);
@@ -121,13 +124,14 @@ parse_rule_element(char *element, struct rule **rule)
 		error = EINVAL;
 		goto error;
 	}
+
 	if (element == NULL || *element == '\0') {
 		error = EINVAL;
 		goto error;
 	}
-	if (strcmp(element, "any") == 0 || strcmp(element, "*") == 0) {
+	if (strcmp(element, "any") == 0 || strcmp(element, "*") == 0)
 		new->to_type = RULE_ANY;
-	} else {
+	else {
 		new->to_type = RULE_UID;
 		new->t_uid = strtol(element, &p, 10);
 		if (*p != '\0') {

From nobody Thu Apr  3 19:32:13 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhG3Xn5z5sM5N;
	Thu, 03 Apr 2025 19:32:14 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhG0K0Wz3SN0;
	Thu, 03 Apr 2025 19:32:14 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708734;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=IAdlVnJk+GcAD3XgcOd5DMC98DMn63K9jnkpFeyTiHg=;
	b=SzlzY6G5fbhXI1+9L4qxUDiLq+xFEGvwR8WmdSy36zpU19zmTDvepQ4NYoTkIRtXswC0YZ
	F0Oybx2xXrwv292AxKwniSvz36GXiD0Rh88veVK0qQv0Hqq/Rwd8xxXJ6SeI/fF2TvyYtz
	CpbXdylSWNP18OOb8maJNMnQWbzjrtaR4jfcbGRkYBAgo5/zqVZ+UBYgZEZa3tsrDReIaC
	iWWXLiM3XnlwWNnJX+36l0pNQMNRIJVpHV/cDavHF5WhL4WDkzkiGGxN273l7zv+gXn7Fw
	yEEO9j5ZHRO46manhPQgwOYjd2xSnWZLjJRY+X3X1c24mQsTPDoqje5OmH2OSw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708734; a=rsa-sha256; cv=none;
	b=FLJ0e/qBYpYijh9cK3HB4sfFqrDNaHxHhZfUKuB/KdASDGu/+E3NHp84qigj+W4XrQJ9Uy
	y2EajcvQLsSUPh2oi7QAVxqfKWgGqOT44WfXKaQD0RdMTVcN/EGR28GKmSR8LkMiHpZO2j
	0eUlFpuG93mU3IqM/m9MjzgKQiNCEhENFRE6p/I10ardcxO8K6dh8V6wUycxsZVsEl7ar4
	3LD6psaH9N8dN9U4mRSmaJLoY8z2IqlmXZlapVRKP6+J5/GQiftfbwCTCwqvqXwE5O8fr9
	BwdU5kwfeIbHPajdSYp6GM3LAdNgnjh7pioqFCXoyDxHvQGlXJU3gwaXuXuYvQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708734;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=IAdlVnJk+GcAD3XgcOd5DMC98DMn63K9jnkpFeyTiHg=;
	b=jyABsIaUH0RqE/v48hRA/Z481frDh8kBdi2AY0vC1/425iGlIH0MkVJ9He6ctbBh+bVAi6
	6+K5aHVGiFBnU9VAyXdwrdmhy0CBu3Y4L6/KlLbt1rVBOXMXaFafuuY4suSPbhFc7YAF6f
	UO+gDn0v1/dwGwgJmZMu4W46RgW9kg0dgipshZuzV919+DstJDsuW0R2HptqHDyIbtuFlT
	XBV/K1RGQwrlCLDlQowPeh28UCNFTa9fufH1OnSU9RONHb8FiE8vDwRnsCsz+n/Cak0b7Z
	UUzZvL1oYSG3zpDboSSqYmLUmbp592J+5YgMw3lwkorrFjFx0uO0/IHj53aWEQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhF6tT0zkL;
	Thu, 03 Apr 2025 19:32:13 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWDmV040090;
	Thu, 3 Apr 2025 19:32:13 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWDZJ040087;
	Thu, 3 Apr 2025 19:32:13 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:13 GMT
Message-Id: <202504031932.533JWDZJ040087@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 7d536064a027 - stable/14 - MAC/do: jail_check()/jail_set():
  Revamp
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 7d536064a02704898504a9f03f973a1ffa592cb0
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=7d536064a02704898504a9f03f973a1ffa592cb0

commit 7d536064a02704898504a9f03f973a1ffa592cb0
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-03 15:44:24 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:01 +0000

    MAC/do: jail_check()/jail_set(): Revamp
    
    Handle JAIL_SYS_DISABLE the same as JAIL_SYS_NEW with an empty rules
    specification, coherently with jail_get().  Also accept JAIL_SYS_DISABLE
    in "mac.do" without "mac.do.rules" being specified.
    
    The default value for "mac.do", if not passed explicitly, is either
    JAIL_SYS_NEW if "mac.do.rules" is present and non-empty, or
    JAIL_SYS_DISABLE if present and empty or not present.
    
    Perform all cheap sanity checks in jail_check(), and have these
    materialized as well in jail_set() under INVARIANTS.  Cheap checks are
    type and coherency checks between the values of "mac.do" and
    "mac.do.rules".  They don't include parsing the "mac.do.rules" string
    but just checking its length (when applicable).  In a nutshell,
    JAIL_SYS_DISABLE and JAIL_SYS_INHERIT are allowed iff "mac.do.rules"
    isn't specified or is with an empty string, and JAIL_SYS_NEW is allowed
    iff "mac.do.rules" is specified (the latter may be empty, in which case
    this is equivalent to JAIL_SYS_DISABLE).
    
    Normally, vfs_getopts() is the function to use to read string options.
    Because we need the length of the "mac.do.rules" string to check it, in
    order to avoid double search within jail options in jail_check(), we use
    vfs_getopt() instead, but perform some additional checks afterwards (the
    same as those performed by vfs_getopts()).
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47610
    
    (cherry picked from commit 11eb32958f2c6e70892201982c1c92a0140d6864)
---
 sys/security/mac_do/mac_do.c | 128 +++++++++++++++++++++++++++++++++++++------
 1 file changed, 111 insertions(+), 17 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 2482221e43a3..ed1d0bcfa43c 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -377,31 +377,94 @@ done:
 	return (error);
 }
 
+/*
+ * -1 is used as a sentinel in mac_do_jail_check() and mac_do_jail_set() below.
+ */
+_Static_assert(-1 != JAIL_SYS_DISABLE && -1 != JAIL_SYS_NEW &&
+    -1 != JAIL_SYS_INHERIT,
+    "mac_do(4) uses -1 as a sentinel for uninitialized 'jsys'.");
+
+/*
+ * We perform only cheap checks here, i.e., we do not really parse the rules
+ * specification string, if any.
+ */
 static int
 mac_do_jail_check(void *obj, void *data)
 {
 	struct vfsoptlist *opts = data;
 	char *rules_string;
-	int error, jsys, len;
+	int error, jsys, size;
 
 	error = vfs_copyopt(opts, "mac.do", &jsys, sizeof(jsys));
-	if (error != ENOENT) {
+	if (error == ENOENT)
+		jsys = -1;
+	else {
 		if (error != 0)
 			return (error);
-		if (jsys != JAIL_SYS_NEW && jsys != JAIL_SYS_INHERIT)
+		if (jsys != JAIL_SYS_DISABLE && jsys != JAIL_SYS_NEW &&
+		    jsys != JAIL_SYS_INHERIT)
 			return (EINVAL);
 	}
-	error = vfs_getopt(opts, "mac.do.rules", (void **)&rules_string, &len);
-	if (error != ENOENT) {
+
+	/*
+	 * We use vfs_getopt() here instead of vfs_getopts() to get the length.
+	 * We perform the additional checks done by the latter here, even if
+	 * jail_set() calls vfs_getopts() itself later (they becoming
+	 * inconsistent wouldn't cause any security problem).
+	 */
+	error = vfs_getopt(opts, "mac.do.rules", (void**)&rules_string, &size);
+	if (error == ENOENT) {
+		/*
+		 * Default (in absence of "mac.do.rules") is to disable (and, in
+		 * particular, not inherit).
+		 */
+		if (jsys == -1)
+			jsys = JAIL_SYS_DISABLE;
+
+		if (jsys == JAIL_SYS_NEW) {
+			vfs_opterror(opts, "'mac.do.rules' must be specified "
+			    "given 'mac.do''s value");
+			return (EINVAL);
+		}
+
+		/* Absence of "mac.do.rules" at this point is OK. */
+		error = 0;
+	} else {
 		if (error != 0)
 			return (error);
-		if (len > MAC_RULE_STRING_LEN) {
-			vfs_opterror(opts, "mdo.rules too long");
+
+		/* Not a proper string. */
+		if (size == 0 || rules_string[size - 1] != '\0') {
+			vfs_opterror(opts, "'mac.do.rules' not a proper string");
+			return (EINVAL);
+		}
+
+		if (size > MAC_RULE_STRING_LEN) {
+			vfs_opterror(opts, "'mdo.rules' too long");
 			return (ENAMETOOLONG);
 		}
+
+		if (jsys == -1)
+			/* Default (if "mac.do.rules" is present). */
+			jsys = rules_string[0] == '\0' ? JAIL_SYS_DISABLE :
+			    JAIL_SYS_NEW;
+
+		/*
+		 * Be liberal and accept JAIL_SYS_DISABLE and JAIL_SYS_INHERIT
+		 * with an explicit empty rules specification.
+		 */
+		switch (jsys) {
+		case JAIL_SYS_DISABLE:
+		case JAIL_SYS_INHERIT:
+			if (rules_string[0] != '\0') {
+				vfs_opterror(opts, "'mac.do.rules' specified "
+				    "but should not given 'mac.do''s value");
+				return (EINVAL);
+			}
+			break;
+		}
 	}
-	if (error == ENOENT)
-		error = 0;
+
 	return (error);
 }
 
@@ -411,24 +474,55 @@ mac_do_jail_set(void *obj, void *data)
 	struct prison *pr = obj;
 	struct vfsoptlist *opts = data;
 	char *rules_string;
-	int error, jsys, len;
+	int error, jsys;
+
+	/*
+	 * The invariants checks used below correspond to what has already been
+	 * checked in jail_check() above.
+	 */
 
 	error = vfs_copyopt(opts, "mac.do", &jsys, sizeof(jsys));
-	if (error == ENOENT)
-		jsys = -1;
-	error = vfs_getopt(opts, "mac.do.rules", (void **)&rules_string, &len);
-	if (error == ENOENT)
-		rules_string = "";
-	else
-		jsys = JAIL_SYS_NEW;
+	MPASS(error == 0 || error == ENOENT);
+	if (error != 0)
+		jsys = -1; /* Mark unfilled. */
+
+	rules_string = vfs_getopts(opts, "mac.do.rules", &error);
+	MPASS(error == 0 || error == ENOENT);
+	if (error == 0) {
+		MPASS(strlen(rules_string) < MAC_RULE_STRING_LEN);
+		if (jsys == -1)
+			/* Default (if "mac.do.rules" is present). */
+			jsys = rules_string[0] == '\0' ? JAIL_SYS_DISABLE :
+			    JAIL_SYS_NEW;
+		else
+			MPASS(jsys == JAIL_SYS_NEW ||
+			    ((jsys == JAIL_SYS_DISABLE ||
+			    jsys == JAIL_SYS_INHERIT) &&
+			    rules_string[0] == '\0'));
+	} else {
+		MPASS(jsys != JAIL_SYS_NEW);
+		if (jsys == -1)
+			/*
+			 * Default (in absence of "mac.do.rules") is to disable
+			 * (and, in particular, not inherit).
+			 */
+			jsys = JAIL_SYS_DISABLE;
+		/* If disabled, we'll store an empty rule specification. */
+		if (jsys == JAIL_SYS_DISABLE)
+			rules_string = "";
+	}
+
 	switch (jsys) {
 	case JAIL_SYS_INHERIT:
 		remove_rules(pr);
 		error = 0;
 		break;
+	case JAIL_SYS_DISABLE:
 	case JAIL_SYS_NEW:
 		error = parse_and_set_rules(pr, rules_string);
 		break;
+	default:
+		__assert_unreachable();
 	}
 	return (error);
 }

From nobody Thu Apr  3 19:32:16 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhJ5cS0z5sM36;
	Thu, 03 Apr 2025 19:32:16 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhJ2MWYz3SSx;
	Thu, 03 Apr 2025 19:32:16 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708736;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=YYWbHv9MvDoQmz/Wd7Qi514kseWXqP4vanvNetyY1s8=;
	b=NIPFByVDBx9zMEJ7kHAO/+lB02Mg0myVr+1RMp2w9gJcBSFzLnEr46k4mu058EqG6G26EP
	hQgBhes4pEiACTyavzv22qLsSzSJ2gEiGaOlPMX5qrhUPpFB8ZsbcqCdCM4HZyr1SU8mnB
	Vc17FpPE04GpYvDIM2vGjTYMTr9hEvP0V3U4b/EsVSHyUGhXSbyU3/Og0OuWpQBU9LIQOV
	RhQMGxR1jz2X3xE7+KVw4idj5mjGNNFwJF36S+8vziwN7tjo2p0SkjqVNfmlC0sBglydbc
	fpuaeOWQExPyvd/yvkLjEibVGjsrg6/vuHvqNVhgDZxkA/JIuhglJXGWrR4MZg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708736; a=rsa-sha256; cv=none;
	b=EDn/KQgygjBU7IZw6v8WDfvg1/l7ysooicFqb6Azm9ifDspGASC7Q4udT/hLSy3/kF/rhE
	zgR195Fup9GrxaZqwXdI2ZIfYPe6HOor30X5ujGWXJ6fLqZKd0b52/kHDmuPOl/dSYGfl2
	TFZn9SwChCtc+syEEwJqA6D36bhO7c6Wul8BbdAdvYT17zxG0diI0x2SiuOVbKxqfv2KYE
	MMchbAbo2IPuEEzoNYKXB/oK8RUMfuA3xYn3j/n14K8aTSXnn2EE3ayxg3lLB/MfTJcbow
	CHzQLqpHRFdHiQYDWBW7Dn5GBIAN626HDe8JmCWoMow7ox1Q+u3qNjr/MbvJGQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708736;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=YYWbHv9MvDoQmz/Wd7Qi514kseWXqP4vanvNetyY1s8=;
	b=LyLAnE5KYrqbPwNpj9vVUBnH25AqFuW4qZZIj1i/JDGAg4BXuIZceoeUCVNfBeyfLgKUAD
	HY52nyze/ihxYkYCmX2oTCnOfRD2/2B/rpX3mxn8fFE0YNf9tL/5/EXC2HTZiJtyfn3LBe
	f0XMZlqrD2/dSmDR1l9FpV73960kkKhFO8uUA17TZb0i5Eezv1wO2vax9HOcMBS53amaRi
	5Yl84jq1Us1DDMRnvbaT4YUBpwxUDiUW8zYTnsLwky079tXy3lxDjmzc0rcYA0wTmknYT1
	7gUJ/ptVH3gloQ8KuDZvEpoe7joZvIqmXTXEghDnWr2jaGfRY8C1x1KT7fJs1g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhJ1yjLzkM;
	Thu, 03 Apr 2025 19:32:16 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWG37040155;
	Thu, 3 Apr 2025 19:32:16 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWGjh040152;
	Thu, 3 Apr 2025 19:32:16 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:16 GMT
Message-Id: <202504031932.533JWGjh040152@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 75ee4893e87b - stable/14 - MAC/do: parse_rule_element():
  Bug in parsing the origin ID
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 75ee4893e87b8a98c3c21572562b4368892a8bf2
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=75ee4893e87b8a98c3c21572562b4368892a8bf2

commit 75ee4893e87b8a98c3c21572562b4368892a8bf2
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-05 11:49:27 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:01 +0000

    MAC/do: parse_rule_element(): Bug in parsing the origin ID
    
    The ID field was allowed to be empty, which would be then parsed as 0 by
    strtol().  There remains bugs in this function, where parsing for from-
    or to- IDs accepts spaces and produces 0, but this will conveniently be
    fixed in a later commit introducing strtoui_strict().
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47612
    
    (cherry picked from commit fa4352b74580832d7b501d34d09a564438a82c3d)
---
 sys/security/mac_do/mac_do.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 4ef9b68bf513..edd728ea070a 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -105,7 +105,7 @@ parse_rule_element(char *element, struct rule **rule)
 	}
 
 	id = strsep(&element, ":");
-	if (id == NULL) {
+	if (id == NULL || *id == '\0') {
 		error = EINVAL;
 		goto error;
 	}

From nobody Thu Apr  3 19:32:17 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhL0BvLz5sLsX;
	Thu, 03 Apr 2025 19:32:18 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhK3cjMz3SQW;
	Thu, 03 Apr 2025 19:32:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708737;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=JcjTMMu9wMZU/AHeNC/m2Q5Pc+D0UmghjUs09EBaSaA=;
	b=XjINQVC1VddMrRw8HYWxpvMGHtZfFOJIt0eNprXq20hrhtbSUNdqIOmeVepxQ+AVZg3ZnI
	CeWt5E38Xv7qUMXV92vXmZFkSfiBxAUnI8Wl3B/Mgm0PfJny8qj6eIfDZwMWAxkZEGyxLg
	WNdT8+Rdi5qcBiTLUwSHPyYxx9TRtaF7EcAoDV5oMuTJQAvbpDQq+wmUb8CCpsN0AOPD0t
	0aaTUWog0SJyC3UgC8fhakxOovG5gRCa/IKTDKCCMr8oPFbyBgeurRe7TaxKSSe7c5+BTZ
	TOdZEx3XzDp1MYwvAoF4bicVCMB9zR58oiB3N53A1du2fiVsbXwMo2G5fWdWrA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708737; a=rsa-sha256; cv=none;
	b=D6BAGitkqyKXgee6PMULuObaMYDys8IH6Dst572CJEoJqKhjwLgIMBh7ZegC/Rh8B+u0MK
	IlHNPDjhLHiu8+fTjeJUMxjj//B0UaSK5BhDbQIn7Maf07uLiQKNuY8AhcejjypjmQBsoe
	/K7YHOT0uzimvm4zX3bCW/gznIXqwNQq9Zozl8+noRDyR0bzkQmZxA+IuxEVFwEvsRF0Fu
	e6Mi+vMDOkiQipRduiTbhieVMT0MwMhXmfhhkta2DNa+aDZ0p3D9nSj8uMZmezjAYAYwUI
	f/vGfUrTeyOLi10xjd/GNQ0y6DcISHys6EKrrZBifhFtDvuzNCYBANsFhYjjdw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708737;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=JcjTMMu9wMZU/AHeNC/m2Q5Pc+D0UmghjUs09EBaSaA=;
	b=DhaFX9OmjWF/IKzWjJn6T1nIYscHGdtOGm6B9B5DPVK6IZIUNVpDp5X83PVLcIOXACHCin
	nAeL2dmOFewh1e99ihNddocjV+CbtWbpKTGvaIo1Z0P7/zGAnO/d6I11ou8znSNyGI/0ka
	buglk0F0u5OmKcXyhoyiZPxy89NZ6F8+8W94koCSo26hdH77dM03bgENCvsrqh2MTpxEIz
	NfXkhQFAW6GrKpB4LQYD949uMoZ0d6BPLPHHyc+Pzb338x13U2qqVJoerG+0/P++cXQX3b
	7B6FB4gaM9arsqhIPiMv+OqTIVsdxcgTLOhsae/u3WAieFRkHjKbzBUqt1WEsQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhK2yq6z1Cm2;
	Thu, 03 Apr 2025 19:32:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWHZY040187;
	Thu, 3 Apr 2025 19:32:17 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWH20040184;
	Thu, 3 Apr 2025 19:32:17 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:17 GMT
Message-Id: <202504031932.533JWH20040184@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: f89a4b6162a8 - stable/14 - MAC/do: 'struct rule': IDs
  and types as 'u_int', rename fields
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: f89a4b6162a839c21061b64628e88e54fa8dddf4
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=f89a4b6162a839c21061b64628e88e54fa8dddf4

commit f89a4b6162a839c21061b64628e88e54fa8dddf4
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-05 11:43:41 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:02 +0000

    MAC/do: 'struct rule': IDs and types as 'u_int', rename fields
    
    This is in preparation for introducing a common conversion function for
    IDs and to simplify code a bit by removing the from-IDs union and not
    having to introduce a new one for to-IDs in a later commit.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47613
    
    (cherry picked from commit 6aadc7b2ee055fba58984fec715b6e2a754f9d3e)
---
 sys/security/mac_do/mac_do.c | 102 ++++++++++++++++++-------------------------
 1 file changed, 43 insertions(+), 59 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index edd728ea070a..bfd5eb136fc1 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -40,14 +40,19 @@ static unsigned		mac_do_osd_jail_slot;
 #define RULE_GID	2
 #define RULE_ANY	3
 
+/*
+ * We assume that 'uid_t' and 'gid_t' are aliases to 'u_int' in conversions
+ * required for parsing rules specification strings.
+ */
+_Static_assert(sizeof(uid_t) == sizeof(u_int) && (uid_t)-1 >= 0 &&
+    sizeof(gid_t) == sizeof(u_int) && (gid_t)-1 >= 0,
+    "mac_do(4) assumes that 'uid_t' and 'gid_t' are aliases to 'u_int'");
+
 struct rule {
-	int	from_type;
-	union {
-		uid_t f_uid;
-		gid_t f_gid;
-	};
-	int	to_type;
-	uid_t t_uid;
+	u_int	from_type;
+	u_int	from_id;
+	u_int	to_type;
+	u_int	to_id;
 	TAILQ_ENTRY(rule) r_entries;
 };
 
@@ -83,71 +88,50 @@ alloc_rules(void)
 static int
 parse_rule_element(char *element, struct rule **rule)
 {
-	int error = 0;
-	char *type, *id, *p;
+	const char *from_type, *from_id, *to;
+	char *p;
 	struct rule *new;
 
 	new = malloc(sizeof(*new), M_DO, M_ZERO|M_WAITOK);
 
-	type = strsep(&element, "=");
-	if (type == NULL) {
-		error = EINVAL;
-		goto error;
-	}
+	from_type = strsep(&element, "=");
+	if (from_type == NULL)
+		goto einval;
 
-	if (strcmp(type, "uid") == 0)
+	if (strcmp(from_type, "uid") == 0)
 		new->from_type = RULE_UID;
-	else if (strcmp(type, "gid") == 0)
+	else if (strcmp(from_type, "gid") == 0)
 		new->from_type = RULE_GID;
-	else {
-		error = EINVAL;
-		goto error;
-	}
+	else
+		goto einval;
 
-	id = strsep(&element, ":");
-	if (id == NULL || *id == '\0') {
-		error = EINVAL;
-		goto error;
-	}
+	from_id = strsep(&element, ":");
+	if (from_id == NULL || *from_id == '\0')
+		goto einval;
 
-	switch (new->from_type) {
-	case RULE_UID:
-		new->f_uid = strtol(id, &p, 10);
-		break;
-	case RULE_GID:
-		new->f_gid = strtol(id, &p, 10);
-		break;
-	default:
-		__assert_unreachable();
-	}
-	if (*p != '\0') {
-		error = EINVAL;
-		goto error;
-	}
+	new->from_id = strtol(from_id, &p, 10);
+	if (*p != '\0')
+		goto einval;
 
-	if (element == NULL || *element == '\0') {
-		error = EINVAL;
-		goto error;
-	}
-	if (strcmp(element, "any") == 0 || strcmp(element, "*") == 0)
+	to = element;
+	if (to == NULL || *to == '\0')
+		goto einval;
+
+	if (strcmp(to, "any") == 0 || strcmp(to, "*") == 0)
 		new->to_type = RULE_ANY;
 	else {
 		new->to_type = RULE_UID;
-		new->t_uid = strtol(element, &p, 10);
-		if (*p != '\0') {
-			error = EINVAL;
-			goto error;
-		}
+		new->to_id = strtol(to, &p, 10);
+		if (*p != '\0')
+			goto einval;
 	}
 
-	MPASS(error == 0);
 	*rule = new;
 	return (0);
-error:
-	MPASS(error != 0);
+einval:
 	free(new, M_DO);
 	*rule = NULL;
-	return (error);
+	return (EINVAL);
 }
 
 /*
@@ -568,9 +552,9 @@ mac_do_destroy(struct mac_policy_conf *mpc)
 static bool
 rule_applies(struct ucred *cred, struct rule *r)
 {
-	if (r->from_type == RULE_UID && r->f_uid == cred->cr_uid)
+	if (r->from_type == RULE_UID && r->from_id == cred->cr_uid)
 		return (true);
-	if (r->from_type == RULE_GID && groupmember(r->f_gid, cred))
+	if (r->from_type == RULE_GID && groupmember(r->from_id, cred))
 		return (true);
 	return (false);
 }
@@ -663,25 +647,25 @@ mac_do_check_setuid(struct ucred *cred, uid_t uid)
 	rule = find_rules(cred->cr_prison, &pr);
 	TAILQ_FOREACH(r, &rule->head, r_entries) {
 		if (r->from_type == RULE_UID) {
-			if (cred->cr_uid != r->f_uid)
+			if (cred->cr_uid != r->from_id)
 				continue;
 			if (r->to_type == RULE_ANY) {
 				error = 0;
 				break;
 			}
-			if (r->to_type == RULE_UID && uid == r->t_uid) {
+			if (r->to_type == RULE_UID && uid == r->to_id) {
 				error = 0;
 				break;
 			}
 		}
 		if (r->from_type == RULE_GID) {
-			if (!groupmember(r->f_gid, cred))
+			if (!groupmember(r->from_id, cred))
 				continue;
 			if (r->to_type == RULE_ANY) {
 				error = 0;
 				break;
 			}
-			if (r->to_type == RULE_UID && uid == r->t_uid) {
+			if (r->to_type == RULE_UID && uid == r->to_id) {
 				error = 0;
 				break;
 			}

From nobody Thu Apr  3 19:32:18 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhM3d3cz5sM3y;
	Thu, 03 Apr 2025 19:32:19 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhL4dCYz3SbS;
	Thu, 03 Apr 2025 19:32:18 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708738;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=syCLeOr2VVqvjoEqINUhMCu/EMGkok7eNwAECpX/Ggw=;
	b=ZTTXHpJGDnUyO3fBGp/minKERc/p8gc2EgLZ7n36WEnRjbrF+degdq3FEXoH0DAYsTEuuK
	Q2TKdYqiklJPtyC4rjanYL1vYpIesqXuTMhOI7zSDWTRUfYVK6OW6CB8CZ4Tl8PNnHnEuL
	XelfZOXkw99SjKGQdpMBF534vZ91zywwoAuNp7+BrWvBHbK1eAbZauZNfLa8rtEIg8Io1u
	JEAOVCOM24U9ZNS8vuHp7/pdx1khssjIU3IfV+RwpUbBQGYpyTGHY7J6kQwyBz+RWomp3s
	t0HiTaY6JxzNUdvXapGBqGoKX5VZ8tTTZ9ydPhCWpu0a3p9nVcOfgh7m9upebQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708738; a=rsa-sha256; cv=none;
	b=tt+Qxx107fGAVBUyDAl53ApUY0fqfINQO/mzUaqFLLDSLHKwguxGsMbZDToZIoyCBeXDEs
	rHwi7cAyhEb94Kel3JCpuubDrD0svwvQnaAadN2UtMXUAw/N/auapuRJLMLkWkdNIPR0CI
	w4Ev4MWwEEG+bM+0BqCEY/t+JBxt7aUqiILO10+5M/8vj1kgUbamp0syZMaKiRAU868hNb
	0UdWBh7nFdpZKujcqUvoNMS81WXhdLJ/yDCbAawGnq2HVCuV/r0Lq9s1aWR426UbV5BF7c
	nXioqlRGbJ658oU3Do/FtHVOHkSaJdVcLq7x/UF7oHTJJtST3rCqXMmzNEelAQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708738;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=syCLeOr2VVqvjoEqINUhMCu/EMGkok7eNwAECpX/Ggw=;
	b=gToXe3FFQHfJoT2JsdGzTBwZLj5fjb6GAkgamvWElp+kmOsx1tJuqy8O1H7plMe8GIoEVk
	AjHooVwkaMPutnqmQSBFZ2Kxfv9NVznnfk7QXeUppG3sp7iAq4tc+xHGEtBcH0FZCpfrai
	h1UefDAP+NT3ncHnGuJ08ywm8Lnw5UgrPa/zTFwERQk5zLfRcXNvvdu1CPOXX05sZ54VZ6
	A6jvS8MoM6tKhvmyEkqMsLY8OIIoh7I/nOFx+fEGeL9rYqeoxDOO97ee7BzQO3dGi/LHwL
	38qp80ndSKOF4hZriJWGOomfsR2hokYZCowbvb+D5VDMYeh+UFK7unhwVTqMSA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhL49nrzkN;
	Thu, 03 Apr 2025 19:32:18 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWIR3040226;
	Thu, 3 Apr 2025 19:32:18 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWI8O040223;
	Thu, 3 Apr 2025 19:32:18 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:18 GMT
Message-Id: <202504031932.533JWI8O040223@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 8638177eb714 - stable/14 - MAC/do: Better parsing for
  IDs (strtoui_strict())
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 8638177eb714216f042c511d2f05d7c13ce6fe84
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=8638177eb714216f042c511d2f05d7c13ce6fe84

commit 8638177eb714216f042c511d2f05d7c13ce6fe84
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-05 12:16:36 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:02 +0000

    MAC/do: Better parsing for IDs (strtoui_strict())
    
    Introduce strtoui_strict(), which signals an error on overflow contrary
    to the in-kernel strto*() family of functions which have no 'errno' to
    set and thus do not allow callers to distinguish a genuine maximum value
    on input and overflow.
    
    It is built on top of strtoq() and the 'quad_t' type in order to achieve
    this distinction and also to still support negative inputs with the
    usual meaning for these functions.  See the introduced comments for more
    details.
    
    Use strtoui_strict() to read IDs instead of strtol().
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47614
    
    (cherry picked from commit 0af43c029048e1ad2f8b140a3baf3851785c12d9)
---
 sys/security/mac_do/mac_do.c | 55 +++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 49 insertions(+), 6 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index bfd5eb136fc1..e13684c15dab 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -6,8 +6,10 @@
 
 #include <sys/param.h>
 #include <sys/systm.h>
+#include <sys/ctype.h>
 #include <sys/jail.h>
 #include <sys/kernel.h>
+#include <sys/limits.h>
 #include <sys/lock.h>
 #include <sys/malloc.h>
 #include <sys/module.h>
@@ -85,11 +87,52 @@ alloc_rules(void)
 	return (rules);
 }
 
+/*
+ * String to unsigned int.
+ *
+ * Contrary to the "standard" strtou*() family of functions, do not tolerate
+ * spaces at start nor an empty string, and returns a status code, the 'u_int'
+ * result being returned through a passed pointer (if no error).
+ *
+ * We detour through 'quad_t' because in-kernel strto*() functions cannot set
+ * 'errno' and thus can't distinguish a true maximum value from one returned
+ * because of overflow.  We use 'quad_t' instead of 'u_quad_t' to support
+ * negative specifications (e.g., such as "-1" for UINT_MAX).
+ */
+static int
+strtoui_strict(const char *const restrict s, const char **const restrict endptr,
+    int base, u_int *result)
+{
+	char *ep;
+	quad_t q;
+
+	/* Rule out spaces and empty specifications. */
+	if (s[0] == '\0' || isspace(s[0])) {
+		if (endptr != NULL)
+			*endptr = s;
+		return (EINVAL);
+	}
+
+	q = strtoq(s, &ep, base);
+	if (endptr != NULL)
+		*endptr = ep;
+	if (q < 0) {
+		/* We allow specifying a negative number. */
+		if (q < -(quad_t)UINT_MAX - 1 || q == QUAD_MIN)
+			return (EOVERFLOW);
+	} else {
+		if (q > UINT_MAX || q == UQUAD_MAX)
+			return (EOVERFLOW);
+	}
+
+	*result = (u_int)q;
+	return (0);
+}
+
 static int
 parse_rule_element(char *element, struct rule **rule)
 {
-	const char *from_type, *from_id, *to;
-	char *p;
+	const char *from_type, *from_id, *to, *p;
 	struct rule *new;
 
 	new = malloc(sizeof(*new), M_DO, M_ZERO|M_WAITOK);
@@ -109,8 +152,8 @@ parse_rule_element(char *element, struct rule **rule)
 	if (from_id == NULL || *from_id == '\0')
 		goto einval;
 
-	new->from_id = strtol(from_id, &p, 10);
-	if (*p != '\0')
+	error = strtoui_strict(from_id, &p, 10, &new->from_id);
+	if (error != 0 || *p != '\0')
 		goto einval;
 
 	to = element;
@@ -121,8 +164,8 @@ parse_rule_element(char *element, struct rule **rule)
 		new->to_type = RULE_ANY;
 	else {
 		new->to_type = RULE_UID;
-		new->to_id = strtol(to, &p, 10);
-		if (*p != '\0')
+		error = strtoui_strict(to, &p, 10, &new->to_id);
+		if (error != 0 || *p != '\0')
 			goto einval;
 	}
 

From nobody Thu Apr  3 19:32:19 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhN0B3Wz5sM1n;
	Thu, 03 Apr 2025 19:32:20 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhM5Vlkz3STW;
	Thu, 03 Apr 2025 19:32:19 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708739;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=rwx/EMYQlwBBGixLz2wWKQbgQugavEYfZkQ3bGBsus0=;
	b=OQZ7++9niy3g5AnU7T6lLQTyaYyDlabTTAFbCeIU240dueeOKak3qqNUoEtw1i/FC9t7NE
	rqJiu7XHm8D0Cjk399olcbQ3uGOsXXFGUcW9J5mJm3M4AijYA6eEf6p8FvqQSHPbZsxPQk
	GGJgocQH6zNcLCXwaSXTVkY7qUsa5uDfXXxaa9ljiSp9UJr+hIwf5o2b0b9w4GJO8yBK8Q
	yM1ldUlWRu1RT+QRy5StebpXLCBLdSm+4F0WkRnt+8Ewd+M8KjQUSaMzZu5KDYTcBJzT2p
	thgbztcPpEV6MIs06i4nPvUwQGCzRAjnHG16JJppbwyYti7tlB907mSOMmjEDA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708739; a=rsa-sha256; cv=none;
	b=pfCQzCyaiojlUc450PcQQlRYzowLhFH4ZJ2+yFaq26N8mH3wshcp39nsg7e8qSf5sTHVul
	ZAB5ZKAmdZ2OXZYv5GJTUoO32PjtUxv1Wp1AJF2nHbhdV/L//GeA8tdDdo0BvAj27Zb+ed
	uknZtPub1tLimG1gnGcjj35ntu/39rQniiP6jVgBHFkDHdJW1s5fwfG3sknzwBtSun9Nbe
	JQL3+D9YaBe1QPVQtupeEhxTLIlm2zSlMJFfy4X7SfV9CxnabGkn6FdqXn6eDPcWp86pIk
	DxCc4ToS3YT5LVvUcS0sQLGdofgzRm66OUHUinGyHZYy2w8H6Vagx26Ubaloog==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708739;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=rwx/EMYQlwBBGixLz2wWKQbgQugavEYfZkQ3bGBsus0=;
	b=RvywzDAxek3pzMv6/rnQDK9zMjGgb5ShcQ6XcdPCJ5ewoN6H8hfIri29+10oYPYpZbiabM
	yWfoKEly/SBuFhcjCjHdhKVqF4gljcvXbdFcbq0G14ccUEa9mIfODUfoR4tCDu4yajey43
	P+Gr6AzH6Grh5RrPkF0ss/kbEvmSWhB77TvIVpNO9WQiFsHypz6EgqDOPmvd3qslUAqxGj
	x19lgXm4z9vOXFawWx6nPiGpqMN2NinLaC2+FwG/O8tbK+aKTaOI6XnOi4JtXWdteVwgeA
	/++NIomE/Fuz6yvT/aVvxLrv0KHpGr9BnVXePrs5eRaTKpi0pPj11cswt+iZ4A==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhM4zYmz1Cpx;
	Thu, 03 Apr 2025 19:32:19 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWJjf040258;
	Thu, 3 Apr 2025 19:32:19 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWJ9P040255;
	Thu, 3 Apr 2025 19:32:19 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:19 GMT
Message-Id: <202504031932.533JWJ9P040255@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 8e605d88c2f1 - stable/14 - MAC/do: Ease input/output
  of ID types
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 8e605d88c2f1ed3fea26fb5017a76d02952b47eb
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=8e605d88c2f1ed3fea26fb5017a76d02952b47eb

commit 8e605d88c2f1ed3fea26fb5017a76d02952b47eb
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-05 13:30:15 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:02 +0000

    MAC/do: Ease input/output of ID types
    
    Have a static constant array mapping numerical ID types to their
    canonical representations ('id_type_to_str').
    
    New parse_id_type() that parses a type thanks to 'id_type_to_str' and
    with a special case to accept also 'any'.
    
    Have parse_rule_element() use parse_id_type().  A later commit will add
    a second call to the latter for the destination ID.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47615
    
    (cherry picked from commit 65766063f85d8b8fe8b24a50250a12a122974c26)
---
 sys/security/mac_do/mac_do.c | 49 +++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 44 insertions(+), 5 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index e13684c15dab..5bec02ee2e56 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -38,10 +38,20 @@ static MALLOC_DEFINE(M_DO, "do_rule", "Rules for mac_do");
 
 static unsigned		mac_do_osd_jail_slot;
 
+#define RULE_INVALID	0 /* Must stay 0. */
 #define RULE_UID	1
 #define RULE_GID	2
 #define RULE_ANY	3
 
+static const char *id_type_to_str[] = {
+	[RULE_INVALID]	= "invalid",
+	[RULE_UID]	= "uid",
+	[RULE_GID]	= "gid",
+	/* See also parse_id_type(). */
+	[RULE_ANY]	= "*",
+	NULL
+};
+
 /*
  * We assume that 'uid_t' and 'gid_t' are aliases to 'u_int' in conversions
  * required for parsing rules specification strings.
@@ -129,11 +139,36 @@ strtoui_strict(const char *const restrict s, const char **const restrict endptr,
 	return (0);
 }
 
+static int
+parse_id_type(const char *const string, int *const type)
+{
+	/*
+	 * Special case for "any", as the canonical form for RULE_ANY in
+	 * id_type_to_str[] is "*".
+	 */
+	if (strcmp(string, "any") == 0) {
+		*type = RULE_ANY;
+		return (0);
+	}
+
+	/* Start at 1 to avoid parsing "invalid". */
+	for (size_t i = 1; id_type_to_str[i] != NULL; ++i) {
+		if (strcmp(string, id_type_to_str[i]) == 0) {
+			*type = i;
+			return (0);
+		}
+	}
+
+	*type = RULE_INVALID;
+	return (EINVAL);
+}
+
 static int
 parse_rule_element(char *element, struct rule **rule)
 {
 	const char *from_type, *from_id, *to, *p;
 	struct rule *new;
+	int error;
 
 	new = malloc(sizeof(*new), M_DO, M_ZERO|M_WAITOK);
 
@@ -141,12 +176,16 @@ parse_rule_element(char *element, struct rule **rule)
 	if (from_type == NULL)
 		goto einval;
 
-	if (strcmp(from_type, "uid") == 0)
-		new->from_type = RULE_UID;
-	else if (strcmp(from_type, "gid") == 0)
-		new->from_type = RULE_GID;
-	else
+	error = parse_id_type(from_type, &new->from_type);
+	if (error != 0)
 		goto einval;
+	switch (new->from_type) {
+	case RULE_UID:
+	case RULE_GID:
+		break;
+	default:
+		goto einval;
+	}
 
 	from_id = strsep(&element, ":");
 	if (from_id == NULL || *from_id == '\0')

From nobody Thu Apr  3 19:32:20 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhP2Pq8z5sM45;
	Thu, 03 Apr 2025 19:32:21 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhN6zqgz3SfX;
	Thu, 03 Apr 2025 19:32:20 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708741;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=wmI1d2guClEpZvr7fHJjoKLJ3zc1oAFvT9EqcrISurY=;
	b=wruQ9YhVPpZnxrPyKEMTpSR0Ng/fHv2ySVZ2n/sFaAyx0tCAipn4WF4diOa4pH6o6sEUXv
	HKljYnvxaB0OEZbKJOekO7fG7J3b7OEX8DfMDRGoedR9MzT0a7LmSHdCbf5IdZGgVXUzlZ
	VvXngdTmgM7sqv8Q1XlPjU0B4AXux2XXHHJuDApcE7yt1ycmoSJJUCg1HRjPTIPFVbveGY
	T/ZRsXPQoen0R6ofWmZlVXYr7OBQFdoYQiJ1HDi/RrpV7oVjPwomv2jIDvVizJWJxSnv4e
	eODGajDKq2p2KSzkXoz0N05GKYteAHvhSFewddtsC5M5gjN3a9+5T0NvhzpnWg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708741; a=rsa-sha256; cv=none;
	b=pQIj3sr1Q+8PAMVh3nPdYIG0Jr0wkovOEwDzZifzV34PqD0oCQXY8CmZCV5ROC3vnxkcJA
	zjGbSTFyN78VUbw7NHsMPYb0LzAWftINLDBKiJ8XVJ+R/7WElG97srt2PS0R3zIaZ9Xkhs
	inMyXLCkowKcEx4von2opoo5sfEByln8jtyVp3me2yA5QAVXrz8bse/ccb8sDNlPv/Vqx6
	F+OdN70in1Nd+jcufpt7c7MtvrY0XuXjTmq60aMO9khf896XIHwxm23YkspQIrkrtX5bgP
	vK2AVJ+S2mbUMlb4/1179+/kcJ86o8hxsvoQ9ELSNexDt9eONaIFSdTbiV/X+g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708741;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=wmI1d2guClEpZvr7fHJjoKLJ3zc1oAFvT9EqcrISurY=;
	b=pOIuHSQIxSTkuV2RVPE/xTLJ4SU3Xs94VRnFqXKqcAxE+FOOMwMK21SKief6TBDdCAaXG0
	9xun+w1FAMtxHbm47SnTs3V3vdraNqjlBMlnVLkoTzTHWvQ/srLPwIHx1Pj84J6HHkW52h
	+f7KdUVgn6ziu+RGFzmtyn0i5Up5L8r+7IPWXps18RWnmHl0FkCwCK9rK+IxN7TCJoeBy6
	/3bpDrc05LYA4JaBfVo8b8tlNvey2gwPALpz9q/6Ij3C7AWcTMbfle1T34TjWVBrK1t2sl
	TqH+1RLko/ggjEVTkiUJZBVZCngH+y2cALpyQhkOJBaj3yCpjXM21nCpdW7naw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhN6Q3VzZr;
	Thu, 03 Apr 2025 19:32:20 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWKe2040291;
	Thu, 3 Apr 2025 19:32:20 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWKxH040288;
	Thu, 3 Apr 2025 19:32:20 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:20 GMT
Message-Id: <202504031932.533JWKxH040288@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 1ccf02edc8e5 - stable/14 - MAC/do: Rename private OSD
  slot by removing 'mac_do_' prefix
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 1ccf02edc8e549e437c866be6dd641d4659b7ee1
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=1ccf02edc8e549e437c866be6dd641d4659b7ee1

commit 1ccf02edc8e549e437c866be6dd641d4659b7ee1
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-11-25 15:07:57 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:02 +0000

    MAC/do: Rename private OSD slot by removing 'mac_do_' prefix
    
    This variable is static and holds the OSD slot number for jails that
    MAC/do uses to store rules.
    
    In the same vein as previous renames, simplify it by removing the
    redundant prefix, as this name cannot appear in code outside of
    'mac_do.c', nor in stack traces on panic.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47772
    
    (cherry picked from commit 40a664a463bab87505c8d42816a71202e8ad7bd9)
---
 sys/security/mac_do/mac_do.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 5bec02ee2e56..fc1a6de471b6 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -36,7 +36,7 @@ static MALLOC_DEFINE(M_DO, "do_rule", "Rules for mac_do");
 
 #define MAC_RULE_STRING_LEN	1024
 
-static unsigned		mac_do_osd_jail_slot;
+static unsigned		osd_jail_slot;
 
 #define RULE_INVALID	0 /* Must stay 0. */
 #define RULE_UID	1
@@ -284,7 +284,7 @@ find_rules(struct prison *const pr, struct prison **const aprp)
 	cpr = pr;
 	for (;;) {
 		prison_lock(cpr);
-		rules = osd_jail_get(cpr, mac_do_osd_jail_slot);
+		rules = osd_jail_get(cpr, osd_jail_slot);
 		if (rules != NULL)
 			break;
 		prison_unlock(cpr);
@@ -299,7 +299,7 @@ find_rules(struct prison *const pr, struct prison **const aprp)
 }
 
 /*
- * OSD destructor for slot 'mac_do_osd_jail_slot'.
+ * OSD destructor for slot 'osd_jail_slot'.
  *
  * Called with 'value' not NULL.
  */
@@ -317,14 +317,14 @@ dealloc_osd(void *const value)
  * In practice, this means that the rules become inherited (from the closest
  * ascendant that has some).
  *
- * Destroys the 'mac_do_osd_jail_slot' slot of the passed jail.
+ * Destroys the 'osd_jail_slot' slot of the passed jail.
  */
 static void
 remove_rules(struct prison *const pr)
 {
 	prison_lock(pr);
 	/* This calls destructor dealloc_osd(). */
-	osd_jail_del(pr, mac_do_osd_jail_slot);
+	osd_jail_del(pr, osd_jail_slot);
 	prison_unlock(pr);
 }
 
@@ -337,11 +337,11 @@ set_rules(struct prison *const pr, struct rules *const rules)
 	struct rules *old_rules;
 	void **rsv;
 
-	rsv = osd_reserve(mac_do_osd_jail_slot);
+	rsv = osd_reserve(osd_jail_slot);
 
 	prison_lock(pr);
-	old_rules = osd_jail_get(pr, mac_do_osd_jail_slot);
-	osd_jail_set_reserved(pr, mac_do_osd_jail_slot, rsv, rules);
+	old_rules = osd_jail_get(pr, osd_jail_slot);
+	osd_jail_set_reserved(pr, osd_jail_slot, rsv, rules);
 	prison_unlock(pr);
 	if (old_rules != NULL)
 		toast_rules(old_rules);
@@ -617,7 +617,7 @@ mac_do_init(struct mac_policy_conf *mpc)
 {
 	struct prison *pr;
 
-	mac_do_osd_jail_slot = osd_jail_register(dealloc_osd, osd_methods);
+	osd_jail_slot = osd_jail_register(dealloc_osd, osd_methods);
 	set_empty_rules(&prison0);
 	sx_slock(&allprison_lock);
 	TAILQ_FOREACH(pr, &allprison, pr_list)
@@ -628,7 +628,7 @@ mac_do_init(struct mac_policy_conf *mpc)
 static void
 mac_do_destroy(struct mac_policy_conf *mpc)
 {
-	osd_jail_deregister(mac_do_osd_jail_slot);
+	osd_jail_deregister(osd_jail_slot);
 }
 
 static bool

From nobody Thu Apr  3 19:32:22 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhR3nRVz5sLyY;
	Thu, 03 Apr 2025 19:32:23 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhR0pPXz3Sfv;
	Thu, 03 Apr 2025 19:32:23 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708743;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Q5ZHhxuxhSHbVyx/Vncthp46cLcDqeUR6EMRJjfqHGE=;
	b=mB+XfNVHeMzreJm0mCyIvyFMaXrRCcRV6eWOqUARYkEtnqUSlBGihfIQ+XFPTEryTVvWCd
	b47Haig1uet9aElfmIcQQ2t3Ruj6PoEMANT4sC7AbZU8eGWiXUOmL8ZumCXBoRhmjJoDHW
	tE34ew3SKqJMyv2jPT5iumZKdD1LW28nf2UcsygJkcvfkvfKralptptAbt6w9KUJhFeiEu
	jk8dbPIPffjnTOBYa2UUBExGxRGI2Sn1jvhMYutBgXp8FN9PKLsS/GcC7E73Qchrb2KMyR
	CUaR0kpUrK4PMHawzWkf4lO54QxsH9nSgIDzywZbxhq9p7Xa3LZIO7SPMcEJ3g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708743; a=rsa-sha256; cv=none;
	b=bLK+ZZf4gjlnaJnNMGJbaKe9rn+YkWPBQTaS08lpGdUgGdkaXbmtWGhaTTrCcsUeUHEr3X
	bVIuoaZwPWTm8HEVJtXwONJq9vCcoqnjemHGYOSR7+eqlERbgvguBJyZSxpC42A/PfTQlC
	jmJjBA+PChyL7ilgOX3yfjTqQO42BDpqam5yBKsEMAY4k5BSr7KZJOsoHhJZVRQY2xz/Vr
	DFEHbdfA4c8ln/baa57+1v8rHxxsAYBz3qSdtqMlqQ84Mo/K/A2+bn1/LXMGb1pXeHqFDP
	W6kSQBTLJog5c3tQTx8k9toWep5cfqSJyqqToopihVr2lhAQTnjAm1qg3Srzvw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708743;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Q5ZHhxuxhSHbVyx/Vncthp46cLcDqeUR6EMRJjfqHGE=;
	b=RObC26Y0+HLIOUUNE063WC1mxRBUkeakYiboYXYOVeUSfydb6j5ilQi2nipXysrrN1r8y8
	bgIsVnlUiUV8HA9SilxIMf2JIjs2Kbq4lBuY5lTxwqRPuABX7nFuljXc3tbzNHwAv/sfi2
	AmME6+UOO+gTmAMbM1VTqshyegAyPheh14GLbkCRfsHmM4+zR6mmiPJmav2jv6elJdDFvg
	5cAwaFVT0kVFZYBUeZoV3y0U2Fk6Qmgt8Ks6T8PgMVMO1oAxJmSv7B6SSN2YsGiRntLcX6
	hGQRvoqFN+YLgEeHC7WwyrWqzf9K1iKe3GTPfkyslF1kM7GcLKbJlHwApoqaZg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhR0N23zZt;
	Thu, 03 Apr 2025 19:32:23 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWM18040360;
	Thu, 3 Apr 2025 19:32:22 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWM6c040357;
	Thu, 3 Apr 2025 19:32:22 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:22 GMT
Message-Id: <202504031932.533JWM6c040357@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 4450915a9bdc - stable/14 - MAC/do: Output errors when
  parsing rules
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 4450915a9bdc58816ea460b4979a90cb9dc25c3b
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=4450915a9bdc58816ea460b4979a90cb9dc25c3b

commit 4450915a9bdc58816ea460b4979a90cb9dc25c3b
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-08-07 09:25:00 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:03 +0000

    MAC/do: Output errors when parsing rules
    
    So that administrators can more easily know what the problem is with the
    rules they are trying to set.
    
    The new sysctl 'security.mac.do.print_parse_error' controls whether
    trying to set sysctl 'security.mac.do.rules' with invalid rules triggers
    printing of the error on the system console.
    
    Setting jail parameters directlty reports an error to the calling
    process thanks to the VFS options mechanism used by the jail machinery,
    so is not controlled by the new sysctl setting.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47617
    
    (cherry picked from commit 87c06b7d026f2beeb3c2f695567ef72aa3a427ea)
---
 sys/security/mac_do/mac_do.c | 231 +++++++++++++++++++++++++++++++++++--------
 1 file changed, 191 insertions(+), 40 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 92c09d540723..decfb3c756f0 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -23,6 +23,8 @@
 #include <sys/ucred.h>
 #include <sys/vnode.h>
 
+#include <machine/stdarg.h>
+
 #include <security/mac/mac_policy.h>
 
 static SYSCTL_NODE(_security_mac, OID_AUTO, do,
@@ -32,6 +34,11 @@ static int	do_enabled = 1;
 SYSCTL_INT(_security_mac_do, OID_AUTO, enabled, CTLFLAG_RWTUN,
     &do_enabled, 0, "Enforce do policy");
 
+static int	print_parse_error = 1;
+SYSCTL_INT(_security_mac_do, OID_AUTO, print_parse_error, CTLFLAG_RWTUN,
+    &print_parse_error, 0, "Print parse errors on setting rules "
+    "(via sysctl(8)).");
+
 static MALLOC_DEFINE(M_DO, "do_rule", "Rules for mac_do");
 
 #define MAC_RULE_STRING_LEN	1024
@@ -52,6 +59,13 @@ static const char *id_type_to_str[] = {
 	[IT_ANY]	= "*",
 };
 
+#define PARSE_ERROR_SIZE	256
+
+struct parse_error {
+	size_t	pos;
+	char	msg[PARSE_ERROR_SIZE];
+};
+
 /*
  * We assume that 'uid_t' and 'gid_t' are aliases to 'u_int' in conversions
  * required for parsing rules specification strings.
@@ -364,8 +378,32 @@ strtoui_strict(const char *const restrict s, const char **const restrict endptr,
 	return (0);
 }
 
+
+static void
+make_parse_error(struct parse_error **const parse_error, const size_t pos,
+    const char *const fmt, ...)
+{
+	struct parse_error *const err = malloc(sizeof(*err), M_DO, M_WAITOK);
+	va_list ap;
+
+	err->pos = pos;
+	va_start(ap, fmt);
+	vsnprintf(err->msg, PARSE_ERROR_SIZE, fmt, ap);
+	va_end(ap);
+
+	MPASS(*parse_error == NULL);
+	*parse_error = err;
+}
+
+static void
+free_parse_error(struct parse_error *const parse_error)
+{
+	free(parse_error, M_DO);
+}
+
 static int
-parse_id_type(const char *const string, id_type_t *const type)
+parse_id_type(const char *const string, id_type_t *const type,
+    struct parse_error **const parse_error)
 {
 	/*
 	 * Special case for "any", as the canonical form for IT_ANY in
@@ -385,6 +423,7 @@ parse_id_type(const char *const string, id_type_t *const type)
 	}
 
 	*type = IT_INVALID;
+	make_parse_error(parse_error, 0, "No valid type found.");
 	return (EINVAL);
 }
 
@@ -426,8 +465,10 @@ has_clauses(const id_nb_t nb, const flags_t type_flags)
 
 static int
 parse_target_clause(char *to, struct rule *const rule,
-    struct id_list *const uid_list, struct id_list *const gid_list)
+    struct id_list *const uid_list, struct id_list *const gid_list,
+    struct parse_error **const parse_error)
 {
+	const char *const start = to;
 	char *to_type, *to_id;
 	const char *p;
 	struct id_list *list;
@@ -439,21 +480,30 @@ parse_target_clause(char *to, struct rule *const rule,
 	id_type_t type;
 	int error;
 
+	MPASS(*parse_error == NULL);
 	MPASS(to != NULL);
 	to_type = strsep(&to, "=");
 	MPASS(to_type != NULL);
 	to_type += parse_gid_flags(to_type, &is.flags, &gid_flags);
-	error = parse_id_type(to_type, &type);
+	error = parse_id_type(to_type, &type, parse_error);
 	if (error != 0)
 		goto einval;
-	if (type != IT_GID && is.flags != 0)
+	if (type != IT_GID && is.flags != 0) {
+		make_parse_error(parse_error, to_type - start,
+		    "Expected type 'gid' after flags, not '%s'.",
+		    to_type);
 		goto einval;
+	}
 
 	to_id = strsep(&to, "");
 	switch (type) {
 	case IT_GID:
-		if (to_id == NULL)
+		if (to_id == NULL) {
+			make_parse_error(parse_error, to_type - start,
+			    "No '=' and ID specification after type '%s'.",
+			    to_type);
 			goto einval;
+		}
 
 		if (is.flags == 0) {
 			/* No flags: Dealing with a primary group. */
@@ -473,17 +523,33 @@ parse_target_clause(char *to, struct rule *const rule,
 			 * supplementary groups).
 			 */
 			if ((is.flags & MDF_PRIMARY) != 0) {
-				if ((*tflags & MDF_HAS_PRIMARY_CLAUSE) != 0)
+				if ((*tflags & MDF_HAS_PRIMARY_CLAUSE) != 0) {
+					make_parse_error(parse_error,
+					    to_id - start,
+					    "'any' specified after another "
+					    "(primary) GID.");
 					goto einval;
+				}
 				*tflags |= gid_flags | MDF_ANY;
 			} else {
 				/*
 				 * If a supplementary group flag was present, it
 				 * must be MDF_SUPP_ALLOW ("+").
 				 */
-				if ((is.flags & MDF_SUPP_MASK) != MDF_SUPP_ALLOW ||
-				    (*tflags & MDF_HAS_SUPP_CLAUSE) != 0)
+				if ((is.flags & MDF_SUPP_MASK) != MDF_SUPP_ALLOW) {
+					make_parse_error(parse_error,
+					    to_id - start,
+					    "'any' specified with another "
+					    "flag than '+'.");
+					goto einval;
+				}
+				if ((*tflags & MDF_HAS_SUPP_CLAUSE) != 0) {
+					make_parse_error(parse_error,
+					    to_id - start,
+					    "'any' with flag '+' specified after "
+					    "another (supplementary) GID.");
 					goto einval;
+				}
 				*tflags |= gid_flags | MDF_ANY_SUPP;
 			}
 			goto check_type_and_finish;
@@ -493,18 +559,32 @@ parse_target_clause(char *to, struct rule *const rule,
 			 * category.
 			 */
 			if ((is.flags & MDF_PRIMARY) != 0) {
-				if ((*tflags & MDF_ANY) != 0)
+				if ((*tflags & MDF_ANY) != 0) {
+					make_parse_error(parse_error,
+					    to_id - start,
+					    "Some (primary) GID specified after "
+					    "'any'.");
 					goto einval;
+				}
 			} else if ((*tflags & MDF_ANY_SUPP) != 0 &&
-			    (is.flags & MDF_SUPP_ALLOW) != 0)
+			    (is.flags & MDF_SUPP_ALLOW) != 0) {
+				make_parse_error(parse_error,
+				    to_id - start,
+				    "Some (supplementary) GID specified after "
+				    "'any' with flag '+'.");
 				goto einval;
+			}
 			*tflags |= gid_flags;
 		}
 		break;
 
 	case IT_UID:
-		if (to_id == NULL)
+		if (to_id == NULL) {
+			make_parse_error(parse_error, to_type - start,
+			    "No '=' and ID specification after type '%s'.",
+			    to_type);
 			goto einval;
+		}
 
 		list = uid_list;
 		nb = &rule->uids_nb;
@@ -513,8 +593,11 @@ parse_target_clause(char *to, struct rule *const rule,
 		/* "*" or "any"? */
 		if (parse_any(to_id)) {
 			/* There must not be any other clause. */
-			if (has_clauses(*nb, *tflags))
+			if (has_clauses(*nb, *tflags)) {
+				make_parse_error(parse_error, to_id - start,
+				    "'any' specified after another UID.");
 				goto einval;
+			}
 			*tflags |= MDF_ANY;
 			goto check_type_and_finish;
 		} else {
@@ -522,22 +605,32 @@ parse_target_clause(char *to, struct rule *const rule,
 			 * Check that we haven't already seen "any" for the same
 			 * category.
 			 */
-			if ((*tflags & MDF_ANY) != 0)
+			if ((*tflags & MDF_ANY) != 0) {
+				make_parse_error(parse_error, to_id - start,
+				    "Some UID specified after 'any'.");
 				goto einval;
+			}
 		}
 		break;
 
 	case IT_ANY:
 		/* No ID allowed. */
-		if (to_id != NULL)
+		if (to_id != NULL) {
+			make_parse_error(parse_error, to_type - start,
+			    "No '=' and ID allowed after type '%s'.", to_type);
 			goto einval;
+		}
 		/*
 		 * We can't have IT_ANY after any other IT_*, it must be the
 		 * only one.
 		 */
 		if (has_clauses(rule->uids_nb, rule->uid_flags) ||
-		    has_clauses(rule->gids_nb, rule->gid_flags))
+		    has_clauses(rule->gids_nb, rule->gid_flags)) {
+			make_parse_error(parse_error, to_type - start,
+			    "Target clause of type '%s' coming after another "
+			    "clause (must be alone).", to_type);
 			goto einval;
+		}
 		rule->uid_flags |= MDF_ANY;
 		rule->gid_flags |= MDF_ANY | MDF_ANY_SUPP |
 		    MDF_HAS_PRIMARY_CLAUSE | MDF_HAS_SUPP_CLAUSE;
@@ -556,8 +649,12 @@ parse_target_clause(char *to, struct rule *const rule,
 		if ((*tflags & MDF_CURRENT) != 0) {
 			/* Duplicate "." <id>.  Try to coalesce. */
 			error = coalesce_id_flags(is.flags, tflags);
-			if (error != 0)
+			if (error != 0) {
+				make_parse_error(parse_error, to_id - start,
+				    "Incompatible flags with prior clause "
+				    "with same target.");
 				goto einval;
+			}
 		} else
 			*tflags |= MDF_CURRENT | is.flags;
 		goto check_type_and_finish;
@@ -565,8 +662,11 @@ parse_target_clause(char *to, struct rule *const rule,
 
 	/* Parse an ID. */
 	error = strtoui_strict(to_id, &p, 10, &is.id);
-	if (error != 0 || *p != '\0')
+	if (error != 0 || *p != '\0') {
+		make_parse_error(parse_error, to_id - start,
+		    "Cannot parse a numerical ID (base 10).");
 		goto einval;
+	}
 
 	/* Explicit ID flags. */
 	if (type == IT_GID && (is.flags & MDF_SUPP_MUST) != 0)
@@ -578,18 +678,22 @@ parse_target_clause(char *to, struct rule *const rule,
 	 * (using sorted arrays).
 	 */
 	++*nb;
-	if (*nb == 0)
+	if (*nb == 0) {
+		make_parse_error(parse_error, 0,
+		    "Too many target clauses of type '%s'.", to_type);
 		return (EOVERFLOW);
+	}
 	ie = malloc(sizeof(*ie), M_DO, M_WAITOK);
 	ie->spec = is;
 	TAILQ_INSERT_TAIL(list, ie, ie_entries);
 	check_type_and_id_spec(type, &is);
-finish:
-	return (0);
 check_type_and_finish:
 	check_type_and_type_flags(type, *tflags);
+finish:
 	return (0);
 einval:
+	/* We must have built a parse error on error. */
+	MPASS(*parse_error != NULL);
 	return (EINVAL);
 }
 
@@ -620,7 +724,8 @@ id_spec_cmp(const void *const p1, const void *const p2)
  */
 static int
 pour_list_into_rule(const id_type_t type, struct id_list *const list,
-    struct id_spec *const array, id_nb_t *const nb)
+    struct id_spec *const array, id_nb_t *const nb,
+    struct parse_error **const parse_error)
 {
 	struct id_elem *ie, *ie_next;
 	size_t idx = 0;
@@ -658,8 +763,12 @@ pour_list_into_rule(const id_type_t type, struct id_list *const list,
 			case IT_GID:
 				error = coalesce_id_flags(array[idx].flags,
 				    &array[ref_idx].flags);
-				if (error != 0)
+				if (error != 0) {
+					make_parse_error(parse_error, 0,
+					    "Incompatible flags or duplicate "
+					    "GID %u.", id);
 					return (EINVAL);
+				}
 				check_type_and_id_flags(type,
 				    array[ref_idx].flags);
 				break;
@@ -670,6 +779,8 @@ pour_list_into_rule(const id_type_t type, struct id_list *const list,
 				 * of the same UID is an exact redundancy, so
 				 * error out.
 				 */
+				make_parse_error(parse_error, 0,
+				    "Duplicate UID %u.", id);
 				return (EINVAL);
 
 			default:
@@ -697,8 +808,10 @@ pour_list_into_rule(const id_type_t type, struct id_list *const list,
  * explained in functions checking privileges below.
  */
 static int
-parse_single_rule(char *rule, struct rules *const rules)
+parse_single_rule(char *rule, struct rules *const rules,
+    struct parse_error **const parse_error)
 {
+	const char *const start = rule;
 	const char *from_type, *from_id, *p;
 	char *to_list;
 	struct id_list uid_list, gid_list;
@@ -706,7 +819,7 @@ parse_single_rule(char *rule, struct rules *const rules)
 	struct rule *new;
 	int error;
 
-	MPASS(rule != NULL);
+	MPASS(*parse_error == NULL);
 	TAILQ_INIT(&uid_list);
 	TAILQ_INIT(&gid_list);
 
@@ -715,7 +828,7 @@ parse_single_rule(char *rule, struct rules *const rules)
 
 	from_type = strsep(&rule, "=");
 	MPASS(from_type != NULL); /* Because 'rule' was not NULL. */
-	error = parse_id_type(from_type, &new->from_type);
+	error = parse_id_type(from_type, &new->from_type, parse_error);
 	if (error != 0)
 		goto einval;
 	switch (new->from_type) {
@@ -723,16 +836,23 @@ parse_single_rule(char *rule, struct rules *const rules)
 	case IT_GID:
 		break;
 	default:
+		make_parse_error(parse_error, 0, "Type '%s' not allowed in "
+		    "the \"from\" part of rules.");
 		goto einval;
 	}
 
 	from_id = strsep(&rule, ":");
-	if (is_null_or_empty(from_id))
+	if (is_null_or_empty(from_id)) {
+		make_parse_error(parse_error, 0, "No ID specified.");
 		goto einval;
+	}
 
 	error = strtoui_strict(from_id, &p, 10, &new->from_id);
-	if (error != 0 || *p != '\0')
+	if (error != 0 || *p != '\0') {
+		make_parse_error(parse_error, from_id - start,
+		    "Cannot parse a numerical ID (base 10).");
 		goto einval;
+	}
 
 	/*
 	 * We will now parse the "to" list.
@@ -747,12 +867,17 @@ parse_single_rule(char *rule, struct rules *const rules)
 	 * O(log(n)) instead of linearly.
 	 */
 	to_list = strsep(&rule, ",");
-	if (to_list == NULL)
+	if (to_list == NULL) {
+		make_parse_error(parse_error, 0, "No target list.");
 		goto einval;
+	}
 	do {
-		error = parse_target_clause(to_list, new, &uid_list, &gid_list);
-		if (error != 0)
+		error = parse_target_clause(to_list, new, &uid_list, &gid_list,
+		    parse_error);
+		if (error != 0) {
+			(*parse_error)->pos += to_list - start;
 			goto einval;
+		}
 
 		to_list = strsep(&rule, ",");
 	} while (to_list != NULL);
@@ -761,7 +886,7 @@ parse_single_rule(char *rule, struct rules *const rules)
 		new->uids = malloc(sizeof(*new->uids) * new->uids_nb, M_DO,
 		    M_WAITOK);
 		error = pour_list_into_rule(IT_UID, &uid_list, new->uids,
-		    &new->uids_nb);
+		    &new->uids_nb, parse_error);
 		if (error != 0)
 			goto einval;
 	}
@@ -777,7 +902,7 @@ parse_single_rule(char *rule, struct rules *const rules)
 		new->gids = malloc(sizeof(*new->gids) * new->gids_nb, M_DO,
 		    M_WAITOK);
 		error = pour_list_into_rule(IT_GID, &gid_list, new->gids,
-		    &new->gids_nb);
+		    &new->gids_nb, parse_error);
 		if (error != 0)
 			goto einval;
 	}
@@ -801,6 +926,7 @@ einval:
 	    free(ie, M_DO);
 	TAILQ_FOREACH_SAFE(ie, &uid_list, ie_entries, ie_next)
 	    free(ie, M_DO);
+	MPASS(*parse_error != NULL);
 	return (EINVAL);
 }
 
@@ -811,7 +937,9 @@ einval:
  * representing the rules.  On error, the returned value is non-zero and
  * '*rulesp' is unchanged.  If 'string' has length greater or equal to
  * MAC_RULE_STRING_LEN, ENAMETOOLONG is returned.  If it is not in the expected
- * format, EINVAL is returned.
+ * format, EINVAL is returned.  If an error is returned, '*parse_error' is set
+ * to point to a 'struct parse_error' giving an error message for the problem,
+ * else '*parse_error' is set to NULL.
  *
  * Expected format: A semi-colon-separated list of rules of the form
  * "<from>:<target>".  The <from> part is of the form "<type>=<id>" where <type>
@@ -825,15 +953,22 @@ einval:
  * - "gid=1010:gid=1011,gid=1012,gid=1013"
  */
 static int
-parse_rules(const char *const string, struct rules **const rulesp)
+parse_rules(const char *const string, struct rules **const rulesp,
+    struct parse_error **const parse_error)
 {
 	const size_t len = strlen(string);
 	char *copy, *p, *rule;
 	struct rules *rules;
 	int error = 0;
 
-	if (len >= MAC_RULE_STRING_LEN)
+	*parse_error = NULL;
+
+	if (len >= MAC_RULE_STRING_LEN) {
+		make_parse_error(parse_error, 0,
+		    "Rule specification string is too long (%zu, max %zu)",
+		    len, MAC_RULE_STRING_LEN - 1);
 		return (ENAMETOOLONG);
+	}
 
 	rules = alloc_rules();
 	bcopy(string, rules->string, len + 1);
@@ -847,8 +982,9 @@ parse_rules(const char *const string, struct rules **const rulesp)
 	while ((rule = strsep(&p, ";")) != NULL) {
 		if (rule[0] == '\0')
 			continue;
-		error = parse_single_rule(rule, rules);
+		error = parse_single_rule(rule, rules, parse_error);
 		if (error != 0) {
+			(*parse_error)->pos += rule - copy;
 			toast_rules(rules);
 			goto out;
 		}
@@ -957,12 +1093,13 @@ set_empty_rules(struct prison *const pr)
  * Returns the same error code as parse_rules() (which see).
  */
 static int
-parse_and_set_rules(struct prison *const pr, const char *rules_string)
+parse_and_set_rules(struct prison *const pr, const char *rules_string,
+    struct parse_error **const parse_error)
 {
 	struct rules *rules;
 	int error;
 
-	error = parse_rules(rules_string, &rules);
+	error = parse_rules(rules_string, &rules, parse_error);
 	if (error != 0)
 		return (error);
 	set_rules(pr, rules);
@@ -976,6 +1113,7 @@ mac_do_sysctl_rules(SYSCTL_HANDLER_ARGS)
 	struct prison *const td_pr = req->td->td_ucred->cr_prison;
 	struct prison *pr;
 	struct rules *rules;
+	struct parse_error *parse_error;
 	int error;
 
 	rules = find_rules(td_pr, &pr);
@@ -987,7 +1125,13 @@ mac_do_sysctl_rules(SYSCTL_HANDLER_ARGS)
 		goto out;
 
 	/* Set our prison's rules, not that of the jail we inherited from. */
-	error = parse_and_set_rules(td_pr, buf);
+	error = parse_and_set_rules(td_pr, buf, &parse_error);
+	if (error != 0) {
+		if (print_parse_error)
+			printf("MAC/do: Parse error at index %zu: %s\n",
+			    parse_error->pos, parse_error->msg);
+		free_parse_error(parse_error);
+	}
 out:
 	free(buf, M_DO);
 	return (error);
@@ -1137,6 +1281,7 @@ mac_do_jail_set(void *obj, void *data)
 	struct prison *pr = obj;
 	struct vfsoptlist *opts = data;
 	char *rules_string;
+	struct parse_error *parse_error;
 	int error, jsys;
 
 	/*
@@ -1182,7 +1327,13 @@ mac_do_jail_set(void *obj, void *data)
 		break;
 	case JAIL_SYS_DISABLE:
 	case JAIL_SYS_NEW:
-		error = parse_and_set_rules(pr, rules_string);
+		error = parse_and_set_rules(pr, rules_string, &parse_error);
+		if (error != 0) {
+			vfs_opterror(opts,
+			    "MAC/do: Parse error at index %zu: %s\n",
+			    parse_error->pos, parse_error->msg);
+			free_parse_error(parse_error);
+		}
 		break;
 	default:
 		__assert_unreachable();

From nobody Thu Apr  3 19:32:21 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhQ5klhz5sMCF;
	Thu, 03 Apr 2025 19:32:22 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhQ08Q6z3Sfj;
	Thu, 03 Apr 2025 19:32:22 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708742;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=r1BnCkoIwBPK2K9i6QutqmDRui/H+VgbEc/jbtzSZtk=;
	b=eMagIThpFcfCN+OYGrMom7bDrKsQvhUr2drESMxGcPqoEGi0tbnVM5xhC/6APn9BUAW8yg
	dNMhdZyFyfKeNmMUG1O04UhnlRbXW3TjPJy5PH8Jvq5jrvLKCk0ctVqnd1aZd9eeZMoGjr
	gD0oNBcfbr9A+2q/2rilgqQswZWUdcdbcNXYz1qRPY3KIk9znRX7dnVcCg+ipBIw5QBqzb
	TfgSckevRzwzwwfY5x8FODhJ4UkJYNzfkXwoDDChAACKrxIOP6YOusJNiPeG671QNfrkJP
	qH2Bow9vtk0oKUxGZ63bq+Q+oKQcAC12fAJ6URn/s9pV4ynzMesxMRxHkcavlQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708742; a=rsa-sha256; cv=none;
	b=Tx5b9pipyI2ghCwc4UzxrbLDif5ZQP08dmXT21GG3x8VAJinLS2AGOfTc+ijb197FEQfJe
	zf/kOM4+I5uxmBvGlVEPzDf38R6wEmKzzHw8eitzPp0YYlCGmvsQ9lvx6ooj6F9YwrMpZe
	GbwmlfntyYn0sIPQ9GGKOsGWeX1KuJdkXZTFObFCmKmSvGq/oW77Jl3C5sNTvPIFZIOO7h
	NgH+/YYc4VU5Wm85d85jh4VXqYYuN2Jnl2ZoH1Csw8cwHUkQDLYaGIs7Ojw2mydQu8IovB
	y4hmn0yQAJwcmoUetbi4fBQaJB0wtxTn4NTbplU0CdXI3E80+8/LwjwUnO4cvg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708742;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=r1BnCkoIwBPK2K9i6QutqmDRui/H+VgbEc/jbtzSZtk=;
	b=lfP/9I2leX1P8YrB58sKxyhGN3fbilNbFzGruOpLK1DBkpOI8MokeaRYjw+DoIT7k0pIya
	xUIB710r27yU4z3elKDGuJrqqz2ti8iUJvv79uLb5L7WOY08iPsQCl+kFwdP7vbgQcfxAY
	z+Oc4LiFa+1BmtaCU/NDcvUveQsMbKc9AE+laBFIbnAvSw3myGnf+ZR7TI213XnxI9wwIY
	7x8lUdd0aRp6WnQeSHagaEg0oGvRB4RV4KcVtRLBZ+WTSgdBGgrUVL3SocZWJm05pgQNqI
	74U5tHaoQDBCb5FUM3+EMPRjX8zc/ZCBmAhJjii8OiwIic0g/tKO3w/YeVFTAg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhP6pHYzLy;
	Thu, 03 Apr 2025 19:32:21 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWLeS040327;
	Thu, 3 Apr 2025 19:32:21 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWLxC040324;
	Thu, 3 Apr 2025 19:32:21 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:21 GMT
Message-Id: <202504031932.533JWLxC040324@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 83ffc412b2e9 - stable/14 - MAC/do: Support multiple
  users and groups as single rule's targets
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 83ffc412b2e91f99752b59a3675c97959ad77734
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=83ffc412b2e91f99752b59a3675c97959ad77734

commit 83ffc412b2e91f99752b59a3675c97959ad77734
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-05 15:56:13 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:03 +0000

    MAC/do: Support multiple users and groups as single rule's targets
    
    Supporting group targets is a requirement for MAC/do to be able to
    enforce a limited set of valid new groups passed to setgroups().
    Additionally, it must be possible for this set of groups to also depend
    on the target UID, since users and groups are quite tied in UNIX (users
    are automatically placed in only the groups specified through
    '/etc/passwd' (primary group) and '/etc/group' (supplementary ones)).
    
    These requirements call for a re-design of the specification of the
    rules specification string and of 'struct rule'.
    
    A rules specification string is now a list of rules separated by ';'
    (instead of ',').  One rule is still composed of a "from" part and
    a "to" (or "target") part, both being separated by ':' (as before).
    
    The first part, "from", is matched against the credentials of the
    process calling setuid()/setgroups().  Its specification remains
    unchanged: It is a '<type>=<id>' clause, where <type> is either "uid" or
    "gid" and <id> an UID or GID.
    
    The second part, "to", is now a comma-separated (',') list of
    '<flags><type>=<id>' clauses similar to that of the "from" part, with
    the extensions that <id> may also be "*" or "any" or ".", and that
    <flags> may contain at most one of the '+', '-' and '!' characters when
    <type> is GID.  "*" and "any" both designate any ID for the <type>, and
    are aliases to each other.  In front of them, only the "+" flag is
    allowed (in addition to the previous rules).  "."  designates the
    process' current IDs for the <type>, as explained below.
    
    For GIDs, an absence of flag indicates that the specified GID is allowed
    as the real, effective and/or saved GIDs (the "primary" groups).
    Conversely, the presence of any allowed flag indicates that the
    specification concerns supplementary groups.  The '+' flag in front of
    "gid" indicates that the ID is allowed as a supplementary group.  The
    '!' flag indicates that the ID is mandatory, i.e., must be listed in the
    supplementary groups.  The '-' flag indicates that the GID must not be
    listed in the supplementary groups.  A specification with '-' is only
    useful in conjunction with a '+'-tagged specification where only one of
    them has <id> ".", or if other MAC policies are loaded that would give
    access to other, unwanted groups.
    
    "." indicates some ID that the calling process already has on privilege
    check.  For type "uid", it designates any of the real, effective or
    saved UIDs.  For type "gid", its effect depends on the presence of one
    of the '+', '-' or '!' flags.  If no flag is present, it designates any
    of the real, effective or saved GIDs.  If one is present, it designates
    any of the supplementary groups.
    
    If the "to" part doesn't specify any explicit UID, any of the UIDs of
    the calling process is implied (it is as if "uid=." had been specified).
    Similarly, if it doesn't specify any explicit GID, "gid=.,!gid=." is
    assumed, meaning that all the groups of the calling process are implied
    and must be present.  More precisely, each of the desired real,
    effective and saved GIDs must be one of the current real, effective or
    saved GID, whereas all others (the supplementary ones) must be the same
    as those that are current.
    
    No two clauses in a single "to" list may display the same <id>, except
    for GIDs but only if, each time the same <id> appears, it does so with
    a different flag (no flag counting as a separate flag) and all the
    specified flags are not contradictory (e.g., it is possible to have the
    same GID appear with no flag and the "+" flag, but the same GID with
    both "+" and "-" will be rejected).
    
    'struct rule' now holds arrays of UIDs (field 'uids') and GIDs (field
    'gids') that are admissible as targets, with accompanying flags (such as
    MDF_SUPP_MUST, representing the '!' flag).  Some flags are also held by
    ID type, including flags associated to individual IDs, as MDF_CURRENT in
    these flags stands for the process being privilege-checked's current
    IDs, to which ID flags apply.  As a departure from this scheme, "*" or
    "any" as <id> for GIDs is either represented by MDF_ANY or MDF_ANY_SUPP.
    This is to make it coexist with a "."/MDF_CURRENT specification for the
    other category of groups (among primary and supplementary groups), which
    needs to be qualified by the usual GID flags.
    
    This commit contains only the changes to parse the new rules and to
    build their representation.  The privilege granting part is not fixed
    here, beyond what making compilation work requires (and, in preparation
    for some subsequent commit, minimal adaptations to the matching logic in
    check_setuid()).
    
    Approved by:    markj (mentor)
    Relnotes:       yes
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47616
    
    (cherry picked from commit 6c3def74e2deb825e7dac4ffebaaf651f547e392)
---
 sys/security/mac_do/mac_do.c | 736 ++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 659 insertions(+), 77 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index fc1a6de471b6..92c09d540723 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -38,18 +38,18 @@ static MALLOC_DEFINE(M_DO, "do_rule", "Rules for mac_do");
 
 static unsigned		osd_jail_slot;
 
-#define RULE_INVALID	0 /* Must stay 0. */
-#define RULE_UID	1
-#define RULE_GID	2
-#define RULE_ANY	3
+#define IT_INVALID	0 /* Must stay 0. */
+#define IT_UID		1
+#define IT_GID		2
+#define IT_ANY		3
+#define IT_LAST		IT_ANY
 
 static const char *id_type_to_str[] = {
-	[RULE_INVALID]	= "invalid",
-	[RULE_UID]	= "uid",
-	[RULE_GID]	= "gid",
+	[IT_INVALID]	= "invalid",
+	[IT_UID]	= "uid",
+	[IT_GID]	= "gid",
 	/* See also parse_id_type(). */
-	[RULE_ANY]	= "*",
-	NULL
+	[IT_ANY]	= "*",
 };
 
 /*
@@ -60,19 +60,236 @@ _Static_assert(sizeof(uid_t) == sizeof(u_int) && (uid_t)-1 >= 0 &&
     sizeof(gid_t) == sizeof(u_int) && (gid_t)-1 >= 0,
     "mac_do(4) assumes that 'uid_t' and 'gid_t' are aliases to 'u_int'");
 
+/*
+ * Internal flags.
+ *
+ * They either apply as per-type (t) or per-ID (i) but are conflated because all
+ * per-ID flags are also valid as per-type ones to qualify the "current" (".")
+ * per-type flag.  Also, some of them are in fact exclusive, but we use one-hot
+ * encoding for simplicity.
+ *
+ * There is currently room for "only" 16 bits.  As these flags are purely
+ * internal, they can be renumbered and/or their type changed as needed.
+ *
+ * See also the check_*() functions below.
+ */
+typedef uint16_t	flags_t;
+
+/* (i,gid) Specification concerns primary groups. */
+#define MDF_PRIMARY	(1u << 0)
+/* (i,gid) Specification concerns supplementary groups. */
+#define MDF_SUPP_ALLOW	(1u << 1)
+/* (i,gid) Group must appear as a supplementary group. */
+#define MDF_SUPP_MUST	(1u << 2)
+/* (i,gid) Group must not appear as a supplementary group. */
+#define MDF_SUPP_DONT	(1u << 3)
+#define MDF_SUPP_MASK	(MDF_SUPP_ALLOW | MDF_SUPP_MUST | MDF_SUPP_DONT)
+#define MDF_ID_MASK	(MDF_PRIMARY | MDF_SUPP_MASK)
+
+/*
+ * (t) All IDs allowed.
+ *
+ * For GIDs, MDF_ANY only concerns primary groups.  The MDF_PRIMARY and
+ * MDF_SUPP_* flags never apply to MDF_ANY, but can be present if MDF_CURRENT is
+ * present also, as usual.
+ */
+#define MDF_ANY			(1u << 8)
+/* (t) Current IDs allowed. */
+#define MDF_CURRENT		(1u << 9)
+#define MDF_TYPE_COMMON_MASK	(MDF_ANY | MDF_CURRENT)
+/* (t,gid) All IDs allowed as supplementary groups. */
+#define MDF_ANY_SUPP		(1u << 10)
+/* (t,gid) Some ID or MDF_CURRENT has MDF_SUPP_MUST or MDF_SUPP_DONT. */
+#define MDF_MAY_REJ_SUPP	(1u << 11)
+/* (t,gid) Some explicit ID (not MDF_CURRENT) has MDF_SUPP_MUST. */
+#define MDF_EXPLICIT_SUPP_MUST	(1u << 12)
+/* (t,gid) Whether any target clause is about primary groups.  Used during
+ * parsing only. */
+#define MDF_HAS_PRIMARY_CLAUSE	(1u << 13)
+/* (t,gid) Whether any target clause is about supplementary groups.  Used during
+ * parsing only. */
+#define MDF_HAS_SUPP_CLAUSE	(1u << 14)
+#define MDF_TYPE_GID_MASK	(MDF_ANY_SUPP | MDF_MAY_REJ_SUPP |	\
+    MDF_EXPLICIT_SUPP_MUST | MDF_HAS_PRIMARY_CLAUSE | MDF_HAS_SUPP_CLAUSE)
+#define MDF_TYPE_MASK		(MDF_TYPE_COMMON_MASK | MDF_TYPE_GID_MASK)
+
+/*
+ * Persistent structures.
+ */
+
+struct id_spec {
+	u_int		 id;
+	flags_t		 flags; /* See MDF_* above. */
+};
+
+/*
+ * This limits the number of target clauses per type to 65535.  With the current
+ * value of MAC_RULE_STRING_LEN (1024), this is way more than enough anyway.
+ */
+typedef uint16_t	 id_nb_t;
+/* We only have a few IT_* types. */
+typedef uint16_t	 id_type_t;
+
 struct rule {
-	u_int	from_type;
-	u_int	from_id;
-	u_int	to_type;
-	u_int	to_id;
 	TAILQ_ENTRY(rule) r_entries;
+	id_type_t	 from_type;
+	u_int		 from_id;
+	flags_t		 uid_flags; /* See MDF_* above. */
+	id_nb_t		 uids_nb;
+	flags_t		 gid_flags; /* See MDF_* above. */
+	id_nb_t		 gids_nb;
+	struct id_spec	*uids;
+	struct id_spec	*gids;
 };
 
+TAILQ_HEAD(rulehead, rule);
+
 struct rules {
 	char string[MAC_RULE_STRING_LEN];
-	TAILQ_HEAD(rulehead, rule) head;
+	struct rulehead head;
+};
+
+/*
+ * Temporary structures used to build a 'struct rule' above.
+ */
+
+struct id_elem {
+	TAILQ_ENTRY(id_elem) ie_entries;
+	struct id_spec spec;
 };
 
+TAILQ_HEAD(id_list, id_elem);
+
+#ifdef INVARIANTS
+static void
+check_type(const id_type_t type)
+{
+	if (type > IT_LAST)
+		panic("Invalid type number %u", type);
+}
+
+static void
+panic_for_unexpected_flags(const id_type_t type, const flags_t flags,
+    const char *const str)
+{
+	panic("ID type %s: Unexpected flags %u (%s), ", id_type_to_str[type],
+	    flags, str);
+}
+
+static void
+check_type_and_id_flags(const id_type_t type, const flags_t flags)
+{
+	const char *str;
+
+	check_type(type);
+	switch (type) {
+	case IT_UID:
+		if (flags != 0) {
+			str = "only 0 allowed";
+			goto unexpected_flags;
+		}
+		break;
+	case IT_GID:
+		if ((flags & ~MDF_ID_MASK) != 0) {
+			str = "only bits in MDF_ID_MASK allowed";
+			goto unexpected_flags;
+		}
+		if (!powerof2(flags & MDF_SUPP_MASK)) {
+			str = "only a single flag in MDF_SUPP_MASK allowed";
+			goto unexpected_flags;
+		}
+		break;
+	default:
+	    __assert_unreachable();
+	}
+	return;
+
+unexpected_flags:
+	panic_for_unexpected_flags(type, flags, str);
+}
+
+static void
+check_type_and_id_spec(const id_type_t type, const struct id_spec *const is)
+{
+	check_type_and_id_flags(type, is->flags);
+}
+
+static void
+check_type_and_type_flags(const id_type_t type, const flags_t flags)
+{
+	const char *str;
+
+	check_type_and_id_flags(type, flags & MDF_ID_MASK);
+	if ((flags & ~MDF_ID_MASK & ~MDF_TYPE_MASK) != 0) {
+		str = "only MDF_ID_MASK | MDF_TYPE_MASK bits allowed";
+		goto unexpected_flags;
+	}
+	if ((flags & MDF_ANY) != 0 && (flags & MDF_CURRENT) != 0 &&
+	    (type == IT_UID || (flags & MDF_PRIMARY) != 0)) {
+		str = "MDF_ANY and MDF_CURRENT are exclusive for UIDs "
+		    "or primary group GIDs";
+		goto unexpected_flags;
+	}
+	if ((flags & MDF_ANY_SUPP) != 0 && (flags & MDF_CURRENT) != 0 &&
+	    (flags & MDF_SUPP_MASK) != 0) {
+		str = "MDF_SUPP_ANY and MDF_CURRENT with supplementary "
+		    "groups specification are exclusive";
+		goto unexpected_flags;
+	}
+	if (((flags & MDF_PRIMARY) != 0 || (flags & MDF_ANY) != 0) &&
+	    (flags & MDF_HAS_PRIMARY_CLAUSE) == 0) {
+		str = "Presence of folded primary clause not reflected "
+		    "by presence of MDF_HAS_PRIMARY_CLAUSE";
+		goto unexpected_flags;
+	}
+	if (((flags & MDF_SUPP_MASK) != 0 || (flags & MDF_ANY_SUPP) != 0) &&
+	    (flags & MDF_HAS_SUPP_CLAUSE) == 0) {
+		str = "Presence of folded supplementary clause not reflected "
+		    "by presence of MDF_HAS_SUPP_CLAUSE";
+		goto unexpected_flags;
+	}
+	return;
+
+unexpected_flags:
+	panic_for_unexpected_flags(type, flags, str);
+}
+#else /* !INVARIANTS */
+#define check_type_and_id_flags(...)
+#define check_type_and_id_spec(...)
+#define check_type_and_type_flags(...)
+#endif /* INVARIANTS */
+
+/*
+ * Returns EALREADY if both flags have some overlap, or EINVAL if flags are
+ * incompatible, else 0 with flags successfully merged into 'dest'.
+ */
+static int
+coalesce_id_flags(const flags_t src, flags_t *const dest)
+{
+	flags_t res;
+
+	if ((src & *dest) != 0)
+		return (EALREADY);
+
+	res = src | *dest;
+
+	/* Check for compatibility of supplementary flags, and coalesce. */
+	if ((res & MDF_SUPP_MASK) != 0) {
+		/* MDF_SUPP_DONT incompatible with the rest. */
+		if ((res & MDF_SUPP_DONT) != 0 && (res & MDF_SUPP_MASK &
+		    ~MDF_SUPP_DONT) != 0)
+			return (EINVAL);
+		/*
+		 * Coalesce MDF_SUPP_ALLOW and MDF_SUPP_MUST into MDF_SUPP_MUST.
+		 */
+		if ((res & MDF_SUPP_ALLOW) != 0 && (res & MDF_SUPP_MUST) != 0)
+			res &= ~MDF_SUPP_ALLOW;
+	}
+
+	*dest = res;
+	return (0);
+}
+
 static void
 toast_rules(struct rules *const rules)
 {
@@ -81,6 +298,8 @@ toast_rules(struct rules *const rules)
 
 	while ((rule = TAILQ_FIRST(head)) != NULL) {
 		TAILQ_REMOVE(head, rule, r_entries);
+		free(rule->uids, M_DO);
+		free(rule->gids, M_DO);
 		free(rule, M_DO);
 	}
 	free(rules, M_DO);
@@ -97,6 +316,12 @@ alloc_rules(void)
 	return (rules);
 }
 
+static bool
+is_null_or_empty(const char *s)
+{
+	return (s == NULL || s[0] == '\0');
+}
+
 /*
  * String to unsigned int.
  *
@@ -140,79 +365,442 @@ strtoui_strict(const char *const restrict s, const char **const restrict endptr,
 }
 
 static int
-parse_id_type(const char *const string, int *const type)
+parse_id_type(const char *const string, id_type_t *const type)
 {
 	/*
-	 * Special case for "any", as the canonical form for RULE_ANY in
+	 * Special case for "any", as the canonical form for IT_ANY in
 	 * id_type_to_str[] is "*".
 	 */
 	if (strcmp(string, "any") == 0) {
-		*type = RULE_ANY;
+		*type = IT_ANY;
 		return (0);
 	}
 
 	/* Start at 1 to avoid parsing "invalid". */
-	for (size_t i = 1; id_type_to_str[i] != NULL; ++i) {
+	for (size_t i = 1; i <= IT_LAST; ++i) {
 		if (strcmp(string, id_type_to_str[i]) == 0) {
 			*type = i;
 			return (0);
 		}
 	}
 
-	*type = RULE_INVALID;
+	*type = IT_INVALID;
 	return (EINVAL);
 }
 
+static size_t
+parse_gid_flags(const char *const string, flags_t *const flags,
+    flags_t *const gid_flags)
+{
+	switch (string[0]) {
+	case '+':
+		*flags |= MDF_SUPP_ALLOW;
+		goto has_supp_clause;
+	case '!':
+		*flags |= MDF_SUPP_MUST;
+		*gid_flags |= MDF_MAY_REJ_SUPP;
+		goto has_supp_clause;
+	case '-':
+		*flags |= MDF_SUPP_DONT;
+		*gid_flags |= MDF_MAY_REJ_SUPP;
+		goto has_supp_clause;
+	has_supp_clause:
+		*gid_flags |= MDF_HAS_SUPP_CLAUSE;
+		return (1);
+	}
+
+	return (0);
+}
+
+static bool
+parse_any(const char *const string)
+{
+	return (strcmp(string, "*") == 0 || strcmp(string, "any") == 0);
+}
+
+static bool
+has_clauses(const id_nb_t nb, const flags_t type_flags)
+{
+	return ((type_flags & MDF_TYPE_MASK) != 0 || nb != 0);
+}
+
 static int
-parse_rule_element(char *element, struct rule **rule)
+parse_target_clause(char *to, struct rule *const rule,
+    struct id_list *const uid_list, struct id_list *const gid_list)
 {
-	const char *from_type, *from_id, *to, *p;
-	struct rule *new;
+	char *to_type, *to_id;
+	const char *p;
+	struct id_list *list;
+	id_nb_t *nb;
+	flags_t *tflags;
+	struct id_elem *ie;
+	struct id_spec is = {.flags = 0};
+	flags_t gid_flags = 0;
+	id_type_t type;
 	int error;
 
-	new = malloc(sizeof(*new), M_DO, M_ZERO|M_WAITOK);
+	MPASS(to != NULL);
+	to_type = strsep(&to, "=");
+	MPASS(to_type != NULL);
+	to_type += parse_gid_flags(to_type, &is.flags, &gid_flags);
+	error = parse_id_type(to_type, &type);
+	if (error != 0)
+		goto einval;
+	if (type != IT_GID && is.flags != 0)
+		goto einval;
+
+	to_id = strsep(&to, "");
+	switch (type) {
+	case IT_GID:
+		if (to_id == NULL)
+			goto einval;
+
+		if (is.flags == 0) {
+			/* No flags: Dealing with a primary group. */
+			is.flags |= MDF_PRIMARY;
+			gid_flags |= MDF_HAS_PRIMARY_CLAUSE;
+		}
+
+		list = gid_list;
+		nb = &rule->gids_nb;
+		tflags = &rule->gid_flags;
+
+		/* "*" or "any"? */
+		if (parse_any(to_id)) {
+			/*
+			 * We check that we have not seen any other clause of
+			 * the same category (i.e., concerning primary or
+			 * supplementary groups).
+			 */
+			if ((is.flags & MDF_PRIMARY) != 0) {
+				if ((*tflags & MDF_HAS_PRIMARY_CLAUSE) != 0)
+					goto einval;
+				*tflags |= gid_flags | MDF_ANY;
+			} else {
+				/*
+				 * If a supplementary group flag was present, it
+				 * must be MDF_SUPP_ALLOW ("+").
+				 */
+				if ((is.flags & MDF_SUPP_MASK) != MDF_SUPP_ALLOW ||
+				    (*tflags & MDF_HAS_SUPP_CLAUSE) != 0)
+					goto einval;
+				*tflags |= gid_flags | MDF_ANY_SUPP;
+			}
+			goto check_type_and_finish;
+		} else {
+			/*
+			 * Check that we haven't already seen "any" for the same
+			 * category.
+			 */
+			if ((is.flags & MDF_PRIMARY) != 0) {
+				if ((*tflags & MDF_ANY) != 0)
+					goto einval;
+			} else if ((*tflags & MDF_ANY_SUPP) != 0 &&
+			    (is.flags & MDF_SUPP_ALLOW) != 0)
+				goto einval;
+			*tflags |= gid_flags;
+		}
+		break;
+
+	case IT_UID:
+		if (to_id == NULL)
+			goto einval;
+
+		list = uid_list;
+		nb = &rule->uids_nb;
+		tflags = &rule->uid_flags;
+
+		/* "*" or "any"? */
+		if (parse_any(to_id)) {
+			/* There must not be any other clause. */
+			if (has_clauses(*nb, *tflags))
+				goto einval;
+			*tflags |= MDF_ANY;
+			goto check_type_and_finish;
+		} else {
+			/*
+			 * Check that we haven't already seen "any" for the same
+			 * category.
+			 */
+			if ((*tflags & MDF_ANY) != 0)
+				goto einval;
+		}
+		break;
+
+	case IT_ANY:
+		/* No ID allowed. */
+		if (to_id != NULL)
+			goto einval;
+		/*
+		 * We can't have IT_ANY after any other IT_*, it must be the
+		 * only one.
+		 */
+		if (has_clauses(rule->uids_nb, rule->uid_flags) ||
+		    has_clauses(rule->gids_nb, rule->gid_flags))
+			goto einval;
+		rule->uid_flags |= MDF_ANY;
+		rule->gid_flags |= MDF_ANY | MDF_ANY_SUPP |
+		    MDF_HAS_PRIMARY_CLAUSE | MDF_HAS_SUPP_CLAUSE;
+		goto finish;
+
+	default:
+		/* parse_id_type() returns no other types currently. */
+		__assert_unreachable();
+	}
 
-	from_type = strsep(&element, "=");
-	if (from_type == NULL)
+	/* Rule out cases that have been treated above. */
+	MPASS((type == IT_UID || type == IT_GID) && !parse_any(to_id));
+
+	/* "."? */
+	if (strcmp(to_id, ".") == 0) {
+		if ((*tflags & MDF_CURRENT) != 0) {
+			/* Duplicate "." <id>.  Try to coalesce. */
+			error = coalesce_id_flags(is.flags, tflags);
+			if (error != 0)
+				goto einval;
+		} else
+			*tflags |= MDF_CURRENT | is.flags;
+		goto check_type_and_finish;
+	}
+
+	/* Parse an ID. */
+	error = strtoui_strict(to_id, &p, 10, &is.id);
+	if (error != 0 || *p != '\0')
 		goto einval;
 
+	/* Explicit ID flags. */
+	if (type == IT_GID && (is.flags & MDF_SUPP_MUST) != 0)
+		*tflags |= MDF_EXPLICIT_SUPP_MUST;
+
+	/*
+	 * We check for duplicate IDs and coalesce their 'struct id_spec' only
+	 * at end of parse_single_rule() because it is much more performant then
+	 * (using sorted arrays).
+	 */
+	++*nb;
+	if (*nb == 0)
+		return (EOVERFLOW);
+	ie = malloc(sizeof(*ie), M_DO, M_WAITOK);
+	ie->spec = is;
+	TAILQ_INSERT_TAIL(list, ie, ie_entries);
+	check_type_and_id_spec(type, &is);
+finish:
+	return (0);
+check_type_and_finish:
+	check_type_and_type_flags(type, *tflags);
+	return (0);
+einval:
+	return (EINVAL);
+}
+
+static int
+u_int_cmp(const u_int i1, const u_int i2)
+{
+	return ((i1 > i2) - (i1 < i2));
+}
+
+static int
+id_spec_cmp(const void *const p1, const void *const p2)
+{
+	const struct id_spec *const is1 = p1;
+	const struct id_spec *const is2 = p2;
+
+	return (u_int_cmp(is1->id, is2->id));
+}
+
+/*
+ * Transfer content of 'list' into 'array', freeing and emptying list.
+ *
+ * 'nb' must be 'list''s length and not be greater than 'array''s size.  The
+ * destination array is sorted by ID.  Structures 'struct id_spec' with same IDs
+ * are coalesced if that makes sense (not including duplicate clauses), else
+ * EINVAL is returned.  On success, 'nb' is updated (lowered) to account for
+ * coalesced specifications.  The parameter 'type' is only for testing purposes
+ * (INVARIANTS).
+ */
+static int
+pour_list_into_rule(const id_type_t type, struct id_list *const list,
+    struct id_spec *const array, id_nb_t *const nb)
+{
+	struct id_elem *ie, *ie_next;
+	size_t idx = 0;
+
+	/* Fill the array. */
+	TAILQ_FOREACH_SAFE(ie, list, ie_entries, ie_next) {
+		MPASS(idx < *nb);
+		array[idx] = ie->spec;
+		free(ie, M_DO);
+		++idx;
+	}
+	MPASS(idx == *nb);
+	TAILQ_INIT(list);
+
+	/* Sort it (by ID). */
+	qsort(array, *nb, sizeof(*array), id_spec_cmp);
+
+	/* Coalesce same IDs. */
+	if (*nb != 0) {
+		size_t ref_idx = 0;
+
+		for (idx = 1; idx < *nb; ++idx) {
+			const u_int id = array[idx].id;
+
+			if (id != array[ref_idx].id) {
+				++ref_idx;
+				if (ref_idx != idx)
+					array[ref_idx] = array[idx];
+				continue;
+			}
+
+			switch (type) {
+				int error;
+
+			case IT_GID:
+				error = coalesce_id_flags(array[idx].flags,
+				    &array[ref_idx].flags);
+				if (error != 0)
+					return (EINVAL);
+				check_type_and_id_flags(type,
+				    array[ref_idx].flags);
+				break;
+
+			case IT_UID:
+				/*
+				 * No flags in this case.  Multiple appearances
+				 * of the same UID is an exact redundancy, so
+				 * error out.
+				 */
+				return (EINVAL);
+
+			default:
+				__assert_unreachable();
+			}
+		}
+		*nb = ref_idx + 1;
+	}
+
+	return (0);
+}
+
+/*
+ * See also first comments for parse_rule() below.
+ *
+ * The second part of a rule, called <target> (or <to>), is a comma-separated
+ * (',') list of '<flags><type>=<id>' clauses similar to that of the <from>
+ * part, with the extensions that <id> may also be "*" or "any" or ".", and that
+ * <flags> may contain at most one of the '+', '-' and '!' characters when
+ * <type> is "gid" (no flags are allowed for "uid").  No two clauses in a single
+ * <to> list may list the same <id>.  "*" and "any" both designate any ID for
+ * the <type>, and are aliases to each other.  In front of "any" (or "*"), only
+ * the '+' flag is allowed (in the "gid" case).  "." designates the process'
+ * current IDs for the <type>.  The precise meaning of flags and "." is
+ * explained in functions checking privileges below.
+ */
+static int
+parse_single_rule(char *rule, struct rules *const rules)
+{
+	const char *from_type, *from_id, *p;
+	char *to_list;
+	struct id_list uid_list, gid_list;
+	struct id_elem *ie, *ie_next;
+	struct rule *new;
+	int error;
+
+	MPASS(rule != NULL);
+	TAILQ_INIT(&uid_list);
+	TAILQ_INIT(&gid_list);
+
+	/* Freed when the 'struct rules' container is freed. */
+	new = malloc(sizeof(*new), M_DO, M_WAITOK | M_ZERO);
+
+	from_type = strsep(&rule, "=");
+	MPASS(from_type != NULL); /* Because 'rule' was not NULL. */
 	error = parse_id_type(from_type, &new->from_type);
 	if (error != 0)
 		goto einval;
 	switch (new->from_type) {
-	case RULE_UID:
-	case RULE_GID:
+	case IT_UID:
+	case IT_GID:
 		break;
 	default:
 		goto einval;
 	}
 
-	from_id = strsep(&element, ":");
-	if (from_id == NULL || *from_id == '\0')
+	from_id = strsep(&rule, ":");
+	if (is_null_or_empty(from_id))
 		goto einval;
 
 	error = strtoui_strict(from_id, &p, 10, &new->from_id);
 	if (error != 0 || *p != '\0')
 		goto einval;
 
-	to = element;
-	if (to == NULL || *to == '\0')
+	/*
+	 * We will now parse the "to" list.
+	 *
+	 * In order to ease parsing, we will begin by building lists of target
+	 * UIDs and GIDs in local variables 'uid_list' and 'gid_list'.  The
+	 * number of each type of IDs will be filled directly in 'new'.  At end
+	 * of parse, we will allocate both arrays of IDs to be placed into the
+	 * 'uids' and 'gids' members, sort them, and discard the tail queues
+	 * used to build them.  This conversion to sorted arrays at end of parse
+	 * allows to minimize memory allocations and enables searching IDs in
+	 * O(log(n)) instead of linearly.
+	 */
+	to_list = strsep(&rule, ",");
+	if (to_list == NULL)
 		goto einval;
+	do {
+		error = parse_target_clause(to_list, new, &uid_list, &gid_list);
+		if (error != 0)
+			goto einval;
 
-	if (strcmp(to, "any") == 0 || strcmp(to, "*") == 0)
-		new->to_type = RULE_ANY;
-	else {
-		new->to_type = RULE_UID;
-		error = strtoui_strict(to, &p, 10, &new->to_id);
-		if (error != 0 || *p != '\0')
+		to_list = strsep(&rule, ",");
+	} while (to_list != NULL);
+
+	if (new->uids_nb != 0) {
+		new->uids = malloc(sizeof(*new->uids) * new->uids_nb, M_DO,
+		    M_WAITOK);
+		error = pour_list_into_rule(IT_UID, &uid_list, new->uids,
+		    &new->uids_nb);
+		if (error != 0)
+			goto einval;
+	}
+	MPASS(TAILQ_EMPTY(&uid_list));
+	if (!has_clauses(new->uids_nb, new->uid_flags)) {
+		/* No UID specified, default is "uid=.". */
+		MPASS(new->uid_flags == 0);
+		new->uid_flags = MDF_CURRENT;
+		check_type_and_type_flags(IT_UID, new->uid_flags);
+	}
+
+	if (new->gids_nb != 0) {
+		new->gids = malloc(sizeof(*new->gids) * new->gids_nb, M_DO,
+		    M_WAITOK);
+		error = pour_list_into_rule(IT_GID, &gid_list, new->gids,
+		    &new->gids_nb);
+		if (error != 0)
 			goto einval;
 	}
+	MPASS(TAILQ_EMPTY(&gid_list));
+	if (!has_clauses(new->gids_nb, new->gid_flags)) {
+		/* No GID specified, default is "gid=.,!gid=.". */
+		MPASS(new->gid_flags == 0);
+		new->gid_flags = MDF_CURRENT | MDF_PRIMARY | MDF_SUPP_MUST |
+		    MDF_HAS_PRIMARY_CLAUSE | MDF_HAS_SUPP_CLAUSE;
+		check_type_and_type_flags(IT_GID, new->gid_flags);
+	}
 
-	*rule = new;
+	TAILQ_INSERT_TAIL(&rules->head, new, r_entries);
 	return (0);
+
 einval:
+	free(new->gids, M_DO);
+	free(new->uids, M_DO);
 	free(new, M_DO);
-	*rule = NULL;
+	TAILQ_FOREACH_SAFE(ie, &gid_list, ie_entries, ie_next)
+	    free(ie, M_DO);
+	TAILQ_FOREACH_SAFE(ie, &uid_list, ie_entries, ie_next)
+	    free(ie, M_DO);
 	return (EINVAL);
 }
 
@@ -223,19 +811,25 @@ einval:
  * representing the rules.  On error, the returned value is non-zero and
  * '*rulesp' is unchanged.  If 'string' has length greater or equal to
  * MAC_RULE_STRING_LEN, ENAMETOOLONG is returned.  If it is not in the expected
- * format (comma-separated list of clauses of the form "<type>=<val>:<target>",
- * where <type> is "uid" or "gid", <val> an UID or GID (depending on <type>) and
- * <target> is "*", "any" or some UID), EINVAL is returned.
+ * format, EINVAL is returned.
+ *
+ * Expected format: A semi-colon-separated list of rules of the form
+ * "<from>:<target>".  The <from> part is of the form "<type>=<id>" where <type>
+ * is "uid" or "gid", <id> an UID or GID (depending on <type>) and <target> is
+ * "*", "any" or a comma-separated list of '<flags><type>=<id>' clauses (see the
+ * comment for parse_single_rule() for more details).  For convenience, empty
+ * rules are allowed (and do nothing).
+ *
+ * Examples:
+ * - "uid=1001:uid=1010,gid=1010;uid=1002:any"
+ * - "gid=1010:gid=1011,gid=1012,gid=1013"
  */
 static int
 parse_rules(const char *const string, struct rules **const rulesp)
 {
 	const size_t len = strlen(string);
-	char *copy;
-	char *p;
-	char *element;
+	char *copy, *p, *rule;
 	struct rules *rules;
-	struct rule *new;
 	int error = 0;
 
 	if (len >= MAC_RULE_STRING_LEN)
@@ -250,15 +844,14 @@ parse_rules(const char *const string, struct rules **const rulesp)
 	MPASS(copy[len] == '\0'); /* Catch some races. */
 
 	p = copy;
-	while ((element = strsep(&p, ",")) != NULL) {
-		if (element[0] == '\0')
+	while ((rule = strsep(&p, ";")) != NULL) {
+		if (rule[0] == '\0')
 			continue;
-		error = parse_rule_element(element, &new);
+		error = parse_single_rule(rule, rules);
 		if (error != 0) {
 			toast_rules(rules);
 			goto out;
 		}
-		TAILQ_INSERT_TAIL(&rules->head, new, r_entries);
 	}
 
 	*rulesp = rules;
@@ -293,8 +886,8 @@ find_rules(struct prison *const pr, struct prison **const aprp)
 		MPASS(ppr != NULL); /* prison0 always has rules. */
 		cpr = ppr;
 	}
-	*aprp = cpr;
 
+	*aprp = cpr;
 	return (rules);
 }
 
@@ -634,9 +1227,9 @@ mac_do_destroy(struct mac_policy_conf *mpc)
 static bool
 rule_applies(struct ucred *cred, struct rule *r)
 {
-	if (r->from_type == RULE_UID && r->from_id == cred->cr_uid)
+	if (r->from_type == IT_UID && r->from_id == cred->cr_uid)
 		return (true);
-	if (r->from_type == RULE_GID && groupmember(r->from_id, cred))
+	if (r->from_type == IT_GID && groupmember(r->from_id, cred))
 		return (true);
 	return (false);
 }
@@ -706,11 +1299,12 @@ static int
 mac_do_check_setuid(struct ucred *cred, uid_t uid)
 {
 	struct rule *r;
-	int error;
 	char *fullpath = NULL;
 	char *freebuf = NULL;
 	struct prison *pr;
 	struct rules *rule;
+	struct id_spec uid_is = {.id = uid};
+	int error;
 
 	if (do_enabled == 0)
 		return (0);
@@ -728,29 +1322,17 @@ mac_do_check_setuid(struct ucred *cred, uid_t uid)
 	error = EPERM;
 	rule = find_rules(cred->cr_prison, &pr);
 	TAILQ_FOREACH(r, &rule->head, r_entries) {
-		if (r->from_type == RULE_UID) {
-			if (cred->cr_uid != r->from_id)
-				continue;
-			if (r->to_type == RULE_ANY) {
-				error = 0;
-				break;
-			}
-			if (r->to_type == RULE_UID && uid == r->to_id) {
-				error = 0;
-				break;
-			}
-		}
-		if (r->from_type == RULE_GID) {
-			if (!groupmember(r->from_id, cred))
-				continue;
-			if (r->to_type == RULE_ANY) {
-				error = 0;
-				break;
-			}
-			if (r->to_type == RULE_UID && uid == r->to_id) {
-				error = 0;
-				break;
-			}
+		if (!((r->from_type == IT_UID && cred->cr_uid == r->from_id) ||
+		    (r->from_type == IT_GID && groupmember(r->from_id, cred))))
+			continue;
+
+		if (r->uid_flags & MDF_ANY ||
*** 9 LINES SKIPPED ***

From nobody Thu Apr  3 19:32:25 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhT4t42z5sM1t;
	Thu, 03 Apr 2025 19:32:25 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhT1mpJz3SgQ;
	Thu, 03 Apr 2025 19:32:25 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708745;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=UPKo3Z/I4Kg5KOxnlSuDlKEG/adlsitixpnubfObERM=;
	b=cyUxJlPP7vPafTW9+L2IUaWymeo/sUxnWi3nRbFH0P7GeIfVyfGJaI+3+aQzL2J6/C4K1N
	osN82H/YdHiLOlS7uBzvhFb3Ahi24HeRKFyChJYXK5UXQwaa/kvOse/xlwp19Aq4Ys5UnU
	6uWwGvqzbtnEhnjvl/YEEzTSShcZ6DubBGeE22eFikpQnxn2jMtExlA+6I5+HvIWS4lBxe
	GMm3kJRZSDOPZQeMrehkBTBx8lheR6vL6RWAJPkmAfS4m9ZDMry/Pkdwr26AYp9ndZMS9q
	qAIcVSBJPNvQePtei2Vy0UVrPE3sMHs39UOGvY6pmxNH5fvsgwcdjuunajnd/w==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708745; a=rsa-sha256; cv=none;
	b=O7nCbrk8z8K2T5NXwNG2wmVB20lUzdxckPZKxW9E7LsvjEoslQ0RgqTG+atPKor9Ef9whS
	g26o+Vlr7JPq7O13ilcdzdDIeSqM24sPZVFutCL7I5I7cXfXEWAdIIaZzMeR6Rf9M8pdh2
	9OAwEh3aeNlmhUgrSDeaKMJyDPWOyfZRH17wJ2kk9nRxnyYU0pvngpHstoX6J/Edu15qPN
	+RSrqMKqtY60sx7ljE7gtkYBRB/7oQxxFmR7tSIxu2ma+Sbd5RlCMyEk6wahOW1jsOBUIm
	/jCOLomZO32fufKHBjbqSXcbecgrHY8XrFc6SmaSVxCjun1Y8sdHFDGsg7hL5A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708745;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=UPKo3Z/I4Kg5KOxnlSuDlKEG/adlsitixpnubfObERM=;
	b=s+3atLMP4krWX6NRRnIAtn29LipDeOTKEdDESbAUJb4EooNxec+UKOTnSms70ea//qWBuz
	5JCebdUFT3w7ELE+wC5K3uaHkx+ry54IRaog/8yB/Clfb5wsIUsnI8KmOY/vD49PbV5Kzu
	i+xigazBvoVU7sUmXJ4nza31zgrfZ3xCBeAnTNRXWEvdGwfutB8tBx5dAIofHImB3c3IFG
	fkgQ4EquZ0C4TtLzLG/yQi6ueIiVb4hmjEETWSFJsyptAnD2garOs7hUC9pPJ3xUxk5+7N
	jOk3FWBX0f/PaqDrNq8ZCBcE+LvItX9a6fmqsJ6j9jvHRMYUXet/sbKkRO8Q0A==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhT1NQzzkS;
	Thu, 03 Apr 2025 19:32:25 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWPHw040435;
	Thu, 3 Apr 2025 19:32:25 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWPZA040432;
	Thu, 3 Apr 2025 19:32:25 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:25 GMT
Message-Id: <202504031932.533JWPZA040432@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: e34dec3f12b6 - stable/14 - UPDATING: Request recompiling
  MAC modules because of new hooks
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: e34dec3f12b6a4cab5926537a4f651d8a881edd0
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=e34dec3f12b6a4cab5926537a4f651d8a881edd0

commit e34dec3f12b6a4cab5926537a4f651d8a881edd0
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2025-04-03 07:43:32 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:04 +0000

    UPDATING: Request recompiling MAC modules because of new hooks
---
 UPDATING | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/UPDATING b/UPDATING
index 62d80d0c4c74..65c8b793a1ae 100644
--- a/UPDATING
+++ b/UPDATING
@@ -12,6 +12,12 @@ Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before updating system packages
 and/or ports.
 
+20250403:
+	Commit 8aedc83c1cc2 ("New setcred() system call and associated MAC
+	hooks") introduces new MAC hooks for the new setcred() system call,
+	modifying the layout and size of 'struct mac_policy_ops'.  As a result,
+	all MAC modules need to be recompiled.
+
 20250228:
 	Commit 9fed5151903f modified the internal API between the
 	nfscommon and nfscl modules.  As such, both of these modules

From nobody Thu Apr  3 19:32:24 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhS4dGDz5sMFj;
	Thu, 03 Apr 2025 19:32:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhS1S3Qz3Sj5;
	Thu, 03 Apr 2025 19:32:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708744;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=wdfN/4mmGZmeBWkKZvRkY1XkKuboz1ffkACjJK3F+Po=;
	b=d+d3qpuOj69QFsZHofFznebaPZbAhzEg7hz9sRq79CB3v7pKPS9+qnN+BefTnBOLmC2QTF
	4VXKvUyeKne7iUTT+urzBojQmpM6STsUiTsWLqfHgRRPfnv6QdNmyYwKYY3Ni3gQaVnESg
	3SCNzqJb8HsOoGTLEqN3SEZFrn12I4Um/2UhBdXBcm4dG8qIs1w0422Le3WEPkKncestl8
	Iavuk2rdtBPL53nqYvBFIW+WS4VDkr4x9nRvhMjqcqosuDw4BNYCkCJPA7auDrjD/2VYBw
	rXDU96o5vat8sXI20/NcpqymcOZmA88284I5sLpgUDWQYQV55tJvMJsEas0dEQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708744; a=rsa-sha256; cv=none;
	b=L7+E+2G/UR10sbNhSszRXQ3tvk5MXXGPOmLbGAwm6QhZvV4+r2FnEkh+5fuIwU8xEXfy2v
	vQrZfwVSRx0fF9an1A2N/eyE1LC2uXg1VEd9LhRWUNI+BtBzFXaVV+oIhnpkb3XSupTzXd
	8mQAO3odAmRWDykLVAsnCDycLei6Yt6DsEUIfk/L6BhSBGopqBRSKa52IonJL+4+Iw2SWe
	pNy1kN0KfkWx48YHRzwt46DyEhqy5JhhdjVwgSZtqGVXG8YnPJvPO/xJY0t0cmW+pWzFi6
	UOLS/uDSzvcGpFHmjvASW4Uz9fyCmWA2BfNVEFvaXDEh/X/D+7t+CQDClg33Mw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708744;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=wdfN/4mmGZmeBWkKZvRkY1XkKuboz1ffkACjJK3F+Po=;
	b=J695lmnYl8NPVj9npSPnphm7cuXeQLdr9K+KVFBou/TGz9x0K7CR+k6o/Fhs+tyKaL6TEh
	53jfU1ddeP1mjG5DuIcKJORoNSR3npn+vKdSSmBFVPY1EUaVKJqPFyzSfIQeqcDqWS4iHt
	CvZYl6xwdzoqotEv43p8D0+l8oMRclbWaRVyb2iKgsVqkkZi3nLETx7kgUcgrjARB5skcM
	6/EU//XLyOx6WTO53VyMiFpCjb28XkXZR+HXmgMFMvf76hiHfNSPRIwyRSQpjNwALUZglu
	4MSMM/f4ddkVXd9bSEnkCiKrSeJunBgVwF9DRU2KieaygSmODPa13GNkBHJw2g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhS0y1JzkR;
	Thu, 03 Apr 2025 19:32:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWOuZ040402;
	Thu, 3 Apr 2025 19:32:24 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWOmF040398;
	Thu, 3 Apr 2025 19:32:24 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:24 GMT
Message-Id: <202504031932.533JWOmF040398@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: c1d7552dddb5 - stable/14 - New setcred() system call
  and associated MAC hooks
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: c1d7552dddb5276c8d1cfe2b8c533646164e2f7a
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=c1d7552dddb5276c8d1cfe2b8c533646164e2f7a

commit c1d7552dddb5276c8d1cfe2b8c533646164e2f7a
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-18 20:47:43 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:03 +0000

    New setcred() system call and associated MAC hooks
    
    This new system call allows to set all necessary credentials of
    a process in one go: Effective, real and saved UIDs, effective, real and
    saved GIDs, supplementary groups and the MAC label.  Its advantage over
    standard credential-setting system calls (such as setuid(), seteuid(),
    etc.) is that it enables MAC modules, such as MAC/do, to restrict the
    set of credentials some process may gain in a fine-grained manner.
    
    Traditionally, credential changes rely on setuid binaries that call
    multiple credential system calls and in a specific order (setuid() must
    be last, so as to remain root for all other credential-setting calls,
    which would otherwise fail with insufficient privileges).  This
    piecewise approach causes the process to transiently hold credentials
    that are neither the original nor the final ones.  For the kernel to
    enforce that only certain transitions of credentials are allowed, either
    these possibly non-compliant transient states have to disappear (by
    setting all relevant attributes in one go), or the kernel must delay
    setting or checking the new credentials.  Delaying setting credentials
    could be done, e.g., by having some mode where the standard system calls
    contribute to building new credentials but without committing them.  It
    could be started and ended by a special system call.  Delaying checking
    could mean that, e.g., the kernel only verifies the credentials
    transition at the next non-credential-setting system call (we just
    mention this possibility for completeness, but are certainly not
    endorsing it).
    
    We chose the simpler approach of a new system call, as we don't expect
    the set of credentials one can set to change often.  It has the
    advantages that the traditional system calls' code doesn't have to be
    changed and that we can establish a special MAC protocol for it, by
    having some cleanup function called just before returning (this is
    a requirement for MAC/do), without disturbing the existing ones.
    
    The mac_cred_check_setcred() hook is passed the flags received by
    setcred() (including the version) and both the old and new kernel's
    'struct ucred' instead of 'struct setcred' as this should simplify
    evolving existing hooks as the 'struct setcred' structure evolves.  The
    mac_cred_setcred_enter() and mac_cred_setcred_exit() hooks are always
    called by pairs around potential calls to mac_cred_check_setcred().
    They allow MAC modules to allocate/free data they may need in their
    mac_cred_check_setcred() hook, as the latter is called under the current
    process' lock, rendering sleepable allocations impossible.  MAC/do is
    going to leverage these in a subsequent commit.  A scheme where
    mac_cred_check_setcred() could return ERESTART was considered but is
    incompatible with proper composition of MAC modules.
    
    While here, add missing includes and declarations for standalone
    inclusion of <sys/ucred.h> both from kernel and userspace (for the
    latter, it has been working thanks to <bsm/audit.h> already including
    <sys/types.h>).
    
    Reviewed by:    brooks
    Approved by:    markj (mentor)
    Relnotes:       yes
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47618
    
    (cherry picked from commit ddb3eb4efe55e57c206f3534263c77b837aff1dc)
---
 lib/libc/sys/Symbol.map                        |   1 +
 sys/bsm/audit_kevents.h                        |   1 +
 sys/compat/freebsd32/freebsd32_misc.c          |   9 +
 sys/compat/freebsd32/freebsd32_proto.h         |   7 +
 sys/compat/freebsd32/freebsd32_syscall.h       |   3 +-
 sys/compat/freebsd32/freebsd32_syscalls.c      |   2 +
 sys/compat/freebsd32/freebsd32_sysent.c        |   2 +
 sys/compat/freebsd32/freebsd32_systrace_args.c |  30 ++
 sys/kern/init_sysent.c                         |   2 +
 sys/kern/kern_jail.c                           |   1 +
 sys/kern/kern_prot.c                           | 373 ++++++++++++++++++++++++-
 sys/kern/syscalls.c                            |   2 +
 sys/kern/syscalls.master                       |   8 +
 sys/kern/systrace_args.c                       |  30 ++
 sys/security/mac/mac_cred.c                    |  47 ++++
 sys/security/mac/mac_framework.h               |   6 +-
 sys/security/mac/mac_policy.h                  |  10 +-
 sys/security/mac_stub/mac_stub.c               |  20 ++
 sys/security/mac_test/mac_test.c               |  29 ++
 sys/sys/priv.h                                 |   3 +-
 sys/sys/syscall.h                              |   3 +-
 sys/sys/syscall.mk                             |   3 +-
 sys/sys/syscallsubr.h                          |   2 +
 sys/sys/sysproto.h                             |   7 +
 sys/sys/ucred.h                                |  77 ++++-
 25 files changed, 662 insertions(+), 16 deletions(-)

diff --git a/lib/libc/sys/Symbol.map b/lib/libc/sys/Symbol.map
index d6126fd952fd..506d88d46c34 100644
--- a/lib/libc/sys/Symbol.map
+++ b/lib/libc/sys/Symbol.map
@@ -427,6 +427,7 @@ FBSD_1.7 {
 FBSD_1.8 {
 	getrlimitusage;
 	kcmp;
+	setcred;
 };
 
 FBSDprivate_1.0 {
diff --git a/sys/bsm/audit_kevents.h b/sys/bsm/audit_kevents.h
index d06381837aad..0f110d5f9ddd 100644
--- a/sys/bsm/audit_kevents.h
+++ b/sys/bsm/audit_kevents.h
@@ -662,6 +662,7 @@
 #define	AUE_AIO_READV		43268	/* FreeBSD-specific. */
 #define	AUE_FSPACECTL		43269	/* FreeBSD-specific. */
 #define	AUE_TIMERFD		43270	/* FreeBSD/Linux. */
+#define	AUE_SETCRED		43271	/* FreeBSD-specific. */
 
 /*
  * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
diff --git a/sys/compat/freebsd32/freebsd32_misc.c b/sys/compat/freebsd32/freebsd32_misc.c
index c4872373735c..7d945cfb6de5 100644
--- a/sys/compat/freebsd32/freebsd32_misc.c
+++ b/sys/compat/freebsd32/freebsd32_misc.c
@@ -86,6 +86,7 @@
 #include <sys/timex.h>
 #include <sys/unistd.h>
 #include <sys/ucontext.h>
+#include <sys/ucred.h>
 #include <sys/vnode.h>
 #include <sys/wait.h>
 #include <sys/ipc.h>
@@ -115,6 +116,7 @@
 #endif
 
 #include <security/audit/audit.h>
+#include <security/mac/mac_syscalls.h>
 
 #include <compat/freebsd32/freebsd32_util.h>
 #include <compat/freebsd32/freebsd32.h>
@@ -4172,3 +4174,10 @@ ofreebsd32_sethostid(struct thread *td, struct ofreebsd32_sethostid_args *uap)
 	    sizeof(hostid), NULL, 0));
 }
 #endif
+
+int
+freebsd32_setcred(struct thread *td, struct freebsd32_setcred_args *uap)
+{
+	/* Last argument is 'is_32bit'. */
+	return (user_setcred(td, uap->flags, uap->wcred, uap->size, true));
+}
diff --git a/sys/compat/freebsd32/freebsd32_proto.h b/sys/compat/freebsd32/freebsd32_proto.h
index 50448b6dce16..ea72f0e57acd 100644
--- a/sys/compat/freebsd32/freebsd32_proto.h
+++ b/sys/compat/freebsd32/freebsd32_proto.h
@@ -694,6 +694,11 @@ struct freebsd32_timerfd_settime_args {
 	char new_value_l_[PADL_(const struct itimerspec32 *)]; const struct itimerspec32 * new_value; char new_value_r_[PADR_(const struct itimerspec32 *)];
 	char old_value_l_[PADL_(struct itimerspec32 *)]; struct itimerspec32 * old_value; char old_value_r_[PADR_(struct itimerspec32 *)];
 };
+struct freebsd32_setcred_args {
+	char flags_l_[PADL_(u_int)]; u_int flags; char flags_r_[PADR_(u_int)];
+	char wcred_l_[PADL_(const struct setcred32 *)]; const struct setcred32 * wcred; char wcred_r_[PADR_(const struct setcred32 *)];
+	char size_l_[PADL_(size_t)]; size_t size; char size_r_[PADR_(size_t)];
+};
 int	freebsd32_wait4(struct thread *, struct freebsd32_wait4_args *);
 int	freebsd32_ptrace(struct thread *, struct freebsd32_ptrace_args *);
 int	freebsd32_recvmsg(struct thread *, struct freebsd32_recvmsg_args *);
@@ -811,6 +816,7 @@ int	freebsd32_aio_writev(struct thread *, struct freebsd32_aio_writev_args *);
 int	freebsd32_aio_readv(struct thread *, struct freebsd32_aio_readv_args *);
 int	freebsd32_timerfd_gettime(struct thread *, struct freebsd32_timerfd_gettime_args *);
 int	freebsd32_timerfd_settime(struct thread *, struct freebsd32_timerfd_settime_args *);
+int	freebsd32_setcred(struct thread *, struct freebsd32_setcred_args *);
 
 #ifdef COMPAT_43
 
@@ -1306,6 +1312,7 @@ int	freebsd11_freebsd32_fstatat(struct thread *, struct freebsd11_freebsd32_fsta
 #define	FREEBSD32_SYS_AUE_freebsd32_aio_readv	AUE_AIO_READV
 #define	FREEBSD32_SYS_AUE_freebsd32_timerfd_gettime	AUE_TIMERFD
 #define	FREEBSD32_SYS_AUE_freebsd32_timerfd_settime	AUE_TIMERFD
+#define	FREEBSD32_SYS_AUE_freebsd32_setcred	AUE_SETCRED
 
 #undef PAD_
 #undef PADL_
diff --git a/sys/compat/freebsd32/freebsd32_syscall.h b/sys/compat/freebsd32/freebsd32_syscall.h
index 01c1a5c515d8..6aef20fb0231 100644
--- a/sys/compat/freebsd32/freebsd32_syscall.h
+++ b/sys/compat/freebsd32/freebsd32_syscall.h
@@ -508,4 +508,5 @@
 #define	FREEBSD32_SYS_freebsd32_timerfd_settime	587
 #define	FREEBSD32_SYS_kcmp	588
 #define	FREEBSD32_SYS_getrlimitusage	589
-#define	FREEBSD32_SYS_MAXSYSCALL	590
+#define	FREEBSD32_SYS_freebsd32_setcred	591
+#define	FREEBSD32_SYS_MAXSYSCALL	592
diff --git a/sys/compat/freebsd32/freebsd32_syscalls.c b/sys/compat/freebsd32/freebsd32_syscalls.c
index 6d50f7c03626..1501c0a78f0e 100644
--- a/sys/compat/freebsd32/freebsd32_syscalls.c
+++ b/sys/compat/freebsd32/freebsd32_syscalls.c
@@ -595,4 +595,6 @@ const char *freebsd32_syscallnames[] = {
 	"freebsd32_timerfd_settime",			/* 587 = freebsd32_timerfd_settime */
 	"kcmp",			/* 588 = kcmp */
 	"getrlimitusage",			/* 589 = getrlimitusage */
+	"#590",			/* 590 = fchroot */
+	"freebsd32_setcred",			/* 591 = freebsd32_setcred */
 };
diff --git a/sys/compat/freebsd32/freebsd32_sysent.c b/sys/compat/freebsd32/freebsd32_sysent.c
index 3d4916427475..5c5cbe967126 100644
--- a/sys/compat/freebsd32/freebsd32_sysent.c
+++ b/sys/compat/freebsd32/freebsd32_sysent.c
@@ -651,4 +651,6 @@ struct sysent freebsd32_sysent[] = {
 	{ .sy_narg = AS(freebsd32_timerfd_settime_args), .sy_call = (sy_call_t *)freebsd32_timerfd_settime, .sy_auevent = AUE_TIMERFD, .sy_flags = SYF_CAPENABLED, .sy_thrcnt = SY_THR_STATIC },	/* 587 = freebsd32_timerfd_settime */
 	{ .sy_narg = AS(kcmp_args), .sy_call = (sy_call_t *)sys_kcmp, .sy_auevent = AUE_NULL, .sy_flags = 0, .sy_thrcnt = SY_THR_STATIC },	/* 588 = kcmp */
 	{ .sy_narg = AS(getrlimitusage_args), .sy_call = (sy_call_t *)sys_getrlimitusage, .sy_auevent = AUE_NULL, .sy_flags = SYF_CAPENABLED, .sy_thrcnt = SY_THR_STATIC },	/* 589 = getrlimitusage */
+	{ .sy_narg = 0, .sy_call = (sy_call_t *)nosys, .sy_auevent = AUE_NULL, .sy_flags = 0, .sy_thrcnt = SY_THR_ABSENT },			/* 590 = fchroot */
+	{ .sy_narg = AS(freebsd32_setcred_args), .sy_call = (sy_call_t *)freebsd32_setcred, .sy_auevent = AUE_SETCRED, .sy_flags = SYF_CAPENABLED, .sy_thrcnt = SY_THR_STATIC },	/* 591 = freebsd32_setcred */
 };
diff --git a/sys/compat/freebsd32/freebsd32_systrace_args.c b/sys/compat/freebsd32/freebsd32_systrace_args.c
index 8f7d9edadfee..c5b16c12edd2 100644
--- a/sys/compat/freebsd32/freebsd32_systrace_args.c
+++ b/sys/compat/freebsd32/freebsd32_systrace_args.c
@@ -3391,6 +3391,15 @@ systrace_args(int sysnum, void *params, uint64_t *uarg, int *n_args)
 		*n_args = 3;
 		break;
 	}
+	/* freebsd32_setcred */
+	case 591: {
+		struct freebsd32_setcred_args *p = params;
+		uarg[a++] = p->flags; /* u_int */
+		uarg[a++] = (intptr_t)p->wcred; /* const struct setcred32 * */
+		uarg[a++] = p->size; /* size_t */
+		*n_args = 3;
+		break;
+	}
 	default:
 		*n_args = 0;
 		break;
@@ -9159,6 +9168,22 @@ systrace_entry_setargdesc(int sysnum, int ndx, char *desc, size_t descsz)
 			break;
 		};
 		break;
+	/* freebsd32_setcred */
+	case 591:
+		switch (ndx) {
+		case 0:
+			p = "u_int";
+			break;
+		case 1:
+			p = "userland const struct setcred32 *";
+			break;
+		case 2:
+			p = "size_t";
+			break;
+		default:
+			break;
+		};
+		break;
 	default:
 		break;
 	};
@@ -11057,6 +11082,11 @@ systrace_return_setargdesc(int sysnum, int ndx, char *desc, size_t descsz)
 		if (ndx == 0 || ndx == 1)
 			p = "int";
 		break;
+	/* freebsd32_setcred */
+	case 591:
+		if (ndx == 0 || ndx == 1)
+			p = "int";
+		break;
 	default:
 		break;
 	};
diff --git a/sys/kern/init_sysent.c b/sys/kern/init_sysent.c
index e740d6ef1b72..fa2660165590 100644
--- a/sys/kern/init_sysent.c
+++ b/sys/kern/init_sysent.c
@@ -650,4 +650,6 @@ struct sysent sysent[] = {
 	{ .sy_narg = AS(timerfd_settime_args), .sy_call = (sy_call_t *)sys_timerfd_settime, .sy_auevent = AUE_TIMERFD, .sy_flags = SYF_CAPENABLED, .sy_thrcnt = SY_THR_STATIC },	/* 587 = timerfd_settime */
 	{ .sy_narg = AS(kcmp_args), .sy_call = (sy_call_t *)sys_kcmp, .sy_auevent = AUE_NULL, .sy_flags = 0, .sy_thrcnt = SY_THR_STATIC },	/* 588 = kcmp */
 	{ .sy_narg = AS(getrlimitusage_args), .sy_call = (sy_call_t *)sys_getrlimitusage, .sy_auevent = AUE_NULL, .sy_flags = SYF_CAPENABLED, .sy_thrcnt = SY_THR_STATIC },	/* 589 = getrlimitusage */
+	{ .sy_narg = 0, .sy_call = (sy_call_t *)nosys, .sy_auevent = AUE_NULL, .sy_flags = 0, .sy_thrcnt = SY_THR_ABSENT },			/* 590 = fchroot */
+	{ .sy_narg = AS(setcred_args), .sy_call = (sy_call_t *)sys_setcred, .sy_auevent = AUE_SETCRED, .sy_flags = SYF_CAPENABLED, .sy_thrcnt = SY_THR_STATIC },	/* 591 = setcred */
 };
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 103b44cc00b9..99cf8f731c48 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -3939,6 +3939,7 @@ prison_priv_check(struct ucred *cred, int priv)
 		 * Allow jailed processes to manipulate process UNIX
 		 * credentials in any way they see fit.
 		 */
+	case PRIV_CRED_SETCRED:
 	case PRIV_CRED_SETUID:
 	case PRIV_CRED_SETEUID:
 	case PRIV_CRED_SETGID:
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 3f1d28376d49..31652a338e8e 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -49,6 +49,7 @@
 
 #include <sys/param.h>
 #include <sys/systm.h>
+#include <sys/abi_compat.h>
 #include <sys/acct.h>
 #include <sys/kdb.h>
 #include <sys/kernel.h>
@@ -75,6 +76,10 @@
 #include <sys/syscallsubr.h>
 #include <sys/sysctl.h>
 
+#ifdef MAC
+#include <security/mac/mac_syscalls.h>
+#endif
+
 #ifdef REGRESSION
 FEATURE(regression,
     "Kernel support for interfaces necessary for regression testing (SECURITY RISK!)");
@@ -484,6 +489,365 @@ done:
 	return (error);
 }
 
+static int
+gidp_cmp(const void *p1, const void *p2)
+{
+	const gid_t g1 = *(const gid_t *)p1;
+	const gid_t g2 = *(const gid_t *)p2;
+
+	return ((g1 > g2) - (g1 < g2));
+}
+
+/*
+ * Final storage for groups (including the effective GID) will be returned via
+ * 'groups'.  '*groups' must be NULL on input, and if not equal to 'smallgroups'
+ * on output, must be freed (M_TEMP) *even if* an error is returned.
+ */
+static int
+kern_setcred_copyin_supp_groups(struct setcred *const wcred,
+    const u_int flags, gid_t *const smallgroups, gid_t **const groups)
+{
+	MPASS(*groups == NULL);
+
+	if (flags & SETCREDF_SUPP_GROUPS) {
+		int error;
+
+		/*
+		 * Check for the limit for number of groups right now in order
+		 * to limit the amount of bytes to copy.
+		 */
+		if (wcred->sc_supp_groups_nb > ngroups_max)
+			return (EINVAL);
+
+		/*
+		 * Since we are going to be copying the supplementary groups
+		 * from userland, make room also for the effective GID right
+		 * now, to avoid having to allocate and copy again the
+		 * supplementary groups.
+		 */
+		*groups = wcred->sc_supp_groups_nb < CRED_SMALLGROUPS_NB ?
+		    smallgroups : malloc((wcred->sc_supp_groups_nb + 1) *
+		    sizeof(*groups), M_TEMP, M_WAITOK);
+
+		error = copyin(wcred->sc_supp_groups, *groups + 1,
+		    wcred->sc_supp_groups_nb * sizeof(*groups));
+		if (error != 0)
+			return (error);
+		wcred->sc_supp_groups = *groups + 1;
+	} else {
+		wcred->sc_supp_groups_nb = 0;
+		wcred->sc_supp_groups = NULL;
+	}
+
+	return (0);
+}
+
+int
+user_setcred(struct thread *td, const u_int flags,
+    const void *const uwcred, const size_t size, bool is_32bit)
+{
+	struct setcred wcred;
+#ifdef MAC
+	struct mac mac;
+	/* Pointer to 'struct mac' or 'struct mac32'. */
+	void *umac;
+#endif
+	gid_t smallgroups[CRED_SMALLGROUPS_NB];
+	gid_t *groups = NULL;
+	int error;
+
+	/*
+	 * As the only point of this wrapper function is to copyin() from
+	 * userland, we only interpret the data pieces we need to perform this
+	 * operation and defer further sanity checks to kern_setcred(), except
+	 * that we redundantly check here that no unknown flags have been
+	 * passed.
+	 */
+	if ((flags & ~SETCREDF_MASK) != 0)
+		return (EINVAL);
+
+#ifdef COMPAT_FREEBSD32
+	if (is_32bit) {
+		struct setcred32 wcred32;
+
+		if (size != sizeof(wcred32))
+			return (EINVAL);
+		error = copyin(uwcred, &wcred32, sizeof(wcred32));
+		if (error != 0)
+			return (error);
+		/* These fields have exactly the same sizes and positions. */
+		memcpy(&wcred, &wcred32, &wcred32.setcred32_copy_end -
+		    &wcred32.setcred32_copy_start);
+		/* Remaining fields are pointers and need PTRIN*(). */
+		PTRIN_CP(wcred32, wcred, sc_supp_groups);
+		PTRIN_CP(wcred32, wcred, sc_label);
+	} else
+#endif /* COMPAT_FREEBSD32 */
+	{
+		if (size != sizeof(wcred))
+			return (EINVAL);
+		error = copyin(uwcred, &wcred, sizeof(wcred));
+		if (error != 0)
+			return (error);
+	}
+#ifdef MAC
+	umac = wcred.sc_label;
+#endif
+	/* Also done on !MAC as a defensive measure. */
+	wcred.sc_label = NULL;
+
+	/*
+	 * Copy supplementary groups as needed.  There is no specific
+	 * alternative for 32-bit compatibility as 'gid_t' has the same size
+	 * everywhere.
+	 */
+	error = kern_setcred_copyin_supp_groups(&wcred, flags, smallgroups,
+	    &groups);
+	if (error != 0)
+		goto free_groups;
+
+#ifdef MAC
+	if ((flags & SETCREDF_MAC_LABEL) != 0) {
+#ifdef COMPAT_FREEBSD32
+		if (is_32bit)
+			error = mac_label_copyin32(umac, &mac, NULL);
+		else
+#endif
+			error = mac_label_copyin(umac, &mac, NULL);
+		if (error != 0)
+			goto free_groups;
+		wcred.sc_label = &mac;
+	}
+#endif
+
+	error = kern_setcred(td, flags, &wcred, groups);
+
+#ifdef MAC
+	if (wcred.sc_label != NULL)
+		free_copied_label(wcred.sc_label);
+#endif
+
+free_groups:
+	if (groups != smallgroups)
+		free(groups, M_TEMP);
+
+	return (error);
+}
+
+#ifndef _SYS_SYSPROTO_H_
+struct setcred_args {
+	u_int			 flags;	/* Flags. */
+	const struct setcred	*wcred;
+	size_t			 size;	/* Passed 'setcred' structure length. */
+};
+#endif
+/* ARGSUSED */
+int
+sys_setcred(struct thread *td, struct setcred_args *uap)
+{
+	return (user_setcred(td, uap->flags, uap->wcred, uap->size, false));
+}
+
+/*
+ * CAUTION: This function normalizes groups in 'wcred'.
+ *
+ * If 'preallocated_groups' is non-NULL, it must be an already allocated array
+ * of size 'wcred->sc_supp_groups_nb + 1', with the supplementary groups
+ * starting at index 1, and 'wcred->sc_supp_groups' then must point to the first
+ * supplementary group.
+ */
+int
+kern_setcred(struct thread *const td, const u_int flags,
+    struct setcred *const wcred, gid_t *preallocated_groups)
+{
+	struct proc *const p = td->td_proc;
+	struct ucred *new_cred, *old_cred, *to_free_cred;
+	struct uidinfo *uip = NULL, *ruip = NULL;
+#ifdef MAC
+	void *mac_set_proc_data = NULL;
+	bool proc_label_set = false;
+#endif
+	gid_t *groups = NULL;
+	gid_t smallgroups[CRED_SMALLGROUPS_NB];
+	int error;
+	bool cred_set;
+
+	/* Bail out on unrecognized flags. */
+	if (flags & ~SETCREDF_MASK)
+		return (EINVAL);
+
+	/*
+	 * Part 1: We allocate and perform preparatory operations with no locks.
+	 */
+
+	if (flags & SETCREDF_SUPP_GROUPS) {
+		if (wcred->sc_supp_groups_nb > ngroups_max)
+			return (EINVAL);
+		if (preallocated_groups != NULL) {
+			groups = preallocated_groups;
+			MPASS(preallocated_groups + 1 == wcred->sc_supp_groups);
+		} else {
+			groups = wcred->sc_supp_groups_nb < CRED_SMALLGROUPS_NB ?
+			    smallgroups :
+			    malloc((wcred->sc_supp_groups_nb + 1) *
+			    sizeof(*groups), M_TEMP, M_WAITOK);
+			memcpy(groups + 1, wcred->sc_supp_groups,
+			    wcred->sc_supp_groups_nb * sizeof(*groups));
+		}
+	}
+
+	if (flags & SETCREDF_MAC_LABEL) {
+#ifdef MAC
+		error = mac_set_proc_prepare(td, wcred->sc_label,
+		    &mac_set_proc_data);
+		if (error != 0)
+			goto free_groups;
+#else
+		error = ENOTSUP;
+		goto free_groups;
+#endif
+	}
+
+	if (flags & SETCREDF_UID) {
+		AUDIT_ARG_EUID(wcred->sc_uid);
+		uip = uifind(wcred->sc_uid);
+	}
+	if (flags & SETCREDF_RUID) {
+		AUDIT_ARG_RUID(wcred->sc_ruid);
+		ruip = uifind(wcred->sc_ruid);
+	}
+	if (flags & SETCREDF_SVUID)
+		AUDIT_ARG_SUID(wcred->sc_svuid);
+
+	if (flags & SETCREDF_GID)
+		AUDIT_ARG_EGID(wcred->sc_gid);
+	if (flags & SETCREDF_RGID)
+		AUDIT_ARG_RGID(wcred->sc_rgid);
+	if (flags & SETCREDF_SVGID)
+		AUDIT_ARG_SGID(wcred->sc_svgid);
+	if (flags & SETCREDF_SUPP_GROUPS) {
+		int ngrp = wcred->sc_supp_groups_nb;
+
+		/*
+		 * Output the raw supplementary groups array for better
+		 * traceability.
+		 */
+		AUDIT_ARG_GROUPSET(groups + 1, ngrp);
+		++ngrp;
+		groups_normalize(&ngrp, groups);
+		wcred->sc_supp_groups_nb = ngrp - 1;
+	}
+
+	/*
+	 * We first completely build the new credentials and only then pass them
+	 * to MAC along with the old ones so that modules can check whether the
+	 * requested transition is allowed.
+	 */
+	new_cred = crget();
+	to_free_cred = new_cred;
+	if (flags & SETCREDF_SUPP_GROUPS)
+		crextend(new_cred, wcred->sc_supp_groups_nb + 1);
+
+#ifdef MAC
+	mac_cred_setcred_enter();
+#endif
+
+	/*
+	 * Part 2: We grab the process lock as to have a stable view of its
+	 * current credentials, and prepare a copy of them with the requested
+	 * changes applied under that lock.
+	 */
+
+	PROC_LOCK(p);
+	old_cred = crcopysafe(p, new_cred);
+
+	/*
+	 * Change user IDs.
+	 */
+	if (flags & SETCREDF_UID)
+		change_euid(new_cred, uip);
+	if (flags & SETCREDF_RUID)
+		change_ruid(new_cred, ruip);
+	if (flags & SETCREDF_SVUID)
+		change_svuid(new_cred, wcred->sc_svuid);
+
+	/*
+	 * Change groups.
+	 *
+	 * crsetgroups_internal() changes both the effective and supplementary
+	 * ones.
+	 */
+	if (flags & SETCREDF_SUPP_GROUPS) {
+		groups[0] = flags & SETCREDF_GID ? wcred->sc_gid :
+		    new_cred->cr_gid;
+		crsetgroups_internal(new_cred, wcred->sc_supp_groups_nb + 1,
+		    groups);
+	} else if (flags & SETCREDF_GID)
+		change_egid(new_cred, wcred->sc_gid);
+	if (flags & SETCREDF_RGID)
+		change_rgid(new_cred, wcred->sc_rgid);
+	if (flags & SETCREDF_SVGID)
+		change_svgid(new_cred, wcred->sc_svgid);
+
+#ifdef MAC
+	/*
+	 * Change the MAC label.
+	 */
+	if (flags & SETCREDF_MAC_LABEL) {
+		error = mac_set_proc_core(td, new_cred, mac_set_proc_data);
+		if (error != 0)
+			goto unlock_finish;
+		proc_label_set = true;
+	}
+
+	/*
+	 * MAC security modules checks.
+	 */
+	error = mac_cred_check_setcred(flags, old_cred, new_cred);
+	if (error != 0)
+		goto unlock_finish;
+#endif
+	/*
+	 * Privilege check.
+	 */
+	error = priv_check_cred(old_cred, PRIV_CRED_SETCRED);
+	if (error != 0)
+		goto unlock_finish;
+
+	/*
+	 * Set the new credentials, noting that they have changed.
+	 */
+	cred_set = proc_set_cred_enforce_proc_lim(p, new_cred);
+	if (cred_set) {
+		setsugid(p);
+		to_free_cred = old_cred;
+		MPASS(error == 0);
+	} else
+		error = EAGAIN;
+
+unlock_finish:
+	PROC_UNLOCK(p);
+	/*
+	 * Part 3: After releasing the process lock, we perform cleanups and
+	 * finishing operations.
+	 */
+
+#ifdef MAC
+	if (mac_set_proc_data != NULL)
+		mac_set_proc_finish(td, proc_label_set, mac_set_proc_data);
+	mac_cred_setcred_exit();
+#endif
+	crfree(to_free_cred);
+	if (uip != NULL)
+		uifree(uip);
+	if (ruip != NULL)
+		uifree(ruip);
+free_groups:
+	if (groups != preallocated_groups && groups != smallgroups)
+		free(groups, M_TEMP); /* Deals with 'groups' being NULL. */
+	return (error);
+}
+
 /*
  * Use the clause in B.4.2.2 that allows setuid/setgid to be 4.2/4.3BSD
  * compatible.  It says that setting the uid/gid to euid/egid is a special
@@ -859,15 +1223,6 @@ sys_setgroups(struct thread *td, struct setgroups_args *uap)
 	return (error);
 }
 
-static int
-gidp_cmp(const void *p1, const void *p2)
-{
-	const gid_t g1 = *(const gid_t *)p1;
-	const gid_t g2 = *(const gid_t *)p2;
-
-	return ((g1 > g2) - (g1 < g2));
-}
-
 /*
  * CAUTION: This function normalizes 'groups', possibly also changing the value
  * of '*ngrpp' as a consequence.
diff --git a/sys/kern/syscalls.c b/sys/kern/syscalls.c
index f21cdd66b3cf..ac2984e339f2 100644
--- a/sys/kern/syscalls.c
+++ b/sys/kern/syscalls.c
@@ -595,4 +595,6 @@ const char *syscallnames[] = {
 	"timerfd_settime",			/* 587 = timerfd_settime */
 	"kcmp",			/* 588 = kcmp */
 	"getrlimitusage",			/* 589 = getrlimitusage */
+	"#590",			/* 590 = fchroot */
+	"setcred",			/* 591 = setcred */
 };
diff --git a/sys/kern/syscalls.master b/sys/kern/syscalls.master
index 825ab1a4536c..a52f4bd88b85 100644
--- a/sys/kern/syscalls.master
+++ b/sys/kern/syscalls.master
@@ -3354,5 +3354,13 @@
 		    _Out_ rlim_t *res
 		);
 	}
+590	AUE_NULL	UNIMPL	fchroot
+591	AUE_SETCRED	STD|CAPENABLED {
+		int setcred(
+		    u_int flags,
+		    _In_reads_bytes_(size) _Contains_ptr_ const struct setcred *wcred,
+		    size_t size
+		);
+	}
 
 ; vim: syntax=off
diff --git a/sys/kern/systrace_args.c b/sys/kern/systrace_args.c
index dd2f7a43ee78..dca61ab5fcad 100644
--- a/sys/kern/systrace_args.c
+++ b/sys/kern/systrace_args.c
@@ -3478,6 +3478,15 @@ systrace_args(int sysnum, void *params, uint64_t *uarg, int *n_args)
 		*n_args = 3;
 		break;
 	}
+	/* setcred */
+	case 591: {
+		struct setcred_args *p = params;
+		uarg[a++] = p->flags; /* u_int */
+		uarg[a++] = (intptr_t)p->wcred; /* const struct setcred * */
+		uarg[a++] = p->size; /* size_t */
+		*n_args = 3;
+		break;
+	}
 	default:
 		*n_args = 0;
 		break;
@@ -9304,6 +9313,22 @@ systrace_entry_setargdesc(int sysnum, int ndx, char *desc, size_t descsz)
 			break;
 		};
 		break;
+	/* setcred */
+	case 591:
+		switch (ndx) {
+		case 0:
+			p = "u_int";
+			break;
+		case 1:
+			p = "userland const struct setcred *";
+			break;
+		case 2:
+			p = "size_t";
+			break;
+		default:
+			break;
+		};
+		break;
 	default:
 		break;
 	};
@@ -11292,6 +11317,11 @@ systrace_return_setargdesc(int sysnum, int ndx, char *desc, size_t descsz)
 		if (ndx == 0 || ndx == 1)
 			p = "int";
 		break;
+	/* setcred */
+	case 591:
+		if (ndx == 0 || ndx == 1)
+			p = "int";
+		break;
 	default:
 		break;
 	};
diff --git a/sys/security/mac/mac_cred.c b/sys/security/mac/mac_cred.c
index 304265b783f1..5066de277176 100644
--- a/sys/security/mac/mac_cred.c
+++ b/sys/security/mac/mac_cred.c
@@ -209,6 +209,53 @@ mac_cred_check_relabel(struct ucred *cred, struct label *newlabel)
 	return (error);
 }
 
+/*
+ * Entry hook for setcred().
+ *
+ * Called with no lock held by setcred() so that MAC modules may allocate memory
+ * in preparation for checking privileges.  A call to this hook is always
+ * followed by a matching call to mac_cred_setcred_exit().  Between these two,
+ * setcred() may or may not call mac_cred_check_setcred().
+ */
+void
+mac_cred_setcred_enter(void)
+{
+	MAC_POLICY_PERFORM_NOSLEEP(cred_setcred_enter);
+}
+
+MAC_CHECK_PROBE_DEFINE3(cred_check_setcred, "unsigned int", "struct ucred *",
+    "struct ucred *");
+
+/*
+ * Check hook for setcred().
+ *
+ * When called, the current process' lock is held.  It thus cannot perform
+ * memory allocations, which must be done in advance in
+ * mac_cred_setcred_enter().  It *MUST NOT* tamper with the process' lock.
+ */
+int
+mac_cred_check_setcred(u_int flags, const struct ucred *old_cred,
+    struct ucred *new_cred)
+{
+	int error;
+
+	MAC_POLICY_CHECK_NOSLEEP(cred_check_setcred, flags, old_cred, new_cred);
+	MAC_CHECK_PROBE3(cred_check_setcred, error, flags, old_cred, new_cred);
+
+	return (error);
+}
+
+/*
+ * Exit hook for setcred().
+ *
+ * Called with no lock held, exactly once per call to mac_cred_setcred_enter().
+ */
+void
+mac_cred_setcred_exit(void)
+{
+	MAC_POLICY_PERFORM_NOSLEEP(cred_setcred_exit);
+}
+
 MAC_CHECK_PROBE_DEFINE2(cred_check_setuid, "struct ucred *", "uid_t");
 
 int
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
index 644028bde478..99bb11be8796 100644
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@@ -72,6 +72,7 @@ struct mbuf;
 struct mount;
 struct msg;
 struct msqid_kernel;
+struct pipepair;
 struct proc;
 struct semid_kernel;
 struct shmfd;
@@ -80,7 +81,6 @@ struct sockaddr;
 struct socket;
 struct sysctl_oid;
 struct sysctl_req;
-struct pipepair;
 struct thread;
 struct timespec;
 struct ucred;
@@ -115,6 +115,10 @@ int	mac_cred_check_setaudit(struct ucred *cred, struct auditinfo *ai);
 int	mac_cred_check_setaudit_addr(struct ucred *cred,
 	    struct auditinfo_addr *aia);
 int	mac_cred_check_setauid(struct ucred *cred, uid_t auid);
+void	mac_cred_setcred_enter(void);
+int	mac_cred_check_setcred(u_int flags, const struct ucred *old_cred,
+	    struct ucred *new_cred);
+void	mac_cred_setcred_exit(void);
 int	mac_cred_check_setegid(struct ucred *cred, gid_t egid);
 int	mac_cred_check_seteuid(struct ucred *cred, uid_t euid);
 int	mac_cred_check_setgid(struct ucred *cred, gid_t gid);
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
index 084684e57497..66e489060804 100644
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@@ -144,6 +144,10 @@ typedef int	(*mpo_cred_check_setaudit_t)(struct ucred *cred,
 typedef int	(*mpo_cred_check_setaudit_addr_t)(struct ucred *cred,
 		    struct auditinfo_addr *aia);
 typedef int	(*mpo_cred_check_setauid_t)(struct ucred *cred, uid_t auid);
+typedef void	(*mpo_cred_setcred_enter_t)(void);
+typedef int	(*mpo_cred_check_setcred_t)(u_int flags,
+		    const struct ucred *old_cred, struct ucred *new_cred);
+typedef void	(*mpo_cred_setcred_exit_t)(void);
 typedef int	(*mpo_cred_check_setegid_t)(struct ucred *cred, gid_t egid);
 typedef int	(*mpo_cred_check_seteuid_t)(struct ucred *cred, uid_t euid);
 typedef int	(*mpo_cred_check_setgid_t)(struct ucred *cred, gid_t gid);
@@ -720,6 +724,9 @@ struct mac_policy_ops {
 	mpo_cred_check_setaudit_t		mpo_cred_check_setaudit;
 	mpo_cred_check_setaudit_addr_t		mpo_cred_check_setaudit_addr;
 	mpo_cred_check_setauid_t		mpo_cred_check_setauid;
+	mpo_cred_setcred_enter_t		mpo_cred_setcred_enter;
+	mpo_cred_check_setcred_t		mpo_cred_check_setcred;
+	mpo_cred_setcred_exit_t			mpo_cred_setcred_exit;
 	mpo_cred_check_setuid_t			mpo_cred_check_setuid;
 	mpo_cred_check_seteuid_t		mpo_cred_check_seteuid;
 	mpo_cred_check_setgid_t			mpo_cred_check_setgid;
@@ -1033,8 +1040,9 @@ struct mac_policy_conf {
  *   3                       7.x
  *   4                       8.x
  *   5                       14.x
+ *   6                       15.x
  */
-#define	MAC_VERSION	5
+#define	MAC_VERSION	6
 
 #define	MAC_POLICY_SET(mpops, mpname, mpfullname, mpflags, privdata_wanted) \
 	static struct mac_policy_conf mpname##_mac_policy_conf = {	\
diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c
index c602c639ec95..a3b0dd01a76b 100644
--- a/sys/security/mac_stub/mac_stub.c
+++ b/sys/security/mac_stub/mac_stub.c
@@ -222,6 +222,23 @@ stub_cred_check_setauid(struct ucred *cred, uid_t auid)
 	return (0);
 }
 
+static void
+stub_cred_setcred_enter(void)
+{
+}
+
+static int
+stub_cred_check_setcred(u_int flags, const struct ucred *old_cred,
+    struct ucred *new_cred)
+{
+	return (0);
+}
+
+static void
+stub_cred_setcred_exit(void)
+{
+}
+
 static int
 stub_cred_check_setegid(struct ucred *cred, gid_t egid)
 {
@@ -1688,6 +1705,9 @@ static struct mac_policy_ops stub_ops =
 	.mpo_cred_check_setaudit = stub_cred_check_setaudit,
 	.mpo_cred_check_setaudit_addr = stub_cred_check_setaudit_addr,
 	.mpo_cred_check_setauid = stub_cred_check_setauid,
+	.mpo_cred_setcred_enter = stub_cred_setcred_enter,
+	.mpo_cred_check_setcred = stub_cred_check_setcred,
+	.mpo_cred_setcred_exit = stub_cred_setcred_exit,
 	.mpo_cred_check_setegid = stub_cred_check_setegid,
 	.mpo_cred_check_seteuid = stub_cred_check_seteuid,
 	.mpo_cred_check_setgid = stub_cred_check_setgid,
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c
index 7a6a76ce23cc..890b8328055e 100644
--- a/sys/security/mac_test/mac_test.c
+++ b/sys/security/mac_test/mac_test.c
@@ -257,6 +257,32 @@ test_cred_check_setauid(struct ucred *cred, uid_t auid)
 	return (0);
 }
 
+COUNTER_DECL(cred_setcred_enter);
+static void
+test_cred_setcred_enter(void)
+{
+	COUNTER_INC(cred_setcred_enter);
+}
+
+COUNTER_DECL(cred_check_setcred);
+static int
+test_cred_check_setcred(u_int flags, const struct ucred *old_cred,
+    struct ucred *new_cred)
+{
+	LABEL_CHECK(old_cred->cr_label, MAGIC_CRED);
+	LABEL_CHECK(new_cred->cr_label, MAGIC_CRED);
+	COUNTER_INC(cred_check_setcred);
+
+	return (0);
+}
+
+COUNTER_DECL(cred_setcred_exit);
+static void
+test_cred_setcred_exit(void)
+{
+	COUNTER_INC(cred_setcred_exit);
+}
+
 COUNTER_DECL(cred_check_setegid);
 static int
 test_cred_check_setegid(struct ucred *cred, gid_t egid)
@@ -3033,6 +3059,9 @@ static struct mac_policy_ops test_ops =
 	.mpo_cred_check_setaudit = test_cred_check_setaudit,
*** 201 LINES SKIPPED ***

From nobody Thu Apr  3 19:32:26 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhV4sgvz5sMCP;
	Thu, 03 Apr 2025 19:32:26 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhV2jsVz3Sr8;
	Thu, 03 Apr 2025 19:32:26 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708746;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=k/u9cEayx55aY1AmUjXxKEtodZi0WZO9RdVToOg0DhE=;
	b=Ce+5e8w2V0dhaDQv+CZu9x4M0vbnaOHqx3GkiKSPVT4CQ4jmbSQ6ziKn9oKBkIu3aeNEjX
	7Dja/5a/Uj3OiG1DFnkUH7+wdGbkmfOBPqfCkevCmnudlzwqJtU95OrcTMVsEBS5FHlRmf
	KF6sFJyP960u156cYRMP96EvowHKxou0EZCoS5u2RpYatyQ+OdDxr9u+XGAziuiCZPp9Kt
	/D6YYgKd8nagbDDtMtoo3s9LS5C1aBIgqZV5gFgEIBxuh1uSS87+oVD71fCvzbx6tgGsBx
	S1kAaGXStVdta+ILuEoMtLA4IAveO2R27rhszJ7ZNDpYDhFaaUo1pn4TEEWdQQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708746; a=rsa-sha256; cv=none;
	b=iGZFSPWQ27E4YYrbfIJbYQyWKl351vnvFfz2L1wxzWQ+zp81F2v9e2r3UJ6c9xKzpN55ao
	6FdiBdmS1JbfBf0SX5FOEYl0C+P4xClNua9+Wl/22R04GeTgcTwHDtu6Rtkqs7m1TF/crQ
	uZlGSZ9MAjEmPvLC2d/TDUjWpifNk6pCs6eGmL71nfK5/butWeG6IZe1KuSuaZ9/g/B/GC
	BO2c1F48+5k5zhQ8LnDiWdA05nMomcY9x6chSPfE7kwYZVClXOLxe/f3v4BnNI6CWzWOrR
	LpAXSdIi6egvdAAoJZY73a6V91yeHkuK5h0mRybWhlqZQsvokiKsHhnbqLboHA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708746;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=k/u9cEayx55aY1AmUjXxKEtodZi0WZO9RdVToOg0DhE=;
	b=IetgRhXijEZKo25TWtwZUCG8q9nuSeyffBe57guu/jG91qX3PLyBgFrH0OB707XG5ylfsl
	by3wMGb01fViC2r7ZgwvM3ab1Wgjq/SFc4UZsuqMhlvc4wf1d+vxC66JnHrLdiIoKZl5VR
	GLUk4o4cZSJfm+eU51CXLUEmhLa3rrG5UzFsRoE1Sd+Ms0VSbU+I8yFgia8AGLMOyM+x0t
	5Ubuk2PzZYkZjqU8tz2ntlz0AmTR5agahEvfbBjC/HJYF6puYB4L5SUgrMSVjSAF1SOdxk
	/uI3e3ZVdTTAWY8E2M8s3uwh5jdi/2NM+ggFTlICkbea4AKkdvrV79e+WUN90g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhV2HVHzM2;
	Thu, 03 Apr 2025 19:32:26 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWQa8040468;
	Thu, 3 Apr 2025 19:32:26 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWQv6040465;
	Thu, 3 Apr 2025 19:32:26 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:26 GMT
Message-Id: <202504031932.533JWQv6040465@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 1780d3f3d1a7 - stable/14 - MAC/do: Introduce rules
  reference counting
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 1780d3f3d1a777934e39442a346a9bc28d6acc26
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=1780d3f3d1a777934e39442a346a9bc28d6acc26

commit 1780d3f3d1a777934e39442a346a9bc28d6acc26
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-19 15:30:00 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:04 +0000

    MAC/do: Introduce rules reference counting
    
    This is going to be used in subsequent commits to keep rules alive even
    if disconnected from their jail in the meantime.  We'll indeed have to
    release the prison lock between two uses (outright rejection, final
    granting) where the rules must absolutely stay the same for security reasons.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47619
    
    (cherry picked from commit 3d8d91a5b32c219c7ee47840dcacbaf8c7480267)
---
 sys/security/mac_do/mac_do.c | 63 ++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 58 insertions(+), 5 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index decfb3c756f0..7527732eae1a 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -17,6 +17,7 @@
 #include <sys/mutex.h>
 #include <sys/priv.h>
 #include <sys/proc.h>
+#include <sys/refcount.h>
 #include <sys/socket.h>
 #include <sys/sx.h>
 #include <sys/sysctl.h>
@@ -159,8 +160,9 @@ struct rule {
 TAILQ_HEAD(rulehead, rule);
 
 struct rules {
-	char string[MAC_RULE_STRING_LEN];
-	struct rulehead head;
+	char		string[MAC_RULE_STRING_LEN];
+	struct rulehead	head;
+	volatile u_int	use_count __aligned(CACHE_LINE_SIZE);
 };
 
 /*
@@ -327,6 +329,7 @@ alloc_rules(void)
 	_Static_assert(MAC_RULE_STRING_LEN > 0, "MAC_RULE_STRING_LEN <= 0!");
 	rules->string[0] = 0;
 	TAILQ_INIT(&rules->head);
+	rules->use_count = 0;
 	return (rules);
 }
 
@@ -1027,16 +1030,46 @@ find_rules(struct prison *const pr, struct prison **const aprp)
 	return (rules);
 }
 
+static void
+hold_rules(struct rules *const rules)
+{
+	refcount_acquire(&rules->use_count);
+}
+
+static void
+drop_rules(struct rules *const rules)
+{
+	if (refcount_release(&rules->use_count))
+		toast_rules(rules);
+}
+
+#ifdef INVARIANTS
+static void
+check_rules_use_count(const struct rules *const rules, u_int expected)
+{
+	const u_int use_count = refcount_load(&rules->use_count);
+
+	if (use_count != expected)
+		panic("MAC/do: Rules at %p: Use count is %u, expected %u",
+		    rules, use_count, expected);
+}
+#else
+#define check_rules_use_count(...)
+#endif /* INVARIANTS */
+
 /*
  * OSD destructor for slot 'osd_jail_slot'.
  *
- * Called with 'value' not NULL.
+ * Called with 'value' not NULL.  We have arranged that it is only ever called
+ * when the corresponding jail goes down or at module unload.
  */
 static void
 dealloc_osd(void *const value)
 {
 	struct rules *const rules = value;
 
+	/* No one should be using the rules but us at this point. */
+	check_rules_use_count(rules, 1);
 	toast_rules(rules);
 }
 
@@ -1051,10 +1084,28 @@ dealloc_osd(void *const value)
 static void
 remove_rules(struct prison *const pr)
 {
+	struct rules *old_rules;
+	int error __unused;
+
 	prison_lock(pr);
-	/* This calls destructor dealloc_osd(). */
+	/*
+	 * We go to the burden of extracting rules first instead of just letting
+	 * osd_jail_del() calling dealloc_osd() as we want to decrement their
+	 * use count, and possibly free them, outside of the prison lock.
+	 */
+	old_rules = osd_jail_get(pr, osd_jail_slot);
+	error = osd_jail_set(pr, osd_jail_slot, NULL);
+	/* osd_set() never fails nor allocate memory when 'value' is NULL. */
+	MPASS(error == 0);
+	/*
+	 * This completely frees the OSD slot, but doesn't call the destructor
+	 * since we've just put NULL in the slot.
+	 */
 	osd_jail_del(pr, osd_jail_slot);
 	prison_unlock(pr);
+
+	if (old_rules != NULL)
+		drop_rules(old_rules);
 }
 
 /*
@@ -1066,6 +1117,8 @@ set_rules(struct prison *const pr, struct rules *const rules)
 	struct rules *old_rules;
 	void **rsv;
 
+	check_rules_use_count(rules, 0);
+	hold_rules(rules);
 	rsv = osd_reserve(osd_jail_slot);
 
 	prison_lock(pr);
@@ -1073,7 +1126,7 @@ set_rules(struct prison *const pr, struct rules *const rules)
 	osd_jail_set_reserved(pr, osd_jail_slot, rsv, rules);
 	prison_unlock(pr);
 	if (old_rules != NULL)
-		toast_rules(old_rules);
+		drop_rules(old_rules);
 }
 
 /*

From nobody Thu Apr  3 19:32:27 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhW63sZz5sLsr;
	Thu, 03 Apr 2025 19:32:27 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhW3Djlz3Sgn;
	Thu, 03 Apr 2025 19:32:27 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708747;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=jshh3X8yDvIFD6j+kPYWaxy9o6F3A75qJYZEyXwBPPE=;
	b=VQxdRu+uWlFy/IYn+lRNdCyY9OIe9JqhriEJOOteB1saMrSk4wM+isalyFj4pQ0u8s5ZUK
	C7pRaz+lrrPs1hIlXn+d/hneLLi+w8AFUBBZC4cr+XAa4AVzq+ccygJ4elK8uePMZrY2Df
	dTkb1sV2DQ5oFMJjoqo+Sd1a6ZWtPNOywBmIeG4TbZ/kiMSKHKuptCabZST5iwyfX/l9U6
	onExIk/jCciKXjmSw17nIEHf2NHTBDnpL8RiB/dEpBTKsN4uwud01zYqc+2C9IivyPyiDN
	BS8cW5cLeyU4t4E6maj8fmLqpXkJFXD+vXOE/3mYl4bdu+nMha4qcL95aH7l2g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708747; a=rsa-sha256; cv=none;
	b=EfPCsy1KXNco/UXY5yseHZUAdNxGREGfkqAXAap37miRTQ6DGhkwe1endowO/ZYGAfd6mV
	PLhln00t3O/HyAAtjCLMx8pSWmY7cYN0wotMr9bsIDZOk03MVyA6K61Bxe5oLZ+nPMRpng
	GTR3zxQSZNu1zydUp6arJvk8RWsD5kEaaH+NNXykXxxFuDOVO/NdKRM2f4ziTix59oBvn2
	0dOQtCOV690EJA0qbi6KUcbPLEzFVcVjZGdicGcsVev7JcPYxZGUOkmqr1K0wU5+ELXEMu
	IisJhVCqIzJA+8L9N1PdTyCFuM/MkWZYqvFUbvABhJWazVcxbkufcNAYQ2dLjQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708747;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=jshh3X8yDvIFD6j+kPYWaxy9o6F3A75qJYZEyXwBPPE=;
	b=Hdd/HyJALvhp0qVSLUFq0zCGViz+8JONFxY0r9tnMHPhoY0rAyn+rfA9+iMrR79NvaAPtE
	tpOGo2GX89XRKKsOMkKVwKIIPO0t9fSy7Y3Q5q77ggk1F6b0yXEoFGNDMtxuNJDBAnYbtX
	z5pRwmH5THUppZW2j0bf2vL/V7LhbvT/aFTbvFPaxcK5aSHSFmdh/W+einGrBctnahrFoQ
	QrbELZPwWYvJqnRfhIgQlnE4OExNhWTEmK/kUXi5AZjMCONDhJJ1hQ7vv2JgdhtMeyF5Hk
	AKWQ+8iWV/vaC7Tsj+GLU+xUivKK9+0KWQv7aG1WOLDrA4i46PZGDMPhjEUTvQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhW2XvZzpf;
	Thu, 03 Apr 2025 19:32:27 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWRXR040501;
	Thu, 3 Apr 2025 19:32:27 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWRM1040498;
	Thu, 3 Apr 2025 19:32:27 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:27 GMT
Message-Id: <202504031932.533JWRM1040498@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 986ac13041c8 - stable/14 - MAC/do: Interpret the new
  rules specification; Monitor setcred()
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 986ac13041c8205aaea98e8dcdedee798d4bef6c
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=986ac13041c8205aaea98e8dcdedee798d4bef6c

commit 986ac13041c8205aaea98e8dcdedee798d4bef6c
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-22 14:11:34 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:04 +0000

    MAC/do: Interpret the new rules specification; Monitor setcred()
    
    TL;DR:
    Now monitor setcred() calls, and reject or grant them according to the
    new rules specification.
    
    Drop monitoring setuid() and setgroups().  As previously explained in
    the commit introducing the setcred() system call, MAC/do must know the
    entire new credentials while the old ones are still available to be able
    to approve or reject the requested changes.  To this end, the chosen
    approach was to introduce a new system call, setcred(), instead of
    modifying existing ones to be able to participate in a "prepare than
    commit"-like protocol.
    
    ******
    
    The MAC framework typically calls several hooks of its registered
    policies as part of the privilege checking/granting process.  Each
    system call calls some dedicated hook early, to which it usually passes
    the same arguments it received, whose goal is to forcibly deny access to
    the functionality when needed (i.e., a single deny by any policy
    globally denies the access).  Then, the system call usually calls
    priv_check() or priv_check_cred() an unspecified number of times, each
    of which may trigger calls to two generic MAC hooks.  The first such
    call is to mac_priv_check(), and always happens.  Its role is to deny
    access early and forcibly, as can be done also in system calls'
    dedicated early hooks (with different reach, however).  The second,
    mac_priv_grant(), is called only if the priv_check*() and
    prison_priv_check() generic code doesn't handle the request by itself,
    i.e., doesn't explicitly grant access (to the super user, or to all
    users for a few specific privileges).  It allows any single policy to
    grant the requested access (regardless of whether the other policies do
    so or not).
    
    MAC/do currently only has an effect on processes spawned from the
    '/usr/bin/mdo' executable.  It implements all setcred() hooks, called
    via mac_cred_setcred_enter(), mac_cred_check_setcred() and
    mac_cred_setcred_exit().  In the first one, implemented in
    mac_do_setcred_enter(), it checks if MAC/do has to apply to the current
    process, allocates (or re-uses) per-thread data to be later used by the
    other hooks (those of setcred() and the mac_priv_grant() one, called by
    priv_check*()) and fills them with the current context (the rules to
    apply).  This is both because memory allocations cannot be performed
    while holding the process lock and to ensure that all hooks called by
    a single setcred() see the same rules to apply (not doing this would be
    a security hazard as rules are concurrently changed by the
    administrator, as explained in more details below).  In the second one
    (implemented by mac_do_check_setcred()), it stores in MAC/do's
    per-thread data the new credentials.  Indeed, the next MAC/do's hook
    implementation to be called, mac_do_priv_grant() (implementing the
    mac_priv_grant() hook) must have knowledge of the new credentials that
    setcred() wants to install in order to validate them (or not), which the
    MAC framework can't provide as the priv_check*() API only passes the
    current credentials and a specific privilege number to the
    mac_priv_check() and mac_priv_grant() hooks.  By contrast, the very
    point of MAC/do is to grant the privilege of changing credentials not
    only based on the current ones but also on the seeked-for ones.
    
    The MAC framework's constraints that mac_priv_grant() hooks are called
    without context and that MAC modules must compose (each module may
    implement any of the available hooks, and in particular those of
    setcred()) impose some aspects of MAC/do's design.  Because MAC/do's
    rules are tied to jails, accessing the current rules requires holding
    the corresponding jail's lock.  As other policies might try to grab the
    same jail's lock in the same hooks, it is not possible to keep the
    rules' jail's lock between mac_do_setcred_enter() and
    mac_do_priv_grant() to ensure that the rules are still alive.  We have
    thus augmented 'struct rules' with a reference count, and its lifecyle
    is now decoupled from being referenced or not by a jail.  As a thread
    enters mac_cred_setcred_enter(), it grabs a hold on the current rules
    and keeps a pointer to them in the per-thread data.  In its
    mac_do_setcred_exit(), MAC/do just "frees" the per-thread data, in
    particular by dropping the referenced rules (we wrote "frees" within
    guillemets, as in fact the per-thread structure is reused, and only
    freed when a thread exits or the module is unloaded).
    
    Additionally, ensuring that all hooks have a consistent view of the
    rules to apply might become crucial if we augment MAC/do with forceful
    access denial policies in the future (i.e., policies that forcibly
    disable access regardless of other MAC policies wanting to grant that
    access).  Indeed, without the above-mentioned design, if newly installed
    rules start to forcibly deny some specific transitions, and some thread
    is past the mac_cred_check_setcred() hook but before the
    mac_priv_grant() one, the latter may grant some privileges that should
    have been rejected first by the former (depending on the content of
    user-supplied rules).
    
    A previous version of this change used to implement access denial
    mandated by the '!' and '-' GID flags in mac_do_check_setcred() with the
    goal to have this rejection prevail over potential other MAC modules
    authorizing the transition.  However, this approach had two drawbacks.
    First, it was incompatible both conceptually and in the current
    implementation with multiple rules being treated as an inclusive
    disjunction, where any single rule granting access is enough for MAC/do
    to grant access.  Explicit denial requested by one matching rule could
    prevent another rule from granting access.  The implementation could
    have been fixed, but the conflation of rules being considered as
    disjoint for explicit granting but conjunct for forced denial would have
    remained.  Second, MAC/do applies only to processes spawned from
    a particular executable, and imposing system-wide restrictions on only
    these processes is conceptually strange and probably not very useful.
    In the end, we moved the implementation of explicit access denial into
    mac_do_priv_grant(), along with the interpretation of other target
    clauses.
    
    The separate definition of 'struct mac_do_data_header' may seem odd, as
    it is only used in 'struct mac_do_setcred_data'.  It is a remnant of an
    earlier version that was not using setcred(), but rather implemented
    hooks for setuid() and setgroups().  We however kept it, as it clearly
    separates the machinery to pass data from dedicated system call hooks to
    priv_grant() from the actual data that MAC/do needs to monitor a call to
    setcred() specifically.  It may be useful in the future if we evolve
    MAC/do to also grant privileges through other system calls (each seen as
    a complete credentials transition on its own).
    
    The target supplementary groups are checked with merge-like algorithms
    leveraging the fact that all supplementary groups in credentials
    ('struct ucred') and in each rule ('struct rule') are sorted, avoiding
    to start a binary search for each considered GID which is asymptotically
    more costly.  All access granting/denial is thus at most linear and in
    at most the sum of the number of requested groups, currently held ones
    and those contained in the rule, per applicable rule.  This should be
    enough in all practical cases.  There is however still room for more
    optimizations, without or with changes in rules' data structures, if the
    need ever arises.
    
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47620
    
    (cherry picked from commit 8f7e8726e3f5f20b9eed0ad12fc2d2a4ec304d14)
---
 sys/security/mac_do/mac_do.c | 712 +++++++++++++++++++++++++++++++++++++------
 1 file changed, 618 insertions(+), 94 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 7527732eae1a..2ce608c754bc 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -45,6 +45,7 @@ static MALLOC_DEFINE(M_DO, "do_rule", "Rules for mac_do");
 #define MAC_RULE_STRING_LEN	1024
 
 static unsigned		osd_jail_slot;
+static unsigned		osd_thread_slot;
 
 #define IT_INVALID	0 /* Must stay 0. */
 #define IT_UID		1
@@ -1064,11 +1065,24 @@ check_rules_use_count(const struct rules *const rules, u_int expected)
  * when the corresponding jail goes down or at module unload.
  */
 static void
-dealloc_osd(void *const value)
+dealloc_jail_osd(void *const value)
 {
 	struct rules *const rules = value;
 
-	/* No one should be using the rules but us at this point. */
+	/*
+	 * If called because the "holding" jail goes down, no one should be
+	 * using the rules but us at this point because no threads of that jail
+	 * (or its sub-jails) should currently be executing (in particular,
+	 * currently executing setcred()).  The case of module unload is more
+	 * complex.  Although the MAC framework takes care that no hook is
+	 * called while a module is unloading, the unload could happen between
+	 * two calls to MAC hooks in the course of, e.g., executing setcred(),
+	 * where the rules' reference count has been bumped to keep them alive
+	 * even if the rules on the "holding" jail has been concurrently
+	 * changed.  These other references are held in our thread OSD slot, so
+	 * we ensure that all thread's slots are freed first in mac_do_destroy()
+	 * to be able to check that only one reference remains.
+	 */
 	check_rules_use_count(rules, 1);
 	toast_rules(rules);
 }
@@ -1090,8 +1104,8 @@ remove_rules(struct prison *const pr)
 	prison_lock(pr);
 	/*
 	 * We go to the burden of extracting rules first instead of just letting
-	 * osd_jail_del() calling dealloc_osd() as we want to decrement their
-	 * use count, and possibly free them, outside of the prison lock.
+	 * osd_jail_del() calling dealloc_jail_osd() as we want to decrement
+	 * their use count, and possibly free them, outside of the prison lock.
 	 */
 	old_rules = osd_jail_get(pr, osd_jail_slot);
 	error = osd_jail_set(pr, osd_jail_slot, NULL);
@@ -1398,7 +1412,7 @@ mac_do_jail_set(void *obj, void *data)
  * OSD jail methods.
  *
  * There is no PR_METHOD_REMOVE, as OSD storage is destroyed by the common jail
- * code (see prison_cleanup()), which triggers a run of our dealloc_osd()
+ * code (see prison_cleanup()), which triggers a run of our dealloc_jail_osd()
  * destructor.
  */
 static const osd_method_t osd_methods[PR_MAXMETHOD] = {
@@ -1409,148 +1423,658 @@ static const osd_method_t osd_methods[PR_MAXMETHOD] = {
 };
 
 
-static void
-mac_do_init(struct mac_policy_conf *mpc)
+/*
+ * Common header structure.
+ *
+ * Each structure that is used to pass information between some MAC check
+ * function and priv_grant() must start with this header.
+ */
+struct mac_do_data_header {
+	/* Size of the allocated buffer holding the containing structure. */
+	size_t		 allocated_size;
+	/* Full size of the containing structure. */
+	size_t		 size;
+	/*
+	 * For convenience, we use privilege numbers as an identifier for the
+	 * containing structure's type, since there is one distinct privilege
+	 * for each privilege changing function we are supporting.  0 in 'priv'
+	 * indicates this header is uninitialized.
+	 */
+	int		 priv;
+	/* Rules to apply. */
+	struct rules	*rules;
+};
+
+/*
+ * The case of unusable or absent per-thread data can actually happen as nothing
+ * prevents, e.g., priv_check*() with privilege 'priv' to be called standalone,
+ * as it is currently by, e.g., the Linux emulator for PRIV_CRED_SETUID.  We
+ * interpret such calls to priv_check*() as full, unrestricted requests for
+ * 'priv', contrary to what we're doing here for selected operations, and
+ * consequently will not grant the requested privilege.
+ *
+ * Also, we protect ourselves from a concurrent change of 'do_enabled' while
+ * a call to setcred() is in progress by storing the rules per-thread
+ * which is then consulted by each successive hook so that they all have
+ * a coherent view of the specifications, and we empty the slot (actually, mark
+ * it as empty) when MAC/do is disabled.
+ */
+static int
+check_data_usable(const void *const data, const size_t size, const int priv)
 {
-	struct prison *pr;
+	const struct mac_do_data_header *const hdr = data;
 
-	osd_jail_slot = osd_jail_register(dealloc_osd, osd_methods);
-	set_empty_rules(&prison0);
-	sx_slock(&allprison_lock);
-	TAILQ_FOREACH(pr, &allprison, pr_list)
-	    set_empty_rules(pr);
-	sx_sunlock(&allprison_lock);
+	if (hdr == NULL || hdr->priv == 0)
+		return (ENOENT);
+	/*
+	 * Impacting changes in the protocols we are based on...  Don't crash in
+	 * production.
+	 */
+	if (hdr->priv != priv) {
+		MPASS(hdr->priv == priv);
+		return (EBUSY);
+	}
+	MPASS(hdr->size == size);
+	MPASS(hdr->size <= hdr->allocated_size);
+	return (0);
 }
 
 static void
-mac_do_destroy(struct mac_policy_conf *mpc)
+clear_data(void *const data)
 {
-	osd_jail_deregister(osd_jail_slot);
+	struct mac_do_data_header *const hdr = data;
+
+	if (hdr != NULL) {
+		drop_rules(hdr->rules);
+		/* We don't deallocate so as to save time on next access. */
+		hdr->priv = 0;
+	}
+}
+
+static void *
+fetch_data(void)
+{
+	return (osd_thread_get_unlocked(curthread, osd_thread_slot));
 }
 
 static bool
-rule_applies(struct ucred *cred, struct rule *r)
+is_data_reusable(const void *const data, const size_t size)
 {
-	if (r->from_type == IT_UID && r->from_id == cred->cr_uid)
-		return (true);
-	if (r->from_type == IT_GID && groupmember(r->from_id, cred))
-		return (true);
-	return (false);
+	const struct mac_do_data_header *const hdr = data;
+
+	return (hdr != NULL && size <= hdr->allocated_size);
 }
 
+static void
+set_data_header(void *const data, const size_t size, const int priv,
+    struct rules *const rules)
+{
+	struct mac_do_data_header *const hdr = data;
+
+	MPASS(hdr->priv == 0);
+	MPASS(priv != 0);
+	MPASS(size <= hdr->allocated_size);
+	hdr->size = size;
+	hdr->priv = priv;
+	hdr->rules = rules;
+}
+
+/* The proc lock (and any other non-sleepable lock) must not be held. */
+static void *
+alloc_data(void *const data, const size_t size)
+{
+	struct mac_do_data_header *const hdr = realloc(data, size, M_DO,
+	    M_WAITOK);
+
+	MPASS(size >= sizeof(struct mac_do_data_header));
+	hdr->allocated_size = size;
+	hdr->priv = 0;
+	if (hdr != data) {
+		/*
+		 * This call either reuses the existing memory allocated for the
+		 * slot or tries to allocate some without blocking.
+		 */
+		int error = osd_thread_set(curthread, osd_thread_slot, hdr);
+
+		if (error != 0) {
+			/* Going to make a M_WAITOK allocation. */
+			void **const rsv = osd_reserve(osd_thread_slot);
+
+			error = osd_thread_set_reserved(curthread,
+			    osd_thread_slot, rsv, hdr);
+			MPASS(error == 0);
+		}
+	}
+	return (hdr);
+}
+
+/* Destructor for 'osd_thread_slot'. */
+static void
+dealloc_thread_osd(void *const value)
+{
+	free(value, M_DO);
+}
+
+/*
+ * Whether to grant access to some primary group according to flags.
+ *
+ * The passed 'flags' must be those of a rule's matching GID, or the IT_GID type
+ * flags when MDF_CURRENT has been matched.
+ *
+ * Return values:
+ * - 0:			Access granted.
+ * - EJUSTRETURN:	Flags are agnostic.
+ */
 static int
-mac_do_priv_grant(struct ucred *cred, int priv)
+grant_primary_group_from_flags(const flags_t flags)
 {
-	struct rule *r;
-	struct prison *pr;
-	struct rules *rule;
+	return ((flags & MDF_PRIMARY) != 0 ? 0 : EJUSTRETURN);
+}
 
-	if (do_enabled == 0)
-		return (EPERM);
+/*
+ * Same as grant_primary_group_from_flags(), but for supplementary groups.
+ *
+ * Return values:
+ * - 0:			Access granted.
+ * - EJUSTRETURN:	Flags are agnostic.
+ * - EPERM:		Access denied.
+ */
+static int
+grant_supplementary_group_from_flags(const flags_t flags)
+{
+	if ((flags & MDF_SUPP_MASK) != 0)
+		return ((flags & MDF_SUPP_DONT) != 0 ? EPERM : 0);
 
-	rule = find_rules(cred->cr_prison, &pr);
-	TAILQ_FOREACH(r, &rule->head, r_entries) {
-		if (rule_applies(cred, r)) {
-			switch (priv) {
-			case PRIV_CRED_SETGROUPS:
-			case PRIV_CRED_SETUID:
-				prison_unlock(pr);
-				return (0);
-			default:
+	return (EJUSTRETURN);
+}
+
+static int
+rule_grant_supplementary_groups(const struct rule *const rule,
+    const struct ucred *const old_cred, const struct ucred *const new_cred)
+{
+	const gid_t *const old_groups = old_cred->cr_groups;
+	const gid_t *const new_groups = new_cred->cr_groups;
+	const int old_ngroups = old_cred->cr_ngroups;
+	const int new_ngroups = new_cred->cr_ngroups;
+	const flags_t gid_flags = rule->gid_flags;
+	const bool current_has_supp = (gid_flags & MDF_CURRENT) != 0 &&
+	    (gid_flags & MDF_SUPP_MASK) != 0;
+	id_nb_t rule_idx = 0;
+	int old_idx = 1, new_idx = 1;
+
+	if ((gid_flags & MDF_ANY_SUPP) != 0 &&
+	    (gid_flags & MDF_MAY_REJ_SUPP) == 0)
+		/*
+		 * Any set of supplementary groups is accepted, no need to loop
+		 * over them.
+		 */
+		return (0);
+
+	for (; new_idx < new_ngroups; ++new_idx) {
+		const gid_t gid = new_groups[new_idx];
+		bool may_accept = false;
+
+		if ((gid_flags & MDF_ANY_SUPP) != 0)
+			may_accept = true;
+
+		/* Do we have to check for the current supplementary groups? */
+		if (current_has_supp) {
+			/*
+			 * Linear search, as both supplementary groups arrays
+			 * are sorted.  Advancing 'old_idx' with a binary search
+			 * on absence of MDF_SUPP_MUST doesn't seem worth it in
+			 * practice.
+			 */
+			for (; old_idx < old_ngroups; ++old_idx) {
+				const gid_t old_gid = old_groups[old_idx];
+
+				if (old_gid < gid) {
+					/* Mandatory but absent. */
+					if ((gid_flags & MDF_SUPP_MUST) != 0)
+						return (EPERM);
+				} else if (old_gid == gid) {
+					switch (gid_flags & MDF_SUPP_MASK) {
+					case MDF_SUPP_DONT:
+						/* Present but forbidden. */
+						return (EPERM);
+					case MDF_SUPP_ALLOW:
+					case MDF_SUPP_MUST:
+						may_accept = true;
+						break;
+					default:
+#ifdef INVARIANTS
+						__assert_unreachable();
+#else
+						/* Better be safe than sorry. */
+						return (EPERM);
+#endif
+					}
+					++old_idx;
+					break;
+				}
+				else
+					break;
+			}
+		}
+
+		/*
+		 * Search by GID for a corresponding 'struct id_spec'.
+		 *
+		 * Again, linear search, with same note on not using binary
+		 * search optimization as above (the trigger would be absence of
+		 * MDF_EXPLICIT_SUPP_MUST this time).
+		 */
+		for (; rule_idx < rule->gids_nb; ++rule_idx) {
+			const struct id_spec is = rule->gids[rule_idx];
+
+			if (is.id < gid) {
+				/* Mandatory but absent. */
+				if ((is.flags & MDF_SUPP_MUST) != 0)
+					return (EPERM);
+			} else if (is.id == gid) {
+				switch (is.flags & MDF_SUPP_MASK) {
+				case MDF_SUPP_DONT:
+					/* Present but forbidden. */
+					return (EPERM);
+				case MDF_SUPP_ALLOW:
+				case MDF_SUPP_MUST:
+					may_accept = true;
+					break;
+				case 0:
+					/* Primary group only. */
+					break;
+				default:
+#ifdef INVARIANTS
+					__assert_unreachable();
+#else
+					/* Better be safe than sorry. */
+					return (EPERM);
+#endif
+				}
+				++rule_idx;
 				break;
 			}
+			else
+				break;
 		}
+
+		/* 'gid' wasn't explicitly accepted. */
+		if (!may_accept)
+			return (EPERM);
 	}
-	prison_unlock(pr);
-	return (EPERM);
+
+	/*
+	 * If we must have all current groups and we didn't browse all
+	 * of them at this point (because the remaining ones have GIDs
+	 * greater than the last requested group), we are simply missing
+	 * them.
+	 */
+	if ((gid_flags & MDF_CURRENT) != 0 &&
+	    (gid_flags & MDF_SUPP_MUST) != 0 &&
+	    old_idx < old_ngroups)
+		return (EPERM);
+	/*
+	 * Similarly, we have to finish browsing all GIDs from the rule
+	 * in case some are marked mandatory.
+	 */
+	if ((gid_flags & MDF_EXPLICIT_SUPP_MUST) != 0) {
+		for (; rule_idx < rule->gids_nb; ++rule_idx) {
+			const struct id_spec is = rule->gids[rule_idx];
+
+			if ((is.flags & MDF_SUPP_MUST) != 0)
+				return (EPERM);
+		}
+	}
+
+	return (0);
 }
 
 static int
-mac_do_check_setgroups(struct ucred *cred, int ngrp, gid_t *groups)
+rule_grant_primary_group(const struct rule *const rule,
+    const struct ucred *const old_cred, const gid_t gid)
 {
-	struct rule *r;
-	char *fullpath = NULL;
-	char *freebuf = NULL;
-	struct prison *pr;
-	struct rules *rule;
+	struct id_spec gid_is = {.flags = 0};
+	const struct id_spec *found_is;
+	int error;
 
-	if (do_enabled == 0)
-		return (0);
-	if (cred->cr_uid == 0)
+	if ((rule->gid_flags & MDF_ANY) != 0)
 		return (0);
 
-	if (vn_fullpath(curproc->p_textvp, &fullpath, &freebuf) != 0)
-		return (EPERM);
-	if (strcmp(fullpath, "/usr/bin/mdo") != 0) {
-		free(freebuf, M_TEMP);
-		return (EPERM);
+	/* Was MDF_CURRENT specified, and is 'gid' a current GID? */
+	if ((rule->gid_flags & MDF_CURRENT) != 0 &&
+	    group_is_primary(gid, old_cred)) {
+		error = grant_primary_group_from_flags(rule->gid_flags);
+		if (error == 0)
+			return (0);
 	}
-	free(freebuf, M_TEMP);
 
-	rule = find_rules(cred->cr_prison, &pr);
-	TAILQ_FOREACH(r, &rule->head, r_entries) {
-		if (rule_applies(cred, r)) {
-			prison_unlock(pr);
+	/* Search by GID for a corresponding 'struct id_spec'. */
+	gid_is.id = gid;
+	found_is = bsearch(&gid_is, rule->gids, rule->gids_nb,
+	    sizeof(*rule->gids), id_spec_cmp);
+
+	if (found_is != NULL) {
+		error = grant_primary_group_from_flags(found_is->flags);
+		if (error == 0)
 			return (0);
-		}
 	}
-	prison_unlock(pr);
 
 	return (EPERM);
 }
 
 static int
-mac_do_check_setuid(struct ucred *cred, uid_t uid)
+rule_grant_primary_groups(const struct rule *const rule,
+    const struct ucred *const old_cred, const struct ucred *const new_cred)
 {
-	struct rule *r;
-	char *fullpath = NULL;
-	char *freebuf = NULL;
-	struct prison *pr;
-	struct rules *rule;
-	struct id_spec uid_is = {.id = uid};
 	int error;
 
-	if (do_enabled == 0)
+	/* Shortcut. */
+	if ((rule->gid_flags & MDF_ANY) != 0)
+		return (0);
+
+	error = rule_grant_primary_group(rule, old_cred, new_cred->cr_gid);
+	if (error != 0)
+		return (error);
+	error = rule_grant_primary_group(rule, old_cred, new_cred->cr_rgid);
+	if (error != 0)
+		return (error);
+	error = rule_grant_primary_group(rule, old_cred, new_cred->cr_svgid);
+	if (error != 0)
+		return (error);
+	return (0);
+}
+
+static bool
+user_is_current(const uid_t uid, const struct ucred *const old_cred)
+{
+	return (uid == old_cred->cr_uid || uid == old_cred->cr_ruid ||
+	    uid == old_cred->cr_svuid);
+}
+
+static int
+rule_grant_user(const struct rule *const rule,
+    const struct ucred *const old_cred, const uid_t uid)
+{
+	struct id_spec uid_is = {.flags = 0};
+	const struct id_spec *found_is;
+
+	if ((rule->uid_flags & MDF_ANY) != 0)
+		return (0);
+
+	/* Was MDF_CURRENT specified, and is 'uid' a current UID? */
+	if ((rule->uid_flags & MDF_CURRENT) != 0 &&
+	    user_is_current(uid, old_cred))
+		return (0);
+
+	/* Search by UID for a corresponding 'struct id_spec'. */
+	uid_is.id = uid;
+	found_is = bsearch(&uid_is, rule->uids, rule->uids_nb,
+	    sizeof(*rule->uids), id_spec_cmp);
+
+	if (found_is != NULL)
 		return (0);
-	if (cred->cr_uid == uid || cred->cr_uid == 0 || cred->cr_ruid == 0)
+
+	return (EPERM);
+}
+
+static int
+rule_grant_users(const struct rule *const rule,
+    const struct ucred *const old_cred, const struct ucred *const new_cred)
+{
+	int error;
+
+	/* Shortcut. */
+	if ((rule->uid_flags & MDF_ANY) != 0)
 		return (0);
 
-	if (vn_fullpath(curproc->p_textvp, &fullpath, &freebuf) != 0)
+	error = rule_grant_user(rule, old_cred, new_cred->cr_uid);
+	if (error != 0)
+		return (error);
+	error = rule_grant_user(rule, old_cred, new_cred->cr_ruid);
+	if (error != 0)
+		return (error);
+	error = rule_grant_user(rule, old_cred, new_cred->cr_svuid);
+	if (error != 0)
+		return (error);
+
+	return (0);
+}
+
+static int
+rule_grant_setcred(const struct rule *const rule,
+    const struct ucred *const old_cred, const struct ucred *const new_cred)
+{
+	int error;
+
+	error = rule_grant_users(rule, old_cred, new_cred);
+	if (error != 0)
+		return (error);
+	error = rule_grant_primary_groups(rule, old_cred, new_cred);
+	if (error != 0)
+		return (error);
+	error = rule_grant_supplementary_groups(rule, old_cred, new_cred);
+	if (error != 0)
+		return (error);
+
+	return (0);
+}
+
+static bool
+rule_applies(const struct rule *const rule, const struct ucred *const cred)
+{
+	if (rule->from_type == IT_UID && rule->from_id == cred->cr_uid)
+		return (true);
+	if (rule->from_type == IT_GID && groupmember(rule->from_id, cred))
+		return (true);
+	return (false);
+}
+
+/*
+ * To pass data between check_setcred() and priv_grant() (on PRIV_CRED_SETCRED).
+ */
+struct mac_do_setcred_data {
+	struct mac_do_data_header hdr;
+	const struct ucred *new_cred;
+	u_int setcred_flags;
+};
+
+static int
+mac_do_priv_grant(struct ucred *cred, int priv)
+{
+	struct mac_do_setcred_data *const data = fetch_data();
+	const struct rules *rules;
+	const struct ucred *new_cred;
+	const struct rule *rule;
+	u_int setcred_flags;
+	int error;
+
+	/* Bail out fast if we aren't concerned. */
+	if (priv != PRIV_CRED_SETCRED)
 		return (EPERM);
-	if (strcmp(fullpath, "/usr/bin/mdo") != 0) {
-		free(freebuf, M_TEMP);
+
+	/*
+	 * Do we have to do something?
+	 */
+	if (check_data_usable(data, sizeof(*data), priv) != 0)
+		/* No. */
 		return (EPERM);
-	}
-	free(freebuf, M_TEMP);
 
+	rules = data->hdr.rules;
+	new_cred = data->new_cred;
+	KASSERT(new_cred != NULL,
+	    ("priv_check*() called before mac_cred_check_setcred()"));
+	setcred_flags = data->setcred_flags;
+
+	/*
+	 * Explicitly check that only the flags we currently support are present
+	 * in order to avoid accepting transitions with other changes than those
+	 * we are actually going to check.  Currently, this rules out the
+	 * SETCREDF_MAC_LABEL flag.  This may be improved by adding code
+	 * actually checking whether the requested label and the current one
+	 * would differ.
+	 */
+	if ((setcred_flags & ~(SETCREDF_UID | SETCREDF_RUID | SETCREDF_SVUID |
+	    SETCREDF_GID | SETCREDF_RGID | SETCREDF_SVGID |
+	    SETCREDF_SUPP_GROUPS)) != 0)
+		return (EPERM);
+
+	/*
+	 * Browse rules, and for those that match the requestor, call specific
+	 * privilege granting functions interpreting the "to"/"target" part.
+	 */
 	error = EPERM;
-	rule = find_rules(cred->cr_prison, &pr);
-	TAILQ_FOREACH(r, &rule->head, r_entries) {
-		if (!((r->from_type == IT_UID && cred->cr_uid == r->from_id) ||
-		    (r->from_type == IT_GID && groupmember(r->from_id, cred))))
-			continue;
+	TAILQ_FOREACH(rule, &rules->head, r_entries)
+	    if (rule_applies(rule, cred)) {
+		    error = rule_grant_setcred(rule, cred, new_cred);
+		    if (error != EPERM)
+			    break;
+	    }
 
-		if (r->uid_flags & MDF_ANY ||
-		    ((r->uid_flags & MDF_CURRENT) && (uid == cred->cr_uid ||
-		    uid == cred->cr_ruid || uid == cred->cr_svuid)) ||
-		    bsearch(&uid_is, r->uids, r->uids_nb, sizeof(*r->uids),
-		    id_spec_cmp) != NULL) {
-			error = 0;
-			break;
-		}
-	}
-	prison_unlock(pr);
 	return (error);
 }
 
+static int
+check_proc(void)
+{
+	char *path, *to_free;
+	int error;
+
+	/*
+	 * Only grant privileges if requested by the right executable.
+	 *
+	 * XXXOC: We may want to base this check on a tunable path and/or
+	 * a specific MAC label.  Going even further, e.g., envisioning to
+	 * completely replace the path check with the latter, we would need to
+	 * install FreeBSD on a FS with multilabel enabled by default, which in
+	 * practice entails adding an option to ZFS to set MNT_MULTILABEL
+	 * automatically on mounts, ensuring that root (and more if using
+	 * different partitions) ZFS or UFS filesystems are created with
+	 * multilabel turned on, and having the installation procedure support
+	 * setting a MAC label per file (perhaps via additions to mtree(1)).  So
+	 * this probably isn't going to happen overnight, if ever.
+	 */
+	if (vn_fullpath(curproc->p_textvp, &path, &to_free) != 0)
+		return (EPERM);
+	error = strcmp(path, "/usr/bin/mdo") == 0 ? 0 : EPERM;
+	free(to_free, M_TEMP);
+	return (error);
+}
+
+static void
+mac_do_setcred_enter(void)
+{
+	struct rules *rules;
+	struct prison *pr;
+	struct mac_do_setcred_data * data;
+	int error;
+
+	/*
+	 * If not enabled, don't prepare data.  Other hooks will check for that
+	 * to know if they have to do something.
+	 */
+	if (do_enabled == 0)
+		return;
+
+	/*
+	 * MAC/do only applies to a process launched from a given executable.
+	 * For other processes, we just won't intervene (we don't deny requests,
+	 * nor do we grant privileges to them).
+	 */
+	error = check_proc();
+	if (error != 0)
+		return;
+
+	/*
+	 * Find the currently applicable rules.
+	 */
+	rules = find_rules(curproc->p_ucred->cr_prison, &pr);
+	hold_rules(rules);
+	prison_unlock(pr);
+
+	/*
+	 * Setup thread data to be used by other hooks.
+	 */
+	data = fetch_data();
+	if (!is_data_reusable(data, sizeof(*data)))
+		data = alloc_data(data, sizeof(*data));
+	set_data_header(data, sizeof(*data), PRIV_CRED_SETCRED, rules);
+	/* Not really necessary, but helps to catch programming errors. */
+	data->new_cred = NULL;
+	data->setcred_flags = 0;
+}
+
+static int
+mac_do_check_setcred(u_int flags, const struct ucred *const old_cred,
+    struct ucred *const new_cred)
+{
+	struct mac_do_setcred_data *const data = fetch_data();
+
+	/*
+	 * Do we have to do something?
+	 */
+	if (check_data_usable(data, sizeof(*data), PRIV_CRED_SETCRED) != 0)
+		/* No. */
+		return (0);
+
+	/*
+	 * Keep track of the setcred() flags and the new credentials for
+	 * priv_check*().
+	 */
+	data->new_cred = new_cred;
+	data->setcred_flags = flags;
+
+	return (0);
+}
+
+static void
+mac_do_setcred_exit(void)
+{
+	struct mac_do_setcred_data *const data = fetch_data();
+
+	if (check_data_usable(data, sizeof(*data), PRIV_CRED_SETCRED) == 0)
+		/*
+		 * This doesn't deallocate the small per-thread data storage,
+		 * which can be reused on subsequent calls.  (That data is of
+		 * course deallocated as the current thread dies or this module
+		 * is unloaded.)
+		 */
+		clear_data(data);
+}
+
+static void
+mac_do_init(struct mac_policy_conf *mpc)
+{
+	struct prison *pr;
+
+	osd_jail_slot = osd_jail_register(dealloc_jail_osd, osd_methods);
+	set_empty_rules(&prison0);
+	sx_slock(&allprison_lock);
+	TAILQ_FOREACH(pr, &allprison, pr_list)
+	    set_empty_rules(pr);
+	sx_sunlock(&allprison_lock);
+
+	osd_thread_slot = osd_thread_register(dealloc_thread_osd);
+}
+
+static void
+mac_do_destroy(struct mac_policy_conf *mpc)
+{
+	/*
+	 * osd_thread_deregister() must be called before osd_jail_deregister(),
+	 * for the reason explained in dealloc_jail_osd().
+	 */
+	osd_thread_deregister(osd_thread_slot);
+	osd_jail_deregister(osd_jail_slot);
+}
+
 static struct mac_policy_ops do_ops = {
-	.mpo_destroy = mac_do_destroy,
 	.mpo_init = mac_do_init,
-	.mpo_cred_check_setuid = mac_do_check_setuid,
-	.mpo_cred_check_setgroups = mac_do_check_setgroups,
+	.mpo_destroy = mac_do_destroy,
+	.mpo_cred_setcred_enter = mac_do_setcred_enter,
+	.mpo_cred_check_setcred = mac_do_check_setcred,
+	.mpo_cred_setcred_exit = mac_do_setcred_exit,
 	.mpo_priv_grant = mac_do_priv_grant,
 };
 
-MAC_POLICY_SET(&do_ops, mac_do, "MAC/do",
-   MPC_LOADTIME_FLAG_UNLOADOK, NULL);
+MAC_POLICY_SET(&do_ops, mac_do, "MAC/do", MPC_LOADTIME_FLAG_UNLOADOK, NULL);
 MODULE_VERSION(mac_do, 1);

From nobody Thu Apr  3 19:32:28 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhX5DQxz5sLwg;
	Thu, 03 Apr 2025 19:32:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhX3cRFz3Sd2;
	Thu, 03 Apr 2025 19:32:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708748;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=nIon7UWWWgCIERESHUKZy6sOWE1Gf+p+LMwqeYdX6dY=;
	b=FCdQA/tEWlD1tlbe804HeGujjDpRILekEG+qYo9cQrF8wyy06NvW7QfYqKK8wDqxcTq45g
	C8VeWF6bHPx0LEOH5yXT+yqm83X+U3SH/mQyff6b/dSHmi3ql6mpsuYRVmg4EQaGTiSSIr
	6vLFa4dWlwGU2ubSd9NRnRUDx9o5oVJVzyEZhQ+2v3DRFXE3QK3y29xmaaQTucseZktYP0
	f10IF3+gEabuggAMWhfgTyOOqXNty0DHYQIy1lN573sO0uM4xFUOpBMFwzyA0eiyp4df1+
	9vIDriB21Kk/+6LwYm21nIcC0MZMC3DdpWNwt45RrSiaXpF9J7CfTii4etd5UQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708748; a=rsa-sha256; cv=none;
	b=GtLzgbC710XJ4VelLt5uZq7H7gNjqBtfJD2ffnyzUjSYgEDUyE/Piwnhx/nok9ruX3nWkV
	aYaTF2HqAwXym8Y55Wfjq8sAOhMDqY0cVbSxsrnQObQ4rINs6sPtd0zxfOp2mN3EvQbE4h
	+f54rb1HWrE5PxsDZWiUW6mzVfgMuvk2kySBvG5lqYHJqpqgPjiC8IP+THF5mtgXTELO2Z
	DqJXMWx6TJG4R/1Ne3/Vzx7LRNpkoqvDNU3rCCAAfMQs5OUrYmuo3rMFhUnWOrgYRIkLlm
	QonWVYKvW00DJd+eBlvKA1gv46gOqvauEf1xWehr/qVPZZvL0ejuZ7u1HsCWqA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708748;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=nIon7UWWWgCIERESHUKZy6sOWE1Gf+p+LMwqeYdX6dY=;
	b=nt8xlfiUHP4VSWNMEbuzMAbOafeEiQtx0Oy0ehdt6q4Vabiy/XxjfMJrtgL3uBq3yhsYP8
	rOzPEgSnL2mEsDueSCo5CBx6vQqiAUU34ak0MGKLZe192zmDgxE9hW/WyjL1gbx37mn7R4
	duMG4C5jHBILSe9/ULJdAajJ46ZTeXJBEWaFEUIdybHy0ukY4QR/7qaWg5xmebDAIH7evA
	AyC1wb2ZAQHPPPq/wpEaONs/IEz+sTUvUIQBh89ckLn8aFXivj+y2N+Wm7XrsgLoZexz2G
	3gnW28L6CB6qPq/G0Zssd7nFtWEAS6aTg5JrDntnXM2W0+WyXsBdpQNbVEwG1w==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhX3CxlzkW;
	Thu, 03 Apr 2025 19:32:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWS8R040535;
	Thu, 3 Apr 2025 19:32:28 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWSFJ040532;
	Thu, 3 Apr 2025 19:32:28 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:28 GMT
Message-Id: <202504031932.533JWSFJ040532@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 68c46c41a7f8 - stable/14 - mdo(1): Use setcred() to
  change credentials
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 68c46c41a7f875b245325e94e994fda1bd0b3056
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=68c46c41a7f875b245325e94e994fda1bd0b3056

commit 68c46c41a7f875b245325e94e994fda1bd0b3056
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-29 14:24:08 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:05 +0000

    mdo(1): Use setcred() to change credentials
    
    As this is the only system call that MAC/do currently supports, and the
    only one that really can be for transitions involving simultaneous
    changes of user and group IDs.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47621
    
    (cherry picked from commit e395e354823b690ba19ecc8e3688bacec6f67ad3)
---
 usr.bin/mdo/mdo.c | 42 +++++++++++++++++++++++++++++++++++-------
 1 file changed, 35 insertions(+), 7 deletions(-)

diff --git a/usr.bin/mdo/mdo.c b/usr.bin/mdo/mdo.c
index 22e2838daa08..8435fc17f26f 100644
--- a/usr.bin/mdo/mdo.c
+++ b/usr.bin/mdo/mdo.c
@@ -5,6 +5,7 @@
  */
 
 #include <sys/limits.h>
+#include <sys/ucred.h>
 
 #include <err.h>
 #include <paths.h>
@@ -27,6 +28,8 @@ main(int argc, char **argv)
 {
 	struct passwd *pw;
 	const char *username = "root";
+	struct setcred wcred = SETCRED_INITIALIZER;
+	u_int setcred_flags = 0;
 	bool uidonly = false;
 	int ch;
 
@@ -50,20 +53,45 @@ main(int argc, char **argv)
 			const char *errp = NULL;
 			uid_t uid = strtonum(username, 0, UID_MAX, &errp);
 			if (errp != NULL)
-				err(EXIT_FAILURE, "%s", errp);
+				err(EXIT_FAILURE, "invalid user ID '%s'",
+				    username);
 			pw = getpwuid(uid);
 		}
 		if (pw == NULL)
 			err(EXIT_FAILURE, "invalid username '%s'", username);
 	}
+
+	wcred.sc_uid = wcred.sc_ruid = wcred.sc_svuid = pw->pw_uid;
+	setcred_flags |= SETCREDF_UID | SETCREDF_RUID | SETCREDF_SVUID;
+
 	if (!uidonly) {
-		if (initgroups(pw->pw_name, pw->pw_gid) == -1)
-			err(EXIT_FAILURE, "failed to call initgroups");
-		if (setgid(pw->pw_gid) == -1)
-			err(EXIT_FAILURE, "failed to call setgid");
+		/*
+		 * If there are too many groups specified for some UID, setting
+		 * the groups will fail.  We preserve this condition by
+		 * allocating one more group slot than allowed, as
+		 * getgrouplist() itself is just some getter function and thus
+		 * doesn't (and shouldn't) check the limit, and to allow
+		 * setcred() to actually check for overflow.
+		 */
+		const long ngroups_alloc = sysconf(_SC_NGROUPS_MAX) + 2;
+		gid_t *const groups = malloc(sizeof(*groups) * ngroups_alloc);
+		int ngroups = ngroups_alloc;
+
+		if (groups == NULL)
+			err(EXIT_FAILURE, "cannot allocate memory for groups");
+
+		getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups);
+
+		wcred.sc_gid = wcred.sc_rgid = wcred.sc_svgid = pw->pw_gid;
+		wcred.sc_supp_groups = groups + 1;
+		wcred.sc_supp_groups_nb = ngroups - 1;
+		setcred_flags |= SETCREDF_GID | SETCREDF_RGID | SETCREDF_SVGID |
+		    SETCREDF_SUPP_GROUPS;
 	}
-	if (setuid(pw->pw_uid) == -1)
-		err(EXIT_FAILURE, "failed to call setuid");
+
+	if (setcred(setcred_flags, &wcred, sizeof(wcred)) != 0)
+		err(EXIT_FAILURE, "calling setcred() failed");
+
 	if (*argv == NULL) {
 		const char *sh = getenv("SHELL");
 		if (sh == NULL)

From nobody Thu Apr  3 19:32:29 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhY6jRQz5sLss;
	Thu, 03 Apr 2025 19:32:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhY47hkz3SmL;
	Thu, 03 Apr 2025 19:32:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708749;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=lVv2qUJzOfUePmTyZLXH6waHtr1qILqd52J927WOw5I=;
	b=W7e+PEBCRXzu09/UFRYdjEq3cbd2m+WIRwT7tVtdMdmlfomfzxZ83vYDWi2A+JHqvGUGnw
	f/9yYIQp+Y5DGK2H88+JvPs8d+jEurl7zumDZoF2lRJmiv5rb0/Ry7Fu1Lcoeeb/9YQfha
	QHQtEi1XB0dSitfXT7BzZWF17K9Fkb0UmLsbYDSd9hluCk/YMd3rJ70r8WMsNg2bx3KhHc
	In3J8Pmh4xympa1ZmvJ+q/XPHP2sdaLYqqahVG+7kWfwlixUEn9Btpv4bcIh9u2IyL1Uvu
	ldyyU53unuokhR/CfFGOrHPOLMvziuSBziYtJ49nt+BM0IUKjT9XN6fRyWCLTA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708749; a=rsa-sha256; cv=none;
	b=HZ7PiyRhT2aVlGACHiVsyTIvVZ1+SmZ+SCQ8i9U8nSFFoV3oGq2e0+z+JPgRatsa3cMz52
	5oBLpCWSwa7HMjQzFRM9uNGp3OR+XSSnGLeq7gkfsn9eNnOLG7ZBuIwV1EmQ4VBZzAlyar
	iITyjSUZ5YsgNPniA6WBpZHV/FICvjUOoV3cAQNdWff4XDkUOawbMh5asxWcJDi10Y5yLJ
	vcwln57oWWry9cQAd7iU+KEQuDO6Ir18IC2bdxEocY9m6g7wnit4UkhYmL/FlPHPD8IoTP
	DJV+hiQ+Ogyla8lQ+N9trJwQDyIUS/i7XzXueXFVzGohm2rlwf4s/U3L3cZSQA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708749;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=lVv2qUJzOfUePmTyZLXH6waHtr1qILqd52J927WOw5I=;
	b=Pa+BXitBj+W/kyG0mz/TAVzUl4KCVZOd1O3FFgmeHbVOww9QfZDIqdEmmixIXVNdiwRBw5
	wmY/41lZyumGErXJOzMsDS9e5dG6s5gOolhshnfIdrwVfEblS+juLwuRRoSzrzi875f+3l
	TekTJa3uDql2zzt2Az6/kK/3RwMo+m+z4oZny48UBKNPbYsTOJKcG8LTcpLGQwR7O677x1
	lk5ViobsUvkwVnWsoDC04kxZ/lgl1k508OBssYYJFPbDepEAcuOYLHGMcxr88ujNbL0FDI
	YHEO3CStpFfRVgavnUwtonXuzfSybpQHVxufwylBEBf1RQmOjouhW5fKXjEB9Q==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhY3ZQ0zkX;
	Thu, 03 Apr 2025 19:32:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWTvJ040570;
	Thu, 3 Apr 2025 19:32:29 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWTU3040567;
	Thu, 3 Apr 2025 19:32:29 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:29 GMT
Message-Id: <202504031932.533JWTU3040567@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 5e00a28b2f02 - stable/14 - MAC/do: toast_rules():
  Minor simplification
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 5e00a28b2f02a820f9cf9e04b38839f8da835db8
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=5e00a28b2f02a820f9cf9e04b38839f8da835db8

commit 5e00a28b2f02a820f9cf9e04b38839f8da835db8
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-08-13 08:53:24 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:05 +0000

    MAC/do: toast_rules(): Minor simplification
    
    Use the most common pattern to browse and delete elements of a list, as it reads quicker.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47622
    
    (cherry picked from commit 2110eef4bf608b6c1facc57c68d02960b6d880c9)
---
 sys/security/mac_do/mac_do.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 2ce608c754bc..dc5933930a41 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -311,10 +311,9 @@ static void
 toast_rules(struct rules *const rules)
 {
 	struct rulehead *const head = &rules->head;
-	struct rule *rule;
+	struct rule *rule, *rule_next;
 
-	while ((rule = TAILQ_FIRST(head)) != NULL) {
-		TAILQ_REMOVE(head, rule, r_entries);
+	TAILQ_FOREACH_SAFE(rule, head, r_entries, rule_next) {
 		free(rule->uids, M_DO);
 		free(rule->gids, M_DO);
 		free(rule, M_DO);

From nobody Thu Apr  3 19:32:31 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhc2pnBz5sM4Q;
	Thu, 03 Apr 2025 19:32:32 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhb5bllz3SsL;
	Thu, 03 Apr 2025 19:32:31 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708751;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=XFMYKNdG4wOeokRIG/adhXzlQIb9GiiJFJ3LR9GP10M=;
	b=qGmTn3TnPFA7vxtdQUqw4m7ZEkB2z+EbxRkrMMGbfvNOWH1lLePLsQLMeoOFrP0lW89UU3
	iq4MgDtFTLyS9a/FbyquheW9mwnVRtmm48lIU41+TJqjdaHaL3fg0mz2LNIhbBsUwNIc3u
	Jw/Orh8r+ohdTRxa1o4H+gUS5aXvcSp9JQ3vKV4z0yqQOhUV0FQP8JGQ6NuBIJOSju5lXF
	4ISm+rN8KJYy3of4P0xm9mVaQkteVHEdkDGdri17+aOI6cx8J5C1A5KAgJQD1jInpAenyr
	KCYgQvCxYGMlU9KP2OYR9xHCnvJRRj/PDTrp5qPHCWsd89jAZODOxCCw1XM+7Q==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708751; a=rsa-sha256; cv=none;
	b=BhX5L5OXQeQeSHib9FPPKciHxhL/L1Igjoy1khe+e6aeuUDGFLuFR04jg7f9ks4JRBq+Wf
	4xTyIBZMKSb7UxI2mS5BISKTeutMuMC6+8tcRiNzvMcJC7t16umDNjHTf29CFC+5TZ2Bdz
	fJlaOTSB01i4MLER8fK7hrJmPkUqOmok4QzvT82YuvCKXrrPlIMmNcTXi2N3wm6uK0Cuwx
	OqENzBc1XXsfppEtmOrxf/T2mMCDQWQkXkHw5F1700k3GFLjVrTc+Kekaz6xQap9u6tPvw
	bNfeJtWtPNrIQJad8b4JNWtjZWxh9cRsU7CBZi3vKs6nOrWMBVAa+C6dJyye+w==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708751;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=XFMYKNdG4wOeokRIG/adhXzlQIb9GiiJFJ3LR9GP10M=;
	b=rKkUuX2xFGbVBgjalBZ1CtYVtXFKpVzD9Q5JMESyjeyS/yT3t2Fe5vkJt5NpyW6q/MUGsp
	xPoJKj1VwPgr1m3Tg1dKYeq89IBqggNfsKhymfbKFDHsohmkaQ2Y5n/7GEAL4ZZOercPGX
	NO/IgPTWCA8n4pifMl/sZljlpew11PpZAO4RBsiPMF5phXS8Xlt+yuma75NemK6WR3+XRY
	d+svnKruxQnxBq/F2ocQaiuCBReiKvqEr7w6kA3T4ZGC2rZOZrzNOgA82DZryhp2B3jIKw
	xSFf1cdzUHxw2LGZyZLfgIv4YtSjCt3CRSSz/3S2qDKrltGrN1JkZa8sZqvTtA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhb5BxbzsB;
	Thu, 03 Apr 2025 19:32:31 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWVwZ040645;
	Thu, 3 Apr 2025 19:32:31 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWVxi040642;
	Thu, 3 Apr 2025 19:32:31 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:31 GMT
Message-Id: <202504031932.533JWVxi040642@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 53e73ec9f6c4 - stable/14 - MAC/do: Convert internal
  TAILQs to STAILQs
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 53e73ec9f6c41ca8f35258b64d8a57cbc4bb2b16
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=53e73ec9f6c41ca8f35258b64d8a57cbc4bb2b16

commit 53e73ec9f6c41ca8f35258b64d8a57cbc4bb2b16
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-11-12 17:31:33 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:06 +0000

    MAC/do: Convert internal TAILQs to STAILQs
    
    We only browse these forward and never need to remove arbitrary elements
    from them.
    
    No functional change (intended).
    
    Reviewed by:    bapt, emaste
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47624
    
    (cherry picked from commit c7fc71c6af0761f81ecafdb281dd43a081b3b22f)
---
 sys/security/mac_do/mac_do.c | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 669f0cfefdfb..44c33d7cfa57 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -147,7 +147,7 @@ typedef uint16_t	 id_nb_t;
 typedef uint16_t	 id_type_t;
 
 struct rule {
-	TAILQ_ENTRY(rule) r_entries;
+	STAILQ_ENTRY(rule) r_entries;
 	id_type_t	 from_type;
 	u_int		 from_id;
 	flags_t		 uid_flags; /* See MDF_* above. */
@@ -158,7 +158,7 @@ struct rule {
 	struct id_spec	*gids;
 };
 
-TAILQ_HEAD(rulehead, rule);
+STAILQ_HEAD(rulehead, rule);
 
 struct rules {
 	char		string[MAC_RULE_STRING_LEN];
@@ -171,11 +171,11 @@ struct rules {
  */
 
 struct id_elem {
-	TAILQ_ENTRY(id_elem) ie_entries;
+	STAILQ_ENTRY(id_elem) ie_entries;
 	struct id_spec spec;
 };
 
-TAILQ_HEAD(id_list, id_elem);
+STAILQ_HEAD(id_list, id_elem);
 
 #ifdef INVARIANTS
 static void
@@ -313,7 +313,7 @@ toast_rules(struct rules *const rules)
 	struct rulehead *const head = &rules->head;
 	struct rule *rule, *rule_next;
 
-	TAILQ_FOREACH_SAFE(rule, head, r_entries, rule_next) {
+	STAILQ_FOREACH_SAFE(rule, head, r_entries, rule_next) {
 		free(rule->uids, M_DO);
 		free(rule->gids, M_DO);
 		free(rule, M_DO);
@@ -328,7 +328,7 @@ alloc_rules(void)
 
 	_Static_assert(MAC_RULE_STRING_LEN > 0, "MAC_RULE_STRING_LEN <= 0!");
 	rules->string[0] = 0;
-	TAILQ_INIT(&rules->head);
+	STAILQ_INIT(&rules->head);
 	rules->use_count = 0;
 	return (rules);
 }
@@ -730,7 +730,7 @@ parse_target_clause(char *to, struct rule *const rule,
 	}
 	ie = malloc(sizeof(*ie), M_DO, M_WAITOK);
 	ie->spec = is;
-	TAILQ_INSERT_TAIL(list, ie, ie_entries);
+	STAILQ_INSERT_TAIL(list, ie, ie_entries);
 	check_type_and_id_spec(type, &is);
 check_type_and_finish:
 	check_type_and_type_flags(type, *tflags);
@@ -776,14 +776,14 @@ pour_list_into_rule(const id_type_t type, struct id_list *const list,
 	size_t idx = 0;
 
 	/* Fill the array. */
-	TAILQ_FOREACH_SAFE(ie, list, ie_entries, ie_next) {
+	STAILQ_FOREACH_SAFE(ie, list, ie_entries, ie_next) {
 		MPASS(idx < *nb);
 		array[idx] = ie->spec;
 		free(ie, M_DO);
 		++idx;
 	}
 	MPASS(idx == *nb);
-	TAILQ_INIT(list);
+	STAILQ_INIT(list);
 
 	/* Sort it (by ID). */
 	qsort(array, *nb, sizeof(*array), id_spec_cmp);
@@ -865,8 +865,8 @@ parse_single_rule(char *rule, struct rules *const rules,
 	int error;
 
 	MPASS(*parse_error == NULL);
-	TAILQ_INIT(&uid_list);
-	TAILQ_INIT(&gid_list);
+	STAILQ_INIT(&uid_list);
+	STAILQ_INIT(&gid_list);
 
 	/* Freed when the 'struct rules' container is freed. */
 	new = malloc(sizeof(*new), M_DO, M_WAITOK | M_ZERO);
@@ -935,7 +935,7 @@ parse_single_rule(char *rule, struct rules *const rules,
 		if (error != 0)
 			goto einval;
 	}
-	MPASS(TAILQ_EMPTY(&uid_list));
+	MPASS(STAILQ_EMPTY(&uid_list));
 	if (!has_clauses(new->uids_nb, new->uid_flags)) {
 		/* No UID specified, default is "uid=.". */
 		MPASS(new->uid_flags == 0);
@@ -951,7 +951,7 @@ parse_single_rule(char *rule, struct rules *const rules,
 		if (error != 0)
 			goto einval;
 	}
-	MPASS(TAILQ_EMPTY(&gid_list));
+	MPASS(STAILQ_EMPTY(&gid_list));
 	if (!has_clauses(new->gids_nb, new->gid_flags)) {
 		/* No GID specified, default is "gid=.,!gid=.". */
 		MPASS(new->gid_flags == 0);
@@ -960,16 +960,16 @@ parse_single_rule(char *rule, struct rules *const rules,
 		check_type_and_type_flags(IT_GID, new->gid_flags);
 	}
 
-	TAILQ_INSERT_TAIL(&rules->head, new, r_entries);
+	STAILQ_INSERT_TAIL(&rules->head, new, r_entries);
 	return (0);
 
 einval:
 	free(new->gids, M_DO);
 	free(new->uids, M_DO);
 	free(new, M_DO);
-	TAILQ_FOREACH_SAFE(ie, &gid_list, ie_entries, ie_next)
+	STAILQ_FOREACH_SAFE(ie, &gid_list, ie_entries, ie_next)
 	    free(ie, M_DO);
-	TAILQ_FOREACH_SAFE(ie, &uid_list, ie_entries, ie_next)
+	STAILQ_FOREACH_SAFE(ie, &uid_list, ie_entries, ie_next)
 	    free(ie, M_DO);
 	MPASS(*parse_error != NULL);
 	return (EINVAL);
@@ -1279,7 +1279,7 @@ mac_do_jail_get(void *obj, void *data)
 	rules = find_rules(pr, &ppr);
 
 	jsys = pr == ppr ?
-	    (TAILQ_EMPTY(&rules->head) ? JAIL_SYS_DISABLE : JAIL_SYS_NEW) :
+	    (STAILQ_EMPTY(&rules->head) ? JAIL_SYS_DISABLE : JAIL_SYS_NEW) :
 	    JAIL_SYS_INHERIT;
 	error = vfs_setopt(opts, "mac.do", &jsys, sizeof(jsys));
 	if (error != 0 && error != ENOENT)
@@ -1967,7 +1967,7 @@ mac_do_priv_grant(struct ucred *cred, int priv)
 	 * privilege granting functions interpreting the "to"/"target" part.
 	 */
 	error = EPERM;
-	TAILQ_FOREACH(rule, &rules->head, r_entries)
+	STAILQ_FOREACH(rule, &rules->head, r_entries)
 	    if (rule_applies(rule, cred)) {
 		    error = rule_grant_setcred(rule, cred, new_cred);
 		    if (error != EPERM)

From nobody Thu Apr  3 19:32:30 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhb2PClz5sLwj;
	Thu, 03 Apr 2025 19:32:31 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhZ59t6z3SkH;
	Thu, 03 Apr 2025 19:32:30 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708750;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=3Ch3g6TuFXbBGDzY/pxikNSh1zXdYwUZR0kgRTJ5mvg=;
	b=bwygokWq2A0On+gVp649xbIfvwfK65OsZAyY1KdpClwGTKP8NoEVjAiexSDR0P5FJFFcL6
	v+eVOk90vZMt5FqxUqsuvwyK7n7FZaE0UTp2cQgBz63rQiIhf+gX5ssACQL23h4qEPhLsQ
	L+60vzi0jOFpivTA7ntRuteSABpM2PZM3ElHPBeYoj4mW4GSOWlZs+bjSOph+lTcbwqbzq
	XmBr/97gHKUgWtDJzyBowxy7Ec9jLq5cKzyzq0AHrTQK7SoZM/UQyJGG36e4sp+ZNOapnF
	IZUyAnOZnkbRyilWJdsW7Pm0acKBhsTgAV5iFe8MRIVcxmLQbLY90TdLfUvvaw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708750; a=rsa-sha256; cv=none;
	b=qM+hbl/kLU01raLYQrCEffU5JX5qFStf5u481VlRX8XXiVi7FwCQGcoSJzPXJM5Asp330V
	c0TpppCrAKk5F7Ke2qMHcutbArmbM4qfDkSS9JtPqZg9wZDnai31Gi/XVzv0FsurJvu7DI
	yjkg3z37YU1WSu39nGY2TY4ruvZtbh42gYz6oZph3pPWHJ1bdZzzk/VUm9rYAuXRHIBX4T
	8+nNlOuSEz6fofU/FO39xRDQW414w30gcukJSAt7Y+Z9QxA9huZi5TjPrazf9RdMikcfBN
	M7/ziIVkYoLFnqVeetv4+CWwCWgfaS6h/f1hjUMDu2ixCAaCd/mbC6YiXs5i2w==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708750;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=3Ch3g6TuFXbBGDzY/pxikNSh1zXdYwUZR0kgRTJ5mvg=;
	b=AOZWTcjWnNF2dtNxxqQn32JCLMnUcvaZpyND0wPdDzWEqLfzgX/x5jAsJI5uGt78Lrnefl
	wYElPu5rSe9612pEUPoNdogbJpUYOpVd5vY2lxZri5pPz9pNDI1dMdgg1wW35pcuqv8MLY
	tHQuI81exMrrLUBbxBwBP7p8LU57D06RA+gMDP4FN67yvjOPZyZLQwpv610bLxY6rUaAtq
	RtuownIaX/oKoqGjkD22kpA8I1lHSlNebE9FdgCefIkGaii2EPry5iQyAHT/EfvuoVCIWe
	wVIVlqa1yuar+ANEF9m+qSTBP63DepbF+mToCQNQBtfq1cP5NHpNSt2GbvIKnQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhZ4TS3zM4;
	Thu, 03 Apr 2025 19:32:30 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWU9t040610;
	Thu, 3 Apr 2025 19:32:30 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWUOK040608;
	Thu, 3 Apr 2025 19:32:30 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:30 GMT
Message-Id: <202504031932.533JWUOK040608@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 8bf992d2ebad - stable/14 - MAC/do: parse_rules():
  Tolerate blanks around tokens
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 8bf992d2ebadfe287909be02e6d0a51409597b05
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=8bf992d2ebadfe287909be02e6d0a51409597b05

commit 8bf992d2ebadfe287909be02e6d0a51409597b05
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-11-12 17:13:26 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:05 +0000

    MAC/do: parse_rules(): Tolerate blanks around tokens
    
    To this end, we introduce the strsep_noblanks() function, designed to be
    a drop-in replacement for strstep(), and use it in place of the latter.
    
    We had taken care of calling strsep() even when the remaining sub-string
    was not delimited (i.e., with empty string as its second argument), so
    this commit only has mechanical replacements of existing calls.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47623
    
    (cherry picked from commit 4a03b64517b3151064c52e213ebbc068ab1430d1)
---
 sys/security/mac_do/mac_do.c | 61 ++++++++++++++++++++++++++++++++++++++------
 1 file changed, 53 insertions(+), 8 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index dc5933930a41..669f0cfefdfb 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -381,6 +381,48 @@ strtoui_strict(const char *const restrict s, const char **const restrict endptr,
 	return (0);
 }
 
+/*
+ * strsep() variant skipping spaces and tabs.
+ *
+ * Skips spaces and tabs at beginning and end of the token before one of the
+ * 'delim' characters, i.e., at start of string and just before one of the
+ * delimiter characters (so it doesn't prevent tokens containing spaces and tabs
+ * in the middle).
+ */
+static char *
+strsep_noblanks(char **const stringp, const char *delim)
+{
+	char *p = *stringp;
+	char *ret, *wsp;
+	size_t idx;
+
+	if (p == NULL)
+		return (NULL);
+
+	idx = strspn(p, " \t");
+	p += idx;
+
+	ret = strsep(&p, delim);
+
+	/* Rewind spaces/tabs at the end. */
+	if (p == NULL)
+		wsp = ret + strlen(ret);
+	else
+		wsp = p - 1;
+	for (; wsp != ret; --wsp) {
+		switch (wsp[-1]) {
+		case ' ':
+		case '\t':
+			continue;
+		}
+		break;
+	}
+	*wsp = '\0';
+
+	*stringp = p;
+	return (ret);
+}
+
 
 static void
 make_parse_error(struct parse_error **const parse_error, const size_t pos,
@@ -485,7 +527,7 @@ parse_target_clause(char *to, struct rule *const rule,
 
 	MPASS(*parse_error == NULL);
 	MPASS(to != NULL);
-	to_type = strsep(&to, "=");
+	to_type = strsep_noblanks(&to, "=");
 	MPASS(to_type != NULL);
 	to_type += parse_gid_flags(to_type, &is.flags, &gid_flags);
 	error = parse_id_type(to_type, &type, parse_error);
@@ -498,7 +540,7 @@ parse_target_clause(char *to, struct rule *const rule,
 		goto einval;
 	}
 
-	to_id = strsep(&to, "");
+	to_id = strsep_noblanks(&to, "");
 	switch (type) {
 	case IT_GID:
 		if (to_id == NULL) {
@@ -829,7 +871,7 @@ parse_single_rule(char *rule, struct rules *const rules,
 	/* Freed when the 'struct rules' container is freed. */
 	new = malloc(sizeof(*new), M_DO, M_WAITOK | M_ZERO);
 
-	from_type = strsep(&rule, "=");
+	from_type = strsep_noblanks(&rule, "=");
 	MPASS(from_type != NULL); /* Because 'rule' was not NULL. */
 	error = parse_id_type(from_type, &new->from_type, parse_error);
 	if (error != 0)
@@ -844,7 +886,7 @@ parse_single_rule(char *rule, struct rules *const rules,
 		goto einval;
 	}
 
-	from_id = strsep(&rule, ":");
+	from_id = strsep_noblanks(&rule, ":");
 	if (is_null_or_empty(from_id)) {
 		make_parse_error(parse_error, 0, "No ID specified.");
 		goto einval;
@@ -869,7 +911,7 @@ parse_single_rule(char *rule, struct rules *const rules,
 	 * allows to minimize memory allocations and enables searching IDs in
 	 * O(log(n)) instead of linearly.
 	 */
-	to_list = strsep(&rule, ",");
+	to_list = strsep_noblanks(&rule, ",");
 	if (to_list == NULL) {
 		make_parse_error(parse_error, 0, "No target list.");
 		goto einval;
@@ -882,7 +924,7 @@ parse_single_rule(char *rule, struct rules *const rules,
 			goto einval;
 		}
 
-		to_list = strsep(&rule, ",");
+		to_list = strsep_noblanks(&rule, ",");
 	} while (to_list != NULL);
 
 	if (new->uids_nb != 0) {
@@ -949,7 +991,10 @@ einval:
  * is "uid" or "gid", <id> an UID or GID (depending on <type>) and <target> is
  * "*", "any" or a comma-separated list of '<flags><type>=<id>' clauses (see the
  * comment for parse_single_rule() for more details).  For convenience, empty
- * rules are allowed (and do nothing).
+ * rules are allowed (and do nothing), and spaces and tabs are allowed (and
+ * removed) around each token (tokens are natural ones, except that
+ * '<flags><type>' as a whole is considered a single token, so no blanks are
+ * allowed between '<flags>' and '<type>').
  *
  * Examples:
  * - "uid=1001:uid=1010,gid=1010;uid=1002:any"
@@ -982,7 +1027,7 @@ parse_rules(const char *const string, struct rules **const rulesp,
 	MPASS(copy[len] == '\0'); /* Catch some races. */
 
 	p = copy;
-	while ((rule = strsep(&p, ";")) != NULL) {
+	while ((rule = strsep_noblanks(&p, ";")) != NULL) {
 		if (rule[0] == '\0')
 			continue;
 		error = parse_single_rule(rule, rules, parse_error);

From nobody Thu Apr  3 19:32:32 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhd2bsQz5sLwn;
	Thu, 03 Apr 2025 19:32:33 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhc6VyMz3T5D;
	Thu, 03 Apr 2025 19:32:32 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708752;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=N/l7Z8Q27vOehYMNQbwSHL23ceK0JM9bdTWrNDOOjaU=;
	b=iaZUTOiyh2Zc0d2ssInmD+Gwwd5b8gjRTI90cS1ZF8s7oBWsCUCaIjho7UqDpoHwHxRqBL
	a0A4ImTHYG8rmIkAaIVGHCUyqXkW/hPZFwbxOh9bIHYCcGvjLOB5jTKcuqpvtV2a5xSONt
	JGjAo7t5R3i3P8TJHJ/Txp9IiT81wngn8Vd0etbZoDaDtUxfrLSpmr0YbeLpcV4DMI1lTc
	TYlIZpAOyhtlkgzHX0qfD1YwBgtTZW0d4JHnz71IeRdL9AILjh7uzv5+A8v7ih+sl7OLz1
	cKkr8IJd25XVE5qllzUDJHy+aPW7hgIsxBxw9k198qdDRv0dWOsdADwg0WDkhw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708752; a=rsa-sha256; cv=none;
	b=AFeOPY36gPMZk5NPCPZWfK8MbMgBLn9k9TCmWX7badpJ2SSvScrTPGR5UfyaHmN/pOqQqn
	9pLUGtqKzf2BD2MaW7K11RpEYwOPyMHfK6gkOTk4hlU3+IoziY1HpPDE9vXnUtbQv/uN4u
	bBPnzt3J8FhuAYJFNTI8VFR9J+/iybzyg72a9xAQdQuybK1k6rJ1qLD2xslw1vRfS/agac
	nxle3RJYXfKsfJcP56Mko52M44bijItTL8ZpRwuz/zV5ItPq2a1rJ2Kk9nmTa+xwtsQpUy
	PFIMSPOZhHTxOA0EjCeiOqtrVewZHogejSkv6asXK47LmphtqoeTBNj02uiXow==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708752;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=N/l7Z8Q27vOehYMNQbwSHL23ceK0JM9bdTWrNDOOjaU=;
	b=VmU8Z+eE3LCrFLU07avOscLaPTWfq1T8bC+EVSpHW5q60dTsihCupXiVcreo8qEXKDDvaY
	k8YLMB/7uNLmngdBPl6k4t5/h/O1jNr+1+dbClteNOKIolCl1sQD0t/eRJH1ddGEzSOXD5
	rGrfr/zEBg+S8yiR1OuHHWH0iKBP+JfzCUGCsPiuMT9EHd/+EDWpFVOde2eloxBk5OVFtr
	irmyb02MPU0/yZbTUp66AIOeg6DBjcTzFCboky9JhTjkXUc5Na5rFVmHQ6VGaSwhzQ90JF
	XwuS+hmKoegUhfci/rgy9n8OgWLwkTSPn9QCdgUoxRsZkX+ujBQenmbkrAJQiA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhc5qWCzZv;
	Thu, 03 Apr 2025 19:32:32 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWW9R040679;
	Thu, 3 Apr 2025 19:32:32 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWWLd040676;
	Thu, 3 Apr 2025 19:32:32 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:32 GMT
Message-Id: <202504031932.533JWWLd040676@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 8f72bcd9fd5d - stable/14 - MAC/do: Apply a rule on
  real UID/GID instead of effective ones
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 8f72bcd9fd5d951fe673ca4c3dfef017f39c672e
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=8f72bcd9fd5d951fe673ca4c3dfef017f39c672e

commit 8f72bcd9fd5d951fe673ca4c3dfef017f39c672e
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-11-29 14:39:17 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:06 +0000

    MAC/do: Apply a rule on real UID/GID instead of effective ones
    
    We intend MAC/do to authorize transitions based on the "real" identity
    information of the calling process, rather than transiently-acquired
    effective IDs.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47845
    
    (cherry picked from commit de701f9bdbe0ede691a0439d1c469082b94fe234)
---
 sys/security/mac_do/mac_do.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 44c33d7cfa57..7ec34b20c882 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -1906,9 +1906,9 @@ rule_grant_setcred(const struct rule *const rule,
 static bool
 rule_applies(const struct rule *const rule, const struct ucred *const cred)
 {
-	if (rule->from_type == IT_UID && rule->from_id == cred->cr_uid)
+	if (rule->from_type == IT_UID && rule->from_id == cred->cr_ruid)
 		return (true);
-	if (rule->from_type == IT_GID && groupmember(rule->from_id, cred))
+	if (rule->from_type == IT_GID && realgroupmember(rule->from_id, cred))
 		return (true);
 	return (false);
 }

From nobody Thu Apr  3 19:32:35 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhg6XQkz5sMCd;
	Thu, 03 Apr 2025 19:32:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhg1Qrwz3SvQ;
	Thu, 03 Apr 2025 19:32:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708755;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=D2Xzck3Da5HG2WF7cnYfxmz9SnAhPp7dpyqlgo1YurI=;
	b=ZBMNaSTjEkwOOKdw+1ad+6TMIzlNs+cG+RjZe03s5oStf+gQjUVwa+6CnWBg7hjpaJK/2P
	sYyF+dqT2A31q3jOye3OYB0sIt7fVcs+DxCkzs8R5ykjHgOjdjhiiEd3qHRI3inbidBPJA
	cwKpGqdn0I/m7SmRW59rbr5vXXKTOb/KXEIGJ5rrzgAGf1M9mNsobnceH2UpqF2NFhkFSr
	NtQxRd/tv5QcPHorW0nb0PROqkcOH58f443RkuZv9JS4Vu9p5d3KH4rcUFruhu8LjNTS25
	nuzxc0WXj7eYmgMMnyUZTFco4jvMKKydW8bl+RgYcEsW36O6Y7a552KWZTXnOQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708755; a=rsa-sha256; cv=none;
	b=TA3JNvYc+WjBTVXyIhwNMuKz1j2Vcd14xyCeYmV7A0j86wysiefg0jLQFToNl/MUhRy7Vn
	pl+xkiiT8KI5ZWdRqwQQscfsSeYmFr9Eje2v41G7rRGB5oet2tPAle7uagnwaF7JhE4R0L
	9FIF62JSb7cn0So974ycod1LdZ7t5htaKaQ0Ub7zRbdH1etM62KbP95774dkStIsazPf/E
	vdzf2RlIGhEWiwsr59F6BH6YZtAY819iAnNY/PpSKdz3JxvPtV52GUhZTxU6zzv/t0vZTi
	CK7gO6TCJ4W+xIyuCCFGdsNcWwo3vGLqOl6Ay4MfC7EvPpIYkPDtsIqFwnmOvQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708755;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=D2Xzck3Da5HG2WF7cnYfxmz9SnAhPp7dpyqlgo1YurI=;
	b=AIGHJ0+0QhAzhbthuAEHoFrGM955Kjn/YhniE/WmKLf6O/gAv77quFua1E0w0w5iV6NnAv
	itJHoefbyZO4e8gL49jIOpMjgIPoYe+wkT+t5MGZ5ER8znhmVlofknlhDpDCCvwB89uynT
	RW6Dp8W0L18qroC8cXUUhtX1QsHMo5qRN/qhgm3xvI9OeURM5t7I2rkyf67XB5ltGvmcBa
	szyKbLo4H2ZQTrdQjxDjEbx/wSTZzrU95haXIemsMsidQreYG+iB+8h79nPxixc7kmpE95
	ZUDQqXtJcH42tgtL5XrNt69dYm612R+rIU3tOMI7D876polt+OCZRl6AjIkzjQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhg0n7mzmw;
	Thu, 03 Apr 2025 19:32:35 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWZdG040747;
	Thu, 3 Apr 2025 19:32:35 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWZ3v040744;
	Thu, 3 Apr 2025 19:32:35 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:35 GMT
Message-Id: <202504031932.533JWZ3v040744@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: f9b5d5bf1186 - stable/14 - MAC/do: Fix a compilation
  warning about an unused function
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: f9b5d5bf1186d4b01e92229d271f2cb0d8764b25
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=f9b5d5bf1186d4b01e92229d271f2cb0d8764b25

commit f9b5d5bf1186d4b01e92229d271f2cb0d8764b25
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-12-17 14:17:16 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:06 +0000

    MAC/do: Fix a compilation warning about an unused function
    
    grant_supplementary_group_from_flags() had been used in previous
    versions of the recent changes, but recently has not been needed
    anymore.  It has been kept around just in case deliberately, by analogy
    with grant_primary_group_from_flags() (this one still being used).
    
    (cherry picked from commit f1ddb6fb8c4d051a205dae3a848776c9d56f86ff)
---
 sys/security/mac_do/mac_do.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index c5f986920db1..8175f8ccdab4 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -1628,7 +1628,7 @@ grant_primary_group_from_flags(const flags_t flags)
  * - EJUSTRETURN:	Flags are agnostic.
  * - EPERM:		Access denied.
  */
-static int
+static int __unused
 grant_supplementary_group_from_flags(const flags_t flags)
 {
 	if ((flags & MDF_SUPP_MASK) != 0)

From nobody Thu Apr  3 19:32:33 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhf4R1Fz5sMG0;
	Thu, 03 Apr 2025 19:32:34 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhf0T08z3Ssk;
	Thu, 03 Apr 2025 19:32:34 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708754;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=uly7TnOmSY59SCe769jgu8TPHVNGdMO6nxxlx5T1RM4=;
	b=mTH5lGuTehIzrJvX6t6Wt0pSXgrsX4mc5EtiUpeaAFDrkzzfjYxnafuDCj05acWAvf2Tjt
	/4OYZ5hcwhl7iAmZQzMTU/TusWnqf9U2VFb9AF7NVh4IZ+fGe1Kj3Pwopq2vHCAxitQljG
	e6hwA8H3hmqUgd8ZVy84f5GaD0V6TcdjRM9K7FpAr7D36oicCqV/yyvlLLikUJb/uxmzpd
	SQnI3mxjogaBgWiX2XzFPjh5gO3jSf0/6XGFymfsjSyJYgfCCUAZMvfzDTd4SKFOVjo+s5
	d6W1D3pYc01V6MalNsvOq2gvFmx5EIWJ7Y24Gh5LCh3sLg3NOkzG2ThZ4eAvnQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708754; a=rsa-sha256; cv=none;
	b=oFN3hO8uPxyGJRFilP0u9GJmk3whjJQY1Qira7OIQLF2rxZPzuG3OBChAaX/QKf6Jr6t29
	oYk7+he59xFsgHJzwtb5H30zOx1VQObW2gaBL2mW5Kj5+sFHD56eFSAue48Dk5ByaMKByJ
	HlLnSN02iGYiveLVE59HW52lORpV7a/S/nati6V6Y+PLZyY95Y8jQW5Jebja6kRvkjpNxV
	Ce4MCXGN7uPjPFNstcMCb2cT16FLp/Bhrew/kCTKLRgmVy8NFUr/wckoT18RQWzzVK5f40
	+SjpeyKLN42YmUL6QJGsSxL7VAVhSsc6327mZKfVxblckhCyiemzXn0KvTLkyg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708754;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=uly7TnOmSY59SCe769jgu8TPHVNGdMO6nxxlx5T1RM4=;
	b=kUgVBji44ERWZmP0UJ942PidUqqECBP/El3Jc15vggMoKzmWOMb7DP9tuPRdsw38K54YOX
	rQ4530EJ9MeP+dgbeUwLLgzY2kaUgVTZbQa0nFLWQ9zK4wmUQEwbC3QHIIBKR9l+CvDVpW
	OlfqlmzYDLrF92wXlOUOdV2nF3/8VM0537XnBL1CyxqHeLqNGoa+OebqRyGPvHuquDbGw8
	vxfi3nA/7JT0l66U/f3q4nTMryXlFxQBRYf/4pE6JqFInMPiY3I+TjXwWPXIXNnAj0c39q
	IKDihp2Xbh5E23EJcpMq00gV9dBnDS4w2juavmABJujBy60bcOx2XIDxJfV5bQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhf01PmzkZ;
	Thu, 03 Apr 2025 19:32:34 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWXpu040713;
	Thu, 3 Apr 2025 19:32:33 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWXiW040710;
	Thu, 3 Apr 2025 19:32:33 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:33 GMT
Message-Id: <202504031932.533JWXiW040710@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: ba9aea5dc0e0 - stable/14 - MAC/do: Update copyright
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: ba9aea5dc0e02375d0c46762b39d60f9a7d4b68a
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=ba9aea5dc0e02375d0c46762b39d60f9a7d4b68a

commit ba9aea5dc0e02375d0c46762b39d60f9a7d4b68a
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-12-16 16:52:14 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:06 +0000

    MAC/do: Update copyright
    
    Approved by:    emaste (mentor)
    Sponsored by:   The FreeBSD Foundation
    
    (cherry picked from commit e94684b3e0d966f755f785e4908317bd6bdd2ea0)
---
 sys/security/mac_do/mac_do.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index 7ec34b20c882..c5f986920db1 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -1,7 +1,12 @@
 /*-
+ * SPDX-License-Identifier: BSD-2-Clause
+ *
  * Copyright(c) 2024 Baptiste Daroussin <bapt@FreeBSD.org>
+ * Copyright (c) 2024 The FreeBSD Foundation
  *
- * SPDX-License-Identifier: BSD-2-Clause
+ * Portions of this software were developed by Olivier Certner
+ * <olce.freebsd@certner.fr> at Kumacom SARL under sponsorship from the FreeBSD
+ * Foundation.
  */
 
 #include <sys/param.h>

From nobody Thu Apr  3 19:32:36 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhh5Mftz5sM4h;
	Thu, 03 Apr 2025 19:32:36 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhh2W4Hz3Svg;
	Thu, 03 Apr 2025 19:32:36 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708756;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=pLyjSZxrOtQavmJqzEamoGQu03ECLuT7juwazP/GzWU=;
	b=vagRuWSfUgKAqwijThkMJNAi10HQ73c0WZ2yzH019IB3JLYX3sWk2AbhYl8ru13PkPuVm0
	VnSwkt8Ko/8iMFFTFNYTKn7g9Gio8r9CdteiUh7mqrxGavgM0JLbQjpl9NcjIjrxTrDZIj
	EXTmvVa8bvraNElAQ3scQs1xqXrs4fq1Gqi/udXan3TH4DLibXHyuKaPUuG3rckIfIYYXs
	khimdw/ufBE296SAjepd9IGdN5UA1XL2LBd3sPH2MjE1EFZQRwjJzmNTcKsGS6KtggMrLj
	7evLr+RuDA0UKhXtfS6QNCf5NBK+lHlRnyfLaQHzvdjJytHkCTW2PPNfnEE9jA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708756; a=rsa-sha256; cv=none;
	b=AlsWBicqTS2v63qGSHgo+fRGh9xT8TQ3qxMs9n9+QalxLVbaf8pAl5qQf1sk8fJMMbyFdc
	KOZh8gWdnOekwSZG5vx9pQT66Ts0kBHclkT04Ke3Y2QogWj+wdB0DuMNNoru6MP3SEXzBd
	I6wAW9Z1QBsVVb1Rf3ijOGwq83JzSW9varTxPdysZPJbqK2sFHN1NgoIuit266+/4IvkVU
	eo/MiSji2lbt29L5wxc/3afYk2lcC8htmW4HkXzpCxPonFdCkMxJw1zWeCxYqvT2sD5e/S
	qDX3mSGTIUwiTxOXoMWrHMp3PTX1DZ331o+bmtD4VSlJrI3urfSe4KQFVL3fzQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708756;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=pLyjSZxrOtQavmJqzEamoGQu03ECLuT7juwazP/GzWU=;
	b=nskin65UeTBQanJnYU6jR92UyCCU2OISaOlDMhf+DRznBvVb+ppXssj04mnHrPeFmDLT++
	dTFJM1L8MX2zrTHRaH/udYMV9zSHHAAEPFTmGYyLEZ6QyuN+yFHyR9inUs2pIgV6QlU5+K
	9pUroWDKtafABi/l5yiZViJNlBpV9wjHOI3xeiQMO8H/5ZP8JUIOGbjc4vb4o3k8oxwzzl
	zfR/ckVIx/bm5iJTMxHnY9a0BPYyZD2Hy83Mgk+UH2smCsLqN3RDkeqCW+4JabE7mOI+p0
	MJuINfuGUnW1y3BZHRD7BsFkK6jWGMFKrPDXKOdqfVYAxIV4v8Y27kVfi/miPA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhh24m6zkb;
	Thu, 03 Apr 2025 19:32:36 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWaUU040790;
	Thu, 3 Apr 2025 19:32:36 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWaAI040787;
	Thu, 3 Apr 2025 19:32:36 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:36 GMT
Message-Id: <202504031932.533JWaAI040787@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: e286a0373631 - stable/14 - setcred(2): Add manual
  page
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: e286a0373631d4f826d0f431de3269abbc7c9156
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=e286a0373631d4f826d0f431de3269abbc7c9156

commit e286a0373631d4f826d0f431de3269abbc7c9156
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-12-12 08:38:00 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:07 +0000

    setcred(2): Add manual page
    
    Reviewed by:    Alexander Ziaee <concussious@runbox.com>
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D48063
    
    (cherry picked from commit b6f4027ad9a2ede69a7ec11137cc4ea69ec2f0a0)
---
 lib/libc/sys/Makefile.inc |   1 +
 lib/libc/sys/setcred.2    | 290 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 291 insertions(+)

diff --git a/lib/libc/sys/Makefile.inc b/lib/libc/sys/Makefile.inc
index f01b085f712b..ebcb69d283f6 100644
--- a/lib/libc/sys/Makefile.inc
+++ b/lib/libc/sys/Makefile.inc
@@ -311,6 +311,7 @@ MAN+=	abort2.2 \
 	semget.2 \
 	semop.2 \
 	send.2 \
+	setcred.2 \
 	setfib.2 \
 	sendfile.2 \
 	setgroups.2 \
diff --git a/lib/libc/sys/setcred.2 b/lib/libc/sys/setcred.2
new file mode 100644
index 000000000000..a1b819d24c52
--- /dev/null
+++ b/lib/libc/sys/setcred.2
@@ -0,0 +1,290 @@
+.\"
+.\" SPDX-License-Identifier: BSD-2-Clause
+.\"
+.\" Copyright © 2024 The FreeBSD Foundation
+.\"
+.\" This documentation was written by Olivier Certner <olce.freebsd@certner.fr>
+.\" at Kumacom SARL under sponsorship from the FreeBSD Foundation.
+.\"
+.Dd December 19, 2024
+.Dt SETCRED 2
+.Os
+.Sh NAME
+.Nm setcred
+.Nd set current process credentials atomically
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In sys/ucred.h
+.Ft int
+.Fn setcred "u_int flags" "const struct setcred *wcred" "size_t size"
+.Sh DESCRIPTION
+The
+.Fn setcred
+system call can set any combination of user-accessible credentials of the
+current process in an atomic manner.
+.Pp
+This system call is normally permitted only for processes having the ID of the
+super-user (0) as their effective user ID, or not at all if the
+.Xr sysctl 8
+variable
+.Va security.bsd.suser_enabled
+is zero or some active MAC policy specifically denies these processes.
+.Pp
+Some MAC policies, such as
+.Xr mac_do 4 ,
+may also allow unprivileged users to call it successfully, possibly depending on
+the exact credentials transition requested, once again unless any active MAC
+policy specifically denies that.
+.Pp
+The
+.Fa flags
+argument serves to indicate which process credentials should be changed by the
+call.
+Allowed flags are:
+.Pp
+.Bl -tag -width "SETCREDF_SUPP_GROUPS   " -compact
+.It Fa SETCREDF_UID
+Set the effective user ID.
+.It Fa SETCREDF_RUID
+Set the real user ID.
+.It Fa SETCREDF_SVUID
+Set the saved user ID.
+.It Fa SETCREDF_GID
+Set the effective group ID.
+.It Fa SETCREDF_RGID
+Set the real group ID.
+.It Fa SETCREDF_SVGID
+Set the saved group ID.
+.It Fa SETCREDF_SUPP_GROUPS
+Set the supplementary group list.
+.It Fa SETCREDF_MAC_LABEL
+Set the MAC label.
+.El
+.Pp
+The
+.Vt struct setcred
+structure is currently defined as:
+.Bd -literal
+struct setcred {
+	uid_t	 sc_uid;		/* effective user id */
+	uid_t	 sc_ruid;		/* real user id */
+	uid_t	 sc_svuid;		/* saved user id */
+	gid_t	 sc_gid;		/* effective group id */
+	gid_t	 sc_rgid;		/* real group id */
+	gid_t	 sc_svgid;		/* saved group id */
+	u_int	 sc_pad;		/* padding, unused */
+	u_int	 sc_supp_groups_nb;	/* supplementary groups number */
+	gid_t	*sc_supp_groups;	/* supplementary groups */
+	struct mac *sc_label;		/* MAC label */
+};
+.Ed
+.Pp
+Its fields are:
+.Pp
+.Bl -tag -width "sc_supp_groups_nb   " -compact
+.It Fa sc_uid
+The ID to set the effective user to, if flag
+.Dv SETCREDF_UID
+is specified.
+.It Fa sc_ruid
+The ID to set the real user to, if flag
+.Dv SETCREDF_RUID
+is specified.
+.It Fa sc_svuid
+The ID to set the saved user to, if flag
+.Dv SETCREDF_SVUID
+is specified.
+.It Fa sc_gid
+The ID to set the effective group to, if flag
+.Dv SETCREDF_GID
+is specified.
+.It Fa sc_rgid
+The ID to set the real group to, if flag
+.Dv SETCREDF_RGID
+is specified.
+.It Fa sc_svgid
+The ID to set the saved group to, if flag
+.Dv SETCREDF_SVGID
+is specified.
+.It Fa sc_supp_groups_nb
+The size of array
+.Fa sc_supp_groups ,
+if flag
+.Dv SETCREDF_SUPP_GROUPS
+is specified.
+It must be less than or equal to
+.Dv {NGROUPS_MAX} .
+.It Fa sc_supp_groups
+An array of IDs to set the supplementary groups to, if flag
+.Dv SETCREDF_SUPP_GROUPS
+is specified.
+Note that all groups in this array will be set as supplementary groups only, in
+contrast to
+.Xr setgroups 2
+which treats the first element specially as the new effective group, not adding
+it to supplementary groups.
+.It Fa sc_label
+A pointer to a valid MAC label structure, e.g., built with the
+.Xr mac_from_text 3
+function, if flag
+.Dv SETCREDF_MAC_LABEL
+is specified.
+.El
+.Pp
+For forward compatibility and security reasons, it is recommended that users
+always initialize objects of type
+.Vt struct setcred
+with the provided initializer:
+.Dv SETCRED_INITIALIZER .
+.Pp
+The
+.Fa size
+argument must be the size of the passed
+.Fa wcred
+structure.
+.Sh RETURN VALUES
+.Rv -std
+.Sh ERRORS
+The
+.Fn setcred
+system call will fail if:
+.Bl -tag -width Er
+.It Bq Er EINVAL
+Unrecognized flags were passed in
+.Fa flags ,
+or the
+.Fa size
+parameter does not match the size of
+.Vt struct setcred ,
+or the field
+.Fa sc_supp_group_nb
+has a value strictly greater than
+.Dv {NGROUPS_MAX}
+.Po if flag
+.Dv SETCREDF_SUPP_GROUPS
+was supplied
+.Pc ,
+or the MAC label pointed to by field
+.Fa sc_label
+is invalid
+.Po if flag
+.Dv SETCREDF_MAC_LABEL
+was supplied
+.Pc .
+.It Bq Er EFAULT
+The
+.Fa wcred
+pointer, or pointers in fields
+.Fa sc_supp_groups
+.Po if flag
+.Dv SETCREDF_SUPP_GROUPS
+was supplied
+.Pc
+or
+.Fa sc_label
+.Po if flag
+.Dv SETCREDF_MAC_LABEL
+was supplied
+.Pc
+point to invalid locations.
+.It Bq Er EPERM
+The user is not the super-user and/or the requested credentials transition is
+not allowed by the system or MAC modules.
+.It Bq Er EOPNOTSUPP
+Some of the requested credentials have a type that the system does not support.
+This currently can occur only if the kernel has been compiled without MAC and
+.Dv SETCREDF_MAC_LABEL
+has been passed.
+.El
+.Sh SEE ALSO
+.Xr issetugid 2 ,
+.Xr setregid 2 ,
+.Xr setreuid 2 ,
+.Xr setuid 2 ,
+.Xr mac_text 3 ,
+.Xr mac 4 ,
+.Xr mac_do 4 ,
+.Xr maclabel 7
+.Sh STANDARDS
+The
+.Fn setcred
+system call is specific to
+.Fx .
+.Pp
+A call to
+.Fn setcred
+usually changes process credentials that are listed by POSIX/SUS standards.
+The changed values then produce the effects with respect to the rest of the
+system that are described in these standards, as if these changes had resulted
+from calling standard or traditional credentials-setting functions.
+Currently, all flags but
+.Dv SETCREDF_MAC_LABEL
+lead to modifying standard credentials.
+.Pp
+The only differences in using
+.Fn setcred
+to change standard credentials instead of standard or traditional functions are:
+.Pp
+.Bl -bullet -compact
+.It
+All requested changes are performed atomically.
+.It
+Only the super-user or an unprivileged user authorized by some MAC module can
+successfully call
+.Fn setcred ,
+even if the standard system calls would have authorized any unprivileged user to
+effect the same changes.
+For example,
+.Fn seteuid
+allows any unprivileged user to change the effective user ID to either the real
+or saved ones, while
+.Fn setcred
+called with flag
+.Dv SETCREDF_UID
+does not.
+.El
+.Sh HISTORY
+The
+.Fn setcred
+system call appeared in
+.Fx 15.0 .
+.Pp
+Traditionally in UNIX, all credential changes beyond shuffles of effective, real
+and saved IDs have been done by setuid binaries that successively call multiple
+credentials-setting system calls and in a specific order.
+For example, to change all user IDs to that of some unprivileged user,
+.Fn setuid
+must be called last so that all other credentials-changing calls can be
+performed successfully beforehand, as they require super-user privileges.
+.Pp
+This piecewise approach causes such a process to transiently hold high privilege
+credentials that are neither the original nor necessarily the desired final
+ones.
+Besides opening a transition window where possible vulnerabilities could have
+catastrophic consequences, it makes it impossible for the kernel to enforce that
+only certain transitions of credentials are allowed.
+.Pp
+The necessity of an atomic, global approach to changing credentials clearly
+appeared while working on extending
+.Xr mac_do 4
+to allow rules to authorize only specific changes of primary or supplementary
+groups, which prompted the addition of
+.Fn setcred .
+.Sh AUTHORS
+The
+.Fn setcred
+system call and this manual page were written by
+.An Olivier Certner Aq Mt olce.freebsd@certner.fr .
+.Sh SECURITY CONSIDERATIONS
+The same considerations as those of standard or traditional credentials-setting
+system calls apply to
+.Fn setcred ,
+except for the lack of atomicity of successive such calls.
+.Pp
+In particular, please consult section
+.Sy SECURITY CONSIDERATIONS
+of the
+.Xr setuid 2
+manual page about the absence of effect of changing standard credentials on
+already open files.

From nobody Thu Apr  3 19:32:37 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhk0Qmbz5sLt5;
	Thu, 03 Apr 2025 19:32:38 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhj47KJz3Syr;
	Thu, 03 Apr 2025 19:32:37 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708757;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Tpi/vqv8MyXJ1DxIy/bS06Q5AQ1awa47Z0wtmPd2zNY=;
	b=Am8YZPpKC4HvHEfFrFNdtKaswkCp4DI7z29GEsgl9cxoFbj/Si8oOhTE5ml75BQNBHq/pA
	gRjruL/Y+TJD9wHSJGMry1xY62bVmLOY3i5LB1wuvloGA0rndiD1AfMpC6pSnUsdCV/ZkK
	h4EUd0ioHwwpdhwkg/z/Q6B5E+6yUueCKjIrQ8/0xIK33dBibd5xiks18iBJ7CqK6Q2dP2
	coPH+8wOsaXPv8EeqXgmIwW1gzU/B8BzODiOl4xnrWkj48aTx3ShkhO+RGjv/Q8Ppgsbbj
	NAXTS3veY5Ch6p8bsyMDtMEJnnjNSFENDuzKpT3XJurfyrTR0fSlcCwvyDtI6A==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708757; a=rsa-sha256; cv=none;
	b=fyKyj6EIPA0nvHehHqJ9LFrC3VuAWMDRL2//700rRmJ8cRHNW/Bb1OW1Z3E9QvkM76aeOd
	nspXikPhcWcUZ9IR8ugteJEE3tFtYF3tg8UvN+VfDKMkRg7nLF2Ridx5Ypppha++UWmPiO
	+WgWySpPsVFjiIlQ197hzog0khu8726VG8oeL9M+R/T8sBCj87URDYBkRhfIM3aSPJZ8b8
	qKnvVAohURZvMWowEVX3ro2Y9GkkDTWKKAdM7ffB2V+vYJjEJ59lqp3FZoR8b6Xxbm8qfo
	evEf6tp44+1zdxW8/eJOb5wdziam6Vu1omeCB2pFw9tWpiM7MFbi01TjaDuH7w==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708757;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Tpi/vqv8MyXJ1DxIy/bS06Q5AQ1awa47Z0wtmPd2zNY=;
	b=OMr6QHeZ4+zi9FLiAKmW02LKMrIShWHPf5jhN1WWmgib794Hq+QzZGniPNQ2WxUziJrNM4
	+/DuA/Yvf/23AE9bczUUnWqwCKnQqvN7e+IJlBinECIx268GXR7MOEeQvzP8ippH8YSo2r
	4yAuaDVbG7nxLBMZMvR0V4DSt0M+M1EkNFmyc2Cj3EHkxGjjchv+Q1ELC6cywStjawD195
	DJ7V+rM0Wgf8Cc9TQ4oxTFEZMb/xP4wxQs6PpWNCnE5SCbvhibHZ8D5k8W0g56qFLzIfsm
	8+EMX5XWcxYamjU/Thce+GjdVR0+rKno70GMSaK+Ay4qah3Q5wi7Vl/60vmNkw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhj2tXjzpg;
	Thu, 03 Apr 2025 19:32:37 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWbwF040824;
	Thu, 3 Apr 2025 19:32:37 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWb5Q040821;
	Thu, 3 Apr 2025 19:32:37 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:37 GMT
Message-Id: <202504031932.533JWb5Q040821@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: f74cd62b5c71 - stable/14 - mac_do(4): Revamp manual
  page after MAC/do updates
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: f74cd62b5c71796f20c0f8a40b2364fd6b4fc1ee
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=f74cd62b5c71796f20c0f8a40b2364fd6b4fc1ee

commit f74cd62b5c71796f20c0f8a40b2364fd6b4fc1ee
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-12-19 21:13:12 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:07 +0000

    mac_do(4): Revamp manual page after MAC/do updates
    
    The new manual page in particular describes MAC/do's new rules syntax
    and the jail support, as well as security considerations explaining the
    overall design and how to leverage it in the most secure fashion.
    
    Reviewed by:    bapt, otis, Alexander Ziaee <concussious@runbox.com> (in part)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D48153
    
    (cherry picked from commit bc201841d13928c2a088fb07ac0a010b36eafa13)
---
 share/man/man4/mac_do.4 | 460 +++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 417 insertions(+), 43 deletions(-)

diff --git a/share/man/man4/mac_do.4 b/share/man/man4/mac_do.4
index aa84a71b4953..9a9f669cd51c 100644
--- a/share/man/man4/mac_do.4
+++ b/share/man/man4/mac_do.4
@@ -1,38 +1,274 @@
 .\"-
+.\" SPDX-License-Identifier: BSD-2-Clause
+.\"
 .\" Copyright (c) 2024 Baptiste Daroussin <bapt@FreeBSD.org>
+.\" Copyright (c) 2024 The FreeBSD Foundation
 .\"
-.\" SPDX-License-Identifier: BSD-2-Clause
+.\" Portions of this documentation were written by Olivier Certner
+.\" <olce@FreeBSD.org> at Kumacom SARL under sponsorship from the FreeBSD
+.\" Foundation.
 .\"
-.Dd May 22, 2024
+.Dd December 19, 2024
 .Dt MAC_DO 4
 .Os
 .Sh NAME
 .Nm mac_do
-.Nd "policy allowing user to execute program as another user"
+.Nd "policy allowing unprivileged users to change process credentials"
 .Sh SYNOPSIS
 To compile the
-.Nm
-policy into your kernel, place the following lines
-in your kernel configruation file:
+.Sy mac_do
+policy into your kernel, place the following lines in your kernel configuration
+file:
 .Bd -ragged -offset indent
 .Cd "options MAC"
 .Cd "options MAC_DO"
 .Ed
+.Pp
+Alternately, to load this policy module at boot time, place the following line
+in your kernel configuration file:
+.Bd -ragged -offset indent
+.Cd "options MAC"
+.Ed
+.Pp
+and in
+.Xr loader.conf 5 :
+.Bd -literal -offset indent
+mac_do_load="YES"
+.Ed
 .Sh DESCRIPTION
 The
 .Nm
-policy grants users the ability to run processs as other users
-according to predefined rules.
+policy module allows unprivileged users to change process credentials according
+to rules configured by the administrator.
+It supports per-jail configuration.
+.Pp
+Currently, the
+.Nm
+policy module only produces effects to processes spwaned from the
+.Pa /usr/bin/mdo
+executable, please see
+.Xr mdo 1
+for more details on this program.
+.Sh CREDENTIALS RULES
+Rules specify which transitions of process credentials
+.Nm
+will allow, based on current process credentials and the desired final ones.
+They are passed by an administrator in the form of a string having the specific
+syntax described below in a top-bottom manner.
+They have been designed to be able to finely describe the desired target
+credentials in a safe and compact way.
+.Ss Top-Level List of Rules
+At the top, rules are a possibly empty list of individual rules separated by
+a semi-colon
+.Pq Ql ";" :
+.Dl Ao rules Ac \ ⟶\  Oo Ao rule Ac Oo So ";" Sc Ao rule Ac Oc Ns * Oc
+They form a disjunction, i.e.,
+.Nm
+authorizes a credentials transition as soon as at least one rule in the list
+matches.
 .Pp
-The exact set of kernel privileges granted are:
-.Bl -inset -compact -offset indent
-.It Dv PRIV_CRED_SETGROUPS
-.It Dv PRIV_CRED_SETUID
+One rule is composed of a
+.Li Aq from
+part
+.Pq also called Dq match
+and a
+.Li Aq to
+part
+.Pq also called Dq target ,
+in this order, separated by a colon
+.Pq Ql ":" :
+.Dl Ao rule Ac \ ⟶\  Ao from Ac So ":" Sc Ao to Ac
+.Ss Rule's Ao from Ac Part
+The first part of a rule,
+.Li Aq from ,
+is matched against the credentials of the process requesting some credentials
+transition.
+It has the form:
+.Dl Ao from Ac \ ⟶\  Ao type Ac So = Sc Ao id Ac
+.Pp
+.Li Aq type
+must be:
+.Dl Ao type Ac \ ⟶\  Op So uid Sc | So gid Sc
+i.e., one of the literal strings
+.Ql uid
+or
+.Ql gid .
+.Li Aq id
+must be the numerical ID of a user or group, and is matched with the current
+process real ID of the corresponding type.
+.Ss Rule's Ao to Ac Part
+The second part of a rule,
+.Li Aq to ,
+is a comma-separated
+.Pq Ql ","
+non-empty list of target clauses:
+.Dl Ao to Ac \ ⟶\  Ao target_clause Ac Oo So "," Sc Ao target_clause Ac Oc Ns *
+Target clauses of a given rule also form a disjunction, i.e., the IDs they
+specify are alternatives for the target credentials, except in some cases
+described below.
+.Pp
+The next subsections describe the syntax of target clauses, the defaults that
+apply and the principle of non-redundancy and non-contradiction in each rule's
+.Li Aq to
+part.
+.Ss Target Clauses
+A target clause in a rule's
+.Li Aq to
+part must be of one of the following forms:
+.Dl Ao target_clause Ac \ ⟶\  So any Sc
+.Dl Ao target_clause Ac \ ⟶\  Ao flags Ac Ao type Ac So = Sc Ao id Ac
+The first form is a compact way to specify that any target credentials are
+allowed.
+The second form is similar to that of
+.Li Aq from
+clauses, with the following extensions:
+.Bl -bullet -compact
+.It
+.Li Aq id
+may also be a literal
+.Ql *
+or
+.Ql any
+or
+.Ql "." .
+.Ql *
+and
+.Ql any
+both designate any ID for the specified
+.Li Aq type ,
+and are treated identically.
+.Ql "."
+designates the process' current IDs for the specified
+.Li Aq type ,
+as explained below.
+.It
+.Li Aq flags
+may contain at most one of the
+.Ql + ,
+.Ql -
+and
+.Ql "!"
+characters, and may be non-empty only when
+.Li Aq type
+is
+.Ql gid .
+Additionally, if
+.Li Aq id
+is
+.Ql *
+or
+.Ql any ,
+only the
+.Ql +
+flag may appear.
+.El
+.Pp
+For target clauses of
+.Ql gid
+type, an absence of flag indicates that the specified group ID is allowed as the
+real, effective and/or saved group IDs
+.Pq the Do primary Dc groups .
+Conversely, the presence of any allowed flag indicates that the specification
+concerns supplementary groups.
+Each flag has a specific meaning:
+.Bl -bullet -compact
+.It
+.Ql +
+indicates that the group ID is allowed as a supplementary group.
+.It
+.Ql "!"
+indicates that the group ID is mandatory, i.e., it must be listed in the
+supplementary groups.
+.It
+.Ql -
+indicates that the group ID must not be listed in the supplementary groups.
 .El
+A specification with
+.Ql -
+is only useful in conjunction with a
+.Ql + Ns
+-tagged specification where only one of them has
+.Ql "."
+as its
+.Li Aq id .
+Target clauses having the
+.Ql "!"
+or
+.Ql -
+flag are
+.Dq forcing
+clauses, and as such do not take part in the disjunction of the other
+target clauses but rather unconditionally apply in their rule.
+.Pp
+.Ql "."
+is a placeholder for IDs that the calling process already has on privilege
+check.
+For type
+.Ql uid ,
+it designates any of the process' real, effective or
+saved user IDs.
+For type
+.Ql gid ,
+its effect depends on whether flags are present.
+If none is present, it designates any of the process' real, effective or saved
+group IDs.
+If one is present, it designates any of the process' supplementary groups.
+.Ss Defaults for the Ao to Ac Part
+If the
+.Li Aq to
+part does not list a target clause with type
+.Ql uid ,
+any of the current user IDs of the calling process is accepted.
+In other words, in this case,
+.Nm
+behaves as if a target clause of:
+.Dl uid=.
+had been listed.
 .Pp
+Similarly, if the
+.Li Aq to
+part does not list a target clause with type
+.Ql gid ,
+all the groups of the calling process are assumed to be required.
+More precisely, each of the desired real, effective and saved group IDs must be
+one of the current real, effective or saved group ID, and all supplementary
+groups must be the same as those that are current.
+It is as if the
+.Li Aq to
+part had contained the following two clauses:
+.Dl gid=.,!gid=.
+.Ss Non-Redundancy and Non-Contradiction in a Ao to Ac Part
+No two target clauses of a single rule may express the exact same logical intent
+nor contradictory ones.
+.Pp
+In practice, no two clauses may display the same ID except for group IDs but
+only if, each time the same ID appears, it does so with a different flag, or no
+flags only once.
+Additionally, the specified flags in multiple occurences must not be
+contradictory.
+For example, the same group ID appearing with both
+.Ql +
+and
+.Ql -
+will cause rejection of the rule.
+.Ss Parsing Specifics
+Any amount of whitespace is allowed around tokens of the above grammar, except
+that there may be no spaces between
+.Li Aq flags
+and
+.Li Aq id
+in target clauses.
+.Pp
+For convenience, numerical IDs may be specified as negative integers, which are
+then converted to unsigned ones as specified in the C standard for the
+.Vt uid_t
+and
+.Vt gid_t
+types, which are both 64-bit unsigned integers.
+.Sh RUNTIME CONFIGURATION
 The following
 .Xr sysctl 8
-MIBs are available:
+knobs are available:
 .Bl -tag -width indent
 .It Va security.mac.do.enabled
 Enable the
@@ -40,39 +276,177 @@ Enable the
 policy.
 (Default: 1).
 .It Va security.mac.do.rules
-The set of rules.
+The list of credential rules, whose syntax is described in the
+.Sx CREDENTIALS RULES
+section above.
+This list is specific to each jail.
+Please see the
+.Sx JAIL SUPPORT
+section below for more details on the interaction of
+.Nm
+with jails.
+.It Va security.mac.do.print_parse_error
+Logs a message on trying to set incorrect rules via the
+.Va security.mac.do.rules
+.Xr sysctl 8
+knob.
 .El
+.Sh JAIL SUPPORT
+.Nm
+supports per-jail configuration of rules.
 .Pp
-The rules consist of a list of elements separated by
-.So , Sc .
-Each element is of the form
-.Sm off
-.Do
-.Op Cm uid | Cm gid
-.Li =
-.Ar fid
-.Li :
-.Ar tid
-.Dc
-.Sm on .
-Where
-.Ar fid
-is the uid or gid of the user or group the rule applies to, and
-.Ar tid
-is the uid of the targetted user.
-Two special forms are accepted for
-.Ar tid :
-.Va any
-or
-.Va * ,
-which allow to target any user.
-.Sh EXAMPLES
-The following rule:
+By default, at creation, a new jail has no credentials rules, effectively
+disabling
+.Nm
+for its processes.
 .Pp
-.Dl security.mac.do.rules=uid=1001:80,gid=0:any
+The following jail parameters are defined:
+.Bl -tag -width indent
+.It Va mac.do
+Possible values are:
+.Bl -tag -width "'disable'" -compact
+.It Ql enable
+.Nm
+will enforce specific credential rules in the jail.
+The
+.Va mac.do.rules
+jail parameter must also be set in this case.
+.It Ql disable
+Disables
+.Nm
+in the jail.
+Strictly equivalent to jail creation's default behavior and to setting the rules
+to an empty string.
+.It Ql inherit
+The jail's credentials rules are inherited from the jail's parent
+.Pq which may themselves have been inherited .
+Modified rules propagate to all children jails configured for inheritance.
+.El
+.It Va mac.do.rules
+The credentials rules for the jail.
+It is always equal to the value that can be retrieved by the
+.Xr sysctl 8
+knob
+.Va security.mac.do.rules
+described in section
+.Sx RUNTIME CONFIGURATION .
+If set, and the jail parameter
+.Va mac.do
+is not so explicitly, the value of the latter will default to
+.Ql disable
+if empty, else to
+.Ql enable .
+.El
 .Pp
-means the user with the uid 1001 can execute processes as user with uid 80,
-all the users which belongs to the group gid 0 can execute processes as any user.
+Each jail must have
+.Xr mdo 1
+installed at path
+.Pa /usr/bin/mdo ,
+as this path is currently not configurable.
+.Sh EXAMPLES
+Here are several examples of single rules matching processes having a real user
+ID of 10001:
+.Bl -tag -width indent
+.It Li uid=10001:uid=10002
+Allows the process to switch any of its real, effective or saved user ID to
+10002, but keeping the groups it is already in, and with the same
+primary/supplementary groups split.
+.It Li uid=10001:uid=10002,uid=10003
+Same as the first example, but also allows to switch to UID 10003 instead of
+10002.
+.It Li uid=10001:uid=10002,gid=10002
+Same as the first example, but the new primary groups must be set to 10002 and
+no supplementary groups should be set.
+.It Li uid=10001:uid=10002,gid=10002,+gid=.\&
+Same as the previous example, but in addition allowing to retain any current
+supplementary groups.
+.It Li uid=10001:uid=10002,gid=10002,!gid=.\&
+Same as the previous example, but with the additional constraint that all
+current supplementary groups must be kept.
+.It Li uid=10001:uid=10002,gid=10002,+gid=.,-gid=10001
+Same as
+.Ql uid=10001:uid=10002,gid=10002,+gid=.\&
+above, but 10001 cannot be retained as a supplementary group.
+.It Li uid=10001:uid=10002,gid=10002,+gid=.,!gid=10003
+Same as
+.Ql uid=10001:uid=10002,gid=10002,+gid=.\&
+above, with the additional constraint that 10003 must appear in the
+supplementary groups.
+.It Li uid=10001:uid=10002,gid=*,+gid=*
+Same as the first example, but lifting any constraints on groups, allowing the
+process to become part of any groups it sees fit.
+.El
+.Pp
+Here are several examples of single rules matching processes having a real group
+ID of 10001:
+.Bl -tag -width indent
+.It Li gid=10001:uid=0
+Makes 10001 a more powerful
+.Ql wheel
+group, allowing its members to switch to root without password.
+.It Li gid=10001:gid=10002
+Allows the process to enter GID 10002 as a primary group, but only if
+giving up all its supplementary groups.
+.It Li security.mac.do.rules=gid=10001:gid=10002,+gid=.\&
+Same as the previous example, but allows to retain any current supplementary
+groups.
+.It Li gid=10001:gid=10002,!gid=.\&
+Same as the previous example, but with the additional constraint that all
+current supplementary groups must be kept.
+.El
 .Sh SEE ALSO
 .Xr mdo 1 ,
-.Xr mac 4
+.Xr setcred 2 ,
+.Xr mac 4 ,
+.Xr jail 8 ,
+.Xr sysctl 8
+.Sh AUTHORS
+.An Olivier Certner Aq Mt olce@FreeBSD.org
+.An Baptiste Daroussin Aq Mt bapt@FreeBSD.org
+.Sh BUGS
+Currently,
+.Nm
+considers only credentials transitions requested through the
+.Xr setcred 2
+system call.
+This system call was in large part created so that
+.Nm
+can see whole credentials transitions to decide whether to authorize them, which
+the traditional UNIX's piecewise approach of successively changing different
+parts of them cannot allow.
+.Pp
+However, calls to traditional or standard credentials-changing functions can be
+considered as full transitions on their own, however limited, and as such should
+be equally monitored by
+.Nm .
+Future work will lift this restriction.
+.Sh SECURITY CONSIDERATIONS
+The threat model for
+.Nm
+is to consider userland programs as generally untrustable to decide upon which
+credentials changes are acceptable.
+It is in contrast with the traditional UNIX way to change credentials, in which
+specialized programs are installed with the setuid bit, giving them full
+administrator privileges so that they are effectively able to establish new
+ones.
+Vulnerabilities in such credentials-changing programs can have catastrophic
+consequences on the integrity of the system.
+.Pp
+Consequently,
+.Nm
+does not rely on companion userland programs to decide whether some credentials
+transition is acceptable.
+Instead, it maintains its own configuration independently from the userland
+password and group databases.
+Establishing this configuration currently itself relies on userland programs
+issuing calls to
+.Xr sysctl 3
+or
+.Xr jail 2 .
+It should thus be established near system boot or jail start, before any
+possible attacks could happen on the system, and further measures should be
+taken to ensure that potential corruptions does not affect the configuration in
+subsequent restarts, such as re-establishing pristine state or ensuring that the
+boot procedure up to the configuration of
+.Nm
+can be trusted.

From nobody Thu Apr  3 19:32:38 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhl0fQdz5sMGD;
	Thu, 03 Apr 2025 19:32:39 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhk5F5wz3TBl;
	Thu, 03 Apr 2025 19:32:38 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708758;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=uFnDleLQJnZt7SbTRbwI1gNXIdHdsoT27JanbnCyrP8=;
	b=AGtRUEYSkKyvyE+t/qB/cWdpHnajL7qvD167cU8jysqqp/U5zi6HXXbSV5gjY09LwcJAWj
	hPY8WUG68vn2iMRHNRxv/y9wLtGGdJ1/Sn8P2wcapbliv70aGEiTgLGsmw2XtQXyF2rDMs
	OFEmpWaVkx0MAuzB+cnsRj5WvKhBAPRRt6YkTAVpUktZHWGSn2DMnEWkYqw5GULsWTH0dL
	kAyLTkX0Fk/3WhK+j9xtOzlplew3Ao4Smw544hbkMWvptNXKdn3+g3j3KItHwBxtf2xAgB
	Zx9MbmmcGCsSJUgLN805NcdUTSsYd+gvZQo00urhshDBfxdsT69knV5vi9wCvA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708758; a=rsa-sha256; cv=none;
	b=Uimk91Ww2BU2PbahE9vJcLxqhRRprLfQaCCksiDzewa5Rt9nPYIjJ4Gwm6Kb7YgFDCnB2E
	1eNsyU+He/BolBCkuDIokYOXttXUQttsmzR/oK5ski8n0HPDS4l2Gw8Ym38s1GzOayI/MD
	tEHP0k5EfGldX7jL0S0Fn3ed72GtO4MalDS9sLG/mAU8BcO3wdaAFY1VTzSkVZxNdFYgQp
	o1kWXrq0LdfJ7UMMJ4qXDYBBqOP9zOXY0ELdOzBj5UyrLWIVBbyozf5bh2KkJ8VlbOJOSp
	rjag64xxW3E1r63izfM12F4uE+e6F98DU4pGi3GE0iz65MHzL4v1JlzHOVaO7A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708758;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=uFnDleLQJnZt7SbTRbwI1gNXIdHdsoT27JanbnCyrP8=;
	b=gIVAMpXZMR34p2aT+DdpKc9eFRBkfhgf4Q67oiVISaN5icLzLqUU3W9QcHrwRI/PWobZvW
	yVQo01EFek4DUPr5dRAZilHoSSwqTzdt4revbs0Upq4xRIPPWMxPBQTPpaLzfzmIDwmBXt
	4C0JQeogg4YiiJDbx45+8jXuc76O1ROoKa1nU5p+D+6AgM1D2fFobSiXrSYtwTNxtSHrUs
	VdUQbM50E0E070EiNqCpDtuMI56dCsoMmHo8+/ApNxlYUnHU4/NGo2SMqe/E3tnsmp3BOv
	KHqcY2ValNnQ25cbk3uRvv8J9sDoFgoHPVcbQb/+ZkfCgIg97Ej31GrIH60i/A==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhk3wFkz1Cm4;
	Thu, 03 Apr 2025 19:32:38 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWcJE040858;
	Thu, 3 Apr 2025 19:32:38 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWcHK040855;
	Thu, 3 Apr 2025 19:32:38 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:38 GMT
Message-Id: <202504031932.533JWcHK040855@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 3aa59485c449 - stable/14 - mac(4): Mention mac_do(4)
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 3aa59485c449f49cceb5bbb2f3602a1708b14604
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=3aa59485c449f49cceb5bbb2f3602a1708b14604

commit 3aa59485c449f49cceb5bbb2f3602a1708b14604
Author:     Juraj Lutter <otis@FreeBSD.org>
AuthorDate: 2024-12-30 18:02:58 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:31:07 +0000

    mac(4): Mention mac_do(4)
    
    Mention also mac_do(4) in the mac(4) manual page.
    
    Reviewed by:    bapt
    Differential Revision: https://reviews.freebsd.org/D48255
    
    (cherry picked from commit 4c0435d919b1059a449d97d74abc251c6f526588)
---
 share/man/man4/mac.4 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/share/man/man4/mac.4 b/share/man/man4/mac.4
index 006922a17f2b..134086139f53 100644
--- a/share/man/man4/mac.4
+++ b/share/man/man4/mac.4
@@ -28,7 +28,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd July 25, 2023
+.Dd December 30, 2024
 .Dt MAC 4
 .Os
 .Sh NAME
@@ -54,6 +54,7 @@ Currently, the following MAC policy modules are shipped with
 .It Xr mac_biba 4 Ta "Biba integrity policy" Ta yes Ta boot only
 .It Xr mac_bsdextended 4 Ta "File system firewall" Ta no Ta any time
 .It Xr mac_ddb 4 Ta "ddb(4) interface restrictions" Ta no Ta any time
+.It Xr mac_do 4 Ta "Change command's uid/gid" Ta no Ta any time
 .It Xr mac_ifoff 4 Ta "Interface silencing" Ta no Ta any time
 .It Xr mac_ipacl 4 Ta "IP Address access control" Ta no Ta any time
 .It Xr mac_lomac 4 Ta "Low-Watermark MAC policy" Ta yes Ta boot only
@@ -203,6 +204,7 @@ man page.
 .Xr mac_biba 4 ,
 .Xr mac_bsdextended 4 ,
 .Xr mac_ddb 4 ,
+.Xr mac_do 4 ,
 .Xr mac_ifoff 4 ,
 .Xr mac_ipacl 4 ,
 .Xr mac_lomac 4 ,

From nobody Thu Apr  3 20:00:02 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTCJL4Bv8z5sPPJ;
	Thu, 03 Apr 2025 20:00:02 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTCJL3BQSz3jsN;
	Thu, 03 Apr 2025 20:00:02 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743710402;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Nj+qNxf1ZnF7oOPUGKOYKGvnkQNvQabKs/wHxLwb3HQ=;
	b=p2usyuAL1V9oyXNb3wJMRRwUufaxKTwsYC1qKZVmSlmul/G3SvztxxqhLD/EE4Ii6puWwZ
	Ehc8WSDCzk1aqJ71pHIf4otcnppc4j9Ck0IG6lD6WCr9t/RE9pXeTaVTt86HvldiamUaji
	GY8cUVqaNp2g+Byw6j/d9/uUJnQfEqltEljgEDqJXPgdeqMSJzKwJN5LXpnV8/3HdLbXsX
	70YvMTjTB/JOZ8J4lwXR5fayqpsIWwfUGQFi1pZmnHyXMsM5wyeKGw48cl8nukgPRoxrt0
	T5w1+wIJWfOg0OTzMXF6F9FJyZr4YcfVp9l5IfBJgx/u+B05N+w1kJ3Sl2RwwA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743710402; a=rsa-sha256; cv=none;
	b=a5I3p+aalKV1QeEYo2z6Tg4TwUHFvTEV8KMmGVjh5JfhESiu7+gN1ovCn8x25naQShyMhT
	gaPvzc8VI4uSzYve6SFX9DUWT3VXxt2UNMkFDRSUjkkNbF8VlQ0Ik+D2+TI6YLQiHzWsy7
	92Wynn4UAQQXZmFuFSYaaBzD3vSggd3Cy3uWYuUNf46Dq1lmwuz6YL99wHHd6xQ9DcZlB5
	0JgUPBiCfoT33O+5Ke0xTWu+1BU2iqR2apCgKYR2t8+f+7XclxkyGlLOG483RS/34rA3FI
	ezKhJ61MVuHs/0O5m1THNy/gW35RaC6Qkw+0C7nPIHsuOKENCnbC9tUaQk4FSQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743710402;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Nj+qNxf1ZnF7oOPUGKOYKGvnkQNvQabKs/wHxLwb3HQ=;
	b=hyaVJFB0zwN7BFmUJsSeTq15xb3JvXCzA9Hx+LlDJhBsMPu15D4P4D4QqpU79ySB9bNNHC
	UYlg3skTyVoygTlspr34tFNoKSgP9H1uTKLpPHdmt95V1h43QWm0D4MKMWr9oDQfUFdlWO
	1poiXZ1X85o3vsM9IAZJhpvfysBvw1ldnULSMfrIj++Ln/1xQtK1PJb/A2Sy7sHK0ug9Sf
	3UQ9TnpHAH0PkdTmUiMYyjFtMlBuMhUaXcc6m8OC6vGPVHOKSpOzPu0whupoRICxS8rEab
	MziKLMilcy0zPAdSBrfWBN8k4Ox5hQTmAM2SjiQp/KR09ncDqBSNGSImntqExA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTCJL2cD1z1MT;
	Thu, 03 Apr 2025 20:00:02 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533K02Ma083498;
	Thu, 3 Apr 2025 20:00:02 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533K028N083492;
	Thu, 3 Apr 2025 20:00:02 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 20:00:02 GMT
Message-Id: <202504032000.533K028N083492@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Eric Joyner <erj@FreeBSD.org>
Subject: git: f034ddd2fa38 - stable/14 - igc(4): Fix attach for
  I226-K and LMVP devices
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: erj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: f034ddd2fa38cb2b0e3d16059cb059626a770e19
Auto-Submitted: auto-generated

The branch stable/14 has been updated by erj:

URL: https://cgit.FreeBSD.org/src/commit/?id=f034ddd2fa38cb2b0e3d16059cb059626a770e19

commit f034ddd2fa38cb2b0e3d16059cb059626a770e19
Author:     Eric Joyner <erj@FreeBSD.org>
AuthorDate: 2025-02-26 17:19:38 +0000
Commit:     Eric Joyner <erj@FreeBSD.org>
CommitDate: 2025-04-03 19:59:47 +0000

    igc(4): Fix attach for I226-K and LMVP devices
    
    Summary:
    The device IDs for these were in the driver's list of PCI ids to attach
    to, but igc_set_mac_type() had never been setup to set the correct mac
    type for these devices. Fix this by adding these IDs to the switch block
    in order for them to be recognized by the driver instead of returning an
    error.
    
    This fixes the igc(4) attach for the I226-K LOM on the ASRock Z790
    PG-ITX/TB4 motherboard, allowing it to be recognized and used.
    
    Signed-off-by: Eric Joyner <erj@FreeBSD.org>
    
    Reviewed by:    kbowling@
    Relnotes:       yes
    Differential Revision: https://reviews.freebsd.org/D49147
    
    (cherry picked from commit 7ee310c80ea7b336972f53cc48b8c3d03029941e)
---
 sys/dev/igc/igc_api.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sys/dev/igc/igc_api.c b/sys/dev/igc/igc_api.c
index 9e91e7a4c73f..da499274fca4 100644
--- a/sys/dev/igc/igc_api.c
+++ b/sys/dev/igc/igc_api.c
@@ -109,6 +109,8 @@ s32 igc_set_mac_type(struct igc_hw *hw)
 	case IGC_DEV_ID_I220_V:
 	case IGC_DEV_ID_I225_K2:
 	case IGC_DEV_ID_I225_LMVP:
+	case IGC_DEV_ID_I226_K:
+	case IGC_DEV_ID_I226_LMVP:
 	case IGC_DEV_ID_I225_IT:
 	case IGC_DEV_ID_I226_LM:
 	case IGC_DEV_ID_I226_V:

From nobody Thu Apr  3 20:02:18 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTCLz0Zf7z5sPFd;
	Thu, 03 Apr 2025 20:02:19 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTCLy6xj8z3kTv;
	Thu, 03 Apr 2025 20:02:18 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743710539;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Be1L65/bfKMHtbpecN4PMXAS0Iokd//1H0zq+776LFE=;
	b=omnovEcIm+gY23NhNGLXnzX6UJ8FNhm5XJurPOeoi6WtMRf9wW33E2tmw6ECf5nU8FopED
	l22nd2+FU2hRx0DfBrRGWBTU8eB7bXVWI6A6Ff0XQJ3k9DScIVV/3MxTzmqKtIDAIe5AxW
	x8fQWxgrI/VZwiL28Wmp8IWIV1mcnzVNneFFUmnQVsfZenes1C1rLyc0ps3cOmu4n7UvJ6
	mt6v4fkDUBfNJO/v5tDj05Of5lYNX/LBu6SW5tndWTa/OGs89byAOvB+wDJA4LQUENNadd
	Onqf4gINpHaSbklHe0N7sBCg0shBCX3NYfkh2s36/O0NIw2fCuSl86WDUhKUgw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743710539; a=rsa-sha256; cv=none;
	b=uV5d2tc36UQEN8LJlVSj+uFTicIGoUd4A/Q8kDkSESFIeg/Vt/s4I3BWSZdRsNeLAxdwYr
	yBZmyzseEsQUO1l3T0KnRIgSAHpMcZw25gVZHjdoCXjpJI9lP/4yxnXeEDIqKqUJKXXCuo
	V3IsXQck2SQYIh6b0LSgNZcV20PqmKVgNdPRKysJrE24vXOko1c3/EnoJwgu+tWW3o9HH6
	abfCrHiXemtznmbD2eZqITbaSKbJx2n+O4Onjxsaz8KkBHxJZrYFGmNShbjgPpSEt810nQ
	EOy0QvwGySrt0y8L+FwPxuT9qPD+Al9sF0dfYifMw5ybh3G9LcdbX4f9O2O0dQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743710539;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Be1L65/bfKMHtbpecN4PMXAS0Iokd//1H0zq+776LFE=;
	b=OthobKEPNBxKvGH9n3od9VkLfGMJChCpBgUKz3Ph0nlVKA/fjH1are3BZfjHlKXwyQqdet
	ZnTYnPYjDtnYpUn7JzE2FKa7okHu/84MX6ZyYpPf6lG/GLmismOSYaugagDdVtJYEEvHLS
	a3PRQslZLmSOQD2lw8ANhCgxe3MIJGMdlkEUHeC3Q8nh8civJ8hlIpnGfh4U9zlGzsTpuC
	b9KD/NSfyVrAgTqYnf1Iz8Jocjv/V1eGGsGdVMUxHeM4e8DjlCeHPXKvcl8Nwd/yMl40fD
	PTwXfOORceF/DnH9ptyvK1PDrpeg8xpVjmPgfGszJQ2cO9FPRt6p4iDcHX1hIQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTCLy6XzMz1ZV;
	Thu, 03 Apr 2025 20:02:18 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533K2IJB096625;
	Thu, 3 Apr 2025 20:02:18 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533K2IcZ096622;
	Thu, 3 Apr 2025 20:02:18 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 20:02:18 GMT
Message-Id: <202504032002.533K2IcZ096622@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Eric Joyner <erj@FreeBSD.org>
Subject: git: 5ae5f71d505c - stable/13 - igc(4): Fix attach for
  I226-K and LMVP devices
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: erj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 5ae5f71d505ccddc7de235d3f9e3d9bdb03dd454
Auto-Submitted: auto-generated

The branch stable/13 has been updated by erj:

URL: https://cgit.FreeBSD.org/src/commit/?id=5ae5f71d505ccddc7de235d3f9e3d9bdb03dd454

commit 5ae5f71d505ccddc7de235d3f9e3d9bdb03dd454
Author:     Eric Joyner <erj@FreeBSD.org>
AuthorDate: 2025-02-26 17:19:38 +0000
Commit:     Eric Joyner <erj@FreeBSD.org>
CommitDate: 2025-04-03 20:00:25 +0000

    igc(4): Fix attach for I226-K and LMVP devices
    
    Summary:
    The device IDs for these were in the driver's list of PCI ids to attach
    to, but igc_set_mac_type() had never been setup to set the correct mac
    type for these devices. Fix this by adding these IDs to the switch block
    in order for them to be recognized by the driver instead of returning an
    error.
    
    This fixes the igc(4) attach for the I226-K LOM on the ASRock Z790
    PG-ITX/TB4 motherboard, allowing it to be recognized and used.
    
    Signed-off-by: Eric Joyner <erj@FreeBSD.org>
    
    Reviewed by:    kbowling@
    Relnotes:       yes
    Differential Revision: https://reviews.freebsd.org/D49147
    
    (cherry picked from commit 7ee310c80ea7b336972f53cc48b8c3d03029941e)
---
 sys/dev/igc/igc_api.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sys/dev/igc/igc_api.c b/sys/dev/igc/igc_api.c
index 9e91e7a4c73f..da499274fca4 100644
--- a/sys/dev/igc/igc_api.c
+++ b/sys/dev/igc/igc_api.c
@@ -109,6 +109,8 @@ s32 igc_set_mac_type(struct igc_hw *hw)
 	case IGC_DEV_ID_I220_V:
 	case IGC_DEV_ID_I225_K2:
 	case IGC_DEV_ID_I225_LMVP:
+	case IGC_DEV_ID_I226_K:
+	case IGC_DEV_ID_I226_LMVP:
 	case IGC_DEV_ID_I225_IT:
 	case IGC_DEV_ID_I226_LM:
 	case IGC_DEV_ID_I226_V:

From nobody Fri Apr  4 00:54:37 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTKrG1cp5z5slcJ;
	Fri, 04 Apr 2025 00:54:38 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTKrF5Vtlz3JkY;
	Fri, 04 Apr 2025 00:54:37 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743728077;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=tYo98Vl+ADvPPoQY7Z/lGIecz9njknaRRm41ou9kUI8=;
	b=TNyzRfIVqdLqIEQSMY/xEjK/t0fUOLxW1iCZmVdNDON6leo5jPD60kxt9DZM/A+Hlle625
	HOAe7xPG6Sozuin/rn7x/Xr/7NxOm92ij3nuHVBwiye7LGYD4+2KSkDnZAOa3nIlkxbekl
	fbnVzIArz8RazMEyK2i26MABxLNbFeLMYei4BOYtSwFkQJhD7cRF+Gi15tnBD3zGOB96bc
	rJ2OFY+QqqyGl0vPraddDcx4tjNh4xnq4A8znd5Mofktib47axbRjvwimP0DA31tT9t+J6
	2Ke9P5gZcWis5T2dHyOljs1nvIxWKBPc7d83UI3+5EulJrtCIhxkdQI5iOjxnw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743728077; a=rsa-sha256; cv=none;
	b=j567HELQ/Nx//KxVh9F0KcXxdRs+KkezjM0VLE4MiT7m13ettRrvfLDQ5oXDqb4+cKOTMU
	l7+ULl4n70zQJYsUC6EKMvk7ECAS3nxPvDdZ5IaLpCYiLrh3ZhW0yT+9dwO1jjspZYU+ql
	HW0pDItxJ80qi6mz1ZtIAcma5qO9i8jQWa/ZMlfAI0PCAhbYzu8lOa1fqGuRwk3G1tqbI1
	ZvVwqlmcSfNJP2yRZZxqN9z+cGyzH8cTXqRvZgDM+5fZhaaTEkHfZK2SDgBTLCeXnuQdL5
	URAAfGM/NVaGZavX7juhxlvW0hwghRZsR9aMt6Q2yrwg2rEAF67CJ4EMCvMDyA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743728077;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=tYo98Vl+ADvPPoQY7Z/lGIecz9njknaRRm41ou9kUI8=;
	b=wyT3kIm6u5M6NoIxFcnPL3tWDedVT/VvpdotXaz5ekRpu+TyzKwOQYnPKpwTiGNIeIRtvk
	YlXMkS9UTVjQDu58jWEprhZBeYHtGM6z5dLLn0nWc4oMbB28OyQseFkOb5YUXX+3Y6whhy
	Ca5z4tGL6gXnbMhbzB/ryrBVnNDn6EBDzkve9Lk4nNryoNAP8vPWxb0EI9YbY3p2FhWlyj
	cbq2AKX/Q5ITAJp7C/deENIA5Kmnyydrq2bCg2ioJ6+K76zeAS3fJEH0HslURA86vcUp+M
	prWFdc7BRmuGKzdfBAUrp/yVvU1++GtrFyf2ezTg/dr2u4yK7tuhDNHKIzU/6Q==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTKrF51Lpz8Nl;
	Fri, 04 Apr 2025 00:54:37 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5340sbxG037608;
	Fri, 4 Apr 2025 00:54:37 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5340sbm6037605;
	Fri, 4 Apr 2025 00:54:37 GMT
	(envelope-from git)
Date: Fri, 4 Apr 2025 00:54:37 GMT
Message-Id: <202504040054.5340sbm6037605@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Konstantin Belousov <kib@FreeBSD.org>
Subject: git: 53b2f30f9090 - stable/14 - bhyve: style, add comma
  to the last line of designated initializer
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kib
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 53b2f30f9090f15a51251b8c1f86de489cd5c4b8
Auto-Submitted: auto-generated

The branch stable/14 has been updated by kib:

URL: https://cgit.FreeBSD.org/src/commit/?id=53b2f30f9090f15a51251b8c1f86de489cd5c4b8

commit 53b2f30f9090f15a51251b8c1f86de489cd5c4b8
Author:     Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2023-12-19 15:57:43 +0000
Commit:     Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2025-04-04 00:54:06 +0000

    bhyve: style, add comma to the last line of designated initializer
    
    (cherry picked from commit 299bb57d9b71be2b033a92033268d8b1c732e4fe)
---
 sys/amd64/vmm/amd/amdvi_hw.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/amd64/vmm/amd/amdvi_hw.c b/sys/amd64/vmm/amd/amdvi_hw.c
index 2707109ce587..a82d55e4c9fb 100644
--- a/sys/amd64/vmm/amd/amdvi_hw.c
+++ b/sys/amd64/vmm/amd/amdvi_hw.c
@@ -1379,5 +1379,5 @@ const struct iommu_ops iommu_ops_amd = {
 	.remove_mapping = amdvi_remove_mapping,
 	.add_device = amdvi_add_device,
 	.remove_device = amdvi_remove_device,
-	.invalidate_tlb = amdvi_invalidate_tlb
+	.invalidate_tlb = amdvi_invalidate_tlb,
 };

From nobody Fri Apr  4 09:05:48 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTXl02rscz5rwvm;
	Fri, 04 Apr 2025 09:05:48 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTXl00y2Gz3WlX;
	Fri, 04 Apr 2025 09:05:48 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743757548;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=mvU9mIsQL4ZDokibBb1IMhQ1D6DMOFj1Xz4hmZWa1QY=;
	b=mIPA9PgDVe4OAZSGqYubD3bxZ7/gjj0KnlP/OmLPSgsV048NAv8RXOx5/IKZ47u47BSeVP
	HENjAUNYtsRYttxKNDdpa8OKuYjTFUgfxnDLlkeqvn1MkT498Cpi8xcZUTXGv9Je5luD0m
	aMuoXecz3/Aios37eJtqlQoan182hWDMiJ5QbX9M9C13u6C6BbxQRxz1CKHmN6k/MFsJUa
	NpKI5Hboc0Az5BbsIpG3Z75fqDRt8SlEscRCabK3O76ZI/snZq35svLR/mnjQTlhX0d2Oq
	niwY9Id4hAHhmWs6LBq24uGwEWEDTqtWSm6u+v4XV5rXJtHgHjeOMgHTlqXMuw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743757548; a=rsa-sha256; cv=none;
	b=TQFM4TmP7EW5YeTVp/2tRjN/Ry6rDL/4A2bJcZuiymZ/VOeJm7vTbuMtzWMNpsBfp87N5a
	nwblfL74BounU18idTLcfnuaESy8JOhRmJMcC/pNtOI3Tm1yzxKFe/vk6+LiawLGP0lg3h
	q75xUGw5SG8jrqQ7yuAN/YaQeYABdNubDCxdNAumdqXCp+oviGIbf5Vynmi1JbK6VdF2sN
	SPYZ85eaTMielhDVeorI9Ap/P9fIjcLiMIlMJ24XI1NWvn1JVpB4/lddo3vBvJIixnCtPz
	A1C7ezclncUvzLSkotR/mXxHH4wjhND2l1NKsY2irOiVSxs5I9L+UkexbU37Qg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743757548;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=mvU9mIsQL4ZDokibBb1IMhQ1D6DMOFj1Xz4hmZWa1QY=;
	b=w5DSZElGHPzRCmtIVZMv9sLRtBp9D4d75MayXk9LRp4oKwgShQOmDYKFVffZhd9G4YZ+9N
	/8oDWfPzrM0d9W7tYcYDsBrvqewgNlvE7uyxJWhnEsYr7Bd3YFbzr0X5sbpmsxWdqsM08d
	Z01CbhgA1eernBGP21oaVd8JTNXMjn/E2GMi0Xy9rZgWJexle8L0YawwV7fAAiHes+EHjU
	63QtRzf4Kaz9uCEGrFjV18ElqcAt6YVEBXI4hLQ679+130owdiQSGPHPnqegZI7Zt4nlN3
	rFTis3QhiH+m912v/uDwbaPHeJ3Ve45lE7cvAcg1s4khwEf/yPL5q9BiuoYk+Q==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTXl00YLBzgxh;
	Fri, 04 Apr 2025 09:05:48 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 53495mvB054699;
	Fri, 4 Apr 2025 09:05:48 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 53495miV054696;
	Fri, 4 Apr 2025 09:05:48 GMT
	(envelope-from git)
Date: Fri, 4 Apr 2025 09:05:48 GMT
Message-Id: <202504040905.53495miV054696@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Michael Tuexen <tuexen@FreeBSD.org>
Subject: git: e754d89bba8c - stable/14 - tcp: fix detection of bad
  RTOs
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: tuexen
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: e754d89bba8c526fd1ff792616ff4cbf9c6e093e
Auto-Submitted: auto-generated

The branch stable/14 has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=e754d89bba8c526fd1ff792616ff4cbf9c6e093e

commit e754d89bba8c526fd1ff792616ff4cbf9c6e093e
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2025-03-20 15:17:40 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2025-04-04 09:05:10 +0000

    tcp: fix detection of bad RTOs
    
    If timestamps are enabled, the actions performed by a retransmission
    timeout were rolled back, when they should not.
    It is needed to make sure the incoming segment advances SND.UNA.
    To do this, remove the incorrect upfront check and extend the check in
    the fast path to handle also the case of timestamps.
    
    PR:                     282605
    Reviewed by:            cc, rscheff, Peter Lei
    Sponsored by:           Netflix, Inc.
    Differential Revision:  https://reviews.freebsd.org/D49414
    
    (cherry picked from commit fbcf3b74e8f2c0c5ba37f1839bfe9395eb2fd0b1)
---
 sys/netinet/tcp_input.c | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index c868ba648bd7..104e98436f0c 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -1637,11 +1637,6 @@ tcp_do_segment(struct tcpcb *tp, struct mbuf *m, struct tcphdr *th,
 		to.to_tsecr -= tp->ts_offset;
 		if (TSTMP_GT(to.to_tsecr, tcp_ts_getticks()))
 			to.to_tsecr = 0;
-		else if (tp->t_rxtshift == 1 &&
-			 tp->t_flags & TF_PREVVALID &&
-			 tp->t_badrxtwin != 0 &&
-			 TSTMP_LT(to.to_tsecr, tp->t_badrxtwin))
-			cc_cong_signal(tp, th, CC_RTO_ERR);
 	}
 	/*
 	 * Process options only when we get SYN/ACK back. The SYN case
@@ -1786,15 +1781,17 @@ tcp_do_segment(struct tcpcb *tp, struct mbuf *m, struct tcphdr *th,
 				TCPSTAT_INC(tcps_predack);
 
 				/*
-				 * "bad retransmit" recovery without timestamps.
+				 * "bad retransmit" recovery.
 				 */
-				if ((to.to_flags & TOF_TS) == 0 &&
-				    tp->t_rxtshift == 1 &&
+				if (tp->t_rxtshift == 1 &&
 				    tp->t_flags & TF_PREVVALID &&
 				    tp->t_badrxtwin != 0 &&
-				    TSTMP_LT(ticks, tp->t_badrxtwin)) {
+				    (((to.to_flags & TOF_TS) != 0 &&
+				      to.to_tsecr != 0 &&
+				      TSTMP_LT(to.to_tsecr, tp->t_badrxtwin)) ||
+				     ((to.to_flags & TOF_TS) == 0 &&
+				      TSTMP_LT(ticks, tp->t_badrxtwin))))
 					cc_cong_signal(tp, th, CC_RTO_ERR);
-				}
 
 				/*
 				 * Recalculate the transmit timer / rtt.

From nobody Fri Apr  4 20:58:56 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTrYr3mSlz5sQ52;
	Fri, 04 Apr 2025 20:58:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTrYr32zZz47JN;
	Fri, 04 Apr 2025 20:58:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743800336;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=rlBf15QUcPrEOyiFr1bAbey50pdLf7HgVjG1iTnJ2/4=;
	b=oS9wWOh3D6+ckpaphVuohqHlnhwPxGqeJY1EVrLn8sp4kptL7zwfUhj6tm+pivWHPgfRw/
	VAFD+A8wH8cJTZ0WNWLrkkkMZXkkgHceZMbTCC7d0H9vVVGjgmi1dpZUi1fHG0Ada8+CBA
	czvmm4nFiPPNeeUxxhq1YBEL2ccZVQA+7sFY5qtZ9f94VnNqcGzDlB0Z+4eSVJnheeJH+Y
	dal/FDfTB0n/zRIlXHckEdyX7GMXUM6+bqMzTfNo5z0jGix0I6E3vHFNfSQjDbcRGwXkDG
	CrxLLwhuoQdCTNeAF6E2o3Rb8W0FafnNk6oRfFf/11RiOXHyuutMGEBVh0ToQw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743800336; a=rsa-sha256; cv=none;
	b=GswIVF5FlRuOHu/O1/8HVByEdsLxJqScpVuNS2lgqzs9k/KFC3Jx4vNXpZBrziUgy3QQrL
	9rKA1xEggziuIXYnb4vMezKKXOgsw3ocYWnj/nNAJjYzudhFFsNYHYCwNLf1FzPCXdVcbN
	gr4/i1eUXZJGoAYHIFZAIWJk+nJp+CVa50CNee8wfbs8VHEGpVCzIfVrQe4Iq6XaWZB2wy
	XnPH4QMOCf/sK9RK6/sH0TDjZXv2LIn29lHcYOO+QovGL2jydBPbB2KQYQYJZXqYZ8glIC
	uZbzJVyxVLT4Muio0C0xqSSyROfddVAPnmaN2Vz8qKstBW3lYonjZQwfkm3wow==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743800336;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=rlBf15QUcPrEOyiFr1bAbey50pdLf7HgVjG1iTnJ2/4=;
	b=RfgA7PJ6lxO/eXgXlDzoqW+IyEy8pzoCgGIotjE5Mb2mU5KQIaizW3KDb1FBOCAQBBwJah
	/vmT5Plvis0cGx5TydIMTqaz2r53MO5yCszHVbBEW2mNrfJJzeuHnpG78rhhmqRqgKpYz5
	lVkTGbnV+mGVKEMMz6LID0oQ8tEtW9XU0WK+QCf9fo0Ub14td/FS6dIoEZ+HFiglt8migL
	ECatt+9+Md5C6SUsiBL2/bh9p37O87jo6EEZP+bPycX06HFOKOMECCqJXe11lG75zCVC0J
	o8GTD54OKiARJDmF4FuKuH2g9vq2v/vrHB/OvrYE5sEWo5PNag4IUU6gYglnRw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTrYr2G1xz12Cv;
	Fri, 04 Apr 2025 20:58:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 534Kwur9083484;
	Fri, 4 Apr 2025 20:58:56 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 534KwuRX083481;
	Fri, 4 Apr 2025 20:58:56 GMT
	(envelope-from git)
Date: Fri, 4 Apr 2025 20:58:56 GMT
Message-Id: <202504042058.534KwuRX083481@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Piotr Kubaj <pkubaj@FreeBSD.org>
Subject: git: 1962f9631187 - stable/14 - zfs: enable FPU on powerpc*
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: pkubaj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 1962f96311878e5413f6e70e0925f08c1d2f9db8
Auto-Submitted: auto-generated

The branch stable/14 has been updated by pkubaj:

URL: https://cgit.FreeBSD.org/src/commit/?id=1962f96311878e5413f6e70e0925f08c1d2f9db8

commit 1962f96311878e5413f6e70e0925f08c1d2f9db8
Author:     Piotr Kubaj <pkubaj@FreeBSD.org>
AuthorDate: 2025-03-27 16:32:59 +0000
Commit:     Piotr Kubaj <pkubaj@FreeBSD.org>
CommitDate: 2025-04-04 20:57:57 +0000

    zfs: enable FPU on powerpc*
    
    Differential Revision: https://reviews.freebsd.org/D49538
    
    (cherry picked from commit 5b02365ac656e1cccf293ec1c57a8eb6c5cd51e2)
---
 sys/conf/files.powerpc                                  | 13 +++++++++++--
 .../openzfs/include/os/freebsd/spl/sys/simd_powerpc.h   | 17 ++++++++++++-----
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/sys/conf/files.powerpc b/sys/conf/files.powerpc
index 6d44d9114e25..ddce4b917890 100644
--- a/sys/conf/files.powerpc
+++ b/sys/conf/files.powerpc
@@ -17,8 +17,17 @@ contrib/openzfs/module/icp/asm-ppc64/blake3/b3_ppc64le_sse41.S	optional zfs comp
 # zfs sha2 hash support
 contrib/openzfs/module/icp/asm-ppc64/sha2/sha256-p8.S		optional zfs compile-with "${ZFS_S}"
 contrib/openzfs/module/icp/asm-ppc64/sha2/sha512-p8.S		optional zfs compile-with "${ZFS_S}"
-contrib/openzfs/module/icp/asm-ppc64/sha2/sha256-ppc.S		optional zfs compile-with "${ZFS_S}"
-contrib/openzfs/module/icp/asm-ppc64/sha2/sha512-ppc.S		optional zfs compile-with "${ZFS_S}"
+zfs-sha256-ppc.o		optional	zfs			\
+	dependency "$S/contrib/openzfs/module/icp/asm-ppc64/sha2/sha256-ppc.S" \
+	compile-with	"${CC} -c ${ZFS_ASM_CFLAGS} -o ${.TARGET} ${WERROR} $S/contrib/openzfs/module/icp/asm-ppc64/sha2/sha256-ppc.S" \
+	no-implicit-rule \
+	clean "zfs-sha256-ppc.o"
+
+zfs-sha512-ppc.o		optional	zfs			\
+	dependency "$S/contrib/openzfs/module/icp/asm-ppc64/sha2/sha512-ppc.S" \
+	compile-with	"${CC} -c ${ZFS_ASM_CFLAGS} -o ${.TARGET} ${WERROR} $S/contrib/openzfs/module/icp/asm-ppc64/sha2/sha512-ppc.S" \
+	no-implicit-rule \
+	clean "zfs-sha512-ppc.o"
 
 cddl/compat/opensolaris/kern/opensolaris_atomic.c			optional zfs powerpc | dtrace powerpc | zfs powerpcspe | dtrace powerpcspe compile-with "${ZFS_C}"
 cddl/dev/dtrace/powerpc/dtrace_asm.S		optional dtrace compile-with "${DTRACE_S}"
diff --git a/sys/contrib/openzfs/include/os/freebsd/spl/sys/simd_powerpc.h b/sys/contrib/openzfs/include/os/freebsd/spl/sys/simd_powerpc.h
index 2fd806e1a0b5..6d8503196050 100644
--- a/sys/contrib/openzfs/include/os/freebsd/spl/sys/simd_powerpc.h
+++ b/sys/contrib/openzfs/include/os/freebsd/spl/sys/simd_powerpc.h
@@ -43,18 +43,25 @@
 #ifndef _FREEBSD_SIMD_POWERPC_H
 #define	_FREEBSD_SIMD_POWERPC_H
 
+#include <machine/pcpu.h>
+
 #include <sys/types.h>
 #include <sys/cdefs.h>
 
 #include <machine/pcb.h>
 #include <machine/cpu.h>
+#include <machine/fpu.h>
 
-/* FreeBSD doesn't support floating point on powerpc kernel yet */
-#define	kfpu_allowed()		0
-
+#define	kfpu_allowed()		1
 #define	kfpu_initialize(tsk)	do {} while (0)
-#define	kfpu_begin()		do {} while (0)
-#define	kfpu_end()		do {} while (0)
+#define kfpu_begin() {					\
+	if (__predict_false(!is_fpu_kern_thread(0)))	\
+	fpu_kern_enter(PCPU_GET(curthread), NULL, FPU_KERN_NOCTX);\
+}
+#define kfpu_end()	{				\
+	if (__predict_false(PCPU_GET(curpcb)->pcb_flags & PCB_KERN_FPU_NOSAVE))\
+	fpu_kern_leave(PCPU_GET(curthread), NULL);	\
+}
 #define	kfpu_init()		(0)
 #define	kfpu_fini()		do {} while (0)
 

From nobody Fri Apr  4 20:58:57 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTrYs4ysQz5sQGf;
	Fri, 04 Apr 2025 20:58:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTrYs2zXSz47DK;
	Fri, 04 Apr 2025 20:58:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743800337;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=5zYQhIBOGGJzo6lr3rtxDgkGDCM9Wi3pWLx9SRfVm3I=;
	b=r0Tcn7INOQiCSlBm9k8Jh1TlE5UZHGDal3a3xPRBUhE+hLwVZdhrTiRG6hhy5YBQJQE6a/
	yqdJCJI7jqx0pLZ1FywrlvRb0MqOGB18z4RZZ09MOYdYwyCFemU47kS/3EhrLlv+By7+ur
	Ynm/cZC1AaBYKniM5UzQzE6eKdmP8qdrEJz4aH+nLuIYXXAD3lOm7Uy18DKaKifpbevKNp
	+oZOgxIY+zdKmO+h2seLL+NwKcx9V1snvf+M0jYFs94CeD4RsEyA0HaY6cekywuylhEKHC
	f+HxpeiR7nP7EbLv2YJhooovSsvcDELvh5hVzIeHYrNOfEL2USRCK5PukhE8HA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743800337; a=rsa-sha256; cv=none;
	b=N1qciupstA7yu2VYu7Kedq5SLHvs9pEeb1esxu5bJ+vlc7+TaWOvb5GfiM8FOfTn6uuH2U
	VOAhR3tq7hO0DDT6S5bhR7io32KxJzEQRartatDiWjghXK75HTHYfEFsLWfmadT3YgAtbe
	it8jjpdodYS7lBlQEurFTWKTqFgh8VUH2LLqlGw51qWKgkpuMnP2WvKd60mySyfKS9nJRP
	H/Q12In2x3mz4l57Y2CPlj6aQX34h6pQcEH3NbwdgaZ4V2J5RRVdKUppXCyvK/NLuTP70b
	72KBnFWSLM30s166F4LYYMIU4VfQ6zCzze039ERp821MNBlHFpGvtZu5VbASVg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743800337;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=5zYQhIBOGGJzo6lr3rtxDgkGDCM9Wi3pWLx9SRfVm3I=;
	b=ftx97sWP5hpuLoVMaoqEWHNf5RKANdSGR1+FsXqu6eElbeXwrqTBLJpMsAofrpdeUtlRFi
	ZnhITj9/7/1Ka2solGgt4OZrUuHUctekMLjGIkjCW/r+IGoAoQSMPY8DzMiMayFvRB1fQ1
	PiwD6Pza338mg+Un3f1C0TqSkRw6z6niVlSUuE7bFZiBvfleZuhLYz7GvoZWsPQiZ89Nmr
	5yoiH3kDd4FzEdaxpUW0QfhlInwU7/hw/TiwRPeYAe6ZULazRfQNJu+gD9NmApP4/H5pZ+
	fE32YfRyQS/DvjNg4ETrtBfINcWjS8c+J0aUNlRRqO0mu9OwYq2K+I8VrlqKMw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTrYs2ZqJz12Cw;
	Fri, 04 Apr 2025 20:58:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 534Kwvnv083519;
	Fri, 4 Apr 2025 20:58:57 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 534KwvFD083516;
	Fri, 4 Apr 2025 20:58:57 GMT
	(envelope-from git)
Date: Fri, 4 Apr 2025 20:58:57 GMT
Message-Id: <202504042058.534KwvFD083516@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Piotr Kubaj <pkubaj@FreeBSD.org>
Subject: git: 54a94356c90e - stable/14 - zfs: remove inclusion of
  machine/pcpu.h
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: pkubaj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 54a94356c90ea5be276568c9c7d0696360ab9242
Auto-Submitted: auto-generated

The branch stable/14 has been updated by pkubaj:

URL: https://cgit.FreeBSD.org/src/commit/?id=54a94356c90ea5be276568c9c7d0696360ab9242

commit 54a94356c90ea5be276568c9c7d0696360ab9242
Author:     Piotr Kubaj <pkubaj@FreeBSD.org>
AuthorDate: 2025-03-28 16:51:08 +0000
Commit:     Piotr Kubaj <pkubaj@FreeBSD.org>
CommitDate: 2025-04-04 20:58:18 +0000

    zfs: remove inclusion of machine/pcpu.h
    
    It was necessary in the beginning for a definition of curthread,
    but in the later versions of the patch turned out to be not needed.
    
    Fixes:  5b02365ac656e1cccf293ec1c57a8eb6c5cd51e2
    Reported by:    mav
    
    (cherry picked from commit a440b544d566a91fb0e869e3f3828081c3763f94)
---
 sys/contrib/openzfs/include/os/freebsd/spl/sys/simd_powerpc.h | 2 --
 1 file changed, 2 deletions(-)

diff --git a/sys/contrib/openzfs/include/os/freebsd/spl/sys/simd_powerpc.h b/sys/contrib/openzfs/include/os/freebsd/spl/sys/simd_powerpc.h
index 6d8503196050..608122d9d135 100644
--- a/sys/contrib/openzfs/include/os/freebsd/spl/sys/simd_powerpc.h
+++ b/sys/contrib/openzfs/include/os/freebsd/spl/sys/simd_powerpc.h
@@ -43,8 +43,6 @@
 #ifndef _FREEBSD_SIMD_POWERPC_H
 #define	_FREEBSD_SIMD_POWERPC_H
 
-#include <machine/pcpu.h>
-
 #include <sys/types.h>
 #include <sys/cdefs.h>
 

From nobody Sat Apr  5 03:18:49 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZV10B26SRz5ssly;
	Sat, 05 Apr 2025 03:18:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZV10B1gyWz3LBZ;
	Sat, 05 Apr 2025 03:18:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743823130;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=L4hWLvTJvu7IrBPda8eAP1o3btnLBDdvjiibfvTnP/A=;
	b=U0pmfjWh2sqbL1A6KBL/+JRn38i8Z1Y1gnReW6UIj+gJDucc/+3gXUlTudOf9pMzs7ijqW
	PnNkWXic6FXlZEiVnSjLk150sMtu6kmTemtM5+4q5FnLqX7U5dQsi79KbtkBk44Ip5N+oO
	3Y+Ce/TU93RhVNZ83WKt5+0X96sB08wyVJ7qkgsznE4nKtViZSOuhWY+UMJK01kY9j6hfw
	dZMOtmDg3jgHAnreWQd2cDM5XL9eu5chW8EQjsMQPnrsRxtZvHgLgkoAFrlra84R5wrAcl
	F67cBZjTzhJjhnlXSC+6esaTmAHnjWYSs8vJWNC/wY+mC/YMcQwzeVGmcOcE8Q==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743823130; a=rsa-sha256; cv=none;
	b=rGcCvriekp9OoejnIv0kQr7cFelGJF2WFgmi/vrcZkrrWkI77N31QbNnHH37hbF/kuLP/4
	XULhwVeLBq/YP1hadHdVL3D5vo4nqruVs0TQAACHQqdqTxejx5OIk/8uuXA0lPpyN331yo
	L0Z4Nfixjhkw60ZT/wFEGW/VzeR9Xyekv+bNNIyCwp8uM8DqeiFAS1QkRG8wVCBtmXZOBV
	CHv992OnbIXuN9EHCS6cxrPUj6XLmz3KcfJ+yt1JuuA89YDocEMMPnO/HJ5xq8vQ6CYLLS
	wKycx5gCFOOoPZRaJTZh1dA5l0v8Rn1xmyoY2/TJDGJ55LGNxieByw3HNXkeEw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743823130;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=L4hWLvTJvu7IrBPda8eAP1o3btnLBDdvjiibfvTnP/A=;
	b=FcApTjdjggr2w70texM2FLGkBx/l9QxIJwagWVfi5Od26FClc2cd+UzbgeyF0R7dl6wf09
	emLPNbAVNwAkZsE/CJZquZZSqtiEERhA/JXvxkmOcLs0CbjAsC8YPygmfVhZBvZ2WBDUPJ
	SOQaDCknEmmJaUUG0o5wvSTecTGgjapQELZqfHk+zS0eUUuXWKQvLzXHZBB9RtdHZO5ofu
	Tw47WkC4lXy/WUCsAQK334Tr3qfd4mBJur5Y98ybMHpsHlou+OsIAAes4PNTCRXEQKDmIc
	amki8H11X4lTs2Cxg2e+bSu//qOFRVLh2x51Gn2AWOjSvjtLODQ5tWGethDdBg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZV10B044Wz1CpG;
	Sat, 05 Apr 2025 03:18:50 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5353InC1095152;
	Sat, 5 Apr 2025 03:18:49 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5353InRP095148;
	Sat, 5 Apr 2025 03:18:49 GMT
	(envelope-from git)
Date: Sat, 5 Apr 2025 03:18:49 GMT
Message-Id: <202504050318.5353InRP095148@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Philip Paeps <philip@FreeBSD.org>
Subject: git: 6f7ee9ac036e - stable/14 - contrib/expat: import expat
  2.7.1
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: philip
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 6f7ee9ac036ebd210d70cb177eba0c3c5bc930e3
Auto-Submitted: auto-generated

The branch stable/14 has been updated by philip:

URL: https://cgit.FreeBSD.org/src/commit/?id=6f7ee9ac036ebd210d70cb177eba0c3c5bc930e3

commit 6f7ee9ac036ebd210d70cb177eba0c3c5bc930e3
Author:     Philip Paeps <philip@FreeBSD.org>
AuthorDate: 2025-04-02 08:56:02 +0000
Commit:     Philip Paeps <philip@FreeBSD.org>
CommitDate: 2025-04-05 03:17:53 +0000

    contrib/expat: import expat 2.7.1
    
    Changes: https://github.com/libexpat/libexpat/blob/R_2_7_1/expat/Changes
             https://github.com/libexpat/libexpat/blob/R_2_7_0/expat/Changes
    
    Security:       CVE-2024-8176
    
    (cherry picked from commit fe9278888fd4414abe2d922e469cf608005f4c65)
---
 contrib/expat/COPYING                       |   2 +-
 contrib/expat/Changes                       | 123 +++++-
 contrib/expat/Makefile.am                   |   4 +-
 contrib/expat/Makefile.in                   |   4 +-
 contrib/expat/README.md                     |  18 +-
 contrib/expat/configure.ac                  |   4 +-
 contrib/expat/doc/reference.html            |   9 +-
 contrib/expat/doc/xmlwf.1                   |   2 +-
 contrib/expat/doc/xmlwf.xml                 |   4 +-
 contrib/expat/fuzz/xml_lpm_fuzzer.cpp       | 464 ++++++++++++++++++++++
 contrib/expat/fuzz/xml_lpm_fuzzer.proto     |  58 +++
 contrib/expat/fuzz/xml_parse_fuzzer.c       |   2 +-
 contrib/expat/fuzz/xml_parsebuffer_fuzzer.c |   2 +-
 contrib/expat/lib/expat.h                   |   6 +-
 contrib/expat/lib/internal.h                |   5 +-
 contrib/expat/lib/xmlparse.c                | 586 ++++++++++++++++++++--------
 contrib/expat/tests/acc_tests.c             |   5 +-
 contrib/expat/tests/alloc_tests.c           |  27 ++
 contrib/expat/tests/basic_tests.c           | 331 +++++++++++++++-
 contrib/expat/tests/benchmark/benchmark.c   |  57 ++-
 contrib/expat/tests/common.c                |  33 +-
 contrib/expat/tests/common.h                |   4 +-
 contrib/expat/tests/handlers.c              |  23 ++
 contrib/expat/tests/handlers.h              |   9 +
 contrib/expat/tests/minicheck.h             |   6 +-
 contrib/expat/tests/misc_tests.c            | 247 ++++++++++--
 contrib/expat/tests/xmltest.sh              |   5 +-
 contrib/expat/xmlwf/readfilemap.c           |   3 +-
 28 files changed, 1779 insertions(+), 264 deletions(-)

diff --git a/contrib/expat/COPYING b/contrib/expat/COPYING
index ce9e5939291e..c6d184a8aae8 100644
--- a/contrib/expat/COPYING
+++ b/contrib/expat/COPYING
@@ -1,5 +1,5 @@
 Copyright (c) 1998-2000 Thai Open Source Software Center Ltd and Clark Cooper
-Copyright (c) 2001-2022 Expat maintainers
+Copyright (c) 2001-2025 Expat maintainers
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
diff --git a/contrib/expat/Changes b/contrib/expat/Changes
index aa19f70ae219..9d6c64b6a460 100644
--- a/contrib/expat/Changes
+++ b/contrib/expat/Changes
@@ -11,16 +11,23 @@
 !! The following topics need *additional skilled C developers* to progress   !!
 !! in a timely manner or at all (loosely ordered by descending priority):    !!
 !!                                                                           !!
-!! - <blink>fixing a complex non-public security issue</blink>,              !!
 !! - teaming up on researching and fixing future security reports and        !!
 !!   ClusterFuzz findings with few-days-max response times in communication  !!
 !!   in order to (1) have a sound fix ready before the end of a 90 days      !!
 !!   grace period and (2) in a sustainable manner,                           !!
+!! - helping CPython Expat bindings with supporting Expat's billion laughs   !!
+!!   attack protection API (https://github.com/python/cpython/issues/90949): !!
+!!   - XML_SetBillionLaughsAttackProtectionActivationThreshold               !!
+!!   - XML_SetBillionLaughsAttackProtectionMaximumAmplification              !!
+!! - helping Perl's XML::Parser Expat bindings with supporting Expat's       !!
+!!   security API (https://github.com/cpan-authors/XML-Parser/issues/102):   !!
+!!   - XML_SetBillionLaughsAttackProtectionActivationThreshold               !!
+!!   - XML_SetBillionLaughsAttackProtectionMaximumAmplification              !!
+!!   - XML_SetReparseDeferralEnabled                                         !!
 !! - implementing and auto-testing XML 1.0r5 support                         !!
 !!   (needs discussion before pull requests),                                !!
 !! - smart ideas on fixing the Autotools CMake files generation issue        !!
 !!   without breaking CI (needs discussion before pull requests),            !!
-!! - the Windows binaries topic (needs requirements engineering first),      !!
 !! - pushing migration from `int` to `size_t` further                        !!
 !!   including edge-cases test coverage (needs discussion before anything).  !!
 !!                                                                           !!
@@ -30,6 +37,116 @@
 !! THANK YOU!                        Sebastian Pipping -- Berlin, 2024-03-09 !!
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
+Release 2.7.1 Thu March 27 2025
+        Bug fixes:
+       #980 #989  Restore event pointer behavior from Expat 2.6.4
+                    (that the fix to CVE-2024-8176 changed in 2.7.0);
+                    affected API functions are:
+                    - XML_GetCurrentByteCount
+                    - XML_GetCurrentByteIndex
+                    - XML_GetCurrentColumnNumber
+                    - XML_GetCurrentLineNumber
+                    - XML_GetInputContext
+
+        Other changes:
+       #976 #977  Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}"
+                    with Automake that were missing from 2.7.0 release tarballs
+       #983 #984  Fix printf format specifiers for 32bit Emscripten
+            #992  docs: Promote OpenSSF Best Practices self-certification
+            #978  tests/benchmark: Resolve mistaken double close
+            #986  Address compiler warnings
+       #990 #993  Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
+                    to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
+                    for what these numbers do
+
+        Infrastructure:
+            #982  CI: Start running Perl XML::Parser integration tests
+            #987  CI: Enforce Clang Static Analyzer clean code
+            #991  CI: Re-enable warning clang-analyzer-valist.Uninitialized
+                    for clang-tidy
+            #981  CI: Cover compilation with musl
+       #983 #984  CI: Cover compilation with 32bit Emscripten
+       #976 #977  CI: Protect against fuzzer files missing from future
+                    release archives
+
+        Special thanks to:
+            Berkay Eren Ürün
+            Matthew Fernandez
+                 and
+            Perl XML::Parser
+
+Release 2.7.0 Thu March 13 2025
+        Security fixes:
+       #893 #973  CVE-2024-8176 -- Fix crash from chaining a large number
+                    of entities caused by stack overflow by resolving use of
+                    recursion, for all three uses of entities:
+                    - general entities in character data ("<e>&g1;</e>")
+                    - general entities in attribute values ("<e k1='&g1;'/>")
+                    - parameter entities ("%p1;")
+                    Known impact is (reliable and easy) denial of service:
+                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
+                    (Base Score: 7.5, Temporal Score: 7.2)
+                    Please note that a layer of compression around XML can
+                    significantly reduce the minimum attack payload size.
+
+        Other changes:
+       #935 #937  Autotools: Make generated CMake files look for
+                    libexpat.@SO_MAJOR@.dylib on macOS
+            #925  Autotools: Sync CMake templates with CMake 3.29
+  #945 #962 #966  CMake: Drop support for CMake <3.13
+            #942  CMake: Small fuzzing related improvements
+            #921  docs: Add missing documentation of error code
+                    XML_ERROR_NOT_STARTED that was introduced with 2.6.4
+            #941  docs: Document need for C++11 compiler for use from C++
+            #959  tests/benchmark: Fix a (harmless) TOCTTOU
+            #944  Windows: Fix installer target location of file xmlwf.xml
+                    for CMake
+            #953  Windows: Address warning -Wunknown-warning-option
+                    about -Wno-pedantic-ms-format from LLVM MinGW
+            #971  Address Cppcheck warnings
+       #969 #970  Mass-migrate links from http:// to https://
+    #947 #958 ..
+       #974 #975  Document changes since the previous release
+       #974 #975  Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
+                    to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
+                    for what these numbers do
+
+        Infrastructure:
+            #926  tests: Increase robustness
+    #927 #932 ..
+       #930 #933  tests: Increase test coverage
+    #617 #950 ..
+    #951 #952 ..
+    #954 #955 ..  Fuzzing: Add new fuzzer "xml_lpm_fuzzer" based on
+            #961    Google's libprotobuf-mutator ("LPM")
+            #957  Fuzzing|CI: Start producing fuzzing code coverage reports
+            #936  CI: Pass -q -q for LCOV >=2.1 in coverage.sh
+            #942  CI: Small fuzzing related improvements
+    #139 #203 ..
+       #791 #946  CI: Make GitHub Actions build using MSVC on Windows and
+                      produce 32bit and 64bit Windows binaries
+            #956  CI: Get off of about-to-be-removed Ubuntu 20.04
+       #960 #964  CI: Start uploading to Coverity Scan for static analysis
+            #972  CI: Stop loading DTD from the internet to address flaky CI
+            #971  CI: Adapt to breaking changes in Cppcheck
+
+        Special thanks to:
+            Alexander Gieringer
+            Berkay Eren Ürün
+            Hanno Böck
+            Jann Horn
+            Mark Brand
+            Sebastian Andrzej Siewior
+            Snild Dolkow
+            Thomas Pröll
+            Tomas Korbar
+            valord577
+                 and
+            Google Project Zero
+            Linutronix
+            Red Hat
+            Siemens
+
 Release 2.6.4 Wed November 6 2024
         Security fixes:
             #915  CVE-2024-50602 -- Fix crash within function XML_ResumeParser
@@ -46,6 +163,8 @@ Release 2.6.4 Wed November 6 2024
             #904  tests: Resolve duplicate handler
        #317 #918  tests: Improve tests on doctype closing (ex CVE-2019-15903)
             #914  Fix signedness of format strings
+            #915  For use from C++, expat.h started requiring C++11 due to
+                    use of C99 features
        #919 #920  Version info bumped from 10:3:9 (libexpat*.so.1.9.3)
                     to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/
                     for what these numbers do
diff --git a/contrib/expat/Makefile.am b/contrib/expat/Makefile.am
index 7d8e17c2cf86..c20531a8d6c6 100644
--- a/contrib/expat/Makefile.am
+++ b/contrib/expat/Makefile.am
@@ -6,7 +6,7 @@
 #                      \___/_/\_\ .__/ \__,_|\__|
 #                               |_| XML parser
 #
-# Copyright (c) 2017-2023 Sebastian Pipping <sebastian@pipping.org>
+# Copyright (c) 2017-2025 Sebastian Pipping <sebastian@pipping.org>
 # Copyright (c) 2018      KangLin <kl222@126.com>
 # Copyright (c) 2022      Johnny Jazeix <jazeix@gmail.com>
 # Copyright (c) 2023      Sony Corporation / Snild Dolkow <snild@sony.com>
@@ -96,6 +96,8 @@ EXTRA_DIST = \
     conftools/expat.m4 \
     conftools/get-version.sh \
     \
+    fuzz/xml_lpm_fuzzer.cpp \
+    fuzz/xml_lpm_fuzzer.proto \
     fuzz/xml_parsebuffer_fuzzer.c \
     fuzz/xml_parse_fuzzer.c \
     \
diff --git a/contrib/expat/Makefile.in b/contrib/expat/Makefile.in
index c0fcb5dd05d1..069ec4047eea 100644
--- a/contrib/expat/Makefile.in
+++ b/contrib/expat/Makefile.in
@@ -22,7 +22,7 @@
 #                      \___/_/\_\ .__/ \__,_|\__|
 #                               |_| XML parser
 #
-# Copyright (c) 2017-2023 Sebastian Pipping <sebastian@pipping.org>
+# Copyright (c) 2017-2025 Sebastian Pipping <sebastian@pipping.org>
 # Copyright (c) 2018      KangLin <kl222@126.com>
 # Copyright (c) 2022      Johnny Jazeix <jazeix@gmail.com>
 # Copyright (c) 2023      Sony Corporation / Snild Dolkow <snild@sony.com>
@@ -494,6 +494,8 @@ EXTRA_DIST = \
     conftools/expat.m4 \
     conftools/get-version.sh \
     \
+    fuzz/xml_lpm_fuzzer.cpp \
+    fuzz/xml_lpm_fuzzer.proto \
     fuzz/xml_parsebuffer_fuzzer.c \
     fuzz/xml_parse_fuzzer.c \
     \
diff --git a/contrib/expat/README.md b/contrib/expat/README.md
index 23d26dad2b92..77c6bf27d307 100644
--- a/contrib/expat/README.md
+++ b/contrib/expat/README.md
@@ -3,6 +3,7 @@
 [![Packaging status](https://repology.org/badge/tiny-repos/expat.svg)](https://repology.org/metapackage/expat/versions)
 [![Downloads SourceForge](https://img.shields.io/sourceforge/dt/expat?label=Downloads%20SourceForge)](https://sourceforge.net/projects/expat/files/)
 [![Downloads GitHub](https://img.shields.io/github/downloads/libexpat/libexpat/total?label=Downloads%20GitHub)](https://github.com/libexpat/libexpat/releases)
+[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/10205/badge)](https://www.bestpractices.dev/projects/10205)
 
 > [!CAUTION]
 >
@@ -11,7 +12,7 @@
 > at the top of the `Changes` file.
 
 
-# Expat, Release 2.6.4
+# Expat, Release 2.7.1
 
 This is Expat, a C99 library for parsing
 [XML 1.0 Fourth Edition](https://www.w3.org/TR/2006/REC-xml-20060816/), started by
@@ -22,9 +23,9 @@ are called when the parser discovers the associated structures in the
 document being parsed.  A start tag is an example of the kind of
 structures for which you may register handlers.
 
-Expat supports the following compilers:
+Expat supports the following C99 compilers:
 
-- GNU GCC >=4.5
+- GNU GCC >=4.5 (for use from C) or GNU GCC >=4.8.1 (for use from C++)
 - LLVM Clang >=3.5
 - Microsoft Visual Studio >=16.0/2019 (rolling `${today} minus 5 years`)
 
@@ -52,7 +53,7 @@ This approach leverages CMake's own [module `FindEXPAT`](https://cmake.org/cmake
 Notice the *uppercase* `EXPAT` in the following example:
 
 ```cmake
-cmake_minimum_required(VERSION 3.0)  # or 3.10, see below
+cmake_minimum_required(VERSION 3.10)
 
 project(hello VERSION 1.0.0)
 
@@ -62,12 +63,7 @@ add_executable(hello
     hello.c
 )
 
-# a) for CMake >=3.10 (see CMake's FindEXPAT docs)
 target_link_libraries(hello PUBLIC EXPAT::EXPAT)
-
-# b) for CMake >=3.0
-target_include_directories(hello PRIVATE ${EXPAT_INCLUDE_DIRS})
-target_link_libraries(hello PUBLIC ${EXPAT_LIBRARIES})
 ```
 
 ### b) `find_package` with Config Mode
@@ -85,7 +81,7 @@ or
 Notice the *lowercase* `expat` in the following example:
 
 ```cmake
-cmake_minimum_required(VERSION 3.0)
+cmake_minimum_required(VERSION 3.10)
 
 project(hello VERSION 1.0.0)
 
@@ -295,7 +291,7 @@ EXPAT_ENABLE_INSTALL:BOOL=ON
 // Use /MT flag (static CRT) when compiling in MSVC
 EXPAT_MSVC_STATIC_CRT:BOOL=OFF
 
-// Build fuzzers via ossfuzz for the expat library
+// Build fuzzers via OSS-Fuzz for the expat library
 EXPAT_OSSFUZZ_BUILD:BOOL=OFF
 
 // Build a shared expat library
diff --git a/contrib/expat/configure.ac b/contrib/expat/configure.ac
index fffcd125e9c4..0c88b8867019 100644
--- a/contrib/expat/configure.ac
+++ b/contrib/expat/configure.ac
@@ -11,7 +11,7 @@ dnl   Copyright (c) 2000      Clark Cooper <coopercc@users.sourceforge.net>
 dnl   Copyright (c) 2000-2005 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
 dnl   Copyright (c) 2001-2003 Greg Stein <gstein@users.sourceforge.net>
 dnl   Copyright (c) 2006-2012 Karl Waclawek <karl@waclawek.net>
-dnl   Copyright (c) 2016-2024 Sebastian Pipping <sebastian@pipping.org>
+dnl   Copyright (c) 2016-2025 Sebastian Pipping <sebastian@pipping.org>
 dnl   Copyright (c) 2017      S. P. Zeidler <spz@netbsd.org>
 dnl   Copyright (c) 2017      Stephen Groat <stephen@groat.us>
 dnl   Copyright (c) 2017-2020 Joe Orton <jorton@redhat.com>
@@ -85,7 +85,7 @@ dnl If the API changes incompatibly set LIBAGE back to 0
 dnl
 
 LIBCURRENT=11  # sync
-LIBREVISION=0  # with
+LIBREVISION=2  # with
 LIBAGE=10      # CMakeLists.txt!
 
 AC_CONFIG_HEADERS([expat_config.h])
diff --git a/contrib/expat/doc/reference.html b/contrib/expat/doc/reference.html
index c2ae9bb71431..2b3bd39580a9 100644
--- a/contrib/expat/doc/reference.html
+++ b/contrib/expat/doc/reference.html
@@ -14,7 +14,7 @@
    Copyright (c) 2000      Clark Cooper <coopercc@users.sourceforge.net>
    Copyright (c) 2000-2004 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
    Copyright (c) 2002-2012 Karl Waclawek <karl@waclawek.net>
-   Copyright (c) 2017-2024 Sebastian Pipping <sebastian@pipping.org>
+   Copyright (c) 2017-2025 Sebastian Pipping <sebastian@pipping.org>
    Copyright (c) 2017      Jakub Wilk <jwilk@jwilk.net>
    Copyright (c) 2021      Tomas Korbar <tkorbar@redhat.com>
    Copyright (c) 2021      Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
@@ -52,7 +52,7 @@
   <div>
     <h1>
       The Expat XML Parser
-      <small>Release 2.6.4</small>
+      <small>Release 2.7.1</small>
     </h1>
   </div>
 <div class="content">
@@ -1267,6 +1267,11 @@ call-backs, except when parsing an external parameter entity and
 <code>XML_STATUS_ERROR</code> otherwise.  The possible error codes
 are:</p>
 <dl>
+  <dt><code>XML_ERROR_NOT_STARTED</code></dt>
+  <dd>
+    when stopping or suspending a parser before it has started,
+    added in Expat 2.6.4.
+  </dd>
   <dt><code>XML_ERROR_SUSPENDED</code></dt>
   <dd>when suspending an already suspended parser.</dd>
   <dt><code>XML_ERROR_FINISHED</code></dt>
diff --git a/contrib/expat/doc/xmlwf.1 b/contrib/expat/doc/xmlwf.1
index 61b302581ce9..76aa7e30d074 100644
--- a/contrib/expat/doc/xmlwf.1
+++ b/contrib/expat/doc/xmlwf.1
@@ -5,7 +5,7 @@
 \\$2 \(la\\$1\(ra\\$3
 ..
 .if \n(.g .mso www.tmac
-.TH XMLWF 1 "November 6, 2024" "" ""
+.TH XMLWF 1 "March 27, 2025" "" ""
 .SH NAME
 xmlwf \- Determines if an XML document is well-formed
 .SH SYNOPSIS
diff --git a/contrib/expat/doc/xmlwf.xml b/contrib/expat/doc/xmlwf.xml
index cf6d984af463..17e9cf51c191 100644
--- a/contrib/expat/doc/xmlwf.xml
+++ b/contrib/expat/doc/xmlwf.xml
@@ -9,7 +9,7 @@
    Copyright (c) 2001      Scott Bronson <bronson@rinspin.com>
    Copyright (c) 2002-2003 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
    Copyright (c) 2009      Karl Waclawek <karl@waclawek.net>
-   Copyright (c) 2016-2024 Sebastian Pipping <sebastian@pipping.org>
+   Copyright (c) 2016-2025 Sebastian Pipping <sebastian@pipping.org>
    Copyright (c) 2016      Ardo van Rangelrooij <ardo@debian.org>
    Copyright (c) 2017      Rhodri James <rhodri@wildebeest.org.uk>
    Copyright (c) 2020      Joe Orton <jorton@redhat.com>
@@ -21,7 +21,7 @@
           "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
   <!ENTITY dhfirstname "<firstname>Scott</firstname>">
   <!ENTITY dhsurname   "<surname>Bronson</surname>">
-  <!ENTITY dhdate      "<date>November 6, 2024</date>">
+  <!ENTITY dhdate      "<date>March 27, 2025</date>">
   <!-- Please adjust this^^ date whenever cutting a new release. -->
   <!ENTITY dhsection   "<manvolnum>1</manvolnum>">
   <!ENTITY dhemail     "<email>bronson@rinspin.com</email>">
diff --git a/contrib/expat/fuzz/xml_lpm_fuzzer.cpp b/contrib/expat/fuzz/xml_lpm_fuzzer.cpp
new file mode 100644
index 000000000000..f52ea7b21e40
--- /dev/null
+++ b/contrib/expat/fuzz/xml_lpm_fuzzer.cpp
@@ -0,0 +1,464 @@
+/*
+                            __  __            _
+                         ___\ \/ /_ __   __ _| |_
+                        / _ \\  /| '_ \ / _` | __|
+                       |  __//  \| |_) | (_| | |_
+                        \___/_/\_\ .__/ \__,_|\__|
+                                 |_| XML parser
+
+   Copyright (c) 2022 Mark Brand <markbrand@google.com>
+   Copyright (c) 2025 Sebastian Pipping <sebastian@pipping.org>
+   Licensed under the MIT license:
+
+   Permission is  hereby granted,  free of charge,  to any  person obtaining
+   a  copy  of  this  software   and  associated  documentation  files  (the
+   "Software"),  to  deal in  the  Software  without restriction,  including
+   without  limitation the  rights  to use,  copy,  modify, merge,  publish,
+   distribute, sublicense, and/or sell copies of the Software, and to permit
+   persons  to whom  the Software  is  furnished to  do so,  subject to  the
+   following conditions:
+
+   The above copyright  notice and this permission notice  shall be included
+   in all copies or substantial portions of the Software.
+
+   THE  SOFTWARE  IS  PROVIDED  "AS  IS",  WITHOUT  WARRANTY  OF  ANY  KIND,
+   EXPRESS  OR IMPLIED,  INCLUDING  BUT  NOT LIMITED  TO  THE WARRANTIES  OF
+   MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+   NO EVENT SHALL THE AUTHORS OR  COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+   DAMAGES OR  OTHER LIABILITY, WHETHER  IN AN  ACTION OF CONTRACT,  TORT OR
+   OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+   USE OR OTHER DEALINGS IN THE SOFTWARE.
+*/
+
+#if defined(NDEBUG)
+#  undef NDEBUG // because checks below rely on assert(...)
+#endif
+
+#include <assert.h>
+#include <stdint.h>
+#include <vector>
+
+#include "expat.h"
+#include "xml_lpm_fuzzer.pb.h"
+#include "src/libfuzzer/libfuzzer_macro.h"
+
+static const char *g_encoding = nullptr;
+static const char *g_external_entity = nullptr;
+static size_t g_external_entity_size = 0;
+
+void
+SetEncoding(const xml_lpm_fuzzer::Encoding &e) {
+  switch (e) {
+  case xml_lpm_fuzzer::Encoding::UTF8:
+    g_encoding = "UTF-8";
+    break;
+
+  case xml_lpm_fuzzer::Encoding::UTF16:
+    g_encoding = "UTF-16";
+    break;
+
+  case xml_lpm_fuzzer::Encoding::ISO88591:
+    g_encoding = "ISO-8859-1";
+    break;
+
+  case xml_lpm_fuzzer::Encoding::ASCII:
+    g_encoding = "US-ASCII";
+    break;
+
+  case xml_lpm_fuzzer::Encoding::NONE:
+    g_encoding = NULL;
+    break;
+
+  default:
+    g_encoding = "UNKNOWN";
+    break;
+  }
+}
+
+static int g_allocation_count = 0;
+static std::vector<int> g_fail_allocations = {};
+
+void *
+MallocHook(size_t size) {
+  g_allocation_count += 1;
+  for (auto index : g_fail_allocations) {
+    if (index == g_allocation_count) {
+      return NULL;
+    }
+  }
+  return malloc(size);
+}
+
+void *
+ReallocHook(void *ptr, size_t size) {
+  g_allocation_count += 1;
+  for (auto index : g_fail_allocations) {
+    if (index == g_allocation_count) {
+      return NULL;
+    }
+  }
+  return realloc(ptr, size);
+}
+
+void
+FreeHook(void *ptr) {
+  free(ptr);
+}
+
+XML_Memory_Handling_Suite memory_handling_suite
+    = {MallocHook, ReallocHook, FreeHook};
+
+void InitializeParser(XML_Parser parser);
+
+// We want a parse function that supports resumption, so that we can cover the
+// suspend/resume code.
+enum XML_Status
+Parse(XML_Parser parser, const char *input, int input_len, int is_final) {
+  enum XML_Status status = XML_Parse(parser, input, input_len, is_final);
+  while (status == XML_STATUS_SUSPENDED) {
+    status = XML_ResumeParser(parser);
+  }
+  return status;
+}
+
+// When the fuzzer is compiled with instrumentation such as ASan, then the
+// accesses in TouchString will fault if they access invalid memory (ie. detect
+// either a use-after-free or buffer-overflow). By calling TouchString in each
+// of the callbacks, we can check that the arguments meet the API specifications
+// in terms of length/null-termination. no_optimize is used to ensure that the
+// compiler has to emit actual memory reads, instead of removing them.
+static volatile size_t no_optimize = 0;
+static void
+TouchString(const XML_Char *ptr, int len = -1) {
+  if (! ptr) {
+    return;
+  }
+
+  if (len == -1) {
+    for (XML_Char value = *ptr++; value; value = *ptr++) {
+      no_optimize += value;
+    }
+  } else {
+    for (int i = 0; i < len; ++i) {
+      no_optimize += ptr[i];
+    }
+  }
+}
+
+static void
+TouchNodeAndRecurse(XML_Content *content) {
+  switch (content->type) {
+  case XML_CTYPE_EMPTY:
+  case XML_CTYPE_ANY:
+    assert(content->quant == XML_CQUANT_NONE);
+    assert(content->name == NULL);
+    assert(content->numchildren == 0);
+    assert(content->children == NULL);
+    break;
+
+  case XML_CTYPE_MIXED:
+    assert(content->quant == XML_CQUANT_NONE
+           || content->quant == XML_CQUANT_REP);
+    assert(content->name == NULL);
+    for (unsigned int i = 0; i < content->numchildren; ++i) {
+      assert(content->children[i].type == XML_CTYPE_NAME);
+      assert(content->children[i].quant == XML_CQUANT_NONE);
+      assert(content->children[i].numchildren == 0);
+      assert(content->children[i].children == NULL);
+      TouchString(content->children[i].name);
+    }
+    break;
+
+  case XML_CTYPE_NAME:
+    assert((content->quant == XML_CQUANT_NONE)
+           || (content->quant == XML_CQUANT_OPT)
+           || (content->quant == XML_CQUANT_REP)
+           || (content->quant == XML_CQUANT_PLUS));
+    assert(content->numchildren == 0);
+    assert(content->children == NULL);
+    TouchString(content->name);
+    break;
+
+  case XML_CTYPE_CHOICE:
+  case XML_CTYPE_SEQ:
+    assert((content->quant == XML_CQUANT_NONE)
+           || (content->quant == XML_CQUANT_OPT)
+           || (content->quant == XML_CQUANT_REP)
+           || (content->quant == XML_CQUANT_PLUS));
+    assert(content->name == NULL);
+    for (unsigned int i = 0; i < content->numchildren; ++i) {
+      TouchNodeAndRecurse(&content->children[i]);
+    }
+    break;
+
+  default:
+    assert(false);
+  }
+}
+
+static void XMLCALL
+ElementDeclHandler(void *userData, const XML_Char *name, XML_Content *model) {
+  TouchString(name);
+  TouchNodeAndRecurse(model);
+  XML_FreeContentModel((XML_Parser)userData, model);
+}
+
+static void XMLCALL
+AttlistDeclHandler(void *userData, const XML_Char *elname,
+                   const XML_Char *attname, const XML_Char *atttype,
+                   const XML_Char *dflt, int isrequired) {
+  (void)userData;
+  TouchString(elname);
+  TouchString(attname);
+  TouchString(atttype);
+  TouchString(dflt);
+  (void)isrequired;
+}
+
+static void XMLCALL
+XmlDeclHandler(void *userData, const XML_Char *version,
+               const XML_Char *encoding, int standalone) {
+  (void)userData;
+  TouchString(version);
+  TouchString(encoding);
+  (void)standalone;
+}
+
+static void XMLCALL
+StartElementHandler(void *userData, const XML_Char *name,
+                    const XML_Char **atts) {
+  (void)userData;
+  TouchString(name);
+  for (size_t i = 0; atts[i] != NULL; ++i) {
+    TouchString(atts[i]);
+  }
+}
+
+static void XMLCALL
+EndElementHandler(void *userData, const XML_Char *name) {
+  (void)userData;
+  TouchString(name);
+}
+
+static void XMLCALL
+CharacterDataHandler(void *userData, const XML_Char *s, int len) {
+  (void)userData;
+  TouchString(s, len);
+}
+
+static void XMLCALL
+ProcessingInstructionHandler(void *userData, const XML_Char *target,
+                             const XML_Char *data) {
+  (void)userData;
+  TouchString(target);
+  TouchString(data);
+}
+
+static void XMLCALL
+CommentHandler(void *userData, const XML_Char *data) {
+  TouchString(data);
+  // Use the comment handler to trigger parser suspend, so that we can get
+  // coverage of that code.
+  XML_StopParser((XML_Parser)userData, XML_TRUE);
+}
+
+static void XMLCALL
+StartCdataSectionHandler(void *userData) {
+  (void)userData;
+}
+
+static void XMLCALL
+EndCdataSectionHandler(void *userData) {
+  (void)userData;
+}
+
+static void XMLCALL
+DefaultHandler(void *userData, const XML_Char *s, int len) {
+  (void)userData;
+  TouchString(s, len);
+}
+
+static void XMLCALL
+StartDoctypeDeclHandler(void *userData, const XML_Char *doctypeName,
+                        const XML_Char *sysid, const XML_Char *pubid,
+                        int has_internal_subset) {
+  (void)userData;
+  TouchString(doctypeName);
+  TouchString(sysid);
+  TouchString(pubid);
+  (void)has_internal_subset;
+}
+
+static void XMLCALL
+EndDoctypeDeclHandler(void *userData) {
+  (void)userData;
+}
+
+static void XMLCALL
+EntityDeclHandler(void *userData, const XML_Char *entityName,
+                  int is_parameter_entity, const XML_Char *value,
+                  int value_length, const XML_Char *base,
+                  const XML_Char *systemId, const XML_Char *publicId,
+                  const XML_Char *notationName) {
+  (void)userData;
+  TouchString(entityName);
+  (void)is_parameter_entity;
+  TouchString(value, value_length);
+  TouchString(base);
+  TouchString(systemId);
+  TouchString(publicId);
+  TouchString(notationName);
+}
+
+static void XMLCALL
+NotationDeclHandler(void *userData, const XML_Char *notationName,
+                    const XML_Char *base, const XML_Char *systemId,
+                    const XML_Char *publicId) {
+  (void)userData;
+  TouchString(notationName);
+  TouchString(base);
+  TouchString(systemId);
+  TouchString(publicId);
+}
+
+static void XMLCALL
+StartNamespaceDeclHandler(void *userData, const XML_Char *prefix,
+                          const XML_Char *uri) {
+  (void)userData;
+  TouchString(prefix);
+  TouchString(uri);
+}
+
+static void XMLCALL
+EndNamespaceDeclHandler(void *userData, const XML_Char *prefix) {
+  (void)userData;
+  TouchString(prefix);
+}
+
+static int XMLCALL
+NotStandaloneHandler(void *userData) {
+  (void)userData;
+  return XML_STATUS_OK;
+}
+
+static int XMLCALL
+ExternalEntityRefHandler(XML_Parser parser, const XML_Char *context,
+                         const XML_Char *base, const XML_Char *systemId,
+                         const XML_Char *publicId) {
+  int rc = XML_STATUS_ERROR;
+  TouchString(context);
+  TouchString(base);
+  TouchString(systemId);
+  TouchString(publicId);
+
+  if (g_external_entity) {
+    XML_Parser ext_parser
+        = XML_ExternalEntityParserCreate(parser, context, g_encoding);
+    rc = Parse(ext_parser, g_external_entity, g_external_entity_size, 1);
+    XML_ParserFree(ext_parser);
+  }
+
+  return rc;
+}
+
+static void XMLCALL
+SkippedEntityHandler(void *userData, const XML_Char *entityName,
+                     int is_parameter_entity) {
+  (void)userData;
+  TouchString(entityName);
+  (void)is_parameter_entity;
+}
+
+static int XMLCALL
+UnknownEncodingHandler(void *encodingHandlerData, const XML_Char *name,
+                       XML_Encoding *info) {
+  (void)encodingHandlerData;
+  TouchString(name);
+  (void)info;
+  return XML_STATUS_ERROR;
+}
+
+void
+InitializeParser(XML_Parser parser) {
+  XML_SetUserData(parser, (void *)parser);
+  XML_SetHashSalt(parser, 0x41414141);
+  XML_SetParamEntityParsing(parser, XML_PARAM_ENTITY_PARSING_ALWAYS);
+
+  XML_SetElementDeclHandler(parser, ElementDeclHandler);
+  XML_SetAttlistDeclHandler(parser, AttlistDeclHandler);
+  XML_SetXmlDeclHandler(parser, XmlDeclHandler);
+  XML_SetElementHandler(parser, StartElementHandler, EndElementHandler);
+  XML_SetCharacterDataHandler(parser, CharacterDataHandler);
+  XML_SetProcessingInstructionHandler(parser, ProcessingInstructionHandler);
+  XML_SetCommentHandler(parser, CommentHandler);
+  XML_SetCdataSectionHandler(parser, StartCdataSectionHandler,
+                             EndCdataSectionHandler);
+  // XML_SetDefaultHandler disables entity expansion
+  XML_SetDefaultHandlerExpand(parser, DefaultHandler);
+  XML_SetDoctypeDeclHandler(parser, StartDoctypeDeclHandler,
+                            EndDoctypeDeclHandler);
+  // Note: This is mutually exclusive with XML_SetUnparsedEntityDeclHandler,
+  //       and there isn't any significant code change between the two.
+  XML_SetEntityDeclHandler(parser, EntityDeclHandler);
+  XML_SetNotationDeclHandler(parser, NotationDeclHandler);
+  XML_SetNamespaceDeclHandler(parser, StartNamespaceDeclHandler,
+                              EndNamespaceDeclHandler);
+  XML_SetNotStandaloneHandler(parser, NotStandaloneHandler);
+  XML_SetExternalEntityRefHandler(parser, ExternalEntityRefHandler);
+  XML_SetSkippedEntityHandler(parser, SkippedEntityHandler);
+  XML_SetUnknownEncodingHandler(parser, UnknownEncodingHandler, (void *)parser);
+}
+
+DEFINE_TEXT_PROTO_FUZZER(const xml_lpm_fuzzer::Testcase &testcase) {
+  g_external_entity = nullptr;
+
+  if (! testcase.actions_size()) {
+    return;
+  }
+
+  g_allocation_count = 0;
+  g_fail_allocations.clear();
+  for (int i = 0; i < testcase.fail_allocations_size(); ++i) {
+    g_fail_allocations.push_back(testcase.fail_allocations(i));
+  }
+
+  SetEncoding(testcase.encoding());
+  XML_Parser parser
+      = XML_ParserCreate_MM(g_encoding, &memory_handling_suite, "|");
+  InitializeParser(parser);
+
+  for (int i = 0; i < testcase.actions_size(); ++i) {
+    const auto &action = testcase.actions(i);
+    switch (action.action_case()) {
+    case xml_lpm_fuzzer::Action::kChunk:
+      if (XML_STATUS_ERROR
+          == Parse(parser, action.chunk().data(), action.chunk().size(), 0)) {
+        // Force a reset after parse error.
+        XML_ParserReset(parser, g_encoding);
+        InitializeParser(parser);
+      }
+      break;
+
+    case xml_lpm_fuzzer::Action::kLastChunk:
+      Parse(parser, action.last_chunk().data(), action.last_chunk().size(), 1);
+      XML_ParserReset(parser, g_encoding);
+      InitializeParser(parser);
+      break;
+
+    case xml_lpm_fuzzer::Action::kReset:
+      XML_ParserReset(parser, g_encoding);
+      InitializeParser(parser);
+      break;
+
+    case xml_lpm_fuzzer::Action::kExternalEntity:
+      g_external_entity = action.external_entity().data();
+      g_external_entity_size = action.external_entity().size();
+      break;
+
+    default:
+      break;
+    }
+  }
+
+  XML_ParserFree(parser);
+}
diff --git a/contrib/expat/fuzz/xml_lpm_fuzzer.proto b/contrib/expat/fuzz/xml_lpm_fuzzer.proto
new file mode 100644
index 000000000000..ddc4e958b919
--- /dev/null
+++ b/contrib/expat/fuzz/xml_lpm_fuzzer.proto
@@ -0,0 +1,58 @@
+/*
+                            __  __            _
+                         ___\ \/ /_ __   __ _| |_
+                        / _ \\  /| '_ \ / _` | __|
+                       |  __//  \| |_) | (_| | |_
+                        \___/_/\_\ .__/ \__,_|\__|
+                                 |_| XML parser
+
+   Copyright (c) 2022 Mark Brand <markbrand@google.com>
+   Copyright (c) 2025 Sebastian Pipping <sebastian@pipping.org>
+   Licensed under the MIT license:
+
+   Permission is  hereby granted,  free of charge,  to any  person obtaining
+   a  copy  of  this  software   and  associated  documentation  files  (the
+   "Software"),  to  deal in  the  Software  without restriction,  including
+   without  limitation the  rights  to use,  copy,  modify, merge,  publish,
+   distribute, sublicense, and/or sell copies of the Software, and to permit
+   persons  to whom  the Software  is  furnished to  do so,  subject to  the
+   following conditions:
+
+   The above copyright  notice and this permission notice  shall be included
+   in all copies or substantial portions of the Software.
+
+   THE  SOFTWARE  IS  PROVIDED  "AS  IS",  WITHOUT  WARRANTY  OF  ANY  KIND,
+   EXPRESS  OR IMPLIED,  INCLUDING  BUT  NOT LIMITED  TO  THE WARRANTIES  OF
+   MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+   NO EVENT SHALL THE AUTHORS OR  COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+   DAMAGES OR  OTHER LIABILITY, WHETHER  IN AN  ACTION OF CONTRACT,  TORT OR
+   OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+   USE OR OTHER DEALINGS IN THE SOFTWARE.
+*/
+
+syntax = "proto2";
+package xml_lpm_fuzzer;
+
+enum Encoding {
+  UTF8 = 0;
+  UTF16 = 1;
+  ISO88591 = 2;
+  ASCII = 3;
+  UNKNOWN = 4;
+  NONE = 5;
+}
+
+message Action {
+  oneof action {
+    string chunk = 1;
+    string last_chunk = 2;
+    bool reset = 3;
+    string external_entity = 4;
+  }
+}
+
+message Testcase {
+  required Encoding encoding = 1;
+  repeated Action actions = 2;
+  repeated int32 fail_allocations = 3;
+}
diff --git a/contrib/expat/fuzz/xml_parse_fuzzer.c b/contrib/expat/fuzz/xml_parse_fuzzer.c
index a7e8414ce355..6a1affe2b1f6 100644
--- a/contrib/expat/fuzz/xml_parse_fuzzer.c
+++ b/contrib/expat/fuzz/xml_parse_fuzzer.c
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/contrib/expat/fuzz/xml_parsebuffer_fuzzer.c b/contrib/expat/fuzz/xml_parsebuffer_fuzzer.c
index 0327aa9f952e..cfc4af202851 100644
--- a/contrib/expat/fuzz/xml_parsebuffer_fuzzer.c
+++ b/contrib/expat/fuzz/xml_parsebuffer_fuzzer.c
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/contrib/expat/lib/expat.h b/contrib/expat/lib/expat.h
index 523b37d8d578..610e1ddc0e94 100644
*** 2251 LINES SKIPPED ***

From nobody Sat Apr  5 03:19:42 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZV11C10hBz5ssg9;
	Sat, 05 Apr 2025 03:19:43 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZV11C0Y4Dz3LqH;
	Sat, 05 Apr 2025 03:19:43 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743823183;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=jvEB8FdrliFExvM0a9h/+HILk1m0xpW6dZVlLcWh3sE=;
	b=PhyVXO9x4Y6+dk1WYxpcHmlxcP2doNYidaGmogNz4YIDQwykyxWUBhdTc9RegLkr+oGMDD
	rdOpYWQVXZAfXdMXk6CC7u0noij4sZ2xmj8ntKaep9Z7Hvn0+52GwOH+DwfMWkO6LH8/4D
	MpSMMWs7bOiC3XHPuDpITxZ+23LaiDkUkrCX2K+uuYV11Fv2MtOO89mH5YQf6Valoqth+C
	uLbMnMN13njj+ZuSgBYYYJ3yAaWK4eAMIUl0QZWxygc/afEb1NFiDjcLLJE9XNY7LmtxUh
	BbeKe0Bu2kpEnpDPCM0yCmNLn2/DyqXjc+m6qqeCM3EAE83AweuUve/0Im6knQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743823183; a=rsa-sha256; cv=none;
	b=HBHWIdW46E2XD0DVvNDC1+8am4n7IXqCbB5U42Io08Ysn9aYCLZyntJNXrjMPFnpJbX+fK
	aZVqpm0gcCJvxRRHuchZxqRV2Pg5z/6N1EVUbUBrJo2hc9T+P7Hhod2TI8y5H0EXK2yO1X
	PAuf8ArNrlsgvo/XyL/3IBd4C+lN94MjrwOf5znaYrrFOhxYD0TEJ8q9SzE8P5fhFKxTkm
	4kuigSoZW2QDudO4z4szFgD9Tqh6mgQvhrNwOPFLyV3k9T7fsVtsfQswKMpOKA7oBNK0U8
	yavRPXg6YC30PvJCWCvty4C7utAnglFSLUAPID+wtrpwAIl4BmXKVIr1+NGcSQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743823183;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=jvEB8FdrliFExvM0a9h/+HILk1m0xpW6dZVlLcWh3sE=;
	b=ZvHnIxVV6Uj8BMlm7t6t5hjmV8N7+2d98l5cs7ahK6ElogSVw63kSDlai1S8Q1iRqGZL+S
	lwuxU+q6Ki9NbN3zT0Qq+sQ99hZpots0naMYsav7EX29txNdYjZE7llTWATcPaVQGCRYNf
	gi/j5pcD9PQA3iFSGjPd1JAFhV2agC5kOXwWr/izQznyMuG3pK+9mbCA6frkYHXoJU4z1r
	JIlTzp86h8gUlAXK8Dg8OFcymy+NvSKX+DGpioInz6ZFOIeJId44PaxYeEOS78WfFzx0WF
	XxOQUPQB+lV/h5esd9zgVabRpb2dUsRp9TR50aiWKzY/iDAYWKi9WN02cp1oNQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZV11B73sSz1DDs;
	Sat, 05 Apr 2025 03:19:42 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5353JgPW095526;
	Sat, 5 Apr 2025 03:19:42 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5353Jgi6095523;
	Sat, 5 Apr 2025 03:19:42 GMT
	(envelope-from git)
Date: Sat, 5 Apr 2025 03:19:42 GMT
Message-Id: <202504050319.5353Jgi6095523@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Philip Paeps <philip@FreeBSD.org>
Subject: git: 41b768ae1970 - stable/13 - contrib/expat: import expat
  2.7.1
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: philip
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 41b768ae1970ed484abaaea401453c3902df93c2
Auto-Submitted: auto-generated

The branch stable/13 has been updated by philip:

URL: https://cgit.FreeBSD.org/src/commit/?id=41b768ae1970ed484abaaea401453c3902df93c2

commit 41b768ae1970ed484abaaea401453c3902df93c2
Author:     Philip Paeps <philip@FreeBSD.org>
AuthorDate: 2025-04-02 08:56:02 +0000
Commit:     Philip Paeps <philip@FreeBSD.org>
CommitDate: 2025-04-05 03:19:08 +0000

    contrib/expat: import expat 2.7.1
    
    Changes: https://github.com/libexpat/libexpat/blob/R_2_7_1/expat/Changes
             https://github.com/libexpat/libexpat/blob/R_2_7_0/expat/Changes
    
    Security:       CVE-2024-8176
    
    (cherry picked from commit fe9278888fd4414abe2d922e469cf608005f4c65)
---
 contrib/expat/COPYING                       |   2 +-
 contrib/expat/Changes                       | 123 +++++-
 contrib/expat/Makefile.am                   |   4 +-
 contrib/expat/Makefile.in                   |   4 +-
 contrib/expat/README.md                     |  18 +-
 contrib/expat/configure.ac                  |   4 +-
 contrib/expat/doc/reference.html            |   9 +-
 contrib/expat/doc/xmlwf.1                   |   2 +-
 contrib/expat/doc/xmlwf.xml                 |   4 +-
 contrib/expat/fuzz/xml_lpm_fuzzer.cpp       | 464 ++++++++++++++++++++++
 contrib/expat/fuzz/xml_lpm_fuzzer.proto     |  58 +++
 contrib/expat/fuzz/xml_parse_fuzzer.c       |   2 +-
 contrib/expat/fuzz/xml_parsebuffer_fuzzer.c |   2 +-
 contrib/expat/lib/expat.h                   |   6 +-
 contrib/expat/lib/internal.h                |   5 +-
 contrib/expat/lib/xmlparse.c                | 586 ++++++++++++++++++++--------
 contrib/expat/tests/acc_tests.c             |   5 +-
 contrib/expat/tests/alloc_tests.c           |  27 ++
 contrib/expat/tests/basic_tests.c           | 331 +++++++++++++++-
 contrib/expat/tests/benchmark/benchmark.c   |  57 ++-
 contrib/expat/tests/common.c                |  33 +-
 contrib/expat/tests/common.h                |   4 +-
 contrib/expat/tests/handlers.c              |  23 ++
 contrib/expat/tests/handlers.h              |   9 +
 contrib/expat/tests/minicheck.h             |   6 +-
 contrib/expat/tests/misc_tests.c            | 247 ++++++++++--
 contrib/expat/tests/xmltest.sh              |   5 +-
 contrib/expat/xmlwf/readfilemap.c           |   3 +-
 28 files changed, 1779 insertions(+), 264 deletions(-)

diff --git a/contrib/expat/COPYING b/contrib/expat/COPYING
index ce9e5939291e..c6d184a8aae8 100644
--- a/contrib/expat/COPYING
+++ b/contrib/expat/COPYING
@@ -1,5 +1,5 @@
 Copyright (c) 1998-2000 Thai Open Source Software Center Ltd and Clark Cooper
-Copyright (c) 2001-2022 Expat maintainers
+Copyright (c) 2001-2025 Expat maintainers
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
diff --git a/contrib/expat/Changes b/contrib/expat/Changes
index aa19f70ae219..9d6c64b6a460 100644
--- a/contrib/expat/Changes
+++ b/contrib/expat/Changes
@@ -11,16 +11,23 @@
 !! The following topics need *additional skilled C developers* to progress   !!
 !! in a timely manner or at all (loosely ordered by descending priority):    !!
 !!                                                                           !!
-!! - <blink>fixing a complex non-public security issue</blink>,              !!
 !! - teaming up on researching and fixing future security reports and        !!
 !!   ClusterFuzz findings with few-days-max response times in communication  !!
 !!   in order to (1) have a sound fix ready before the end of a 90 days      !!
 !!   grace period and (2) in a sustainable manner,                           !!
+!! - helping CPython Expat bindings with supporting Expat's billion laughs   !!
+!!   attack protection API (https://github.com/python/cpython/issues/90949): !!
+!!   - XML_SetBillionLaughsAttackProtectionActivationThreshold               !!
+!!   - XML_SetBillionLaughsAttackProtectionMaximumAmplification              !!
+!! - helping Perl's XML::Parser Expat bindings with supporting Expat's       !!
+!!   security API (https://github.com/cpan-authors/XML-Parser/issues/102):   !!
+!!   - XML_SetBillionLaughsAttackProtectionActivationThreshold               !!
+!!   - XML_SetBillionLaughsAttackProtectionMaximumAmplification              !!
+!!   - XML_SetReparseDeferralEnabled                                         !!
 !! - implementing and auto-testing XML 1.0r5 support                         !!
 !!   (needs discussion before pull requests),                                !!
 !! - smart ideas on fixing the Autotools CMake files generation issue        !!
 !!   without breaking CI (needs discussion before pull requests),            !!
-!! - the Windows binaries topic (needs requirements engineering first),      !!
 !! - pushing migration from `int` to `size_t` further                        !!
 !!   including edge-cases test coverage (needs discussion before anything).  !!
 !!                                                                           !!
@@ -30,6 +37,116 @@
 !! THANK YOU!                        Sebastian Pipping -- Berlin, 2024-03-09 !!
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
+Release 2.7.1 Thu March 27 2025
+        Bug fixes:
+       #980 #989  Restore event pointer behavior from Expat 2.6.4
+                    (that the fix to CVE-2024-8176 changed in 2.7.0);
+                    affected API functions are:
+                    - XML_GetCurrentByteCount
+                    - XML_GetCurrentByteIndex
+                    - XML_GetCurrentColumnNumber
+                    - XML_GetCurrentLineNumber
+                    - XML_GetInputContext
+
+        Other changes:
+       #976 #977  Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}"
+                    with Automake that were missing from 2.7.0 release tarballs
+       #983 #984  Fix printf format specifiers for 32bit Emscripten
+            #992  docs: Promote OpenSSF Best Practices self-certification
+            #978  tests/benchmark: Resolve mistaken double close
+            #986  Address compiler warnings
+       #990 #993  Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
+                    to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
+                    for what these numbers do
+
+        Infrastructure:
+            #982  CI: Start running Perl XML::Parser integration tests
+            #987  CI: Enforce Clang Static Analyzer clean code
+            #991  CI: Re-enable warning clang-analyzer-valist.Uninitialized
+                    for clang-tidy
+            #981  CI: Cover compilation with musl
+       #983 #984  CI: Cover compilation with 32bit Emscripten
+       #976 #977  CI: Protect against fuzzer files missing from future
+                    release archives
+
+        Special thanks to:
+            Berkay Eren Ürün
+            Matthew Fernandez
+                 and
+            Perl XML::Parser
+
+Release 2.7.0 Thu March 13 2025
+        Security fixes:
+       #893 #973  CVE-2024-8176 -- Fix crash from chaining a large number
+                    of entities caused by stack overflow by resolving use of
+                    recursion, for all three uses of entities:
+                    - general entities in character data ("<e>&g1;</e>")
+                    - general entities in attribute values ("<e k1='&g1;'/>")
+                    - parameter entities ("%p1;")
+                    Known impact is (reliable and easy) denial of service:
+                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
+                    (Base Score: 7.5, Temporal Score: 7.2)
+                    Please note that a layer of compression around XML can
+                    significantly reduce the minimum attack payload size.
+
+        Other changes:
+       #935 #937  Autotools: Make generated CMake files look for
+                    libexpat.@SO_MAJOR@.dylib on macOS
+            #925  Autotools: Sync CMake templates with CMake 3.29
+  #945 #962 #966  CMake: Drop support for CMake <3.13
+            #942  CMake: Small fuzzing related improvements
+            #921  docs: Add missing documentation of error code
+                    XML_ERROR_NOT_STARTED that was introduced with 2.6.4
+            #941  docs: Document need for C++11 compiler for use from C++
+            #959  tests/benchmark: Fix a (harmless) TOCTTOU
+            #944  Windows: Fix installer target location of file xmlwf.xml
+                    for CMake
+            #953  Windows: Address warning -Wunknown-warning-option
+                    about -Wno-pedantic-ms-format from LLVM MinGW
+            #971  Address Cppcheck warnings
+       #969 #970  Mass-migrate links from http:// to https://
+    #947 #958 ..
+       #974 #975  Document changes since the previous release
+       #974 #975  Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
+                    to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
+                    for what these numbers do
+
+        Infrastructure:
+            #926  tests: Increase robustness
+    #927 #932 ..
+       #930 #933  tests: Increase test coverage
+    #617 #950 ..
+    #951 #952 ..
+    #954 #955 ..  Fuzzing: Add new fuzzer "xml_lpm_fuzzer" based on
+            #961    Google's libprotobuf-mutator ("LPM")
+            #957  Fuzzing|CI: Start producing fuzzing code coverage reports
+            #936  CI: Pass -q -q for LCOV >=2.1 in coverage.sh
+            #942  CI: Small fuzzing related improvements
+    #139 #203 ..
+       #791 #946  CI: Make GitHub Actions build using MSVC on Windows and
+                      produce 32bit and 64bit Windows binaries
+            #956  CI: Get off of about-to-be-removed Ubuntu 20.04
+       #960 #964  CI: Start uploading to Coverity Scan for static analysis
+            #972  CI: Stop loading DTD from the internet to address flaky CI
+            #971  CI: Adapt to breaking changes in Cppcheck
+
+        Special thanks to:
+            Alexander Gieringer
+            Berkay Eren Ürün
+            Hanno Böck
+            Jann Horn
+            Mark Brand
+            Sebastian Andrzej Siewior
+            Snild Dolkow
+            Thomas Pröll
+            Tomas Korbar
+            valord577
+                 and
+            Google Project Zero
+            Linutronix
+            Red Hat
+            Siemens
+
 Release 2.6.4 Wed November 6 2024
         Security fixes:
             #915  CVE-2024-50602 -- Fix crash within function XML_ResumeParser
@@ -46,6 +163,8 @@ Release 2.6.4 Wed November 6 2024
             #904  tests: Resolve duplicate handler
        #317 #918  tests: Improve tests on doctype closing (ex CVE-2019-15903)
             #914  Fix signedness of format strings
+            #915  For use from C++, expat.h started requiring C++11 due to
+                    use of C99 features
        #919 #920  Version info bumped from 10:3:9 (libexpat*.so.1.9.3)
                     to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/
                     for what these numbers do
diff --git a/contrib/expat/Makefile.am b/contrib/expat/Makefile.am
index 7d8e17c2cf86..c20531a8d6c6 100644
--- a/contrib/expat/Makefile.am
+++ b/contrib/expat/Makefile.am
@@ -6,7 +6,7 @@
 #                      \___/_/\_\ .__/ \__,_|\__|
 #                               |_| XML parser
 #
-# Copyright (c) 2017-2023 Sebastian Pipping <sebastian@pipping.org>
+# Copyright (c) 2017-2025 Sebastian Pipping <sebastian@pipping.org>
 # Copyright (c) 2018      KangLin <kl222@126.com>
 # Copyright (c) 2022      Johnny Jazeix <jazeix@gmail.com>
 # Copyright (c) 2023      Sony Corporation / Snild Dolkow <snild@sony.com>
@@ -96,6 +96,8 @@ EXTRA_DIST = \
     conftools/expat.m4 \
     conftools/get-version.sh \
     \
+    fuzz/xml_lpm_fuzzer.cpp \
+    fuzz/xml_lpm_fuzzer.proto \
     fuzz/xml_parsebuffer_fuzzer.c \
     fuzz/xml_parse_fuzzer.c \
     \
diff --git a/contrib/expat/Makefile.in b/contrib/expat/Makefile.in
index c0fcb5dd05d1..069ec4047eea 100644
--- a/contrib/expat/Makefile.in
+++ b/contrib/expat/Makefile.in
@@ -22,7 +22,7 @@
 #                      \___/_/\_\ .__/ \__,_|\__|
 #                               |_| XML parser
 #
-# Copyright (c) 2017-2023 Sebastian Pipping <sebastian@pipping.org>
+# Copyright (c) 2017-2025 Sebastian Pipping <sebastian@pipping.org>
 # Copyright (c) 2018      KangLin <kl222@126.com>
 # Copyright (c) 2022      Johnny Jazeix <jazeix@gmail.com>
 # Copyright (c) 2023      Sony Corporation / Snild Dolkow <snild@sony.com>
@@ -494,6 +494,8 @@ EXTRA_DIST = \
     conftools/expat.m4 \
     conftools/get-version.sh \
     \
+    fuzz/xml_lpm_fuzzer.cpp \
+    fuzz/xml_lpm_fuzzer.proto \
     fuzz/xml_parsebuffer_fuzzer.c \
     fuzz/xml_parse_fuzzer.c \
     \
diff --git a/contrib/expat/README.md b/contrib/expat/README.md
index 23d26dad2b92..77c6bf27d307 100644
--- a/contrib/expat/README.md
+++ b/contrib/expat/README.md
@@ -3,6 +3,7 @@
 [![Packaging status](https://repology.org/badge/tiny-repos/expat.svg)](https://repology.org/metapackage/expat/versions)
 [![Downloads SourceForge](https://img.shields.io/sourceforge/dt/expat?label=Downloads%20SourceForge)](https://sourceforge.net/projects/expat/files/)
 [![Downloads GitHub](https://img.shields.io/github/downloads/libexpat/libexpat/total?label=Downloads%20GitHub)](https://github.com/libexpat/libexpat/releases)
+[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/10205/badge)](https://www.bestpractices.dev/projects/10205)
 
 > [!CAUTION]
 >
@@ -11,7 +12,7 @@
 > at the top of the `Changes` file.
 
 
-# Expat, Release 2.6.4
+# Expat, Release 2.7.1
 
 This is Expat, a C99 library for parsing
 [XML 1.0 Fourth Edition](https://www.w3.org/TR/2006/REC-xml-20060816/), started by
@@ -22,9 +23,9 @@ are called when the parser discovers the associated structures in the
 document being parsed.  A start tag is an example of the kind of
 structures for which you may register handlers.
 
-Expat supports the following compilers:
+Expat supports the following C99 compilers:
 
-- GNU GCC >=4.5
+- GNU GCC >=4.5 (for use from C) or GNU GCC >=4.8.1 (for use from C++)
 - LLVM Clang >=3.5
 - Microsoft Visual Studio >=16.0/2019 (rolling `${today} minus 5 years`)
 
@@ -52,7 +53,7 @@ This approach leverages CMake's own [module `FindEXPAT`](https://cmake.org/cmake
 Notice the *uppercase* `EXPAT` in the following example:
 
 ```cmake
-cmake_minimum_required(VERSION 3.0)  # or 3.10, see below
+cmake_minimum_required(VERSION 3.10)
 
 project(hello VERSION 1.0.0)
 
@@ -62,12 +63,7 @@ add_executable(hello
     hello.c
 )
 
-# a) for CMake >=3.10 (see CMake's FindEXPAT docs)
 target_link_libraries(hello PUBLIC EXPAT::EXPAT)
-
-# b) for CMake >=3.0
-target_include_directories(hello PRIVATE ${EXPAT_INCLUDE_DIRS})
-target_link_libraries(hello PUBLIC ${EXPAT_LIBRARIES})
 ```
 
 ### b) `find_package` with Config Mode
@@ -85,7 +81,7 @@ or
 Notice the *lowercase* `expat` in the following example:
 
 ```cmake
-cmake_minimum_required(VERSION 3.0)
+cmake_minimum_required(VERSION 3.10)
 
 project(hello VERSION 1.0.0)
 
@@ -295,7 +291,7 @@ EXPAT_ENABLE_INSTALL:BOOL=ON
 // Use /MT flag (static CRT) when compiling in MSVC
 EXPAT_MSVC_STATIC_CRT:BOOL=OFF
 
-// Build fuzzers via ossfuzz for the expat library
+// Build fuzzers via OSS-Fuzz for the expat library
 EXPAT_OSSFUZZ_BUILD:BOOL=OFF
 
 // Build a shared expat library
diff --git a/contrib/expat/configure.ac b/contrib/expat/configure.ac
index fffcd125e9c4..0c88b8867019 100644
--- a/contrib/expat/configure.ac
+++ b/contrib/expat/configure.ac
@@ -11,7 +11,7 @@ dnl   Copyright (c) 2000      Clark Cooper <coopercc@users.sourceforge.net>
 dnl   Copyright (c) 2000-2005 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
 dnl   Copyright (c) 2001-2003 Greg Stein <gstein@users.sourceforge.net>
 dnl   Copyright (c) 2006-2012 Karl Waclawek <karl@waclawek.net>
-dnl   Copyright (c) 2016-2024 Sebastian Pipping <sebastian@pipping.org>
+dnl   Copyright (c) 2016-2025 Sebastian Pipping <sebastian@pipping.org>
 dnl   Copyright (c) 2017      S. P. Zeidler <spz@netbsd.org>
 dnl   Copyright (c) 2017      Stephen Groat <stephen@groat.us>
 dnl   Copyright (c) 2017-2020 Joe Orton <jorton@redhat.com>
@@ -85,7 +85,7 @@ dnl If the API changes incompatibly set LIBAGE back to 0
 dnl
 
 LIBCURRENT=11  # sync
-LIBREVISION=0  # with
+LIBREVISION=2  # with
 LIBAGE=10      # CMakeLists.txt!
 
 AC_CONFIG_HEADERS([expat_config.h])
diff --git a/contrib/expat/doc/reference.html b/contrib/expat/doc/reference.html
index c2ae9bb71431..2b3bd39580a9 100644
--- a/contrib/expat/doc/reference.html
+++ b/contrib/expat/doc/reference.html
@@ -14,7 +14,7 @@
    Copyright (c) 2000      Clark Cooper <coopercc@users.sourceforge.net>
    Copyright (c) 2000-2004 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
    Copyright (c) 2002-2012 Karl Waclawek <karl@waclawek.net>
-   Copyright (c) 2017-2024 Sebastian Pipping <sebastian@pipping.org>
+   Copyright (c) 2017-2025 Sebastian Pipping <sebastian@pipping.org>
    Copyright (c) 2017      Jakub Wilk <jwilk@jwilk.net>
    Copyright (c) 2021      Tomas Korbar <tkorbar@redhat.com>
    Copyright (c) 2021      Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
@@ -52,7 +52,7 @@
   <div>
     <h1>
       The Expat XML Parser
-      <small>Release 2.6.4</small>
+      <small>Release 2.7.1</small>
     </h1>
   </div>
 <div class="content">
@@ -1267,6 +1267,11 @@ call-backs, except when parsing an external parameter entity and
 <code>XML_STATUS_ERROR</code> otherwise.  The possible error codes
 are:</p>
 <dl>
+  <dt><code>XML_ERROR_NOT_STARTED</code></dt>
+  <dd>
+    when stopping or suspending a parser before it has started,
+    added in Expat 2.6.4.
+  </dd>
   <dt><code>XML_ERROR_SUSPENDED</code></dt>
   <dd>when suspending an already suspended parser.</dd>
   <dt><code>XML_ERROR_FINISHED</code></dt>
diff --git a/contrib/expat/doc/xmlwf.1 b/contrib/expat/doc/xmlwf.1
index 61b302581ce9..76aa7e30d074 100644
--- a/contrib/expat/doc/xmlwf.1
+++ b/contrib/expat/doc/xmlwf.1
@@ -5,7 +5,7 @@
 \\$2 \(la\\$1\(ra\\$3
 ..
 .if \n(.g .mso www.tmac
-.TH XMLWF 1 "November 6, 2024" "" ""
+.TH XMLWF 1 "March 27, 2025" "" ""
 .SH NAME
 xmlwf \- Determines if an XML document is well-formed
 .SH SYNOPSIS
diff --git a/contrib/expat/doc/xmlwf.xml b/contrib/expat/doc/xmlwf.xml
index cf6d984af463..17e9cf51c191 100644
--- a/contrib/expat/doc/xmlwf.xml
+++ b/contrib/expat/doc/xmlwf.xml
@@ -9,7 +9,7 @@
    Copyright (c) 2001      Scott Bronson <bronson@rinspin.com>
    Copyright (c) 2002-2003 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
    Copyright (c) 2009      Karl Waclawek <karl@waclawek.net>
-   Copyright (c) 2016-2024 Sebastian Pipping <sebastian@pipping.org>
+   Copyright (c) 2016-2025 Sebastian Pipping <sebastian@pipping.org>
    Copyright (c) 2016      Ardo van Rangelrooij <ardo@debian.org>
    Copyright (c) 2017      Rhodri James <rhodri@wildebeest.org.uk>
    Copyright (c) 2020      Joe Orton <jorton@redhat.com>
@@ -21,7 +21,7 @@
           "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
   <!ENTITY dhfirstname "<firstname>Scott</firstname>">
   <!ENTITY dhsurname   "<surname>Bronson</surname>">
-  <!ENTITY dhdate      "<date>November 6, 2024</date>">
+  <!ENTITY dhdate      "<date>March 27, 2025</date>">
   <!-- Please adjust this^^ date whenever cutting a new release. -->
   <!ENTITY dhsection   "<manvolnum>1</manvolnum>">
   <!ENTITY dhemail     "<email>bronson@rinspin.com</email>">
diff --git a/contrib/expat/fuzz/xml_lpm_fuzzer.cpp b/contrib/expat/fuzz/xml_lpm_fuzzer.cpp
new file mode 100644
index 000000000000..f52ea7b21e40
--- /dev/null
+++ b/contrib/expat/fuzz/xml_lpm_fuzzer.cpp
@@ -0,0 +1,464 @@
+/*
+                            __  __            _
+                         ___\ \/ /_ __   __ _| |_
+                        / _ \\  /| '_ \ / _` | __|
+                       |  __//  \| |_) | (_| | |_
+                        \___/_/\_\ .__/ \__,_|\__|
+                                 |_| XML parser
+
+   Copyright (c) 2022 Mark Brand <markbrand@google.com>
+   Copyright (c) 2025 Sebastian Pipping <sebastian@pipping.org>
+   Licensed under the MIT license:
+
+   Permission is  hereby granted,  free of charge,  to any  person obtaining
+   a  copy  of  this  software   and  associated  documentation  files  (the
+   "Software"),  to  deal in  the  Software  without restriction,  including
+   without  limitation the  rights  to use,  copy,  modify, merge,  publish,
+   distribute, sublicense, and/or sell copies of the Software, and to permit
+   persons  to whom  the Software  is  furnished to  do so,  subject to  the
+   following conditions:
+
+   The above copyright  notice and this permission notice  shall be included
+   in all copies or substantial portions of the Software.
+
+   THE  SOFTWARE  IS  PROVIDED  "AS  IS",  WITHOUT  WARRANTY  OF  ANY  KIND,
+   EXPRESS  OR IMPLIED,  INCLUDING  BUT  NOT LIMITED  TO  THE WARRANTIES  OF
+   MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+   NO EVENT SHALL THE AUTHORS OR  COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+   DAMAGES OR  OTHER LIABILITY, WHETHER  IN AN  ACTION OF CONTRACT,  TORT OR
+   OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+   USE OR OTHER DEALINGS IN THE SOFTWARE.
+*/
+
+#if defined(NDEBUG)
+#  undef NDEBUG // because checks below rely on assert(...)
+#endif
+
+#include <assert.h>
+#include <stdint.h>
+#include <vector>
+
+#include "expat.h"
+#include "xml_lpm_fuzzer.pb.h"
+#include "src/libfuzzer/libfuzzer_macro.h"
+
+static const char *g_encoding = nullptr;
+static const char *g_external_entity = nullptr;
+static size_t g_external_entity_size = 0;
+
+void
+SetEncoding(const xml_lpm_fuzzer::Encoding &e) {
+  switch (e) {
+  case xml_lpm_fuzzer::Encoding::UTF8:
+    g_encoding = "UTF-8";
+    break;
+
+  case xml_lpm_fuzzer::Encoding::UTF16:
+    g_encoding = "UTF-16";
+    break;
+
+  case xml_lpm_fuzzer::Encoding::ISO88591:
+    g_encoding = "ISO-8859-1";
+    break;
+
+  case xml_lpm_fuzzer::Encoding::ASCII:
+    g_encoding = "US-ASCII";
+    break;
+
+  case xml_lpm_fuzzer::Encoding::NONE:
+    g_encoding = NULL;
+    break;
+
+  default:
+    g_encoding = "UNKNOWN";
+    break;
+  }
+}
+
+static int g_allocation_count = 0;
+static std::vector<int> g_fail_allocations = {};
+
+void *
+MallocHook(size_t size) {
+  g_allocation_count += 1;
+  for (auto index : g_fail_allocations) {
+    if (index == g_allocation_count) {
+      return NULL;
+    }
+  }
+  return malloc(size);
+}
+
+void *
+ReallocHook(void *ptr, size_t size) {
+  g_allocation_count += 1;
+  for (auto index : g_fail_allocations) {
+    if (index == g_allocation_count) {
+      return NULL;
+    }
+  }
+  return realloc(ptr, size);
+}
+
+void
+FreeHook(void *ptr) {
+  free(ptr);
+}
+
+XML_Memory_Handling_Suite memory_handling_suite
+    = {MallocHook, ReallocHook, FreeHook};
+
+void InitializeParser(XML_Parser parser);
+
+// We want a parse function that supports resumption, so that we can cover the
+// suspend/resume code.
+enum XML_Status
+Parse(XML_Parser parser, const char *input, int input_len, int is_final) {
+  enum XML_Status status = XML_Parse(parser, input, input_len, is_final);
+  while (status == XML_STATUS_SUSPENDED) {
+    status = XML_ResumeParser(parser);
+  }
+  return status;
+}
+
+// When the fuzzer is compiled with instrumentation such as ASan, then the
+// accesses in TouchString will fault if they access invalid memory (ie. detect
+// either a use-after-free or buffer-overflow). By calling TouchString in each
+// of the callbacks, we can check that the arguments meet the API specifications
+// in terms of length/null-termination. no_optimize is used to ensure that the
+// compiler has to emit actual memory reads, instead of removing them.
+static volatile size_t no_optimize = 0;
+static void
+TouchString(const XML_Char *ptr, int len = -1) {
+  if (! ptr) {
+    return;
+  }
+
+  if (len == -1) {
+    for (XML_Char value = *ptr++; value; value = *ptr++) {
+      no_optimize += value;
+    }
+  } else {
+    for (int i = 0; i < len; ++i) {
+      no_optimize += ptr[i];
+    }
+  }
+}
+
+static void
+TouchNodeAndRecurse(XML_Content *content) {
+  switch (content->type) {
+  case XML_CTYPE_EMPTY:
+  case XML_CTYPE_ANY:
+    assert(content->quant == XML_CQUANT_NONE);
+    assert(content->name == NULL);
+    assert(content->numchildren == 0);
+    assert(content->children == NULL);
+    break;
+
+  case XML_CTYPE_MIXED:
+    assert(content->quant == XML_CQUANT_NONE
+           || content->quant == XML_CQUANT_REP);
+    assert(content->name == NULL);
+    for (unsigned int i = 0; i < content->numchildren; ++i) {
+      assert(content->children[i].type == XML_CTYPE_NAME);
+      assert(content->children[i].quant == XML_CQUANT_NONE);
+      assert(content->children[i].numchildren == 0);
+      assert(content->children[i].children == NULL);
+      TouchString(content->children[i].name);
+    }
+    break;
+
+  case XML_CTYPE_NAME:
+    assert((content->quant == XML_CQUANT_NONE)
+           || (content->quant == XML_CQUANT_OPT)
+           || (content->quant == XML_CQUANT_REP)
+           || (content->quant == XML_CQUANT_PLUS));
+    assert(content->numchildren == 0);
+    assert(content->children == NULL);
+    TouchString(content->name);
+    break;
+
+  case XML_CTYPE_CHOICE:
+  case XML_CTYPE_SEQ:
+    assert((content->quant == XML_CQUANT_NONE)
+           || (content->quant == XML_CQUANT_OPT)
+           || (content->quant == XML_CQUANT_REP)
+           || (content->quant == XML_CQUANT_PLUS));
+    assert(content->name == NULL);
+    for (unsigned int i = 0; i < content->numchildren; ++i) {
+      TouchNodeAndRecurse(&content->children[i]);
+    }
+    break;
+
+  default:
+    assert(false);
+  }
+}
+
+static void XMLCALL
+ElementDeclHandler(void *userData, const XML_Char *name, XML_Content *model) {
+  TouchString(name);
+  TouchNodeAndRecurse(model);
+  XML_FreeContentModel((XML_Parser)userData, model);
+}
+
+static void XMLCALL
+AttlistDeclHandler(void *userData, const XML_Char *elname,
+                   const XML_Char *attname, const XML_Char *atttype,
+                   const XML_Char *dflt, int isrequired) {
+  (void)userData;
+  TouchString(elname);
+  TouchString(attname);
+  TouchString(atttype);
+  TouchString(dflt);
+  (void)isrequired;
+}
+
+static void XMLCALL
+XmlDeclHandler(void *userData, const XML_Char *version,
+               const XML_Char *encoding, int standalone) {
+  (void)userData;
+  TouchString(version);
+  TouchString(encoding);
+  (void)standalone;
+}
+
+static void XMLCALL
+StartElementHandler(void *userData, const XML_Char *name,
+                    const XML_Char **atts) {
+  (void)userData;
+  TouchString(name);
+  for (size_t i = 0; atts[i] != NULL; ++i) {
+    TouchString(atts[i]);
+  }
+}
+
+static void XMLCALL
+EndElementHandler(void *userData, const XML_Char *name) {
+  (void)userData;
+  TouchString(name);
+}
+
+static void XMLCALL
+CharacterDataHandler(void *userData, const XML_Char *s, int len) {
+  (void)userData;
+  TouchString(s, len);
+}
+
+static void XMLCALL
+ProcessingInstructionHandler(void *userData, const XML_Char *target,
+                             const XML_Char *data) {
+  (void)userData;
+  TouchString(target);
+  TouchString(data);
+}
+
+static void XMLCALL
+CommentHandler(void *userData, const XML_Char *data) {
+  TouchString(data);
+  // Use the comment handler to trigger parser suspend, so that we can get
+  // coverage of that code.
+  XML_StopParser((XML_Parser)userData, XML_TRUE);
+}
+
+static void XMLCALL
+StartCdataSectionHandler(void *userData) {
+  (void)userData;
+}
+
+static void XMLCALL
+EndCdataSectionHandler(void *userData) {
+  (void)userData;
+}
+
+static void XMLCALL
+DefaultHandler(void *userData, const XML_Char *s, int len) {
+  (void)userData;
+  TouchString(s, len);
+}
+
+static void XMLCALL
+StartDoctypeDeclHandler(void *userData, const XML_Char *doctypeName,
+                        const XML_Char *sysid, const XML_Char *pubid,
+                        int has_internal_subset) {
+  (void)userData;
+  TouchString(doctypeName);
+  TouchString(sysid);
+  TouchString(pubid);
+  (void)has_internal_subset;
+}
+
+static void XMLCALL
+EndDoctypeDeclHandler(void *userData) {
+  (void)userData;
+}
+
+static void XMLCALL
+EntityDeclHandler(void *userData, const XML_Char *entityName,
+                  int is_parameter_entity, const XML_Char *value,
+                  int value_length, const XML_Char *base,
+                  const XML_Char *systemId, const XML_Char *publicId,
+                  const XML_Char *notationName) {
+  (void)userData;
+  TouchString(entityName);
+  (void)is_parameter_entity;
+  TouchString(value, value_length);
+  TouchString(base);
+  TouchString(systemId);
+  TouchString(publicId);
+  TouchString(notationName);
+}
+
+static void XMLCALL
+NotationDeclHandler(void *userData, const XML_Char *notationName,
+                    const XML_Char *base, const XML_Char *systemId,
+                    const XML_Char *publicId) {
+  (void)userData;
+  TouchString(notationName);
+  TouchString(base);
+  TouchString(systemId);
+  TouchString(publicId);
+}
+
+static void XMLCALL
+StartNamespaceDeclHandler(void *userData, const XML_Char *prefix,
+                          const XML_Char *uri) {
+  (void)userData;
+  TouchString(prefix);
+  TouchString(uri);
+}
+
+static void XMLCALL
+EndNamespaceDeclHandler(void *userData, const XML_Char *prefix) {
+  (void)userData;
+  TouchString(prefix);
+}
+
+static int XMLCALL
+NotStandaloneHandler(void *userData) {
+  (void)userData;
+  return XML_STATUS_OK;
+}
+
+static int XMLCALL
+ExternalEntityRefHandler(XML_Parser parser, const XML_Char *context,
+                         const XML_Char *base, const XML_Char *systemId,
+                         const XML_Char *publicId) {
+  int rc = XML_STATUS_ERROR;
+  TouchString(context);
+  TouchString(base);
+  TouchString(systemId);
+  TouchString(publicId);
+
+  if (g_external_entity) {
+    XML_Parser ext_parser
+        = XML_ExternalEntityParserCreate(parser, context, g_encoding);
+    rc = Parse(ext_parser, g_external_entity, g_external_entity_size, 1);
+    XML_ParserFree(ext_parser);
+  }
+
+  return rc;
+}
+
+static void XMLCALL
+SkippedEntityHandler(void *userData, const XML_Char *entityName,
+                     int is_parameter_entity) {
+  (void)userData;
+  TouchString(entityName);
+  (void)is_parameter_entity;
+}
+
+static int XMLCALL
+UnknownEncodingHandler(void *encodingHandlerData, const XML_Char *name,
+                       XML_Encoding *info) {
+  (void)encodingHandlerData;
+  TouchString(name);
+  (void)info;
+  return XML_STATUS_ERROR;
+}
+
+void
+InitializeParser(XML_Parser parser) {
+  XML_SetUserData(parser, (void *)parser);
+  XML_SetHashSalt(parser, 0x41414141);
+  XML_SetParamEntityParsing(parser, XML_PARAM_ENTITY_PARSING_ALWAYS);
+
+  XML_SetElementDeclHandler(parser, ElementDeclHandler);
+  XML_SetAttlistDeclHandler(parser, AttlistDeclHandler);
+  XML_SetXmlDeclHandler(parser, XmlDeclHandler);
+  XML_SetElementHandler(parser, StartElementHandler, EndElementHandler);
+  XML_SetCharacterDataHandler(parser, CharacterDataHandler);
+  XML_SetProcessingInstructionHandler(parser, ProcessingInstructionHandler);
+  XML_SetCommentHandler(parser, CommentHandler);
+  XML_SetCdataSectionHandler(parser, StartCdataSectionHandler,
+                             EndCdataSectionHandler);
+  // XML_SetDefaultHandler disables entity expansion
+  XML_SetDefaultHandlerExpand(parser, DefaultHandler);
+  XML_SetDoctypeDeclHandler(parser, StartDoctypeDeclHandler,
+                            EndDoctypeDeclHandler);
+  // Note: This is mutually exclusive with XML_SetUnparsedEntityDeclHandler,
+  //       and there isn't any significant code change between the two.
+  XML_SetEntityDeclHandler(parser, EntityDeclHandler);
+  XML_SetNotationDeclHandler(parser, NotationDeclHandler);
+  XML_SetNamespaceDeclHandler(parser, StartNamespaceDeclHandler,
+                              EndNamespaceDeclHandler);
+  XML_SetNotStandaloneHandler(parser, NotStandaloneHandler);
+  XML_SetExternalEntityRefHandler(parser, ExternalEntityRefHandler);
+  XML_SetSkippedEntityHandler(parser, SkippedEntityHandler);
+  XML_SetUnknownEncodingHandler(parser, UnknownEncodingHandler, (void *)parser);
+}
+
+DEFINE_TEXT_PROTO_FUZZER(const xml_lpm_fuzzer::Testcase &testcase) {
+  g_external_entity = nullptr;
+
+  if (! testcase.actions_size()) {
+    return;
+  }
+
+  g_allocation_count = 0;
+  g_fail_allocations.clear();
+  for (int i = 0; i < testcase.fail_allocations_size(); ++i) {
+    g_fail_allocations.push_back(testcase.fail_allocations(i));
+  }
+
+  SetEncoding(testcase.encoding());
+  XML_Parser parser
+      = XML_ParserCreate_MM(g_encoding, &memory_handling_suite, "|");
+  InitializeParser(parser);
+
+  for (int i = 0; i < testcase.actions_size(); ++i) {
+    const auto &action = testcase.actions(i);
+    switch (action.action_case()) {
+    case xml_lpm_fuzzer::Action::kChunk:
+      if (XML_STATUS_ERROR
+          == Parse(parser, action.chunk().data(), action.chunk().size(), 0)) {
+        // Force a reset after parse error.
+        XML_ParserReset(parser, g_encoding);
+        InitializeParser(parser);
+      }
+      break;
+
+    case xml_lpm_fuzzer::Action::kLastChunk:
+      Parse(parser, action.last_chunk().data(), action.last_chunk().size(), 1);
+      XML_ParserReset(parser, g_encoding);
+      InitializeParser(parser);
+      break;
+
+    case xml_lpm_fuzzer::Action::kReset:
+      XML_ParserReset(parser, g_encoding);
+      InitializeParser(parser);
+      break;
+
+    case xml_lpm_fuzzer::Action::kExternalEntity:
+      g_external_entity = action.external_entity().data();
+      g_external_entity_size = action.external_entity().size();
+      break;
+
+    default:
+      break;
+    }
+  }
+
+  XML_ParserFree(parser);
+}
diff --git a/contrib/expat/fuzz/xml_lpm_fuzzer.proto b/contrib/expat/fuzz/xml_lpm_fuzzer.proto
new file mode 100644
index 000000000000..ddc4e958b919
--- /dev/null
+++ b/contrib/expat/fuzz/xml_lpm_fuzzer.proto
@@ -0,0 +1,58 @@
+/*
+                            __  __            _
+                         ___\ \/ /_ __   __ _| |_
+                        / _ \\  /| '_ \ / _` | __|
+                       |  __//  \| |_) | (_| | |_
+                        \___/_/\_\ .__/ \__,_|\__|
+                                 |_| XML parser
+
+   Copyright (c) 2022 Mark Brand <markbrand@google.com>
+   Copyright (c) 2025 Sebastian Pipping <sebastian@pipping.org>
+   Licensed under the MIT license:
+
+   Permission is  hereby granted,  free of charge,  to any  person obtaining
+   a  copy  of  this  software   and  associated  documentation  files  (the
+   "Software"),  to  deal in  the  Software  without restriction,  including
+   without  limitation the  rights  to use,  copy,  modify, merge,  publish,
+   distribute, sublicense, and/or sell copies of the Software, and to permit
+   persons  to whom  the Software  is  furnished to  do so,  subject to  the
+   following conditions:
+
+   The above copyright  notice and this permission notice  shall be included
+   in all copies or substantial portions of the Software.
+
+   THE  SOFTWARE  IS  PROVIDED  "AS  IS",  WITHOUT  WARRANTY  OF  ANY  KIND,
+   EXPRESS  OR IMPLIED,  INCLUDING  BUT  NOT LIMITED  TO  THE WARRANTIES  OF
+   MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+   NO EVENT SHALL THE AUTHORS OR  COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+   DAMAGES OR  OTHER LIABILITY, WHETHER  IN AN  ACTION OF CONTRACT,  TORT OR
+   OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+   USE OR OTHER DEALINGS IN THE SOFTWARE.
+*/
+
+syntax = "proto2";
+package xml_lpm_fuzzer;
+
+enum Encoding {
+  UTF8 = 0;
+  UTF16 = 1;
+  ISO88591 = 2;
+  ASCII = 3;
+  UNKNOWN = 4;
+  NONE = 5;
+}
+
+message Action {
+  oneof action {
+    string chunk = 1;
+    string last_chunk = 2;
+    bool reset = 3;
+    string external_entity = 4;
+  }
+}
+
+message Testcase {
+  required Encoding encoding = 1;
+  repeated Action actions = 2;
+  repeated int32 fail_allocations = 3;
+}
diff --git a/contrib/expat/fuzz/xml_parse_fuzzer.c b/contrib/expat/fuzz/xml_parse_fuzzer.c
index a7e8414ce355..6a1affe2b1f6 100644
--- a/contrib/expat/fuzz/xml_parse_fuzzer.c
+++ b/contrib/expat/fuzz/xml_parse_fuzzer.c
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/contrib/expat/fuzz/xml_parsebuffer_fuzzer.c b/contrib/expat/fuzz/xml_parsebuffer_fuzzer.c
index 0327aa9f952e..cfc4af202851 100644
--- a/contrib/expat/fuzz/xml_parsebuffer_fuzzer.c
+++ b/contrib/expat/fuzz/xml_parsebuffer_fuzzer.c
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE-2.0
+ *      https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/contrib/expat/lib/expat.h b/contrib/expat/lib/expat.h
index 523b37d8d578..610e1ddc0e94 100644
*** 2251 LINES SKIPPED ***

From nobody Sat Apr  5 03:44:11 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZV1YS2jLrz5sv75;
	Sat, 05 Apr 2025 03:44:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZV1YS0TdNz3RrP;
	Sat, 05 Apr 2025 03:44:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743824652;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=oR9sFHZqVu+qh8UrJ1ggILwrYtLSneMrhgOws3fVsXM=;
	b=EKeKVRWKSE+Po06u1vS3T5RXoMqrlQWsSRIKbHvv9i8ojdG3sh4TCaZx5M6JpiEAOMEq9x
	Mv7DEEV1GXXER0MH+Bin2qFxi9JdS/BjUNRxnAsk10E4klo4KMF4l/wqpCap+ZO/Zw0U9K
	8LdG0lCagdZ7exVB2usF9dUkSkVPAyUiqTWYDG7EE7ZEgD/rGjtDfPMHqJSYmTLqpmmeol
	vc8zySwA3VxRmHctXyj4zwz8+t1BOkHntyRgdF5N9COmgph9wh/5FXohQYJx16skdwL1Ch
	WDpzt02JrqHJkFCtIupUKQMBkW6na11ftI7E3e/2Uhmu4Eb6v5Yw273t+PswEA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743824652; a=rsa-sha256; cv=none;
	b=rt1ztNi/d9YB6EFpvqr4ssyW0vUkUoX07Q4JtnLRvxDweKhq+tce3j+bEEKKoyJEmS26D8
	YUiNzj/xxXWUWK/OauRyMeezIup6ae3NacfBh5ggwZJIUdBPt9AL17q02G21LR/yV67e+g
	Ru/BJ0uW4vl00K14M4IonHav3j68T08DaDE7UaFOI+h+Kseln2pW8VNCZ5qFnaR9X84s0A
	uE+nw0FIvyPOYGtdS/GEigYrKV9IzNk4LSiOjsUxNoDa7Sa+fOzrhyXwsVntP+2IP0PxLa
	++PPjBsmQIngdDlSPdoOIQC7ByIkblIQE4xiAklbaXJ4c2jMcr9yCDjhxx09KQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743824652;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=oR9sFHZqVu+qh8UrJ1ggILwrYtLSneMrhgOws3fVsXM=;
	b=CqO4dNITmU4RwPCEmCXECLdHJkre2nI/7V5fE5OCkKLQLRPPdZCCE4pUkFyXb22fSpcTOS
	/18QwD0mp2GdfZMSXSNjWv1MXhu0mBiwisiWUBQ1LaSbzsnH42zoqvYzw44NiMBtIzP8sq
	XwUr7cXIm1vX6DbYNTiEK/s20U3XYFn0gyePJtFSnaqrOygDr+nozNTIhZ+BLDhVl35od5
	xSd95I66ySZ0NwgKQ+7UsgQM/BsE3Uun3w5A4P4ZZgUk4RBiHT/RnhhRp3FxvtA35vegCI
	NdjDJI2ah/3gDhM5ycPT43QkBcoQ1CFHpxNIYansICuiAWhn9mnHNH28bn5vRg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZV1YS03sPz1DJx;
	Sat, 05 Apr 2025 03:44:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5353iBaV048522;
	Sat, 5 Apr 2025 03:44:11 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5353iB4g048519;
	Sat, 5 Apr 2025 03:44:11 GMT
	(envelope-from git)
Date: Sat, 5 Apr 2025 03:44:11 GMT
Message-Id: <202504050344.5353iB4g048519@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Kevin Bowling <kbowling@FreeBSD.org>
Subject: git: 6e510d8fbaf8 - stable/14 - ixgbe: fix mailbox ack
  handling
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kbowling
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 6e510d8fbaf8d91da235fe28250cd48124edda9f
Auto-Submitted: auto-generated

The branch stable/14 has been updated by kbowling:

URL: https://cgit.FreeBSD.org/src/commit/?id=6e510d8fbaf8d91da235fe28250cd48124edda9f

commit 6e510d8fbaf8d91da235fe28250cd48124edda9f
Author:     Norbert Ciosek <norbertx.ciosek@intel.com>
AuthorDate: 2025-03-29 00:02:37 +0000
Commit:     Kevin Bowling <kbowling@FreeBSD.org>
CommitDate: 2025-04-05 03:43:39 +0000

    ixgbe: fix mailbox ack handling
    
    Check if CTS bit is set in the mailbox message before waiting for ACK.
    Otherwise ACK will never be received causing the function to timeout. Add
    a note for ixgbe_write_mbx that it should be called while holding a lock.
    
    Fixes: 6d243d2 ("net/ixgbe/base: introduce new mailbox API")
    Cc: stable@dpdk.org
    
    Signed-off-by: Norbert Ciosek <norbertx.ciosek@intel.com>
    Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
    Acked-by: Bruce Richardson <bruce.richardson@intel.com>
    
    Obtained from:  DPDK (1f119e4)
    
    (cherry picked from commit 1580f8d9c1740e0c54554e6c185573d34f2dcf76)
---
 sys/dev/ixgbe/ixgbe_mbx.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/sys/dev/ixgbe/ixgbe_mbx.c b/sys/dev/ixgbe/ixgbe_mbx.c
index 0b866e7a39af..7f58a9202c9e 100644
--- a/sys/dev/ixgbe/ixgbe_mbx.c
+++ b/sys/dev/ixgbe/ixgbe_mbx.c
@@ -112,6 +112,9 @@ s32 ixgbe_poll_mbx(struct ixgbe_hw *hw, u32 *msg, u16 size, u16 mbx_id)
  *
  * returns SUCCESS if it successfully copied message into the buffer and
  * received an ACK to that message within specified period
+ *
+ * Note that the caller to this function must lock before calling, since
+ * multiple threads can destroy each other messages.
  **/
 s32 ixgbe_write_mbx(struct ixgbe_hw *hw, u32 *msg, u16 size, u16 mbx_id)
 {
@@ -866,6 +869,11 @@ static s32 ixgbe_obtain_mbx_lock_pf(struct ixgbe_hw *hw, u16 vf_id)
 	while (countdown--) {
 		/* Reserve mailbox for PF use */
 		pf_mailbox = IXGBE_READ_REG(hw, IXGBE_PFMAILBOX(vf_id));
+
+		/* Check if other thread holds the PF lock already */
+		if (pf_mailbox & IXGBE_PFMAILBOX_PFU)
+			goto retry;
+
 		pf_mailbox |= IXGBE_PFMAILBOX_PFU;
 		IXGBE_WRITE_REG(hw, IXGBE_PFMAILBOX(vf_id), pf_mailbox);
 
@@ -876,6 +884,7 @@ static s32 ixgbe_obtain_mbx_lock_pf(struct ixgbe_hw *hw, u16 vf_id)
 			break;
 		}
 
+	retry:
 		/* Wait a bit before trying again */
 		usec_delay(mbx->usec_delay);
 	}
@@ -978,13 +987,14 @@ static s32 ixgbe_write_mbx_pf(struct ixgbe_hw *hw, u32 *msg, u16 size,
 	for (i = 0; i < size; i++)
 		IXGBE_WRITE_REG_ARRAY(hw, IXGBE_PFMBMEM(vf_id), i, msg[i]);
 
-	/* Interrupt VF to tell it a message has been sent */
+	/* interrupt VF to tell it a message has been sent */
 	pf_mailbox = IXGBE_READ_REG(hw, IXGBE_PFMAILBOX(vf_id));
 	pf_mailbox |= IXGBE_PFMAILBOX_STS;
 	IXGBE_WRITE_REG(hw, IXGBE_PFMAILBOX(vf_id), pf_mailbox);
 
 	/* if msg sent wait until we receive an ack */
-	ixgbe_poll_for_ack(hw, vf_id);
+	if (msg[0] & IXGBE_VT_MSGTYPE_CTS)
+		ixgbe_poll_for_ack(hw, vf_id);
 
 	/* update stats */
 	hw->mbx.stats.msgs_tx++;

From nobody Sat Apr  5 03:44:57 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZV1ZK4Bk1z5sv8t;
	Sat, 05 Apr 2025 03:44:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZV1ZK3VFdz3Rqm;
	Sat, 05 Apr 2025 03:44:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743824697;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=J2sm8vLVlH0l5kMRzevnBi9MNWbRjL3tsoVK2v3hyvA=;
	b=Q+7r8Lg6t8boWU+eudb2BYQYc4x/1tzXwQZ/c5sDu7NYy1KQV3i8tooLFKFtKf55c8FWki
	llM7w35UpO2lb/7a37alm3SM99kuiuBeFKTt+VpotHiwA62f7T50jCN6zBvHzj2OQgdIzB
	L0SmPQwc/FO/1DvP+ZK8n2pLlKCZUrw8O1M48xz3I9/eLqNvMUEHyLqMyKHjnkZNXXtCgw
	Uzh8LpD2yXQntPVpCNDavg1FIaCe2gHcMlhoot000+UrIY/hTnE3+/O3CJk/atxB5jV/Zb
	s/hYsYkmtvcMCrNXuDPyNew1okKQWNIhgEYI3dgfsvZBkMQjjNieDFVJPCKx1g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743824697; a=rsa-sha256; cv=none;
	b=X1wc7sVwIFA1WeDXupiyRs+kWuOSA0HBM6/DSekVx0LbV1gpYBmG9PV+mG9G22i++nD3TF
	rYFqbWmOslFM1Osily/hSCgfksDldsTH/SiLWfb1CWUvRpvkblD7QQB++wy7gkuXWXLMVK
	wxJdrH9k6L2yD7IStMX0GUMeMRxfSemf9HA27ubxPSGqtggFirX3Lywf6i+BbguVOuHI8x
	PLpJ9/diOEr9u6TiPETmwQvmnEGsO2pCBHJnARwpgubA++XG/X8tEthcILZtJrh2Fixo47
	UlVUHNEqDRSgAbGQirk0NT0U1L/RdK5zueupzfJmdB0P5HZQwqdW2BqKbeXDdg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743824697;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=J2sm8vLVlH0l5kMRzevnBi9MNWbRjL3tsoVK2v3hyvA=;
	b=haEbAFZ12ScWhmlQSG4nn0SbmT0PEY2Bz5So9vt2GuMtrjomvet+Z/mtddxAaWvJ6n61Vj
	6kRer+whTcyOIeuxnacYU2qOHC9be820PlJ82jVan0a10a4bi4jPpZOMSCaoXHBBC8eFl9
	NhWtVCNSCyafQUzJBmD7keD1itf1MCQBbvmtEUVOVeE5Nc5qOWd7Q7C/2MrYvh0Vet9tFT
	guYWYE0sJzKbUaixG7kkEgz+YfOfOgqvK8V0RgzSjcRBO2rYnvZ7QGlcalpQ3EDLpxc40u
	cceGFPLl+lWvsqp1Ss28dJUgkgPsV502Zd8xMJzY+yt/6KK/zpHEazbRox2Gng==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZV1ZK352gz1Dq7;
	Sat, 05 Apr 2025 03:44:57 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5353ivmq048847;
	Sat, 5 Apr 2025 03:44:57 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5353ivPm048844;
	Sat, 5 Apr 2025 03:44:57 GMT
	(envelope-from git)
Date: Sat, 5 Apr 2025 03:44:57 GMT
Message-Id: <202504050344.5353ivPm048844@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Kevin Bowling <kbowling@FreeBSD.org>
Subject: git: a8431b47adae - stable/13 - ixgbe: fix mailbox ack
  handling
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kbowling
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: a8431b47adae8f8b731206dc38d82b2245ad245e
Auto-Submitted: auto-generated

The branch stable/13 has been updated by kbowling:

URL: https://cgit.FreeBSD.org/src/commit/?id=a8431b47adae8f8b731206dc38d82b2245ad245e

commit a8431b47adae8f8b731206dc38d82b2245ad245e
Author:     Norbert Ciosek <norbertx.ciosek@intel.com>
AuthorDate: 2025-03-29 00:02:37 +0000
Commit:     Kevin Bowling <kbowling@FreeBSD.org>
CommitDate: 2025-04-05 03:44:37 +0000

    ixgbe: fix mailbox ack handling
    
    Check if CTS bit is set in the mailbox message before waiting for ACK.
    Otherwise ACK will never be received causing the function to timeout. Add
    a note for ixgbe_write_mbx that it should be called while holding a lock.
    
    Fixes: 6d243d2 ("net/ixgbe/base: introduce new mailbox API")
    Cc: stable@dpdk.org
    
    Signed-off-by: Norbert Ciosek <norbertx.ciosek@intel.com>
    Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
    Acked-by: Bruce Richardson <bruce.richardson@intel.com>
    
    Obtained from:  DPDK (1f119e4)
    
    (cherry picked from commit 1580f8d9c1740e0c54554e6c185573d34f2dcf76)
---
 sys/dev/ixgbe/ixgbe_mbx.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/sys/dev/ixgbe/ixgbe_mbx.c b/sys/dev/ixgbe/ixgbe_mbx.c
index 0b866e7a39af..7f58a9202c9e 100644
--- a/sys/dev/ixgbe/ixgbe_mbx.c
+++ b/sys/dev/ixgbe/ixgbe_mbx.c
@@ -112,6 +112,9 @@ s32 ixgbe_poll_mbx(struct ixgbe_hw *hw, u32 *msg, u16 size, u16 mbx_id)
  *
  * returns SUCCESS if it successfully copied message into the buffer and
  * received an ACK to that message within specified period
+ *
+ * Note that the caller to this function must lock before calling, since
+ * multiple threads can destroy each other messages.
  **/
 s32 ixgbe_write_mbx(struct ixgbe_hw *hw, u32 *msg, u16 size, u16 mbx_id)
 {
@@ -866,6 +869,11 @@ static s32 ixgbe_obtain_mbx_lock_pf(struct ixgbe_hw *hw, u16 vf_id)
 	while (countdown--) {
 		/* Reserve mailbox for PF use */
 		pf_mailbox = IXGBE_READ_REG(hw, IXGBE_PFMAILBOX(vf_id));
+
+		/* Check if other thread holds the PF lock already */
+		if (pf_mailbox & IXGBE_PFMAILBOX_PFU)
+			goto retry;
+
 		pf_mailbox |= IXGBE_PFMAILBOX_PFU;
 		IXGBE_WRITE_REG(hw, IXGBE_PFMAILBOX(vf_id), pf_mailbox);
 
@@ -876,6 +884,7 @@ static s32 ixgbe_obtain_mbx_lock_pf(struct ixgbe_hw *hw, u16 vf_id)
 			break;
 		}
 
+	retry:
 		/* Wait a bit before trying again */
 		usec_delay(mbx->usec_delay);
 	}
@@ -978,13 +987,14 @@ static s32 ixgbe_write_mbx_pf(struct ixgbe_hw *hw, u32 *msg, u16 size,
 	for (i = 0; i < size; i++)
 		IXGBE_WRITE_REG_ARRAY(hw, IXGBE_PFMBMEM(vf_id), i, msg[i]);
 
-	/* Interrupt VF to tell it a message has been sent */
+	/* interrupt VF to tell it a message has been sent */
 	pf_mailbox = IXGBE_READ_REG(hw, IXGBE_PFMAILBOX(vf_id));
 	pf_mailbox |= IXGBE_PFMAILBOX_STS;
 	IXGBE_WRITE_REG(hw, IXGBE_PFMAILBOX(vf_id), pf_mailbox);
 
 	/* if msg sent wait until we receive an ack */
-	ixgbe_poll_for_ack(hw, vf_id);
+	if (msg[0] & IXGBE_VT_MSGTYPE_CTS)
+		ixgbe_poll_for_ack(hw, vf_id);
 
 	/* update stats */
 	hw->mbx.stats.msgs_tx++;

From nobody Sun Apr  6 00:28:27 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZVY973VcSz5sbXj;
	Sun, 06 Apr 2025 00:28:27 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZVY9731f6z3wtF;
	Sun, 06 Apr 2025 00:28:27 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743899307;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=NHsfVxMve0BDlaxkeNUfjbSvNLIFMIZY0qWdBI3tMmU=;
	b=mejdGPHY7SCtQbkcgOfthQu+R+UJ3SRSE22JVSbWSK0LO2BElDmARjD68HPFb9dk1lmA4l
	6MfDCQ+7s8NgzKYfmxHUzz24Ep7xML2VxnFGq0SiYWPmEXihHkVqrqyk4o5GxTqiXuCAbJ
	VBoPaV5pL1k23LzAljFTDcJ1TWmLDobcGP85vRSaf+1/q3JKmhdJAxt+qQffAsKkYez4Ub
	bkuYu0piVQYrRTZOoH+jDjmIbrKPUoLRd/c/uR8aJzUz/Cxt5CMGzNwzg0Iq+wezyrZ54N
	f39gL7vYJ5t4NMR+8XQTY5yKgJp6MtZAZYkYrwqe3stTVBjCJp8P48FbEJaCVg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743899307; a=rsa-sha256; cv=none;
	b=bXgHrCFW9QSGXVEuSm5b/6PKlN5hH6u8aCfQi2PGHgkbWT+7qa1dWbK08qfTb+n2Puo8W5
	BykS0K7JNUti7UUGuZ+yZ0BTLWznr5g2P/OtLdWzwQFlGVeGL1ytzcwAqOtAsWnhHxPNoh
	ihq8Xr8asgyDdPZvHCy/MafYPuPTAIrq3PXGDeeqQVDVktky5egUZl/NAsM68RjaqA+Muh
	V14JPdyNqA/pl3YAKn0V71P67AlIqVjzq3eidUq8qmyzhIK+jTBamUo/KGXpzy8T7X4rB2
	iSgepVJ3GJcIgfrmMkQqqb+fHSvqhFcoykUCPUpUz0t4fH6yUqHxCS8+ZUVUtg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743899307;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=NHsfVxMve0BDlaxkeNUfjbSvNLIFMIZY0qWdBI3tMmU=;
	b=CvC3ZY0GdOu0MGXon4z8BXoYNWuFXzXebWMuH6iWEPssNXhn8vGMku6thPQmlFRDLLG9ws
	SKKsSVoEoxpEy8oSr4RCsRjUYO29krl3m0fZyHfSJaVWSaFpe1grvm1EYfDiKcidswP1iE
	RWGw9jjT/ChTpM9WHAL9LF8bPga6x0EVlFEJsAcHkpe4AOhcjbXISCH9x4Qa8h3oOiH7KQ
	prayriPHYX0du4cESNVHPNxXOErXqfiDmT35Y12aRyDEgJyLHlC/MaY0k0ZMk8FE2gqZTG
	c7kherYWQwCTGYeVJRnXrYBaS/ixb8L45AEADmVpc6ERsn3ElXdn+q22EhYQGA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZVY972XXjzdjh;
	Sun, 06 Apr 2025 00:28:27 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5360SRAT065676;
	Sun, 6 Apr 2025 00:28:27 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5360SRP2065673;
	Sun, 6 Apr 2025 00:28:27 GMT
	(envelope-from git)
Date: Sun, 6 Apr 2025 00:28:27 GMT
Message-Id: <202504060028.5360SRP2065673@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Christos Margiolis <christos@FreeBSD.org>
Subject: git: e4c0d796141b - stable/14 - sound: Fix vchanrate and
  vchanformat
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: christos
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: e4c0d796141b6611780fdff3063f744bbd49b282
Auto-Submitted: auto-generated

The branch stable/14 has been updated by christos:

URL: https://cgit.FreeBSD.org/src/commit/?id=e4c0d796141b6611780fdff3063f744bbd49b282

commit e4c0d796141b6611780fdff3063f744bbd49b282
Author:     Christos Margiolis <christos@FreeBSD.org>
AuthorDate: 2025-03-30 17:45:34 +0000
Commit:     Christos Margiolis <christos@FreeBSD.org>
CommitDate: 2025-04-06 00:28:14 +0000

    sound: Fix vchanrate and vchanformat
    
    Make vchanrate and vchanformat reflect the primary channel's software
    buffer's rate and format respectively. Fix previous inconsistencies.
    
    Get rid of the initializations in vchan_create() and move them to
    chn_init().
    
    Without the feeder_rate_round check in sysctl_dev_pcm_vchanrate(), we
    can set the software rate to anything between feeder_rate_min and
    feeder_rate_max. If we keep the check, however, the rate is limited to
    whatever the driver's min/max is, which can be a problem if, for
    example, the driver supports only a single rate, in which case we won't
    be able to set anything other than the driver rate.
    
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D48961
    
    (cherry picked from commit e372211be5c56e218e974a4478be9aa80bfca064)
---
 sys/dev/sound/pcm/channel.c | 12 +++++--
 sys/dev/sound/pcm/vchan.c   | 82 ++-------------------------------------------
 2 files changed, 13 insertions(+), 81 deletions(-)

diff --git a/sys/dev/sound/pcm/channel.c b/sys/dev/sound/pcm/channel.c
index 287e2f07d8a1..4a96505ada66 100644
--- a/sys/dev/sound/pcm/channel.c
+++ b/sys/dev/sound/pcm/channel.c
@@ -1176,7 +1176,7 @@ chn_init(struct snddev_info *d, struct pcm_channel *parent, kobj_class_t cls,
 	struct feeder_class *fc;
 	struct snd_dbuf *b, *bs;
 	char buf[CHN_NAMELEN];
-	int err, i, direction;
+	int err, i, direction, *vchanrate, *vchanformat;
 
 	PCM_BUSYASSERT(d);
 	PCM_LOCKASSERT(d);
@@ -1189,6 +1189,8 @@ chn_init(struct snddev_info *d, struct pcm_channel *parent, kobj_class_t cls,
 		if (dir == PCMDIR_PLAY_VIRTUAL)
 			d->pvchancount++;
 		direction = PCMDIR_PLAY;
+		vchanrate = &d->pvchanrate;
+		vchanformat = &d->pvchanformat;
 		break;
 	case PCMDIR_REC:
 		d->reccount++;
@@ -1197,6 +1199,8 @@ chn_init(struct snddev_info *d, struct pcm_channel *parent, kobj_class_t cls,
 		if (dir == PCMDIR_REC_VIRTUAL)
 			d->rvchancount++;
 		direction = PCMDIR_REC;
+		vchanrate = &d->rvchanrate;
+		vchanformat = &d->rvchanformat;
 		break;
 	default:
 		device_printf(d->dev,
@@ -1301,8 +1305,12 @@ chn_init(struct snddev_info *d, struct pcm_channel *parent, kobj_class_t cls,
 
 	PCM_LOCK(d);
 	CHN_INSERT_SORT_ASCEND(d, c, channels.pcm);
-	if ((c->flags & CHN_F_VIRTUAL) == 0)
+	if ((c->flags & CHN_F_VIRTUAL) == 0) {
 		CHN_INSERT_SORT_ASCEND(d, c, channels.pcm.primary);
+		/* Initialize the *vchanrate/vchanformat parameters. */
+		*vchanrate = sndbuf_getspd(c->bufsoft);
+		*vchanformat = sndbuf_getfmt(c->bufsoft);
+	}
 
 	return (c);
 
diff --git a/sys/dev/sound/pcm/vchan.c b/sys/dev/sound/pcm/vchan.c
index 7064f1e51125..1f184f21807e 100644
--- a/sys/dev/sound/pcm/vchan.c
+++ b/sys/dev/sound/pcm/vchan.c
@@ -405,7 +405,6 @@ sysctl_dev_pcm_vchanrate(SYSCTL_HANDLER_ARGS)
 {
 	struct snddev_info *d;
 	struct pcm_channel *c, *ch;
-	struct pcmchan_caps *caps;
 	int *vchanrate, direction, ret, newspd, restart;
 
 	d = devclass_get_softc(pcm_devclass, VCHAN_SYSCTL_UNIT(oidp->oid_arg1));
@@ -467,13 +466,6 @@ sysctl_dev_pcm_vchanrate(SYSCTL_HANDLER_ARGS)
 			} else
 				restart = 0;
 
-			if (feeder_rate_round) {
-				caps = chn_getcaps(c);
-				RANGE(newspd, caps->minspeed, caps->maxspeed);
-				newspd = CHANNEL_SETSPEED(c->methods,
-				    c->devinfo, newspd);
-			}
-
 			ret = chn_reset(c, c->format, newspd);
 			if (ret == 0) {
 				if (restart != 0) {
@@ -488,7 +480,7 @@ sysctl_dev_pcm_vchanrate(SYSCTL_HANDLER_ARGS)
 				}
 			}
 		}
-		*vchanrate = c->speed;
+		*vchanrate = sndbuf_getspd(c->bufsoft);
 
 		CHN_UNLOCK(c);
 	}
@@ -583,7 +575,7 @@ sysctl_dev_pcm_vchanformat(SYSCTL_HANDLER_ARGS)
 				}
 			}
 		}
-		*vchanformat = c->format;
+		*vchanformat = sndbuf_getfmt(c->bufsoft);
 
 		CHN_UNLOCK(c);
 	}
@@ -607,11 +599,9 @@ vchan_create(struct pcm_channel *parent, struct pcm_channel **child)
 	struct pcm_channel *ch;
 	struct pcmchan_caps *parent_caps;
 	uint32_t vchanfmt, vchanspd;
-	int ret, direction, r;
-	bool save;
+	int ret, direction;
 
 	ret = 0;
-	save = false;
 	d = parent->parentsnddev;
 
 	PCM_BUSYASSERT(d);
@@ -659,75 +649,9 @@ vchan_create(struct pcm_channel *parent, struct pcm_channel **child)
 		goto fail;
 	}
 
-	if (vchanfmt == 0) {
-		const char *vfmt;
-
-		CHN_UNLOCK(parent);
-		r = resource_string_value(device_get_name(parent->dev),
-		    device_get_unit(parent->dev), VCHAN_FMT_HINT(direction),
-		    &vfmt);
-		CHN_LOCK(parent);
-		if (r != 0)
-			vfmt = NULL;
-		if (vfmt != NULL) {
-			vchanfmt = snd_str2afmt(vfmt);
-			if (vchanfmt != 0 && !(vchanfmt & AFMT_VCHAN))
-				vchanfmt = 0;
-		}
-		if (vchanfmt == 0)
-			vchanfmt = VCHAN_DEFAULT_FORMAT;
-		save = true;
-	}
-
-	if (vchanspd == 0) {
-		/*
-		 * This is very sad. Few soundcards advertised as being
-		 * able to do (insanely) higher/lower speed, but in
-		 * reality, they simply can't. At least, we give user chance
-		 * to set sane value via kernel hints or sysctl.
-		 */
-		CHN_UNLOCK(parent);
-		r = resource_int_value(device_get_name(parent->dev),
-		    device_get_unit(parent->dev), VCHAN_SPD_HINT(direction),
-		    &vchanspd);
-		CHN_LOCK(parent);
-		if (r != 0) {
-			/* No saved value, no hint, NOTHING. */
-			vchanspd = VCHAN_DEFAULT_RATE;
-			RANGE(vchanspd, parent_caps->minspeed,
-			    parent_caps->maxspeed);
-		}
-		save = true;
-	}
-
-	/*
-	 * Limit the speed between feeder_rate_min <-> feeder_rate_max.
-	 */
-	RANGE(vchanspd, feeder_rate_min, feeder_rate_max);
-
-	if (feeder_rate_round) {
-		RANGE(vchanspd, parent_caps->minspeed,
-		    parent_caps->maxspeed);
-		vchanspd = CHANNEL_SETSPEED(parent->methods,
-		    parent->devinfo, vchanspd);
-	}
-
 	if ((ret = chn_reset(parent, vchanfmt, vchanspd)) != 0)
 		goto fail;
 
-	if (save) {
-		/*
-		 * Save new value.
-		 */
-		if (direction == PCMDIR_PLAY_VIRTUAL) {
-			d->pvchanformat = parent->format;
-			d->pvchanrate = parent->speed;
-		} else {
-			d->rvchanformat = parent->format;
-			d->rvchanrate = parent->speed;
-		}
-	}
-
 	/*
 	 * If the parent channel supports digital format,
 	 * enable passthrough mode.

From nobody Sun Apr  6 00:28:28 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZVY986bf9z5sbPv;
	Sun, 06 Apr 2025 00:28:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZVY983jfNz3wtG;
	Sun, 06 Apr 2025 00:28:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743899308;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=GtD4PHDjlQE+K0R7a98uHyddVJPqrhAgsA3CXQlVC9A=;
	b=gJvKvnqBqHuWvX/F1IS1VR0SuaxdRvup7OIERJniMrrIX6dDi5A/lA9Lmb36aD/yOq0f0V
	65G1blc8Zn/FHMiTku6SxuUrIpsXyaYGO+tNBcFXXxMfREb4J86z/F+wVFMET+//vwVlmP
	Lz8R8kw5L5OdlKg/AUOhhcqpJdugOTUq2X4IETiovQj21Zo8OYlwC8gnKI7C8Av9/eLg4O
	ts3Kk/ih1TOuYcy+49Y/LydIKHl7u5Yw7JZzyxA6KZkCBOJChRfVTeYZESy5+nXiisMYpF
	m+pSgPEcQ5DhXERUPBPYVpmLz5NEWll9b8UBPx5cojrEVLICEh7B1/JxEB+z0A==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743899308; a=rsa-sha256; cv=none;
	b=xCuK0c/v5h62433yJL6wAqcgmLogPjnemV1/2F/x39LvddgxIb3x4uznjmizQtoZnbaIAO
	n8KFQsQviyZarNoL//CqJ4XNsh2aN2XxpbaiWRfHWO2gg6Lls6sUuANobAlXsgl+nPUu5G
	eWtm9BMxcxX81NN9dsKInEvfBaRGjecOuk1538v3GefVAawBYx18evjbYvHD2nkV0vLVqM
	0aaiIreORCWdpyWz7zhEyKD5qtaYwFFGm9f/+KlLlV1TWzWi0Ue8sPEpvY732ErDqoxmqQ
	sDWNTRE8knWqC3qFHbX5PShN/rAdWnSJllRU3ZKLYbwvOYpHR45H285JH7aCeg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743899308;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=GtD4PHDjlQE+K0R7a98uHyddVJPqrhAgsA3CXQlVC9A=;
	b=x2GNWUV4K5ur0UIDHMXk4Gou0QH8UJ4wcJdHR1KOZQfw3WiHce39EwCxrwityhNE7MwB6L
	P5JKeq2vx28qrVlKuw4yUk2afkAs1qdZecuE4REPpondAeXmK6fSjDMVfHVBYv6aPl+QOB
	EqGDQPLEXTRNP4KsBM91TYm63pHdExLo3iDySFPCl6B+DGIIZqgfnvw6E/meVtu7W5ndHt
	gnPx2gE23iRXJj3s8HpoTMPVEtxxvAZALIvzTYpBs1V+V/1CFoeQJyyeSuNewh7IOq26jB
	Ysapx0KgeNlbEhiIo4w/5jsZG5F+LsxotwCDabeiR9ZxSXsz11y7EevpvPqFSg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZVY983FVdzfDS;
	Sun, 06 Apr 2025 00:28:28 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5360SSYS065709;
	Sun, 6 Apr 2025 00:28:28 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5360SSWR065706;
	Sun, 6 Apr 2025 00:28:28 GMT
	(envelope-from git)
Date: Sun, 6 Apr 2025 00:28:28 GMT
Message-Id: <202504060028.5360SSWR065706@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Christos Margiolis <christos@FreeBSD.org>
Subject: git: 1728d26682c6 - stable/14 - sound: Implement AFMT_FLOAT
  support
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: christos
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 1728d26682c65cb878971f55b4e87e24d0050524
Auto-Submitted: auto-generated

The branch stable/14 has been updated by christos:

URL: https://cgit.FreeBSD.org/src/commit/?id=1728d26682c65cb878971f55b4e87e24d0050524

commit 1728d26682c65cb878971f55b4e87e24d0050524
Author:     Christos Margiolis <christos@FreeBSD.org>
AuthorDate: 2025-03-30 17:45:38 +0000
Commit:     Christos Margiolis <christos@FreeBSD.org>
CommitDate: 2025-04-06 00:28:14 +0000

    sound: Implement AFMT_FLOAT support
    
    Even though the OSS manual [1] advises against using AFMT_FLOAT, there
    are applications that expect the sound driver to support it, and might
    not work properly without it.
    
    This patch adds AFMT_F32_LE|BE (as well as AFMT_FLOAT for OSS
    compatibility) in sys/soundcard.h and implements AFMT_F32_LE|BE <->
    AFMT_S32_LE|BE conversion functions. As a result, applications can
    write/read floats to/from sound(4), but internally, because sound(4)
    works with integers, we convert floating point samples to integer ones,
    before doing any processing.
    
    The reason for encoding/decoding IEEE754s manually, instead of using
    fpu_kern(9), is that fpu_kern(9) is not supported by all architectures,
    and also introduces significant overhead.
    
    The IEEE754 encoding/decoding implementation has been written by Ariff
    Abdullah [2].
    
    [1] http://manuals.opensound.com/developer/AFMT_FLOAT.html
    [2] https://people.freebsd.org/~ariff/utils/ieee754.c
    
    PR:             157050, 184380, 264973, 280612, 281390
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 week
    Reviewed by:    emaste
    Differential Revision:  https://reviews.freebsd.org/D47638
    
    (cherry picked from commit e1bbaa71d62c8681a576f9f5bedf475c7541bd35)
---
 sys/dev/sound/pcm/channel.c       |  4 +++
 sys/dev/sound/pcm/feeder_chain.c  |  2 ++
 sys/dev/sound/pcm/feeder_rate.c   |  4 +++
 sys/dev/sound/pcm/feeder_volume.c |  2 ++
 sys/dev/sound/pcm/pcm.h           | 67 +++++++++++++++++++++++++++++++++++++--
 sys/dev/sound/pcm/sound.h         | 13 +++++---
 sys/sys/soundcard.h               |  8 +++++
 tests/sys/sound/pcm_read_write.c  |  6 ++++
 8 files changed, 98 insertions(+), 8 deletions(-)

diff --git a/sys/dev/sound/pcm/channel.c b/sys/dev/sound/pcm/channel.c
index 4a96505ada66..3aa7cf219d81 100644
--- a/sys/dev/sound/pcm/channel.c
+++ b/sys/dev/sound/pcm/channel.c
@@ -977,9 +977,13 @@ static const struct {
 #if BYTE_ORDER == LITTLE_ENDIAN
 	{ "s32le", "s32", "32", AFMT_S32_LE },
 	{ "s32be",  NULL, NULL, AFMT_S32_BE },
+	{ "f32le", "f32", NULL, AFMT_F32_LE },
+	{ "f32be",  NULL, NULL, AFMT_F32_BE },
 #else
 	{ "s32le",  NULL, NULL, AFMT_S32_LE },
 	{ "s32be", "s32", "32", AFMT_S32_BE },
+	{ "f32le",  NULL, NULL, AFMT_F32_LE },
+	{ "f32be", "f32", NULL, AFMT_F32_BE },
 #endif
 	{ "u32le",  NULL, NULL, AFMT_U32_LE },
 	{ "u32be",  NULL, NULL, AFMT_U32_BE },
diff --git a/sys/dev/sound/pcm/feeder_chain.c b/sys/dev/sound/pcm/feeder_chain.c
index 1c4ddca6cdd5..56de32441de7 100644
--- a/sys/dev/sound/pcm/feeder_chain.c
+++ b/sys/dev/sound/pcm/feeder_chain.c
@@ -102,6 +102,7 @@ static uint32_t feeder_chain_formats_multi[] = {
 	AFMT_S16_LE, AFMT_S16_BE, AFMT_U16_LE, AFMT_U16_BE,
 	AFMT_S24_LE, AFMT_S24_BE, AFMT_U24_LE, AFMT_U24_BE,
 	AFMT_S32_LE, AFMT_S32_BE, AFMT_U32_LE, AFMT_U32_BE,
+	AFMT_F32_LE, AFMT_F32_BE,
 	0
 };
 
@@ -111,6 +112,7 @@ static uint32_t feeder_chain_formats_fullmulti[] = {
 	AFMT_S16_LE, AFMT_S16_BE, AFMT_U16_LE, AFMT_U16_BE,
 	AFMT_S24_LE, AFMT_S24_BE, AFMT_U24_LE, AFMT_U24_BE,
 	AFMT_S32_LE, AFMT_S32_BE, AFMT_U32_LE, AFMT_U32_BE,
+	AFMT_F32_LE, AFMT_F32_BE,
 	0
 };
 
diff --git a/sys/dev/sound/pcm/feeder_rate.c b/sys/dev/sound/pcm/feeder_rate.c
index 1610211ff5f5..9ea454cdee1e 100644
--- a/sys/dev/sound/pcm/feeder_rate.c
+++ b/sys/dev/sound/pcm/feeder_rate.c
@@ -639,6 +639,8 @@ Z_DECLARE(U, 32, LE)
 Z_DECLARE(U, 16, BE)
 Z_DECLARE(U, 24, BE)
 Z_DECLARE(U, 32, BE)
+Z_DECLARE(F, 32, LE)
+Z_DECLARE(F, 32, BE)
 #endif
 
 enum {
@@ -687,6 +689,8 @@ static const struct {
 	Z_RESAMPLER_ENTRY(U, 16, BE),
 	Z_RESAMPLER_ENTRY(U, 24, BE),
 	Z_RESAMPLER_ENTRY(U, 32, BE),
+	Z_RESAMPLER_ENTRY(F, 32, LE),
+	Z_RESAMPLER_ENTRY(F, 32, BE),
 #endif
 };
 
diff --git a/sys/dev/sound/pcm/feeder_volume.c b/sys/dev/sound/pcm/feeder_volume.c
index f72c6aa7ef4f..2d35bb56ef8f 100644
--- a/sys/dev/sound/pcm/feeder_volume.c
+++ b/sys/dev/sound/pcm/feeder_volume.c
@@ -93,6 +93,8 @@ FEEDVOLUME_DECLARE(U, 32, LE)
 FEEDVOLUME_DECLARE(U, 16, BE)
 FEEDVOLUME_DECLARE(U, 24, BE)
 FEEDVOLUME_DECLARE(U, 32, BE)
+FEEDVOLUME_DECLARE(F, 32, LE)
+FEEDVOLUME_DECLARE(F, 32, BE)
 #endif
 
 struct feed_volume_info {
diff --git a/sys/dev/sound/pcm/pcm.h b/sys/dev/sound/pcm/pcm.h
index 1de686b04097..7d0a8f0f431b 100644
--- a/sys/dev/sound/pcm/pcm.h
+++ b/sys/dev/sound/pcm/pcm.h
@@ -128,7 +128,8 @@ static const struct {
 static __always_inline __unused intpcm_t
 pcm_sample_read(const uint8_t *src, uint32_t fmt)
 {
-	intpcm_t v;
+	intpcm_t v, e, m;
+	bool s;
 
 	fmt = AFMT_ENCODING(fmt);
 
@@ -190,6 +191,34 @@ pcm_sample_read(const uint8_t *src, uint32_t fmt)
 		v = INTPCM_T(src[3] | src[2] << 8 | src[1] << 16 |
 		    (int8_t)(src[0] ^ 0x80) << 24);
 		break;
+	case AFMT_F32_LE:	/* FALLTHROUGH */
+	case AFMT_F32_BE:
+		if (fmt == AFMT_F32_LE) {
+			v = INTPCM_T(src[0] | src[1] << 8 | src[2] << 16 |
+			    (int8_t)src[3] << 24);
+		} else {
+			v = INTPCM_T(src[3] | src[2] << 8 | src[1] << 16 |
+			    (int8_t)src[0] << 24);
+		}
+		e = (v >> 23) & 0xff;
+		/* NaN, +/- Inf  or too small */
+		if (e == 0xff || e < 96) {
+			v = INTPCM_T(0);
+			break;
+		}
+		s = v & 0x80000000U;
+		if (e > 126) {
+			v = INTPCM_T((s == 0) ? PCM_S32_MAX : PCM_S32_MIN);
+			break;
+		}
+		m = 0x800000 | (v & 0x7fffff);
+		e += 8 - 127;
+		if (e < 0)
+			m >>= -e;
+		else
+			m <<= e;
+		v = INTPCM_T((s == 0) ? m : -m);
+		break;
 	default:
 		v = 0;
 		printf("%s(): unknown format: 0x%08x\n", __func__, fmt);
@@ -241,8 +270,38 @@ pcm_sample_read_calc(const uint8_t *src, uint32_t fmt)
 static __always_inline __unused void
 pcm_sample_write(uint8_t *dst, intpcm_t v, uint32_t fmt)
 {
+	intpcm_t r, e;
+
 	fmt = AFMT_ENCODING(fmt);
 
+	if (fmt & (AFMT_F32_LE | AFMT_F32_BE)) {
+		if (v == 0)
+			r = 0;
+		else if (v == PCM_S32_MAX)
+			r = 0x3f800000;
+		else if (v == PCM_S32_MIN)
+			r = 0x80000000U | 0x3f800000;
+		else {
+			r = 0;
+			if (v < 0) {
+				r |= 0x80000000U;
+				v = -v;
+			}
+			e = 127 - 8;
+			while ((v & 0x7f000000) != 0) {
+				v >>= 1;
+				e++;
+			}
+			while ((v & 0x7f800000) == 0) {
+				v <<= 1;
+				e--;
+			}
+			r |= (e & 0xff) << 23;
+			r |= v & 0x7fffff;
+		}
+		v = r;
+	}
+
 	switch (fmt) {
 	case AFMT_AC3:
 		*(int16_t *)dst = 0;
@@ -295,13 +354,15 @@ pcm_sample_write(uint8_t *dst, intpcm_t v, uint32_t fmt)
 		dst[1] = v >> 8;
 		dst[0] = (v >> 16) ^ 0x80;
 		break;
-	case AFMT_S32_LE:
+	case AFMT_S32_LE:	/* FALLTHROUGH */
+	case AFMT_F32_LE:
 		dst[0] = v;
 		dst[1] = v >> 8;
 		dst[2] = v >> 16;
 		dst[3] = v >> 24;
 		break;
-	case AFMT_S32_BE:
+	case AFMT_S32_BE:	/* FALLTHROUGH */
+	case AFMT_F32_BE:
 		dst[3] = v;
 		dst[2] = v >> 8;
 		dst[1] = v >> 16;
diff --git a/sys/dev/sound/pcm/sound.h b/sys/dev/sound/pcm/sound.h
index 74c710f6f843..f7411ee096c9 100644
--- a/sys/dev/sound/pcm/sound.h
+++ b/sys/dev/sound/pcm/sound.h
@@ -451,15 +451,17 @@ int	sound_oss_card_info(oss_card_info *);
 #endif /* _KERNEL */
 
 /* make figuring out what a format is easier. got AFMT_STEREO already */
-#define AFMT_32BIT (AFMT_S32_LE | AFMT_S32_BE | AFMT_U32_LE | AFMT_U32_BE)
+#define AFMT_32BIT (AFMT_S32_LE | AFMT_S32_BE | AFMT_U32_LE | AFMT_U32_BE | \
+			AFMT_F32_LE | AFMT_F32_BE)
 #define AFMT_24BIT (AFMT_S24_LE | AFMT_S24_BE | AFMT_U24_LE | AFMT_U24_BE)
 #define AFMT_16BIT (AFMT_S16_LE | AFMT_S16_BE | AFMT_U16_LE | AFMT_U16_BE)
 #define AFMT_G711  (AFMT_MU_LAW | AFMT_A_LAW)
 #define AFMT_8BIT (AFMT_G711 | AFMT_U8 | AFMT_S8)
-#define AFMT_SIGNED (AFMT_S32_LE | AFMT_S32_BE | AFMT_S24_LE | AFMT_S24_BE | \
+#define AFMT_SIGNED (AFMT_S32_LE | AFMT_S32_BE | AFMT_F32_LE | AFMT_F32_BE | \
+			AFMT_S24_LE | AFMT_S24_BE | \
 			AFMT_S16_LE | AFMT_S16_BE | AFMT_S8)
-#define AFMT_BIGENDIAN (AFMT_S32_BE | AFMT_U32_BE | AFMT_S24_BE | AFMT_U24_BE | \
-			AFMT_S16_BE | AFMT_U16_BE)
+#define AFMT_BIGENDIAN (AFMT_S32_BE | AFMT_U32_BE | AFMT_F32_BE | \
+			AFMT_S24_BE | AFMT_U24_BE | AFMT_S16_BE | AFMT_U16_BE)
 
 #define AFMT_CONVERTIBLE	(AFMT_8BIT | AFMT_16BIT | AFMT_24BIT |	\
 				 AFMT_32BIT)
@@ -509,7 +511,8 @@ int	sound_oss_card_info(oss_card_info *);
 #define AFMT_U8_NE	AFMT_U8
 #define AFMT_S8_NE	AFMT_S8
 
-#define AFMT_SIGNED_NE	(AFMT_S8_NE | AFMT_S16_NE | AFMT_S24_NE | AFMT_S32_NE)
+#define AFMT_SIGNED_NE	(AFMT_S8_NE | AFMT_S16_NE | AFMT_S24_NE | \
+			AFMT_S32_NE | AFMT_F32_NE)
 
 #define AFMT_NE		(AFMT_SIGNED_NE | AFMT_U8_NE | AFMT_U16_NE |	\
 			 AFMT_U24_NE | AFMT_U32_NE)
diff --git a/sys/sys/soundcard.h b/sys/sys/soundcard.h
index b5434b930215..a0342ebf58f0 100644
--- a/sys/sys/soundcard.h
+++ b/sys/sys/soundcard.h
@@ -184,6 +184,8 @@ struct snd_size {
 #define AFMT_S24_BE	0x00020000	/* Big endian signed 24-bit */
 #define AFMT_U24_LE	0x00040000	/* Little endian unsigned 24-bit */
 #define AFMT_U24_BE	0x00080000	/* Big endian unsigned 24-bit */
+#define AFMT_F32_LE	0x10000000	/* Little endian 32-bit floating point */
+#define AFMT_F32_BE	0x20000000	/* Big endian 32-bit floating point */
 
 /* Machine dependent AFMT_* definitions. */
 #if BYTE_ORDER == LITTLE_ENDIAN
@@ -199,6 +201,8 @@ struct snd_size {
 #define AFMT_U16_OE	AFMT_U16_BE
 #define AFMT_U24_OE	AFMT_U24_BE
 #define AFMT_U32_OE	AFMT_U32_BE
+#define AFMT_F32_NE	AFMT_F32_LE
+#define AFMT_F32_OE	AFMT_F32_BE
 #else
 #define AFMT_S16_OE	AFMT_S16_LE
 #define AFMT_S24_OE	AFMT_S24_LE
@@ -212,8 +216,12 @@ struct snd_size {
 #define AFMT_U16_NE	AFMT_U16_BE
 #define AFMT_U24_NE	AFMT_U24_BE
 #define AFMT_U32_NE	AFMT_U32_BE
+#define AFMT_F32_NE	AFMT_F32_BE
+#define AFMT_F32_OE	AFMT_F32_LE
 #endif
 
+#define AFMT_FLOAT	AFMT_F32_NE	/* compatibility alias */
+
 #define AFMT_STEREO	0x10000000	/* can do/want stereo	*/
 
 /*
diff --git a/tests/sys/sound/pcm_read_write.c b/tests/sys/sound/pcm_read_write.c
index 2aba19840735..a77b953a78a0 100644
--- a/tests/sys/sound/pcm_read_write.c
+++ b/tests/sys/sound/pcm_read_write.c
@@ -70,6 +70,12 @@ static struct afmt_test_data {
 	{"u32be_1", {0x01, 0x02, 0x03, 0x04}, 4, AFMT_U32_BE, 0x81020304},
 	{"u32be_2", {0x81, 0x82, 0x83, 0x84}, 4, AFMT_U32_BE, 0x01828384},
 
+	/* 32 bit floating point sample formats. */
+	{"f32le_1", {0x00, 0x00, 0x00, 0x3f}, 4, AFMT_F32_LE, 0x40000000},
+	{"f32le_2", {0x00, 0x00, 0x00, 0xbf}, 4, AFMT_F32_LE, 0xc0000000},
+	{"f32be_1", {0x3f, 0x00, 0x00, 0x00}, 4, AFMT_F32_BE, 0x40000000},
+	{"f32be_2", {0xbf, 0x00, 0x00, 0x00}, 4, AFMT_F32_BE, 0xc0000000},
+
 	/* u-law and A-law sample formats. */
 	{"mulaw_1", {0x01, 0x00, 0x00, 0x00}, 1, AFMT_MU_LAW, 0xffffff87},
 	{"mulaw_2", {0x81, 0x00, 0x00, 0x00}, 1, AFMT_MU_LAW, 0x00000079},

From nobody Sun Apr  6 00:28:29 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZVY995mN3z5sb5h;
	Sun, 06 Apr 2025 00:28:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZVY994gT6z3wyH;
	Sun, 06 Apr 2025 00:28:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743899309;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=I61PMHjgfICBbehnfcotA+UPPaTJjubaMCNxBA3+7eo=;
	b=yMNh+nuC2OLp8dDGaOqyNrh0+I/sOd08FOL9nrmybcLqUOr+5SIc7VhjA9E4i9Alh6GWF5
	tHfugfIOVi/4++DIxCjx1JHg9YMH/IAGD/0YxikLNra/wdUff0uf25/l5WEBHQ3dKQT1Gb
	1URt1gXromz6ccQI8fHd0uPNOQYHNZxZ+/BxCXDXqTqMCG4Yk+nvbONhjMOUB673a2OvTe
	2XX46HUawQ1VmTxIU9oCgsR2ncFR4TyY7qf4PjuyrhHgjjT9yX0EsP65zRmwz9TsR3U0Ne
	f5JAqh6bhoeMJ2z/4bKIbLJ5VeFZBglgo8+H6yULwdymI8LB2yfqGtXCElOBlA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743899309; a=rsa-sha256; cv=none;
	b=s2Cwhg8YKg0DeD/4K+mTWNy7NDenvWjT/3v3XfmxXcXWoDujzHCaSb0tSRM3yvfYiDFWkQ
	dqihN1pwZFA9FBnzsu7dFt834b10kt0LPWwJgu9G8apT8KJrM3ir1dp3eiA2YuLphUDJWF
	hCZTnWy875fWDQeHyDKdEA0JoZ8HJiuVBwe/NKVkOn3xu/U+Vcemyhx826KxkhMO4SdYye
	4FB7hpUJGOIOaHqSFKYvEilOJFSVBs1Mb0AvjeznUlwVkpM14m7kbM2aYYEHwcHc/D5mri
	bTYshXxk37P4j7H50tpgK8UekRJaLtfJGQi4BNwqd+kChBnz36SJcw2IykGfsA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743899309;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=I61PMHjgfICBbehnfcotA+UPPaTJjubaMCNxBA3+7eo=;
	b=nfh5qbG4rHzkHAmluslZ7WkGeNJ17NTx52Qegr3TwesSwZRN+NLBP63nNRJEdRQR4zerue
	Y8I7h/Xri1ecO3/OZZ1HX5KjH5DRHafYnV7RSnHm9CfFsQe6a4A56bVZtErZ9wJejW8Adm
	14yw4Hmiyams0IxqaVvPT1qDZM0pbX5DNxOUlGPjSkj6lveyRnSaY9nN3k1qRgzNgXd4AX
	DaBWHz9+xVu26euCSzAX5gXEs2nOtvlKhJYm0/h6BkPpFB9YrGoZkrJwg/skjjg53hKFTB
	IilvJKR9JE9/BI/NEjohSMN+f4APXx9uAJrjDl44QnsTf3k3ryPBCL5ewWPUcA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZVY994FsBzdjj;
	Sun, 06 Apr 2025 00:28:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5360STlK065742;
	Sun, 6 Apr 2025 00:28:29 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5360ST0Q065739;
	Sun, 6 Apr 2025 00:28:29 GMT
	(envelope-from git)
Date: Sun, 6 Apr 2025 00:28:29 GMT
Message-Id: <202504060028.5360ST0Q065739@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Christos Margiolis <christos@FreeBSD.org>
Subject: git: 1890f0b0df24 - stable/14 - beep(1): Use AFMT_FLOAT
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: christos
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 1890f0b0df244fd36c511303e2068d5c6f3aa174
Auto-Submitted: auto-generated

The branch stable/14 has been updated by christos:

URL: https://cgit.FreeBSD.org/src/commit/?id=1890f0b0df244fd36c511303e2068d5c6f3aa174

commit 1890f0b0df244fd36c511303e2068d5c6f3aa174
Author:     Christos Margiolis <christos@FreeBSD.org>
AuthorDate: 2025-03-30 17:45:48 +0000
Commit:     Christos Margiolis <christos@FreeBSD.org>
CommitDate: 2025-04-06 00:28:14 +0000

    beep(1): Use AFMT_FLOAT
    
    AFMT_FLOAT is supported by sound(4) as of FILLME, so use it here, since
    the whole program works with floats already.
    
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D47639
    
    (cherry picked from commit 1166cfd96f3403edb082387fbc3a4d4aa249bce8)
---
 usr.bin/beep/beep.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/usr.bin/beep/beep.c b/usr.bin/beep/beep.c
index 2696bacfacf4..0bdfe2cf97a7 100644
--- a/usr.bin/beep/beep.c
+++ b/usr.bin/beep/beep.c
@@ -152,7 +152,7 @@ usage(void)
 int
 main(int argc, char **argv)
 {
-	int32_t *buffer;
+	float *buffer;
 	size_t slope;
 	size_t size;
 	size_t off;
@@ -208,9 +208,9 @@ main(int argc, char **argv)
 	if (ioctl(f, SOUND_PCM_WRITE_CHANNELS, &c) != 0)
 		errx(1, "ioctl SOUND_PCM_WRITE_CHANNELS(1) failed");
 
-	c = AFMT_S32_NE;
+	c = AFMT_FLOAT;
 	if (ioctl(f, SNDCTL_DSP_SETFMT, &c) != 0)
-		errx(1, "ioctl SNDCTL_DSP_SETFMT(AFMT_S32_NE) failed");
+		errx(1, "ioctl SNDCTL_DSP_SETFMT(AFMT_FLOAT) failed");
 
 	if (ioctl(f, SNDCTL_DSP_SPEED, &sample_rate) != 0)
 		errx(1, "ioctl SNDCTL_DSP_SPEED(%d) failed", sample_rate);
@@ -251,7 +251,7 @@ main(int argc, char **argv)
 		else if (off > (size - slope))
 			sample = sample * (size - off - 1) / (float)slope;
 
-		buffer[off] = sample * 0x7fffff00;
+		buffer[off] = sample;
 	}
 
 	if (write(f, buffer, size * sizeof(buffer[0])) !=

From nobody Sun Apr  6 00:28:30 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZVY9C6P0rz5sbWD;
	Sun, 06 Apr 2025 00:28:31 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZVY9B64fZz3x1Q;
	Sun, 06 Apr 2025 00:28:30 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743899310;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=DNx99tiukrRafhirG+sBeuxPsze1jdofW08Doume1XE=;
	b=GfrXr17qhmPr+PtxGW45jkek8yIaROfGVmWswpANQ/gqAKGKGKZp3W7DdPyea8qj3R1vLf
	4fuopLETVMeVaAD0gpwmIn9FpiSe56dbT/WxvzKdywH9gtudEb0ov2hSmqFUfK+WqAm/JZ
	xJUmtffUXpkz/mPTRU6SwUYcYc5mI+lAIh4v8tNRCXJfZ4BAVkfMKw1GAXkkZWYsnFDsvQ
	RakUAE1b4SBmPBPUctPem3xTv6aUjxzRBfTr+6Q4wwP9H8w1zcpETje0HqcAnjWOS1bal9
	8Hf8/KmqqXJ6/3vQ1uLZue++7aauONyWtBSxKIfs/iW+fdClhhUdQGVi12eOQg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743899310; a=rsa-sha256; cv=none;
	b=ipHTOykEkxuRi1eEbyC2AKmhyFgqq5oXgiiceD+704v3/+xmjwCAAhATMcH4yvETeUZQnq
	YSuu7KzKNnoa7VbK3xybDTjtQOVa1M4P7ReNIYn1PEaVFT5wo21COkJNGVQnKD0VVaelav
	Y2U32FP1jKYWDYEfTyaHYXVBYuUFQSDo0LngYmprBZa+pBn4MVDxgpnbtI5BKXPmXTIiFg
	FXEYdMkKn9Lw1crnr1rFaEuQzNhivQ7T09tds2QGFieEfQ1QowH48l+y6O7ByDfgeEFjxz
	/UMcPGORgQkBFgbnPT2vM5ELDoqgZBfkKH2yOPrFoI4JBdszW8A9fe0M36xn+Q==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743899310;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=DNx99tiukrRafhirG+sBeuxPsze1jdofW08Doume1XE=;
	b=GbowQi3CaE2vqrDI2JkAQeZXcmrpYc0ZqDLKWchIEutQkm7gs6OrVsiXtIPcAFjl6vD4AO
	iXwoVk2jKk4FftZ5e35ARmByTz25/AWPD19cLWb8Sl1zbO0SmJg0jcey2wP/jznouJq8um
	RVa1RdigDqJQzQf+hTgOH7Ee0yDKXLM0heKHQKLb86FnMba6hPZzyleO51dvBMdMUu+2qs
	gR4kYf6wmCvkWeBFbL0oKXK93y0NxLJriwLej9bGLcjsbSnTiAnQYQqcoYJChFymCKailg
	RGIc6KF6UR1ogsYK8qK563ULrcLs3ycmPPwh/uJGvSYDRXUYA0HFtF72qnTtzw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZVY9B4x8NzfXJ;
	Sun, 06 Apr 2025 00:28:30 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5360SUL4065778;
	Sun, 6 Apr 2025 00:28:30 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5360SUtk065775;
	Sun, 6 Apr 2025 00:28:30 GMT
	(envelope-from git)
Date: Sun, 6 Apr 2025 00:28:30 GMT
Message-Id: <202504060028.5360SUtk065775@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Christos Margiolis <christos@FreeBSD.org>
Subject: git: 831c30f09ea8 - stable/14 - sound: Improve afmt_tab
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: christos
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 831c30f09ea8a38d6b8b45d3e24b72cc2075086c
Auto-Submitted: auto-generated

The branch stable/14 has been updated by christos:

URL: https://cgit.FreeBSD.org/src/commit/?id=831c30f09ea8a38d6b8b45d3e24b72cc2075086c

commit 831c30f09ea8a38d6b8b45d3e24b72cc2075086c
Author:     Christos Margiolis <christos@FreeBSD.org>
AuthorDate: 2025-03-30 17:45:53 +0000
Commit:     Christos Margiolis <christos@FreeBSD.org>
CommitDate: 2025-04-06 00:28:14 +0000

    sound: Improve afmt_tab
    
    Reduce ifdefs, and add aliases for the unsigned formats.
    
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 week
    Reviewed by:    dev_submerge.ch
    Differential Revision:  https://reviews.freebsd.org/D48009
    
    (cherry picked from commit a4aff024fd53a38ba08bbf5309589e1865ffe024)
---
 sys/dev/sound/pcm/channel.c | 31 ++++++++++++++++++-------------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/sys/dev/sound/pcm/channel.c b/sys/dev/sound/pcm/channel.c
index 3aa7cf219d81..31a56a8b82e2 100644
--- a/sys/dev/sound/pcm/channel.c
+++ b/sys/dev/sound/pcm/channel.c
@@ -961,33 +961,38 @@ static const struct {
 	{ "mulaw",  NULL, NULL, AFMT_MU_LAW },
 	{    "u8",   "8", NULL, AFMT_U8     },
 	{    "s8",  NULL, NULL, AFMT_S8     },
+	{   "ac3",  NULL, NULL, AFMT_AC3    },
 #if BYTE_ORDER == LITTLE_ENDIAN
 	{ "s16le", "s16", "16", AFMT_S16_LE },
 	{ "s16be",  NULL, NULL, AFMT_S16_BE },
-#else
-	{ "s16le",  NULL, NULL, AFMT_S16_LE },
-	{ "s16be", "s16", "16", AFMT_S16_BE },
-#endif
-	{ "u16le",  NULL, NULL, AFMT_U16_LE },
-	{ "u16be",  NULL, NULL, AFMT_U16_BE },
-	{ "s24le",  NULL, NULL, AFMT_S24_LE },
+	{ "s24le", "s24", "24", AFMT_S24_LE },
 	{ "s24be",  NULL, NULL, AFMT_S24_BE },
-	{ "u24le",  NULL, NULL, AFMT_U24_LE },
-	{ "u24be",  NULL, NULL, AFMT_U24_BE },
-#if BYTE_ORDER == LITTLE_ENDIAN
 	{ "s32le", "s32", "32", AFMT_S32_LE },
 	{ "s32be",  NULL, NULL, AFMT_S32_BE },
 	{ "f32le", "f32", NULL, AFMT_F32_LE },
 	{ "f32be",  NULL, NULL, AFMT_F32_BE },
+	{ "u16le", "u16", NULL, AFMT_U16_LE },
+	{ "u16be",  NULL, NULL, AFMT_U16_BE },
+	{ "u24le", "u24", NULL, AFMT_U24_LE },
+	{ "u24be",  NULL, NULL, AFMT_U24_BE },
+	{ "u32le", "u32", NULL, AFMT_U32_LE },
+	{ "u32be",  NULL, NULL, AFMT_U32_BE },
 #else
+	{ "s16le",  NULL, NULL, AFMT_S16_LE },
+	{ "s16be", "s16", "16", AFMT_S16_BE },
+	{ "s24le",  NULL, NULL, AFMT_S24_LE },
+	{ "s24be", "s24", "24", AFMT_S24_BE },
 	{ "s32le",  NULL, NULL, AFMT_S32_LE },
 	{ "s32be", "s32", "32", AFMT_S32_BE },
 	{ "f32le",  NULL, NULL, AFMT_F32_LE },
 	{ "f32be", "f32", NULL, AFMT_F32_BE },
-#endif
+	{ "u16le",  NULL, NULL, AFMT_U16_LE },
+	{ "u16be", "u16", NULL, AFMT_U16_BE },
+	{ "u24le",  NULL, NULL, AFMT_U24_LE },
+	{ "u24be", "u24", NULL, AFMT_U24_BE },
 	{ "u32le",  NULL, NULL, AFMT_U32_LE },
-	{ "u32be",  NULL, NULL, AFMT_U32_BE },
-	{   "ac3",  NULL, NULL, AFMT_AC3    },
+	{ "u32be", "u32", NULL, AFMT_U32_BE },
+#endif
 	{    NULL,  NULL, NULL, 0           }
 };
 

From nobody Sun Apr  6 00:28:32 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZVY9F4swfz5sbSL;
	Sun, 06 Apr 2025 00:28:33 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZVY9F0XTyz3xC3;
	Sun, 06 Apr 2025 00:28:33 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743899313;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=tqueHYdWUYiJQkHAF7W4HQdsC3HUwMTHFg7L132QwJA=;
	b=XjFHSjXhA287ksSUj1qYeIH5b3c81mwiPqOeoisXj8uOaLRciqPf8sPLc1RBCM1B/EWZdq
	6QJ7tb8mE2zlP/66IDKRIkMzN9Gw1Jvy1yHfeRS+tAfPb2DzRSdC7mWnoqIHX/o0Xu53TR
	pEOebuf9ar738jcCzBfDetJfWYcLAvvQvSMfWnKk9M95UGFyR03Q8IyjbPTayj7UeKqzia
	XIeOwLQ8oOS2kT+wxV4YnqVXhX02oInKCPBtKebXWd1RX0U8RWzrys18JOf27P/xFH77cq
	K/JQRtM97wBOOZtYRZQxPv59zqXxi6tAOrbYfj1moHVeEyIZ9iTeEv0M6RAbzQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743899313; a=rsa-sha256; cv=none;
	b=HxfPS2acywGEPla0gNwnpPaOV/UJE28VyCfwGyGJZApVVUwUInWbheW0UAuXm87UG25kN8
	0GPxdUF/6U3XyYrXFvwv7oJi+hHmExSDZAZMSBgHnubbG/RlZ9ry0qgKmItn2z3/sriZ9Y
	Cv5NwMCIc0KsIAne1lKj9pArup1tiuRAGYvF5//Pc88f4ZzzlQ6PW5GjoNT/Tx1eK762vz
	mV+Zvpu606zh4zNAHEXeTmmNt33BnfoPWK4DsQuGLVmA+CvTg3Yyh+FlQTgFZYwl2FW1m3
	Nz+wwpAHwn/RmiIdSBL1JdS4z7Ee3/V+Rbla4rWbrG0BY08FxutnIjHZG6CdFg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743899313;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=tqueHYdWUYiJQkHAF7W4HQdsC3HUwMTHFg7L132QwJA=;
	b=aDpCzdJyGW90OckVLmHzfCJa2SU1kR3dgvD8+I9VYxbUjg9jE7WiA5vuCC8Xtntbj1dxJJ
	c2kKtdwJbtpoUtN+x4BnPP0djrCBb2XNC8UVt6P7IRV9OYRQv1pZvgRfX4Po9Ia8HF5GRI
	RjGyqZOHw7p9z595YsDDh43QsIMgUcHGlgvF2u6E7/eWJYSCA9cED7u9q0v+3RLBTl/Sd9
	7dD1hF5umy9wn/mMOC7TbQC6qZLcqmLkhG4MDhAwyIFUiOPvTjvl1vvrt6KfIgg4kfKkae
	KPwp6bsKjtRszSuNSf6ruSiwJWbrdG4LzQfblUTYho5NkkGu862DJcVp78b3+g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZVY9F049rzfjv;
	Sun, 06 Apr 2025 00:28:33 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5360SWl1065853;
	Sun, 6 Apr 2025 00:28:32 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5360SWUN065850;
	Sun, 6 Apr 2025 00:28:32 GMT
	(envelope-from git)
Date: Sun, 6 Apr 2025 00:28:32 GMT
Message-Id: <202504060028.5360SWUN065850@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Christos Margiolis <christos@FreeBSD.org>
Subject: git: 8c991c4b0695 - stable/14 - sound: Fix regression in
  pcm/feeder_mixer.c
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: christos
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 8c991c4b06954371886413d7a4eb2f0569721857
Auto-Submitted: auto-generated

The branch stable/14 has been updated by christos:

URL: https://cgit.FreeBSD.org/src/commit/?id=8c991c4b06954371886413d7a4eb2f0569721857

commit 8c991c4b06954371886413d7a4eb2f0569721857
Author:     Christos Margiolis <christos@FreeBSD.org>
AuthorDate: 2025-03-30 21:27:09 +0000
Commit:     Christos Margiolis <christos@FreeBSD.org>
CommitDate: 2025-04-06 00:28:15 +0000

    sound: Fix regression in pcm/feeder_mixer.c
    
    This call was meant to be the default case in the first place, but
    somehow missed this.
    
    Reported by:    glebius
    Fixes:          4021fa32d92d ("sound: Simplify pcm/feeder_mixer.c")
    MFC after:      1 week
    Sponsored by:   The FreeBSD Foundation
    
    (cherry picked from commit b6420b5ea5bcdeb859a2b3357e5dbaafe7aaff88)
---
 sys/dev/sound/pcm/feeder_mixer.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/sys/dev/sound/pcm/feeder_mixer.c b/sys/dev/sound/pcm/feeder_mixer.c
index 1d3b7e31d055..b6b81ad9a51c 100644
--- a/sys/dev/sound/pcm/feeder_mixer.c
+++ b/sys/dev/sound/pcm/feeder_mixer.c
@@ -337,9 +337,11 @@ feed_mixer_feed(struct pcm_feeder *f, struct pcm_channel *c, uint8_t *b,
 						feed_mixer_apply(tmp, b, cnt,
 						    AFMT_S32_NE);
 						break;
+					default:
+						feed_mixer_apply(tmp, b, cnt,
+						    info->format);
+						break;
 					}
-					feed_mixer_apply(tmp, b, cnt,
-					    info->format);
 					if (cnt > rcnt)
 						rcnt = cnt;
 				}

From nobody Sun Apr  6 00:28:31 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZVY9D5Qrqz5sbQ1;
	Sun, 06 Apr 2025 00:28:32 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZVY9C6rWGz3wyZ;
	Sun, 06 Apr 2025 00:28:31 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743899312;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=VRFmRgPUaDungoFUmODB2SvKhQ1plrH+P9C7W240hyg=;
	b=npg2Zqh+qOd+AW0wmDa6rmABbpk+vlVSP36hZbwJ+P1GyqOCQIIq402gQLMGz1wdPKYwXt
	idtmGG7uIyXRuPEhfT2HlIbrB75bIWJ5HveSkGCxxN7t6sybLmdvGRYsvbJyByUIsi9xnd
	JtIfZ8REG2efmzyAQEeuK24ntkK7v+O2rZO9I3HbWJVX7+qGhfyJ5Lsd7KhPzN7cBdm65/
	Jomy45epH074riPj8vJBk9mXZfrGzdv0E+w/HJLUpTG20m9zyyNexvjH1yp3AQOd/918je
	CCDuKHQAaZ/btnpxIMc9BY1bSGHXa97oBs/UK9Z26WCFTA4HJzLlLcypeW2hHg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743899312; a=rsa-sha256; cv=none;
	b=rCQbXT5ndCAJFIcSLihHj181ZG+HDvY5T/Ug45fSK9UFOhK6mKXfdzm5em1JOluSl5N1ao
	Dqi9Y4GAdNDts/Xe7itSZAn3HQH9R5LifN0y8Nva1+PU6I6N+WgWVig00zE+Op2jlkNW9t
	F9LjRjzd5FaaZpDiLlPTlwhIeKyomAsnpFg4dAV+F7AeuHRpB5wB2de/9CCUjBFSTCU6wc
	H6DrWdn/sHpXPamu3cliqbDDKug0CQEZsHeGQAsC1xphTM+Q9jLL7XMvOgHSmRe9ceZMYr
	ECrIKi629w80LNJNoGNmuVE/BPWDjC1Z5RpUsduLnTSWDoketJEKnQMB0gz9rQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743899312;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=VRFmRgPUaDungoFUmODB2SvKhQ1plrH+P9C7W240hyg=;
	b=Sg75rSKAfqM5t17zkYub9bFhdIGJuFClvRR7vMJeFJEYR0D/LVtycRrKJPtBhCujtjCsh3
	CW056nFkNnHO8D0uNqJVLEc8tzkuxfRy25kPMsfKR0PBq1OAH/ARJRkp+7sVRKP2bvqHPT
	iPiJdvH6u0ZqTNFvv//p0gUlmXuxSbjeY9SQgdmKF9Kwv/6upfJRZwOl3JVIIV88ry6hCk
	ikx5HJaHkcXKEGJs6oeY9nm52p4Lpaui7FCbMmpfkIej6IvWXMxe2M1BU2WYOy0Q8jH3Qw
	DZu2x6Mq7RxxDtPvMrV+4rQD+9QZGpOwAiiNdKTb6hYd/39gUsNB9/NAkZbh9g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZVY9C6GmLzfHJ;
	Sun, 06 Apr 2025 00:28:31 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5360SVSR065812;
	Sun, 6 Apr 2025 00:28:31 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5360SV0l065809;
	Sun, 6 Apr 2025 00:28:31 GMT
	(envelope-from git)
Date: Sun, 6 Apr 2025 00:28:31 GMT
Message-Id: <202504060028.5360SV0l065809@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Christos Margiolis <christos@FreeBSD.org>
Subject: git: 2254bef61b7c - stable/14 - sound: Use bus_topo_lock()
  where appropriate
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: christos
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 2254bef61b7c36f2d0ab2fc62d1a28ef131102d9
Auto-Submitted: auto-generated

The branch stable/14 has been updated by christos:

URL: https://cgit.FreeBSD.org/src/commit/?id=2254bef61b7c36f2d0ab2fc62d1a28ef131102d9

commit 2254bef61b7c36f2d0ab2fc62d1a28ef131102d9
Author:     Christos Margiolis <christos@FreeBSD.org>
AuthorDate: 2025-03-30 17:46:14 +0000
Commit:     Christos Margiolis <christos@FreeBSD.org>
CommitDate: 2025-04-06 00:28:14 +0000

    sound: Use bus_topo_lock() where appropriate
    
    Lock around uses of devclass_*() and replace leftover
    CTLFLAG_NEEDGIANTs with CTLFLAG_MPSAFE.
    
    Sponsored by:   The FreeBSD Foundation
    MFC after:      1 week
    Reviewed by:    imp, jhb
    Differential Revision:  https://reviews.freebsd.org/D46700
    
    (cherry picked from commit 35400672df83e337f8792df1972a15003b603930)
---
 sys/dev/sound/pcm/channel.c     |  6 ++++--
 sys/dev/sound/pcm/dsp.c         |  6 ++++++
 sys/dev/sound/pcm/feeder_rate.c |  4 +++-
 sys/dev/sound/pcm/mixer.c       |  5 +++++
 sys/dev/sound/pcm/sound.c       | 19 +++++++++++++++++--
 sys/dev/sound/pcm/vchan.c       | 28 +++++++++++++++++++++++-----
 6 files changed, 58 insertions(+), 10 deletions(-)

diff --git a/sys/dev/sound/pcm/channel.c b/sys/dev/sound/pcm/channel.c
index 31a56a8b82e2..4d13f20a5262 100644
--- a/sys/dev/sound/pcm/channel.c
+++ b/sys/dev/sound/pcm/channel.c
@@ -132,6 +132,7 @@ chn_vpc_proc(int reset, int db)
 	struct pcm_channel *c;
 	int i;
 
+	bus_topo_lock();
 	for (i = 0; pcm_devclass != NULL &&
 	    i < devclass_get_maxunit(pcm_devclass); i++) {
 		d = devclass_get_softc(pcm_devclass, i);
@@ -150,6 +151,7 @@ chn_vpc_proc(int reset, int db)
 		PCM_RELEASE(d);
 		PCM_UNLOCK(d);
 	}
+	bus_topo_unlock();
 }
 
 static int
@@ -170,7 +172,7 @@ sysctl_hw_snd_vpc_0db(SYSCTL_HANDLER_ARGS)
 	return (0);
 }
 SYSCTL_PROC(_hw_snd, OID_AUTO, vpc_0db,
-    CTLTYPE_INT | CTLFLAG_RWTUN | CTLFLAG_NEEDGIANT, 0, sizeof(int),
+    CTLTYPE_INT | CTLFLAG_RWTUN | CTLFLAG_MPSAFE, 0, sizeof(int),
     sysctl_hw_snd_vpc_0db, "I",
     "0db relative level");
 
@@ -190,7 +192,7 @@ sysctl_hw_snd_vpc_reset(SYSCTL_HANDLER_ARGS)
 	return (0);
 }
 SYSCTL_PROC(_hw_snd, OID_AUTO, vpc_reset,
-    CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_NEEDGIANT, 0, sizeof(int),
+    CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, 0, sizeof(int),
     sysctl_hw_snd_vpc_reset, "I",
     "reset volume on all channels");
 
diff --git a/sys/dev/sound/pcm/dsp.c b/sys/dev/sound/pcm/dsp.c
index 422c64c1b880..c5caeea8a002 100644
--- a/sys/dev/sound/pcm/dsp.c
+++ b/sys/dev/sound/pcm/dsp.c
@@ -2016,6 +2016,7 @@ dsp_oss_audioinfo(struct cdev *i_dev, oss_audioinfo *ai, bool ex)
 	if (ai->dev == -1 && i_dev->si_devsw != &dsp_cdevsw)
 		return (EINVAL);
 
+	bus_topo_lock();
 	for (unit = 0; pcm_devclass != NULL &&
 	    unit < devclass_get_maxunit(pcm_devclass); unit++) {
 		d = devclass_get_softc(pcm_devclass, unit);
@@ -2023,6 +2024,7 @@ dsp_oss_audioinfo(struct cdev *i_dev, oss_audioinfo *ai, bool ex)
 			if ((ai->dev == -1 && unit == snd_unit) ||
 			    ai->dev == unit) {
 				dsp_oss_audioinfo_unavail(ai, unit);
+				bus_topo_unlock();
 				return (0);
 			} else {
 				d = NULL;
@@ -2041,6 +2043,7 @@ dsp_oss_audioinfo(struct cdev *i_dev, oss_audioinfo *ai, bool ex)
 			d = NULL;
 		}
 	}
+	bus_topo_unlock();
 
 	/* Exhausted the search -- nothing is locked, so return. */
 	if (d == NULL)
@@ -2197,6 +2200,7 @@ dsp_oss_engineinfo(struct cdev *i_dev, oss_audioinfo *ai)
 	 * Search for the requested audio device (channel).  Start by
 	 * iterating over pcm devices.
 	 */ 
+	bus_topo_lock();
 	for (unit = 0; pcm_devclass != NULL &&
 	    unit < devclass_get_maxunit(pcm_devclass); unit++) {
 		d = devclass_get_softc(pcm_devclass, unit);
@@ -2346,9 +2350,11 @@ dsp_oss_engineinfo(struct cdev *i_dev, oss_audioinfo *ai)
 
 		CHN_UNLOCK(ch);
 		PCM_UNLOCK(d);
+		bus_topo_unlock();
 
 		return (0);
 	}
+	bus_topo_unlock();
 
 	/* Exhausted the search -- nothing is locked, so return. */
 	return (EINVAL);
diff --git a/sys/dev/sound/pcm/feeder_rate.c b/sys/dev/sound/pcm/feeder_rate.c
index 9ea454cdee1e..9c29142b9d6b 100644
--- a/sys/dev/sound/pcm/feeder_rate.c
+++ b/sys/dev/sound/pcm/feeder_rate.c
@@ -258,6 +258,7 @@ sysctl_hw_snd_feeder_rate_quality(SYSCTL_HANDLER_ARGS)
 	 * set resampler quality if and only if it is exist as
 	 * part of feeder chains and the channel is idle.
 	 */
+	bus_topo_lock();
 	for (i = 0; pcm_devclass != NULL &&
 	    i < devclass_get_maxunit(pcm_devclass); i++) {
 		d = devclass_get_softc(pcm_devclass, i);
@@ -279,11 +280,12 @@ sysctl_hw_snd_feeder_rate_quality(SYSCTL_HANDLER_ARGS)
 		PCM_RELEASE(d);
 		PCM_UNLOCK(d);
 	}
+	bus_topo_unlock();
 
 	return (0);
 }
 SYSCTL_PROC(_hw_snd, OID_AUTO, feeder_rate_quality,
-    CTLTYPE_INT | CTLFLAG_RWTUN | CTLFLAG_NEEDGIANT, 0, sizeof(int),
+    CTLTYPE_INT | CTLFLAG_RWTUN | CTLFLAG_MPSAFE, 0, sizeof(int),
     sysctl_hw_snd_feeder_rate_quality, "I",
     "sample rate converter quality ("__XSTRING(Z_QUALITY_MIN)"=low .. "
     __XSTRING(Z_QUALITY_MAX)"=high)");
diff --git a/sys/dev/sound/pcm/mixer.c b/sys/dev/sound/pcm/mixer.c
index 7bd0a2e14c46..092af3298f0e 100644
--- a/sys/dev/sound/pcm/mixer.c
+++ b/sys/dev/sound/pcm/mixer.c
@@ -1444,12 +1444,14 @@ mixer_oss_mixerinfo(struct cdev *i_dev, oss_mixerinfo *mi)
 	 * There's a 1:1 relationship between mixers and PCM devices, so
 	 * begin by iterating over PCM devices and search for our mixer.
 	 */
+	bus_topo_lock();
 	for (i = 0; pcm_devclass != NULL &&
 	    i < devclass_get_maxunit(pcm_devclass); i++) {
 		d = devclass_get_softc(pcm_devclass, i);
 		if (!PCM_REGISTERED(d)) {
 			if ((mi->dev == -1 && i == snd_unit) || mi->dev == i) {
 				mixer_oss_mixerinfo_unavail(mi, i);
+				bus_topo_unlock();
 				return (0);
 			} else
 				continue;
@@ -1470,6 +1472,7 @@ mixer_oss_mixerinfo(struct cdev *i_dev, oss_mixerinfo *mi)
 		if (d->mixer_dev->si_drv1 == NULL) {
 			mixer_oss_mixerinfo_unavail(mi, i);
 			PCM_UNLOCK(d);
+			bus_topo_unlock();
 			return (0);
 		}
 
@@ -1550,8 +1553,10 @@ mixer_oss_mixerinfo(struct cdev *i_dev, oss_mixerinfo *mi)
 
 		PCM_UNLOCK(d);
 
+		bus_topo_unlock();
 		return (0);
 	}
+	bus_topo_unlock();
 
 	return (EINVAL);
 }
diff --git a/sys/dev/sound/pcm/sound.c b/sys/dev/sound/pcm/sound.c
index 99d8065c765d..794e1586b511 100644
--- a/sys/dev/sound/pcm/sound.c
+++ b/sys/dev/sound/pcm/sound.c
@@ -116,17 +116,21 @@ sysctl_hw_snd_default_unit(SYSCTL_HANDLER_ARGS)
 	unit = snd_unit;
 	error = sysctl_handle_int(oidp, &unit, 0, req);
 	if (error == 0 && req->newptr != NULL) {
+		bus_topo_lock();
 		d = devclass_get_softc(pcm_devclass, unit);
-		if (!PCM_REGISTERED(d) || CHN_EMPTY(d, channels.pcm))
+		if (!PCM_REGISTERED(d) || CHN_EMPTY(d, channels.pcm)) {
+			bus_topo_unlock();
 			return EINVAL;
+		}
 		snd_unit = unit;
 		snd_unit_auto = 0;
+		bus_topo_unlock();
 	}
 	return (error);
 }
 /* XXX: do we need a way to let the user change the default unit? */
 SYSCTL_PROC(_hw_snd, OID_AUTO, default_unit,
-    CTLTYPE_INT | CTLFLAG_RWTUN | CTLFLAG_ANYBODY | CTLFLAG_NEEDGIANT, 0,
+    CTLTYPE_INT | CTLFLAG_RWTUN | CTLFLAG_ANYBODY | CTLFLAG_MPSAFE, 0,
     sizeof(int), sysctl_hw_snd_default_unit, "I",
     "default sound device");
 
@@ -213,6 +217,7 @@ pcm_best_unit(int old)
 
 	best = -1;
 	bestprio = -100;
+	bus_topo_lock();
 	for (i = 0; pcm_devclass != NULL &&
 	    i < devclass_get_maxunit(pcm_devclass); i++) {
 		d = devclass_get_softc(pcm_devclass, i);
@@ -228,6 +233,8 @@ pcm_best_unit(int old)
 			bestprio = prio;
 		}
 	}
+	bus_topo_unlock();
+
 	return (best);
 }
 
@@ -556,6 +563,7 @@ sound_oss_sysinfo(oss_sysinfo *si)
 
 	j = 0;
 
+	bus_topo_lock();
 	for (i = 0; pcm_devclass != NULL &&
 	    i < devclass_get_maxunit(pcm_devclass); i++) {
 		d = devclass_get_softc(pcm_devclass, i);
@@ -582,6 +590,7 @@ sound_oss_sysinfo(oss_sysinfo *si)
 
 		PCM_UNLOCK(d);
 	}
+	bus_topo_unlock();
 
 	si->numsynths = 0;	/* OSSv4 docs:  this field is obsolete */
 	/**
@@ -602,9 +611,11 @@ sound_oss_sysinfo(oss_sysinfo *si)
 	 * break if they try to loop through all mixers and some of them are
 	 * not available.
 	 */
+	bus_topo_lock();
 	si->nummixers = devclass_get_maxunit(pcm_devclass);
 	si->numcards = devclass_get_maxunit(pcm_devclass);
 	si->numaudios = devclass_get_maxunit(pcm_devclass);
+	bus_topo_unlock();
 		/* OSSv4 docs:	Intended only for test apps; API doesn't
 		   really have much of a concept of cards.  Shouldn't be
 		   used by applications. */
@@ -630,6 +641,7 @@ sound_oss_card_info(oss_card_info *si)
 	struct snddev_info *d;
 	int i;
 
+	bus_topo_lock();
 	for (i = 0; pcm_devclass != NULL &&
 	    i < devclass_get_maxunit(pcm_devclass); i++) {
 		d = devclass_get_softc(pcm_devclass, i);
@@ -657,8 +669,11 @@ sound_oss_card_info(oss_card_info *si)
 			PCM_UNLOCK(d);
 		}
 
+		bus_topo_unlock();
 		return (0);
 	}
+	bus_topo_unlock();
+
 	return (ENXIO);
 }
 
diff --git a/sys/dev/sound/pcm/vchan.c b/sys/dev/sound/pcm/vchan.c
index 1f184f21807e..31a4f7db8d70 100644
--- a/sys/dev/sound/pcm/vchan.c
+++ b/sys/dev/sound/pcm/vchan.c
@@ -259,9 +259,13 @@ sysctl_dev_pcm_vchans(SYSCTL_HANDLER_ARGS)
 	struct snddev_info *d;
 	int err, enabled, flag;
 
+	bus_topo_lock();
 	d = devclass_get_softc(pcm_devclass, VCHAN_SYSCTL_UNIT(oidp->oid_arg1));
-	if (!PCM_REGISTERED(d))
+	if (!PCM_REGISTERED(d)) {
+		bus_topo_unlock();
 		return (EINVAL);
+	}
+	bus_topo_unlock();
 
 	PCM_LOCK(d);
 	PCM_WAIT(d);
@@ -317,9 +321,13 @@ sysctl_dev_pcm_vchanmode(SYSCTL_HANDLER_ARGS)
 	int *vchanmode, direction, ret;
 	char dtype[16];
 
+	bus_topo_lock();
 	d = devclass_get_softc(pcm_devclass, VCHAN_SYSCTL_UNIT(oidp->oid_arg1));
-	if (!PCM_REGISTERED(d))
+	if (!PCM_REGISTERED(d)) {
+		bus_topo_unlock();
 		return (EINVAL);
+	}
+	bus_topo_unlock();
 
 	PCM_LOCK(d);
 	PCM_WAIT(d);
@@ -407,9 +415,13 @@ sysctl_dev_pcm_vchanrate(SYSCTL_HANDLER_ARGS)
 	struct pcm_channel *c, *ch;
 	int *vchanrate, direction, ret, newspd, restart;
 
+	bus_topo_lock();
 	d = devclass_get_softc(pcm_devclass, VCHAN_SYSCTL_UNIT(oidp->oid_arg1));
-	if (!PCM_REGISTERED(d))
+	if (!PCM_REGISTERED(d)) {
+		bus_topo_unlock();
 		return (EINVAL);
+	}
+	bus_topo_unlock();
 
 	PCM_LOCK(d);
 	PCM_WAIT(d);
@@ -499,9 +511,13 @@ sysctl_dev_pcm_vchanformat(SYSCTL_HANDLER_ARGS)
 	int *vchanformat, direction, ret, restart;
 	char fmtstr[AFMTSTR_LEN];
 
+	bus_topo_lock();
 	d = devclass_get_softc(pcm_devclass, VCHAN_SYSCTL_UNIT(oidp->oid_arg1));
-	if (!PCM_REGISTERED(d))
+	if (!PCM_REGISTERED(d)) {
+		bus_topo_unlock();
 		return (EINVAL);
+	}
+	bus_topo_unlock();
 
 	PCM_LOCK(d);
 	PCM_WAIT(d);
@@ -749,6 +765,7 @@ sysctl_hw_snd_vchans_enable(SYSCTL_HANDLER_ARGS)
 	if (error != 0 || req->newptr == NULL)
 		return (error);
 
+	bus_topo_lock();
 	snd_vchans_enable = v >= 1;
 
 	for (i = 0; pcm_devclass != NULL &&
@@ -766,11 +783,12 @@ sysctl_hw_snd_vchans_enable(SYSCTL_HANDLER_ARGS)
 			d->flags &= ~(SD_F_PVCHANS | SD_F_RVCHANS);
 		PCM_RELEASE_QUICK(d);
 	}
+	bus_topo_unlock();
 
 	return (0);
 }
 SYSCTL_PROC(_hw_snd, OID_AUTO, vchans_enable,
-    CTLTYPE_INT | CTLFLAG_RWTUN | CTLFLAG_NEEDGIANT, 0, sizeof(int),
+    CTLTYPE_INT | CTLFLAG_RWTUN | CTLFLAG_MPSAFE, 0, sizeof(int),
     sysctl_hw_snd_vchans_enable, "I", "global virtual channel switch");
 
 void

From nobody Sun Apr  6 22:51:08 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZW6yP2Yvsz5s8Sx;
	Sun, 06 Apr 2025 22:51:09 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZW6yN597hz3KQD;
	Sun, 06 Apr 2025 22:51:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743979868;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=tlzc4EQLtEj+YDo3E3QY+1Ezj5q47gX0nW7OxAIFOXk=;
	b=pB4hf42SxtOiToE6hqB9qpd/zeNj1FKSjqKgnzZHg/l0hda4oynAp74Elrv1sDALxR2bgX
	Bye35arUWgOio1Q4rUX52QrK+mfME1QtJmw76YLq410f7UOrnoLkNwEg8LyxryPQ/kX9Ah
	f3KMyb2WvvfbsCU401VMqeEYRovA92kQYB4eoZp/0CXr1HsuJnhv8X4C+b0Mqrd5n+3rDe
	j3bSncyOXwr54MfvNnfAz7tP8DUGu4Dc+VItkzDNmHW2EmpvXnV3X3qW6cfblZ0In6kzVg
	2qcpXNNvWiZ99qtYsmpE2AEZ8Z1wHs9WKpVLTYVvQzdP5CSoTVDuNIvN/YrpGQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743979868; a=rsa-sha256; cv=none;
	b=FsCqYSNd9QzVAfRmAZNKEbCcz0QlRfDS6Y4gdBXbkU1qZYztY64k3iku6F6kDjmCkP+AJR
	JRmpTpDhGSwkcDt3Mqs+0xSYQIj+aeK3Q01oXMzSqSWf7qDLyVwY3jR09xfA07BuPms8iK
	8LFNAkcTBxtwzY1QpruzY0CPdFpV89rs1go7pHjHbyEVtLulgXAb4Qo1OMStCPnCN/nV7y
	GOO//ZG2b5yvKlzdFEFI/0J2/c6C+i2fkFr/2WegSIG/kG92Lh1QfykBm7BwSn8eVOs5ky
	bxZZ7ttqeJhl/90RFwAokq71YyiU11rS25301ZfZ/HEx2y3M0Nv55n/3TUIW1Q==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743979868;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=tlzc4EQLtEj+YDo3E3QY+1Ezj5q47gX0nW7OxAIFOXk=;
	b=YoC9t20xMgqyFoUIsrh5KOhYBdWEiRH1P5XrRpnmtRzS80Vr4OrYtlR+scn5YMnAW6EvR5
	L3Z03O5SPnhrigSutMhnfISUBaUrCYi+AMJmgCYP4yvUnb5A+HFge5TWWyKhXlD/JYUaE6
	aCFzIo4rNFqw1Xe4GaJhCnX6dGokdCSC1uVvp6VTH1ceRau11Rni5Y7lWkUOC6e7y3e/SV
	oau6n3dHbrP+vXN1FSFydDxWbPLuq5vhOkcWLWlYYWFYxg/p70RINnWAY7fMJeyW98xtj7
	cP+wgNwsrJYzbDBmJ4FbrJ86O6zEY/vilXQpLXE1twdc05wDXTIH7RzasVqWUA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZW6yN4Vqwz5WC;
	Sun, 06 Apr 2025 22:51:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 536Mp85C077022;
	Sun, 6 Apr 2025 22:51:08 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 536Mp8pW077019;
	Sun, 6 Apr 2025 22:51:08 GMT
	(envelope-from git)
Date: Sun, 6 Apr 2025 22:51:08 GMT
Message-Id: <202504062251.536Mp8pW077019@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: e1a3b7ff9fe6 - stable/14 - pkill tests: Fix pkill
  usage in the pkill -x test
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: e1a3b7ff9fe6152b4a112cc47c5155c4c9da9b74
Auto-Submitted: auto-generated

The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=e1a3b7ff9fe6152b4a112cc47c5155c4c9da9b74

commit e1a3b7ff9fe6152b4a112cc47c5155c4c9da9b74
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-03-15 11:12:45 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-04-06 13:54:03 +0000

    pkill tests: Fix pkill usage in the pkill -x test
    
    The target process name(s) mark the beginning of the command's
    positional parameters, so the -P filter wasn't getting applied as
    intended.  As a result, the second "pkill -x sleep -P $$" would kill all
    sleep(1) processes in the system, which can cause problems when running
    tests in parallel.
    
    MFC after:      2 weeks
    
    (cherry picked from commit 57b09e470dbd84d1491a8972cf504b25e788a6c3)
---
 bin/pkill/tests/pkill-x_test.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/bin/pkill/tests/pkill-x_test.sh b/bin/pkill/tests/pkill-x_test.sh
index 9247a85863c0..5fe751f9ec72 100644
--- a/bin/pkill/tests/pkill-x_test.sh
+++ b/bin/pkill/tests/pkill-x_test.sh
@@ -9,13 +9,13 @@ sleep=$(pwd)/sleep.txt
 ln -sf /bin/sleep $sleep
 $sleep 5 &
 sleep 0.3
-pkill -x slee -P $$
+pkill -P $$ -x slee
 if [ $? -ne 0 ]; then
 	echo "ok 1 - $name"
 else
 	echo "not ok 1 - $name"
 fi
-pkill -x sleep -P $$
+pkill -P $$ -x sleep
 if [ $? -eq 0 ]; then
 	echo "ok 2 - $name"
 else
@@ -28,13 +28,13 @@ sleep=$(pwd)/sleep.txt
 ln -sf /bin/sleep $sleep
 $sleep 5 &
 sleep 0.3
-pkill -x -f "$sleep " -P $$
+pkill -P $$ -x -f "$sleep "
 if [ $? -ne 0 ]; then
 	echo "ok 3 - $name"
 else
 	echo "not ok 3 - $name"
 fi
-pkill -x -f "$sleep 5" -P $$
+pkill -P $$ -x -f "$sleep 5"
 if [ $? -eq 0 ]; then
 	echo "ok 4 - $name"
 else

From nobody Sun Apr  6 22:51:09 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZW6yQ2Pt1z5s8Rv;
	Sun, 06 Apr 2025 22:51:10 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZW6yP66Smz3KSY;
	Sun, 06 Apr 2025 22:51:09 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743979869;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=O5Txn8gi+lTQedH2Ux/DtrpwyzhS+DoPEHeF9/hqXCM=;
	b=rH9nD04lly3NaeP8RClM8tZvUOiwAmQbxfQNOHfvppo9W+0fEnvY3S5wdw0wMybxszNFOa
	6SEneoZf8zhw2w98f7MAePg6U1ku57iQPO5CDUK6pBNyoKJuqmZf0qIC2ny7BPlZt/fwgU
	+hW0K/FGJfquwJkHSwcJgUNWQbvD3TgRvhd7dQopguKbTO8Z1heyBfpdxP/LmzzBhb9zIA
	KM8TYlmeaRO+gyfXNaOS0o2esl2Vmh1cDd4tkg29/dqhgXUw32m1H+jwed2iejxXrA8YWz
	PjDHbjKghxtusIFo3CzVcXcvqN6qqegROuBG5QSSqP8c9CDontUb7bGDk2EKZw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743979869; a=rsa-sha256; cv=none;
	b=KOvPHkVuFoATqB3f0zH7bYuWi1uE66rHWe5o/o9pNdPm6HemPgBq7ZLm8aZoTy5oWi0ALg
	EmXB5GxgwcTjV/galELa0YhcTsfkCAUojxhA1tfEC67bIr6kvdRkcY61S3mEdscj4w3dbB
	GFVyFMDt6ka49GZLtNrx7blkmJQRgaKF26Jp+NJrbHANK5NQr05H10yHlD2VkqXsOqqL90
	h3mM8Sb+U0UkLRim1wRhCU7obYG0Moqw1JCz6XjGOALoC0rTkeRzNXIsmOFy7ybweWzvDJ
	9IRwmHgdMSas3gr0Se7ez+Zl23MZb3hrEyvAPjmZ37zb8Luie55wtcddbIboeQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743979869;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=O5Txn8gi+lTQedH2Ux/DtrpwyzhS+DoPEHeF9/hqXCM=;
	b=Zswde0e5oBl7gBWu0DIPlHb8uXd7c7xUvS12JjWEigo3awO4bgZbuAsP/f6/d6T617XQk1
	DJD7ZurZ9hncU7LmOlL8Uc051ISC5YqOOJ7vAjThEFZzhuPFYzZB0g9fZ+/41o67769S+U
	MHPMzca6TU2No26gA6KKk3eeQdKHw6N25LAQ7XltgGTBOnh+NO/FJMo5Fnu9OkRVfzp9lh
	0L1FO3ZEmeW8Ewpm4MfAKEGUKMgm0pYRLfgEs3Y6/d5fZpUVwhPmKp+RdFQHWw6FYXbQuv
	rTRD3Ul8ers3IhSqf17/DJQotUgbxBjux1NuMnNJQroFsEPSEEr5w+OQolaf8A==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZW6yP5ThQz5Xt;
	Sun, 06 Apr 2025 22:51:09 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 536Mp9nc077054;
	Sun, 6 Apr 2025 22:51:09 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 536Mp9cU077051;
	Sun, 6 Apr 2025 22:51:09 GMT
	(envelope-from git)
Date: Sun, 6 Apr 2025 22:51:09 GMT
Message-Id: <202504062251.536Mp9cU077051@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: 014ce35640bf - stable/14 - vfs: Return early from
  sysctl_vfs_ctl() if no input was given
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 014ce35640bf1a00edf3f7163c3248bb484c29f2
Auto-Submitted: auto-generated

The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=014ce35640bf1a00edf3f7163c3248bb484c29f2

commit 014ce35640bf1a00edf3f7163c3248bb484c29f2
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-03-20 01:34:18 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-04-06 13:54:03 +0000

    vfs: Return early from sysctl_vfs_ctl() if no input was given
    
    Otherwise we end up searching for a mountpoint using an uninitialized
    key, and likely failing the version test.  This violates KMSAN's
    invariants, so simply return immediately instead.
    
    MFC after:      2 weeks
    
    (cherry picked from commit d8703cd80247ca203b817305753bda2b7dbfb5ef)
---
 sys/kern/vfs_subr.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c
index 5a0a7f9161ed..6c116448a59a 100644
--- a/sys/kern/vfs_subr.c
+++ b/sys/kern/vfs_subr.c
@@ -6451,6 +6451,8 @@ sysctl_vfs_ctl(SYSCTL_HANDLER_ARGS)
 	int error;
 	struct mount *mp;
 
+	if (req->newptr == NULL)
+		return (EINVAL);
 	error = SYSCTL_IN(req, &vc, sizeof(vc));
 	if (error)
 		return (error);

From nobody Sun Apr  6 22:51:11 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZW6yS4q5tz5s8PX;
	Sun, 06 Apr 2025 22:51:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZW6yS2x8qz3KKN;
	Sun, 06 Apr 2025 22:51:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743979872;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=O9o7Y++KGS6Fg9xEGyARmZkQZT53/a1igPZPYNM9BgI=;
	b=wu5uxmrZAodvpmozmQTEJq8QmrJE5ibkrJQ/bangJ8zTvjz0Ian3rDKPVBazfzLZHBrUaR
	9isB/ysdELotb4sgacrCowLxkIZfZTHsdXvDn9jTw98kZ8x3Y2OQJGvrw0hzpcKh7//Dec
	RmmrZR/A19/7KykQ95pq7QTegFXWZKyPu1N+Sb0TyQK89GunWlDVaUECodCB1wRnTqJbpu
	ZRsv8kLDGXbFypF3dlrLfv0c/GWmPSufOdMCILlWMThFEm491zrC+P+xLV6UEVnOhga+su
	F1g5uSgCtYORwP6AMXNdZ8Zyzd68FtZ59NnJQAFkX63fkuMq+AkdAv6cTGcwXg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743979872; a=rsa-sha256; cv=none;
	b=sORpsmwYbxVp+sO3qPVefpG2DpqU1Ws2egEtjMZDBKdlLLqhpbfPDnHieovsH8SFcXrbx4
	9GUSNmbxZ52drgQxtAmwuNMX96/6m3/YOCW9JTo8XiqDRzIHJ5z9McNs9ZESbw9HODEkk0
	4thVkoiwr8UYqD3P0kXAwSs+LVvmByZCyRQLWdsd3y6wpr6JD1RRTJVM1BPhJDRId4sOOa
	IQY37S/U6rZX02xFzhWoEz9uLR7P0eYnWkyrLIAgrv6jVWoi7RhY2x6OHJF0m/qwZf4rmS
	6inQzzkzqp+eLPqNhUL4bQWS73YFWtCoCGZOxdfOhCsxq2LsL8zeyE662KEOGQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743979872;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=O9o7Y++KGS6Fg9xEGyARmZkQZT53/a1igPZPYNM9BgI=;
	b=nR7dm5TJHGjLOV7uhv2+5r7+06cQacjAZKKQOSweuZJ64vqI3i1acRk+F7n/VbtlcDvYIR
	cK1gHseLqtAOG71R4IvXfjAzyBZdNhw0bLpy6zluBpBBzbcECRGhPCQ9172bLiMWPIxwZn
	Qw/RPOQDeH5kdPOU1gNJQ/E3FtVtXANImCmeEo426Nx7Te0gS6jnXt2NQxR16LjssTgA6P
	zgQqXiNjqD6Etq8adX+2D1bxzA+kHb5GTQelqvlzwWfWluEJvlkR1A58vt1senNoMalTuD
	cESNHT0Fzf5DP6icsXDdWorPTNanVcC+huekqQ3N8GwAa3i9l8m3OjQLEgcFsQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZW6yS04mfz579;
	Sun, 06 Apr 2025 22:51:12 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 536MpBBZ077118;
	Sun, 6 Apr 2025 22:51:11 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 536MpBtB077115;
	Sun, 6 Apr 2025 22:51:11 GMT
	(envelope-from git)
Date: Sun, 6 Apr 2025 22:51:11 GMT
Message-Id: <202504062251.536MpBtB077115@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: 43a32f790bc5 - stable/14 - malloc: Fix DEBUG_REDZONE
  for contigmalloc()
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 43a32f790bc5c79b1557a14f9540c8cc02ef5028
Auto-Submitted: auto-generated

The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=43a32f790bc5c79b1557a14f9540c8cc02ef5028

commit 43a32f790bc5c79b1557a14f9540c8cc02ef5028
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-03-23 13:42:40 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-04-06 13:54:05 +0000

    malloc: Fix DEBUG_REDZONE for contigmalloc()
    
    When free() was adapted to support allocations originating from
    contigmalloc(), redzone(9) support was not included.  redzone(9)
    involves adjusting the pointer to freed memory before looking up the
    slab cookie, so it's not straightforward to make contigmalloc() opt out
    of redzone support.
    
    Thus, augment contigmalloc() to support redzone.
    
    Reported by:    glebius
    Tested by:      dhw
    MFC after:      2 weeks
    Fixes:          9e6544dd6e02 ("malloc(9): extend contigmalloc(9) by a "slab cookie"")
    
    (cherry picked from commit 74361d693aec892b01c1553bda7176f8d341b2ff)
---
 sys/kern/kern_malloc.c | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/sys/kern/kern_malloc.c b/sys/kern/kern_malloc.c
index 3fef90b5fa82..f31fc2a76a07 100644
--- a/sys/kern/kern_malloc.c
+++ b/sys/kern/kern_malloc.c
@@ -479,11 +479,18 @@ contigmalloc_size(uma_slab_t slab)
 }
 
 void *
-contigmalloc(unsigned long size, struct malloc_type *type, int flags,
+contigmalloc(unsigned long osize, struct malloc_type *type, int flags,
     vm_paddr_t low, vm_paddr_t high, unsigned long alignment,
     vm_paddr_t boundary)
 {
 	void *ret;
+	unsigned long size;
+
+#ifdef DEBUG_REDZONE
+	size = redzone_size_ntor(osize);
+#else
+	size = osize;
+#endif
 
 	ret = (void *)kmem_alloc_contig(size, flags, low, high, alignment,
 	    boundary, VM_MEMATTR_DEFAULT);
@@ -491,16 +498,26 @@ contigmalloc(unsigned long size, struct malloc_type *type, int flags,
 		/* Use low bits unused for slab pointers. */
 		vsetzoneslab((uintptr_t)ret, NULL, CONTIG_MALLOC_SLAB(size));
 		malloc_type_allocated(type, round_page(size));
+#ifdef DEBUG_REDZONE
+		ret = redzone_setup(ret, osize);
+#endif
 	}
 	return (ret);
 }
 
 void *
-contigmalloc_domainset(unsigned long size, struct malloc_type *type,
+contigmalloc_domainset(unsigned long osize, struct malloc_type *type,
     struct domainset *ds, int flags, vm_paddr_t low, vm_paddr_t high,
     unsigned long alignment, vm_paddr_t boundary)
 {
 	void *ret;
+	unsigned long size;
+
+#ifdef DEBUG_REDZONE
+	size = redzone_size_ntor(osize);
+#else
+	size = osize;
+#endif
 
 	ret = (void *)kmem_alloc_contig_domainset(ds, size, flags, low, high,
 	    alignment, boundary, VM_MEMATTR_DEFAULT);
@@ -508,6 +525,9 @@ contigmalloc_domainset(unsigned long size, struct malloc_type *type,
 		/* Use low bits unused for slab pointers. */
 		vsetzoneslab((uintptr_t)ret, NULL, CONTIG_MALLOC_SLAB(size));
 		malloc_type_allocated(type, round_page(size));
+#ifdef DEBUG_REDZONE
+		ret = redzone_setup(ret, osize);
+#endif
 	}
 	return (ret);
 }

From nobody Sun Apr  6 22:51:13 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZW6yT4jsrz5s8TB;
	Sun, 06 Apr 2025 22:51:13 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZW6yT1sScz3KQK;
	Sun, 06 Apr 2025 22:51:13 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743979873;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=qK+DxFVKJjIlmNqZPF+yzhtN83Oj7S6fY1pvU1KzUKw=;
	b=vHn35lAbpTp1KIHe1gQ/3IYTUMcyrBs3j8L89iMc3l3bGXcsODym4Abka1BIqDaQxkt9Pq
	f2cTR68jDOVJrFc/Rl6v5O9SAZOU8a2ZCiOZ8mz4ZSlBLXoaSOWZ/tVRUg09zXSBfN4Ez7
	ACOyxkkLAvyD0dH3UocvoRYfW27Ok+3Hpo+4hs0NAfJS48SDv+iFwlrPhB4Zq5XaPpaED2
	E+lok68Se6VIncQov396uzObDVbZVVEw/O9o0azsPBwqiYB4M9oZBiHXZHv96dgOJ2QMSG
	xbDKK1YkzPF2kmOf6nNmt4jiguwGYfirKZ5uEJxCl1XNZ/7USeEvRMfVU8bilw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743979873; a=rsa-sha256; cv=none;
	b=NXBLFTyLvYdJ+5/viubDfq1RBProhO9+5aZMDX+2815B18LdAkKvAYO7i+Pv1/n5u4oq8A
	RJMqvF6GC4xsMDQogdc+Tz29YkZ6+egXSEfL/dgej9+XLylreB0S0MnIfbA9dk+XNNF81U
	mxzXBiYlHvQ9mkc09vdISrHTIDNYjldxyBAacxXEy4pPWxsyK/bNtkewZeLRYaVIBdP/T5
	v/11x1BLacS056f3JQvLVJq4R47nTF+SgcrdmnTcBVsTFWtchwMIM3rJNUIxyo4u3NPkFF
	OkW1CXpjNTWAbdIty9wpSvTva3IpTNF93K18psqJh8D+ZPSqSrElw5OC8O19aA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743979873;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=qK+DxFVKJjIlmNqZPF+yzhtN83Oj7S6fY1pvU1KzUKw=;
	b=bFrOTJDMBrakS2Bm4G0VUcjsGpdem0HBWdAnP3eAH9pwzdF4vZiGHTZeGY5wMu+Xdcvy6t
	+wT6pzOvfvVYJ1KPePwPF6Y1uJLOEfffBEn45mKLnlS+qFKHwzjH0MQpo/QCH/jmvyGgRa
	oumqEUtIeZfNb/EtwvZpf2swgKWni67AlXPUstBaWFknsOJ++dfgdPZD/BQU1ZkE1JQH/N
	urqQw9dQYvIONhi1AaHYqkIOo5AsTjOlp8pRFa4oZNk19GKhiIw2oXdpLoTD+ODIbLksaA
	qZXF4bK5r12hemsU7pCJBcO8DcrvF2TaEw5ald2iUkYRPYz8TD0kXU5KgKt7lw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZW6yT1BJMz57B;
	Sun, 06 Apr 2025 22:51:13 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 536MpDUC077155;
	Sun, 6 Apr 2025 22:51:13 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 536MpDJ4077151;
	Sun, 6 Apr 2025 22:51:13 GMT
	(envelope-from git)
Date: Sun, 6 Apr 2025 22:51:13 GMT
Message-Id: <202504062251.536MpDJ4077151@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: 51489b9ced27 - stable/14 - ktrace: Use STAILQ_EMPTY_ATOMIC
  when checking for records in userret()
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 51489b9ced27afdf9ea34edc65c8c31274ccc9c5
Auto-Submitted: auto-generated

The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=51489b9ced27afdf9ea34edc65c8c31274ccc9c5

commit 51489b9ced27afdf9ea34edc65c8c31274ccc9c5
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-03-23 11:54:59 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-04-06 13:54:13 +0000

    ktrace: Use STAILQ_EMPTY_ATOMIC when checking for records in userret()
    
    As in commit 36631977d8c9, this check is unlocked and may trigger
    spurious assertion failures.  Use STAILQ_EMPTY_ATOMIC() here as well.
    Fix nearby whitespace.
    
    Reported by:    syzkaller
    Reviewed by:    olce
    Fixes:          34740937f7a4 ("queue: New debug macros for STAILQ")
    MFC after:      2 weeks
    Differential Revision:  https://reviews.freebsd.org/D49441
    
    (cherry picked from commit e9a846468acfbba35ca40b888670559aaff7228d)
---
 sys/sys/ktrace.h | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/sys/sys/ktrace.h b/sys/sys/ktrace.h
index 2618c7c719b3..b615d82d2198 100644
--- a/sys/sys/ktrace.h
+++ b/sys/sys/ktrace.h
@@ -89,10 +89,9 @@ struct ktr_header {
  * is the public interface.
  */
 #define	KTRCHECK(td, type)	((td)->td_proc->p_traceflag & (1 << type))
-#define KTRPOINT(td, type)  (__predict_false(KTRCHECK((td), (type))))
-#define	KTRCHECKDRAIN(td)	(!(STAILQ_EMPTY(&(td)->td_proc->p_ktr)))
+#define	KTRPOINT(td, type)	(__predict_false(KTRCHECK((td), (type))))
 #define	KTRUSERRET(td) do {						\
-	if (__predict_false(KTRCHECKDRAIN(td)))				\
+	if (__predict_false(!STAILQ_EMPTY_ATOMIC(&(td)->td_proc->p_ktr))) \
 		ktruserret(td);						\
 } while (0)
 

From nobody Sun Apr  6 22:51:16 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZW6yY0Zhcz5s8cS;
	Sun, 06 Apr 2025 22:51:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZW6yX4BHKz3KHT;
	Sun, 06 Apr 2025 22:51:16 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743979876;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=suKi5DFIkNQzWVGVdJ5EEZlXY0DpmmD+R+2PfwcekeM=;
	b=Fli09nkfmaKx4uQsK2pdWKan0HSaTCAfPw7zasBvkXFz2JmSyhNAI/k6O5WzJzbrEOixHM
	4J0zokP3nFmo5gUZryR4tZJxp1yptrQOWYe4N0QJ2NEZ0lw2gZYJ//NgFTjPoRSKwwm2jd
	B5/FHZm4iyfREJ8fie8KLpFoQjpDrUTU055Sgxpi66DxTeCNHZHP8ftNXXeoGUZRoOCYSx
	NZCEuDHI2EvKz2zHDZ5lJKjXA5gZhSfLBzApmcDGPCK5zFrN3vDwew/6TnOuoTpF2ofmG3
	Eb8Smenty43O4OWk9EffajW55Wjf4B1DFrFWbTxZ1cHoo+7CPN6xuGxFF8X0Gg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743979876; a=rsa-sha256; cv=none;
	b=OF+tZ7mSHBc/5mQzMfryau/DMcHzhC27ec3Xh1UdtBNyPgmLNpOpAQI6wcPIrQobY9mC43
	/blY5BTsY/jUakHIcM4SU5rbMSD7lHp0NV35D87zzkwP8F4/7pZyQUL63ey1zQ09OiMdAi
	A3PCHhzT+o8qqWwjn016EV9a8OUNJjBopz0GS2L7L4/t5lSmc7F4gFssUTmc0wpsb01Y+B
	razKZrJ57HwMuqwbbYe6bO+CeoSdG9NdKU6redbvrOpiusD9c56HocVg5YQalLdXcFjcKA
	fA9tKEA/Q4pu9lxv8jXiP9wywnHbFWY/wYN07tUtleUYYDe3ZpTB9E6h6+gXIw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743979876;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=suKi5DFIkNQzWVGVdJ5EEZlXY0DpmmD+R+2PfwcekeM=;
	b=qBwBFftQZJjPSa7+9Yy3ANqexgEUqr62MKsPTZX75QJFUdGFNI6h1QNe0vFSEhUP0i+i8F
	EpDBZ1JGNzJxu7o3HMdR83ZJAVJJqt+PWR8Pzv7IC/7v6wItrq4xz3eoqRHx+OIaX0Ei8a
	+lywOoUoWtjGs6odVizy9Rg1ZBrbulaLyyx4E4ifDuJe7fHXV1JP7UPXFII9msTzDNHY38
	JKbfFqt9bh/l2akLDW+N+Q6VfoPfsJw2ij04vAzxCkAu9IYGi+rtGYTSW2O4e6OgcAXjxN
	6tQyKHgou52ABeD3sR1ZY0lo630dUyRCZuc67g4RROLguxdpJ/uA/SWCecSuFA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZW6yX3p1Tz5lQ;
	Sun, 06 Apr 2025 22:51:16 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 536MpGP3077256;
	Sun, 6 Apr 2025 22:51:16 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 536MpGlM077253;
	Sun, 6 Apr 2025 22:51:16 GMT
	(envelope-from git)
Date: Sun, 6 Apr 2025 22:51:16 GMT
Message-Id: <202504062251.536MpGlM077253@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: 984e3d813e5f - stable/14 - netmap: fix unit tests
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 984e3d813e5f1d2a0938bdf5c03712de0ab1099b
Auto-Submitted: auto-generated

The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=984e3d813e5f1d2a0938bdf5c03712de0ab1099b

commit 984e3d813e5f1d2a0938bdf5c03712de0ab1099b
Author:     Vincenzo Maffione <vmaffione@FreeBSD.org>
AuthorDate: 2023-12-29 07:46:46 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-04-06 18:05:05 +0000

    netmap: fix unit tests
    
    After ad874544d9f018bf8eef4053b5ca7b856c4674cb, interface name
    validation has been removed, resulting in two unit tests failures.
    Drop the failing tests since they no longer apply.
    
    Reported by:    markj
    
    (cherry picked from commit ee5804da116f2107451c8b4376b69b3a64a630e8)
---
 tests/sys/netmap/ctrl-api-test.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/tests/sys/netmap/ctrl-api-test.c b/tests/sys/netmap/ctrl-api-test.c
index 9fc08d3082a4..8d33b4c58d2a 100644
--- a/tests/sys/netmap/ctrl-api-test.c
+++ b/tests/sys/netmap/ctrl-api-test.c
@@ -1803,7 +1803,6 @@ static struct nmreq_parse_test nmreq_parse_tests[] = {
 	{ "netmap:",			"",		NULL,		EINVAL, 0,		0,	0 },
 	{ "netmap:^",			"",		NULL,		EINVAL,	0,		0,	0 },
 	{ "netmap:{",			"",		NULL,		EINVAL,	0,		0,	0 },
-	{ "netmap:vale0:0",		NULL,		NULL,		EINVAL,	0,		0,	0 },
 	{ "eth0",			NULL,		NULL,		EINVAL, 0,		0,	0 },
 	{ "vale0:0",			"vale0:0",	"",		0,	NR_REG_ALL_NIC, 0,	0 },
 	{ "vale:0",			"vale:0",	"",		0,	NR_REG_ALL_NIC, 0,	0 },
@@ -1811,7 +1810,6 @@ static struct nmreq_parse_test nmreq_parse_tests[] = {
 	{ "valeXXX:YYY-4",		"valeXXX:YYY",	"",		0,	NR_REG_ONE_NIC, 4,	0 },
 	{ "netmapXXX:eth0",		NULL,		NULL,		EINVAL,	0,		0,	0 },
 	{ "netmap:14",			"14",		"",		0, 	NR_REG_ALL_NIC,	0,	0 },
-	{ "netmap:eth0&",		NULL,		NULL,		EINVAL, 0,		0,	0 },
 	{ "netmap:pipe{0",		"pipe{0",	"",		0,	NR_REG_ALL_NIC, 0,	0 },
 	{ "netmap:pipe{in",		"pipe{in",	"",		0,	NR_REG_ALL_NIC, 0,	0 },
 	{ "netmap:pipe{in-7",		"pipe{in",	"",		0,	NR_REG_ONE_NIC, 7,	0 },

From nobody Sun Apr  6 22:51:15 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZW6yX0xK7z5s8Wv;
	Sun, 06 Apr 2025 22:51:16 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZW6yW3QhBz3KWW;
	Sun, 06 Apr 2025 22:51:15 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743979875;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=PFHFfDvFhFAnL8CYTBgdP2cjKlzQzmSFG9kyOHsJ9Po=;
	b=xVl4Yl5ePITTqgohdLurZ9qg6McIpimv8oHMqWAa9kXfB3fepFS+fJBM1A7bDGjSIBV8Zq
	O9RMLtSe+mCYh+hfa0271zNryWe7qGFp5Tnbin0kdW3ge26W1ddNXrWK60I7UF88u6smMN
	h9mjc7+JIMY0cvSHvadxXl62mMKChWdQ3Qa1LFXNhmTl1aPrWJtOiAYhiIMgktiOZSJRWl
	AhtbCDgMw4udCaLigfSbQ33zqipWmgMWf3h67n1rq+S2Inz0llfQ5M5W2GKG6CgFMhxbWp
	wbu+f92JtsrIevQ/vPh22els2bhUV0icIcRCqdWmfkCswx58oEc8FB2xVTHQ3g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743979875; a=rsa-sha256; cv=none;
	b=agpyDRqUJB7rnblhNIYDsl6HovD2HU+pB6HwF4v1rwzP+dIKEKOLVwD/Vg9/K1wi6tBgw0
	ZCI00rUKmgvcHvpi52Km/NI1ltgdpWd0tdTSLrOjTBxKaA0QgBgtvlyd/H6hDX36ysqJXC
	TmkosWRL/WgGygZO0O8rCgm92MGzxlL5VA49LCymEzVJuuG1buoPkrcPZXZ97mOfWuD9kZ
	raZcIU4NQyHrpiN5FgqgDVUz1S+UPKu2A2R6fYWZKeZ+Sn6cRTDVuXXfIKsaTUMC1M1Cw8
	hHsv86ym3sNg8xC1mMapXEKAiPH81fQ+CaDVxh96UjUxZzoOWdKMXiuEJoY8/A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743979875;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=PFHFfDvFhFAnL8CYTBgdP2cjKlzQzmSFG9kyOHsJ9Po=;
	b=J3y++PCPLrY4rOIKugaLCQLIxIpiZwvJZWITDGEfWP0ATDpoe94qldpYT/PQSAeP9Sylbt
	rWywCwZpw+UQmgxwaIXT6jpxTFJIbPPaxuBkcOyRM9ZwkrwQpMp6lPXUgOHsYkSKvwAOmw
	SJ7lY+qTXOsv6kF/PoR3/XHPLsTh8oY0Wh4CwfUc+tJro7WuqKGvSqvJgcrkhjtQubiOqA
	QyaNLpfg3YtgC/gH+oo7XHooHkfcOLUeuIEgZbbLzDy+t/fHtwHV3wFvTeMQgADTCjDM3H
	bRQGRAZQYT7lSR4duG7S+4tddmO7ewEE2/oVZc0HxnRbeqY0uPx6fRaK7So9KQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZW6yW2x5wz57C;
	Sun, 06 Apr 2025 22:51:15 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 536MpFAX077224;
	Sun, 6 Apr 2025 22:51:15 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 536MpFJA077221;
	Sun, 6 Apr 2025 22:51:15 GMT
	(envelope-from git)
Date: Sun, 6 Apr 2025 22:51:15 GMT
Message-Id: <202504062251.536MpFJA077221@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: 931dec404489 - stable/14 - mixer tests: Serialize
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 931dec40448913cb9e33d2abb6a8c70400e847f6
Auto-Submitted: auto-generated

The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=931dec40448913cb9e33d2abb6a8c70400e847f6

commit 931dec40448913cb9e33d2abb6a8c70400e847f6
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2024-09-08 17:32:10 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-04-06 18:04:12 +0000

    mixer tests: Serialize
    
    These tests modify attributes of a global mixer device, and aren't
    prepared to run in parallel.
    
    (cherry picked from commit c6b41ba65021eff2b1db9157f813666a3e0543a1)
---
 usr.sbin/mixer/tests/Makefile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/usr.sbin/mixer/tests/Makefile b/usr.sbin/mixer/tests/Makefile
index 9a5bb3a183ab..c8056169f9a4 100644
--- a/usr.sbin/mixer/tests/Makefile
+++ b/usr.sbin/mixer/tests/Makefile
@@ -1,3 +1,6 @@
 ATF_TESTS_SH+=	mixer_test
 
+# mixer tests fiddle with a singleton dummy audio device.
+TEST_METADATA.mixer_test=	is_exclusive=true
+
 .include <bsd.test.mk>

From nobody Sun Apr  6 22:51:14 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZW6yW2vDKz5s8Wf;
	Sun, 06 Apr 2025 22:51:15 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZW6yV2dh0z3KYK;
	Sun, 06 Apr 2025 22:51:14 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743979874;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=K93fPBxKmfwVro0pBs15X1wuYCZfPRjCA3IHJEPwSew=;
	b=ZUKxZsjpsk+IwUbNUHBUUErik/ErS8DJiJJDG7tL8Xyfa/vrgGDjg25vovjPSfMdIKNLqn
	oy18bwtoAW0u/NlyO24KTEmCnvmf9N8jxDFFOudpxUjzSEFe0VCgaDLh4nMCwePsCw9YDR
	fEFBZDypqmaxGYaeBMQzSae1SzH5lpjlHnb2UC5guOfk/UArJYAA2NvSUvmvZeJTrHHA1q
	U6QqmjSevg8lcTcBObt8t5HuVaLrOegIpkqgiG83N7DW6WMriZZRCnjNWt4Jk/KNy1XStS
	zAsO9IQJDEzMcIfYXmbS0p6B/PS9Rp0t5mB3V5JLPM4lBwpmZbkXJD0WOZxTmw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743979874; a=rsa-sha256; cv=none;
	b=BwqNy07ecqPyxntHdM5y7xwmB0+M2mYJ6z4vqmvmFC0OtSJXICNeZLLDBtsuj/LUp+h8i2
	n8pVkRqRqfktUg+jq0bkOy3aJprOWjfTXk/RNd828AbWJl5OsCVw9foNljHukpeWkXE4W5
	UoWjjo3luQOS5feohBL+1PDgp9MR8dQq66a1gJXONEgnKL7BQJ4G98qgB1eNrEmoRLM7j8
	tGKw79G3zKLPsWqSWU5+f1XXVbHn65KwBKmAv/DoRXH08e4DgvZtLnkRDPtrOeE4+1Mua+
	CSmdo2hUYF6RCj9zAWoCVNW0T3Tb0AbLhgYbpcMIgqGx37xQHCOcWUkvNALstQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743979874;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=K93fPBxKmfwVro0pBs15X1wuYCZfPRjCA3IHJEPwSew=;
	b=Q1c8tJvTHcF/pMcPosBiSMuG86bMdIYhi1qsxGss5bKzZFuB24MKKiNPUVRtCLWqfAhnRD
	WBz4nBLQqr1oKgJtloO72OOlbVSBrBNKatGa3bVEvtF8APxZUWvwmGql3sWOyBmW4kHQSl
	9/9A8/UAONJ9yM0d1urobA83jeA8TiSO8pDG2DcYCrUmtj34ucmzXlzFhgh5IibGoTCGDS
	UG7q+SxBmAY2/FC1IuPBi4PGWbOfU7ze5EZt44G/qhinQo+OseaOF3s375GENv7WE3srpl
	kOyvAe7f1jLbHBP+tl5100EBrrm52FDR573RyPXLGMeY42XQOMBCAMO/L0SW2w==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZW6yV1ys2z5kt;
	Sun, 06 Apr 2025 22:51:14 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 536MpEUa077192;
	Sun, 6 Apr 2025 22:51:14 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 536MpE7B077189;
	Sun, 6 Apr 2025 22:51:14 GMT
	(envelope-from git)
Date: Sun, 6 Apr 2025 22:51:14 GMT
Message-Id: <202504062251.536MpE7B077189@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: f2214e48d02c - stable/14 - socket: Fix a race in the
  SO_SPLICE state machine
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: f2214e48d02c2a251f4aa9e95683d2f5e66337c7
Auto-Submitted: auto-generated

The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=f2214e48d02c2a251f4aa9e95683d2f5e66337c7

commit f2214e48d02c2a251f4aa9e95683d2f5e66337c7
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-03-23 11:55:56 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-04-06 13:54:20 +0000

    socket: Fix a race in the SO_SPLICE state machine
    
    When so_splice() links two sockets together, it first attaches the
    splice control structure to the source socket; at that point, the splice
    is in the idle state.  After that point, a socket wakeup will queue up
    work for a splice worker thread: in particular, so_splice_dispatch()
    only queues work if the splice is idle.
    
    Meanwhile, so_splice() continues initializing the splice, and finally
    calls so_splice_xfer() to transfer any already buffered data.  This
    assumes that the splice is still idle, but that's not true if some async
    work was already dispatched.
    
    Solve the problem by introducing an initial "under construction" state
    for the splice control structure, such that wakeups won't queue any work
    until so_splice() has finished.
    
    While here, remove an outdated comment from the beginning of
    so_splice_xfer().
    
    Reported by:    syzkaller
    Reviewed by:    gallatin
    Fixes:          a1da7dc1cdad ("socket: Implement SO_SPLICE")
    MFC after:      2 weeks
    Differential Revision:  https://reviews.freebsd.org/D49437
    
    (cherry picked from commit 574816356834cb99295b124be0ec34bd9e0b9c72)
---
 sys/kern/uipc_socket.c | 7 +------
 sys/sys/socketvar.h    | 1 +
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c
index 58e374d7aed2..7a4e3b1f2507 100644
--- a/sys/kern/uipc_socket.c
+++ b/sys/kern/uipc_socket.c
@@ -592,11 +592,6 @@ so_splice_xfer_data(struct socket *so_src, struct socket *so_dst, off_t max,
 
 /*
  * Transfer data from the source to the sink.
- *
- * If "direct" is true, the transfer is done in the context of whichever thread
- * is operating on one of the socket buffers.  We do not know which locks are
- * held, so we can only trylock the socket buffers; if this fails, we fall back
- * to the worker thread, which invokes this routine with "direct" set to false.
  */
 static void
 so_splice_xfer(struct so_splice *sp)
@@ -1617,7 +1612,7 @@ so_splice_alloc(off_t max)
 		sp->wq_index = atomic_fetchadd_32(&splice_index, 1) %
 		    (mp_maxid + 1);
 	} while (CPU_ABSENT(sp->wq_index));
-	sp->state = SPLICE_IDLE;
+	sp->state = SPLICE_INIT;
 	TIMEOUT_TASK_INIT(taskqueue_thread, &sp->timeout, 0, so_splice_timeout,
 	    sp);
 	return (sp);
diff --git a/sys/sys/socketvar.h b/sys/sys/socketvar.h
index f7b23d239157..40fdd142525f 100644
--- a/sys/sys/socketvar.h
+++ b/sys/sys/socketvar.h
@@ -82,6 +82,7 @@ struct so_splice {
 	struct mtx mtx;
 	unsigned int wq_index;
 	enum so_splice_state {
+		SPLICE_INIT,	/* embryonic state, don't queue work yet */
 		SPLICE_IDLE,	/* waiting for work to arrive */
 		SPLICE_QUEUED,	/* a wakeup has queued some work */
 		SPLICE_RUNNING,	/* currently transferring data */

From nobody Sun Apr  6 22:51:17 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZW6yZ1nc0z5s8X0;
	Sun, 06 Apr 2025 22:51:18 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZW6yY5jWFz3KT4;
	Sun, 06 Apr 2025 22:51:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743979877;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=ElnyeMBsa297FU/n2bKBrVIVp7UYqXu3HlJN5293GdM=;
	b=EGx1P6OIvwwWajd6mXxbxojiFUZig2CbYkdi3gGF6FzOjj8vW7RP4h1eOiAmsnTkcJ71+T
	KE9p8wNQfcIlqxbW9Wy3TLhnkh2ya+FRnkQFSUpOPANaUQjO/qrzuN3ArxJ6CaK6l5nc6M
	HXSNCzyKXyODvlMLLUxxqx+iNNFa5rWVP5JrP4g/UxAehRl10wfCTooUHwMLFhnE7d9dBi
	m8H8hfl3rYqqI1HNzn+YohMU9XX/MikKYBsYM98kMR2PYx8SqP0RTB7vvGatVNWSD2+oyF
	xhxcI10TZO50j67deh9wPKIfm9PuNW470tCIDWJ9ORTU30hO3lPYHHobFPoVAQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743979877; a=rsa-sha256; cv=none;
	b=xTZ2g4v25/OMzoIoHggrVn1Wy7TKn+Q4Dk6ue0qNeU4rgN07UylGgqlU0J5dG1zd33sKpm
	S0RaGpLnF7wwE7kUGIRxg03eWUOOUxk7kGZqUDGsDKkT8xqvhaSGpHHD6ADTBK2r/B6K0f
	BRX9i7ep/LQUlacADZT+wFcpo1LNCLECxpE3dWJ3pKf3Ir/qV/Pxss7fAoGSC5tRcaSrtJ
	5L/9C0KB7bqTnq1HC97PaWTRRzYUuSLXcjPvOwd2xqfms5NAaFJknxhXF1f3eDFP779J3Z
	MSgHjRfFre2xZpzGYWo+s07wfSON4vja4VP33AtpnWJbN7bE2eZsqv7hjbnB3A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743979877;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=ElnyeMBsa297FU/n2bKBrVIVp7UYqXu3HlJN5293GdM=;
	b=lgj8doD8kj+Zvo4a6nMaUs8HxIdcSAoAyq6TWNkb/0M4xRfrdFaX0EH3oMVpyyDCxdA+Jc
	5920jEHiJz7TKa6t6LWSafUdgLXNbRBTqmoZjbfZ6FzFDZGXt0VxUaRzQPUFUpug8ocUvx
	m8mvk2YpVlu//T5oKahAdj85xgTgUD1qUEs+/5EtvRDZ1vQ8UNAWz/j6tgqbSP6FddppH7
	aiersGRiRhGXvAd8Tq7wGDzTVZGh4+NX2tJcwPwURGEpcduewBrIBPnT70mI7VHO41Aon0
	bverH+J9giCn/Go5yLLupEJAQQco3QYho9nt6MBJEvnUBzWVaP8qX4FA9vQxbw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZW6yY4mTpz5lS;
	Sun, 06 Apr 2025 22:51:17 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 536MpHgl077288;
	Sun, 6 Apr 2025 22:51:17 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 536MpHRn077285;
	Sun, 6 Apr 2025 22:51:17 GMT
	(envelope-from git)
Date: Sun, 6 Apr 2025 22:51:17 GMT
Message-Id: <202504062251.536MpHRn077285@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Mark Johnston <markj@FreeBSD.org>
Subject: git: ba224cec6796 - stable/14 - fibs tests: Fix test
  failures and simplify
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: markj
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: ba224cec67961cedf7531bd6942a342db4a98b3c
Auto-Submitted: auto-generated

The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=ba224cec67961cedf7531bd6942a342db4a98b3c

commit ba224cec67961cedf7531bd6942a342db4a98b3c
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-01-21 21:44:25 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-04-06 18:08:18 +0000

    fibs tests: Fix test failures and simplify
    
    The tests previously expected the invoker to pass a list of FIBs to use.
    However, they now run in separate VNET jails, so we can simply expand
    the FIB array as needed in each test.  Modify each test to simply set
    net.fibs as needed and grab FIB numbers starting at 1.
    
    A number of tests were also broken by commit 9206c7996198
    ("usr.bin/netstat: -n should not print symbolic names"), so fix those.
    
    Reviewed by:    asomers
    Fixes:          9206c7996198 ("usr.bin/netstat: -n should not print symbolic names")
    MFC after:      2 weeks
    Sponsored by:   Klara, Inc.
    Sponsored by:   Stormshield
    Differential Revision:  https://reviews.freebsd.org/D48585
    
    (cherry picked from commit 81b076e43aa63ac255996093233ab3560a23977e)
    
    Note, the netstat-related changes described above are not merged.
---
 tests/sys/netinet/fibs_test.sh | 33 +++++++--------------------------
 1 file changed, 7 insertions(+), 26 deletions(-)

diff --git a/tests/sys/netinet/fibs_test.sh b/tests/sys/netinet/fibs_test.sh
index 5c1a918abb2c..b58a45b26f3e 100644
--- a/tests/sys/netinet/fibs_test.sh
+++ b/tests/sys/netinet/fibs_test.sh
@@ -30,9 +30,6 @@
 #  Authors: Alan Somers         (Spectra Logic Corporation)
 #
 
-# All of the tests in this file requires the test-suite config variable "fibs"
-# to be defined to a space-delimited list of FIBs that may be used for testing.
-
 # arpresolve should check the interface fib for routes to a target when
 # creating an ARP table entry.  This is a regression for kern/167947, where
 # arpresolve only checked the default route.
@@ -48,7 +45,6 @@ arpresolve_checks_interface_fib_head()
 {
 	atf_set "descr" "arpresolve should check the interface fib, not the default fib, for routes"
 	atf_set "require.user" "root"
-	atf_set "require.config" "fibs"
 	atf_set "require.progs" "nping"
 }
 arpresolve_checks_interface_fib_body()
@@ -100,7 +96,6 @@ loopback_and_network_routes_on_nondefault_fib_head()
 {
 	atf_set "descr" "When creating and deleting loopback IPv4 routes, use the interface's fib"
 	atf_set "require.user" "root"
-	atf_set "require.config" "fibs"
 }
 
 loopback_and_network_routes_on_nondefault_fib_body()
@@ -157,7 +152,6 @@ loopback_and_network_routes_on_nondefault_fib_inet6_head()
 {
 	atf_set "descr" "When creating and deleting loopback IPv6 routes, use the interface's fib"
 	atf_set "require.user" "root"
-	atf_set "require.config" "fibs"
 }
 
 loopback_and_network_routes_on_nondefault_fib_inet6_body()
@@ -216,7 +210,6 @@ default_route_with_multiple_fibs_on_same_subnet_head()
 {
 	atf_set "descr" "Multiple interfaces on the same subnet but with different fibs can both have default IPv4 routes"
 	atf_set "require.user" "root"
-	atf_set "require.config" "fibs"
 }
 
 default_route_with_multiple_fibs_on_same_subnet_body()
@@ -263,7 +256,6 @@ default_route_with_multiple_fibs_on_same_subnet_inet6_head()
 {
 	atf_set "descr" "Multiple interfaces on the same subnet but with different fibs can both have default IPv6 routes"
 	atf_set "require.user" "root"
-	atf_set "require.config" "fibs"
 }
 
 default_route_with_multiple_fibs_on_same_subnet_inet6_body()
@@ -315,7 +307,6 @@ same_ip_multiple_ifaces_fib0_head()
 {
 	atf_set "descr" "Can remove an IPv4 alias from an interface when the same IPv4 is also assigned to another interface."
 	atf_set "require.user" "root"
-	atf_set "require.config" "fibs"
 }
 same_ip_multiple_ifaces_fib0_body()
 {
@@ -358,7 +349,6 @@ same_ip_multiple_ifaces_head()
 {
 	atf_set "descr" "Can remove an IPv4 alias from an interface when the same address is also assigned to another interface, on non-default FIBs."
 	atf_set "require.user" "root"
-	atf_set "require.config" "fibs"
 }
 same_ip_multiple_ifaces_body()
 {
@@ -404,7 +394,6 @@ same_ip_multiple_ifaces_inet6_head()
 {
 	atf_set "descr" "Can remove an IPv6 alias from an interface when the same address is also assigned to another interface, on non-default FIBs."
 	atf_set "require.user" "root"
-	atf_set "require.config" "fibs"
 }
 same_ip_multiple_ifaces_inet6_body()
 {
@@ -446,7 +435,7 @@ slaac_on_nondefault_fib6_head()
 {
 	atf_set "descr" "SLAAC correctly installs routes on non-default FIBs"
 	atf_set "require.user" "root"
-	atf_set "require.config" "fibs" "allow_sysctl_side_effects"
+	atf_set "require.config" "allow_sysctl_side_effects"
 }
 slaac_on_nondefault_fib6_body()
 {
@@ -533,7 +522,6 @@ subnet_route_with_multiple_fibs_on_same_subnet_head()
 {
 	atf_set "descr" "Multiple FIBs can have IPv4 subnet routes for the same subnet"
 	atf_set "require.user" "root"
-	atf_set "require.config" "fibs"
 }
 
 subnet_route_with_multiple_fibs_on_same_subnet_body()
@@ -570,7 +558,6 @@ subnet_route_with_multiple_fibs_on_same_subnet_inet6_head()
 {
 	atf_set "descr" "Multiple FIBs can have IPv6 subnet routes for the same subnet"
 	atf_set "require.user" "root"
-	atf_set "require.config" "fibs"
 }
 
 subnet_route_with_multiple_fibs_on_same_subnet_inet6_body()
@@ -620,7 +607,6 @@ udp_dontroute_head()
 {
 	atf_set "descr" "Source address selection for UDP packets with SO_DONTROUTE on non-default FIBs works"
 	atf_set "require.user" "root"
-	atf_set "require.config" "fibs"
 }
 
 udp_dontroute_body()
@@ -671,7 +657,6 @@ udp_dontroute6_head()
 {
 	atf_set "descr" "Source address selection for UDP IPv6 packets with SO_DONTROUTE on non-default FIBs works"
 	atf_set "require.user" "root"
-	atf_set "require.config" "fibs"
 }
 
 udp_dontroute6_body()
@@ -748,15 +733,13 @@ get_fibs()
 {
 	NUMFIBS=$1
 	net_fibs=`sysctl -n net.fibs`
+	if [ $net_fibs -lt $(($NUMFIBS + 1)) ]; then
+		atf_check -o ignore sysctl net.fibs=$(($NUMFIBS + 1))
+		net_fibs=`sysctl -n net.fibs`
+	fi
 	i=0
 	while [ $i -lt "$NUMFIBS" ]; do
-		fib=`atf_config_get "fibs" | \
-			awk -v i=$(( i + 1 )) '{print $i}'`
-		echo "fib is ${fib}"
-		eval FIB${i}=${fib}
-		if [ "$fib" -ge "$net_fibs" ]; then
-			atf_skip "The ${i}th configured fib is ${fib}, which is not less than net.fibs, which is ${net_fibs}"
-		fi
+		eval FIB${i}=$(($i + 1))
 		i=$(( $i + 1 ))
 	done
 }
@@ -816,9 +799,7 @@ setup_iface()
 	local ADDR=$4
 	local MASK=$5
 	local FLAGS=$6
-	echo setfib ${FIB} \
-		ifconfig $IFACE ${PROTO} ${ADDR}/${MASK} fib $FIB $FLAGS
-	setfib ${FIB} ifconfig $IFACE ${PROTO} ${ADDR}/${MASK} fib $FIB $FLAGS
+	atf_check setfib ${FIB} ifconfig $IFACE ${PROTO} ${ADDR}/${MASK} fib $FIB $FLAGS
 }
 
 # Create a tap(4) interface, configure it, and register it for cleanup.