From nobody Mon Mar 23 15:08:20 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ffc4N3vQZz6W7GS for ; Mon, 23 Mar 2026 15:08:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ffc4N39RQz47MD for ; Mon, 23 Mar 2026 15:08:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774278500; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=uZofXd3OXvTppFHznaHBxo+EALDNK7IvQ5Gm1df0DZ8=; b=WubZ4SpEwntBPYbp6UyVM1eqOtJ4GC0S+vyHKOYy3Rlys/1JzGWlJW49GvUtDzv2PZEkwL R7tT6gjS2MlOXp4BOPNxqw9VjucWGKFWV8BQ7+p1nJQbTbc0jfO5sMEpp4p1hhEjkZCJC/ BC7UbSiTwgzNICsEHxcGxgf6qh70bxLjoHpahWHhPc+WT9qaqLCzT5KZwzKqr2L+KrHhd6 2vxo48AMHB14WC/2WV8YfiiDboEoUmkjBb+hJVF9jk/gJ6LQBspT10DcvEMnJNAHfYqXhj V7TCGklTKiz+Wt2H32hvDGHsY3UxPMRKV/TtyK3jB+KbJ79Lh5GviKUAj6P1Gg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774278500; a=rsa-sha256; cv=none; b=IJbkZs1qJ2+dwsEPOfRd4xEa2anzTpxdNlzbpzBwHMDc64h5cOGSQ+eJ/rsOZ1PNJadm7M OBl8Ia0SVRJOafykgWIz90hdOYGsLPZn2ykpODDuGDUf57RfTRKJKRV6pmmcr7IcieuCsN z8liXLvbunv0rtjGHS1acqna/k8e4zk37SERArcAbYMzoDnX2XakgmFVe1uT8Pn/PN+NDv VI+EFiqZ6hN0W/bwaJ7fQrx7rB9SSOmf/o0krOJU0nxi9Daw2SNCGabUFdVPpAauPEKxfc yvPeNHbRcoP59I5ENJo1pHUjmjKADn5wpBBicOF6R+3VTm2jYZ/hbhspZhcbRw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774278500; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=uZofXd3OXvTppFHznaHBxo+EALDNK7IvQ5Gm1df0DZ8=; b=tpnc6NWGKV54DuYupHasul9Usvrr7NSVs5l8CX0+bvZzyLKrJLJcB6lRY+zLM0kMdS1uCy 4ZFg+JTM/QwKTB5ncQAyem50rbB/UDDtoovYEUwOEYKMhuUpA07ka9yWMp0pvZCYp63t9O Kj1faQnewEUruUeEI1SxVHEWgliswJ3RhJu7wx2sm9zYbxJa31K3EvoMI5Cswk+bGL6JZj gHgT3bX/GLreK1DmuP6cn2zmnYkU21RwV34fxZ1yNrrfj03lC6U5odaIr+vxVo+Gc92K7j h3z/RG0YBMUu4Y9o6nk+SHc4+2MRoAlm+g7o5xriEJsMnoJ2J0sDbL20GZ7e/A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4ffc4N2kpCztMm for ; Mon, 23 Mar 2026 15:08:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1dc64 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Mon, 23 Mar 2026 15:08:20 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Dag-Erling=?utf-8?Q? Sm=C3=B8rg?=rav Subject: git: f2e600ff156d - stable/15 - yes: Completely overengineer List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: f2e600ff156d6ac80630b199c3781ac3c1527a9c Auto-Submitted: auto-generated Date: Mon, 23 Mar 2026 15:08:20 +0000 Message-Id: <69c15764.1dc64.13379aa0@gitrepo.freebsd.org> The branch stable/15 has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=f2e600ff156d6ac80630b199c3781ac3c1527a9c commit f2e600ff156d6ac80630b199c3781ac3c1527a9c Author: Dag-Erling Smørgrav AuthorDate: 2026-03-10 10:18:08 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2026-03-22 17:32:39 +0000 yes: Completely overengineer If we're going to overengineer this, we may as well go all the way. * If multiple arguments are given, concatenate them into a space- separated list like GNU coreutils does. * When duplicating the expletive, do so exponentially. * Most importantly, don't modify the memory that argv points to. MFC after: 1 week Sponsored by: Klara, Inc. Reviewed by: kevans, allanjude Differential Revision: https://reviews.freebsd.org/D55617 (cherry picked from commit cf74b63d61b49db848ecc20b87e7ee5f16671320) yes: Add missing header This is a no-op on FreeBSD due to namespace pollution. MFC after: 1 week Sponsored by: Klara, Inc. Fixes: cf74b63d61b4 ("yes: Completely overengineer") (cherry picked from commit ba7439f0a9604b15bfef8084816f34d55eb6bdf2) --- usr.bin/yes/yes.1 | 6 +++-- usr.bin/yes/yes.c | 76 +++++++++++++++++++++++++++++++++++++++---------------- 2 files changed, 58 insertions(+), 24 deletions(-) diff --git a/usr.bin/yes/yes.1 b/usr.bin/yes/yes.1 index 8ed8beab0d28..689031345dc3 100644 --- a/usr.bin/yes/yes.1 +++ b/usr.bin/yes/yes.1 @@ -25,7 +25,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd June 4, 2014 +.Dd March 2, 2026 .Dt YES 1 .Os .Sh NAME @@ -33,7 +33,7 @@ .Nd be repetitively affirmative .Sh SYNOPSIS .Nm -.Op Ar expletive +.Op Ar expletive ... .Sh DESCRIPTION The .Nm @@ -42,6 +42,8 @@ utility outputs or, by default, .Dq y , forever. +If multiple arguments are given, they are concatenated into a single +space-separated string. .Sh SEE ALSO .Xr jot 1 , .Xr seq 1 diff --git a/usr.bin/yes/yes.c b/usr.bin/yes/yes.c index d9e896b6ea27..86022c82f453 100644 --- a/usr.bin/yes/yes.c +++ b/usr.bin/yes/yes.c @@ -31,44 +31,76 @@ #include #include +#include #include #include #include +/* + * Default expletive + */ +#define EXP "y\n" +#define EXPLEN strlen(EXP) + +/* + * Optimum and maximum buffer size. The optimum is just a little less + * than the default value of kern.ipc.pipe_mindirect; writing more than + * that is significantly slower, but we want to get as close as possible + * to minimize the number of system calls. The maximum is enough for a + * maximal command line plus a newline and terminating NUL. + */ +#define OPTBUF 8190 +#define MAXBUF (ARG_MAX + 2) + int main(int argc, char **argv) { - char buf[8192]; - char y[2] = { 'y', '\n' }; - char * exp = y; - size_t buflen = 0; - size_t explen = sizeof(y); - size_t more; - ssize_t ret; + static char buf[MAXBUF] = EXP; + char *end = buf + sizeof(buf), *exp, *pos = buf + EXPLEN; + size_t buflen, explen = EXPLEN; + ssize_t wlen = 0; if (caph_limit_stdio() < 0 || caph_enter() < 0) err(1, "capsicum"); - if (argc > 1) { - exp = argv[1]; - explen = strlen(exp) + 1; - exp[explen - 1] = '\n'; - } + argc -= 1; + argv += 1; - if (explen <= sizeof(buf)) { - while (buflen < sizeof(buf) - explen) { - memcpy(buf + buflen, exp, explen); - buflen += explen; + /* Assemble the expletive */ + if (argc > 0) { + /* Copy positional arguments into expletive buffer */ + for (pos = buf, end = buf + sizeof(buf); + argc > 0 && pos < end; argc--, argv++) { + /* Separate with spaces */ + if (pos > buf) + *pos++ = ' '; + exp = *argv; + while (*exp != '\0' && pos < end) + *pos++ = *exp++; } - exp = buf; - explen = buflen; + /* This should not be possible, but check anyway */ + if (pos > end - 2) + pos = end - 2; + *pos++ = '\n'; + explen = pos - buf; } - more = explen; - while ((ret = write(STDOUT_FILENO, exp + (explen - more), more)) > 0) - if ((more -= ret) == 0) - more = explen; + /* + * Double until we're past OPTBUF, then reduce buflen to exactly + * OPTBUF. It doesn't matter if that's not a multiple of explen; + * the modulo operation in the write loop will take care of that. + */ + for (buflen = explen; buflen < OPTBUF; pos += buflen, buflen += buflen) + memcpy(pos, buf, buflen); + if (explen < OPTBUF && buflen > OPTBUF) + buflen = OPTBUF; + /* Dump it to stdout */ + end = (pos = buf) + buflen; + do { + pos = buf + (pos - buf + wlen) % explen; + wlen = write(STDOUT_FILENO, pos, end - pos); + } while (wlen > 0); err(1, "stdout"); /*NOTREACHED*/ } From nobody Mon Mar 23 15:08:21 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ffc4P60YCz6W7GH for ; Mon, 23 Mar 2026 15:08:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ffc4P4FL8z47MF for ; Mon, 23 Mar 2026 15:08:21 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774278501; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FyPvAE72tZRjKpgpXNYPpMECbZQ6TTI364rNvIT9AGw=; b=pL3D/XDLqJxI96I4DdoYgPGxfTEpdm6LhB505NBz6zki/6FCifs68sC3GzvbrenJSOCMIu w7yTIGdghDqZ+5jq0zR2Rx5+PmITrjS2CWaHwkBxMRNkom8Hee3fQp6AmRXc6a3cMP+e6H qyeJ/HoQsd4DKEs7PvmK8buunrydRXdRzHuTZr6foHldgWp+g+uc701tCVGvz4NwqFfBqK QHttb5SkzKP26vPEPhly7VTVLK7C1h8D/22MPHEduWxOLWrYJFawNcFObw3RBuAqsiMejb 8BQUgI4yE1NKfW4lfc4DEDNQb7uk5kiY0UeY9rx3G60/Pd9ekfz7HUvp+tsHfw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774278501; a=rsa-sha256; cv=none; b=U3+/of+Dqg53spPy2/byEcIdFCA1mtf5A0gKCXkm22OZ1fC8QgULLTUhQ6yUBPHmSPsWkm POwEN1kDBIQoiFrMHqTwGeUUq0BHiJ0Mr8O8Wgf9bHKylicFx5jPP34VJeih+Lsf3cWNu/ xOF6sL4KJk7glkNnSl+ydRQxnYAoWkeW/9oqCJFoISL4oTdjTcsAeA0rUe7aqqNCIUO+Ox 9r9oKPymsEyfLB3XaGCT+KrSi35Zgxt8qWet9fRa8knNGqmyPeQ1DHn8yLwQMO/ksf2vB2 4X5z8j9hEjv8MasU+iWh1C1/ANBkfsNmjSI2QYK9yxju9O6WV5N9fa2t99l5wg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774278501; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FyPvAE72tZRjKpgpXNYPpMECbZQ6TTI364rNvIT9AGw=; b=PBBsurUNUSu0JbNOJHpEwQDr42u2WN+9+8gTuX+x5MIpdBkiDjQv0IlKPF1DHjM/lTKEAb b+LG4fF9epBKqhCstQXUoDo+hYOuDoiWkIzi3GNV7/H9ZaDv7AK65l9b4NobPr1olQVZD6 Q4DEh9jS/FCt2AONYlBGgt/0HL3lAksEF0X1a5vKmMbu2QWFVK4V02yNmCbER/qVlCgb70 BpXOecIP/EnhHc9jRFAGcCmSLMnX/NoqOIMPrmBCnNwIuHH/8ZF51/hEJBF6Ye5KDJC2h1 VUN/wK5ce5wCMrizjSLhQW6dRfJvKbqOHZ9aCyFkjSo3L8T2QF9NFix9ADCi2g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4ffc4P3XK7ztMn for ; Mon, 23 Mar 2026 15:08:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1dcf2 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Mon, 23 Mar 2026 15:08:21 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Dag-Erling=?utf-8?Q? Sm=C3=B8rg?=rav Subject: git: 9b6ebd80ca83 - stable/15 - yes: Add tests List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 9b6ebd80ca83749496512ed373a2b9b6fbe5e920 Auto-Submitted: auto-generated Date: Mon, 23 Mar 2026 15:08:21 +0000 Message-Id: <69c15765.1dcf2.295e8cbf@gitrepo.freebsd.org> The branch stable/15 has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=9b6ebd80ca83749496512ed373a2b9b6fbe5e920 commit 9b6ebd80ca83749496512ed373a2b9b6fbe5e920 Author: Dag-Erling Smørgrav AuthorDate: 2026-03-11 03:44:10 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2026-03-22 17:32:40 +0000 yes: Add tests MFC after: 1 week Sponsored by: Klara, Inc. Reviewed by: kevans Differential Revision: https://reviews.freebsd.org/D55802 (cherry picked from commit 67728a18b9c18e55cc60e063380825b80f25b1b9) --- etc/mtree/BSD.tests.dist | 2 + usr.bin/yes/Makefile | 4 ++ usr.bin/yes/tests/Makefile | 4 ++ usr.bin/yes/tests/yes_test.sh | 85 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 95 insertions(+) diff --git a/etc/mtree/BSD.tests.dist b/etc/mtree/BSD.tests.dist index 84534aaaf180..666f852970a0 100644 --- a/etc/mtree/BSD.tests.dist +++ b/etc/mtree/BSD.tests.dist @@ -1263,6 +1263,8 @@ yacc .. .. + yes + .. .. usr.sbin certctl diff --git a/usr.bin/yes/Makefile b/usr.bin/yes/Makefile index b1d4075b5917..545c95d00624 100644 --- a/usr.bin/yes/Makefile +++ b/usr.bin/yes/Makefile @@ -1,3 +1,7 @@ +.include + PROG= yes +HAS_TESTS= +SUBDIR.${MK_TESTS}= tests .include diff --git a/usr.bin/yes/tests/Makefile b/usr.bin/yes/tests/Makefile new file mode 100644 index 000000000000..874a1bc21751 --- /dev/null +++ b/usr.bin/yes/tests/Makefile @@ -0,0 +1,4 @@ +PACKAGE= tests +ATF_TESTS_SH= yes_test + +.include diff --git a/usr.bin/yes/tests/yes_test.sh b/usr.bin/yes/tests/yes_test.sh new file mode 100644 index 000000000000..f4c04e186536 --- /dev/null +++ b/usr.bin/yes/tests/yes_test.sh @@ -0,0 +1,85 @@ +# +# Copyright (c) 2026 Klara, Inc. +# +# SPDX-License-Identifier: BSD-2-Clause +# + +atf_test_case none +none_head() +{ + atf_set "descr" "No arguments" +} +none_body() +{ + atf_check \ + -o inline:"y\ny\ny\ny\ny\n" \ + -x "yes | head -5" +} + +atf_test_case one +one_head() +{ + atf_set "descr" "One argument" +} +one_body() +{ + local y="Hello, world!" + atf_check \ + -o inline:"${y}\n${y}\n${y}\n${y}\n${y}\n" \ + -x "yes '${y}' | head -5" +} + +atf_test_case multi +multi_head() +{ + atf_set "descr" "Multiple arguments" +} +multi_body() +{ + set -- The Magic Words are Squeamish Ossifrage + local y="$*" + atf_check \ + -o inline:"${y}\n${y}\n${y}\n${y}\n${y}\n" \ + -x "yes $* | head -5" +} + +atf_test_case argv +argv_head() +{ + atf_set "descr" "Verify that argv is unmolested" +} +argv_body() +{ + yes y >/dev/null & + local pid=$! + atf_check -o inline:"yes y\n" ps -o args= $pid + kill $pid + wait +} + +atf_test_case stdout +stdout_head() +{ + atf_set descr "Error writing to stdout" +} +stdout_body() +{ + ( + trap "" PIPE + # Give true(1) some time to exit. + sleep 1 + yes 2>stderr + echo $? >result + ) | true + atf_check -o inline:"1\n" cat result + atf_check -o match:"stdout" cat stderr +} + +atf_init_test_cases() +{ + atf_add_test_case none + atf_add_test_case one + atf_add_test_case multi + atf_add_test_case argv + atf_add_test_case stdout +} From nobody Mon Mar 23 15:08:22 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ffc4R0Gq9z6W7GP for ; Mon, 23 Mar 2026 15:08:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ffc4Q5Plbz46xR for ; Mon, 23 Mar 2026 15:08:22 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774278502; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=B+E8MLYa/Ux3ia19NJTMugGYrKBF3WrRl0u29fPG7HA=; b=gomXnbZT6RPuGDLJma3oUX9qy0vaI6BapxP/V1BIeUa3uBgXFJLKbZYVEINR7WKCpNv4Y1 BRydCQZnQLqavqGnJHOQSal+elLLRJyUYto4/ZCBSRziTGDW0tBg5mDOebUlFO16ytZang DF9rK00o4ymctSwBgqB4sDPc4Y6fYqgiFGvFemVoxp1pf8f3Ucv4q4jJCBfkHOm7GU9Yne 2Gd8po0+8KCmV3U7zFFLlKU0CGMFbgmraNMshVbl7hPO9m8bJ3MedVejQMi6xOSVFjvGYg BPBQxKWHrDhexqR/zkKPY55KiV55YB4adc0rXMqOH3pGkrif2MiS3Sw6jZW4og== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774278502; a=rsa-sha256; cv=none; b=X9IcF3Znb3y44PmDWn1dROui0GLxGrh3XoiXk+1Jh+AT/oTJvPs42DPX8mF2kidQpSqcMM T48PCQ+vboLHfLxXcTMv2Gyjvl1t6u4EIlgopI7HQ/H+uIuzmELdWRoY1MfdfWHLThbPDf tiwecnp+Jhjg8hCwY/a7WPMZgFJpl7rgBJCgpPBdDhCsaaNl9ONEKPQvGNZQszXvK8+iCd kazWeCkkh40SnAz/PgshpvQUUdzTz5L0wv/9lg4KJKgFBPYX+A4HHwo1dNiYa8wCWfkfp1 Cgln+UNwt9e/cSHRaJMrlGzdyR4Yf2nkCvvTyUx3P0N9OgCpyHFJlQf7fZyPoA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774278502; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=B+E8MLYa/Ux3ia19NJTMugGYrKBF3WrRl0u29fPG7HA=; b=CkG2TAyv8+uUdEGy5w16zBjuUuXAYXQTmaWz79Peq5annq+rjH7g7nFw5Rhf3EcGWKsIsU EhN47Mq/o2tuAo+JU/lJEk9MT44przFajfaRaIKBjcAySp+VmvLCx4iHG+PLWuM4GtT3Oj 71fwq+XbQw6Fl7KyVtwpCaNHFRm3av8FJ3+WxyPudhLJxOdG9k9dAI4Fr2Bzu15hhDut8h vdXHR/fXRjXcMvBAuYk26WAAQBXcoUfnLmB2yxNx7cQ0w9PnscDl+R0l/S2oTeSFZrd5Jf DrKxgeI/gSL+kh6RnJ2K4vTlCddPm10HIyDfArlRiRADNKaoSb7S2GkqZjN66g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4ffc4Q4NplztDG for ; Mon, 23 Mar 2026 15:08:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1ef3a by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Mon, 23 Mar 2026 15:08:22 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Christos Longros From: Dag-Erling=?utf-8?Q? Sm=C3=B8rg?=rav Subject: git: c988f316d6c6 - stable/15 - resolver.5: document six previously undocumented options List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: c988f316d6c6146debc92ca16e46a0eff6ad88c6 Auto-Submitted: auto-generated Date: Mon, 23 Mar 2026 15:08:22 +0000 Message-Id: <69c15766.1ef3a.11598259@gitrepo.freebsd.org> The branch stable/15 has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=c988f316d6c6146debc92ca16e46a0eff6ad88c6 commit c988f316d6c6146debc92ca16e46a0eff6ad88c6 Author: Christos Longros AuthorDate: 2026-03-15 15:17:04 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2026-03-22 17:32:40 +0000 resolver.5: document six previously undocumented options Document the edns0, inet6, insecure1, insecure2, no-check-names, and rotate options which are parsed by res_init(3) but were not described in the resolver(5) man page. MFC after: 1 week Signed-off-by: Christos Longros Reviewed by: des Differential Revision: https://reviews.freebsd.org/D55864 (cherry picked from commit 462a1f6197fa3de63e0eca2835b1d5b0bc6a3bbb) --- share/man/man5/resolver.5 | 40 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/share/man/man5/resolver.5 b/share/man/man5/resolver.5 index 9f8c0d689a0a..4dd3f8c93a99 100644 --- a/share/man/man5/resolver.5 +++ b/share/man/man5/resolver.5 @@ -25,7 +25,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd November 23, 2022 +.Dd March 15, 2026 .Dt RESOLVER 5 .Os .Sh NAME @@ -170,6 +170,38 @@ the allowed maximum is .Dv RES_MAXRETRY (see .In resolv.h ) . +.It Sy edns0 +Sets +.Dv RES_USE_EDNS0 . +Attach an OPT pseudo-RR for the EDNS0 extension, +as specified in RFC 2671. +This allows the resolver to advertise a larger UDP receive buffer size, +permitting responses larger than the original 512-byte limit. +.It Sy inet6 +Sets +.Dv RES_USE_INET6 . +Causes +.Xr gethostbyname 3 +to look up AAAA records before A records +and to map IPv4 responses into IPv6 addresses. +The use of this option is discouraged. +.It Sy insecure1 +Sets +.Dv RES_INSECURE1 . +Disables the check that the response was received from the +same server to which the query was sent. +Use of this option is a security risk and is not recommended. +.It Sy insecure2 +Sets +.Dv RES_INSECURE2 . +Disables the check that the response contains a query +matching the one that was sent. +Use of this option is a security risk and is not recommended. +.It Sy no-check-names +Sets +.Dv RES_NOCHECKNAME . +Disables the check of incoming host names for invalid characters +such as underscore, non-ASCII, or control characters. .It Sy no_tld_query tells the resolver not to attempt to resolve a top level domain name, that is, a name that contains no dots. @@ -179,6 +211,12 @@ the resolver from obeying the standard and .Sy search rules with the given name. +.It Sy rotate +Sets +.Dv RES_ROTATE . +Causes the resolver to round-robin among the configured name servers, +distributing the query load instead of always trying the first +listed server. .It Sy reload-period : Ns Ar n The resolver checks the modification time of .Pa /etc/resolv.conf From nobody Mon Mar 23 15:08:23 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ffc4S3dptz6W6HP for ; Mon, 23 Mar 2026 15:08:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ffc4R694Yz477b for ; Mon, 23 Mar 2026 15:08:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774278504; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=mIQqclkVbn1B524fSRkhccvG2Hn8C9S31zHjvvdF05A=; b=gOrxyOvxM3drNMLKQ+CAEWjKPiLRBBI0oWNG00AYsGI0Z5JcgO+cOzRq6/XCG+JNKUGYSd w1dZ6CrRM2NHR5Zmj9E/cS2e95PH9M4Zvq2Oy01yA/Urmcce5glGssr68wjTN1ZlxigPc1 4RWJ5yFc2dGBXE1MVtd50NbIElT3L8RxbOGq67paJhB53u1edVpbnnxDnvkW+h29hV1xwh ETeB3Z2ABI4rgjpRaDIEXi7ETHCaL5GhBwWaTMbPvCvFBddZRb/gdrI5hR4Ue3HYjhki/z VsshH6IeDwUVqhASIpF4rCEcGBTsWDYcN2LMCYfLJTq3dstRHr81XPcRouWBBA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774278504; a=rsa-sha256; cv=none; b=FV2IOQXoeUVfFsrBEtLhxasGprwrQTpX7Ssg0FWHvzILP4LCBUjl3FtlQ7dUqkOhjd7UoB Yk/f5VZ8hGpO0hMcIFysKegF1P5OOCqrSlROuiRwakBXM5PY8l2oVjmOcOCFIVpeKnxZbR RGVFqmzvBSi+v7Uyu1fMqvvlMlkA+gB1154X2mwq9UBGK8pggwC8eYiHCB/j6XoiTvYiXF dSZ8rDv2rS/u3i5yokT5VOQ1K7VC3FvD+jvFiYDIbmnUfqCLSFShkBwuOfu8hRBwvz2VX+ G2ps+k93WFV0pmOB3vpgoHeUie3p6mseRKwxU9V1sYAAkYI/8VSyYHiibmkf3Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774278504; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=mIQqclkVbn1B524fSRkhccvG2Hn8C9S31zHjvvdF05A=; b=mVbcEBn7Si+1yqr6edgsAWtpTIzNTo0TnyfueD3ylqatvesgPZugyEx7K1ZjZCXsR2Qy0o PmgHcD0NEWP/fcOHsh56fNhzTTMjFESPfEZqM3j5iH4rb1MO/s5JUVMKxhJe3cCr80d/XR pPzB/OHY1g+SpenBH6g51joNrZAzY0pRQG+Yn17/w0304B8yrFdhPa6vIjkcEUW8TDqGV3 gtSpbLyhaVYGgbvnbeivMWpBXzA/f9zCDWui7FAgm0d6tVSekU25w2cyh2p6zGFd9PnUuy zc0OHSRsbpRPEfB1Ol4JBaQhNnZd16ARK7VJS983VuDQ7REYaJBIJMCaDrAuBA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4ffc4R55sSztNv for ; Mon, 23 Mar 2026 15:08:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 20faa by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Mon, 23 Mar 2026 15:08:23 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Dag-Erling=?utf-8?Q? Sm=C3=B8rg?=rav Subject: git: 47caac85ec51 - stable/15 - queue.h: Reorder STAILQ_INSERT_TAIL List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 47caac85ec51e2f3fefc976a5e110f444693b657 Auto-Submitted: auto-generated Date: Mon, 23 Mar 2026 15:08:23 +0000 Message-Id: <69c15767.20faa.56367333@gitrepo.freebsd.org> The branch stable/15 has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=47caac85ec51e2f3fefc976a5e110f444693b657 commit 47caac85ec51e2f3fefc976a5e110f444693b657 Author: Dag-Erling Smørgrav AuthorDate: 2026-03-16 20:36:56 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2026-03-22 17:32:41 +0000 queue.h: Reorder STAILQ_INSERT_TAIL The current implementation briefly violates the tail invariant. This is not usually an issue, but if an insert is in flight when a panic occurs, we may then trip the invariant while dumping core. MFC after: 1 week Sponsored by: Klara, Inc. Sponsored by: NetApp, Inc. Reviewed by: obiwac, olce, jhb Differential Revision: https://reviews.freebsd.org/D55819 (cherry picked from commit aa15df4597053c0e95a15b2a7036296999cd562a) --- sys/sys/queue.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/sys/queue.h b/sys/sys/queue.h index aa6453889e6b..e2603bc664c3 100644 --- a/sys/sys/queue.h +++ b/sys/sys/queue.h @@ -499,9 +499,10 @@ struct { \ #define STAILQ_INSERT_TAIL(head, elm, field) do { \ QMD_STAILQ_CHECK_TAIL(head); \ + __typeof__((head)->stqh_last) prevlast = (head)->stqh_last; \ STAILQ_NEXT((elm), field) = NULL; \ - *(head)->stqh_last = (elm); \ (head)->stqh_last = &STAILQ_NEXT((elm), field); \ + *prevlast = (elm); \ } while (0) #define STAILQ_LAST(head, type, field) \ From nobody Mon Mar 23 16:41:17 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fff7d4Gn7z6WDnN for ; Mon, 23 Mar 2026 16:41:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fff7d33Tqz4KQB for ; Mon, 23 Mar 2026 16:41:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774284077; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Qrx/j6/xEMHYF1i4x++R9V4VwMypXd7bCdfMcVbyvDs=; b=T+UC4qHdOursAQaMaZPbyGqYB1xs9tWVsvCGc376XLE6N33LFUc9vxmhy1oKpME+5R9vyn XSn6LzSPWQg7Gx4NGNuMacWJ32+vF7sNVUueSmrnap5SlcT0mLoPeFTbXqyoIiLlYRjz9n 6ZhO+SLIR2nencR5niT636qdhWEjF369gEGkn0iMchGQF+PqCj3ejYkH5MrrRfgu99Xzh5 L2XApmV+4MYZ1W2NdNbOe4F/QURp38V7uRDL9WVGZO4+cHPcMHNRoaimeE6zEbWQ+CpXpg z5H8Fed2h0k3hcjWcER2x661bFFlHrD+8Z0OalTPvWqmMsKZO4q+Kh3RdTJ15A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774284077; a=rsa-sha256; cv=none; b=DcxBmDYzkkfyADhZiyMSC//HZDPhS3aZAInxIAf2RNcbOXVKvHIvJdJUkqhCwcIHa0qkGD lg+mSjFZliuIzbus9glIzglFQLabN3tzN3lRMLsWGCBLnclexFJ9hPqH5zouVzv85hRa7b 2bfCF04wp3NR6zWZpzP0wPRwR7t1EiQvbfJ2I/VBOv4G1SrabN/DXSnn7aD3I8L3bJvTbB lofKnPMugFwFyRZHRhQSu29xeJKz5Tej21PcsDpr9rBD0to3XnphghIU8qGYxJPtFedV8z PMefRjpS1Xmb2/+dbM1HK8hhu15Cjj1j0ZtquvCt6QXSDefNJPj5xC1i/gqx5A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774284077; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Qrx/j6/xEMHYF1i4x++R9V4VwMypXd7bCdfMcVbyvDs=; b=uSzApxceONvFrGvYiankzubHyDJeVNewTuA1JWzI0oagN21bPuciDD/hhSmmhzHSmFBL7O 0MTQPVd9JyBjlT2rq1US/hSJW1QZzvPgmm0iDu4PrvJExcF5IyubYdQ446Kpma+p7IeCQW tdyO6kAmy2UomWWNYnKqDqsgi8HX/6nmzC3c/M0tlSi0uL1HZJCFi5bCXVUV/wABBUOEIM fbScAvizdJHHW/HE+9ZcH2blqEah9g6BuJUXuSUhJKKfysANk3682BjY/DoHbtFS/a282Z 447eu9z2/Jc7oY0DHCG5dpLw5lnoW4Tvka1ofpR0O/MRcdwVQQcOsSKPOZBK6Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fff7d2f0Wzwm9 for ; Mon, 23 Mar 2026 16:41:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 32848 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Mon, 23 Mar 2026 16:41:17 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 61f0453b3aa7 - stable/15 - release: Use make's `:H` rather than `/..` List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 61f0453b3aa71e640a42085f67ce556ca3283c6c Auto-Submitted: auto-generated Date: Mon, 23 Mar 2026 16:41:17 +0000 Message-Id: <69c16d2d.32848.5c02b834@gitrepo.freebsd.org> The branch stable/15 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=61f0453b3aa71e640a42085f67ce556ca3283c6c commit 61f0453b3aa71e640a42085f67ce556ca3283c6c Author: Ed Maste AuthorDate: 2025-12-26 16:36:43 +0000 Commit: Ed Maste CommitDate: 2026-03-23 16:40:35 +0000 release: Use make's `:H` rather than `/..` In general we want to strip subdir components, rather than appending `..`s. Reviewed by: lwhsu Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D54373 (cherry picked from commit 3949c2b8c4691a6dff8be7b38805d56faab91187) --- release/Makefile | 4 ++-- release/Makefile.vm | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/release/Makefile b/release/Makefile index 2469385408ee..c6112faff947 100644 --- a/release/Makefile +++ b/release/Makefile @@ -40,7 +40,7 @@ # TARGET/TARGET_ARCH: architecture of built release # -WORLDDIR?= ${.CURDIR}/.. +WORLDDIR?= ${.CURDIR:H} PORTSDIR?= /usr/ports .include "${WORLDDIR}/share/mk/bsd.compat.pre.mk" @@ -62,7 +62,7 @@ DISTDIR= dist # Define OSRELEASE by using newvers.sh .if !defined(OSRELEASE) || empty(OSRELEASE) .for _V in TYPE BRANCH REVISION -${_V}!= eval $$(awk '/^${_V}=/{print}' ${.CURDIR}/../sys/conf/newvers.sh); echo $$${_V} +${_V}!= eval $$(awk '/^${_V}=/{print}' ${.CURDIR:H}/sys/conf/newvers.sh); echo $$${_V} .endfor .for _V in ${TARGET_ARCH} .if !empty(TARGET:M${_V}) diff --git a/release/Makefile.vm b/release/Makefile.vm index 142fd6e7bdf5..3e5f4936b518 100644 --- a/release/Makefile.vm +++ b/release/Makefile.vm @@ -73,7 +73,7 @@ CLOUDWARE?= ${CLOUDWARE_GEN} .for _V in TYPE BRANCH REVISION . if !defined(${_V}) || empty(${_V}) -${_V}!= eval $$(awk '/^${_V}=/{print}' ${.CURDIR}/../sys/conf/newvers.sh); echo $$${_V} +${_V}!= eval $$(awk '/^${_V}=/{print}' ${.CURDIR:H}/sys/conf/newvers.sh); echo $$${_V} . endif .endfor From nobody Mon Mar 23 16:41:18 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fff7f4yFDz6WDfk for ; Mon, 23 Mar 2026 16:41:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fff7f3nGNz4KbL for ; Mon, 23 Mar 2026 16:41:18 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774284078; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=es7zcS0zZdOBE/0VDhP1n0p2R3bjSfI+P+4x3deIct0=; b=AzI/Dqx8IxWi2QyQgFzdESJKauuy7NekDeWrmYi5vTrY5NjafIWtaIJ+QCeqQIYVxCsifu 7UO4rLoJpWoSHeZOugtJfNzp/tW7F/DCuzvm84zCrsEeySurXeXtJdTsla/PJTk093EPT7 j3iEJ8WIly8xIFgfxu35Ul7S9ZysmRVPM1j6wcZxdl1hgT7Dnq1HGFXUptgpxF6Pjs5bMV t8qTtepy9C3u0lf4VGFvzxJP4VWq+8wHmTKxTXUvIVDc9WjnyOxh5CQX2/lDvwo1DZ/78K iV4tB4h/Lpl2ogmfWFLgKRMyZtvvCFD4bMXjDugHAdX3rkY1SdIGapi/Ye6xoQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774284078; a=rsa-sha256; cv=none; b=koTPCEhh24RlFa2gT4EYlt3oBJuFOkDugaHYGKh3WfP05CaTFIjtlY/ihDQxa2el3rcRQS pV6HQOuA7fmNwQXcTJ3nmw/fHHmNPwG2iMvMoaB7FL6JoC5q8amadzP7RMESjzxearnswW kldfQKcIeASfBnl22sZGZGn3mXOhH6J8SjMMrQD4s6YrSoQHJBa4hBm1QbN+G4Av7/A2Gc hLUxvR9AWyCHplnWI5h1Kn3ZsU3fav4ZhVRf3ESWih7Maj+rtm/iAtxkE+gedBFkh+Mopk buzcPJH6ruwWVa/dByxIADAW10Npgh30TfklljJinJmdupyQVAX65NrmB0KfbQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774284078; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=es7zcS0zZdOBE/0VDhP1n0p2R3bjSfI+P+4x3deIct0=; b=i/hqF/qA7FmRgt0vvPabwmRtxNkBTYXE/i2YjCcxLIEbCeCe0bs/nogM8ZxS9qE5FDO6h3 bsTVM69W8ZmCq1dmY9HOzSWFz29EBVzEcV0GseFyMRXWKtbtka41n2LXDSyg6uWOyQLAnF 4fNnb/WjDswTWQFGCBd5/kJxlz/OJOg1XlBx8aWTW9DME2d0VLLi9+7UcZm9KmoPsPK7yB gwzA/B2vpvAs65djqUiXpXQVlTHT02T6dFxNOVw3yIXjJgfTYWAhhPK57Qi2ZclvxnCFDr ofIGJmwJYGW4RH+tIGspkuOzkwk+mXugYgsx6kq3maeUFq57XriTUJyU+0UjKA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fff7f3MvFzwrL for ; Mon, 23 Mar 2026 16:41:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 32c2a by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Mon, 23 Mar 2026 16:41:18 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: b24b533d4b28 - stable/15 - release: Remove not-NO_ROOT cases List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: b24b533d4b28d0f5232d0e1a406778813375e6d9 Auto-Submitted: auto-generated Date: Mon, 23 Mar 2026 16:41:18 +0000 Message-Id: <69c16d2e.32c2a.363d5bc7@gitrepo.freebsd.org> The branch stable/15 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=b24b533d4b28d0f5232d0e1a406778813375e6d9 commit b24b533d4b28d0f5232d0e1a406778813375e6d9 Author: Ed Maste AuthorDate: 2025-12-11 17:16:53 +0000 Commit: Ed Maste CommitDate: 2026-03-23 16:40:36 +0000 release: Remove not-NO_ROOT cases We always use NO_ROOT for release artifact builds, so remove the alternate code paths. For the first step we set NO_ROOT unconditionally in cases that invoke submakes, and turn NO_ROOT being unset into an error in lover-level targets so that we can catch potential out-of-tree build scripts (or missed in-tree cases) that expect to run not-NO_ROOT builds. The second step will be to remove those entirely. Reviewed by: cperciva Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D54179 (cherry picked from commit 54e006369c9aab4f3a22f026eb6924c0f9cafda8) --- release/release.sh | 4 +- release/scripts/pkg-stage.sh | 14 +--- release/tools/azure.conf | 13 +-- release/tools/ec2.conf | 8 +- release/tools/vagrant.conf | 10 +-- release/tools/vmimage.subr | 192 ++++++++++++++++++------------------------- 6 files changed, 92 insertions(+), 149 deletions(-) diff --git a/release/release.sh b/release/release.sh index f0226e4cd3c5..480d6b34f191 100755 --- a/release/release.sh +++ b/release/release.sh @@ -200,9 +200,7 @@ env_check() { WITH_DVD=${WITH_DVD} WITH_VMIMAGES=${WITH_VMIMAGES} \ WITH_CLOUDWARE=${WITH_CLOUDWARE} WITH_OCIIMAGES=${WITH_OCIIMAGES} \ XZ_THREADS=${XZ_THREADS} NOPKGBASE=${NOPKGBASE}" - if [ -n "${NO_ROOT}" ]; then - RELEASE_RMAKEFLAGS="${RELEASE_RMAKEFLAGS} NO_ROOT=1 WITHOUT_QEMU=1" - fi + RELEASE_RMAKEFLAGS="${RELEASE_RMAKEFLAGS} NO_ROOT=1 WITHOUT_QEMU=1" return 0 } # env_check() diff --git a/release/scripts/pkg-stage.sh b/release/scripts/pkg-stage.sh index f76675543ac5..5c4ec76150da 100755 --- a/release/scripts/pkg-stage.sh +++ b/release/scripts/pkg-stage.sh @@ -4,8 +4,6 @@ set -e -unset NO_ROOT - export ASSUME_ALWAYS_YES="YES" export PKG_DBDIR="/tmp/pkg" export PERMISSIVE="YES" @@ -56,15 +54,13 @@ usage() while getopts N opt; do case "$opt" in - N) NO_ROOT=1 ;; + N) ;; *) usage ;; esac done PKG_ARGS="--rootdir ${ROOTDIR}" -if [ $NO_ROOT ]; then - PKG_ARGS="$PKG_ARGS -o INSTALL_AS_USER=1" -fi +PKG_ARGS="$PKG_ARGS -o INSTALL_AS_USER=1" PKGCMD="/usr/sbin/pkg ${PKG_ARGS}" if [ ! -x /usr/local/sbin/pkg ]; then @@ -121,10 +117,8 @@ ln -s ../All/$(${PKGCMD} rquery %n-%v pkg).pkg ${LATEST_DIR}/pkg.pkg ${PKGCMD} repo ${PKG_REPODIR} -if [ $NO_ROOT ]; then - mtree -c -p $ROOTDIR | mtree -C -k type,mode,link,size | \ - grep '^./packages[/ ]' >> $ROOTDIR/METALOG -fi +mtree -c -p $ROOTDIR | mtree -C -k type,mode,link,size | \ + grep '^./packages[/ ]' >> $ROOTDIR/METALOG # Always exit '0', even if pkg(8) complains about conflicts. exit 0 diff --git a/release/tools/azure.conf b/release/tools/azure.conf index 4fa6ba4d924d..7a4f0b5027cf 100644 --- a/release/tools/azure.conf +++ b/release/tools/azure.conf @@ -34,17 +34,8 @@ vm_extra_pre_umount() { # builds this is unnecessary as pkg will not be installed to # begin with. if [ -z "${NO_ROOT}" ]; then - mount -t devfs devfs ${DESTDIR}/dev - - # The firstboot_pkgs rc.d script will download the repository - # catalogue and install or update pkg when the instance first - # launches, so these files would just be replaced anyway; removing - # them from the image allows it to boot faster. - chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \ - /usr/sbin/pkg delete -f -y pkg - umount ${DESTDIR}/dev - rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports - rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports-kmods + echo "ERROR: NO_ROOT not set" >&2 + exit 1 fi pw -R ${DESTDIR} usermod root -h - diff --git a/release/tools/ec2.conf b/release/tools/ec2.conf index b8a7bac2ce00..4e1260903e06 100644 --- a/release/tools/ec2.conf +++ b/release/tools/ec2.conf @@ -26,12 +26,8 @@ ec2_common() { # unprivileged builds this is unnecessary as pkg will not be # installed to begin with. if [ -z "${NO_ROOT}" ]; then - mount -t devfs devfs ${DESTDIR}/dev - chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \ - /usr/sbin/pkg delete -f -y pkg - umount ${DESTDIR}/dev - rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports - rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports-kmods + echo "ERROR: NO_ROOT not set" >&2 + exit 1 fi # Turn off IPv6 Duplicate Address Detection; the EC2 networking diff --git a/release/tools/vagrant.conf b/release/tools/vagrant.conf index 37eff7a899ab..f14a9e8cb6fc 100644 --- a/release/tools/vagrant.conf +++ b/release/tools/vagrant.conf @@ -15,14 +15,8 @@ export VM_RC_LIST="firstboot_freebsd_update firstboot_pkgs growfs" vagrant_common () { if [ -z "${NO_ROOT}" ]; then - # The firstboot_pkgs rc.d script will download the repository - # catalogue and install or update pkg when the instance first - # launches, so these files would just be replaced anyway; - # removing them from the image allows it to boot faster. - pkg -c ${DESTDIR} clean -y -a - pkg -c ${DESTDIR} delete -f -y pkg - rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports - rm -r ${DESTDIR}/var/db/pkg/repos/FreeBSD-ports-kmods + echo "ERROR: NO_ROOT not set" >&2 + exit 1 fi # Vagrant instances use DHCP to get their network configuration. diff --git a/release/tools/vmimage.subr b/release/tools/vmimage.subr index 38c1540484cd..97bf52205c93 100644 --- a/release/tools/vmimage.subr +++ b/release/tools/vmimage.subr @@ -41,21 +41,19 @@ cleanup() { metalog_add_data() { local file mode type - if [ -n "${NO_ROOT}" ]; then - file=$1 - if [ -f ${DESTDIR}/${file} ]; then - type=file - mode=${2:-0644} - elif [ -d ${DESTDIR}/${file} ]; then - type=dir - mode=${2:-0755} - else - echo "metalog_add_data: ${file} not found" >&2 - return 1 - fi - echo "${file} type=${type} uname=root gname=wheel mode=${mode}" >> \ - ${DESTDIR}/METALOG + file=$1 + if [ -f ${DESTDIR}/${file} ]; then + type=file + mode=${2:-0644} + elif [ -d ${DESTDIR}/${file} ]; then + type=dir + mode=${2:-0755} + else + echo "metalog_add_data: ${file} not found" >&2 + return 1 fi + echo "${file} type=${type} uname=root gname=wheel mode=${mode}" >> \ + ${DESTDIR}/METALOG } vm_create_base() { @@ -103,9 +101,7 @@ vm_install_base() { pkg_cmd="${PKG_CMD} --rootdir ${DESTDIR} --repo-conf-dir ${PKGBASE_REPO_DIR} -o ASSUME_ALWAYS_YES=yes -o IGNORE_OSVERSION=yes -o ABI=${PKG_ABI} -o INSTALL_AS_USER=yes " - if [ -n "${NO_ROOT}" ]; then - pkg_cmd="$pkg_cmd -o METALOG=METALOG" - fi + pkg_cmd="$pkg_cmd -o METALOG=METALOG" $pkg_cmd update selected=$(vm_base_packages_list | vm_extra_filter_base_packages) $pkg_cmd install -U -r FreeBSD-base $selected @@ -126,14 +122,12 @@ vm_install_base() { etcupdate extract -B \ -M "TARGET=${TARGET} TARGET_ARCH=${TARGET_ARCH}" \ -s ${WORLDDIR} -d ${DESTDIR}/var/db/etcupdate \ - -L /dev/stdout ${NO_ROOT:+-N} - if [ -n "${NO_ROOT}" ]; then - # Reroot etcupdate's internal METALOG to the whole tree - sed -n 's,^\.,./var/db/etcupdate/current,p' \ - ${DESTDIR}/var/db/etcupdate/current/METALOG | \ - env -i LC_COLLATE=C sort >> ${DESTDIR}/METALOG - rm ${DESTDIR}/var/db/etcupdate/current/METALOG - fi + -L /dev/stdout -N + # Reroot etcupdate's internal METALOG to the whole tree + sed -n 's,^\.,./var/db/etcupdate/current,p' \ + ${DESTDIR}/var/db/etcupdate/current/METALOG | \ + env -i LC_COLLATE=C sort >> ${DESTDIR}/METALOG + rm ${DESTDIR}/var/db/etcupdate/current/METALOG echo '# Custom /etc/fstab for FreeBSD VM images' \ > ${DESTDIR}/etc/fstab @@ -209,40 +203,25 @@ vm_extra_install_packages() { if [ -z "${VM_EXTRA_PACKAGES}" ]; then return 0 fi - if [ -n "${NO_ROOT}" ]; then - for pkg in ${VM_EXTRA_PACKAGES}; do - INSTALL_AS_USER=yes \ - ${PKG_CMD} \ - -o ABI=${PKG_ABI} \ - -o METALOG=${DESTDIR}/METALOG.pkg \ - -o REPOS_DIR=${PKG_REPOS_DIR} \ - -o PKG_DBDIR=${DESTDIR}/var/db/pkg \ - -r ${DESTDIR} \ - install -y -r ${PKG_REPO_NAME} $pkg - done + for pkg in ${VM_EXTRA_PACKAGES}; do INSTALL_AS_USER=yes \ - ${PKG_CMD} \ + ${PKG_CMD} \ -o ABI=${PKG_ABI} \ + -o METALOG=${DESTDIR}/METALOG.pkg \ -o REPOS_DIR=${PKG_REPOS_DIR} \ -o PKG_DBDIR=${DESTDIR}/var/db/pkg \ -r ${DESTDIR} \ - autoremove -y - if [ -n "${NOPKGBASE}" ]; then - metalog_add_data ./var/db/pkg/local.sqlite - fi - else - if [ -n "${WITHOUT_QEMU}" ]; then - return 0 - fi - - chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \ - /usr/sbin/pkg bootstrap -y - for p in ${VM_EXTRA_PACKAGES}; do - chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \ - /usr/sbin/pkg install -y ${p} - done - chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \ - /usr/sbin/pkg autoremove -y + install -y -r ${PKG_REPO_NAME} $pkg + done + INSTALL_AS_USER=yes \ + ${PKG_CMD} \ + -o ABI=${PKG_ABI} \ + -o REPOS_DIR=${PKG_REPOS_DIR} \ + -o PKG_DBDIR=${DESTDIR}/var/db/pkg \ + -r ${DESTDIR} \ + autoremove -y + if [ -n "${NOPKGBASE}" ]; then + metalog_add_data ./var/db/pkg/local.sqlite fi return 0 @@ -276,18 +255,11 @@ vm_emulation_cleanup() { } vm_extra_pkg_rmcache() { - if [ -n "${NO_ROOT}" ]; then - ${PKG_CMD} \ - -o ASSUME_ALWAYS_YES=yes \ - -o INSTALL_AS_USER=yes \ - -r ${DESTDIR} \ - clean -y -a - else - if [ -e ${DESTDIR}/usr/local/sbin/pkg ]; then - chroot ${DESTDIR} ${EMULATOR} env ASSUME_ALWAYS_YES=yes \ - /usr/local/sbin/pkg clean -y -a - fi - fi + ${PKG_CMD} \ + -o ASSUME_ALWAYS_YES=yes \ + -o INSTALL_AS_USER=yes \ + -r ${DESTDIR} \ + clean -y -a return 0 } @@ -306,57 +278,55 @@ buildfs() { done < ${DESTDIR}/METALOG.pkg fi - if [ -n "${NO_ROOT}" ]; then - # Check for any directories in the staging tree which weren't - # recorded in METALOG, and record them now. This is a quick hack - # to avoid creating unusable VM images and should go away once - # the bugs which produce such unlogged directories are gone. - grep type=dir ${DESTDIR}/METALOG | - cut -f 1 -d ' ' | - sort -u > ${DESTDIR}/METALOG.dirs - ( cd ${DESTDIR} && find . -type d ) | - sort | - comm -23 - ${DESTDIR}/METALOG.dirs > ${DESTDIR}/METALOG.missingdirs - if [ -s ${DESTDIR}/METALOG.missingdirs ]; then - echo "WARNING: Directories exist but were not in METALOG" - cat ${DESTDIR}/METALOG.missingdirs - fi - while read DIR; do - metalog_add_data ${DIR} - done < ${DESTDIR}/METALOG.missingdirs - - if [ -z "${NOPKGBASE}" ]; then - # Add some database files which are created by pkg triggers; - # at some point in the future the tools which create these - # files should probably learn how to record them in METALOG - # (which would simplify no-root installworld as well). - metalog_add_data ./etc/login.conf.db - metalog_add_data ./etc/passwd - metalog_add_data ./etc/pwd.db - metalog_add_data ./etc/spwd.db 600 - metalog_add_data ./var/db/services.db - fi + # Check for any directories in the staging tree which weren't + # recorded in METALOG, and record them now. This is a quick hack + # to avoid creating unusable VM images and should go away once + # the bugs which produce such unlogged directories are gone. + grep type=dir ${DESTDIR}/METALOG | + cut -f 1 -d ' ' | + sort -u > ${DESTDIR}/METALOG.dirs + ( cd ${DESTDIR} && find . -type d ) | + sort | + comm -23 - ${DESTDIR}/METALOG.dirs > ${DESTDIR}/METALOG.missingdirs + if [ -s ${DESTDIR}/METALOG.missingdirs ]; then + echo "WARNING: Directories exist but were not in METALOG" + cat ${DESTDIR}/METALOG.missingdirs + fi + while read DIR; do + metalog_add_data ${DIR} + done < ${DESTDIR}/METALOG.missingdirs - if [ -n "${MISSING_METALOGS}" ]; then - # Hack to allow VM configurations to add files which - # weren't being added to METALOG appropriately. This - # is mainly a workaround for the @sample bug and it - # should go away before FreeBSD 15.1 ships. - for P in ${MISSING_METALOGS}; do - metalog_add_data ${P} - done - fi + if [ -z "${NOPKGBASE}" ]; then + # Add some database files which are created by pkg triggers; + # at some point in the future the tools which create these + # files should probably learn how to record them in METALOG + # (which would simplify no-root installworld as well). + metalog_add_data ./etc/login.conf.db + metalog_add_data ./etc/passwd + metalog_add_data ./etc/pwd.db + metalog_add_data ./etc/spwd.db 600 + metalog_add_data ./var/db/services.db + fi - # Sort METALOG file; makefs produces directories with 000 permissions - # if their contents are seen before the directories themselves. - env -i LC_COLLATE=C sort -u ${DESTDIR}/METALOG > ${DESTDIR}/METALOG.sorted - mv ${DESTDIR}/METALOG.sorted ${DESTDIR}/METALOG + if [ -n "${MISSING_METALOGS}" ]; then + # Hack to allow VM configurations to add files which + # weren't being added to METALOG appropriately. This + # is mainly a workaround for the @sample bug and it + # should go away before FreeBSD 15.1 ships. + for P in ${MISSING_METALOGS}; do + metalog_add_data ${P} + done fi + # Sort METALOG file; makefs produces directories with 000 permissions + # if their contents are seen before the directories themselves. + env -i LC_COLLATE=C sort -u ${DESTDIR}/METALOG > ${DESTDIR}/METALOG.sorted + mv ${DESTDIR}/METALOG.sorted ${DESTDIR}/METALOG + case "${VMFS}" in ufs) cd ${DESTDIR} && ${MAKEFS} ${MAKEFSARGS} -o label=rootfs -o version=2 -o softupdates=1 \ - ${VMBASE} .${NO_ROOT:+/METALOG} + ${VMBASE} ./METALOG ;; zfs) cd ${DESTDIR} && ${MAKEFS} -t zfs ${MAKEFSARGS} \ @@ -376,7 +346,7 @@ buildfs() { -o fs=zroot/var/log\;setuid=off\;exec=off \ -o fs=zroot/var/mail\;atime=on \ -o fs=zroot/var/tmp\;setuid=off \ - ${VMBASE} .${NO_ROOT:+/METALOG} + ${VMBASE} ./METALOG ;; *) echo "Unexpected VMFS value '${VMFS}'" From nobody Tue Mar 24 02:47:43 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ffvbM50jgz6VxCb for ; Tue, 24 Mar 2026 02:47:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ffvbM4Pzfz47VK for ; Tue, 24 Mar 2026 02:47:43 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774320463; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EjKEJSE6MXWPcE/vyR1+UxMf/HQ56loxrEQsP5unWNY=; b=osDsBYJyFw2JKxySEJEuKpJT8I6mPT+5Hgkd92o7UbrRkzXNogX45o37VgZ6CxoPZx7UEG vBwW/HvPkH/dpXvh8c3PnAahg5YubPy7sql5fEgpJDXTmcVKN+CKThzkIUDO4VdL4LV430 uk1/rQ14e72nXDYWQZKbLWjikou7Vobb/9ePZPqhklXg8Z7vl00Z8Qf69i1i72/JflXQfH j+U3oI9gEQzTQOzm3brovEbXgdq++/CMTnH6rnQ73kMMGnJPeyeqtePAWxJSa3q+sS/vCc JGmLddyyv2Pw7Ea7Hbz/PcTmoFhjcQmOjwEXMEO9tsh657F1Gi+1qYRo+/5I8g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774320463; a=rsa-sha256; cv=none; b=ykCMPo+wyADIZH1KwRcPjvb0qp6n2pKMPXkG33kqsGjbIY73ZRCbmRJBg5ZyWA5PrDvjTJ B36zSaSPmhDbBZ4Jy/Y4UGnrLbhaLRZhlJOFLUFVn/Xbegt4OQQlHN/amYQdflWt0QEonW QOoIwe9h892v2kTPom/MIjTj6UjfTASSldcJqks/SpFjn+y4fsZZ0bK4KgaV5Gci3tpEMp r+l90KTMYlphtb9028Syw2gTIEymMNDodyVX6SG5D0qEcHGp7EtcYrLk2USk4FGlotWNxg SnuV5LMP9k4lk92V0/KvuC0v3L+MnZbPaZ5cM29s0xsBzSMYWhT7rTfN4wx/og== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774320463; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EjKEJSE6MXWPcE/vyR1+UxMf/HQ56loxrEQsP5unWNY=; b=GEYyZQE429zgluCQWEBfSobK4+Mb8Gs2A8ygxhUhVPAdonlxz0ehGi7k7YRwv9TGTmMVQ6 B76J2UZei7IhrxsB5KvGzhDzAFXpIMk4ZcFl9VdKz/JRbEGasJi6P/N8THTLtgmNXXf6aF nbx6yMZ8sewTxd95o/fODaxLaoBkaXPGG4nZK261NM7ZGAauUejWtsCpAFzCaDpp5mM1jq uYBwEfw/2+jF/in1wxUxG3ymtLQ4W1QtNlFNTzMTr379RizmZ3330EOxHXE1YaLfoOdf9Z MjPXa862VvM0V+7Nn5LF+wH/ZMpkcJYfACzvA6yAzE6XHTJCAnyJZa+4I3Wqmg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4ffvbM419Yz1DrH for ; Tue, 24 Mar 2026 02:47:43 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 21835 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Tue, 24 Mar 2026 02:47:43 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: c69792a3272e - stable/15 - EC2: Add clibs-lib32 pkg to small/builder images List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: c69792a3272e211d05c278aa9c1590556b1a0f39 Auto-Submitted: auto-generated Date: Tue, 24 Mar 2026 02:47:43 +0000 Message-Id: <69c1fb4f.21835.2fb82992@gitrepo.freebsd.org> The branch stable/15 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=c69792a3272e211d05c278aa9c1590556b1a0f39 commit c69792a3272e211d05c278aa9c1590556b1a0f39 Author: Colin Percival AuthorDate: 2026-03-20 00:24:55 +0000 Commit: Colin Percival CommitDate: 2026-03-23 17:29:01 +0000 EC2: Add clibs-lib32 pkg to small/builder images The FreeBSD-clang package on amd64 contains libclang_rt.asan-i386.so, which links to the 32-bit version of libgcc_s.so.1. It is not clear if that file belongs in FreeBSD-clang or if it should be placed into a different package. For unknown reasons, pkg *sometimes* recognizes this and decides that it needs to install a package to supply libgcc_s.so.1:32. In particular, when we initially install the VM with 'pkg install [long list of FreeBSD-* packages]', pkg does not recognize that it wants this; but the *next* time 'pkg install' runs, it decides that it needs libgcc_s.so.1:32 -- even though that particular library is not needed by the particular package we're trying to install -- and goes looking for it... and ends up picking gcc12-devel as a provider. Later in the EC2 image building process, we run 'pkg autoremove' (which was added during 15.0 to get rid of the "bogus dependencies" which were added while installing other packages) and pkg is once again confused: It decides that gcc12-devel is an automatic port which is not required by anything else, but upon determining that it should be removed it then determines that FreeBSD-clang depends upon a port which is being removed and deletes FreeBSD-clang as well. It's not clear what is breaking in pkg, but as a temporary workaround add the FreeBSD-clibs-lib32 package to the "small" and "builder" EC2 image flavours in order to satisfy the libgcc_s.so.1 demand. This commit should be reverted if libclang_rt.asan-i386.so moves out of FreeBSD-clang, (i.e. if it becomes possible to install a 32-bit-free amd64 system) or when the pkg issue is resolved (i.e. pkg consistently recognizes the shared library dependency and installs clibs-lib32 automatically as a FreeBSD-clang dependency). MFC after: 3 days Sponsored by: Amazon Differential Revision: https://reviews.freebsd.org/D55978 (cherry picked from commit cfe0b7d37e552d78762c029f5b15e0f36d9d0d38) --- release/tools/ec2-builder.conf | 1 + release/tools/ec2-small.conf | 1 + 2 files changed, 2 insertions(+) diff --git a/release/tools/ec2-builder.conf b/release/tools/ec2-builder.conf index 3b0344f9eb9a..a272ea49a426 100644 --- a/release/tools/ec2-builder.conf +++ b/release/tools/ec2-builder.conf @@ -17,6 +17,7 @@ vm_extra_filter_base_packages() { -e '.*-dbg$' \ -e '.*-lib32$' \ -e '^FreeBSD-set-tests' + echo FreeBSD-clibs-lib32 } # Packages to install into the image we're creating. In addition to packages diff --git a/release/tools/ec2-small.conf b/release/tools/ec2-small.conf index 6564a59c2cf6..c1a05f98356f 100644 --- a/release/tools/ec2-small.conf +++ b/release/tools/ec2-small.conf @@ -20,6 +20,7 @@ vm_extra_filter_base_packages() { -e '.*-dbg$' \ -e '.*-lib32$' \ -e '^FreeBSD-set-tests' + echo FreeBSD-clibs-lib32 } # Packages to install into the image we're creating. In addition to packages From nobody Tue Mar 24 02:47:44 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ffvbN5ws2z6VxYr for ; Tue, 24 Mar 2026 02:47:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ffvbN5BKPz47F0 for ; Tue, 24 Mar 2026 02:47:44 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774320464; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XXKXHG/aZ1h+JdTvmGXyEQV+bVoefCLtezw1DuOn5S4=; b=cwQ72/842U+CgGuJp5JTgAVBFrLTsJrjGRaPnfBJeA6Ag3fihL1haFtpL84QQvfTXMjllg pgPa/1Bm5k48ixqGRLBBfETG1cq8Cvwooy4P6iPyswYfUwrZeBbC0L+zsWNPzfvS14GleO GFSVvQ82C4rjFfWwHsP9WAH8wuO4yywshhtU5UCsZIOz2xI40LP4T7/oc7koJ5TT2isy9d Jg495o2YqqUZpUCbXthqpG9nU4gtza3K4qvqiwDdr1uCYRjHC91o5UVR+99wkLMTufn69b rW43gpSeolkaC4ovP/jAr/xMbigRNxT49LwqC6zADY45PoqoWZXWCdRmzmbUVQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774320464; a=rsa-sha256; cv=none; b=S+jrh4XXAzT4PboXZlNt14NWz42su9tdktL5YzznMpTXzgOniqSJsKoaQ3np4AnIg5eunT OHbbpv5zuyzw2fyWEvXGPQ29kUCYxiWzsZuOvU9mijT7gPFTSy69qWqfCP2bTWylENe/Xz Y8uGt66AtOR/mEsfGzBtZe1Wmd13DmB9UOTCwDYSGnQlGl25P9fyWe+kIH7GiEbbr+V+hC hjw0atsR8gp4sKOfmuMydf1JegGoDPrYzahi47F8AcSb/qIx+KzD67g+qsNbu4VWl+vmyc a3qGnMOQAZN9r1o2PpRMiZeFrS+lOUm59dKIZMnCKx/uArUuQdCjweH6+aRcZA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774320464; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=XXKXHG/aZ1h+JdTvmGXyEQV+bVoefCLtezw1DuOn5S4=; b=CACaq5VuXTSeMilvLq57F1OSnbZOpWdAul9NrLG9QmYTbtcyx5p59Siw4lhWZHGIilHkGf vqoiyvREo3OI4wRmKM5iW8BpDqRvDb4Hgj4A+WrEqywBKmK6Gck4w8LeZefascTgNsKHpQ kxsgc5GEUJZPLLh1CAQVb/+awfM2J+PGmfCuyrC32dPRkfdXPxyDH5xB8LBR17mWo/ju7W w6I9Z/tnwTyOT0f4JS86k2pQor1ftSR068RjezkG9iMHE49+Td7IvyP68kRZt0dUVSyivI Due6mcd8K6a/KttoMowFm/7CNhCboFpQol3QqMAK3EzOV/p4f7XW1ZoZNVLPAg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4ffvbN4l1Pz1DrJ for ; Tue, 24 Mar 2026 02:47:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 21536 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Tue, 24 Mar 2026 02:47:44 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: c11fe9fbf450 - stable/15 - Revert "vmimage.subr: pkg autoremove after pkg install" List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: c11fe9fbf45061f56bed316101ca7a8dc4ed8254 Auto-Submitted: auto-generated Date: Tue, 24 Mar 2026 02:47:44 +0000 Message-Id: <69c1fb50.21536.1103805c@gitrepo.freebsd.org> The branch stable/15 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=c11fe9fbf45061f56bed316101ca7a8dc4ed8254 commit c11fe9fbf45061f56bed316101ca7a8dc4ed8254 Author: Colin Percival AuthorDate: 2026-03-21 16:00:15 +0000 Commit: Colin Percival CommitDate: 2026-03-23 17:29:01 +0000 Revert "vmimage.subr: pkg autoremove after pkg install" This reverts commit 6a13aeac3c1f98db7cf156f24a4d6bc8d3c321f6. The "bogus dependencies being installed" issue was traced down to pkg confusion surrounding libclang_rt.asan-i386.so linking to a 32-bit libgcc_s.so.1, and a more minimal workaround of "install clibs-lib32" has been applied, so this hack is no longer required. MFC after: 3 days Sponsored by: Amazon (cherry picked from commit 4b29bf721ef09c399f3e4a4ab5ca9f549c5b1550) --- release/tools/vmimage.subr | 7 ------- 1 file changed, 7 deletions(-) diff --git a/release/tools/vmimage.subr b/release/tools/vmimage.subr index 97bf52205c93..56acbc359936 100644 --- a/release/tools/vmimage.subr +++ b/release/tools/vmimage.subr @@ -213,13 +213,6 @@ vm_extra_install_packages() { -r ${DESTDIR} \ install -y -r ${PKG_REPO_NAME} $pkg done - INSTALL_AS_USER=yes \ - ${PKG_CMD} \ - -o ABI=${PKG_ABI} \ - -o REPOS_DIR=${PKG_REPOS_DIR} \ - -o PKG_DBDIR=${DESTDIR}/var/db/pkg \ - -r ${DESTDIR} \ - autoremove -y if [ -n "${NOPKGBASE}" ]; then metalog_add_data ./var/db/pkg/local.sqlite fi From nobody Tue Mar 24 02:47:45 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ffvbQ1T8Xz6Vx8h for ; Tue, 24 Mar 2026 02:47:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ffvbP602Pz47BK for ; Tue, 24 Mar 2026 02:47:45 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774320465; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1R1Q9rTnbcyziERg7btgYDWvT0FcneVwv6672GWd9xM=; b=rL36EaVXHafFrRhrM0IrrYCoCz50rbBlVbwtsAZOtIJJLxRNFd6/CXKNFeVEnv9+yt6ZtI hzZyf+7DTIS7iKqqSsAAPHE3WNcikudYKICLgUhVD9GJ4o12+3U9qe/rlxC8Wu0TiGKFeV pqzMJAtAZ/Hd4zEvunxowXIfdopF5SvTDHlc+7Ga62Vmyh49nmI8IscE6EqCqCmkuXlr9N n00yd66XqrZQQ7i4MKk93gKyD/K87DH+reLCPnWamjzC12rsXdqh235VfGPpMsCerthatc qMcVSC2ffmVFlya1PtGDAUVsyCpyjE/2inGn6SYu0PNsfUBwlwHiMqila65V7Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774320465; a=rsa-sha256; cv=none; b=MI7tpr7b8TJlEJviR42KvxNbiNX5NDjj8vdj08apPryqBYFSmNeKvlB35wMRWuYmHC6M1m mG742ThcfJI7Zfr2OsJu9D3cV4uoF5nn4rNMwo0+hgfR0eRRI9IbASuPIhQMXHt79OlDba xLT5mOJEWVF8RtgMlvai/Y+wi0WK63JX79EV3wORuQ9kgUK8Xr6TpoK1LSOX9SyH83Xqmh 63ZtlKv0kg6bDtS5YKadoX//dOyCgkMHvU4lbQLacpVsL8ITuxuG68mMg15k9HYFjBOaSS 4O0chTPkefgf9ENcfxvbRkiGwWjtVH7E2B2Zd5jwLsq0dbLttJVxfkaH5/ighw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774320465; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1R1Q9rTnbcyziERg7btgYDWvT0FcneVwv6672GWd9xM=; b=jGlOlAifIOulMaPIOIvvgHKT8jdQClBUC5txLJj4Npt0HNoJFwuisSGeXuRXwhfUHN7DKM fHvF/DruugyGlmES5Lh5PYywfAgICDMqZZ6zL+MtLIHD8IDJigd9ycULl+TgXt5WqqyhOI sh4opauBMk/+dW9tcLaXvIK3pnQ/nhEyE+9xIefF36k+kNmjt1M/t3TpQEZS3et+OkrSpz 5ptED31QLLBgw+I0GI8kj70ZBrO0E3ZuPt1z8kneBZD06qNi/zjcIAF3vfvXAPHa+J6LNA REbqGcE9JrZUylvJT3YcUkqOQKcaRqx5YJKxPVQnf01lSyB21XDM+fvTkB8zGA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4ffvbP5TmFz1F5r for ; Tue, 24 Mar 2026 02:47:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1f1f6 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Tue, 24 Mar 2026 02:47:45 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Colin Percival Subject: git: 37aa41dde130 - stable/15 - EC2: Remove stale comment List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cperciva X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 37aa41dde130ad1cf4d39e08a6d3a06108889c27 Auto-Submitted: auto-generated Date: Tue, 24 Mar 2026 02:47:45 +0000 Message-Id: <69c1fb51.1f1f6.28815aa5@gitrepo.freebsd.org> The branch stable/15 has been updated by cperciva: URL: https://cgit.FreeBSD.org/src/commit/?id=37aa41dde130ad1cf4d39e08a6d3a06108889c27 commit 37aa41dde130ad1cf4d39e08a6d3a06108889c27 Author: Colin Percival AuthorDate: 2026-03-21 16:06:37 +0000 Commit: Colin Percival CommitDate: 2026-03-23 17:29:01 +0000 EC2: Remove stale comment MFC after: 3 days Sponsored by: Amazon (cherry picked from commit 118699732de1ec99b06d5d73ee61b1b74842c1de) --- release/tools/ec2.conf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/release/tools/ec2.conf b/release/tools/ec2.conf index 4e1260903e06..dc1818219816 100644 --- a/release/tools/ec2.conf +++ b/release/tools/ec2.conf @@ -21,10 +21,6 @@ export VMSIZE=8000m export NOSWAP=YES ec2_common() { - # Delete the pkg package and the repo database; they will likely be - # long out of date before the EC2 instance is launched. In - # unprivileged builds this is unnecessary as pkg will not be - # installed to begin with. if [ -z "${NO_ROOT}" ]; then echo "ERROR: NO_ROOT not set" >&2 exit 1 From nobody Tue Mar 24 09:34:42 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fg4cy5YCNz6WQ2M for ; Tue, 24 Mar 2026 09:34:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fg4cy53Spz3nW2 for ; Tue, 24 Mar 2026 09:34:42 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774344882; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BGNLaRiDrtuOUjEHknDvpA9XXr7jOMePN0Weec37DWM=; b=tO1s/qFqNj2LMFigk8nPhQxE31b4XlAplCDebNXkp34QjulM4urPIdvFeqjuVUpqupfFSH 5Q7jzxPQVBO1OLGt5a4yTxEKuYOxUvvqOib7J/FuScGJkllVD8ZzGcN1nmLldT4J/Bqmxa 4JNdfoyKue+/9OcR173kZCNucb3ThwaT10DTPQxGe/HMYKEh51MOfMr6WecgL3vJGMmowo mjkJ3MyMxeuKt+zGwAixucfGYqw5E3PMF0rjt662FHW3JOC0x1RM5de2zRgi61/hQRuevy eHWG9MA0CmFjWV6IqA/DmhSu5A5Vvnz8sjp0arxdGpVZthRzKBkxaaSZbz0Owg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774344882; a=rsa-sha256; cv=none; b=k0jBiOmOCaUqw3Md4hMZVjE37GlpdsdTQ8R2YieNEN+CpmrKdvF8pjEixTSQdR9iITuvFB 6g11eP4v68LwH9l607vvKtpX9t4OcbckGn4NMoHNhtvqadt1HGqNLGJTerYYIacUpkhB0y FBm14hcpZlMCAu9df0PTNBfEgUqAdI7YrZ8HBafbg+vq5304zfOk1S4ZN3lyoOQxyUDNX+ SnNRxd0WulwC9U49w/nOK5+kxiM8R/yJTaHkClsiWRwv09SNMqWTI2EW4xQHrBFXksJxJy UBeHYMXkFGozCTF+5JqWdZIzIYwvbgGyl0gt0cOjO6xEF+DtLgCI/r5Gh7UHkg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774344882; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BGNLaRiDrtuOUjEHknDvpA9XXr7jOMePN0Weec37DWM=; b=GIJQQQJzEViuRdN0ZVwnyEsbwKG4D6m+2A4r1Px3/9FYC7jVt9IGvChYE0vrHAiBxvxCR/ eLPD4Bq9acPkVx6CPvH0xrHEYQRwCMot/mtXzZKSgpqzV/pPsFHR/H1bgUOo9F8Xy7ML0s voKQklgYipdGL5YCahxCMnhUDPt4WlLWr3q+MI5XptOm55k4Gh28QStyNC6uaN/vtliTTh oHYWf4Gm+oFVRb+x49iV9X+Ep1gvpIiYov/fazRdTXNf4GvF5LCbnmClutJMOD3W9ZszYa iMFELejVwZNgnC18+RpBuwYRl3+Eldx4d1mBsapkYtdTXfGVFMH87fDvpEVWfA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fg4cy4YZPz1Rt0 for ; Tue, 24 Mar 2026 09:34:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 261ef by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Tue, 24 Mar 2026 09:34:42 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Boris Lytochkin From: Andrey V. Elsukov Subject: git: a9b93531788c - stable/15 - ipfw: add support for masked ip-address lookups List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ae X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: a9b93531788cc125c928cc3488975f0330f75137 Auto-Submitted: auto-generated Date: Tue, 24 Mar 2026 09:34:42 +0000 Message-Id: <69c25ab2.261ef.63d11cdf@gitrepo.freebsd.org> The branch stable/15 has been updated by ae: URL: https://cgit.FreeBSD.org/src/commit/?id=a9b93531788cc125c928cc3488975f0330f75137 commit a9b93531788cc125c928cc3488975f0330f75137 Author: Boris Lytochkin AuthorDate: 2026-03-01 18:54:24 +0000 Commit: Andrey V. Elsukov CommitDate: 2026-03-24 09:31:11 +0000 ipfw: add support for masked ip-address lookups Current radix-based implementation of lookup tables in ipfw does not support non-contiguous prefixes while this type of lookup is needed to write CPU-effective firewall configurations. For some of the cases we can reach the goal using a masked table lookup by adding masked (e.g. zero non-significant bits) records into a table and then zero non-significant bits in lookup key prior to making a table lookup. Obtained from: Yandex LLC Relnotes: yes Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D53694 (cherry picked from commit 32cd3ee5901ea33d41ff550e5f40ce743c8d4165) --- sbin/ipfw/ipfw.8 | 151 ++++++-- sbin/ipfw/ipfw2.c | 193 ++++++++-- sbin/ipfw/tests/test_add_rule.py | 243 +++++++++++- sys/netinet/ip_fw.h | 81 +++- sys/netpfil/ipfw/ip_fw2.c | 231 ++++++----- sys/netpfil/ipfw/ip_fw_sockopt.c | 32 ++ sys/netpfil/ipfw/ip_fw_table.c | 26 +- tests/atf_python/sys/netpfil/ipfw/insn_headers.py | 37 +- tests/atf_python/sys/netpfil/ipfw/insns.py | 179 ++++++++- tests/atf_python/sys/netpfil/ipfw/ioctl.py | 1 + tests/atf_python/sys/netpfil/ipfw/ioctl_headers.py | 41 +- tests/sys/netpfil/common/utils.subr | 3 + tests/sys/netpfil/ipfw/Makefile | 6 +- tests/sys/netpfil/ipfw/lookup.sh | 428 +++++++++++++++++++++ tests/sys/netpfil/ipfw/lookup_inetd.conf | 1 + 15 files changed, 1418 insertions(+), 235 deletions(-) diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index c6eedbccb2f8..b72341c685e7 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -1,5 +1,5 @@ .\" -.Dd December 29, 2025 +.Dd March 1, 2026 .Dt IPFW 8 .Os .Sh NAME @@ -1430,8 +1430,7 @@ The second format with multiple addresses) is provided for convenience only and its use is discouraged. .It Ar addr : Oo Cm not Oc Bro -.Cm any | me | me6 | -.Cm table Ns Pq Ar name Ns Op , Ns Ar value +.Cm any | me | me6 | Ar table-ref .Ar | addr-list | addr-set .Brc .Bl -tag -width indent @@ -1443,26 +1442,32 @@ Matches any IP address configured on an interface in the system. Matches any IPv6 address configured on an interface in the system. The address list is evaluated at the time the packet is analysed. -.It Cm table Ns Pq Ar name Ns Op , Ns Ar value +.El +.It Ar table-ref : +A table lookup can be specified in one of the following ways: +.Bl -tag -width indent +.It table Ns Pq Ar name Ns Matches any IPv4 or IPv6 address for which an entry exists in the lookup table .Ar number . -If an optional 32-bit unsigned +.It table Ns Pq Ar name , Ns Ar value +Matches any IPv4 or IPv6 address for which an entry exists in the lookup table +.Ar number +and 32-bit unsigned .Ar value -is also specified, an entry will match only if it has this value. -If +specified matchess entry value. +.It table Ns Pq Ar name , Ns Ar value-type Ns = Ns Ar value +Matches any IPv4 or IPv6 address for which an entry exists in the lookup table +.Ar number +and 32-bit unsigned .Ar value -is specified in form -.Ar valtype=value , -then specified value type field will be checked. -It can be -.Ar skipto, pipe, fib, nat, dscp, tag, divert, netgraph, limit, nh4 -and -.Ar mark. - +specified matches corresponding +.Ar value-type +field for the record found. +.El +.Pp See the .Sx LOOKUP TABLES section below for more information on lookup tables. -.El .It Ar addr-list : ip-addr Ns Op , Ns Ar addr-list .It Ar ip-addr : A host or subnet address specified in one of the following ways: @@ -1683,9 +1688,9 @@ and IPsec encapsulating security payload headers .It Cm fib Ar fibnum Matches a packet that has been tagged to use the given FIB (routing table) number. -.It Cm flow Ar table Ns Pq Ar name Ns Op , Ns Ar value -Search for the flow entry in lookup table -.Ar name . +.It Cm flow Ar table-ref +Search for the flow entry in lookup table specified by +.Ar table-ref . If not found, the match fails. Otherwise, the match succeeds and .Cm tablearg @@ -1701,16 +1706,16 @@ Matches IPv6 packets containing any of the flow labels given in .Ar labels . .Ar labels is a comma separated list of numeric flow labels. -.It Cm dst-mac Ar table Ns Pq Ar name Ns Op , Ns Ar value -Search for the destination MAC address entry in lookup table -.Ar name . +.It Cm dst-mac Ar table-ref +Search for the destination MAC address entry in lookup table specified by +.Ar table-ref . If not found, the match fails. Otherwise, the match succeeds and .Cm tablearg is set to the value extracted from the table. -.It Cm src-mac Ar table Ns Pq Ar name Ns Op , Ns Ar value -Search for the source MAC address entry in lookup table -.Ar name . +.It Cm src-mac Ar table-ref +Search for the source MAC address entry in lookup table specified by +.Ar table-ref . If not found, the match fails. Otherwise, the match succeeds and .Cm tablearg @@ -1928,8 +1933,10 @@ set of parameters as specified in the rule. One or more of source and destination addresses and ports can be specified. -.It Cm lookup Bro Cm dst-ip | dst-port | dst-mac | src-ip | src-port | src-mac | uid | -.Cm jail | dscp | mark | rulenum Brc Ar name +.It Cm lookup Bro Cm dst-ip | dst-ip4 | dst-ip6 | dst-port | dst-mac | src-ip | +.Cm src-ip4 | src-ip6 | src-port | src-mac | uid | jail | dscp | mark | +.Cm rulenum +.Brc Ns Oo : Ns Ar bitmask Oc Ar name Search an entry in lookup table .Ar name that matches the field specified as argument. @@ -1938,8 +1945,56 @@ Otherwise, the match succeeds and .Cm tablearg is set to the value extracted from the table. .Pp +If an optional +.Ar bitmask +is specified, value of the field is altered by bitwize AND with +.Ar bitmask +and resulting value is being searched instead of the original one. +The +.Ar bitmask +is accepted in the following formats: +.Bl -enum -width indent +.It +In a dotted-quad form, e.g. 127.88.34.0. +This form can be used for IPv4 lookups as well as for all numeric lookup +types. +.It +As a 32-bit number, e.g. 0xf00baa1 or 255. +This form can be used for IPv4 lookups as well as for all numeric lookup +types. +.It +As an IPv6 address when specified alongwith +.Cm dst-ip6 +or +.Cm src-ip6 +field. +If used, the rule will match IPv6 packets only. +Example: src-ip6:afff:ff00:ffff:ffff:0:0:0:0f0f. +.It +As a Ethernet mac address when specified alongwith +.Cm dst-mac +or +.Cm src-mac +field. E.g. 00:11:22:33:44:55. +.El +.Pp +The +.Ar bitmask +can not be specified for +.Cm dst-ip +or +.Cm src-ip +as these field specifiers lookup both IPv4 and IPv6 addresses. +.Pp This option can be useful to quickly dispatch traffic based on certain packet fields. +The +.Ar bitmask +allows to implement wildcard lookups by inserting into table masked prefix and +appying +.Ar bitmask +upon each lookup. +.Pp See the .Sx LOOKUP TABLES section below for more information on lookup tables. @@ -2002,7 +2057,7 @@ However, this option doesn't imply an implicit .Cm check-state in contrast to .Cm keep-state . -.It Cm recv | xmit | via Brq Ar ifX | Ar ifmask | Ar table Ns Po Ar name Ns Oo , Ns Ar value Oc Pc | Ar ipno | Ar any +.It Cm recv | xmit | via Brq Ar ifX | Ar ifmask | Ar table-ref | Ar ipno | Ar any Matches packets received, transmitted or going through, respectively, the interface specified by exact name .Po Ar ifX Pc , @@ -2020,8 +2075,8 @@ See also the .Sx EXAMPLES section. .Pp -Table -.Ar name +A lookup table specified by +.Ar table-ref may be used to match interface by its kernel ifindex. See the .Sx LOOKUP TABLES @@ -4357,7 +4412,8 @@ Capture messages from .Xr route 4 socket, that were logged using rules with .Cm log Cm logdst Ar rtsock -opcode. Optional +opcode. +Optional .Ar filter-comment can be specified to show only those messages, that were logged by rules with specific rule comment. @@ -4712,10 +4768,41 @@ In the following example per-interface firewall is created: The following example illustrate usage of flow tables: .Pp .Dl "ipfw table fl create type flow:src-ip,proto,dst-ip,dst-port" -.Dl "ipfw table fl add 2a02:6b8:77::88,tcp,2a02:6b8:77::99,80 11" +.Dl "ipfw table fl add 2001:db8:77::88,tcp,2001:db8:77::99,80 11" .Dl "ipfw table fl add 10.0.0.1,udp,10.0.0.2,53 12" .Dl ".." .Dl "ipfw add 100 allow ip from any to any flow 'table(fl,11)' recv ix0" +.Pp +The following example illustrate masked table lookups to aid uniform client +distribution among multiple NAT instances: +.Bd -literal -offset indent +# Configure NAT instances +ipfw nat 10 config ip 192.0.2.0 +ipfw nat 11 config ip 192.0.2.1 +ipfw nat 12 config ip 192.0.2.2 +ipfw nat 13 config ip 192.0.2.3 + +ipfw table mynats create type addr valtype nat +# Map external NAT address to NAT instance +ipfw table mynats add 192.0.2.0 10 +ipfw table mynats add 192.0.2.1 11 +ipfw table mynats add 192.0.2.2 12 +ipfw table mynats add 192.0.2.3 13 + +# Map last 2 bits of client's IP address to NAT instance +ipfw table mynats add 0.0.0.0 10 +ipfw table mynats add 0.0.0.1 11 +ipfw table mynats add 0.0.0.2 12 +ipfw table mynats add 0.0.0.3 13 + +# In -> Out NAT, zero out all bits in a client's IP exept +# 2 least significant prior to table lookup +ipfw add nat tablearg ip from 10.0.0.0/24 to any + lookup src-ip4:0.0.0.3 mynats +# Out -> In NAT +ipfw add nat tablearg ip from any to 192.0.2.0/30 + lookup dst-ip mynats +.Ed .Ss SETS OF RULES To add a set of rules atomically, e.g.\& set 18: .Pp diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index 27ccaea2c78f..9e8171a65d62 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -313,6 +313,10 @@ static struct _s_x rule_action_params[] = { static struct _s_x lookup_keys[] = { { "dst-ip", LOOKUP_DST_IP }, { "src-ip", LOOKUP_SRC_IP }, + { "dst-ip6", LOOKUP_DST_IP6 }, + { "src-ip6", LOOKUP_SRC_IP6 }, + { "dst-ip4", LOOKUP_DST_IP4 }, + { "src-ip4", LOOKUP_SRC_IP4 }, { "dst-port", LOOKUP_DST_PORT }, { "src-port", LOOKUP_SRC_PORT }, { "dst-mac", LOOKUP_DST_MAC }, @@ -338,6 +342,7 @@ static struct _s_x tvalue_names[] = { { "fib", TVALUE_FIB }, { "nat", TVALUE_NAT }, { "nh4", TVALUE_NH4 }, + { "nh6", TVALUE_NH6 }, { "dscp", TVALUE_DSCP }, { "limit", TVALUE_LIMIT }, { "mark", TVALUE_MARK }, @@ -1311,12 +1316,27 @@ print_flags(struct buf_pr *bp, char const *name, const ipfw_insn *cmd, } static void -print_tvalue(struct buf_pr *bp, const ipfw_insn_table *cmd) +print_tvalue(struct buf_pr *bp, const ipfw_insn_lookup *cmd) { + char maskbuf[INET6_ADDRSTRLEN]; const char *name; name = match_value(tvalue_names, IPFW_TVALUE_TYPE(&cmd->o)); - bprintf(bp, ",%s=%u", name != NULL ? name: "", cmd->value); + switch(IPFW_TVALUE_TYPE(&cmd->o)) { + case TVALUE_NH6: + if (inet_ntop(AF_INET6, &insntoc(&cmd->o, lookup)->ip6, + maskbuf, sizeof(maskbuf)) == NULL) + strcpy(maskbuf, ""); + bprintf(bp, ",%s=%s", name != NULL ? name: "", + maskbuf); + return; + case TVALUE_NH4: + bprintf(bp, ",%s=%s", name != NULL ? name: "", + inet_ntoa(cmd->ip4)); + return; + } + bprintf(bp, ",%s=%u", name != NULL ? name: "", + cmd->u32); } @@ -1327,11 +1347,14 @@ static void print_ip(struct buf_pr *bp, const struct format_opts *fo, const ipfw_insn_ip *cmd) { + char maskbuf[INET6_ADDRSTRLEN]; + const uint32_t *a = insntoc(cmd, u32)->d; struct hostent *he = NULL; const struct in_addr *ia; - const uint32_t *a = ((const ipfw_insn_u32 *)cmd)->d; - uint32_t len = F_LEN(&cmd->o); + const ipfw_insn_lookup *l = insntoc(cmd, lookup); + const char *key; char *t; + uint32_t len = F_LEN(&cmd->o); bprintf(bp, " "); switch (cmd->o.opcode) { @@ -1340,32 +1363,65 @@ print_ip(struct buf_pr *bp, const struct format_opts *fo, bprintf(bp, "me"); return; - case O_IP_DST_LOOKUP: - if ((len == F_INSN_SIZE(ipfw_insn_kidx) || - len == F_INSN_SIZE(ipfw_insn_table)) && - IPFW_LOOKUP_TYPE(&cmd->o) != LOOKUP_NONE) { - const char *key; - - key = match_value(lookup_keys, - IPFW_LOOKUP_TYPE(&cmd->o)); - t = table_search_ctlv(fo->tstate, - insntoc(&cmd->o, kidx)->kidx); - if (len == F_INSN_SIZE(ipfw_insn_table)) { - bprintf(bp, "lookup %s:%#x %s", - (key != NULL ? key : ""), - insntoc(&cmd->o, table)->value, t); - } else - bprintf(bp, "lookup %s %s", key != NULL ? key: - "", t); + case O_TABLE_LOOKUP: { + key = match_value(lookup_keys, + IPFW_LOOKUP_TYPE(&cmd->o)); + t = table_search_ctlv(fo->tstate, + insntoc(&cmd->o, kidx)->kidx); + if (IPFW_LOOKUP_MASKING(&cmd->o) == 0 || + len != F_INSN_SIZE(ipfw_insn_lookup)) { + bprintf(bp, "lookup %s %s", + (key != NULL ? key : ""), t); return; } - /* FALLTHROUGH */ + switch (IPFW_LOOKUP_TYPE(&cmd->o)) { + case LOOKUP_DST_IP6: + case LOOKUP_SRC_IP6: + if (inet_ntop(AF_INET6, &l->ip6, + maskbuf, sizeof(maskbuf)) == NULL) + strcpy(maskbuf, ""); + bprintf(bp, "lookup %s:%s %s", key, maskbuf, t); + break; + case LOOKUP_DST_IP: + case LOOKUP_SRC_IP: + case LOOKUP_DST_IP4: + case LOOKUP_SRC_IP4: + bprintf(bp, "lookup %s:%s %s", key, + inet_ntoa(l->ip4), t); + break; + case LOOKUP_DST_MAC: + case LOOKUP_SRC_MAC: + bprintf(bp, "lookup %s:%s %s", key, + ether_ntoa((const struct ether_addr *)&l->mac), t); + break; + default: + bprintf(bp, "lookup %s:%#x %s", + (key != NULL ? key : ""), + l->u32, t); + } + return; + } + case O_IP_DST_LOOKUP: case O_IP_SRC_LOOKUP: t = table_search_ctlv(fo->tstate, insntoc(&cmd->o, kidx)->kidx); + /* + * XXX: compatibility layer, to be removed. + * Properly show rules loaded into new kernel modules by + * an old ipfw binary. + */ + if (IPFW_LOOKUP_MASKING(&cmd->o) != 0 && + len == F_INSN_SIZE(ipfw_insn_table)) { + key = match_value(lookup_keys, + IPFW_LOOKUP_TYPE(&cmd->o)); + bprintf(bp, "lookup %s:%#x %s", + (key != NULL ? key : ""), + insntoc(&cmd->o, table)->value, t); + return; + } bprintf(bp, "table(%s", t); - if (len == F_INSN_SIZE(ipfw_insn_table)) - print_tvalue(bp, insntoc(&cmd->o, table)); + if (IPFW_LOOKUP_MATCH_TVALUE(&cmd->o) != 0) + print_tvalue(bp, l); bprintf(bp, ")"); return; } @@ -1470,15 +1526,14 @@ static void print_mac_lookup(struct buf_pr *bp, const struct format_opts *fo, const ipfw_insn *cmd) { - uint32_t len = F_LEN(cmd); char *t; bprintf(bp, " "); t = table_search_ctlv(fo->tstate, insntoc(cmd, kidx)->kidx); bprintf(bp, "table(%s", t); - if (len == F_INSN_SIZE(ipfw_insn_table)) - print_tvalue(bp, insntoc(cmd, table)); + if (IPFW_LOOKUP_MATCH_TVALUE(cmd) != 0) + print_tvalue(bp, insntoc(cmd, lookup)); bprintf(bp, ")"); } @@ -1643,6 +1698,8 @@ print_instruction(struct buf_pr *bp, const struct format_opts *fo, case O_IP_SRC_SET: if (state->flags & HAVE_SRCIP) bprintf(bp, " src-ip"); + /* FALLTHROUGH */ + case O_TABLE_LOOKUP: print_ip(bp, fo, insntoc(cmd, ip)); break; case O_IP_DST: @@ -1767,8 +1824,8 @@ print_instruction(struct buf_pr *bp, const struct format_opts *fo, s = table_search_ctlv(fo->tstate, insntoc(cmd, kidx)->kidx); bprintf(bp, " flow table(%s", s); - if (F_LEN(cmd) == F_INSN_SIZE(ipfw_insn_table)) - print_tvalue(bp, insntoc(cmd, table)); + if (IPFW_LOOKUP_MATCH_TVALUE(cmd) != 0) + print_tvalue(bp, insntoc(cmd, lookup)); bprintf(bp, ")"); break; case O_IPID: @@ -3304,8 +3361,11 @@ pack_table(struct tidx *tstate, const char *name) return (pack_object(tstate, name, IPFW_TLV_TBL_NAME)); } +/* + * Parse table(NAME, value) and table(NAME,key=value) + */ static void -fill_table_value(ipfw_insn *cmd, char *s) +fill_table_value(ipfw_insn_lookup *cmd, char *s) { char *p; int i; @@ -3322,8 +3382,20 @@ fill_table_value(ipfw_insn *cmd, char *s) p = s; } - IPFW_SET_TVALUE_TYPE(cmd, i); - insntod(cmd, table)->value = strtoul(p, NULL, 0); + IPFW_SET_TVALUE_TYPE(&cmd->o, i); + + if (i == TVALUE_NH6) { + if (inet_pton(AF_INET6, p, &cmd->ip6) != 1) + errx(EX_USAGE, "invalid IPv6 address provided"); + /* mask in a dotted-quad notation */ + } else if (strchr(p, '.') != NULL) { + if (inet_aton(p, &cmd->ip4) != 1) + errx(EX_USAGE, "invalid IPv4 address provided"); + if (i == TVALUE_NH4) + return; + cmd->u32 = ntohl(cmd->u32); + } else + cmd->u32 = strtoul(p, NULL, 0); } void @@ -3344,9 +3416,11 @@ fill_table(ipfw_insn *cmd, char *av, uint8_t opcode, struct tidx *tstate) cmd->opcode = opcode; if (p) { - cmd->len |= F_INSN_SIZE(ipfw_insn_table); - fill_table_value(cmd, p); + cmd->len |= F_INSN_SIZE(ipfw_insn_lookup); + IPFW_SET_LOOKUP_MATCH_TVALUE(cmd, 1); + fill_table_value(insntod(cmd, lookup), p); } else { + /* table(NAME) */ IPFW_SET_LOOKUP_TYPE(cmd, LOOKUP_NONE); cmd->len |= F_INSN_SIZE(ipfw_insn_kidx); } @@ -4125,6 +4199,38 @@ get_divert_port(const char *arg, const char *action) return (ntohs(s->s_port)); } +static void +get_lookup_bitmask(int ltype, ipfw_insn_lookup *cmd, const char *src) +{ + struct ether_addr *mac; + const char *macset = "0123456789abcdefABCDEF:"; + + if (ltype == LOOKUP_SRC_IP6 || ltype == LOOKUP_DST_IP6) { + if (inet_pton(AF_INET6, src, &cmd->ip6) != 1) + errx(EX_USAGE, "invalid IPv6 mask provided"); + return; + } else if (ltype == LOOKUP_SRC_MAC || ltype == LOOKUP_DST_MAC) { + if (strspn(src, macset) != strlen(src) || + (mac = ether_aton(src)) == NULL) + errx(EX_DATAERR, "Incorrect MAC address"); + + bcopy(mac, cmd->mac, ETHER_ADDR_LEN); + return; + /* mask in a dotted-quad notation */ + } else if (strchr(src, '.') != NULL) { + if (inet_aton(src, &cmd->ip4) != 1) + errx(EX_USAGE, "invalid dotted-quad mask provided"); + switch (ltype) { + case LOOKUP_SRC_IP4: + case LOOKUP_DST_IP4: + return; + } + cmd->u32 = ntohl(cmd->u32); + return; + } + cmd->u32 = strtoul(src, NULL, 0); +} + /* * Parse arguments and assemble the microinstructions which make up a rule. * Rules are added into the 'rulebuf' and then copied in the correct order @@ -5447,13 +5553,13 @@ read_options: case TOK_LOOKUP: { /* optional mask for some LOOKUP types */ - ipfw_insn_table *c = insntod(cmd, table); + ipfw_insn_lookup *c = insntod(cmd, lookup); char *lkey; if (!av[0] || !av[1]) errx(EX_USAGE, "format: lookup argument tablenum"); - cmd->opcode = O_IP_DST_LOOKUP; + cmd->opcode = O_TABLE_LOOKUP; lkey = strsep(av, ":"); i = match_token(lookup_keys, lkey); @@ -5470,18 +5576,21 @@ read_options: case LOOKUP_DSCP: case LOOKUP_MARK: case LOOKUP_RULENUM: + case LOOKUP_SRC_MAC: + case LOOKUP_DST_MAC: + case LOOKUP_SRC_IP6: + case LOOKUP_DST_IP6: + case LOOKUP_SRC_IP4: + case LOOKUP_DST_IP4: break; default: errx(EX_USAGE, "masked lookup is not supported " "for %s", lkey); } - cmd->len |= F_INSN_SIZE(ipfw_insn_table); - c->value = strtoul(*av, NULL, 0); - if (c->value == 0) - errx(EX_USAGE, - "all-zeroes bitmask for lookup " - "is meaningless"); + cmd->len |= F_INSN_SIZE(ipfw_insn_lookup); + IPFW_SET_LOOKUP_MASKING(cmd, 1); + get_lookup_bitmask(i, c, *av); } else { cmd->len |= F_INSN_SIZE(ipfw_insn_kidx); } diff --git a/sbin/ipfw/tests/test_add_rule.py b/sbin/ipfw/tests/test_add_rule.py index c2c4bf0b360c..4360c5f87c15 100755 --- a/sbin/ipfw/tests/test_add_rule.py +++ b/sbin/ipfw/tests/test_add_rule.py @@ -37,7 +37,11 @@ from atf_python.sys.netpfil.ipfw.insns import InsnProto from atf_python.sys.netpfil.ipfw.insns import InsnReject from atf_python.sys.netpfil.ipfw.insns import InsnTable from atf_python.sys.netpfil.ipfw.insns import InsnU32 +from atf_python.sys.netpfil.ipfw.insns import InsnKidx +from atf_python.sys.netpfil.ipfw.insns import InsnLookup from atf_python.sys.netpfil.ipfw.insns import IpFwOpcode +from atf_python.sys.netpfil.ipfw.insn_headers import IpFwTableLookupType +from atf_python.sys.netpfil.ipfw.insn_headers import IpFwTableValueType from atf_python.sys.netpfil.ipfw.ioctl import CTlv from atf_python.sys.netpfil.ipfw.ioctl import CTlvRule from atf_python.sys.netpfil.ipfw.ioctl import IpFwTlvType @@ -153,14 +157,226 @@ class TestAddRule(BaseTest): NTlv(IpFwTlvType.IPFW_TLV_TBL_NAME, idx=2, name="BBB"), ], "insns": [ - InsnU32(IpFwOpcode.O_IP_SRC_LOOKUP, u32=1), - InsnU32(IpFwOpcode.O_IP_DST_LOOKUP, u32=2), + InsnKidx(IpFwOpcode.O_IP_SRC_LOOKUP, kidx=1), + InsnKidx(IpFwOpcode.O_IP_DST_LOOKUP, kidx=2), InsnEmpty(IpFwOpcode.O_ACCEPT), ], }, }, id="test_tables", ), + pytest.param( + { + "in": "add allow ip from table(AAA) to any lookup dst-ip BBB", + "out": { + "objs": [ + NTlv(IpFwTlvType.IPFW_TLV_TBL_NAME, idx=1, name="AAA"), + NTlv(IpFwTlvType.IPFW_TLV_TBL_NAME, idx=2, name="BBB"), + ], + "insns": [ + InsnKidx(IpFwOpcode.O_IP_SRC_LOOKUP, kidx=1), + InsnLookup(IpFwOpcode.O_TABLE_LOOKUP, + kidx=2, + arg1=InsnLookup.compile_arg1(lookup_type=IpFwTableLookupType.LOOKUP_DST_IP), + ), + InsnEmpty(IpFwOpcode.O_ACCEPT), + ], + }, + }, + id="test_tables_lookup_no_mask", + ), + pytest.param( + { + "in": "add allow ip from table(AAA) to any lookup mark:0xf00baa1 BBB", + "out": { + "objs": [ + NTlv(IpFwTlvType.IPFW_TLV_TBL_NAME, idx=1, name="AAA"), + NTlv(IpFwTlvType.IPFW_TLV_TBL_NAME, idx=2, name="BBB"), + ], + "insns": [ + InsnKidx(IpFwOpcode.O_IP_SRC_LOOKUP, kidx=1), + InsnLookup(IpFwOpcode.O_TABLE_LOOKUP, + kidx=2, + arg1=InsnLookup.compile_arg1(lookup_type=IpFwTableLookupType.LOOKUP_MARK, bitmask=True), + bitmask=0xf00baa1), + InsnEmpty(IpFwOpcode.O_ACCEPT), + ], + }, + }, + id="test_tables_lookup_u32_mask", + ), + pytest.param( + { + "in": "add allow ip from table(AAA) to any lookup src-mac:1a:2b:3c:4d:5e:6f BBB", + "out": { + "objs": [ + NTlv(IpFwTlvType.IPFW_TLV_TBL_NAME, idx=1, name="AAA"), + NTlv(IpFwTlvType.IPFW_TLV_TBL_NAME, idx=2, name="BBB"), + ], + "insns": [ + InsnKidx(IpFwOpcode.O_IP_SRC_LOOKUP, kidx=1), + InsnLookup(IpFwOpcode.O_TABLE_LOOKUP, + kidx=2, + arg1=InsnLookup.compile_arg1(lookup_type=IpFwTableLookupType.LOOKUP_SRC_MAC, bitmask=True), + bitmask="1a:2b:3c:4d:5e:6f"), + InsnEmpty(IpFwOpcode.O_ACCEPT), + ], + }, + }, + id="test_tables_lookup_mac_mask", + ), + pytest.param( + { + "in": "add allow ip from table(AAA) to any lookup dst-ip4:1715004 BBB", + "out": { + "objs": [ + NTlv(IpFwTlvType.IPFW_TLV_TBL_NAME, idx=1, name="AAA"), + NTlv(IpFwTlvType.IPFW_TLV_TBL_NAME, idx=2, name="BBB"), + ], + "insns": [ + InsnKidx(IpFwOpcode.O_IP_SRC_LOOKUP, kidx=1), + InsnLookup(IpFwOpcode.O_TABLE_LOOKUP, + kidx=2, + arg1=InsnLookup.compile_arg1(lookup_type=IpFwTableLookupType.LOOKUP_DST_IP4, bitmask=True), + bitmask="60.43.26.0"), + InsnEmpty(IpFwOpcode.O_ACCEPT), + ], + }, + }, + id="test_tables_lookup_dst_ip4_numeric", + ), + pytest.param( + { + "in": "add allow ip from table(AAA) to any lookup src-ip4:0.0.0.255 BBB", + "out": { + "objs": [ + NTlv(IpFwTlvType.IPFW_TLV_TBL_NAME, idx=1, name="AAA"), + NTlv(IpFwTlvType.IPFW_TLV_TBL_NAME, idx=2, name="BBB"), + ], + "insns": [ + InsnKidx(IpFwOpcode.O_IP_SRC_LOOKUP, kidx=1), + InsnLookup(IpFwOpcode.O_TABLE_LOOKUP, + kidx=2, + arg1=InsnLookup.compile_arg1(lookup_type=IpFwTableLookupType.LOOKUP_SRC_IP4, bitmask=True), + bitmask="0.0.0.255"), + InsnEmpty(IpFwOpcode.O_ACCEPT), + ], + }, + }, + id="test_tables_lookup_src_ip4_addr", + ), + pytest.param( + { + "in": "add allow ip from table(AAA) to any lookup jail:0.0.252.128 BBB", + "out": { + "objs": [ + NTlv(IpFwTlvType.IPFW_TLV_TBL_NAME, idx=1, name="AAA"), + NTlv(IpFwTlvType.IPFW_TLV_TBL_NAME, idx=2, name="BBB"), + ], + "insns": [ + InsnKidx(IpFwOpcode.O_IP_SRC_LOOKUP, kidx=1), + InsnLookup(IpFwOpcode.O_TABLE_LOOKUP, + kidx=2, + arg1=InsnLookup.compile_arg1(lookup_type=IpFwTableLookupType.LOOKUP_JAIL, bitmask=True), + bitmask=64640), + InsnEmpty(IpFwOpcode.O_ACCEPT), + ], + }, + }, + id="test_tables_lookup_jail_addr", + ), + pytest.param( + { + "in": "add allow ip from table(AAA) to any lookup dst-ip6:ffff:ffff:f00:baaa:b00c:: BBB", + "out": { + "objs": [ + NTlv(IpFwTlvType.IPFW_TLV_TBL_NAME, idx=1, name="AAA"), + NTlv(IpFwTlvType.IPFW_TLV_TBL_NAME, idx=2, name="BBB"), + ], + "insns": [ + InsnKidx(IpFwOpcode.O_IP_SRC_LOOKUP, kidx=1), + InsnLookup(IpFwOpcode.O_TABLE_LOOKUP, + kidx=2, + arg1=InsnLookup.compile_arg1(lookup_type=IpFwTableLookupType.LOOKUP_DST_IP6, bitmask=True), + bitmask="ffff:ffff:f00:baaa:b00c::"), + InsnEmpty(IpFwOpcode.O_ACCEPT), + ], + }, + }, + id="test_tables_lookup_dst_ip6", + ), + pytest.param( + { + "in": "add allow ip from table(AAA,16777215) to any", + "out": { + "objs": [ + NTlv(IpFwTlvType.IPFW_TLV_TBL_NAME, idx=1, name="AAA"), + ], + "insns": [ + InsnLookup(IpFwOpcode.O_IP_SRC_LOOKUP, + kidx=1, + arg1=InsnLookup.compile_arg1(value_type=IpFwTableValueType.TVALUE_TAG), + value=16777215), + InsnEmpty(IpFwOpcode.O_ACCEPT), + ], + }, + }, + id="test_tables_check_value_legacy", + ), + pytest.param( + { + "in": "add allow ip from table(AAA,nat=1231) to any", + "out": { + "objs": [ + NTlv(IpFwTlvType.IPFW_TLV_TBL_NAME, idx=1, name="AAA"), + ], + "insns": [ + InsnLookup(IpFwOpcode.O_IP_SRC_LOOKUP, + kidx=1, + arg1=InsnLookup.compile_arg1(value_type=IpFwTableValueType.TVALUE_NAT), + value=1231), + InsnEmpty(IpFwOpcode.O_ACCEPT), + ], + }, + }, + id="test_tables_check_value_nat", + ), + pytest.param( + { + "in": "add allow ip from table(AAA,nh4=10.20.30.40) to any", + "out": { + "objs": [ + NTlv(IpFwTlvType.IPFW_TLV_TBL_NAME, idx=1, name="AAA"), + ], + "insns": [ + InsnLookup(IpFwOpcode.O_IP_SRC_LOOKUP, + kidx=1, + arg1=InsnLookup.compile_arg1(value_type=IpFwTableValueType.TVALUE_NH4), + value="10.20.30.40"), + InsnEmpty(IpFwOpcode.O_ACCEPT), + ], + }, + }, + id="test_tables_check_value_nh4", + ), + pytest.param( + { + "in": "add allow ip from table(AAA,nh6=ff02:1234:b00c::abcd) to any", + "out": { + "objs": [ + NTlv(IpFwTlvType.IPFW_TLV_TBL_NAME, idx=1, name="AAA"), + ], + "insns": [ + InsnLookup(IpFwOpcode.O_IP_SRC_LOOKUP, + kidx=1, + arg1=InsnLookup.compile_arg1(value_type=IpFwTableValueType.TVALUE_NH6), + value="ff02:1234:b00c::abcd"), + InsnEmpty(IpFwOpcode.O_ACCEPT), + ], + }, + }, + id="test_tables_check_value_nh6", + ), pytest.param( { "in": "add allow ip from any to 1.2.3.4 // test comment", @@ -183,7 +399,7 @@ class TestAddRule(BaseTest): ], "insns": [ InsnIp(IpFwOpcode.O_IP_DST, ip="1.2.3.4"), - InsnU32(IpFwOpcode.O_EXTERNAL_ACTION, u32=1), + InsnKidx(IpFwOpcode.O_EXTERNAL_ACTION, kidx=1), Insn(IpFwOpcode.O_EXTERNAL_DATA, arg1=123), ], }, @@ -192,20 +408,20 @@ class TestAddRule(BaseTest): ), pytest.param( { - "in": "add eaction ntpv6 AAA ip from any to 1.2.3.4", + "in": "add eaction nptv6 AAA ip from any to 1.2.3.4", "out": { "objs": [ - NTlv(IpFwTlvType.IPFW_TLV_EACTION, idx=1, name="ntpv6"), + NTlv(IpFwTlvType.IPFW_TLV_EACTION, idx=1, name="nptv6"), NTlv(0, idx=2, name="AAA"), ], "insns": [ InsnIp(IpFwOpcode.O_IP_DST, ip="1.2.3.4"), - InsnU32(IpFwOpcode.O_EXTERNAL_ACTION, u32=1), - InsnU32(IpFwOpcode.O_EXTERNAL_INSTANCE, u32=2), + InsnKidx(IpFwOpcode.O_EXTERNAL_ACTION, kidx=1), + InsnKidx(IpFwOpcode.O_EXTERNAL_INSTANCE, kidx=2), ], }, }, - id="test_eaction_ntp", + id="test_eaction_nptv6", ), pytest.param( { @@ -228,7 +444,7 @@ class TestAddRule(BaseTest): ], "insns": [ InsnComment(comment="test comment"), - InsnU32(IpFwOpcode.O_CHECK_STATE, u32=1), + InsnKidx(IpFwOpcode.O_CHECK_STATE, kidx=1), ], }, }, @@ -242,9 +458,9 @@ class TestAddRule(BaseTest): NTlv(IpFwTlvType.IPFW_TLV_STATE_NAME, idx=1, name="OUT"), ], "insns": [ - InsnU32(IpFwOpcode.O_PROBE_STATE, u32=1), + InsnKidx(IpFwOpcode.O_PROBE_STATE, kidx=1), Insn(IpFwOpcode.O_PROTO, arg1=6), - InsnU32(IpFwOpcode.O_KEEP_STATE, u32=1), + InsnKidx(IpFwOpcode.O_KEEP_STATE, kidx=1), InsnEmpty(IpFwOpcode.O_ACCEPT), ], }, @@ -260,7 +476,7 @@ class TestAddRule(BaseTest): ], "insns": [ Insn(IpFwOpcode.O_PROTO, arg1=6), - InsnU32(IpFwOpcode.O_KEEP_STATE, u32=1), + InsnKidx(IpFwOpcode.O_KEEP_STATE, kidx=1), InsnEmpty(IpFwOpcode.O_ACCEPT), ], }, @@ -373,6 +589,9 @@ class TestAddRule(BaseTest): pytest.param( ("skipto 42", InsnU32(IpFwOpcode.O_SKIPTO, u32=42)), id="skipto_42" ), + pytest.param( + ("skipto 4200", InsnU32(IpFwOpcode.O_SKIPTO, u32=4200)), id="skipto_4200" + ), pytest.param( ("netgraph 42", Insn(IpFwOpcode.O_NETGRAPH, arg1=42)), id="netgraph_42" ), diff --git a/sys/netinet/ip_fw.h b/sys/netinet/ip_fw.h index 51e68c310915..1c5bc9517c0f 100644 --- a/sys/netinet/ip_fw.h +++ b/sys/netinet/ip_fw.h @@ -216,8 +216,8 @@ enum ipfw_opcodes { /* arguments (4 byte each) */ O_VERREVPATH = 36, /* none */ O_VERSRCREACH = 37, /* none */ - O_PROBE_STATE = 38, /* v0:arg1=kidx, v1:kidx=kidx */ - O_KEEP_STATE = 39, /* v0:arg1=kidx, v1:kidx=kidx */ + O_PROBE_STATE = 38, /* kidx=kidx */ + O_KEEP_STATE = 39, /* kidx=kidx */ O_LIMIT = 40, /* ipfw_insn_limit */ O_LIMIT_PARENT = 41, /* dyn_type, not an opcode. */ @@ -228,13 +228,12 @@ enum ipfw_opcodes { /* arguments (4 byte each) */ O_LOG = 42, /* ipfw_insn_log */ O_PROB = 43, /* u32 = match probability */ - O_CHECK_STATE = 44, /* v0:arg1=kidx, v1:kidx=kidx */ + O_CHECK_STATE = 44, /* kidx=kidx */ O_ACCEPT = 45, /* none */ O_DENY = 46, /* none */ O_REJECT = 47, /* arg1=icmp arg (same as deny) */ O_COUNT = 48, /* none */ - O_SKIPTO = 49, /* v0:arg1=next rule number */ - /* v1:kidx= next rule number */ + O_SKIPTO = 49, /* u32= next rule number */ O_PIPE = 50, /* arg1=pipe number */ O_QUEUE = 51, /* arg1=queue number */ O_DIVERT = 52, /* arg1=port number */ @@ -248,10 +247,12 @@ enum ipfw_opcodes { /* arguments (4 byte each) */ * More opcodes. */ O_IPSEC = 58, /* has ipsec history */ - O_IP_SRC_LOOKUP = 59, /* v0:arg1=table number, u32=value */ - /* v1:kidx=name, u32=value, arg1=key */ - O_IP_DST_LOOKUP = 60, /* arg1=table number, u32=value */ - /* v1:kidx=name, u32=value, arg1=key */ + O_IP_SRC_LOOKUP = 59, /* kidx=name */ + /* lookup: kidx=name, arg1=key */ + /* and flags, bitmask */ + O_IP_DST_LOOKUP = 60, /* kidx=name */ + /* lookup: kidx=name, arg1=key */ + /* and flags, bitmask */ O_ANTISPOOF = 61, /* none */ O_JAIL = 62, /* u32 = id */ O_ALTQ = 63, /* u32 = altq classif. qid */ *** 1427 LINES SKIPPED *** From nobody Wed Mar 25 00:46:57 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fgSsZ3w7Fz6WSDW for ; Wed, 25 Mar 2026 00:46:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fgSsZ1LLmz3Ncq for ; Wed, 25 Mar 2026 00:46:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774399618; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9kR+9UZrrjdIr7cgKx9F+5/B0IBhYWB9Bpm4kDtjvAY=; b=CcZPGewy2hfVmKT/mDgDkl8KwsHQxmKcEHZ4HzwH9bfRwbt1EizkhypbMQ5jivz4NVQuJ3 qn+3Ij4A7miu7/Hwkky0yYSwiQCgURIszE5LjOnstJYxIgzuCAJ6ljxuk90Igm5ygBgtBY uaoZv+qGfzsDl/SWN8gQlh765FVrS2sd33OCfGTMJFmhfEWWNxWWu5fHL5C2sKzjHuob7+ oB692PtkdrNJ9qKOx3LKdPJR9uIJaqD7gODVJn1Hholhiip08qkzoKlhDWD5cDAvb3L6Ju dJVp79HRa2Fz7Qx/SVrKb+W1CusCPV1aYZvudMF2MkA0zpNzhQ1pnDGTQ/ankQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774399618; a=rsa-sha256; cv=none; b=aRQ/X5CTkpBwMs4V2T7WiuGfA1JIBDe39xwR+jYOJn4GzhrxkXwT/CP4HFe05J5zUaKvfz pLkgcPQm3gdG7dcPrdW5xpM6FCoklSRAIcw31RZV/83rqxOrRSMOdYkdjUGB5jKsqsQny7 mSdVC89UPGPS1GboAp8G7aF5koX8Bb1IQ80lal+GfI2ea6p7TLr0ttNpg0yjNK8Tpc1OBW CwEYP1JBXMunMZOqWfs0LMi3TzXtnfmbeWK4D+New8tWaBjNyznJx9aiBNWc3PiCDhCAFF Dvt8lReQSQ+smcY1iZvQ8blG3UcEq4TKrIdbxWpQXGjqzFKVIrFvMgVuob9TEg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774399618; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9kR+9UZrrjdIr7cgKx9F+5/B0IBhYWB9Bpm4kDtjvAY=; b=m0grYH7QouDYKjUqtFgnv2FZ26KgAwDzZrKiw+S+Qdxvs3jnYVXr6H6vEKex1NwdJ9ed4Q ZcWHIYefsBCrVAH/2LZ7M9yAqfQ1K8/S8BDvzDPjNXh2f+AZlZDIzcF3xpMvZLrTsU5AHs HsmPEdkpFSfWyqwQ3g79zh2t0sTBVUIJSIHFVCN6AC94ohE/J2UTLkCLF3Ox6g/wQcxuLN SbMHJzOyhlT6mvBGppzzgnZ1H+esHYDh9JJQJJqqu0cF2iFwqCSY6wbzTouGNcCXxsi5K2 7W9QO2w+rSc8RR/vng4gvtmqACXu0OW/b1utVftDYcjlsgz85omO09IlzQtVtg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fgSsZ0B5TzjnP for ; Wed, 25 Mar 2026 00:46:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3b66f by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 25 Mar 2026 00:46:57 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Dag-Erling=?utf-8?Q? Sm=C3=B8rg?=rav Subject: git: f174c040a4f3 - stable/15 - realpath: Improve prev_len logic List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: f174c040a4f3e00f9111789d3c9b84aea447a29f Auto-Submitted: auto-generated Date: Wed, 25 Mar 2026 00:46:57 +0000 Message-Id: <69c33081.3b66f.106c1e9a@gitrepo.freebsd.org> The branch stable/15 has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=f174c040a4f3e00f9111789d3c9b84aea447a29f commit f174c040a4f3e00f9111789d3c9b84aea447a29f Author: Dag-Erling Smørgrav AuthorDate: 2026-03-19 01:26:16 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2026-03-25 00:46:43 +0000 realpath: Improve prev_len logic * Save prev_len after having checked for and appended a trailing slash, not before. This requires us to back up if we end up returning a partial result, but previously we would sometimes return a partial result with a trailing slash and sometimes without. * Replace strlcat() with a faster strlcpy() since we know exactly how far into the buffer we are. MFC after: 1 week Sponsored by: Klara, Inc. Reviewed by: kevans Differential Revision: https://reviews.freebsd.org/D55914 (cherry picked from commit 99d295e471bc362a7927047c89472e1ee2d0da6b) --- lib/libc/stdlib/realpath.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/libc/stdlib/realpath.c b/lib/libc/stdlib/realpath.c index 18f29e95ee6b..9dc0cc4d3dd4 100644 --- a/lib/libc/stdlib/realpath.c +++ b/lib/libc/stdlib/realpath.c @@ -98,7 +98,6 @@ realpath1(const char *path, char *resolved) left_len = 0; } - prev_len = resolved_len; if (resolved[resolved_len - 1] != '/') { if (resolved_len + 1 >= PATH_MAX) { errno = ENAMETOOLONG; @@ -129,7 +128,9 @@ realpath1(const char *path, char *resolved) /* * Append the next path component and lstat() it. */ - resolved_len = strlcat(resolved, next_token, PATH_MAX); + prev_len = resolved_len; + resolved_len += strlcpy(resolved + prev_len, next_token, + PATH_MAX - prev_len); if (resolved_len >= PATH_MAX) { errno = ENAMETOOLONG; return (NULL); @@ -141,8 +142,11 @@ realpath1(const char *path, char *resolved) * directory is not a directory. Rewind the path * to correctly indicate where the error lies. */ - if (errno == EACCES || errno == ENOTDIR) + if (errno == EACCES || errno == ENOTDIR) { + if (prev_len > 1) + prev_len--; resolved[prev_len] = '\0'; + } return (NULL); } if (S_ISLNK(sb.st_mode)) { From nobody Wed Mar 25 00:46:59 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fgSsb4SzZz6WSLy for ; Wed, 25 Mar 2026 00:46:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fgSsb21ndz3NV0 for ; Wed, 25 Mar 2026 00:46:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774399619; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/Brt2D0zyjmkuLWAMJ9UIGo5K6IaBNdwCT51CNzOm98=; b=dKiUBXU+R2iH4PQD0pUpE1UxXYS8CbsTVTimgeLRh7stqwpatBN1fRYBlJH3g1G9H+Wr0t CRrnw5YEz0Zjv0AZDZ0HHdnAHpm2k4LuSpSSSMmUe+T9E9j/YsG0C17FJTUyfxNoHrhRtF /hY5RcHk2Ol/x/KYVdjuM1+x6Rb58rSYaljUbMXiE7ZCTwq3pi+oOgi5RqPO1XvbB0+u4U 8Wb6yts+z5LunnYeqx3yEMVJ8rCCXom1KBxCwTnC+brPXmuEnRpMfNIyFSF0lYOUpRR6xl sGuo2FlWIZxLOi6J39WgFRmyl9Sj70BSbvZruV1bWIS6laYnCDEDlPM9qYl92A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774399619; a=rsa-sha256; cv=none; b=iWPTFK0nu0aNngBHeewK1kzPpMtZ+BkQ9L3K4eMZskWul+zDkXpRrtCI+85F6CxD49//ow hyk43rLRNTG7caeW3ZNxOiE6xU6kk9wypg9f1yLlYyM/PLDnfsC6V/+QFCBx5RAsEkzo4S MMw8VRC43aD38zRtcCHRtDzBC69k5ZV2s4SlpRO91TfriE+dVs5OqyUnkPmVE2OFBk5q9A b8mr0d+gnC48sHmRcPibUPhIpbp6xBypG8+bjscE3BkRxFSoLfGT00chAOwo9sE0iGAsfh RGo+O1l60xebL3cFX65jN07OZ9KEVz8WUSsRXApEveNuTU32rIhTs1WlUj2jDQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774399619; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/Brt2D0zyjmkuLWAMJ9UIGo5K6IaBNdwCT51CNzOm98=; b=oauqtGaM5va1sZi054M8hP3NlHcvDeMHSJkg4KeTXzGavczpJMx5uXP/jU0/rT9LUjPWOm JhoYCSz5tzWYm0XeOPe1c/mCUmctQnD1+Iu+6mOZy+QZkzvbqSlbNu3Hx0dBfvDn/3iIUj IZM9rpXxqHi1pml6XLufv9V63Zfxqx8IMfpuSqs5n07N7OEr3Gz/K6Tz1t4Q8fP4gAHkZb 2gZCsrriJFwNUUoW54ubMNOqn0QQMG/stzx0mM6o/falf549czs22M/MEiLSpW1co81tvH YEJ/Gwus0c2PNDfGplvTj39hz36klbVPaVZygPkFxeJ0DyhB8y2fPJ6QCGCgwQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fgSsb0wjtzjb8 for ; Wed, 25 Mar 2026 00:46:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3cdf3 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 25 Mar 2026 00:46:59 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Dag-Erling=?utf-8?Q? Sm=C3=B8rg?=rav Subject: git: 8e987f8e810d - stable/15 - realpath: Improve manual page List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 8e987f8e810de536e86159be803c33c6e44235ee Auto-Submitted: auto-generated Date: Wed, 25 Mar 2026 00:46:59 +0000 Message-Id: <69c33083.3cdf3.222293bc@gitrepo.freebsd.org> The branch stable/15 has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=8e987f8e810de536e86159be803c33c6e44235ee commit 8e987f8e810de536e86159be803c33c6e44235ee Author: Dag-Erling Smørgrav AuthorDate: 2026-03-19 01:26:21 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2026-03-25 00:46:44 +0000 realpath: Improve manual page * Try to make the RETURN VALUES section flow better. * Add basename(3), dirname(3), free(3) to the SEE ALSO section. * Drop the CAVEATS section, which was obsolete the moment realpath(3) was added to the Single Unix Specification in 1994. MFC after: 1 week Sponsored by: Klara, Inc. Reviewed by: kevans Differential Revision: https://reviews.freebsd.org/D55928 (cherry picked from commit 1aecb32021ce46d812db36b9037cdc6f423575f9) --- lib/libc/stdlib/realpath.3 | 36 ++++++++++++------------------------ 1 file changed, 12 insertions(+), 24 deletions(-) diff --git a/lib/libc/stdlib/realpath.3 b/lib/libc/stdlib/realpath.3 index 76f40249963b..a17ddee0b2f1 100644 --- a/lib/libc/stdlib/realpath.3 +++ b/lib/libc/stdlib/realpath.3 @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd October 10, 2025 +.Dd March 18, 2026 .Dt REALPATH 3 .Os .Sh NAME @@ -75,27 +75,24 @@ must exist when is called, and all but the last component must name either directories or symlinks pointing to the directories. .Sh "RETURN VALUES" -The +On success, the .Fn realpath function returns .Fa resolved_path -on success. -If the function was supplied -.Dv NULL -as -.Fa resolved_path , -and operation did not cause errors, the returned value is -a null-terminated string in a buffer allocated by a call to -.Fn malloc 3 . +if it was not +.Dv NULL , +or a pointer to a null-terminated string which must be freed by the +caller if it was. If an error occurs, .Fn realpath returns .Dv NULL , and if .Fa resolved_path -is not +was not .Dv NULL , -the array that it points to contains the pathname which caused the problem. +the array that it points to contains the pathname which caused the +problem. .Sh ERRORS The function .Fn realpath @@ -107,6 +104,9 @@ for any of the errors specified for the library functions and .Xr getcwd 3 . .Sh SEE ALSO +.Xr basename 3 , +.Xr dirname 3 , +.Xr free 3 , .Xr getcwd 3 .Sh STANDARDS The @@ -118,15 +118,3 @@ The .Fn realpath function first appeared in .Bx 4.4 . -.Sh CAVEATS -This implementation of -.Fn realpath -differs slightly from the Solaris implementation. -The -.Bx 4.4 -version always returns absolute pathnames, -whereas the Solaris implementation will, -under certain circumstances, return a relative -.Fa resolved_path -when given a relative -.Fa pathname . From nobody Wed Mar 25 00:47:48 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fgStX2k36z6WSM5 for ; Wed, 25 Mar 2026 00:47:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fgStX0sWRz3PZv for ; Wed, 25 Mar 2026 00:47:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774399668; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4YCoM6/QsJ++LPcvB1F3mYjNFcgXX1JV8opP0S0eenU=; b=e8HVuBmTPDy1WTJ/Qvdt1XkqSEYY52wXSN3cDolhAfMErTYy6kq++s3GUUpgq+RCmJXkXK WnA/CAK1ue24qo9nEp7cjb+oCrntG0r1T+D6zYICwgT8Cbt+hOtTozaup8reg2G/9qE5HJ th12H/3BVqi+Ab0AmWJ5GAjRZbD9TOldzkdnchD4e9fPhh2PhS6gBXsOTkWHtAkqSM4rBC pSxbFwIgcI9k3fsVCQGYT7BlAylABf7zQQBNiQLisRQZRyqdLUhRIt6emS06k4BDb9+z/2 wS8pTZfSUUYqHktlOIKgs0nz9HCIFStlvl+FpI1ONplve23vFDLP9MLjehRcAA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774399668; a=rsa-sha256; cv=none; b=uXVcj5WD7IjyAQQgl/zBl+E7B6YsUxTcPJJcH32wJzvSQxHlsNJHaKI3dTacr/wB5Pqxin QtNevVVu5Sgj91fAZoEVr9qvbsxI+0PlLgP9rNceUrLAis1YnM9ukVZo10pTT0dyPBvM2J wy1cyna0RnvKHP14aI3Nt9bIM8d/7gWKV28yK7/dgkfgclYNBGBEzrpfwt/t9UZ27hkpOa qy0uZB91KBPCtd6MwINLoy2uNoDX3EeSOynJmCUju70AkRNIwSMgFzZAiqr+AW3fM39qVd d3ogn1guyypnwyTTu32JX38H7YyuVTX54ulpWpHU2f/mTucHygGpyN2GKwyF5g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774399668; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4YCoM6/QsJ++LPcvB1F3mYjNFcgXX1JV8opP0S0eenU=; b=jQ2Avql8QWHTUy7GCXHk71ftadGPpC1sAj2GImCgEKXv8YGMDBqlOkKsO28YfKjb+8xyH2 H4Cteyp0+QEVDgJ3GbEVG1BtkNJprWbf72cGey7CPW9vReMReMVXPHHLUpqUatXwGJOGJp XDDX/i9R4Y525FlJFA1VbZCi6TGDc4JLLrWGxOB2btCU+ljEhjZ/dT8eXRzzykIXDTo2VP N/E8M7h7pP8VNAdgGCFut3G8aeBqTJRaI/PgJuGNRAUSS3PZfQN41yhbs0vZBmeAv55aqD EG5X/Y2soayYc3wM5QaY+t2+lXeEry8MArd4Cigp8Sq3bUv5BMpI5GMRWiOP2Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fgStX0GrJzjbB for ; Wed, 25 Mar 2026 00:47:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3cdf7 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 25 Mar 2026 00:47:48 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Dag-Erling=?utf-8?Q? Sm=C3=B8rg?=rav Subject: git: 151ae090159e - stable/14 - realpath: Improve prev_len logic List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 151ae090159eb2c179926de84cf2fc40d687d2cf Auto-Submitted: auto-generated Date: Wed, 25 Mar 2026 00:47:48 +0000 Message-Id: <69c330b4.3cdf7.46076d22@gitrepo.freebsd.org> The branch stable/14 has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=151ae090159eb2c179926de84cf2fc40d687d2cf commit 151ae090159eb2c179926de84cf2fc40d687d2cf Author: Dag-Erling Smørgrav AuthorDate: 2026-03-19 01:26:16 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2026-03-25 00:47:45 +0000 realpath: Improve prev_len logic * Save prev_len after having checked for and appended a trailing slash, not before. This requires us to back up if we end up returning a partial result, but previously we would sometimes return a partial result with a trailing slash and sometimes without. * Replace strlcat() with a faster strlcpy() since we know exactly how far into the buffer we are. MFC after: 1 week Sponsored by: Klara, Inc. Reviewed by: kevans Differential Revision: https://reviews.freebsd.org/D55914 (cherry picked from commit 99d295e471bc362a7927047c89472e1ee2d0da6b) --- lib/libc/stdlib/realpath.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/libc/stdlib/realpath.c b/lib/libc/stdlib/realpath.c index f23a3fd8c58e..8fcdd443d2b8 100644 --- a/lib/libc/stdlib/realpath.c +++ b/lib/libc/stdlib/realpath.c @@ -105,7 +105,6 @@ realpath1(const char *path, char *resolved) left_len = 0; } - prev_len = resolved_len; if (resolved[resolved_len - 1] != '/') { if (resolved_len + 1 >= PATH_MAX) { errno = ENAMETOOLONG; @@ -136,7 +135,9 @@ realpath1(const char *path, char *resolved) /* * Append the next path component and lstat() it. */ - resolved_len = strlcat(resolved, next_token, PATH_MAX); + prev_len = resolved_len; + resolved_len += strlcpy(resolved + prev_len, next_token, + PATH_MAX - prev_len); if (resolved_len >= PATH_MAX) { errno = ENAMETOOLONG; return (NULL); @@ -148,8 +149,11 @@ realpath1(const char *path, char *resolved) * directory is not a directory. Rewind the path * to correctly indicate where the error lies. */ - if (errno == EACCES || errno == ENOTDIR) + if (errno == EACCES || errno == ENOTDIR) { + if (prev_len > 1) + prev_len--; resolved[prev_len] = '\0'; + } return (NULL); } if (S_ISLNK(sb.st_mode)) { From nobody Wed Mar 25 00:47:49 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fgStY3M5zz6WRks for ; Wed, 25 Mar 2026 00:47:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fgStY1WxLz3PF5 for ; Wed, 25 Mar 2026 00:47:49 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774399669; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Et8UYMXoFVBWyePljmGoIrJrtTSitRq3Fy6Z3vlUxFg=; b=EZFHlhwa/hVkpNKQk/TaNkl/s8ohnehw36+sz4G9V92Yhl1Qevkgf5sJasfdKJ/xFEKKFl PD19V3YtnKxd/eCc/RIZtoZOy/IHPss4fxr6Qm9LBofz5/tuRTrItVavOT/xZ2cyugGmHn rizvLNz0wFcxRjYtiX967FvbfaIFePImvI04oktbhUbbAOWfyuST84952tviVUC9uXx0BH r5maG3C3o9Xpeqryi4AFrYebFK2i6RMuVj7hMRB58VHN5+d7SKb8Wv1R3LP670KF6AcRv8 EOreX+3OEIR1uyE8bRTZCWq7UCms9qxMcRnOCPINXpGzDX+08D1eZkRu2Ek+2Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774399669; a=rsa-sha256; cv=none; b=TF4nsrv5fK1EPgnhDl2ahlqpvgNvbEndhpKIpT/qU3nHgrDq1BQzBVIqUm7g3eMHapGy42 W7GdHGBghMIpqxDuWfeoTkKnA8/L2eDqKFGOQPH0RINiArXVA+v62XFR13BOmZQ3OrftlB /d142IUi0nQtrKT7QLSjUOGX2l34EihrrufZdgyeUBAc/BFZEsn5GZ9Qh+bRv3SpODEc2D xtFBV2yn/PaXJg1qTFkuuZnDUAHFCTU2qBxGPHahnPtL82oyBHbmC1BNo51e7o+2EBox5b Q7gVYkXtLygSjbqWyMeZXrukNecr6E3Tt1T1mwePjGmLe+d4kz/0KJVyV74TbA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774399669; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Et8UYMXoFVBWyePljmGoIrJrtTSitRq3Fy6Z3vlUxFg=; b=I+VMkBpU01LtmittHtuCPGUUpMmhCPaum/Qu4JpNj3aU8msq06U6+L37oRqDcz8ESgeaCr Bz9hcegreSpbZuE7JtS2D11ABF45qvefg8J7n4hVEbvvaYwyHMW/Jo2yR7C2p53pfYsUrX NY2f01FAr6m91aTe9m9iZ5clAuSDm4bfeJ39sX+gcj1KCzJXfrI0FJvZylThfOMMjQRFZo 0XLGIEeHbuIuN0W+5TpeC+OraddRQnyh0VIHbBqwQZnwVd5LizAYs1Yavsr2Ux01Yuix7a byRx9Nl9V5RJkCrKFqeyo4jx611NqQLJsnUlaC1HB/I4ArGQLwJEUlHviky3XA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fgStY17CRzjnQ for ; Wed, 25 Mar 2026 00:47:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3d49b by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 25 Mar 2026 00:47:49 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Dag-Erling=?utf-8?Q? Sm=C3=B8rg?=rav Subject: git: f5b8309b9f63 - stable/14 - realpath: Improve manual page List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: f5b8309b9f634f1ca0aaeb69823470db93048208 Auto-Submitted: auto-generated Date: Wed, 25 Mar 2026 00:47:49 +0000 Message-Id: <69c330b5.3d49b.3af11c40@gitrepo.freebsd.org> The branch stable/14 has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=f5b8309b9f634f1ca0aaeb69823470db93048208 commit f5b8309b9f634f1ca0aaeb69823470db93048208 Author: Dag-Erling Smørgrav AuthorDate: 2026-03-19 01:26:21 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2026-03-25 00:47:45 +0000 realpath: Improve manual page * Try to make the RETURN VALUES section flow better. * Add basename(3), dirname(3), free(3) to the SEE ALSO section. * Drop the CAVEATS section, which was obsolete the moment realpath(3) was added to the Single Unix Specification in 1994. MFC after: 1 week Sponsored by: Klara, Inc. Reviewed by: kevans Differential Revision: https://reviews.freebsd.org/D55928 (cherry picked from commit 1aecb32021ce46d812db36b9037cdc6f423575f9) --- lib/libc/stdlib/realpath.3 | 36 ++++++++++++------------------------ 1 file changed, 12 insertions(+), 24 deletions(-) diff --git a/lib/libc/stdlib/realpath.3 b/lib/libc/stdlib/realpath.3 index 28381b00bbc7..ec2617454a24 100644 --- a/lib/libc/stdlib/realpath.3 +++ b/lib/libc/stdlib/realpath.3 @@ -30,7 +30,7 @@ .\" .\" @(#)realpath.3 8.2 (Berkeley) 2/16/94 .\" -.Dd October 10, 2025 +.Dd March 18, 2026 .Dt REALPATH 3 .Os .Sh NAME @@ -77,27 +77,24 @@ must exist when is called, and all but the last component must name either directories or symlinks pointing to the directories. .Sh "RETURN VALUES" -The +On success, the .Fn realpath function returns .Fa resolved_path -on success. -If the function was supplied -.Dv NULL -as -.Fa resolved_path , -and operation did not cause errors, the returned value is -a null-terminated string in a buffer allocated by a call to -.Fn malloc 3 . +if it was not +.Dv NULL , +or a pointer to a null-terminated string which must be freed by the +caller if it was. If an error occurs, .Fn realpath returns .Dv NULL , and if .Fa resolved_path -is not +was not .Dv NULL , -the array that it points to contains the pathname which caused the problem. +the array that it points to contains the pathname which caused the +problem. .Sh ERRORS The function .Fn realpath @@ -109,6 +106,9 @@ for any of the errors specified for the library functions and .Xr getcwd 3 . .Sh SEE ALSO +.Xr basename 3 , +.Xr dirname 3 , +.Xr free 3 , .Xr getcwd 3 .Sh STANDARDS The @@ -120,15 +120,3 @@ The .Fn realpath function first appeared in .Bx 4.4 . -.Sh CAVEATS -This implementation of -.Fn realpath -differs slightly from the Solaris implementation. -The -.Bx 4.4 -version always returns absolute pathnames, -whereas the Solaris implementation will, -under certain circumstances, return a relative -.Fa resolved_path -when given a relative -.Fa pathname . From nobody Wed Mar 25 01:29:47 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fgTq53Gltz6WVWZ for ; Wed, 25 Mar 2026 01:29:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fgTq51TQKz3Sc0 for ; Wed, 25 Mar 2026 01:29:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774402193; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=IYu01j6dTLa3vbanWq0TlpBseUo3mSDw7JqzzsYBWVc=; b=aFWUL+EDyODC/O59xVW9O2oMR0BKR8TwaakstWBBgFcSbaguthstX668z6wKfdZOu/Agxk vYxj5HKWPZ1wzoybgt7T0WhBJ9sT3pOyWg+wPKmUxKD5+w4AyAa4p9R7aKNShdc69d3jli ppmOhBu+U6kEplwV2WYNl0YufevhmxoI+QIvRZqStVu5K/1yuziOPpr6u1aPb/Cfyb6y6z ytY9t9a4QiO5tva8Y6mO6aDnB2RVATGheUiT9Up9MTh/svVQFNGDeYcaqPcLOw4F63YYDt LaJU6ngE6Yy5osoiz+lvi9eirBZhuPFtYaBpIr0LxbcukWiP3ZHZ/v7CxWeAtw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774402193; a=rsa-sha256; cv=none; b=TgzogCDII5Mk5R9pAPZRnRVq20XnMt4cKcBfwMLklgnlbM4lZ3+ij81FUm1rZhww4iTu7M FwPmTxj0bOQZjsDv4CajsnByUbrDt1mBR5JlI3G9c+S7cCWu4NvgVqaQppfN+xWotH2vr8 3eojGVC2M8HSIBhJ3WNUykiTMZRr6kETO3poU5B25m7lo/4qe3SQR80N7PcFHJsbzS+HX3 c6spTXLSbXeKtQDpd+1yIhN1hrA6cudhE8Eue96OfYgb4CgzXEBo83fQfbMGxq/23XP+Aw 88ZBpEGfzStgS9Pcg8EdZieUyJ/sFLhPv8sBgFAQpUmKU7QVmrlMdKoQNfXyBg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774402193; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=IYu01j6dTLa3vbanWq0TlpBseUo3mSDw7JqzzsYBWVc=; b=PT3uGp1RRldVow5WZUTZvU0RydueszaG8hzFeFJm/nLeSwONlvqp4qMiIfL+rTlP98vUMP DmUpKoLEfqE9gRKSwZ1O289hxhIKjB9zFAJMW8xTavxFZJiCv9NG3YFhXDfcnFqW+VhXqc B+dabjca0v8xC8kcUBimPxCH5wNfcHtcmsVOIWneQ9aal27bvuqLGpJrLU7TVbWEObwyFs tp3Sm1SoUiXf+3D+Anz0kBwicYy4ystbbaBCzApod9UKyLGhf07wGk2ob2S3E2ufGoABy/ tAxMJpFlHg7mb7NKOKLvvI7tS1VcDhT7fE5jRenGyq5Rn4I8ZUs+xFfbL0IVXg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fgTq50bSbzkml for ; Wed, 25 Mar 2026 01:29:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 196db by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 25 Mar 2026 01:29:47 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Mariusz Zaborski From: Mark Johnston Subject: git: b1d32521747f - stable/15 - nvmf: Fix null ptr reference List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: b1d32521747f42aea751d2742d26eb53e81952c6 Auto-Submitted: auto-generated Date: Wed, 25 Mar 2026 01:29:47 +0000 Message-Id: <69c33a8b.196db.2ca67e84@gitrepo.freebsd.org> The branch stable/15 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=b1d32521747f42aea751d2742d26eb53e81952c6 commit b1d32521747f42aea751d2742d26eb53e81952c6 Author: Mariusz Zaborski AuthorDate: 2026-03-23 14:37:28 +0000 Commit: Mark Johnston CommitDate: 2026-03-25 01:27:40 +0000 nvmf: Fix null ptr reference Reported by: Nikolay Denev Reviewed by: imp, jhb Differential Revision: https://reviews.freebsd.org/D55863 (cherry picked from commit 09c5bb35425bc70573c007e7f7e82be286677a87) --- sys/dev/nvmf/controller/nvmft_controller.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/nvmf/controller/nvmft_controller.c b/sys/dev/nvmf/controller/nvmft_controller.c index 390467534ca2..24aa1191b1eb 100644 --- a/sys/dev/nvmf/controller/nvmft_controller.c +++ b/sys/dev/nvmf/controller/nvmft_controller.c @@ -213,7 +213,7 @@ nvmft_handoff_io_queue(struct nvmft_port *np, enum nvmf_trtype trtype, if (ctrlr == NULL) { mtx_unlock(&np->lock); printf("NVMFT: Nonexistent controller %u for I/O queue %u from %.*s\n", - ctrlr->cntlid, qid, (int)sizeof(data->hostnqn), + cntlid, qid, (int)sizeof(data->hostnqn), data->hostnqn); nvmft_connect_invalid_parameters(qp, cmd, true, offsetof(struct nvmf_fabric_connect_data, cntlid)); From nobody Wed Mar 25 10:53:59 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fgkKz5spWz6W5xT for ; Wed, 25 Mar 2026 10:53:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fgkKz52Csz3MJc for ; Wed, 25 Mar 2026 10:53:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436039; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Q6nT+tpgvmPJcalU6PkLisO2Udt+RlLooPbNlJPG34w=; b=vw9maGb9xyuEha4dA47q1O/EbsLEjnoSyLoJZ3cnfWbQ1vGr8ttx4tJVLfRzO46QxxAuUl Cs0g+gkLaK3O/IdAxVSwBar2EcxrQenasJ7HZccX5s0swWt35CCeVb0DMrczPDbIMBb+IO tkEI3CS7nSy4gXhoFEsyA/FHKhgJVaOrduNpyWz3yldNCpxwlr1khGxjYqlyhkWBtJDRoO tVJNpkEtWeaXaZFYaMg96NOegkL6CmGWcQwV0GyZNLz2APyJ8djmQM1vogldXxAJvF36X4 HuhjOLGgQIWApuKBX39v4PdJroVl3ffpw27vBCWyDl+/n9y80RBm8mg18ZW1Bg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774436039; a=rsa-sha256; cv=none; b=lLYXYumpHZPzIB1zrD1BsQPEQKaE+h/Zljo4QcoKBnDWOySu1Rl8Leixj/7/jczRUTuUxR zzG2MtpqKUf9dfPdPnOj9zeTaKJZheu/Yscds9KHoEHB0yxaRg+9O6HRlEjE89GAyGF3R9 BisWy1d7yCgu9vIuw9sa2Y5Yz2rDp7+I4lmydAK34IhC9LL0qs78f5tmkn8MNIc2fNyf1S hlmZQWvnqvcb7X7UadwLu5gEfZ5rh2Rf1VuIPmKQPCV5zycsFvAGjgqKoMyuVXFXUbtiXb d/Fa5l/xvnJQOv53idtR3lf+8fnHJQ2rCYUeV+X/sdSLs/kSsZxqzB2YwLA3VQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436039; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Q6nT+tpgvmPJcalU6PkLisO2Udt+RlLooPbNlJPG34w=; b=olWVs9Vcp/BIPW/3VG8iA+q85KrwkjTxVyRMPIIQzffJ236fd28rpcKBCwYqnCR7jL0T3B TmHgHFONCMYlXNcn1xNVWIXAxCVKWtH7GlI3DhZR0HaDAMqduGphSTkIY9Z/rqt9jGaiZF Q4EhTgsdCV1ro7JDhu32GNFsoJERc4gZDHtIiLcpe4bMDYaE1BsT4bhCIXpsMryrJzcuNb cmvGzg5kGOdsuyAGp0KvpzV5ovntN+OI955eLUZCNftGmlTs2CkwiEPdoFHmQ/ldvjjLo5 uEpLoCiBzEInltEF8GG5W9MRfkHWIj+OPxkTfx6F28Kl6ERT2gSvPY3G9Vym0g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fgkKz4Vm5z12kH for ; Wed, 25 Mar 2026 10:53:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 36d8c by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 25 Mar 2026 10:53:59 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Michael Gmelin From: Kristof Provost Subject: git: d107424a44b3 - stable/13 - pf: Fix hashing of IP address ranges List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: d107424a44b3fd08078218b22f55feefde3f285f Auto-Submitted: auto-generated Date: Wed, 25 Mar 2026 10:53:59 +0000 Message-Id: <69c3bec7.36d8c.6b1e818d@gitrepo.freebsd.org> The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=d107424a44b3fd08078218b22f55feefde3f285f commit d107424a44b3fd08078218b22f55feefde3f285f Author: Michael Gmelin AuthorDate: 2026-03-12 14:18:09 +0000 Commit: Kristof Provost CommitDate: 2026-03-24 06:13:54 +0000 pf: Fix hashing of IP address ranges This corrects the false detection of duplicate rules. MFC after: 1 week Reviewed by: kp (cherry picked from commit 1fa873c93c8b08561c53107c7b90c53dfad30ddc) --- sys/netpfil/pf/pf_ioctl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index cdb0059a5e0e..1672d212b660 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1045,6 +1045,7 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, addr.v.tblname); break; case PF_ADDR_ADDRMASK: + case PF_ADDR_RANGE: /* XXX ignore af? */ PF_MD5_UPD(pfr, addr.v.a.addr.addr32); PF_MD5_UPD(pfr, addr.v.a.mask.addr32); From nobody Wed Mar 25 10:54:00 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fgkL01zQYz6W4x3 for ; Wed, 25 Mar 2026 10:54:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fgkL0133hz3MMH for ; Wed, 25 Mar 2026 10:54:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436040; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DNAq84qr07U8I5nUnEJo/pynv11fvVC59tEQSqZGl8Y=; b=L3hHdp5j75t0ElsRjzggVncZz0SVOUBnoxR3NdpHzw4SLmR4eeHzm3mS1bmMOKQ20EihVH TsAMuVlNhCkKlzdWuTtg+KWCeJFJQljrdaxcK/ho+YuZGYIMrVotOi9x8rQ3BkxlBq1jOa S1jahP5y41m24Z7uHJ0uuqYzV+VlefbBNDKVo8UXgZmf3ZX11dOJeVGApm0VRhkkLJX2ZI jP9u3nVfHb+kMiN+edWAnMscG6gcJ+vbvTOpy4G470wIhfm/55xIcxt8tIYUhiWb+7TVnT tRi4dGy0bfE8B8J3U3pPecsGBbNNR1TxyxY0W4uydofh1Rkuc0gWhcidL9Zrjw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774436040; a=rsa-sha256; cv=none; b=fqwlshPkAm5mzTD5RYqDB5KMeQTyF8UCorqg5NifYvDRS5bJScb3YdhnAqKzJtDBprVFSq /XHd5cxVqttJF9agF6nRo16UffbIIKWG9cnPgX9hyNMSZMFmP4aJJEptHmpFdYuzqCg9Et 0De3PwOnWbI7LmOFtLZ10pcBL03fBRujPs1Y291Mge1K3oaNSz93/1E7b0uRoPi+gj4yLD oAUP7/E8Chmr2YcQZihdBscS4eB9W8yil6GoATUaOMkqokpVxStkjq3Yd9DzXpmKxHKZA4 b8ghQ4v1K6imFkA1es7WkM+WqBlsABwsYsuqEzqb/cE343dHW9bGubC6THfMyA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436040; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DNAq84qr07U8I5nUnEJo/pynv11fvVC59tEQSqZGl8Y=; b=AM4hNyouapcIUmO/ruFZhLaBxMtJ6PYaPL1ioJkAqbQ573GGgXNLnsOmfh26HSw2BsRn9S Dy+/ryLBQTxK79oYaMRvnkrsgKdyeXzY9zRFcNFuSG4mOkCR5x4Ao2PxMDrimOJ8uyw/FR BcQzILR3nz16/xIHrH9ZgcNFyX3hqmtCxGf8CksYloob01JspRVKeha/J/iUKIJUwMbAlK jFhBUV1Bt8RNvrCgdJVkK9s4nASlFhDUExZwWX+NSsRo0UnhWBDjHpDqgJaeLWE/+wVgYn m7OsWS7GX0D/wz9PwWvDveJeN20U0QT2veFRr4mRnB9NchxZ5QdpA3LTg0aszw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fgkL00dtPz12N2 for ; Wed, 25 Mar 2026 10:54:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 35cc8 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 25 Mar 2026 10:54:00 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 4e007734ff8e - stable/15 - pf tests: verify that we handle address range rules correctly List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 4e007734ff8e56eafb457986074206877b49df6e Auto-Submitted: auto-generated Date: Wed, 25 Mar 2026 10:54:00 +0000 Message-Id: <69c3bec8.35cc8.6b40d339@gitrepo.freebsd.org> The branch stable/15 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=4e007734ff8e56eafb457986074206877b49df6e commit 4e007734ff8e56eafb457986074206877b49df6e Author: Kristof Provost AuthorDate: 2026-03-12 14:23:32 +0000 Commit: Kristof Provost CommitDate: 2026-03-25 07:11:57 +0000 pf tests: verify that we handle address range rules correctly There's been a problem where rules which differed only in address ranges were considered duplicates and not added. Test for this. MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit ab74151e8d097b263237942c0b12277098bc9533) --- tests/sys/netpfil/pf/pass_block.sh | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/tests/sys/netpfil/pf/pass_block.sh b/tests/sys/netpfil/pf/pass_block.sh index e955068d014b..f6d973de7cf4 100644 --- a/tests/sys/netpfil/pf/pass_block.sh +++ b/tests/sys/netpfil/pf/pass_block.sh @@ -451,6 +451,43 @@ any_if_cleanup() pft_cleanup } +atf_test_case "addr_range" "cleanup" +addr_range_head() +{ + atf_set descr 'Test rulesets with multiple address ranges' + atf_set require.user root +} + +addr_range_body() +{ + pft_init + + epair=$(vnet_mkepair) + ifconfig ${epair}b 192.0.2.2/24 up + + vnet_mkjail alcatraz ${epair}a + jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up + + # Sanity check + atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1 + + jexec alcatraz pfctl -e + pft_set_rules alcatraz \ + "block" \ + "pass inet from any to 10.100.100.1 - 10.100.100.20" \ + "pass inet from any to 192.0.2.1 - 192.0.2.10" + +jexec alcatraz pfctl -sr -vv + + atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1 +jexec alcatraz pfctl -sr -vv +} + +addr_range_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "enable_disable" @@ -462,4 +499,5 @@ atf_init_test_cases() atf_add_test_case "received_on" atf_add_test_case "optimize_any" atf_add_test_case "any_if" + atf_add_test_case "addr_range" } From nobody Wed Mar 25 10:54:00 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fgkL10ZPNz6W5cD for ; Wed, 25 Mar 2026 10:54:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fgkL05XpHz3MP0 for ; Wed, 25 Mar 2026 10:54:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436040; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Snas7YmGPdQI1ar4pMHLmr+yBiN1aSEAy9tjH1JHsC8=; b=qDo1UmdcpVaV5lGu9fq9Q2Hz8vw+z1jrgvo32XNB31bWljcwkBLdWu4/bLct5U6dNrEWtH AuBPhtEs+Fpn6P2qTQwrOgT0aW9QVqJeZhiKvpZYHCJcgEAlWBV2GItx0iDW2fcIKKmmjR wZ0QcXkUqrEIxTwJJBRB40PDtNtScF7UNDcIFTu74UnuZZcj1mq4TX6RIWcSUoE8hYvoDu 8vlEhkaBraVWpQh5ZzkjaKXsykEf6H8Pp27gJWZDgfAW8uCaVUnUO9ID583tTfTXt2TfTf wVIOzE5hq5w5ZoBctrW18cPJZuxAgYiDTmTPAhhNnHXFMrKggVls/yCw8r0Rpw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774436040; a=rsa-sha256; cv=none; b=N52vyaLbPOWgjFBeELWDTmle4iFQ/mNzaKfSue54Hh9yz8t1EBzQD5zYFQFnCdNURQzsDo Il8YYd7DCf8Lw4X0ppBCFtsU5RRk726pciM4S51ZYSz9v+1+vMW2U2UyVjgp8v9ldJi4x9 oK70apNFjgH6Sf6vCYm2bZRn2L7GMcABWEkvkMCIf9cm45yH2twmmdhODmEvUwZg9BXKs6 I5YlIwFRBqGKFz4isZ4JRcIYZqpGQ4mSxCZ8BNgsedQPBZNYfdAG2AmEik6+CIkfnxMD/l N7PfN8vL5NyryIWdqopTHc9MpnYipH/4v/hJxSLFUlo4rr1ot4DghDAKkWfO7A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436040; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Snas7YmGPdQI1ar4pMHLmr+yBiN1aSEAy9tjH1JHsC8=; b=qpDy3wknzxRNjdkkhEXHvhK2O/5atQlkSDS07tl+HAA7ngn7mnqpM2OFCxln240fMk/UsA nAn45K2SOpziNhDdng0VTMCj4ye1fLEfa+uXa6iZSN9aEcw0dNZSKYA8+AAptmYApLIyJM iDn0THCKtobsWrfe9obvbBq1ZLfuxWkQGwaEBNSyRshK9AVlhWZMbG01ivVd4wwVEDThQb YsSERJodbwORQF8PG7x6Y+0OP6zmhAacfLjMfo2n0i1/xZhzSPwh3Qdc5ZirVCWXRNeMQG dfPQSnyLPnd9pG91799cN6GeYkykMd79b6UFlVC76NvP8HSNPdU+z5LvUNCJPg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fgkL057rqz12hV for ; Wed, 25 Mar 2026 10:54:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 36239 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 25 Mar 2026 10:54:00 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 6666b2a0e7c2 - stable/13 - pf tests: verify that we handle address range rules correctly List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 6666b2a0e7c26e9e0d913955765c7eb252c1b10a Auto-Submitted: auto-generated Date: Wed, 25 Mar 2026 10:54:00 +0000 Message-Id: <69c3bec8.36239.1573e710@gitrepo.freebsd.org> The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=6666b2a0e7c26e9e0d913955765c7eb252c1b10a commit 6666b2a0e7c26e9e0d913955765c7eb252c1b10a Author: Kristof Provost AuthorDate: 2026-03-12 14:23:32 +0000 Commit: Kristof Provost CommitDate: 2026-03-24 06:15:01 +0000 pf tests: verify that we handle address range rules correctly There's been a problem where rules which differed only in address ranges were considered duplicates and not added. Test for this. MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit ab74151e8d097b263237942c0b12277098bc9533) --- tests/sys/netpfil/pf/pass_block.sh | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/tests/sys/netpfil/pf/pass_block.sh b/tests/sys/netpfil/pf/pass_block.sh index 792b73b4a0a5..b91ba7f9ee68 100644 --- a/tests/sys/netpfil/pf/pass_block.sh +++ b/tests/sys/netpfil/pf/pass_block.sh @@ -255,6 +255,43 @@ urpf_cleanup() pft_cleanup } +atf_test_case "addr_range" "cleanup" +addr_range_head() +{ + atf_set descr 'Test rulesets with multiple address ranges' + atf_set require.user root +} + +addr_range_body() +{ + pft_init + + epair=$(vnet_mkepair) + ifconfig ${epair}b 192.0.2.2/24 up + + vnet_mkjail alcatraz ${epair}a + jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up + + # Sanity check + atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1 + + jexec alcatraz pfctl -e + pft_set_rules alcatraz \ + "block" \ + "pass inet from any to 10.100.100.1 - 10.100.100.20" \ + "pass inet from any to 192.0.2.1 - 192.0.2.10" + +jexec alcatraz pfctl -sr -vv + + atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1 +jexec alcatraz pfctl -sr -vv +} + +addr_range_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "v4" @@ -262,4 +299,5 @@ atf_init_test_cases() atf_add_test_case "noalias" atf_add_test_case "nested_inline" atf_add_test_case "urpf" + atf_add_test_case "addr_range" } From nobody Wed Mar 25 10:54:00 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fgkL10qrxz6W5vV for ; Wed, 25 Mar 2026 10:54:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fgkL06vcbz3MZn for ; Wed, 25 Mar 2026 10:54:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436041; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NvqiNNr5PVFrLwyD7MainJ/hR2ejPDS74qRL7m7b8xU=; b=MUizX0Us8fN6yUFqbomOwlEsg4WWlIHZ1TDXtz3JAhIZvsXhxq9RT3AmAkvcDCow2lhSzr lUZvfeFl+qL9XWYYzdoMDe/PlS2dP3cYjZo5kUCoj96N2wlnbPa0E9Wy5aA/psfyN+9jyQ 5RxFtTgP4M9ELieFBm5Xn31tNKRRisYO0gXn0Uky5l5loQHwtFpH45NHIH3tx2kptWtpND 22IR4pMZ9nzUj9fnDBNEQoQMcXgMa5iLyT8eBUvOYSDbhASuSDiiOlL9bGsw902fNonhfK MlXohvbuQVpZDCVPJ7l+MYfFi4VTrBuorvWOOusJ/ED9HtAfkLLO/zcui34tvA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774436041; a=rsa-sha256; cv=none; b=i3zs0saH3k7xTypMOl6706xNEpzq9wOCENwcXwOpDMFTQnqgRg07CBC17iaQP64e16EDy2 0cZrcZx0rQihbEJ1y2Yvfb60NQViOwFQJ0/4lKfDaKwtXFeTgwIvvkt4ND4maJAYdKa6hG ZuDOU/2JmLn+hNYXGJDE1peJSo63q749QoLCm1kaStdMbZI5VZrpHIGdqDJyl5kt2UYoOI IpBiRZpR+kvrIBXG8x4IAgdvQQxj0bvqVvU5hAUIxibCJPiyEh1Ft6iM9csj4TaYvO3uJl W23KGRI+5MjcJYA4X+mp/JE47DzQKSZA2UyAguJajDIluDv3KglUsdf4pdS2Ew== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436041; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NvqiNNr5PVFrLwyD7MainJ/hR2ejPDS74qRL7m7b8xU=; b=Y2mIeYbZ9r2zolY1URXrfeFTOPtpCai+Cq+sKoAQMA/XHZYgqmpaCGV2jVYwcCjTY4uxBY WJelNBg2H1ZIyFHnOnuqf5WAU0rVtj6ZK+hYoBrFO8CDWqyKFBfk3+ZbHLadnxeTMqdYnu Fj9ClYKo9c+wMeWDOR1VsqMQBiWGW/YuIKBWCZK0wkjjmjIzFA9Nggz9Ej5R4qg7BL7xWl WaFhPGgO+YVN2BE1p9CoygYmp0orj8ewea28A53AF6zRnxEm7KJaZxJ3UbO5d3sbivfpMS VHsBM7lnt7tDknai/SNhe3dWN2OQ32zmzo/Fq+3JTD1uHzVvT6XD/taYAwDgOw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fgkL06BwLz12GL for ; Wed, 25 Mar 2026 10:54:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3632b by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 25 Mar 2026 10:54:00 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Michael Gmelin From: Kristof Provost Subject: git: ac6bb58a715e - stable/14 - pf: Fix hashing of IP address ranges List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: ac6bb58a715eaf0afb7a80dc87083f9819e10ac1 Auto-Submitted: auto-generated Date: Wed, 25 Mar 2026 10:54:00 +0000 Message-Id: <69c3bec8.3632b.2de2b126@gitrepo.freebsd.org> The branch stable/14 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=ac6bb58a715eaf0afb7a80dc87083f9819e10ac1 commit ac6bb58a715eaf0afb7a80dc87083f9819e10ac1 Author: Michael Gmelin AuthorDate: 2026-03-12 14:18:09 +0000 Commit: Kristof Provost CommitDate: 2026-03-25 09:58:27 +0000 pf: Fix hashing of IP address ranges This corrects the false detection of duplicate rules. MFC after: 1 week Reviewed by: kp (cherry picked from commit 1fa873c93c8b08561c53107c7b90c53dfad30ddc) --- sys/netpfil/pf/pf_ioctl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 663612305f1f..1fff0667aa1a 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1264,6 +1264,7 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, addr.v.tblname); break; case PF_ADDR_ADDRMASK: + case PF_ADDR_RANGE: /* XXX ignore af? */ PF_MD5_UPD(pfr, addr.v.a.addr.addr32); PF_MD5_UPD(pfr, addr.v.a.mask.addr32); From nobody Wed Mar 25 10:54:01 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fgkL13mNzz6W4x7 for ; Wed, 25 Mar 2026 10:54:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fgkL11wFDz3MGM for ; Wed, 25 Mar 2026 10:54:01 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436041; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rwsoGIgrfnsk+OJelOt/ObUiYMtecABBE9IwFATXrXY=; b=AjaRE4iHl90wlRsD3E4VVUDAs1/UIXBudZAjXyE6winrfENplWnzMomhxiGW6um04Xugwd OzH6k9DSsPEd74aDWpHTz6OySulTHy37XuF11L2W4rNLjqdT7zDxgqETEEJxl0cN+0fGMi pETI9o8ld8Gjqbl9/CbfqC4Vifx4k1gJPLFVYT6qDcsL8yzAqv5QqE639iRu6Ku3cqyebu hWcYfvBjnVdyww5fn+N9TqLa7Bom0sAIHk+lj+blYGwDKXaajPF1JQ4UK3WxyBihWY9ryl pwiEJN53gplRWQ9WBCBLM4RpGolWR2/qD9yq1i++3s4GhZULba+LI4SRzowSew== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774436041; a=rsa-sha256; cv=none; b=WSP/QxbgZYZCzgr+mD1BGiG6YlE3KlrJavJgf1tixTMGHMGUOCBK2AQwa+0XNDu0EqReGL YdPCvILb/vyhk1sUKRNHf6Hwzeec3IADAXTf6Pm2M6XMK01R23bh7ej0HOAveDVgUCeeM8 ZPwamftE0VDZ4QU54QtWpRZaBaay78u2BqGxe2ONky3XFRrH8O6oG8eT1qUMb/AP4+lMFc RwMRnFOWsigelkOqI1sWTD+brkUEl//x6JgpHOuguu+9J/8psUSdICiHS6Wxc3EJ26a803 BIuit/9WVscNwneGNgiYWuo9P7atCfR8nEBi1TgRlVTQ2JUJYZuBAKdi5xu71g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436041; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rwsoGIgrfnsk+OJelOt/ObUiYMtecABBE9IwFATXrXY=; b=w5T9p+XvY/590NY5iO059fNgxRBFLBTFbo7JaraOPip4rhP0b20h8jxqxv7ez/fNXAiWsj MCekCWLVysNkZJpQnSehTWXJwp6lOky0HnjB5m4pALT/6ttyXFUMKP2RDO7FeE6nASmg/h OGX2eDXWyFIM4/wYpDtv/Ve9t+Opvg95DDbNZYNgVfS/fJkEpFKcO6YaFmuyV1eebu1A4D yZNNoF5fmyJFYmKzWht8bLuXn/jMXHRvLGueD0cDdBM2lISv0z8dzjC1kLq8DqFV8wpm2L ZPg1J3+vlPt9FxOdUl457R3hYWOnEsL9XlW0UPJ0TQgahtf12FVDy7eGmcOj2A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fgkL11Rh4z12mP for ; Wed, 25 Mar 2026 10:54:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 35ccc by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 25 Mar 2026 10:54:01 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: e224b9b867f4 - stable/15 - pfctl: always warn if a duplicate rule was detected List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: e224b9b867f4e7de959afaa63d56672e13d7c454 Auto-Submitted: auto-generated Date: Wed, 25 Mar 2026 10:54:01 +0000 Message-Id: <69c3bec9.35ccc.60c2adc2@gitrepo.freebsd.org> The branch stable/15 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=e224b9b867f4e7de959afaa63d56672e13d7c454 commit e224b9b867f4e7de959afaa63d56672e13d7c454 Author: Kristof Provost AuthorDate: 2026-03-12 14:24:42 +0000 Commit: Kristof Provost CommitDate: 2026-03-25 07:11:58 +0000 pfctl: always warn if a duplicate rule was detected MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 66d66dd0f6f83926980fc1d68dd366c0057350c5) --- sbin/pfctl/pfctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index a9839304d0c7..7865467f2ea8 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -2189,13 +2189,13 @@ pfctl_load_rule(struct pfctl *pf, char *path, struct pfctl_rule *r, int depth) } } - if (pf->opts & PF_OPT_VERBOSE) { + if (pf->opts & PF_OPT_VERBOSE || was_present) { INDENT(depth, !(pf->opts & PF_OPT_VERBOSE2)); print_rule(r, name, pf->opts & PF_OPT_VERBOSE2, pf->opts & PF_OPT_NUMERIC); if (was_present) - printf(" -- rule was already present"); + printf(" -- rule was already present\n"); } path[len] = '\0'; pfctl_clear_pool(&r->rdr); From nobody Wed Mar 25 10:54:01 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fgkL24w6Bz6W5jb for ; Wed, 25 Mar 2026 10:54:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fgkL22lTSz3MZx for ; Wed, 25 Mar 2026 10:54:02 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436042; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tjm4ScYbZu/4fwfFAXGlhuHv2lck8I8u9cFLXkJEKMM=; b=vnzYCDf3OKEET6F4BtE4Me1w6ZvzpEpR3J/07Dqf4FmpagSacC843enSKWJGtjohEjzygx l/iJvStFFpvOx51sCyCV7yKxLgiwNBHf8JtdHzMpoe3Q2FG1G/pESTghNRw+yQYAmqFZxW p7+qzOzAuHEGTIIf/8rnNnKTjqSLLKHTSwXwUMOK/2dJr/j2bhyFAczJ/f0s+LdZo44Ahp efUe9WLTJ/+rhcjVE5rKXhEOHd6pYHIyQ5QXjW+9PEsuWcPKKY4it6wLY1e1XXhoEtgOaX NCEnZnEClq+hg5HQahOlxFkRiXmddubyAXHSMfAlqVfwP6Lnn47pPEcWEsvBBw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774436042; a=rsa-sha256; cv=none; b=E3qiRsFRiZRNeva/QBqzmfREPE06lMOEJgc4Qpvx8t5CB4ncRvnlvtVkk2eH9eOo6GeHbd gvao1BFUf+/cBr5UhMkvUo+jZQCJSn/6iIrNWU++8oLEjkp/xrL4KL12b4S3jrnHrVWNKD 5LDfJBikjACXrVHb9WqvoD5EWrKQuteHuuohwLpHU8s3NX8pHmgCud7KXVq3YoEzH23EJV 2FedV6QAjUM818s83+npdrU2AFPO6Td9NsNsNOJ32HCf9pdoEydjLj6bLN68ILb8UGvaCP 1oeWRhCFlZeGxeiVfeDi3aT5O/5DM6YLms9eJ0lYoxA2d7GadnLwvfDxL7YUfQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436042; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tjm4ScYbZu/4fwfFAXGlhuHv2lck8I8u9cFLXkJEKMM=; b=bGqH0YKO6KfsVEbpDJzqxIFwFdtJfE3DplCOw0BtXyP78VDm1Dg4XoJUbnrTT9FxRoLy47 /dT1RaXU6CHbN88LEnDfDGo29UWHj8fIwJ/0iL1Eg/2WMfQ+8lTfR4ecrut1sUtI32ARPP NTBUitT8YR58+fsMiXnnpHgJGMP6niPLOKdCMjHFXiCa5vK6aQQZfCGY2AK4mg/ywuyZZb 8ArFNORPa9U28jd2R43pdq48qvwzcGP0zsX/VktkCz8+wzctps+YBkzCvZUOKihrWMnMxd Z61hITKfb3kNlJ86+2iYtaSfnH4AxA3XbPnyf1DBiyCZRt8g7ciHmElP40VWbg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fgkL1747Pz12N3 for ; Wed, 25 Mar 2026 10:54:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 370b0 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 25 Mar 2026 10:54:01 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 958dbc87e9c5 - stable/14 - pf tests: verify that we handle address range rules correctly List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 958dbc87e9c59a2e9f83d84115ce03fb96e9b249 Auto-Submitted: auto-generated Date: Wed, 25 Mar 2026 10:54:01 +0000 Message-Id: <69c3bec9.370b0.52fea7da@gitrepo.freebsd.org> The branch stable/14 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=958dbc87e9c59a2e9f83d84115ce03fb96e9b249 commit 958dbc87e9c59a2e9f83d84115ce03fb96e9b249 Author: Kristof Provost AuthorDate: 2026-03-12 14:23:32 +0000 Commit: Kristof Provost CommitDate: 2026-03-25 09:58:27 +0000 pf tests: verify that we handle address range rules correctly There's been a problem where rules which differed only in address ranges were considered duplicates and not added. Test for this. MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit ab74151e8d097b263237942c0b12277098bc9533) --- tests/sys/netpfil/pf/pass_block.sh | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/tests/sys/netpfil/pf/pass_block.sh b/tests/sys/netpfil/pf/pass_block.sh index 792b73b4a0a5..b91ba7f9ee68 100644 --- a/tests/sys/netpfil/pf/pass_block.sh +++ b/tests/sys/netpfil/pf/pass_block.sh @@ -255,6 +255,43 @@ urpf_cleanup() pft_cleanup } +atf_test_case "addr_range" "cleanup" +addr_range_head() +{ + atf_set descr 'Test rulesets with multiple address ranges' + atf_set require.user root +} + +addr_range_body() +{ + pft_init + + epair=$(vnet_mkepair) + ifconfig ${epair}b 192.0.2.2/24 up + + vnet_mkjail alcatraz ${epair}a + jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up + + # Sanity check + atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1 + + jexec alcatraz pfctl -e + pft_set_rules alcatraz \ + "block" \ + "pass inet from any to 10.100.100.1 - 10.100.100.20" \ + "pass inet from any to 192.0.2.1 - 192.0.2.10" + +jexec alcatraz pfctl -sr -vv + + atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1 +jexec alcatraz pfctl -sr -vv +} + +addr_range_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "v4" @@ -262,4 +299,5 @@ atf_init_test_cases() atf_add_test_case "noalias" atf_add_test_case "nested_inline" atf_add_test_case "urpf" + atf_add_test_case "addr_range" } From nobody Wed Mar 25 10:54:02 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fgkL24vg6z6W5jZ for ; Wed, 25 Mar 2026 10:54:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fgkL23LSJz3MGV for ; Wed, 25 Mar 2026 10:54:02 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436042; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2dU2Mg1S5ldvFCUMIKV7RZ4zUgV+EgaXp3EHvI96nes=; b=B30vkBAY7CJbMMKOAck/hGZnswNE8w+IuDw/1bx5Np7JLC6wxF9chhTpEzUQJ12RYia1Jo qXxtX4PCqKAHCIYV0K6vzTn/hS9P7VFbIJh82maLG3fMMp1XA/HYHMEvhZh+zYIXkdyEOy 6KIdItToVcaz4+adgO2LgjQiX1p7RqnCKQd5AVca3xNA/FJqEtOL93hPJupA29PUoHP2tu ls53YPNni9t0bOnE3PvPcbwIux7vFeI7uZHBEVXONoxjch9cYvEDkSDNqk/1UDqQoKkurn 6dswiGXARUxUpdqTP1l1rNHktZvifbJMJL0nqZ+jr7EnbANoQrcwH2rayyhhYg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774436042; a=rsa-sha256; cv=none; b=m4jiSCn+NkHOiCdRJ/2b1p9xYA6XWVFibfcJkbidLtNKute5Kv+MQMldS9bbf7HJORzUTn 71JXSQd2wyL7q+HuB6S91eM7Wifa/DbwtX9aznIhZbTADaSfBWkwbEkMbEOhNYLwazQPlS 4SKs6oDuY2iv4jHbVacO3cT7SWunJ2hJjg8UOl5lAMsj5Sk+56nvsr5ZA6v0CMQ0ksxhE4 ddDCE1faTEIRmHT8JLo+QzRTy64kwFyVK7vQOr6Fh33nu3hZgN8Yg88QA2XcmzB2hc4+GN ixYP0I5KEfftM/IGDtJunI0I9sUKk6H1jBCiHn603+S/kPJUZxMXM9B8er7qAQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436042; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2dU2Mg1S5ldvFCUMIKV7RZ4zUgV+EgaXp3EHvI96nes=; b=e78xA564sZpjztlPIHdlCXTn9ScfOEDEw2MrT/HaX1rTCCyBn4XyfbxvRWBass4hpTAj+U lF30OxZhy/sPv6sigryqnv9ZIZZddKjLov6vxf4XX5J6AgNKT8pHrHkq77/qyts9yPGjO7 CVL8t+l9APotY34Jk+scGY8vq0sitvu+rIWKSk65oyQYWFIg9LcJPH4D00ht+IMCMWM4H1 FLkuiiMkqBbFtEgKVNIBbUOcpMA1o6bz11LmXEbdbhtD9hRB/70VFd/utSFaV+AyeOverT XUixI8b8F7okv5EDcA2u9alsbyIrx7uCSBs8t/isc1oAZkt6Xay22SCNqD14RQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fgkL22Dvhz12kQ for ; Wed, 25 Mar 2026 10:54:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 35cd0 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 25 Mar 2026 10:54:02 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 4311217a039c - stable/15 - pf: include all elements when hashing rules List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 4311217a039cd6a09882fa7362021a1fb96c4939 Auto-Submitted: auto-generated Date: Wed, 25 Mar 2026 10:54:02 +0000 Message-Id: <69c3beca.35cd0.3d6da37c@gitrepo.freebsd.org> The branch stable/15 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=4311217a039cd6a09882fa7362021a1fb96c4939 commit 4311217a039cd6a09882fa7362021a1fb96c4939 Author: Kristof Provost AuthorDate: 2026-03-19 07:21:51 +0000 Commit: Kristof Provost CommitDate: 2026-03-25 07:11:58 +0000 pf: include all elements when hashing rules MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit c6bcf6e6fd507d952a48226b51cc161b8ef972a2) --- sys/netpfil/pf/pf_ioctl.c | 102 ++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 93 insertions(+), 9 deletions(-) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 915a09a05297..e4f52931e713 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1355,6 +1355,13 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, addr.v.a.addr.addr32); PF_MD5_UPD(pfr, addr.v.a.mask.addr32); break; + case PF_ADDR_NONE: + case PF_ADDR_NOROUTE: + case PF_ADDR_URPFFAILED: + /* These do not use any address data. */ + break; + default: + panic("Unknown address type %d", pfr->addr.type); } PF_MD5_UPD(pfr, port[0]); @@ -1363,6 +1370,30 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, port_op); } +static void +pf_hash_pool(MD5_CTX *ctx, struct pf_kpool *pool) +{ + uint16_t x; + int y; + + if (pool->cur) { + PF_MD5_UPD(pool, cur->addr); + PF_MD5_UPD_STR(pool, cur->ifname); + PF_MD5_UPD(pool, cur->af); + } + PF_MD5_UPD(pool, key); + PF_MD5_UPD(pool, counter); + + PF_MD5_UPD(pool, mape.offset); + PF_MD5_UPD(pool, mape.psidlen); + PF_MD5_UPD_HTONS(pool, mape.psid, x); + PF_MD5_UPD_HTONL(pool, tblidx, y); + PF_MD5_UPD_HTONS(pool, proxy_port[0], x); + PF_MD5_UPD_HTONS(pool, proxy_port[1], x); + PF_MD5_UPD(pool, opts); + PF_MD5_UPD(pool, ipv6_nexthop_af); +} + static void pf_hash_rule_rolling(MD5_CTX *ctx, struct pf_krule *rule) { @@ -1373,39 +1404,92 @@ pf_hash_rule_rolling(MD5_CTX *ctx, struct pf_krule *rule) pf_hash_rule_addr(ctx, &rule->dst); for (int i = 0; i < PF_RULE_MAX_LABEL_COUNT; i++) PF_MD5_UPD_STR(rule, label[i]); + PF_MD5_UPD_HTONL(rule, ridentifier, y); PF_MD5_UPD_STR(rule, ifname); PF_MD5_UPD_STR(rule, rcv_ifname); + PF_MD5_UPD_STR(rule, qname); + PF_MD5_UPD_STR(rule, pqname); + PF_MD5_UPD_STR(rule, tagname); PF_MD5_UPD_STR(rule, match_tagname); - PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */ + + PF_MD5_UPD_STR(rule, overload_tblname); + + pf_hash_pool(ctx, &rule->nat); + pf_hash_pool(ctx, &rule->rdr); + pf_hash_pool(ctx, &rule->route); + PF_MD5_UPD_HTONL(rule, pktrate.limit, y); + PF_MD5_UPD_HTONL(rule, pktrate.seconds, y); + PF_MD5_UPD_HTONL(rule, os_fingerprint, y); + + PF_MD5_UPD_HTONL(rule, rtableid, y); + for (int i = 0; i < PFTM_MAX; i++) + PF_MD5_UPD_HTONL(rule, timeout[i], y); + PF_MD5_UPD_HTONL(rule, max_states, y); + PF_MD5_UPD_HTONL(rule, max_src_nodes, y); + PF_MD5_UPD_HTONL(rule, max_src_states, y); + PF_MD5_UPD_HTONL(rule, max_src_conn, y); + PF_MD5_UPD_HTONL(rule, max_src_conn_rate.limit, y); + PF_MD5_UPD_HTONL(rule, max_src_conn_rate.seconds, y); + PF_MD5_UPD_HTONS(rule, max_pkt_size, y); + PF_MD5_UPD_HTONS(rule, qid, x); + PF_MD5_UPD_HTONS(rule, pqid, x); + PF_MD5_UPD_HTONS(rule, dnpipe, x); + PF_MD5_UPD_HTONS(rule, dnrpipe, x); + PF_MD5_UPD_HTONL(rule, free_flags, y); PF_MD5_UPD_HTONL(rule, prob, y); + + PF_MD5_UPD_HTONS(rule, return_icmp, x); + PF_MD5_UPD_HTONS(rule, return_icmp6, x); + PF_MD5_UPD_HTONS(rule, max_mss, x); + PF_MD5_UPD_HTONS(rule, tag, x); /* dup? */ + PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */ + PF_MD5_UPD_HTONS(rule, scrub_flags, x); + + PF_MD5_UPD(rule, uid.op); PF_MD5_UPD_HTONL(rule, uid.uid[0], y); PF_MD5_UPD_HTONL(rule, uid.uid[1], y); - PF_MD5_UPD(rule, uid.op); + PF_MD5_UPD(rule, gid.op); PF_MD5_UPD_HTONL(rule, gid.gid[0], y); PF_MD5_UPD_HTONL(rule, gid.gid[1], y); - PF_MD5_UPD(rule, gid.op); + PF_MD5_UPD_HTONL(rule, rule_flag, y); + PF_MD5_UPD_HTONL(rule, rule_ref, y); PF_MD5_UPD(rule, action); PF_MD5_UPD(rule, direction); - PF_MD5_UPD(rule, af); + PF_MD5_UPD(rule, log); + PF_MD5_UPD(rule, logif); PF_MD5_UPD(rule, quick); PF_MD5_UPD(rule, ifnot); - PF_MD5_UPD(rule, rcvifnot); PF_MD5_UPD(rule, match_tag_not); PF_MD5_UPD(rule, natpass); + PF_MD5_UPD(rule, keep_state); + PF_MD5_UPD(rule, af); PF_MD5_UPD(rule, proto); - PF_MD5_UPD(rule, type); - PF_MD5_UPD(rule, code); + PF_MD5_UPD_HTONS(rule, type, x); + PF_MD5_UPD_HTONS(rule, code, x); PF_MD5_UPD(rule, flags); PF_MD5_UPD(rule, flagset); + PF_MD5_UPD(rule, min_ttl); PF_MD5_UPD(rule, allow_opts); PF_MD5_UPD(rule, rt); + PF_MD5_UPD(rule, return_ttl); PF_MD5_UPD(rule, tos); - PF_MD5_UPD(rule, scrub_flags); - PF_MD5_UPD(rule, min_ttl); PF_MD5_UPD(rule, set_tos); + PF_MD5_UPD(rule, anchor_relative); + PF_MD5_UPD(rule, anchor_wildcard); + + PF_MD5_UPD(rule, flush); + PF_MD5_UPD(rule, prio); + PF_MD5_UPD(rule, set_prio[0]); + PF_MD5_UPD(rule, set_prio[1]); + PF_MD5_UPD(rule, naf); + PF_MD5_UPD(rule, rcvifnot); + + PF_MD5_UPD(rule, divert.addr); + PF_MD5_UPD_HTONS(rule, divert.port, x); + if (rule->anchor != NULL) PF_MD5_UPD_STR(rule, anchor->path); } From nobody Wed Mar 25 10:54:01 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fgkL2225Kz6W5WY for ; Wed, 25 Mar 2026 10:54:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fgkL16N3xz3MJj for ; Wed, 25 Mar 2026 10:54:01 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436041; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=P3Cbbc+9jBh6AL8bLBbu/fQDsya67v1ZywejCGkvS+0=; b=I0yPm0efN73cOe7dUFzL6orjzp2csm/NzkT0SCqCfs09EdaETkGXsZ9KpE5Se06yZeCsSI osDccJgJwTVs7xXb5f2Pcj+qR5XxemCy3HsV+u1AA6ncU8OgzxAlozMB820lt6o0jA0xiF KIslqywxnXkunYdFgAl+GKt16NkBgM7L5nF7D5Yi1XxUIJPvEQpwjsVdW2Mi3ry8gY0dMT jKwMbMNPeEt2zlPxKmp5Y70G9T1zEjWFwUMtKrUc6Cvd+UQuLFAze7GgaaNB9QTjod/XRX As76iMIWOGPIcU6pcN9OrwHHQ7U14eoo4YJCdVGQu7D5gQjeU10Muzyx5EMZWA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774436041; a=rsa-sha256; cv=none; b=hU5WZZEvwAe7aKhPv4mM6SarG7gTqUqSwP4OvEEmvkL/nNO5X3SgLhgSx0gOKAfcP8Q1TR Uf9Br9UxNyeH6LLFN8ndAsJnzYfIuhxyPBl6/NgnM2N0WdNG0Erg4oiayVtFNEkzJTx3Qf U+Gqhl70kh859WOu/8BqhAkQoCFZ2H4kA0tYo4B4TnFBVpVqP07lt4VRY8K8JHQcM2qiXs TCFkGT5AZHj+aNPnsTejXHl9zoNjxE4c1QjmxzgGFxOt34dOqXoZqXVxbRg2UXHpKHxQ5a vy+x52MggJquyVgPFaMvCWbtRigXzIkLT6wDJS01JBhznx8ZEnUq5DAdHFuwkw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436041; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=P3Cbbc+9jBh6AL8bLBbu/fQDsya67v1ZywejCGkvS+0=; b=VXqe0dNUFBZ6zzuk7opFt2Ktk0+CbqrzXPPY50AF7bi+n6X0eVaq8lPaJp2Tp5tMsm4izJ SOWEwtIhceWXSeZglW1ZgIVw4liRVOD2zQO7ZgMTLE5owTQMsXsxoOH/S/VT5yY8wj71NF oNISCxsbk9S67WcjNtzOuQQPZazBH0s2PUFQrkb0qcN9eexX/rpJZ4gvMJXwzYK/8mXiUz FHxU4ZTF4n09Lu68Zmw/1ug4mMPddBguzpTyzKq5lhUErAaj+Lo/Sa3V/+qwpRpvvCcKcB qlCv8z17vbIa29dEoAGGfFpXIF4yLAafR4TRCyGSlnUoilncyBKlLJ1jIdBPDQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fgkL15xgYz12kN for ; Wed, 25 Mar 2026 10:54:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 36b6c by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 25 Mar 2026 10:54:01 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 536751cb4e15 - stable/13 - pf: include all elements when hashing rules List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 536751cb4e159b7957e2b63ba44924b2f7f8e5cc Auto-Submitted: auto-generated Date: Wed, 25 Mar 2026 10:54:01 +0000 Message-Id: <69c3bec9.36b6c.6ec1b10d@gitrepo.freebsd.org> The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=536751cb4e159b7957e2b63ba44924b2f7f8e5cc commit 536751cb4e159b7957e2b63ba44924b2f7f8e5cc Author: Kristof Provost AuthorDate: 2026-03-19 07:21:51 +0000 Commit: Kristof Provost CommitDate: 2026-03-25 07:12:49 +0000 pf: include all elements when hashing rules MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit c6bcf6e6fd507d952a48226b51cc161b8ef972a2) --- sys/netpfil/pf/pf_ioctl.c | 90 +++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 84 insertions(+), 6 deletions(-) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 1672d212b660..91136527b126 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1050,6 +1050,12 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, addr.v.a.addr.addr32); PF_MD5_UPD(pfr, addr.v.a.mask.addr32); break; + case PF_ADDR_NOROUTE: + case PF_ADDR_URPFFAILED: + /* These do not use any address data. */ + break; + default: + panic("Unknown address type %d", pfr->addr.type); } PF_MD5_UPD(pfr, port[0]); @@ -1058,6 +1064,28 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, port_op); } +static void +pf_hash_pool(MD5_CTX *ctx, struct pf_kpool *pool) +{ + uint16_t x; + int y; + + if (pool->cur) { + PF_MD5_UPD(pool, cur->addr); + PF_MD5_UPD_STR(pool, cur->ifname); + } + PF_MD5_UPD(pool, key); + PF_MD5_UPD(pool, counter); + + PF_MD5_UPD(pool, mape.offset); + PF_MD5_UPD(pool, mape.psidlen); + PF_MD5_UPD_HTONS(pool, mape.psid, x); + PF_MD5_UPD_HTONL(pool, tblidx, y); + PF_MD5_UPD_HTONS(pool, proxy_port[0], x); + PF_MD5_UPD_HTONS(pool, proxy_port[1], x); + PF_MD5_UPD(pool, opts); +} + static void pf_hash_rule(MD5_CTX *ctx, struct pf_krule *rule) { @@ -1068,34 +1096,84 @@ pf_hash_rule(MD5_CTX *ctx, struct pf_krule *rule) pf_hash_rule_addr(ctx, &rule->dst); for (int i = 0; i < PF_RULE_MAX_LABEL_COUNT; i++) PF_MD5_UPD_STR(rule, label[i]); + PF_MD5_UPD_HTONL(rule, ridentifier, y); PF_MD5_UPD_STR(rule, ifname); + PF_MD5_UPD_STR(rule, qname); + PF_MD5_UPD_STR(rule, pqname); + PF_MD5_UPD_STR(rule, tagname); PF_MD5_UPD_STR(rule, match_tagname); - PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */ + + PF_MD5_UPD_STR(rule, overload_tblname); + + pf_hash_pool(ctx, &rule->rpool); + PF_MD5_UPD_HTONL(rule, os_fingerprint, y); + + PF_MD5_UPD_HTONL(rule, rtableid, y); + for (int i = 0; i < PFTM_MAX; i++) + PF_MD5_UPD_HTONL(rule, timeout[i], y); + PF_MD5_UPD_HTONL(rule, max_states, y); + PF_MD5_UPD_HTONL(rule, max_src_nodes, y); + PF_MD5_UPD_HTONL(rule, max_src_states, y); + PF_MD5_UPD_HTONL(rule, max_src_conn, y); + PF_MD5_UPD_HTONL(rule, max_src_conn_rate.limit, y); + PF_MD5_UPD_HTONL(rule, max_src_conn_rate.seconds, y); + PF_MD5_UPD_HTONS(rule, qid, x); + PF_MD5_UPD_HTONS(rule, pqid, x); PF_MD5_UPD_HTONL(rule, prob, y); + + PF_MD5_UPD_HTONS(rule, return_icmp, x); + PF_MD5_UPD_HTONS(rule, return_icmp6, x); + PF_MD5_UPD_HTONS(rule, max_mss, x); + PF_MD5_UPD_HTONS(rule, tag, x); /* dup? */ + PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */ + PF_MD5_UPD_HTONS(rule, scrub_flags, x); + + PF_MD5_UPD(rule, uid.op); PF_MD5_UPD_HTONL(rule, uid.uid[0], y); PF_MD5_UPD_HTONL(rule, uid.uid[1], y); - PF_MD5_UPD(rule, uid.op); + PF_MD5_UPD(rule, gid.op); PF_MD5_UPD_HTONL(rule, gid.gid[0], y); PF_MD5_UPD_HTONL(rule, gid.gid[1], y); - PF_MD5_UPD(rule, gid.op); + PF_MD5_UPD_HTONL(rule, rule_flag, y); + PF_MD5_UPD_HTONL(rule, rule_ref, y); PF_MD5_UPD(rule, action); PF_MD5_UPD(rule, direction); - PF_MD5_UPD(rule, af); + PF_MD5_UPD(rule, log); + PF_MD5_UPD(rule, logif); PF_MD5_UPD(rule, quick); PF_MD5_UPD(rule, ifnot); PF_MD5_UPD(rule, match_tag_not); PF_MD5_UPD(rule, natpass); + PF_MD5_UPD(rule, keep_state); + PF_MD5_UPD(rule, af); PF_MD5_UPD(rule, proto); - PF_MD5_UPD(rule, type); - PF_MD5_UPD(rule, code); + PF_MD5_UPD_HTONS(rule, type, x); + PF_MD5_UPD_HTONS(rule, code, x); PF_MD5_UPD(rule, flags); PF_MD5_UPD(rule, flagset); + PF_MD5_UPD(rule, min_ttl); PF_MD5_UPD(rule, allow_opts); PF_MD5_UPD(rule, rt); + PF_MD5_UPD(rule, return_ttl); PF_MD5_UPD(rule, tos); + + PF_MD5_UPD(rule, set_tos); + PF_MD5_UPD(rule, anchor_relative); + PF_MD5_UPD(rule, anchor_wildcard); + + PF_MD5_UPD(rule, flush); + PF_MD5_UPD(rule, prio); + PF_MD5_UPD(rule, set_prio[0]); + PF_MD5_UPD(rule, set_prio[1]); + + PF_MD5_UPD(rule, divert.addr); + PF_MD5_UPD_HTONS(rule, divert.port, x); + + if (rule->anchor != NULL) + PF_MD5_UPD_STR(rule, anchor->path); } static bool From nobody Wed Mar 25 10:54:03 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fgkL33W3mz6W5Wh for ; Wed, 25 Mar 2026 10:54:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fgkL30n4Lz3Mg0 for ; Wed, 25 Mar 2026 10:54:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436043; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jP4xn8Y+3ZnNtCAfIE9askedYJRHhoPGMUExHWvjgmM=; b=nQVYx+NdPhiQC8E7pWZnJy5rZQtjUvg/CNtnap1v/H4Z5V1Czqh/L4vUr19oVBMGfXk8a+ ppiU3Nds53pjTDtp6s+9dbbFzNEuLj/Twhn5/Pz8D+WPnoGeiZTcDoRPdP6gOyfExq5qrz /sOVggvirR0S09Y9zi6NxcaLZCP3CKr61bC5xY/6dNxfYWObI+bSeK9ry253tVR1UgbjUF Zuo40pGdvhEMPHBrM1sOnHQ8DVR6iol5/tqhaCc8VEmPHtORPf3Hw4COp7H9+suX1aPVBr QufBgz1RvUV6+/Xn1Z1fFyg6BhQs83luGeNpJGklEQWU5jUMw2ccyerH3NI1Rw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774436043; a=rsa-sha256; cv=none; b=V0krq0XdpY8eJAzyynyPARUHd+lGFYjdJ176GlNMccTl00d5v0QD9Ma2GsWd11u0fMeDoe juPqK5rurHLF7hamxZoWmQWuvhujRNW3Nc1mpIaOc6Ey0s33j5NI22+UNlyYMWmklCiXoi 0s0KB7XXuZCBo8UumEqG3PtCMSxCx+BJd8tWP20A0l/VKRZzd2bFAcj4rXMsI7Mw8Mm6R0 BQEnXXcU7MUbGosH7DoKuNIgsOjITF85DeB194nklZUWxBA3zGVJkbXjUaecNI5lX2zSq8 4IKnifFeA+xPhFapMpJKiUQpbXDGipY6EqJohePt6B/Pt6GgHGnfGTcsW91b9g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436043; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jP4xn8Y+3ZnNtCAfIE9askedYJRHhoPGMUExHWvjgmM=; b=vJG2qW3f4OepcTgYaQqwFurOGYEPyamdPPL+Y5NHRTRyskTo0J0BoFTml5x58OC0r4Dtd5 FQctHOJOQerjCwKG+E+bM9GfiShdDe//38Pu+3s5mGV80j23SCigs1ToAKM+s23V8hz40C fB+DBn0In+U7zkyqEo5HDU5LnI9qo8e7CeBscmGcK/MR651rhxKaqLDSqfi7JedgWJYl5t s1+6Gmk2l04hEOIo7Xrexx0GABG01NvZg2ah6DchGiYi/Hp+skU0YcqY4XTrUvNgg67s7L E9E0pgyFBbpT+FSdMb2DRxQCxQXb1QnWlgjEGnSBmCHLOLGQEe62DVYMrWRfpA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fgkL30GdXz12kS for ; Wed, 25 Mar 2026 10:54:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 36e87 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 25 Mar 2026 10:54:03 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: e79818ec36ef - stable/14 - pfctl: always warn if a duplicate rule was detected List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: e79818ec36efafc994d8c5a912dcb94986c038c5 Auto-Submitted: auto-generated Date: Wed, 25 Mar 2026 10:54:03 +0000 Message-Id: <69c3becb.36e87.5e3ce40b@gitrepo.freebsd.org> The branch stable/14 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=e79818ec36efafc994d8c5a912dcb94986c038c5 commit e79818ec36efafc994d8c5a912dcb94986c038c5 Author: Kristof Provost AuthorDate: 2026-03-12 14:24:42 +0000 Commit: Kristof Provost CommitDate: 2026-03-25 09:58:28 +0000 pfctl: always warn if a duplicate rule was detected MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 66d66dd0f6f83926980fc1d68dd366c0057350c5) --- sbin/pfctl/pfctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index d6bb0ae7f46f..518b32085565 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -2043,13 +2043,13 @@ pfctl_load_rule(struct pfctl *pf, char *path, struct pfctl_rule *r, int depth) } } - if (pf->opts & PF_OPT_VERBOSE) { + if (pf->opts & PF_OPT_VERBOSE || was_present) { INDENT(depth, !(pf->opts & PF_OPT_VERBOSE2)); print_rule(r, name, pf->opts & PF_OPT_VERBOSE2, pf->opts & PF_OPT_NUMERIC); if (was_present) - printf(" -- rule was already present"); + printf(" -- rule was already present\n"); } path[len] = '\0'; pfctl_clear_pool(&r->rpool); From nobody Wed Mar 25 10:54:04 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fgkL43BWDz6W5jh for ; Wed, 25 Mar 2026 10:54:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fgkL41NJ0z3MGg for ; Wed, 25 Mar 2026 10:54:04 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436044; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=y66N0Ji4uo3yGwmpSKJYcSJcqhdYpT84imhMRzRUalY=; b=mWQjtogwqaF2fpmTaYAUBk/sydQyXP76/msKpjvxrnEMvmA2VKeuiMoo8QlPNS9BVWTSvN VWn6Yv8ox96B+dWXBzuNrxnyVXEfL7xLjgV6uclsUgKZz5ub/SL37GCji3yVDCGNX4O5fa /UJtOm3wqUWRm0E36n6WzFCQKy+C/kBHm55n0+jypCNPCtHJem88ckhyb/8Ci6wGIHx65k 9cgCuuUP8dwNDgs4DcuSeZb2boNQfnjODal85ecyLvgeiqVEACTGRNoIu1bRAiaJaKtjn7 cfDf/A6w4omWTaJTmL5knk1+ZrYSQe/cN68enE2lB1hfKKLbuFocXUwSHOmRpw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774436044; a=rsa-sha256; cv=none; b=SllLvIW10zNMruhZlsPL8ZIkRRZNuKMFpwhNXVuO/0BliJBL42oJKQgkiVnV0cdrUhigD1 9jnaHKbsGSc8ls+exiNqR5MZOZUezVmfjfrienX0bCOcHW+bLB12pwn0GpRDbH3/wI1zTs DrM3PuUDUZLYg5C9pEnObXGbLimhOvbu4hu/ePNVf8FlIlLBFH737pwS2EnWExLOZAq2pi w97g1pcnxCouxXRvDqOuA2TKJquRTfe5eXF7D2hI1Oz4obakRp7dwYtTyv89fiwFQs6hEj fJ0PYc67qfpwzfthMgy9Mx0LqeE1dBcvfbz7Z227dGrkSJyzwWxrYeYvoofx0Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436044; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=y66N0Ji4uo3yGwmpSKJYcSJcqhdYpT84imhMRzRUalY=; b=lbFzocunY0L1ttGvWY9IXH28ceP1ME2YG2y52/tjC5u0kdY/Vf+KfoEl7dGazXHaovA/4C wYg3vW4muhkqSNxlnfs0cofylzabkToF+iMYQ+lLXZC70laFGRr5kqpPF3F9S5ZjYj5C6n RQMW7mRfTkbabC085BYcK3QNNc4nyFv82kjNv7RKEgTO1IQAGHsrBh1b/hALk7+o8KjWDw h0jZ4k4d68Nk954IC3S7lPjYakgs5lpKPcDFlu4t+G+c3cjU85ykBswovw6dcT0xf4Ft99 RQ7bGkV3V34k8X01h8zfRoVHnLCMPR59+WLO92BJa7mPTVlIHAAei0gHbtp9Vw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fgkL40hYLz12KC for ; Wed, 25 Mar 2026 10:54:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 374ea by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 25 Mar 2026 10:54:04 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: e3b801edded9 - stable/14 - pf: include all elements when hashing rules List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: e3b801edded92c1ccef67f9aef8653e996493460 Auto-Submitted: auto-generated Date: Wed, 25 Mar 2026 10:54:04 +0000 Message-Id: <69c3becc.374ea.37a87a75@gitrepo.freebsd.org> The branch stable/14 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=e3b801edded92c1ccef67f9aef8653e996493460 commit e3b801edded92c1ccef67f9aef8653e996493460 Author: Kristof Provost AuthorDate: 2026-03-19 07:21:51 +0000 Commit: Kristof Provost CommitDate: 2026-03-25 09:58:28 +0000 pf: include all elements when hashing rules MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit c6bcf6e6fd507d952a48226b51cc161b8ef972a2) --- sys/netpfil/pf/pf_ioctl.c | 91 ++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 83 insertions(+), 8 deletions(-) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 1fff0667aa1a..5617207d28f9 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1269,6 +1269,12 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, addr.v.a.addr.addr32); PF_MD5_UPD(pfr, addr.v.a.mask.addr32); break; + case PF_ADDR_NOROUTE: + case PF_ADDR_URPFFAILED: + /* These do not use any address data. */ + break; + default: + panic("Unknown address type %d", pfr->addr.type); } PF_MD5_UPD(pfr, port[0]); @@ -1277,6 +1283,28 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, port_op); } +static void +pf_hash_pool(MD5_CTX *ctx, struct pf_kpool *pool) +{ + uint16_t x; + int y; + + if (pool->cur) { + PF_MD5_UPD(pool, cur->addr); + PF_MD5_UPD_STR(pool, cur->ifname); + } + PF_MD5_UPD(pool, key); + PF_MD5_UPD(pool, counter); + + PF_MD5_UPD(pool, mape.offset); + PF_MD5_UPD(pool, mape.psidlen); + PF_MD5_UPD_HTONS(pool, mape.psid, x); + PF_MD5_UPD_HTONL(pool, tblidx, y); + PF_MD5_UPD_HTONS(pool, proxy_port[0], x); + PF_MD5_UPD_HTONS(pool, proxy_port[1], x); + PF_MD5_UPD(pool, opts); +} + static void pf_hash_rule_rolling(MD5_CTX *ctx, struct pf_krule *rule) { @@ -1287,37 +1315,84 @@ pf_hash_rule_rolling(MD5_CTX *ctx, struct pf_krule *rule) pf_hash_rule_addr(ctx, &rule->dst); for (int i = 0; i < PF_RULE_MAX_LABEL_COUNT; i++) PF_MD5_UPD_STR(rule, label[i]); + PF_MD5_UPD_HTONL(rule, ridentifier, y); PF_MD5_UPD_STR(rule, ifname); + PF_MD5_UPD_STR(rule, qname); + PF_MD5_UPD_STR(rule, pqname); + PF_MD5_UPD_STR(rule, tagname); PF_MD5_UPD_STR(rule, match_tagname); - PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */ + + PF_MD5_UPD_STR(rule, overload_tblname); + + pf_hash_pool(ctx, &rule->rpool); + PF_MD5_UPD_HTONL(rule, os_fingerprint, y); + + PF_MD5_UPD_HTONL(rule, rtableid, y); + for (int i = 0; i < PFTM_MAX; i++) + PF_MD5_UPD_HTONL(rule, timeout[i], y); + PF_MD5_UPD_HTONL(rule, max_states, y); + PF_MD5_UPD_HTONL(rule, max_src_nodes, y); + PF_MD5_UPD_HTONL(rule, max_src_states, y); + PF_MD5_UPD_HTONL(rule, max_src_conn, y); + PF_MD5_UPD_HTONL(rule, max_src_conn_rate.limit, y); + PF_MD5_UPD_HTONL(rule, max_src_conn_rate.seconds, y); + PF_MD5_UPD_HTONS(rule, qid, x); + PF_MD5_UPD_HTONS(rule, pqid, x); + PF_MD5_UPD_HTONS(rule, dnpipe, x); + PF_MD5_UPD_HTONS(rule, dnrpipe, x); + PF_MD5_UPD_HTONL(rule, free_flags, y); PF_MD5_UPD_HTONL(rule, prob, y); + + PF_MD5_UPD_HTONS(rule, return_icmp, x); + PF_MD5_UPD_HTONS(rule, return_icmp6, x); + PF_MD5_UPD_HTONS(rule, max_mss, x); + PF_MD5_UPD_HTONS(rule, tag, x); /* dup? */ + PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */ + PF_MD5_UPD_HTONS(rule, scrub_flags, x); + + PF_MD5_UPD(rule, uid.op); PF_MD5_UPD_HTONL(rule, uid.uid[0], y); PF_MD5_UPD_HTONL(rule, uid.uid[1], y); - PF_MD5_UPD(rule, uid.op); + PF_MD5_UPD(rule, gid.op); PF_MD5_UPD_HTONL(rule, gid.gid[0], y); PF_MD5_UPD_HTONL(rule, gid.gid[1], y); - PF_MD5_UPD(rule, gid.op); + PF_MD5_UPD_HTONL(rule, rule_flag, y); + PF_MD5_UPD_HTONL(rule, rule_ref, y); PF_MD5_UPD(rule, action); PF_MD5_UPD(rule, direction); - PF_MD5_UPD(rule, af); + PF_MD5_UPD(rule, log); + PF_MD5_UPD(rule, logif); PF_MD5_UPD(rule, quick); PF_MD5_UPD(rule, ifnot); PF_MD5_UPD(rule, match_tag_not); PF_MD5_UPD(rule, natpass); + PF_MD5_UPD(rule, keep_state); + PF_MD5_UPD(rule, af); PF_MD5_UPD(rule, proto); - PF_MD5_UPD(rule, type); - PF_MD5_UPD(rule, code); + PF_MD5_UPD_HTONS(rule, type, x); + PF_MD5_UPD_HTONS(rule, code, x); PF_MD5_UPD(rule, flags); PF_MD5_UPD(rule, flagset); + PF_MD5_UPD(rule, min_ttl); PF_MD5_UPD(rule, allow_opts); PF_MD5_UPD(rule, rt); + PF_MD5_UPD(rule, return_ttl); PF_MD5_UPD(rule, tos); - PF_MD5_UPD(rule, scrub_flags); - PF_MD5_UPD(rule, min_ttl); PF_MD5_UPD(rule, set_tos); + PF_MD5_UPD(rule, anchor_relative); + PF_MD5_UPD(rule, anchor_wildcard); + + PF_MD5_UPD(rule, flush); + PF_MD5_UPD(rule, prio); + PF_MD5_UPD(rule, set_prio[0]); + PF_MD5_UPD(rule, set_prio[1]); + + PF_MD5_UPD(rule, divert.addr); + PF_MD5_UPD_HTONS(rule, divert.port, x); + if (rule->anchor != NULL) PF_MD5_UPD_STR(rule, anchor->path); } From nobody Wed Mar 25 10:53:58 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fgkL42Hysz6W5TR for ; Wed, 25 Mar 2026 10:54:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fgkL40lwgz3MGd for ; Wed, 25 Mar 2026 10:54:04 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436044; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AoEbqQsv9Tezcr1aVkNIJh3PiY6aL8evJxSk9XvT6/U=; b=ZVVd45sTq06CWg2zHT/aWK6sbDRVYeRAcPf8ud9uBy2SzzMCu4xKHUono1f/BlUreWRdV8 SMugcRswi1/5sr0+/Z2p094a7YcJMJRdfoSAOltyS8RKDYLcAObaR7s0pVsIZPMLEBl6I3 I3RE6lDKFgwrvfT+zCTfSh9ElmcLJuYxNdiiXodgT9jnOWyOKj4xCLbNIMXHKrlwZ+PJym y3oRfVSVqQ+pdQiAmkcUTvMTEIdowmLpLRjXwb2v6X5CrCl/bLfwSyBeTCpLYKK/80cBfZ VCelsSZ8X1QoCkg5DeY6jlDne+qxRyDw/NSmFF58u+pkYpsz/wPms8VXEdy9Mw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774436044; a=rsa-sha256; cv=none; b=bnoHb0gHJ/qSos3J+TVIXNw4zEJD9sue0dPP7f1hi7j9cABCBOYZ7nUmZeL/WosDp6AmDl VoCtydnqM45HQoJcv6qzDqjat9BCkP2q+TUkV0ui0k3ZaNxIEaBAHEl+4k6Z8kJ68LY5Nz 0thv74y9trmWikKtT6cNm/+dFAdTVdaZzU3n0WDvOp9k+m/MJQ0bKLHqOLCRj6gChdGVxC QSF3fvD5/2UYhxoUnKLtBNsWUIz3F8BponjRx7PCHnLjQSy7xsaqazb/YmjXT+Aq/JO0Sx p3iWYFZbAMVkdwj4k1PKXzno5rE03+zXv4J9xxrFKOZKbANRy91axTCYgO0wYg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774436044; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AoEbqQsv9Tezcr1aVkNIJh3PiY6aL8evJxSk9XvT6/U=; b=kytdRQSMPneNw843lqWWmZpXcaO9y5ljpcDR+thYZ6NBTJli3S5RMBlkI3rj5qKe8JQ4X7 s3qAbvcTbHTqkNCScMWIyR2zo+jC33Wo5szXiiEzrR+YrmBRWsbybvc5+kQLcxswMRJOfS 5kJUn2DZA9derGUBpaVsjrJBJuSDzDz3a7fk4Z6Hj3iru+ulr1/DhgzhIQ/HCU1zpWOKRt Xz1m5G+Njl84+BfTb19yPz+ZJbLI3rVkSEgBwdt5RzdtFZPuysq4D0oR1p+7T/2uyhwOKU n0WkapcX0EnBfw4QH7QalHjljSqX/UbJrehhdFZMFW1VtQj+aJOGSpXhpoczdg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fgkL40JQTz12Vd for ; Wed, 25 Mar 2026 10:54:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 370ab by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 25 Mar 2026 10:53:58 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Michael Gmelin From: Kristof Provost Subject: git: 38f8ac568273 - stable/15 - pf: Fix hashing of IP address ranges List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 38f8ac568273fde3f41582c6bc01ea4b2c9dc029 Auto-Submitted: auto-generated Date: Wed, 25 Mar 2026 10:53:58 +0000 Message-Id: <69c3bec6.370ab.26d98a24@gitrepo.freebsd.org> The branch stable/15 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=38f8ac568273fde3f41582c6bc01ea4b2c9dc029 commit 38f8ac568273fde3f41582c6bc01ea4b2c9dc029 Author: Michael Gmelin AuthorDate: 2026-03-12 14:18:09 +0000 Commit: Kristof Provost CommitDate: 2026-03-25 07:11:57 +0000 pf: Fix hashing of IP address ranges This corrects the false detection of duplicate rules. MFC after: 1 week Reviewed by: kp (cherry picked from commit 1fa873c93c8b08561c53107c7b90c53dfad30ddc) --- sys/netpfil/pf/pf_ioctl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index d0fd6476727e..915a09a05297 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1350,6 +1350,7 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, addr.v.tblname); break; case PF_ADDR_ADDRMASK: + case PF_ADDR_RANGE: /* XXX ignore af? */ PF_MD5_UPD(pfr, addr.v.a.addr.addr32); PF_MD5_UPD(pfr, addr.v.a.mask.addr32); From nobody Wed Mar 25 19:25:00 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fgxgj3bvmz6WgFj for ; Wed, 25 Mar 2026 19:25:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fgxgj2z29z3fZn for ; Wed, 25 Mar 2026 19:25:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774466705; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9CHpTSvJAPHwqb1GvzAL/jVqqqaWuQyJ8M1eLMc84lA=; b=JBmU7IzNYh8UDWtRZpX4d9GIRsN6W6Mr0iMoWQjXPc3qG1ZITAMQpNlx9UeaOQ+EPkKipl y470z/nb14PHyzKZ6KiIrq6Q4otGrC1yDzNVG8XiZm3VhXiVGX28jyk8OuYH/PAwtqMyJr olOdQ0xDfNz9YFhZS/6fHh1WPsbSDO4A2CIbom2HOmb9Tj/64sY9va7Cnx1KBXEHX+2FnE REjwD1FyzvfuwXFouK65QTmfXuOnouw68/wbFM10Vv37+0h6kNNDAoEGxNf0i/EiBqBxVF K3/XixHS4p3byUb8hBWeUh/8AShGMYtiz2KET1tulkKsqBVv+cwd4BSgWgm5dA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774466705; a=rsa-sha256; cv=none; b=xQDFyXrE8VLeg3oBbmN+VVFKZ1UcZ2tK3myg3375KOX/IOHdlucTmxA9uNMMHGhpiSWXtm s4MPRPQPxwLlNCFNjsvdwxt6mNYkDst8HhEy8Hy4yQcgsgHqDr3lepao2fhMkPHHGyLefw jj+vvOz1PBm4OLERcqbTlef0PV6K+2JX+xmsAhi+aUA9m7DxFAt20hqJs32lGVXhVFso8p A8yVvUysyjPfemGRhJDUuCJe4+mXCH0uud2xtFWw9YKPXTz1odYVOADWq9oX1ANPJeXZva f7nPwrflzeEsO4bjc1J3mlQPORU+tvA16tu5FI43iAU0H4hk6kF6FBUITgLJRg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774466705; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9CHpTSvJAPHwqb1GvzAL/jVqqqaWuQyJ8M1eLMc84lA=; b=PWbyP8IPqucjpqjlE7fi5WDH+647azInmbKt5RXA5V/ZgUIU0F6S1w6RyV3rX58mXUmJtr GAybbBcBTQDtXxr4e/9xkBwIcPPkpZzWm+q9YXxrx0/fKDQ3lHqVvichyDYfE02zJVZCnD WkxbZEc6XXAx/EhzdirXopu9a0ozAnfLL/BOKMNUEJeQaiBmBHSwBpyzafpQqnjGAYH7zv RQCeeMY4+T5C701CoWt5Y4Xvk9qO13/Z6OZnIpxy/pYmo9KygdJt2wj3cXie43THsVSydN VUtDbNYYmUy2Cew6eITkq7c28PuZ1GwYUYUuVDvXjBr9zAdltdflVkYjpwVHjw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fgxgj2ZJvz3Pn for ; Wed, 25 Mar 2026 19:25:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1d576 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 25 Mar 2026 19:25:00 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Marek Zarychta From: Warner Losh Subject: git: 9ac7e0362a24 - stable/14 - loader: Fix beastie and fbsdbw logo positions List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: imp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 9ac7e0362a2490f5de0e23507cc5159cc03a3334 Auto-Submitted: auto-generated Date: Wed, 25 Mar 2026 19:25:00 +0000 Message-Id: <69c4368c.1d576.5d2920f4@gitrepo.freebsd.org> The branch stable/14 has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=9ac7e0362a2490f5de0e23507cc5159cc03a3334 commit 9ac7e0362a2490f5de0e23507cc5159cc03a3334 Author: Marek Zarychta AuthorDate: 2025-05-29 16:36:57 +0000 Commit: Warner Losh CommitDate: 2026-03-25 19:22:52 +0000 loader: Fix beastie and fbsdbw logo positions Fix the beaste, beastiebw and fbsdbw postions broken after ee233742a569 PR: 285044, 286356 Fixes: 1b4e11713153 Reviewed by: imp MFC After: 2 days (14.3 candiate) Sponsored by: PANS Jarosław (cherry picked from commit 9486d6d57d14844972ee63382045e2ed7a300963) --- stand/lua/gfx-beastie.lua | 1 + stand/lua/gfx-beastiebw.lua | 1 + stand/lua/gfx-fbsdbw.lua | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/stand/lua/gfx-beastie.lua b/stand/lua/gfx-beastie.lua index 443f0fd888ba..f91e70667dac 100644 --- a/stand/lua/gfx-beastie.lua +++ b/stand/lua/gfx-beastie.lua @@ -49,5 +49,6 @@ return { " `--{__________)\027[m", }, requires_color = true, + shift = {x = 2, y = -5}, } } diff --git a/stand/lua/gfx-beastiebw.lua b/stand/lua/gfx-beastiebw.lua index c71e53a9c4e3..84e3dc6997df 100644 --- a/stand/lua/gfx-beastiebw.lua +++ b/stand/lua/gfx-beastiebw.lua @@ -48,5 +48,6 @@ return { " ,' ,-----' |", " `--{__________)", }, + shift = {x = 2, y = -5}, } } diff --git a/stand/lua/gfx-fbsdbw.lua b/stand/lua/gfx-fbsdbw.lua index 470af71a07b5..df3b6c856eef 100644 --- a/stand/lua/gfx-fbsdbw.lua +++ b/stand/lua/gfx-fbsdbw.lua @@ -42,6 +42,6 @@ return { " | | | |", " |____/|_____/|_____/", }, - shift = {x = 5, y = 4}, + shift = {x = 7, y = -1}, } } From nobody Wed Mar 25 22:12:41 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh1PB5Mdjz6WrnH for ; Wed, 25 Mar 2026 22:12:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh1PB2xr3z46y5 for ; Wed, 25 Mar 2026 22:12:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774476766; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Gg1lHfwoIoe7qHVCoul3Hyz413x0A7iTmOldKcwQgfQ=; b=x6DBNOfIFq725U4sbSYvZFf+ekRB2s8bPq/fEa6dBtOVpCMMOcGjRYjq9uxeKbC1Kb7xJq 9IBUGTVg04IgMNAecb0gpXWfhn51cNnSvf/upZFZV3RSvIe8qNKjwztwitEXGbzple4Ntj 5eA1UwzfYcnZuvLB7Lvts27y0Flia8NrGgl76FEvp2gPx5woepUcuTslplVCPrZGsyC0Qy /PNBoOLHiu808aDoOUmHXqPE/dYmBwa6vbr3HtpDhrcbAmGHtYYUADyisYthq2W9NQZzic aR3873fKMAhuabS88fTYC7ftuIYlQJc1HiOOHPLVuLyyzUu9abAnZTtXzuFEzg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774476766; a=rsa-sha256; cv=none; b=HbPkIwdPPa2DCv2YHCu+c45S7OaM9naAABDKf52K7zrniOmCE0Dj2NcHIqiTiI4ci0aHOi 7m8WOemb9d1UmCASUaVxb4TRh9B8hiigIzITqz0RP6MLtFqSCrNHX46/yMzwLb/BYPH+4k Q/96Mb8nJb+xtsTC709weynAdo3zO55RjV/MZFnM4Pg/rgVqSVA1nrjDBeFvJf4ZJ88CrV elWKRrwkAo6Pxtv0IMYMvXqbDB70T5ijdyDnt2mzV/ZYCYHhak5t9tGmb+NJNxbJwXRs0B sWvMiVcEivWYeQMdU2ELUlkTRcPagup+owVXrQKe3dkNFxEmADFIxIuGUs4kHA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774476766; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Gg1lHfwoIoe7qHVCoul3Hyz413x0A7iTmOldKcwQgfQ=; b=KRzDyQzjYLlrled6pk6e5wrimat7DbZNotKkcAYPdgkpj80vZDhYaQMmCP+DNHMMDPFJ0R p8wQSgZ1oUaDvnvLYo69oO0XK5fHZMR8hk+kbK/bThWnLFCRipMFPJ/DeTCPS2aWL50jpI ephG7kFruFXuheo6DxxXpJ0MawT/yC4Wx+D++T7UahxPeRzkhv8YCEzsNAXMd0eSL4zMx9 Svl406ku3hMQ94bF2TDB4qFduzhFp+lbT1/gABghLdOgDmIExWBh3OKgUEuXp5L49cdvy4 PA+EGS/Fv1YRBk003ce+MDg2g4m4elj8EMtnQiYIwzq2PJ5L8LvvQ7lHxihoqg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh1PB1Yd3z8cR for ; Wed, 25 Mar 2026 22:12:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 37ca7 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 25 Mar 2026 22:12:41 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Enji Cooper From: Warner Losh Subject: git: 432c95c57bb5 - stable/14 - asmc(4): pull 32-bit support for the driver List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: imp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 432c95c57bb5edba6593f48a17092577e293bc05 Auto-Submitted: auto-generated Date: Wed, 25 Mar 2026 22:12:41 +0000 Message-Id: <69c45dd9.37ca7.1fbf2721@gitrepo.freebsd.org> The branch stable/14 has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=432c95c57bb5edba6593f48a17092577e293bc05 commit 432c95c57bb5edba6593f48a17092577e293bc05 Author: Enji Cooper AuthorDate: 2026-01-05 03:36:55 +0000 Commit: Warner Losh CommitDate: 2026-03-25 20:34:43 +0000 asmc(4): pull 32-bit support for the driver The asmc(4) driver should work for 32-bit Intel-based Macs, in theory, if the model details were added to the detection list. That being said, 32-bit Intel Macs were only released and available to the general public for 8 months [1], so the value in maintaining i386 support in the driver is reduced due to limited hardware access. Remove 32-bit support for the driver officially to make it clear its use is not supported. This should fix building `NOTES.i386` by proxy as well. Relnotes: yes MFC after: 2 weeks Fixes: f224591746b ("Add ASMC_DEBUG make option") Fixes: 8342d9f7b5f ("asmc(4): Stop building it on i386, as...") Differential Revision: https://reviews.freebsd.org/D55544 (cherry picked from commit 1f2f5eba24aa53e180a4eb46b772410e5a782469) --- sys/x86/conf/NOTES | 2 -- 1 file changed, 2 deletions(-) diff --git a/sys/x86/conf/NOTES b/sys/x86/conf/NOTES index c329613378b9..8ca196604d94 100644 --- a/sys/x86/conf/NOTES +++ b/sys/x86/conf/NOTES @@ -521,7 +521,6 @@ device ntb_hw_plx # PLX NTB hardware driver # pbio: Parallel (8255 PPI) basic I/O (mode 0) port (e.g. Advantech PCL-724) # smbios: DMI/SMBIOS entry point (requires EFIRT option) # vpd: Vital Product Data kernel interface -# asmc: Apple System Management Controller # si: Specialix International SI/XIO or SX intelligent serial card # tpm: Trusted Platform Module @@ -537,7 +536,6 @@ envvar hint.pbio.0.at="isa" envvar hint.pbio.0.port="0x360" device smbios device vpd -device asmc device tpm device padlock_rng # VIA Padlock RNG device rdrand_rng # Intel Bull Mountain RNG From nobody Wed Mar 25 22:12:42 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh1PC3s4Yz6WrMm for ; Wed, 25 Mar 2026 22:12:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh1P62ctjz46XR for ; Wed, 25 Mar 2026 22:12:42 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774476762; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RW/bcMpyPPs/ighrw1G+Oar25iHFoyC7ph7DdIYbGFo=; b=bW215nx3PrQfyLdSPXHO+7KtVjND91fgp55B0XSp6Il3tx2OGJlyYEYFWmTKYbj5ssUoIJ sG91PzRxkKpbY5fB3LyqAFBPCbejp1QY9Ldht93FMuyziZeuB8ABhfH7eL6qbHX77Kybch tyJwPNxYA0/RYVnNqZa/z9o3/m3FDxYXcX/kp97hvInZo2HzDwbus9VEYLC1eTzKpWgYqm 7h5T5XbRdEqrj10HaaK1ptRUeklwOtz/UgiiGtaSCUAlLrP+sYLq6S7BAvHrfG0ieTS1bv iLvc8aJLg0mub605Tcp7NPQnPulWrVjTf3oj4MXpOmO7gcjetpZo4sjo/zo3wg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774476762; a=rsa-sha256; cv=none; b=dwaz0vPg8TNYE4zIeFWE+6WmrEn2zPsVI08gExWKqTEhFQi3nK8nP2vkHG+1m3HcUngZBu pnFtD+mqwgDRF14OruTpEc/aSJPq7Cgv/hRg4TDnME5+0LGm8JPUn7LD30xRaEi2Xmynro eHAPZ7+mJGbFer40BZ/UUHNQaoq+MvnlczO6tJvXGmbiQtJmXQMwUdiV4g2Z3QVA6YZTSy xs2x/vb5/hBarJ/gchC8j7xzGCGVgxB/6WAFTpbCxUIi23rvyN7msW2Vhnz5BnZTStYEV2 vZvmh5+zBYuMNGo6t2c/42uaZ0D0YRYKm32Vd/BKxFpb1Q73RPxcMC1WwKi+YQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774476762; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RW/bcMpyPPs/ighrw1G+Oar25iHFoyC7ph7DdIYbGFo=; b=MqZ4yX7rWPKRYV9WJ3liA12jR1guw22i50tq5OSVTiSuxstv17LpupliXu4zTiDbZn1JGP ilLHNIBBQvqSNBRK/J48WBA0ZUQ4CBR7jMu61efCe1+u9/sqN/rtCSzgFwbj5pcgR3GfW3 DbofJ3pbuC9z8LPAsJHOe3UuC+apQDqnydjyOqMy/ktN1O1fTm9o0BG4p+1SFO+Hlef+s4 c33hHf9as3tE6rJsFz2GABvM2kATJP3KrZiZdO5iTxk1CvUkhCqzd1bqbVJaacsv98HvH8 RJIhTUvRZ3qP0g0bKawdz5Gm81qwLp14Yz3oDJ53KCIx7blhKK7T1Nbj+3wSsw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh1P621mXz85l for ; Wed, 25 Mar 2026 22:12:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 36634 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 25 Mar 2026 22:12:42 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Enji Cooper From: Warner Losh Subject: git: 12e1ab887d58 - stable/14 - Add ASMC_DEBUG make option List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: imp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 12e1ab887d58d18069554e0b5311d43d4ca50df0 Auto-Submitted: auto-generated Date: Wed, 25 Mar 2026 22:12:42 +0000 Message-Id: <69c45dda.36634.71716e05@gitrepo.freebsd.org> The branch stable/14 has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=12e1ab887d58d18069554e0b5311d43d4ca50df0 commit 12e1ab887d58d18069554e0b5311d43d4ca50df0 Author: Enji Cooper AuthorDate: 2026-01-04 08:27:57 +0000 Commit: Warner Losh CommitDate: 2026-03-25 20:36:34 +0000 Add ASMC_DEBUG make option This allows folks to enable debug statements in asmc(4) using kernel configs via the `options ASMC_DEBUG` directive. While here, remove a duplicate `device vt_efifb` directive in `NOTES` as it's already handled in the `GENERIC` config MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D54511 (cherry picked from commit f224591746bdaf14ad5f63de4738a3146cc2f55f) --- sys/amd64/conf/NOTES | 4 ++++ sys/conf/options.amd64 | 3 +++ 2 files changed, 7 insertions(+) diff --git a/sys/amd64/conf/NOTES b/sys/amd64/conf/NOTES index 55f631675bbe..187d5676d55e 100644 --- a/sys/amd64/conf/NOTES +++ b/sys/amd64/conf/NOTES @@ -111,6 +111,10 @@ options EFIRT device asmc options ASMC_DEBUG # Enable asmc(4)-specific debug logic. +# Apple System Management Controller (SMC) +device asmc +options ASMC_DEBUG # Enable asmc(4)-specific debug logic. + # # Intel QuickAssist driver with OpenCrypto support # diff --git a/sys/conf/options.amd64 b/sys/conf/options.amd64 index c7c1f4da2a4a..a3a735731438 100644 --- a/sys/conf/options.amd64 +++ b/sys/conf/options.amd64 @@ -66,5 +66,8 @@ NO_LEGACY_PCIB opt_cpu.h # Compatibility with Linux MP table bugs. MPTABLE_LINUX_BUG_COMPAT +# x86 specific uart options +UART_NS8250_EARLY_PORT opt_uart.h + # Enable asmc(4)-specific debug logic. ASMC_DEBUG opt_asmc.h From nobody Thu Mar 26 01:11:18 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5MB5vzyz6X3h3 for ; Thu, 26 Mar 2026 01:11:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5MB4grjz3FW9 for ; Thu, 26 Mar 2026 01:11:18 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487478; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LjUnC0OjkU0OSrlRFN8OqiyAOX8JIaVO7IFvYiYbzMk=; b=BSrmwg7HZX0GyvP95fpv8fD/H7bviC33COk8/dUjtYYeW0m8zdYFWP5ed4Q54nw4zrOGhU 6MiztdXU67wSuYjlKJpI1JhhEMfUNElH+J9/vKAL0kjvUommKIIMLCzvFYIfhjkI4ntAld 7gvPhXJ6enfouC4QO2EGJOQ7Rei8Q+09fpxrwhkfEhXpj7xNz0r2/D9UfV7ibosCVabDSF zB4E/KKsiWk4fFmeCQO6Gx2YQ6iH/b7AoluW22GxwEvQePBWhlm4FAO51QwHm7yBYksVi3 KbAZTt71vubJ5DyLxYI04k6J4wra5HXPbTHH4AS1tsdC31b8UInOmkoR8tH7Pw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487478; a=rsa-sha256; cv=none; b=Ayia5W20b9U+qDyX5eipbaTjlEq3i30QuLNAK2ilrjphT/KjzbUI87pyo27qhBWAe0u+BI I0ZmaA/+dWuxFci4GFlTtdrc1nJCUiyG+7P2w+uuo/qU8u6OSGNzVoBG2zjX4iMnGstC9W MJnSG27IJDVvRsVt3LNOHi/DFWlo00YrT8FcKfsUnoYWnOC7k+MmEEQk32yfAv5Uy8kTZz va3egdSHRzCJJ03el0f27Vmy+qz2kz2BbRfaW6ohSteQauiaC55A0g07j7qpturBDPRtns U3UF7ULqsybhbj2zjLzqjLzxQhDfjYr7Qo1s6inRmtuWz6nI+1quqNckJmOHqA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487478; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LjUnC0OjkU0OSrlRFN8OqiyAOX8JIaVO7IFvYiYbzMk=; b=eumoPsEl9yvDtvASHCWB9rxDncS237ZBEGI3xxlwzlus5JadbeC+LIBr69dYNwQNjtbf8E +5mTzV5By4SrsF5eWm2y/9kdDP6x0NtzZkyHy6yyxlRu+ZEVlnBzBp22dpSs1S7qVEFgVp DgAtnlnV4NcufGP4JXoFVannTDRDxm1DnKuZywgapwtl42+3cHOPV+8LVJSvnLCz3myaSU TQBdazVRvvC7QQ/Wru6AfpVlwpiLJaX0TtUsVAtqqNX57C31VBgO7wLDgXmxOYeoce+hBM YTqG7ZxW7Q75QhJ1x9xJKYByWbkMl8xhgqcuCzBsOR0Z4fbtNsT/Ab5WPsjqzQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5MB3gkxzTtY for ; Thu, 26 Mar 2026 01:11:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 18d17 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:11:18 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Michael Tuexen From: Philip Paeps Subject: git: de9e5d82581e - releng/15.0 - tcp: plug an mbuf leak List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: de9e5d82581ec1afd8d8da62a4cd8345ebae5564 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:11:18 +0000 Message-Id: <69c487b6.18d17.527e7a93@gitrepo.freebsd.org> The branch releng/15.0 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=de9e5d82581ec1afd8d8da62a4cd8345ebae5564 commit de9e5d82581ec1afd8d8da62a4cd8345ebae5564 Author: Michael Tuexen AuthorDate: 2026-03-25 05:53:56 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 06:50:41 +0000 tcp: plug an mbuf leak When a challenge ACK should be sent via tcp_send_challenge_ack(), but the rate limiter suppresses the sending, free the mbuf chain. The caller of tcp_send_challenge_ack() expects this similar to the callers of tcp_respond(). Approved by: so Security: FreeBSD-SA-26:06.tcp Security: CVE-2026-4247 Reviewed by: lstewart Tested by: lstewart Sponsored by: Netflix, Inc. --- sys/netinet/tcp_subr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index b6f428b279b3..5e2b1eb1a86d 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -2202,6 +2202,8 @@ tcp_send_challenge_ack(struct tcpcb *tp, struct tcphdr *th, struct mbuf *m) tcp_respond(tp, mtod(m, void *), th, m, tp->rcv_nxt, tp->snd_nxt, TH_ACK); tp->last_ack_sent = tp->rcv_nxt; + } else { + m_freem(m); } } From nobody Thu Mar 26 01:11:19 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5MD0drNz6X3nZ for ; Thu, 26 Mar 2026 01:11:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5MC4qJjz3FWB for ; Thu, 26 Mar 2026 01:11:19 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487479; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pKiyLkTw5WmHaOiasO916LZps4QmRxivLOcVcxLAMeU=; b=MYDnihEKBCtJFnoL9LeJY2OqkM2E2f+eDfmOTbMAH2xMzC1IJiDZ8l95SoaWF15lElTg2S iBzGyvKNXz5Rs/b1KcK+6Gc/9XKRTK2sbdyI2RzVLApxB8A9gXfikROE20w8f56oDxYyEu BegQU3NP/QnKTqvv6X+5FKXfPi2O2GTIgSkMgnVEVX+CAYgRbyvtGwApFJELCgG1kVU0gV HydDq7b4mls1ZZjnWtSf7G2qmytMcilCqMkpZKDr3oQ6WXk96HS+H4HfBbnQ95zXZrTtRW hktKqn+J0SyoSXE17b1APGVTjHZ+bO0uYV5hozoPlSknUmjMQrAVQTztK+QoqA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487479; a=rsa-sha256; cv=none; b=V61aIz6f75nf4vFpJf08xYsplcnadspbe2Gd1xEGlU3vRB+xFmHTB9DYasbPoHjL/Lnh58 4FPm+r9Vwo27D3rhM3cSYexStlFomil38PxhctkAQqufDCMqSQu3UbinPn9LFTILQEgbXR JtvHrUdXym47VUaKznpxH7ny1AMnhzmHO49xjU27EQ+Pdw/TFUTGnpAosxSRNy/+CYbLf+ 6aKdRbum7p/sFXYljkr/h5+eJZcCum/RZasT3HYH6hDayvrqwrauEgF1sUBFkLqSRjW33q 8qbgJacofO98UFMSqqwQc5LSA5uUsQDh+IcNr93ch37VR0/5kYXb2NurjtVBog== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487479; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pKiyLkTw5WmHaOiasO916LZps4QmRxivLOcVcxLAMeU=; b=UY5+uLpy2J4kl6BE3ttWyE0M1Ay1DjDHNSGYlvOCF6rl64uHmYm5Uv6Ca1DjCnIxnNJzdK 5Rkq8blT9bcojpkGbC3k64S31wr9OIhgQeU64cT0JR+7rBaCRQ5TBT8MSDNpfHPl9nonhm aAid8n03TGSmzVC9H1CqV0LV9CISTuaajXqAuJPsbzJ7gADBBkHj8jhu1ZMbq8H5itZSjX W5vFaFaP0lJCJSr1rWr9NaXgE9nv+y++9sGtZcFl9/ax5534Ye0vE4PpR04eITMZkq6iQW zN2NavaEA9+ws/n/6fAr1/wHPZUpHXnJ2HCO07JgxcTMAiGzwQCzf0dRV1gVKw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5MC4GrbzVBm for ; Thu, 26 Mar 2026 01:11:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 47eb7 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:11:19 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Mariusz Zaborski From: Philip Paeps Subject: git: 48766013063a - releng/15.0 - nvmf: Fix null ptr reference List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: 48766013063a737f063ce9122bd29bdc193456dc Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:11:19 +0000 Message-Id: <69c487b7.47eb7.7abbc603@gitrepo.freebsd.org> The branch releng/15.0 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=48766013063a737f063ce9122bd29bdc193456dc commit 48766013063a737f063ce9122bd29bdc193456dc Author: Mariusz Zaborski AuthorDate: 2026-03-23 14:37:28 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 06:51:29 +0000 nvmf: Fix null ptr reference Approved by: so Security: FreeBSD-SA-26:07.nvmf Security: CVE-2026-4652 Reported by: Nikolay Denev Reviewed by: imp, jhb Differential Revision: https://reviews.freebsd.org/D55863 (cherry picked from commit 09c5bb35425bc70573c007e7f7e82be286677a87) (cherry picked from commit b1d32521747f42aea751d2742d26eb53e81952c6) --- sys/dev/nvmf/controller/nvmft_controller.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/nvmf/controller/nvmft_controller.c b/sys/dev/nvmf/controller/nvmft_controller.c index 390467534ca2..24aa1191b1eb 100644 --- a/sys/dev/nvmf/controller/nvmft_controller.c +++ b/sys/dev/nvmf/controller/nvmft_controller.c @@ -213,7 +213,7 @@ nvmft_handoff_io_queue(struct nvmft_port *np, enum nvmf_trtype trtype, if (ctrlr == NULL) { mtx_unlock(&np->lock); printf("NVMFT: Nonexistent controller %u for I/O queue %u from %.*s\n", - ctrlr->cntlid, qid, (int)sizeof(data->hostnqn), + cntlid, qid, (int)sizeof(data->hostnqn), data->hostnqn); nvmft_connect_invalid_parameters(qp, cmd, true, offsetof(struct nvmf_fabric_connect_data, cntlid)); From nobody Thu Mar 26 01:11:20 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5MD6x8Cz6X3lK for ; Thu, 26 Mar 2026 01:11:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5MD5M68z3FQw for ; Thu, 26 Mar 2026 01:11:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487480; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rHVN7IGv5vBfXQtyGJuo37zSx1iOdzKMKxtGrvsL5X4=; b=NLxoY/L+Om8jbhf7aD+YGsnCAT+woYjeWQXBlFwKtZbWM71Ookrm7vmH49PzUWHpaOtKQN jllG9X7fGyMr7V+LVHKcXP7RXnVxFRsVrO9/e8tNFnw7vMsedwjXpXOlWl9udDS5Qemzb6 OXA6Ok2qbTcV6Ol3bH4sRgwR6hLsCTFZPSox3tZIjf01P7VZ0oso82AhmG6Cqi0D2uOv8X r+imc099JZ2D0wvzYv5x4lt1CnJUQ8VQVb/BVJdlXj9PvXi4IQnr4ToD4/YLRDv0wZg8Xx FNPXvjgAQxZi3lH8fCJO5rgdwaOM/YGCVdd7DbBVgpX6oEbEitL9mU8QNrVCeA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487480; a=rsa-sha256; cv=none; b=m3QGF1bxN0gzqR+9/XxnB+FbSRI/6NKPb09fDOZymIB2opFXnoeGo8BtQiQG1N4wudN+rd aNexHOdEtHPFJnoQ/9B8wPNaOpQydkDTBnw+bGo8g2dyKidTs+PaBEZfVSLG6WXM6nKml5 ET2MNwqe+X5qB2wRgk8Q4iw9iMGmr44qus3SeyXGoh2HL0a696jMZpl8NyNCkwEK0TP/D+ rgckqf4CDobmUU9t3H4CKlJd9lZQRA5Xolh7u4eTxW+VaA0NVNkrUoqcsnEcLTd6KDLbve T327aFhbU2tR0pH4jUBkZG/1ofCuP9IN10jZNbxGRV+g3OHtGlOmlGO57eM9Kw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487480; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rHVN7IGv5vBfXQtyGJuo37zSx1iOdzKMKxtGrvsL5X4=; b=XVo0oMg8w8I7heOmSSgrIg5S/VOhU5D0Qv2g5asbsT6mtqYCPCPPNJ+VwpG30K55y4zKQe 9DgzBQesHPFxaSf5ZhoZPTEHMkC7rxWC3RSvlzph+XK/18Jtwc8fuEL79BLbCIQ9kBL7EJ /5nmwYZ6BDxUuXWDgtXCtG7BPVCZhLctb5hIkSH9rVmkTNW6wyAuDBldm6WsiVE0O1GBZo Hte0CFr3BjIH8tchJPW3Ghb6dHHxj9HFkbdwf+krxOZhillzw8Q03lPtbbKS18W8fJ1BL6 5VjcxJOCyBViTY8mpLJH+kxaVJ6jKIqmGDzOHaas3UgLTlvsyy1WuGcoSziljQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5MD4hxvzVMd for ; Thu, 26 Mar 2026 01:11:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 196b1 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:11:20 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Mark Johnston From: Philip Paeps Subject: git: 4ec1b6213463 - releng/15.0 - rpcsec_gss: Fix a stack overflow in svc_rpc_gss_validate() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: 4ec1b621346337ae97089d85430d8439afe85806 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:11:20 +0000 Message-Id: <69c487b8.196b1.6057ebe0@gitrepo.freebsd.org> The branch releng/15.0 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=4ec1b621346337ae97089d85430d8439afe85806 commit 4ec1b621346337ae97089d85430d8439afe85806 Author: Mark Johnston AuthorDate: 2026-03-24 02:12:42 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 06:51:29 +0000 rpcsec_gss: Fix a stack overflow in svc_rpc_gss_validate() svc_rpc_gss_validate() copies the input message into a stack buffer without ensuring that the buffer is large enough. Sure enough, oa_length may be up to 400 bytes, much larger than the provided space. This enables an unauthenticated user to trigger an overflow and obtain remote code execution. Add a runtime check which verifies that the copy won't overflow. Approved by: so Security: FreeBSD-SA-26:08.rpcsec_gss Security: CVE-2026-4747 Reported by: Nicholas Carlini Reviewed by: rmacklem Fixes: a9148abd9da5d --- lib/librpcsec_gss/svc_rpcsec_gss.c | 9 ++++++++- sys/rpc/rpcsec_gss/svc_rpcsec_gss.c | 10 +++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/librpcsec_gss/svc_rpcsec_gss.c b/lib/librpcsec_gss/svc_rpcsec_gss.c index e9d39a813f86..73b92371e6d0 100644 --- a/lib/librpcsec_gss/svc_rpcsec_gss.c +++ b/lib/librpcsec_gss/svc_rpcsec_gss.c @@ -758,6 +758,14 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, memset(rpchdr, 0, sizeof(rpchdr)); + oa = &msg->rm_call.cb_cred; + + if (oa->oa_length > sizeof(rpchdr) - 8 * BYTES_PER_XDR_UNIT) { + log_debug("auth length %d exceeds maximum", oa->oa_length); + client->cl_state = CLIENT_STALE; + return (FALSE); + } + /* Reconstruct RPC header for signing (from xdr_callmsg). */ buf = rpchdr; IXDR_PUT_LONG(buf, msg->rm_xid); @@ -766,7 +774,6 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, IXDR_PUT_LONG(buf, msg->rm_call.cb_prog); IXDR_PUT_LONG(buf, msg->rm_call.cb_vers); IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); - oa = &msg->rm_call.cb_cred; IXDR_PUT_ENUM(buf, oa->oa_flavor); IXDR_PUT_LONG(buf, oa->oa_length); if (oa->oa_length) { diff --git a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c index 35c904560836..528112d5642a 100644 --- a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c +++ b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c @@ -1170,6 +1170,15 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, memset(rpchdr, 0, sizeof(rpchdr)); + oa = &msg->rm_call.cb_cred; + + if (oa->oa_length > sizeof(rpchdr) - 8 * BYTES_PER_XDR_UNIT) { + rpc_gss_log_debug("auth length %d exceeds maximum", + oa->oa_length); + client->cl_state = CLIENT_STALE; + return (FALSE); + } + /* Reconstruct RPC header for signing (from xdr_callmsg). */ buf = rpchdr; IXDR_PUT_LONG(buf, msg->rm_xid); @@ -1178,7 +1187,6 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, IXDR_PUT_LONG(buf, msg->rm_call.cb_prog); IXDR_PUT_LONG(buf, msg->rm_call.cb_vers); IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); - oa = &msg->rm_call.cb_cred; IXDR_PUT_ENUM(buf, oa->oa_flavor); IXDR_PUT_LONG(buf, oa->oa_length); if (oa->oa_length) { From nobody Thu Mar 26 01:11:21 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5MG0rBgz6X3vL for ; Thu, 26 Mar 2026 01:11:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5MF5zmgz3FJm for ; Thu, 26 Mar 2026 01:11:21 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487481; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ikrq99mOtwhHT11M0d2JZapOrUDVGqNcVX+jlaex55Q=; b=cbpfWygNatVNCJxyH330Yh77pLC2bUkDrycYvuITwfL9Oi+QAp6QX2UBLYw2wkRAk3udVp NHNNDundNS9Sy7MYCUzJCmcTKIe+BPMXL1uZYbPS1ZmRqT5PeKqX8NTuKFP13Jrtei5zVa 7OGEaLCruu3aNn2Met37JmrcWTpiwAMEEInxemFJA//gJ/1p2/N3YYKT2dN9uBH3FRhFg3 P3Sn18sud6XAR4srJELQHUZGK9iqDbrzzGuZ+8fMMmEk0aGqIez+I7cyi9srrL9Sz6fIet GCy1mz262ZV2DagTm3ULPPB/RTliKS3jepDxwWpZo3lu0qinGBYoHzZCpW/3Ow== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487481; a=rsa-sha256; cv=none; b=Rr/Nstotz0cHKTrqfc2svtEl7BVuQbHCeXJnIqn9A2ZfJAAESaVceHN4YnyUD0m48Eu828 4PsBVZLFwZgHfreYDUEcEzAr/2wL/2yMiSktE2hobjQV3IqM/frqkUjOe0uHI0gO5z9vNZ 7dHGY85MYqINad9F+kPbrh0b9uJMMAHJttjwRxTLz/DhZ9pOEWtkQaikREfj+Kl4dsytSj QJySGc8Wdl8xXcdzYA8XzLoFAXHOB96cbaNmn3ueqF9nOvQJqzL8vmpKzU+eLsChh0foGr 8q6wU+YRU1BX78jv3Yi8bxb8oXcwoEpAFVnycE4DGLJ0DhP2oBmO0gtriBcKzA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487481; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ikrq99mOtwhHT11M0d2JZapOrUDVGqNcVX+jlaex55Q=; b=kjTn9/bMGe1Ip/ILj4QuMLEXBaqYj13BBeKPcbUOAu+hVK1Z+X2Cduk+6HkoNy7730+/xa gOaxvFjwV+5R93oFJsu4At6bpED7aqUFRJZYiI3OvGt4i4ddabbDc/Dd1kuFISeGeahYI2 MInlXrlAXIdYCoE4qcNWonNWemLBgUTMSicGgCPtZ8r52kt6EHs4hQAo9WUVrfRfvO8YXh gQd7loa9DV08/zoMNB5aUSUGEzwrs8PU1FGtWAU6usqF8DVOG2dbVy3J8sIh0+7PLIiWWj 4U1gRi+o2ztir0LbCQ8ZMMOqoABel74ksVc7McYzzZh81CzV5qJCW7IBKoWL7g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5MF5KLrzVLP for ; Thu, 26 Mar 2026 01:11:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 471c7 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:11:21 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Michael Gmelin From: Philip Paeps Subject: git: 797bc7cae35f - releng/15.0 - pf: Fix hashing of IP address ranges List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: 797bc7cae35f7e6ec59baba04a951150604e0431 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:11:21 +0000 Message-Id: <69c487b9.471c7.43d0180b@gitrepo.freebsd.org> The branch releng/15.0 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=797bc7cae35f7e6ec59baba04a951150604e0431 commit 797bc7cae35f7e6ec59baba04a951150604e0431 Author: Michael Gmelin AuthorDate: 2026-03-12 14:18:09 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 16:05:34 +0000 pf: Fix hashing of IP address ranges This corrects the false detection of duplicate rules. Approved by: so Security: FreeBSD-SA-26:09.pf Security: CVE-2026-4748 Reviewed by: kp (cherry picked from commit 1fa873c93c8b08561c53107c7b90c53dfad30ddc) (cherry picked from commit 38f8ac568273fde3f41582c6bc01ea4b2c9dc029) --- sys/netpfil/pf/pf_ioctl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 856bbd6cb9cb..f924bde141ad 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1350,6 +1350,7 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, addr.v.tblname); break; case PF_ADDR_ADDRMASK: + case PF_ADDR_RANGE: /* XXX ignore af? */ PF_MD5_UPD(pfr, addr.v.a.addr.addr32); PF_MD5_UPD(pfr, addr.v.a.mask.addr32); From nobody Thu Mar 26 01:11:22 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5MH4Hm8z6X41N for ; Thu, 26 Mar 2026 01:11:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5MG6ZtVz3FTc for ; Thu, 26 Mar 2026 01:11:22 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487482; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Sklz0FvjHcCNJbS/XBQTX8L/9fxvHgMdfCXvFja6tyo=; b=V8IJgDTUJeD1+fOkPhAgX8VDlbjayCqB1f1hglWD+eXpv0LYZHqVy4IAG5ztwehk1G3ohE W3SDU2jaACqNWuAawVdxuPea3eji+mRXZAiQ8d46T5ra3VpDIpy8BXLBmwlN1riqZ9urAn IjHkKQdkQsyz6yhhJ7mFy8FFW8MJs/OUbMOAJN/nvOpHOdErfd6zXQLOAY15Jf7AKpH8i8 liK9aCuOafvMs5ZkOckUBNd9ujG0/KpkOYjqjS2L0BuHY9CThqWzdX1CVkWmmshnLxmKX8 ygrYDSsobk+KEDo/9JFEbRK0R0nIEheCZDeHQ1fs66eJHq8KFjwyBvE2+/JDeA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487482; a=rsa-sha256; cv=none; b=wAqgE6KbN+vyHsbIoDhHs9xR0A3aDI1yEJy7jWLx7mPxbJW0jFkJ2CE3bGTsHYstn8ZvsB zOh4uGuxYU2DKglEp2LbVMvj74Nu5HTd5X5pcsx2Ls3vd47Er6nhcsCDNR5Sf64TiKwGxb Q1KqVsIdNtx/zyNu+t15q8XdN7K7MzpQf32xWU1jAgQoe/Oug57pPHZUvKHHmnzX4F5L6G I3426KjBsEQ9pkEvQkizUpnsHPAzSfPAPTgfjMDLqU/0KzMQNDL+gfHZJncPt8aAhNtDTu w0XVxELbvNDEA17vwEMVDo87E6P+wRnNbKWKgG9CJSajJDSjCGXffRDz9AM6Ew== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487482; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Sklz0FvjHcCNJbS/XBQTX8L/9fxvHgMdfCXvFja6tyo=; b=brwhS1PQK6TvGtn0W/M0gMjjfNBYOoqCtptp14BqLudrZEvdLdFEXS6TU1u3knNjtBkvAw hoZMd0mqV9PKeztPMKR0VQIzIugQ/drIDkoUivcXZy5BA+ng6h9LdssYTNEvstiOAQHE9V VkFMljJVQ4iXAY+nxX33WhmjKyvcrOl/Tz7rtWIr2m94JvgFHLK0AH/wYj1q82udkXczwu RzsnEw3PG6wXZjmqyoR74XJkYVXfhptfrMu0+IZSuNvlC897DhxpDpNJn1lztA4AGawLmX ffO+jgEYbg4BD4ffpRf5X4bryBsnb4rOGmev/u8UlDpH3dcYDD7r4obQ58/b7A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5MG683XzVBq for ; Thu, 26 Mar 2026 01:11:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 471cc by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:11:22 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Kristof Provost From: Philip Paeps Subject: git: b2ed06fb35ca - releng/15.0 - pf tests: verify that we handle address range rules correctly List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: b2ed06fb35ca4ecf8cefb30b8901f5434ab12588 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:11:22 +0000 Message-Id: <69c487ba.471cc.36d6585a@gitrepo.freebsd.org> The branch releng/15.0 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=b2ed06fb35ca4ecf8cefb30b8901f5434ab12588 commit b2ed06fb35ca4ecf8cefb30b8901f5434ab12588 Author: Kristof Provost AuthorDate: 2026-03-12 14:23:32 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 16:06:17 +0000 pf tests: verify that we handle address range rules correctly There's been a problem where rules which differed only in address ranges were considered duplicates and not added. Test for this. Approved by: so Security: FreeBSD-SA-26:09.pf Security: CVE-2026-4748 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit ab74151e8d097b263237942c0b12277098bc9533) (cherry picked from commit 4e007734ff8e56eafb457986074206877b49df6e) --- tests/sys/netpfil/pf/pass_block.sh | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/tests/sys/netpfil/pf/pass_block.sh b/tests/sys/netpfil/pf/pass_block.sh index e955068d014b..f6d973de7cf4 100644 --- a/tests/sys/netpfil/pf/pass_block.sh +++ b/tests/sys/netpfil/pf/pass_block.sh @@ -451,6 +451,43 @@ any_if_cleanup() pft_cleanup } +atf_test_case "addr_range" "cleanup" +addr_range_head() +{ + atf_set descr 'Test rulesets with multiple address ranges' + atf_set require.user root +} + +addr_range_body() +{ + pft_init + + epair=$(vnet_mkepair) + ifconfig ${epair}b 192.0.2.2/24 up + + vnet_mkjail alcatraz ${epair}a + jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up + + # Sanity check + atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1 + + jexec alcatraz pfctl -e + pft_set_rules alcatraz \ + "block" \ + "pass inet from any to 10.100.100.1 - 10.100.100.20" \ + "pass inet from any to 192.0.2.1 - 192.0.2.10" + +jexec alcatraz pfctl -sr -vv + + atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1 +jexec alcatraz pfctl -sr -vv +} + +addr_range_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "enable_disable" @@ -462,4 +499,5 @@ atf_init_test_cases() atf_add_test_case "received_on" atf_add_test_case "optimize_any" atf_add_test_case "any_if" + atf_add_test_case "addr_range" } From nobody Thu Mar 26 01:11:23 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5MJ3j8lz6X41T for ; Thu, 26 Mar 2026 01:11:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5MJ0k1Qz3FTr for ; Thu, 26 Mar 2026 01:11:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487484; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=VuQeJ/0oHYNPQDM858PbVVCwuLIToasbFpjRkfTJdZ0=; b=aVuWx9uDtGDEBw2Kv8aLd2X0TDyIU+QMJKxMfrUZOdMV44R7Wuyt2aBcXikIWX/qu9UVvu GQ9nBjSDwLsVFFU9W3FqJZaB0KHj5crJs5bjuOMeiEBgxv4g4CBzw4tJIR4wz7Fv7flhc/ UiCtT6F51HwX434dUXRElOxe8OSJGiwo5HdRGaaxgoRkdap5a3Zy+GwhBabkfCSR7UbEF6 ymA0WS4bOB04dZLCZFKp7poFNrN9e3kZ8bHsebOfKqQKSbbul0DTzzANfW0AXTvcFAXQOj 27miFh6TsnmtIsrmFA3s8bbOzIicLMQni0Db2tcG/g39ZxYOnzVC2WisxJ3+Wg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487484; a=rsa-sha256; cv=none; b=YGcIBTStNNFvjl5bWx4KZBgiwm0q8YC7ZLTX7OUUWMBGd1ri56AnFmpe0Yp7KIgEi9IaId 7+SfBaVISunsFktwyhvQEqWfUMV3guu95kFLsi4te4ljAYFIBP/EyCr/KmF8284mnThsZe 5ba4Bw9L8Uf5TzjQyb0MiYBTTx08A0FyfFfOSgpXvZU5OhdiP7somsbLdjowLLgLdD6ecn vXkESpM0GXIyTrJaA8/4UeNHWqHKni+nd3ekdZqdSYYE8861O0T/Cqw8R+Cx+PUkP0pfD2 SbaLIyp8lmydFhEp+NWBVmErIU3Obe7Oldn24FbA1Kjgmn0FUhWb7W5F5RO1Uw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487484; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=VuQeJ/0oHYNPQDM858PbVVCwuLIToasbFpjRkfTJdZ0=; b=OSYjF37i8xnedYOc8PCAXw2ochfF/s1MaYTcaxW+nX3Mh4UsrmNtRI+tnTcFH5LUWPYO0P S+SOfiRo3Jy6cu77KcGJadhpOkEyPQzh7G1L/M9xO2igpMbOZsITc7Jbfm+HZ95hR2ccNb 2gQpwRNsRTZ6qeKQwXwgMyGRjAt766hTCgd1uxRh9GKY9keGd5Y5os5MBmCyPR7l6cErNk xOxjMvH7iJKbC+MIf88xYMV+7jC7W3Z1+dlJTUoJ0KF8qZ9zfQ4bP+Pe/7qk4dlmIQHNW6 lXytQ3h+qquY/+5U06cvvRFEcthZPrgyyOFX8lp7ULy/gOn7fSqtj1sMi4Dp9w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5MH6xcZzVBs for ; Thu, 26 Mar 2026 01:11:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 19301 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:11:23 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Kristof Provost From: Philip Paeps Subject: git: d9f9b4268f28 - releng/15.0 - pfctl: always warn if a duplicate rule was detected List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: d9f9b4268f28c5d47fc3726f525a5715eefabc76 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:11:23 +0000 Message-Id: <69c487bb.19301.19d17f23@gitrepo.freebsd.org> The branch releng/15.0 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=d9f9b4268f28c5d47fc3726f525a5715eefabc76 commit d9f9b4268f28c5d47fc3726f525a5715eefabc76 Author: Kristof Provost AuthorDate: 2026-03-12 14:24:42 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 16:06:21 +0000 pfctl: always warn if a duplicate rule was detected Approved by: so Security: FreeBSD-SA-26:09.pf Security: CVE-2026-4748 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 66d66dd0f6f83926980fc1d68dd366c0057350c5) (cherry picked from commit e224b9b867f4e7de959afaa63d56672e13d7c454) --- sbin/pfctl/pfctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index 36bdd9705830..a8a393cf2949 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -2189,13 +2189,13 @@ pfctl_load_rule(struct pfctl *pf, char *path, struct pfctl_rule *r, int depth) } } - if (pf->opts & PF_OPT_VERBOSE) { + if (pf->opts & PF_OPT_VERBOSE || was_present) { INDENT(depth, !(pf->opts & PF_OPT_VERBOSE2)); print_rule(r, name, pf->opts & PF_OPT_VERBOSE2, pf->opts & PF_OPT_NUMERIC); if (was_present) - printf(" -- rule was already present"); + printf(" -- rule was already present\n"); } path[len] = '\0'; pfctl_clear_pool(&r->rdr); From nobody Thu Mar 26 01:11:25 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5MK6997z6X3y2 for ; Thu, 26 Mar 2026 01:11:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5MK1JxKz3Ffq for ; Thu, 26 Mar 2026 01:11:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487485; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4TY6qlXhHbkAAfDtPdphFAALh6sAl/vQ5ZolXvDCqgo=; b=Hp61duCpQVXYFMFN4mdDWzScqd4KIwYuQAYER65XDZT4vY0sFCNmEBpDt4B6yPyD/9KjY0 kycsmXY9aapxcfhTCPOuJJp/PvXgJBkSfwTch60ugPcs/CZE2xwO0BJEvHsSzmVZrk9Dnb CPW24ap/rrYMpOyJbKWjbsxlfZ6/hwa6w9TW0R8WzthBQ1YEoHVXn2YIW1fEtyl64IP/dB 4r16m8TJNoNBm2WGj3xl6iI1Pq+SQmGofzvPs00U5y61wAaW6LabP93xfrrg+osou/8LPf d1EYilk63H2nOID3s0swRpG2lkqJ5SNKSaEKfrd+o9FUCVtaZngbGoRKzta0cg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487485; a=rsa-sha256; cv=none; b=Qem/NLJPHTQUsF+JNZt+S21pNbddU5CzVQ4fN27LhXHS/nUphsy+gFnK00tJy9W+F5tWgm LVHcNEoiqX/UpR+hDEjVeaQ1mpsIjtaCeCmh4lyS33XVB3P3CFMHQ3/sxwsfTzMFp2sv/O nbKIgeRFpLbGqgbiN1c9ZviK+UlL1ZMKTAFmmwTdS9Suf1qNa/ciLRno/dnw92tRkBC095 uk5i+EJ0rvwKtGAtd9CEHsGWVZa0xlS3dP1WxNq+YwXgHOmwmyoi5GMSSCARsz/+ClKOlP nI0isFOTZ26Fs7nvMH/RyNtLST8bff4Mw8IJigTE58lDcESIjlCoVMSrdJ82Jg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487485; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4TY6qlXhHbkAAfDtPdphFAALh6sAl/vQ5ZolXvDCqgo=; b=Fj8kSZNqxXjwg74/AKFT7rtknHMGwOrQ17l0Pi1Z7pRejLb5ypde96SYib/t3307ypK3nJ JkwlqQ5nsrag8TSArqr8G7aRCxsZ3+DiIRhdwtSXYXJyJAwrOYPb+l0GhAI8pVQgoJsA4S 6twFvbqvN+tlbsRo6TZ3sCEcldnaMZC35rlLlKv/4deQ9wgvKYmjnZ0SSw7tMEaTpzXUY1 j6JzemTbWFXfk2PAKjVhdB0HgVC2eNQyc4AmB+VRlIHVEpDCzCtk01bzegLgMtZewHh16y 0qOKe+bFXA2tfhRlqlrA+z1HNfyNDqHxiV8Xn/YS9/tLbiMbRd6iIxvBi//c8g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5MK0dhgzVLT for ; Thu, 26 Mar 2026 01:11:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 18d1c by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:11:25 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Kristof Provost From: Philip Paeps Subject: git: d91cf52e31ac - releng/15.0 - pf: include all elements when hashing rules List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: d91cf52e31ac86f214c17c60a2a18f1b66da55d7 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:11:25 +0000 Message-Id: <69c487bd.18d1c.2d96d7cd@gitrepo.freebsd.org> The branch releng/15.0 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=d91cf52e31ac86f214c17c60a2a18f1b66da55d7 commit d91cf52e31ac86f214c17c60a2a18f1b66da55d7 Author: Kristof Provost AuthorDate: 2026-03-19 07:21:51 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 16:06:26 +0000 pf: include all elements when hashing rules Approved by: so Security: FreeBSD-SA-26:09.pf Security: CVE-2026-4748 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit c6bcf6e6fd507d952a48226b51cc161b8ef972a2) (cherry picked from commit 4311217a039cd6a09882fa7362021a1fb96c4939) --- sys/netpfil/pf/pf_ioctl.c | 102 ++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 93 insertions(+), 9 deletions(-) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index f924bde141ad..749c3a6d3dd7 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1355,6 +1355,13 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, addr.v.a.addr.addr32); PF_MD5_UPD(pfr, addr.v.a.mask.addr32); break; + case PF_ADDR_NONE: + case PF_ADDR_NOROUTE: + case PF_ADDR_URPFFAILED: + /* These do not use any address data. */ + break; + default: + panic("Unknown address type %d", pfr->addr.type); } PF_MD5_UPD(pfr, port[0]); @@ -1363,6 +1370,30 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, port_op); } +static void +pf_hash_pool(MD5_CTX *ctx, struct pf_kpool *pool) +{ + uint16_t x; + int y; + + if (pool->cur) { + PF_MD5_UPD(pool, cur->addr); + PF_MD5_UPD_STR(pool, cur->ifname); + PF_MD5_UPD(pool, cur->af); + } + PF_MD5_UPD(pool, key); + PF_MD5_UPD(pool, counter); + + PF_MD5_UPD(pool, mape.offset); + PF_MD5_UPD(pool, mape.psidlen); + PF_MD5_UPD_HTONS(pool, mape.psid, x); + PF_MD5_UPD_HTONL(pool, tblidx, y); + PF_MD5_UPD_HTONS(pool, proxy_port[0], x); + PF_MD5_UPD_HTONS(pool, proxy_port[1], x); + PF_MD5_UPD(pool, opts); + PF_MD5_UPD(pool, ipv6_nexthop_af); +} + static void pf_hash_rule_rolling(MD5_CTX *ctx, struct pf_krule *rule) { @@ -1373,39 +1404,92 @@ pf_hash_rule_rolling(MD5_CTX *ctx, struct pf_krule *rule) pf_hash_rule_addr(ctx, &rule->dst); for (int i = 0; i < PF_RULE_MAX_LABEL_COUNT; i++) PF_MD5_UPD_STR(rule, label[i]); + PF_MD5_UPD_HTONL(rule, ridentifier, y); PF_MD5_UPD_STR(rule, ifname); PF_MD5_UPD_STR(rule, rcv_ifname); + PF_MD5_UPD_STR(rule, qname); + PF_MD5_UPD_STR(rule, pqname); + PF_MD5_UPD_STR(rule, tagname); PF_MD5_UPD_STR(rule, match_tagname); - PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */ + + PF_MD5_UPD_STR(rule, overload_tblname); + + pf_hash_pool(ctx, &rule->nat); + pf_hash_pool(ctx, &rule->rdr); + pf_hash_pool(ctx, &rule->route); + PF_MD5_UPD_HTONL(rule, pktrate.limit, y); + PF_MD5_UPD_HTONL(rule, pktrate.seconds, y); + PF_MD5_UPD_HTONL(rule, os_fingerprint, y); + + PF_MD5_UPD_HTONL(rule, rtableid, y); + for (int i = 0; i < PFTM_MAX; i++) + PF_MD5_UPD_HTONL(rule, timeout[i], y); + PF_MD5_UPD_HTONL(rule, max_states, y); + PF_MD5_UPD_HTONL(rule, max_src_nodes, y); + PF_MD5_UPD_HTONL(rule, max_src_states, y); + PF_MD5_UPD_HTONL(rule, max_src_conn, y); + PF_MD5_UPD_HTONL(rule, max_src_conn_rate.limit, y); + PF_MD5_UPD_HTONL(rule, max_src_conn_rate.seconds, y); + PF_MD5_UPD_HTONS(rule, max_pkt_size, y); + PF_MD5_UPD_HTONS(rule, qid, x); + PF_MD5_UPD_HTONS(rule, pqid, x); + PF_MD5_UPD_HTONS(rule, dnpipe, x); + PF_MD5_UPD_HTONS(rule, dnrpipe, x); + PF_MD5_UPD_HTONL(rule, free_flags, y); PF_MD5_UPD_HTONL(rule, prob, y); + + PF_MD5_UPD_HTONS(rule, return_icmp, x); + PF_MD5_UPD_HTONS(rule, return_icmp6, x); + PF_MD5_UPD_HTONS(rule, max_mss, x); + PF_MD5_UPD_HTONS(rule, tag, x); /* dup? */ + PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */ + PF_MD5_UPD_HTONS(rule, scrub_flags, x); + + PF_MD5_UPD(rule, uid.op); PF_MD5_UPD_HTONL(rule, uid.uid[0], y); PF_MD5_UPD_HTONL(rule, uid.uid[1], y); - PF_MD5_UPD(rule, uid.op); + PF_MD5_UPD(rule, gid.op); PF_MD5_UPD_HTONL(rule, gid.gid[0], y); PF_MD5_UPD_HTONL(rule, gid.gid[1], y); - PF_MD5_UPD(rule, gid.op); + PF_MD5_UPD_HTONL(rule, rule_flag, y); + PF_MD5_UPD_HTONL(rule, rule_ref, y); PF_MD5_UPD(rule, action); PF_MD5_UPD(rule, direction); - PF_MD5_UPD(rule, af); + PF_MD5_UPD(rule, log); + PF_MD5_UPD(rule, logif); PF_MD5_UPD(rule, quick); PF_MD5_UPD(rule, ifnot); - PF_MD5_UPD(rule, rcvifnot); PF_MD5_UPD(rule, match_tag_not); PF_MD5_UPD(rule, natpass); + PF_MD5_UPD(rule, keep_state); + PF_MD5_UPD(rule, af); PF_MD5_UPD(rule, proto); - PF_MD5_UPD(rule, type); - PF_MD5_UPD(rule, code); + PF_MD5_UPD_HTONS(rule, type, x); + PF_MD5_UPD_HTONS(rule, code, x); PF_MD5_UPD(rule, flags); PF_MD5_UPD(rule, flagset); + PF_MD5_UPD(rule, min_ttl); PF_MD5_UPD(rule, allow_opts); PF_MD5_UPD(rule, rt); + PF_MD5_UPD(rule, return_ttl); PF_MD5_UPD(rule, tos); - PF_MD5_UPD(rule, scrub_flags); - PF_MD5_UPD(rule, min_ttl); PF_MD5_UPD(rule, set_tos); + PF_MD5_UPD(rule, anchor_relative); + PF_MD5_UPD(rule, anchor_wildcard); + + PF_MD5_UPD(rule, flush); + PF_MD5_UPD(rule, prio); + PF_MD5_UPD(rule, set_prio[0]); + PF_MD5_UPD(rule, set_prio[1]); + PF_MD5_UPD(rule, naf); + PF_MD5_UPD(rule, rcvifnot); + + PF_MD5_UPD(rule, divert.addr); + PF_MD5_UPD_HTONS(rule, divert.port, x); + if (rule->anchor != NULL) PF_MD5_UPD_STR(rule, anchor->path); } From nobody Thu Mar 26 01:11:26 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5ML48pqz6X3sf for ; Thu, 26 Mar 2026 01:11:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5ML1wXxz3FgG for ; Thu, 26 Mar 2026 01:11:26 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487486; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ic/bwfhPmfE12VgXQQORgrW5IEPjfnGEo0WoRgE2o0Q=; b=wwlR0WutDp3FmBVuAWRiyfzDvunDD97Arhx/kmBMrCbT1G7ETF5tZZrJaUTgNWRGwmsbW1 SBJL6AJKBtxt+CpHYn2xaXdPEdntNhH51q+rhqyj7M//M7E2NcNwYjpuv+74WWvG10tpWW vzsNAZ01wOMCvolpWCSI+0JNKXnGe4C39YZOI2+V7uzSc6wQpf3mOCKlNJVdk+lGZIgiqP T1xrGjigyTvPassdO/OP0t71RIssR5N4VUBY+IRtyNRe2+V7w+j6TicbX9dDW7uQkrtiDb ExrItPGPJMDlbBDD4zMO4MOn+dz7X8i2SKo6ByzxboMEC/jv8Tj+eBqb43U2VA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487486; a=rsa-sha256; cv=none; b=JXg1wcNIxvvdv2WIxTPuEf4E6fvV74XgI9cwEtEjVDQY4a6BdsR6zcdXuXB8TJ94IGL3al ln0BZVLPBt+9IVmcXjb3MjgeeEXty10hCmN/Yu1I7DBxZfKm/doQf92An46xXFMXiwFfD6 Gvs/Q6EPOZpuM1jL2AX+wT8f/iJd64fJ/GHZriralQnLDDfz5BpB4HFfs0PpcyWnlYJpQF 4kuUjoQPdgbsrKmlLUH9Pi4oezWxq34qzDyQ45ylzGPVOIlQzjMjJmCBDAkFICCnE5y5zb E3cWHC9kHnx3QBBNh8bimwIoYYCxMwtBSU58Mla4POFD39zaUqVPWQJtbSIGdw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487486; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ic/bwfhPmfE12VgXQQORgrW5IEPjfnGEo0WoRgE2o0Q=; b=PUmZtRLk4nbKfRg8oyBSchC4rFtTfxSp254oVHS8CGGiZQzAvEJRhdEJzQaEZRl/fumgtV Xf4dUgRSFgsO/KqkQutiVIEBREKOcsT1i7foOczFnj3rHJGGA7PCI5StTGR1vdsP4WRrsp 5znFpY8bhLOMVab+D5IUkfeaprsaWFlDEceljJR3e/yMQUrdAHBxifih6eT4wjYj+agIXZ 4IITUYd8k7XMhlkzKv4EIrOt922A4HHyO5C0CFxJiopeS76sZp0bI+yaOlCel8Xsu7SqpA vHeMoKUsZw3UoBndKUU8CenVnLo4+ivya6IZWB8vOQGHaE+oIkx5T8aAb4bnBA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5ML1QMkzTtd for ; Thu, 26 Mar 2026 01:11:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1822f by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:11:26 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Philip Paeps Subject: git: 0730d5233286 - releng/15.0 - Add UPDATING entries and bump version List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/15.0 X-Git-Reftype: branch X-Git-Commit: 0730d5233286ff35e9fa83309faa1b2d52fe9a65 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:11:26 +0000 Message-Id: <69c487be.1822f.64f0cc44@gitrepo.freebsd.org> The branch releng/15.0 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=0730d5233286ff35e9fa83309faa1b2d52fe9a65 commit 0730d5233286ff35e9fa83309faa1b2d52fe9a65 Author: Philip Paeps AuthorDate: 2026-03-25 05:59:59 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 16:06:30 +0000 Add UPDATING entries and bump version Approved by: so --- UPDATING | 14 ++++++++++++++ sys/conf/newvers.sh | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/UPDATING b/UPDATING index 6fdc5195e4d6..c70721ba8726 100644 --- a/UPDATING +++ b/UPDATING @@ -12,6 +12,20 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before updating system packages and/or ports. +20260325: + 15.0-RELEASE-p5 SA-26:06.tcp + SA-26:07.nvmf + SA-26:08.rpcsec_gss + SA-26:09.pf + + TCP: remotely exploitable DoS vector (mbuf leak). [SA-26:06.tcp] + + Remote denial of service via null pointer dereference. [SA-26:07.nvmf] + + Remote code execution via RPCSEC_GSS packet validation. [SA-26:08.rpcsec_gss] + + pf silently ignores certain rules. [SA-26:09.pf] + 20260224: 15.0-RELEASE-p4 SA-26:05.route diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 3f0163ecefe2..6044b7921c52 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -51,7 +51,7 @@ TYPE="FreeBSD" REVISION="15.0" -BRANCH="RELEASE-p4" +BRANCH="RELEASE-p5" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi From nobody Thu Mar 26 01:14:55 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5RN23Qzz6X3xh for ; Thu, 26 Mar 2026 01:14:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5RN09YDz3K24 for ; Thu, 26 Mar 2026 01:14:56 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487696; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9n1rq3RRY9r/IQjfHhDFttqK2hIq4bZaPDXCwaq5H/Q=; b=WzQsjblSdy7vL1rhw4tytbc9YWbE1pSC59gZK/YmTBdu7p4v461Nf4yyzvrnyX9Awk9JqA qejWhSCo9ORoSM/Xw6cNfkGMM0lVvUCIrPnGt/vDDX/S//0oSwliZbiVkqzugsZl5hfwQd RHzTvWDg5jlnYe80XqZUFEfAtgb7TV/rC9mr8/pX2uqPhlP3CxZc0mMNu3wN4eQPFhoAer v4FNNPUdK+/UIqwMUsi/LRlKzwO0ptsG8KwHtwX0Y4TWbfK5P2ighZXs3ErXChtiHaGI5c X/EXSkOW+hP8bNvxHPR+XuwSzfV9i/wq1TWKS6jG3krMOTXUHPIkVbHvFXpK5A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487696; a=rsa-sha256; cv=none; b=A9dXba1USXleK2U1qKuOypH0XcEhwA2OMNW47pthj0hZT5HykkNwzPWJQmEnlTi/zRRjDA M+Eh7d5IB1NUjHwjwcn7kYKrb9UfjAESK2DspJei/AuXgTcMY4gQvkSL2PdFff7CgF3eG8 KWZWccldRy5FQfc+OQciINCiw91+2KuiJmnjKs5RtCdsWmHk6ARqpT4055K+R5ua13kDFQ SWupNrcbsK3/Q7AbSthqxI52dPlPEdr3kPDEV4pZQ5CdjeJVNZBwyyC6HkGA7EVo8k2XsW CFBNv6cQnZPdwp8P15kqXZlX6NvbXVlAZ6ktun+iJiIruRiSdP8pMGdi0GFUbg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487696; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9n1rq3RRY9r/IQjfHhDFttqK2hIq4bZaPDXCwaq5H/Q=; b=OcdFm5vWIYu25qZnldMCtIXbcKwdfopGpxG4R6I3hnvlOkUCPmW4C0LSwAZBhAwmd/cOvY K/38Cc3fRdeY3B9imC5nIOKty/VcL2dc+WhYvcFmXmfSQujFTyqth0kmjC7xjN4ZSJDN3V zBhfYW6Llz1EYOQqY4OYlrNo9uAyZkKJ1wLHj/3ydED99gIsMuIZvrX8CMHARTYlaugLSe Lch6itf8Om+n7tmq9TDu+yqnjKxnfxtJE9ww5MkoTEYrDMQ7MTovvYnJnR2aS7AvGqgDl7 lWGi179khHa1dlh5f1Igtk6Wn2X2MtlAa+WaYfUL5dAZBSmzsCaI2aYiEDfTwg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5RM6p2kzVXk for ; Thu, 26 Mar 2026 01:14:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 18ca9 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:14:55 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Mark Johnston From: Philip Paeps Subject: git: 7ea03a4238e8 - releng/14.4 - rpcsec_gss: Fix a stack overflow in svc_rpc_gss_validate() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.4 X-Git-Reftype: branch X-Git-Commit: 7ea03a4238e8bf6b80824cd9a31e219020f4feb1 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:14:55 +0000 Message-Id: <69c4888f.18ca9.17777f2@gitrepo.freebsd.org> The branch releng/14.4 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=7ea03a4238e8bf6b80824cd9a31e219020f4feb1 commit 7ea03a4238e8bf6b80824cd9a31e219020f4feb1 Author: Mark Johnston AuthorDate: 2026-03-24 02:12:42 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 06:54:10 +0000 rpcsec_gss: Fix a stack overflow in svc_rpc_gss_validate() svc_rpc_gss_validate() copies the input message into a stack buffer without ensuring that the buffer is large enough. Sure enough, oa_length may be up to 400 bytes, much larger than the provided space. This enables an unauthenticated user to trigger an overflow and obtain remote code execution. Add a runtime check which verifies that the copy won't overflow. Approved by: so Security: FreeBSD-SA-26:08.rpcsec_gss Security: CVE-2026-4747 Reported by: Nicholas Carlini Reviewed by: rmacklem Fixes: a9148abd9da5d --- lib/librpcsec_gss/svc_rpcsec_gss.c | 9 ++++++++- sys/rpc/rpcsec_gss/svc_rpcsec_gss.c | 10 +++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/librpcsec_gss/svc_rpcsec_gss.c b/lib/librpcsec_gss/svc_rpcsec_gss.c index e9d39a813f86..73b92371e6d0 100644 --- a/lib/librpcsec_gss/svc_rpcsec_gss.c +++ b/lib/librpcsec_gss/svc_rpcsec_gss.c @@ -758,6 +758,14 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, memset(rpchdr, 0, sizeof(rpchdr)); + oa = &msg->rm_call.cb_cred; + + if (oa->oa_length > sizeof(rpchdr) - 8 * BYTES_PER_XDR_UNIT) { + log_debug("auth length %d exceeds maximum", oa->oa_length); + client->cl_state = CLIENT_STALE; + return (FALSE); + } + /* Reconstruct RPC header for signing (from xdr_callmsg). */ buf = rpchdr; IXDR_PUT_LONG(buf, msg->rm_xid); @@ -766,7 +774,6 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, IXDR_PUT_LONG(buf, msg->rm_call.cb_prog); IXDR_PUT_LONG(buf, msg->rm_call.cb_vers); IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); - oa = &msg->rm_call.cb_cred; IXDR_PUT_ENUM(buf, oa->oa_flavor); IXDR_PUT_LONG(buf, oa->oa_length); if (oa->oa_length) { diff --git a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c index 64038240ab37..031e6af5c1b2 100644 --- a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c +++ b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c @@ -1107,6 +1107,15 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, memset(rpchdr, 0, sizeof(rpchdr)); + oa = &msg->rm_call.cb_cred; + + if (oa->oa_length > sizeof(rpchdr) - 8 * BYTES_PER_XDR_UNIT) { + rpc_gss_log_debug("auth length %d exceeds maximum", + oa->oa_length); + client->cl_state = CLIENT_STALE; + return (FALSE); + } + /* Reconstruct RPC header for signing (from xdr_callmsg). */ buf = rpchdr; IXDR_PUT_LONG(buf, msg->rm_xid); @@ -1115,7 +1124,6 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, IXDR_PUT_LONG(buf, msg->rm_call.cb_prog); IXDR_PUT_LONG(buf, msg->rm_call.cb_vers); IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); - oa = &msg->rm_call.cb_cred; IXDR_PUT_ENUM(buf, oa->oa_flavor); IXDR_PUT_LONG(buf, oa->oa_length); if (oa->oa_length) { From nobody Thu Mar 26 01:14:54 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5RS2l1Rz6X4PN for ; Thu, 26 Mar 2026 01:15:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5RL6Rchz3JwT for ; Thu, 26 Mar 2026 01:14:54 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487694; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2OHilYDXFEedoEzBGk8oC5haDTInU+ovD4NDaRDXlx8=; b=MPr3ATkg0pHuRVwKn8uyM5hYYV+k+sBSHPuxc3S9SnRohpbGXF7Xq2DJciV4EurYLbHnE1 9Rkfx3I8fmunz9j8FQvnIRcONnLllkRKcGH4zMTdvIxdVQV8zLW1PWcgH8MAFmSEYylKHv V1/+VdmzoolIxmtJQf8SMIWzGkdpfpxp7LFmVWYM7aoKtIouI0pvku6z35FZTA8fomnuXA Yk/hdJ6zaIILSiqoaAsTkX2lvpUNK3VPfag1kMaS0CUjsffUk8/wDqHBS/wyFh0FAGYq2X YUUjPFC2XZNIVbztBp6Qb5sbAs2POP/40oyogr5RyTRTrk2+ukfAYOeaiGkYDw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487694; a=rsa-sha256; cv=none; b=hHe5j3vbuLH4qRuqHnsHviYCYmO5VT4mu166O1Xwur6YSKstdwrRoIz47nwEJDX1LZ3y8+ KMDBBW/kPPeHmeH/g1RiV6n7RUfUR1f3a94e9Jt7aqkcleHmRf226r/S/ponHrrorgHeZc SdbuzBXQF6XJ98DuRAf/w/J4BB3NV0WNN4B7To99BiXI+NFhgEiYnEWtADg/tYtUtqSws9 pKa6NmlPNDJn86F/kyIl1pxc2wPEmRdoRbL64/oT/DJpeTWU+c26M6NpAxS5NJDbvwzFlI See+ndXhOD95cxNqKkfbbni8Gyq8AA6lkt0N1I/92TLknjCqRgJ4j87SGEf4Rg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487694; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2OHilYDXFEedoEzBGk8oC5haDTInU+ovD4NDaRDXlx8=; b=Un91V/k1r2LCx1SwmWp20V/rixU5QRVA9Mx3iqKgnUHe/6YsS7kadMEqDmyyh04P1obe8m v4hA4GoOLkIIhDc3zO2r7SOf14c+3pkyoHJD/3LAxWhBYx3yv8ZI+3e7pEZhuU/OjJ/Tp2 uOkM/3d3Z0qZOtC32nHSZelo/Ia8uIQ4eHCJWK47Gi8eclcXq+llM/A3qecWqvn2/wCyhc 7ENes5OHl5sst9h8xqGWrW/CuIUiHtiirFXZdKq997U/Jhvoa1ApqSRtEgk9JA2WjyykeI AFw1m7iNZ8JcC4zLiu+ZQA5oXwazkLats6ML4V9fej0nnvkBq5pXsiHZyCodHw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5RL5ygdzTvR for ; Thu, 26 Mar 2026 01:14:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 472dd by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:14:54 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Michael Tuexen From: Philip Paeps Subject: git: 44dd8b58394b - releng/14.4 - tcp: plug an mbuf leak List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.4 X-Git-Reftype: branch X-Git-Commit: 44dd8b58394b8a3bcfa68f9aba1a4a0780c85145 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:14:54 +0000 Message-Id: <69c4888e.472dd.26604451@gitrepo.freebsd.org> The branch releng/14.4 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=44dd8b58394b8a3bcfa68f9aba1a4a0780c85145 commit 44dd8b58394b8a3bcfa68f9aba1a4a0780c85145 Author: Michael Tuexen AuthorDate: 2026-03-25 05:53:56 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 06:53:41 +0000 tcp: plug an mbuf leak When a challenge ACK should be sent via tcp_send_challenge_ack(), but the rate limiter suppresses the sending, free the mbuf chain. The caller of tcp_send_challenge_ack() expects this similar to the callers of tcp_respond(). Approved by: so Security: FreeBSD-SA-26:06.tcp Security: CVE-2026-4247 Reviewed by: lstewart Tested by: lstewart Sponsored by: Netflix, Inc. --- sys/netinet/tcp_subr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 81b378f496c9..32c30dc4d067 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -2276,6 +2276,8 @@ tcp_send_challenge_ack(struct tcpcb *tp, struct tcphdr *th, struct mbuf *m) tcp_respond(tp, mtod(m, void *), th, m, tp->rcv_nxt, tp->snd_nxt, TH_ACK); tp->last_ack_sent = tp->rcv_nxt; + } else { + m_freem(m); } } From nobody Thu Mar 26 01:14:57 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5RP3SlRz6X4M9 for ; Thu, 26 Mar 2026 01:14:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5RP0qp5z3K3x for ; Thu, 26 Mar 2026 01:14:57 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487697; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FKC9CEqmo4AU5HwEJiJnMmJUbb27rc/7U5NgmNhQdv0=; b=TIgBzqW/5VhWLnkqCdO33BHJJa3UlvGihrUt5zlRJNMBokLEErkwAeg9O+t34l8zpzMzIv kS95cYEeXNvEJ7Olia5fZyOa2/774ZtbJiqRhoVgfT1aTHt5far4St7CSBhs2haDkMDEM8 aN6apKtW6rtGmlG4ymKuureeILvZO04nSFODcsbjw79Z64OfIq7f+Td8ryZCLxjRrp5eq0 FyJdBpLPqgOjwYF1RSjDQw+sfX/urO3KwJ+0oshNUlFvduauHocnPfce3GArjht3s9/jpD VqtWo1jBed3KrclX1gwE7po2Vu4N5AXnt18yk5dLbOtBQcDkaOl5HIOvrbSXaA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487697; a=rsa-sha256; cv=none; b=u4sqf+FSPmv62p+8EJouZ5k8KwWnGJdpXWklsWcvRloQA3go6XRqrt9R8g6etEDn6CeKHp mKLdh7UStConAyNaPSOOucE7Ymr3WgaHiaj3iZ+NPXrzgswheu+6P60xlpYUb/WsL5hGEm haIdK4e4Uf7xOXyEtdOUu1njiNKq5FWszyJAmYxvmLi1zyZ+B8IZQ0Mue+w21LJ0wp64z5 MkKibAn6Lg+nzYy3z6WAXNv0gBRlZ/yrCTKZR3/SJoQK5dznSMRW7AtBH9W9N2DOKPeotH y6JNYaCYEteesp4kwGZX+YuZc2LCy7vZz9Fl80N/FP3vmBG/4UvL3Kd+THa04w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487697; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FKC9CEqmo4AU5HwEJiJnMmJUbb27rc/7U5NgmNhQdv0=; b=nNgsDbCBbSP2f8d4zYVLFx4DPU+PkyaFbWoHVbVUDhTN9lYSK13/E9+1JI9BeOsXii8NeH olrAmD/R5r6F3xcuR2aDJ6soDv8IE0DOHwfxDWqIUvUzXBS9qqILLv15Na9QOQpwndjKXo V+2DwIoVevNLkPaZ2PCOk2nSeoAwEveDlnmPnBPqRMn9RKbKNtqsdSfdj5Hut0BocCXE2d qoYTz94Ap02zVKqf7d7MpjfnBeGMI9hHNny2SsY5RYm6vbRIZ/RPnCYhnuahL/FbL2Jhci DcYlIdGMdcsD6QCvVg8HS9Tj3pXpOXbxEK7geEuBWqxDhazamuwslkaFInWDjA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5RP08xrzVXh for ; Thu, 26 Mar 2026 01:14:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 18f94 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:14:57 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Michael Gmelin From: Philip Paeps Subject: git: 4708ee4543c6 - releng/14.4 - pf: Fix hashing of IP address ranges List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.4 X-Git-Reftype: branch X-Git-Commit: 4708ee4543c6e5fedcfe77d273a5d5de1b58779d Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:14:57 +0000 Message-Id: <69c48891.18f94.2433ec52@gitrepo.freebsd.org> The branch releng/14.4 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=4708ee4543c6e5fedcfe77d273a5d5de1b58779d commit 4708ee4543c6e5fedcfe77d273a5d5de1b58779d Author: Michael Gmelin AuthorDate: 2026-03-12 14:18:09 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 16:10:16 +0000 pf: Fix hashing of IP address ranges This corrects the false detection of duplicate rules. Approved by: so Security: FreeBSD-SA:26:09.pf Security: CVE-2026-4748 Reviewed by: kp (cherry picked from commit 1fa873c93c8b08561c53107c7b90c53dfad30ddc) (cherry picked from commit ac6bb58a715eaf0afb7a80dc87083f9819e10ac1) --- sys/netpfil/pf/pf_ioctl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 663612305f1f..1fff0667aa1a 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1264,6 +1264,7 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, addr.v.tblname); break; case PF_ADDR_ADDRMASK: + case PF_ADDR_RANGE: /* XXX ignore af? */ PF_MD5_UPD(pfr, addr.v.a.addr.addr32); PF_MD5_UPD(pfr, addr.v.a.mask.addr32); From nobody Thu Mar 26 01:14:59 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5RR5hfnz6X47h for ; Thu, 26 Mar 2026 01:14:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5RR1zFKz3Jp0 for ; Thu, 26 Mar 2026 01:14:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487699; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hrh4fbkmdrRCN+43RTIZBnNXeoQ65H/p9js3Vga8I98=; b=T3siq3al/badKF7KVrolQNDq2bSXPt5CrJHcNSGXn6+KldXVZMEYdN964xsOcCycx6rCIq ztcZWjUp7X26sr+t+klEaGlubMCJijGpXfOUos66kwCwvn6DKlahtzqer335mDv2svgmbx 1oSQAJ3bZNmesGC4bgB9J8dw0jaVqRTHD3ZLqCkOTx+z/zWIeuWruYyu+BXR5S8XHEuEq6 /pEBIjLNSMb6speTZ5qNZlrUZ5lIuQFuGrtr3o0VUGvbFT0vLsnkL0vdqnCxU3LqFFILwc 335p8W+prxFvgeGzbM0DOCNM5LM3Tai9OwOHSetQtLLGAbZ1ZuztQ9WzBwFgyQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487699; a=rsa-sha256; cv=none; b=p6bX6aYgFvjvv8Hj1Ms3A6NMQevkqxHyusGkw+jW7unqC40eJJAYtppAtVANqogJTLMPSo Gooe5QzG672KOhStqPuVxiVK6woFGjjCD/cL/5mKy4vc9HniR/nWr2FjmJ9tB01+HVLjws 5xvOJE+nkO1MeBvPgtgubXwBsylh8c2v1dFfyU/0F+nkSHnnNJfA6BcowuY7oRDhL0w123 Vxy4MnR3dWAPNs3zv5KkU1b3pOMJVi3hrIvKrWNvMHMPCLNjIU4cZvAObZw1V3MspgBdW8 Ys0NklQUcx5q/VQ9JsAk8n9qhE01ZQx6PNVzHFNK3rlGBz/QCCjYRy+/GodA4Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487699; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hrh4fbkmdrRCN+43RTIZBnNXeoQ65H/p9js3Vga8I98=; b=bey/blRNb7i79waFXTfMSwlmDJKiWUL8kVUkzLtWOLOdkO27caeo8eCm+4eWJRI5auCF3y FWUdDyAFM0BWTkG6rrqNrras5p52RKlDyyEvSYVZk6Asi+izTgR1TFq5E2H/NUeZ5Qf4gR 0p53/HIP/pksagobY30RfjVFRINdXFe1pOYCC8fN6tqoVurrIcxEMOhQccKNRyZcI4MM1z j6sFMZbUFVbMmuUcLpGPZL1kFWYmIMiZ9TMAls4gaQxaR1eu1KJ9Cn35JCQnMHMtIufpf+ xRRfMgTfcYZiyl1vcDvaU0EBx9iB+Rd23LcVWUemsbfeuWf5Hxm1kJxwoA1ZEA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5RR1b1lzVDW for ; Thu, 26 Mar 2026 01:14:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 18d98 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:14:59 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Kristof Provost From: Philip Paeps Subject: git: a429dbb47ff6 - releng/14.4 - pfctl: always warn if a duplicate rule was detected List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.4 X-Git-Reftype: branch X-Git-Commit: a429dbb47ff638934ab5f9768af13165e6ca2dc0 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:14:59 +0000 Message-Id: <69c48893.18d98.456a5d26@gitrepo.freebsd.org> The branch releng/14.4 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=a429dbb47ff638934ab5f9768af13165e6ca2dc0 commit a429dbb47ff638934ab5f9768af13165e6ca2dc0 Author: Kristof Provost AuthorDate: 2026-03-12 14:24:42 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 16:11:03 +0000 pfctl: always warn if a duplicate rule was detected Approved by: so Security: FreeBSD-SA:26:09.pf Security: CVE-2026-4748 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 66d66dd0f6f83926980fc1d68dd366c0057350c5) (cherry picked from commit e79818ec36efafc994d8c5a912dcb94986c038c5) --- sbin/pfctl/pfctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index d6bb0ae7f46f..518b32085565 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -2043,13 +2043,13 @@ pfctl_load_rule(struct pfctl *pf, char *path, struct pfctl_rule *r, int depth) } } - if (pf->opts & PF_OPT_VERBOSE) { + if (pf->opts & PF_OPT_VERBOSE || was_present) { INDENT(depth, !(pf->opts & PF_OPT_VERBOSE2)); print_rule(r, name, pf->opts & PF_OPT_VERBOSE2, pf->opts & PF_OPT_NUMERIC); if (was_present) - printf(" -- rule was already present"); + printf(" -- rule was already present\n"); } path[len] = '\0'; pfctl_clear_pool(&r->rpool); From nobody Thu Mar 26 01:14:58 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5RQ5RSkz6X47g for ; Thu, 26 Mar 2026 01:14:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5RQ1P3zz3JlP for ; Thu, 26 Mar 2026 01:14:58 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487698; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=W/YWOmN/vLkZUfgl/yp2UP1lBmb0ikbSr2ArBkSf0VE=; b=scF6Nf6iS4CKQ+wcQTmTlyEAedGhfeEj9yXVgE2SaqUNr0yA+XmSwieF2QbK8jl9EEYG5c 3APTxmRKaxv92OZwCmacoyeINsIyn7EOs/aWyamzHcPjT6ixm1R4cEoO2arYWLrmU7RoWT fl84gwyJr/9J9BsDJf/Z94TQnyZUAjIB6zlaq7JbuQrzL4+8pLHJw+6zrI/RQa3bIxSRDS wG9/0HD5LZaMDdkjo84/oiCOHpYvgydgHGdObIKXpPZIeT8X7/jBx4K4+a0jwJy18yBCG7 QgnG6JQslZTK3ZGCy7zMkq3oxExQWMlK7yzk3+7bbmo4F4Z/2Fk1BzvEIxOrNw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487698; a=rsa-sha256; cv=none; b=xq/+P5wuUe+E5srPR7nBusW1M93+xawyA0WJ6R4xjieejLoXpEHIxyISRJOwPq9d5xh8wU ZY5NrE9MDm4wJYBsNdnPU1FvfQw0zUDByhxFT9w0J6GdaXsaZIoYV6DKehNS1ILqyEus3N 4CqiyaORd+x34vSZBGz/g7bkHKEbgeI/eiGieNsGz2kUgsZy9SkD9xlAxJRUVAASsiAUmh 5DApkVjjty9OmWjDeo/I///8Ij66bSqFKM+8t2hlFS9SARQgnORJS2dlpolscUfxdFlQOw 28zNpr8QyaTcBv0fxDj3yjthMNQPv+Jl2qLSXsc5s2k+dHB4cIpomBeXq54h6Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487698; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=W/YWOmN/vLkZUfgl/yp2UP1lBmb0ikbSr2ArBkSf0VE=; b=SASE9M1WHyUGA9+zsRzY8+7YucrINl4ejimluD9kEhjIxsyK3tx4kjH7Ir2J8RA9Ov9xOj Ma27jvl9xDhYZeHmJ8F7hCLoxhwP0yD2KFcV++4CLK7jshnJvJGoaIbUd+C+Ipcnsc6m0c 18ps/wtmEGd2RruTYMHWbLu6EIN4NMVDGObsuN8Hl3vpqDKOuuxTPi4esJ1rC1tE9Z7Y3L gN01NIzz9RUC0GsaEQDN81vJ9Xnd06ftbVfI8hL7aBfURniNg9NLQNmE5pyYFjvq+bL1c+ A9xVFkT/bb2ei8Ddq8X+BfgLj+psY2bvBXLHXpZCZhypCCWhIzZLPbPNOgvJYA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5RQ0bpzzVXm for ; Thu, 26 Mar 2026 01:14:58 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 193af by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:14:58 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Kristof Provost From: Philip Paeps Subject: git: 984b570b4953 - releng/14.4 - pf tests: verify that we handle address range rules correctly List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.4 X-Git-Reftype: branch X-Git-Commit: 984b570b4953c6b01083edb94a2eb4e0c5af572e Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:14:58 +0000 Message-Id: <69c48892.193af.53187397@gitrepo.freebsd.org> The branch releng/14.4 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=984b570b4953c6b01083edb94a2eb4e0c5af572e commit 984b570b4953c6b01083edb94a2eb4e0c5af572e Author: Kristof Provost AuthorDate: 2026-03-12 14:23:32 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 16:10:59 +0000 pf tests: verify that we handle address range rules correctly There's been a problem where rules which differed only in address ranges were considered duplicates and not added. Test for this. Approved by: so Security: FreeBSD-SA:26:09.pf Security: CVE-2026-4748 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit ab74151e8d097b263237942c0b12277098bc9533) (cherry picked from commit 958dbc87e9c59a2e9f83d84115ce03fb96e9b249) --- tests/sys/netpfil/pf/pass_block.sh | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/tests/sys/netpfil/pf/pass_block.sh b/tests/sys/netpfil/pf/pass_block.sh index 792b73b4a0a5..b91ba7f9ee68 100644 --- a/tests/sys/netpfil/pf/pass_block.sh +++ b/tests/sys/netpfil/pf/pass_block.sh @@ -255,6 +255,43 @@ urpf_cleanup() pft_cleanup } +atf_test_case "addr_range" "cleanup" +addr_range_head() +{ + atf_set descr 'Test rulesets with multiple address ranges' + atf_set require.user root +} + +addr_range_body() +{ + pft_init + + epair=$(vnet_mkepair) + ifconfig ${epair}b 192.0.2.2/24 up + + vnet_mkjail alcatraz ${epair}a + jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up + + # Sanity check + atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1 + + jexec alcatraz pfctl -e + pft_set_rules alcatraz \ + "block" \ + "pass inet from any to 10.100.100.1 - 10.100.100.20" \ + "pass inet from any to 192.0.2.1 - 192.0.2.10" + +jexec alcatraz pfctl -sr -vv + + atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1 +jexec alcatraz pfctl -sr -vv +} + +addr_range_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "v4" @@ -262,4 +299,5 @@ atf_init_test_cases() atf_add_test_case "noalias" atf_add_test_case "nested_inline" atf_add_test_case "urpf" + atf_add_test_case "addr_range" } From nobody Thu Mar 26 01:15:00 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5RT00cwz6X4Hb for ; Thu, 26 Mar 2026 01:15:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5RS3854z3JwZ for ; Thu, 26 Mar 2026 01:15:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487700; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OQQSdTtV+1W9VXeU0pMe2VItcURXmXXMjJ4NQINRL9k=; b=WwU7kcqU+kRjJvfVY62YDQFUkrmtKcz+yJ8H3BiDIJhGCdZSq0W5M7AECyjnPwRlkEQrSI 3yGard4wwJ3Ip83Nda/lCPd8Tl05chLi+Nb3R0BTILBCy3rGwbJHlMg/3vvYCeFDoXfHHU QRl3y5Lwd8oVzVysaM0OWsSpgCq4ln+lzCj0kreNEDNrpkOvI36kaxL5q+U1fUgmEj5S9p 9N3MNFv6rTB3a5sEuh/9sCVfeKkTyQKbEY4VIJZPGL71XpDarZWz/3nc2OrkBHcjs6i86v KCT3LFllIZj0/jh6CCAu9kLSp4qh0cwEAE+SI0U9bgYrJnyqXXs9lPNCZEh4fQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487700; a=rsa-sha256; cv=none; b=npOv5hJUjgD5tAyvMaIlqphwEiyeSbAKYYAAV0jE1h24lXPee8/bMUS9EHavX8gzNNGCBl 106bHgMXrrwoHuftIw/Lp8DUUEXP68F4R4ndWOwN4wIKTIoC9P8AqWDHQNClXTxa4Nl/Hk 2pbK3TAUzme7kX59c3SyWkDMhMmL2kGx772Vu1VorfZ26UymcIb4I5uqGbWHuIwZrGxzF3 Y+mOTo5Z9WliR2tnbMM9RJ8UcVgdAoiDjckfkDff8+3Qzcwp8lx2R4ghg5jlPwhwkBYjsN 0eQdFDhV+wjmijg7hPgkasqX2sCrhAEjKBACecZU2737E+TYotoSLbmIVSEDxg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487700; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OQQSdTtV+1W9VXeU0pMe2VItcURXmXXMjJ4NQINRL9k=; b=oHPngRJPg5JqXXt7P7WF0112mbTxkuaeRfZwGsnX4Wd9Mlyo5PbLqlCrU8YGWjIQtJ4elo rLWlgzEROZ3UpIVP1dDJ6L8LWUFtXDKH4NxNS8eA9CDZiKGdls6ZxPqv0LqFjES+yu9UlP LvE0ZQ5a3vmVQW/w5iWSYCavUfxCBWyiL4bogG1E4E/tZlTI6j/+65OeNJwg5gDTnNUBtX ArX8F80ra2bNu/Cd145aG3HYlQFLbhh2QVuct0hWo9HqUsHhMc3Wq8XKv3T9pGUcSRN2l/ MUI6BHM0/FoCQPWpM/sxmD8+/P6cMKKapb02KXtUdTkq8YbAAm0uAlXCUG6iug== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5RS2G5YzVMg for ; Thu, 26 Mar 2026 01:15:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 181c6 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:15:00 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Kristof Provost From: Philip Paeps Subject: git: b6865bca4ba5 - releng/14.4 - pf: include all elements when hashing rules List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.4 X-Git-Reftype: branch X-Git-Commit: b6865bca4ba546155740a5047ff79a6515b5805b Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:15:00 +0000 Message-Id: <69c48894.181c6.29857380@gitrepo.freebsd.org> The branch releng/14.4 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=b6865bca4ba546155740a5047ff79a6515b5805b commit b6865bca4ba546155740a5047ff79a6515b5805b Author: Kristof Provost AuthorDate: 2026-03-19 07:21:51 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 16:11:07 +0000 pf: include all elements when hashing rules Approved by: so Security: FreeBSD-SA:26:09.pf Security: CVE-2026-4748 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit c6bcf6e6fd507d952a48226b51cc161b8ef972a2) (cherry picked from commit e3b801edded92c1ccef67f9aef8653e996493460) --- sys/netpfil/pf/pf_ioctl.c | 91 ++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 83 insertions(+), 8 deletions(-) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 1fff0667aa1a..5617207d28f9 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1269,6 +1269,12 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, addr.v.a.addr.addr32); PF_MD5_UPD(pfr, addr.v.a.mask.addr32); break; + case PF_ADDR_NOROUTE: + case PF_ADDR_URPFFAILED: + /* These do not use any address data. */ + break; + default: + panic("Unknown address type %d", pfr->addr.type); } PF_MD5_UPD(pfr, port[0]); @@ -1277,6 +1283,28 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, port_op); } +static void +pf_hash_pool(MD5_CTX *ctx, struct pf_kpool *pool) +{ + uint16_t x; + int y; + + if (pool->cur) { + PF_MD5_UPD(pool, cur->addr); + PF_MD5_UPD_STR(pool, cur->ifname); + } + PF_MD5_UPD(pool, key); + PF_MD5_UPD(pool, counter); + + PF_MD5_UPD(pool, mape.offset); + PF_MD5_UPD(pool, mape.psidlen); + PF_MD5_UPD_HTONS(pool, mape.psid, x); + PF_MD5_UPD_HTONL(pool, tblidx, y); + PF_MD5_UPD_HTONS(pool, proxy_port[0], x); + PF_MD5_UPD_HTONS(pool, proxy_port[1], x); + PF_MD5_UPD(pool, opts); +} + static void pf_hash_rule_rolling(MD5_CTX *ctx, struct pf_krule *rule) { @@ -1287,37 +1315,84 @@ pf_hash_rule_rolling(MD5_CTX *ctx, struct pf_krule *rule) pf_hash_rule_addr(ctx, &rule->dst); for (int i = 0; i < PF_RULE_MAX_LABEL_COUNT; i++) PF_MD5_UPD_STR(rule, label[i]); + PF_MD5_UPD_HTONL(rule, ridentifier, y); PF_MD5_UPD_STR(rule, ifname); + PF_MD5_UPD_STR(rule, qname); + PF_MD5_UPD_STR(rule, pqname); + PF_MD5_UPD_STR(rule, tagname); PF_MD5_UPD_STR(rule, match_tagname); - PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */ + + PF_MD5_UPD_STR(rule, overload_tblname); + + pf_hash_pool(ctx, &rule->rpool); + PF_MD5_UPD_HTONL(rule, os_fingerprint, y); + + PF_MD5_UPD_HTONL(rule, rtableid, y); + for (int i = 0; i < PFTM_MAX; i++) + PF_MD5_UPD_HTONL(rule, timeout[i], y); + PF_MD5_UPD_HTONL(rule, max_states, y); + PF_MD5_UPD_HTONL(rule, max_src_nodes, y); + PF_MD5_UPD_HTONL(rule, max_src_states, y); + PF_MD5_UPD_HTONL(rule, max_src_conn, y); + PF_MD5_UPD_HTONL(rule, max_src_conn_rate.limit, y); + PF_MD5_UPD_HTONL(rule, max_src_conn_rate.seconds, y); + PF_MD5_UPD_HTONS(rule, qid, x); + PF_MD5_UPD_HTONS(rule, pqid, x); + PF_MD5_UPD_HTONS(rule, dnpipe, x); + PF_MD5_UPD_HTONS(rule, dnrpipe, x); + PF_MD5_UPD_HTONL(rule, free_flags, y); PF_MD5_UPD_HTONL(rule, prob, y); + + PF_MD5_UPD_HTONS(rule, return_icmp, x); + PF_MD5_UPD_HTONS(rule, return_icmp6, x); + PF_MD5_UPD_HTONS(rule, max_mss, x); + PF_MD5_UPD_HTONS(rule, tag, x); /* dup? */ + PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */ + PF_MD5_UPD_HTONS(rule, scrub_flags, x); + + PF_MD5_UPD(rule, uid.op); PF_MD5_UPD_HTONL(rule, uid.uid[0], y); PF_MD5_UPD_HTONL(rule, uid.uid[1], y); - PF_MD5_UPD(rule, uid.op); + PF_MD5_UPD(rule, gid.op); PF_MD5_UPD_HTONL(rule, gid.gid[0], y); PF_MD5_UPD_HTONL(rule, gid.gid[1], y); - PF_MD5_UPD(rule, gid.op); + PF_MD5_UPD_HTONL(rule, rule_flag, y); + PF_MD5_UPD_HTONL(rule, rule_ref, y); PF_MD5_UPD(rule, action); PF_MD5_UPD(rule, direction); - PF_MD5_UPD(rule, af); + PF_MD5_UPD(rule, log); + PF_MD5_UPD(rule, logif); PF_MD5_UPD(rule, quick); PF_MD5_UPD(rule, ifnot); PF_MD5_UPD(rule, match_tag_not); PF_MD5_UPD(rule, natpass); + PF_MD5_UPD(rule, keep_state); + PF_MD5_UPD(rule, af); PF_MD5_UPD(rule, proto); - PF_MD5_UPD(rule, type); - PF_MD5_UPD(rule, code); + PF_MD5_UPD_HTONS(rule, type, x); + PF_MD5_UPD_HTONS(rule, code, x); PF_MD5_UPD(rule, flags); PF_MD5_UPD(rule, flagset); + PF_MD5_UPD(rule, min_ttl); PF_MD5_UPD(rule, allow_opts); PF_MD5_UPD(rule, rt); + PF_MD5_UPD(rule, return_ttl); PF_MD5_UPD(rule, tos); - PF_MD5_UPD(rule, scrub_flags); - PF_MD5_UPD(rule, min_ttl); PF_MD5_UPD(rule, set_tos); + PF_MD5_UPD(rule, anchor_relative); + PF_MD5_UPD(rule, anchor_wildcard); + + PF_MD5_UPD(rule, flush); + PF_MD5_UPD(rule, prio); + PF_MD5_UPD(rule, set_prio[0]); + PF_MD5_UPD(rule, set_prio[1]); + + PF_MD5_UPD(rule, divert.addr); + PF_MD5_UPD_HTONS(rule, divert.port, x); + if (rule->anchor != NULL) PF_MD5_UPD_STR(rule, anchor->path); } From nobody Thu Mar 26 01:15:01 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5RT5gGWz6X4K9 for ; Thu, 26 Mar 2026 01:15:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5RT3bzKz3K40 for ; Thu, 26 Mar 2026 01:15:01 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487701; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PEyDJk3DPE/vBTTtWJpG+rR550+yDXLkMyR88INRHys=; b=YX0WB+ZPzSSyguKOwg5pCLbdlgTAvy391vIl6WbPNvOksm7o8r5pG7W6ue6EFPwQ4Tfc5J OkNUohZxzDcwl4XpT8G7VtNh1hCGiJ8jr2M+zhkH1PJSLCcMZaGXzIEuPfY81CkZQyPS24 XU4cs58pAakQ0uTJ+jjG9lWVKxoWXyaKD8dCGTx5Y4dCmdhfTFB4qf8y46RU8hmVZBwRCW AIw1MQ0wzhs8v86ipDEQaQddMMUYGpONYMloqYzetwQMnL4AVCy8XukL1jFIpYAkSjUQ1C EUUtpR7BzQu/b/YjO92Uq5gmdSXW+ZYbFQ+pmaHRQ0aJRWJRTh9WWD256yeiJg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487701; a=rsa-sha256; cv=none; b=YAs8pgHGZAXcqlJ8KspEQ862Sqmn3CmKI01QaNHa3eRmLBea/Qi54CVQMi4ZOUP6k+4h/c dToiidEP4n/ENNCkz0kovnYLqy9j5155iRNWImYdVM/Wy7EbZxPiDH50xqsDrbVS0xdytI KV+jRE3y4XlA4MsoNtV2lraSJFZ/jYo1szgCzJw+NphF9pk3fHho5Di+AK+eEEISEeBb9P DT74mN/+Ey7tV/G1nZ9skD4QhZOLZVvpv2A0qB62Got98AnlOufKsp2kHLVE5gVhg+wIOK QFhvYGb0lVgAIIrV37siorR0E9FvByApsZs1q2islXtiEOgMl1INyeH+d5faFA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487701; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PEyDJk3DPE/vBTTtWJpG+rR550+yDXLkMyR88INRHys=; b=rauDE1DPz692BkXTbv9yT5yZh3iiJz7ny32wfKAKG60oLpAg+wBr1JvSIsQx3lefWWO3fh 59y9lDC4X8OdaQcRrVWujOnHq0SndvhBBCfCUopHSLMRovpOyrdjZwJr0kvUBq2vAxUM5T PNyt6JQVzzDllKWDVvI2mY2Feqapide7I5GTw9qZQwHvVz0hhJeGvfUqOUdhdvtXLAeXJE Rjj2dGHX8iUPiLeiyZLT2O53XUE2QFUYJihGe3ER0nqYinkFGBqkBppISf8bRjtkLBsYpJ yalCYGgmsxIht7S3WjDvmdEoQzWKmdtYTzIc04Cas5htohjN3k4IMIU3N85PVw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5RT331GzVXq for ; Thu, 26 Mar 2026 01:15:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 18d9d by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:15:01 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Philip Paeps Subject: git: a5812c77639b - releng/14.4 - Add UPDATING entries and bump version List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.4 X-Git-Reftype: branch X-Git-Commit: a5812c77639bde4b460db04e8050b09281dd7835 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:15:01 +0000 Message-Id: <69c48895.18d9d.53989773@gitrepo.freebsd.org> The branch releng/14.4 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=a5812c77639bde4b460db04e8050b09281dd7835 commit a5812c77639bde4b460db04e8050b09281dd7835 Author: Philip Paeps AuthorDate: 2026-03-25 06:05:40 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 16:11:11 +0000 Add UPDATING entries and bump version Approved by: so --- UPDATING | 11 +++++++++++ sys/conf/newvers.sh | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/UPDATING b/UPDATING index 42f8d9788aad..37cb107c7947 100644 --- a/UPDATING +++ b/UPDATING @@ -12,6 +12,17 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before updating system packages and/or ports. +20260325: + 14.4-RELEASE-p1 SA-26:06.tcp + SA-26:08.rpcsec_gss + SA-26:09.pf + + TCP: remotely exploitable DoS vector (mbuf leak). [SA-26:06.tcp] + + Remote code execution via RPCSEC_GSS packet validation. [SA-26:08.rpcsec_gss] + + pf silently ignores certain rules. [SA-26:09.pf] + 20260310: 14.4-RELEASE. diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index ba11232e7c54..329e4ac3875f 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -53,7 +53,7 @@ TYPE="FreeBSD" REVISION="14.4" -BRANCH="RELEASE" +BRANCH="RELEASE-p1" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi From nobody Thu Mar 26 01:16:00 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5Sd0rVmz6X4Q3 for ; Thu, 26 Mar 2026 01:16:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5Sc6VmLz3LKp for ; Thu, 26 Mar 2026 01:16:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487760; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pXmhYjRp0H4VYDSN/d61RUJyHgZrvUXFyZTo1vrlSMs=; b=w7zaEw1g9+2JtbSl9ns53WQAzmoSFn/PpwlRwOX4s+ldsOdyqPs3aEP7ZdWdsrKx37yUaf XGN7x4Dymy3T9fnPcGUtm/Vw6kW9slTRL8V6Q3B7gddFRGdrRisII3xWjwwBKLMngSiuPC N7SMajWPUpSSDMszUUufeRQK9Va48POobuO6vPAkwqBh7mbyn4lmKpGQwoSxZqUS9lQ4tM prq6rguXuc8gUdiiIx5d0zz405TjhCwjSMMEwjoVPKm+HT3VXZkuVqfm4GOr0v7kXV4V5Y q1f3weE3h9n2aADH5iTUdho6C+olzBxEex6kMFPhWR/WXyYEEOjSBja9z/ByjQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487760; a=rsa-sha256; cv=none; b=s0wcxDwfUo554ZPA2VRTw3dCI85XyaqasGaFQ6cNpzxp69ipfATGMacwJOz4zy2JjrhQaW M/3S+z9BrLB4rRo3VszFI5sllEHlFO/x/2kS+4QM7a8VaGQw7E4Veco0kGjZi6XYZ/3xiL gypyJuvO/Wky3etR4rqDvJbYEIjzKYMq6kLCRLyVKqG+Y3jKsPIk+yBcK6u65jGXGiPXvU byXJb+bh3QUObR5EIhk1qRWTf54Ewvx6thBoV5u3lS5F1dhlSkNSiMTc9tHsf+IFJKLo8M ++o9DvjXqwAVo1oHLm774FP2er9VI35ROX9tzj2aDnBjBuSRq1zA4SVRvcU5pQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487760; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pXmhYjRp0H4VYDSN/d61RUJyHgZrvUXFyZTo1vrlSMs=; b=O89FiJUNOIG3jEbQaduo/ogkaSXg2qCPOTgOJQYV5dMlQ5uKCe6AGGduDfsajS544+uKUk 73ToV/uAfcAruTMhCQL5aX6sX3tx72ZzYeNUc/Ycwb7KzfbsbrRmF8YU9XrGg55RSPPPd+ T2Pdy0wDPnCFHJf6B/IlWXGguNOjuBH24iJmHUO+yqD9FJKJgtcjSxiGcA+khXJXn7kbry 7KKfMuxHQVrjHiOryn/APUuS69cPEfZKwiyD5cVGlmyik35xYsjHjdMwY3fjYXLMayENlv TxLP2P3X2CnwS8cJEwCEUD5s4bmHSrCAv/oKo8fvE9/f2oru4b0Hn6nXbfqa6w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5Sc5kXYzVXs for ; Thu, 26 Mar 2026 01:16:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 19088 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:16:00 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Michael Tuexen From: Philip Paeps Subject: git: a9cba5321021 - releng/14.3 - tcp: plug an mbuf leak List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.3 X-Git-Reftype: branch X-Git-Commit: a9cba5321021c5758c0c8bb65f9966bef01096fd Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:16:00 +0000 Message-Id: <69c488d0.19088.1af0dcf9@gitrepo.freebsd.org> The branch releng/14.3 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=a9cba5321021c5758c0c8bb65f9966bef01096fd commit a9cba5321021c5758c0c8bb65f9966bef01096fd Author: Michael Tuexen AuthorDate: 2026-03-25 05:53:56 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 06:56:19 +0000 tcp: plug an mbuf leak When a challenge ACK should be sent via tcp_send_challenge_ack(), but the rate limiter suppresses the sending, free the mbuf chain. The caller of tcp_send_challenge_ack() expects this similar to the callers of tcp_respond(). Approved by: so Security: FreeBSD-SA-26:06.tcp Security: CVE-2026-4247 Reviewed by: lstewart Tested by: lstewart Sponsored by: Netflix, Inc. --- sys/netinet/tcp_subr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index d17b46d13038..16871d7d8288 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -2256,6 +2256,8 @@ tcp_send_challenge_ack(struct tcpcb *tp, struct tcphdr *th, struct mbuf *m) tcp_respond(tp, mtod(m, void *), th, m, tp->rcv_nxt, tp->snd_nxt, TH_ACK); tp->last_ack_sent = tp->rcv_nxt; + } else { + m_freem(m); } } From nobody Thu Mar 26 01:16:03 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5Sg2c3jz6X4SX for ; Thu, 26 Mar 2026 01:16:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5Sg0c7xz3LXs for ; Thu, 26 Mar 2026 01:16:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487763; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/1pyFGkxjJtVjycrPgdNjZdJWTQZgBQWb805IbalEQU=; b=TykLk+Nl7DsigNLvTVmFUBIClF/GIxjjNHb283SiwxZ9Bx1ScysHHHNVQDY9HNWOslX3HI C0+jPlwelDCI4lOqDyxGl1xzuGEkTGYS9/OBOVlGzl8GGTCO1wKHEYDmwr5tlLKN0GBDJn b/AC1jrULOqEuIixpzsNhCCeBXmMeqU0fpPPMM/O1CeFjx1XNKKATajs+O9/moyQJtGEUt ZvO+zAFy8rUalaOshxMB2Wfx8yVD3PWsLWvyEavbFnxYy82b2On/bONvMRDkitpr4PnthW xorkD3BeI2gpC7sENeHl008HftccQ6R8W0DkBMx9BuAVEEotlGgWj9MZGzfcGw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487763; a=rsa-sha256; cv=none; b=DtYzsn6emrcqLqFmq4kiGP7NEQ98m2lrqW9BOQSByeNMQAUYouRjjUVz0dFCWeC7eHjbaH KHtxH7gs9ap8u806qhawNcb+b/48gaMePAyZjs6NDiQNSzdRnQcevUE8vO1cQ/E2xkCWO7 xa5JxNXIm7/5+e/M+tJ5OQPfR4mTNoVRn0A+Pxxrs1VwjbCUjyUcHgRPcs6z9+EUiFjJQ3 SCnDHOOTymnaf/Y0vUS/0cKylRSyIkJwIjHMkkhJ96Lhb5yT4UAwMIJCJkIONe4Y+7tS0e wbBn6wmMZE6Uo3hZwUnbld4vFMn+7YtG4vxWaEaPxKbHmvLkYauMgK2enJxYag== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487763; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/1pyFGkxjJtVjycrPgdNjZdJWTQZgBQWb805IbalEQU=; b=GDk+t5DJePpClKJzevePFFDk3LsxQB5bEJd1XP1rjJPgIDeF02pqchTJ0l3xPvyRcUPo2Y WXDt0TU5qseX6EVL8KgDxmqcmJFSjyUcuYG60sG/E6utduBH1VFJPINVkvqHAk7nsfEdpn sJLB4zBp7qGEdEJYbZyv8mCmQ8KRtr6C5yLhNsdWLudngM5WSIOUuT5NJaXmzhm+UQYbxP xIygciMRAY0SQuZ2+cdMV76d/kpLen03u0wjfi2DXjJrnmu3gD2mn6+ogeTDU71Un/DghJ b/0aAJD9x98tmzfel+3A+zcAg9WxaihJhTh8JvBaPJ3o/BYestXmiRq1Brhs3A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5Sg09zczVc2 for ; Thu, 26 Mar 2026 01:16:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1930d by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:16:03 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Michael Gmelin From: Philip Paeps Subject: git: d3c0dff16c2d - releng/14.3 - pf: Fix hashing of IP address ranges List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.3 X-Git-Reftype: branch X-Git-Commit: d3c0dff16c2d1f871b9fe26234df986c85823f6d Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:16:03 +0000 Message-Id: <69c488d3.1930d.b270053@gitrepo.freebsd.org> The branch releng/14.3 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=d3c0dff16c2d1f871b9fe26234df986c85823f6d commit d3c0dff16c2d1f871b9fe26234df986c85823f6d Author: Michael Gmelin AuthorDate: 2026-03-12 14:18:09 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 16:13:06 +0000 pf: Fix hashing of IP address ranges This corrects the false detection of duplicate rules. Approved by: so Security: FreeBSD-SA-26:09.pf Security: CVE-2026-4748 Reviewed by: kp (cherry picked from commit 1fa873c93c8b08561c53107c7b90c53dfad30ddc) (cherry picked from commit ac6bb58a715eaf0afb7a80dc87083f9819e10ac1) --- sys/netpfil/pf/pf_ioctl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index d95f36d06ee3..898bfafcee21 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1264,6 +1264,7 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, addr.v.tblname); break; case PF_ADDR_ADDRMASK: + case PF_ADDR_RANGE: /* XXX ignore af? */ PF_MD5_UPD(pfr, addr.v.a.addr.addr32); PF_MD5_UPD(pfr, addr.v.a.mask.addr32); From nobody Thu Mar 26 01:16:01 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5Sf32KYz6X4Kc for ; Thu, 26 Mar 2026 01:16:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5Sf02lcz3LkD for ; Thu, 26 Mar 2026 01:16:02 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487762; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3ecGHtpL3he87oisp1gQ63472MA0Hfnwji4h8nCsZL0=; b=NddxE2K3SO8ApmU+au91CtBjUWBE0nP0yVfhT/cxa+1c4HBgWpWtSCTn6YU84htfNEUJdf a2zN7a6Rq+njlYDH57pgS0obA2Of8Ddui0Vo0nNczQb3Vz82Cx4CpRFRz1MyxODSEijEQJ 22Fp8BIHLaF4PrzPFvfrJn/pgoPblaFLD6sDwHJF9eWhlGSUSBiCsUwryOcbS2O1k7TAhd dFWf5sIGgvgacLxPSx+r0Uc1Spc0o6kMgSEYPsi2bJ1FfuYG95FmRadJasjcAZNItDnYR1 yDrQsRWyvh1vxk3m1j9NDaJeSTKcSob5hCnZf3+B7MSor6rWmk05sRkxNCHbgw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487762; a=rsa-sha256; cv=none; b=gu8j9JN1h5HHLFw7lqF6xb7KY3NWP5fCVeIshv3LrsJF64lg6zYG9f6fq0kiPghLF/c58h VPAezJUEzRJQQiUHCA7nUlldl9pmFvPSfgLW326+cBN4Z5mdY9E+GOU1kbTvWa13iAdtLh uDJ2GJpkMF+JVSyUi7r8Av8Gdgr+QH1J3SsksEzpXB3KfJ7CMTRuvesBsb9FYWKsP/sMBH 0bI+mzRNz25AThQS87MvVXav6j5GQqfcFq5Me45VqSWUMGmbB40TFsJS7BkYoOV0t5i2HW qoN156/TO0xDJG2pJGsv7WkHZimQ71g2EtxpbMicIFLhMNIZCjpJkyKW6wYZAg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487762; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3ecGHtpL3he87oisp1gQ63472MA0Hfnwji4h8nCsZL0=; b=oc4sk2jME64ZFfSBTRZXOHT4KZOeB8/CGkPw3forGMGSIwazbAu1/j9MvOxAO+TSwpSjSS i4nPvnFNDLxGs9ZNNc+t3rOpO5BNG6KMGcF4W0vIof90imsdvnZrXfKqfzPDMhd73vjiUE zAopQ013aZNjDTKLyr5+k+BKNDpxum7/pGxgxXutqQcYDpeTOzz+0IHXI2HbWg4nRrDR8H iCsutJXRqBoHiBBXJ4q5FDLk+IjGijFlz1CtCjhWtB3g5dMQui3IkL/dKK40OfEpnKGQ2x +Nhwuwz3yPNNC2XYc5gyylzQzaTZnU3MEa4oeiNbym2eEbRg3ToAXp4AQLj+RA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5Sd6VfTzVXr for ; Thu, 26 Mar 2026 01:16:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 19bf0 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:16:01 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Mark Johnston From: Philip Paeps Subject: git: b6ce88ab9a5f - releng/14.3 - rpcsec_gss: Fix a stack overflow in svc_rpc_gss_validate() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.3 X-Git-Reftype: branch X-Git-Commit: b6ce88ab9a5fd248cd3cf72d8e4b86f989291505 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:16:01 +0000 Message-Id: <69c488d1.19bf0.3554fd2@gitrepo.freebsd.org> The branch releng/14.3 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=b6ce88ab9a5fd248cd3cf72d8e4b86f989291505 commit b6ce88ab9a5fd248cd3cf72d8e4b86f989291505 Author: Mark Johnston AuthorDate: 2026-03-24 02:12:42 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 06:56:34 +0000 rpcsec_gss: Fix a stack overflow in svc_rpc_gss_validate() svc_rpc_gss_validate() copies the input message into a stack buffer without ensuring that the buffer is large enough. Sure enough, oa_length may be up to 400 bytes, much larger than the provided space. This enables an unauthenticated user to trigger an overflow and obtain remote code execution. Add a runtime check which verifies that the copy won't overflow. Approved by: so Security: FreeBSD-SA-26:08.rpcsec_gss Security: CVE-2026-4747 Reported by: Nicholas Carlini Reviewed by: rmacklem Fixes: a9148abd9da5d --- lib/librpcsec_gss/svc_rpcsec_gss.c | 9 ++++++++- sys/rpc/rpcsec_gss/svc_rpcsec_gss.c | 10 +++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/librpcsec_gss/svc_rpcsec_gss.c b/lib/librpcsec_gss/svc_rpcsec_gss.c index e9d39a813f86..73b92371e6d0 100644 --- a/lib/librpcsec_gss/svc_rpcsec_gss.c +++ b/lib/librpcsec_gss/svc_rpcsec_gss.c @@ -758,6 +758,14 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, memset(rpchdr, 0, sizeof(rpchdr)); + oa = &msg->rm_call.cb_cred; + + if (oa->oa_length > sizeof(rpchdr) - 8 * BYTES_PER_XDR_UNIT) { + log_debug("auth length %d exceeds maximum", oa->oa_length); + client->cl_state = CLIENT_STALE; + return (FALSE); + } + /* Reconstruct RPC header for signing (from xdr_callmsg). */ buf = rpchdr; IXDR_PUT_LONG(buf, msg->rm_xid); @@ -766,7 +774,6 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, IXDR_PUT_LONG(buf, msg->rm_call.cb_prog); IXDR_PUT_LONG(buf, msg->rm_call.cb_vers); IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); - oa = &msg->rm_call.cb_cred; IXDR_PUT_ENUM(buf, oa->oa_flavor); IXDR_PUT_LONG(buf, oa->oa_length); if (oa->oa_length) { diff --git a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c index 64038240ab37..031e6af5c1b2 100644 --- a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c +++ b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c @@ -1107,6 +1107,15 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, memset(rpchdr, 0, sizeof(rpchdr)); + oa = &msg->rm_call.cb_cred; + + if (oa->oa_length > sizeof(rpchdr) - 8 * BYTES_PER_XDR_UNIT) { + rpc_gss_log_debug("auth length %d exceeds maximum", + oa->oa_length); + client->cl_state = CLIENT_STALE; + return (FALSE); + } + /* Reconstruct RPC header for signing (from xdr_callmsg). */ buf = rpchdr; IXDR_PUT_LONG(buf, msg->rm_xid); @@ -1115,7 +1124,6 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, IXDR_PUT_LONG(buf, msg->rm_call.cb_prog); IXDR_PUT_LONG(buf, msg->rm_call.cb_vers); IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); - oa = &msg->rm_call.cb_cred; IXDR_PUT_ENUM(buf, oa->oa_flavor); IXDR_PUT_LONG(buf, oa->oa_length); if (oa->oa_length) { From nobody Thu Mar 26 01:16:04 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5Sh6wDtz6X460 for ; Thu, 26 Mar 2026 01:16:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5Sh1fVLz3Ln0 for ; Thu, 26 Mar 2026 01:16:04 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487764; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2shwkYngyDev0/3LWLSq4dq5fNBlWnwdhmHxEayZyB0=; b=eWc8KB9lJ4E2j0Chmpp00jpfxeo2QcY5Y0zHvTkFSRyJ02ZnERybkI4oRdlQeJVEwYcClr NtZfmJCzcmUPTgDMkMvX9is5ZDj5eI2kTlSE29NFmOLnjsgArM1dU4fxZp5P4NMaDnvFBt S2yeyuH+VAF0wgnN4hwQ+tHYMY8BZH2apq3BG/nlgRz6g1ZQc8GXYWK+4/F/y+76+4FCqH FeLn5QUd3frmjVQsKpjzQoRDjJkJYdghOKwDM38f0mx2MrPQ5EwNaZisAAw1tE5JH4IJtg nlA+i4M+6EO3sPZQfkM/eGdK/hOpXQ0oVdWoANPVe47EBTR5+kBdhAqbdf98qg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487764; a=rsa-sha256; cv=none; b=SMHsWB8JzIlXxQykFI3A0E9r/XYu9AaBKQY5fuVM7eol/Er8KxVEdjrJVGOHASkIhfRb+g hxXmcCmKIJKoAB/Jr2ZwlvRacORitN9yO4SkBSw5JzBIWx5hP5/irqGmBgCR19bGRw7ZeE 8fe0zC6s7BzMAQm1cBtsdDYshtjENN+Bc38jQ5WMMZByBrxq+F3Hqfus3mNuwBLO35XPHW AX88H1wLkOsuby3OX73cKozLi/l4+FDDJ6HVPIzwDckkN+9CidSe+vEb3RiB6qvP0RpwpL 880550wH1AiGNXfWkOXebp1+TTFjHvJvA1oCnVlgUDy2G7aLtUWst61l9txsTQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487764; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2shwkYngyDev0/3LWLSq4dq5fNBlWnwdhmHxEayZyB0=; b=P+a3yd1N7oB3dfBoYbNMslVJqxzMW2k3EYxmkXZtLvq7pmtdJWTCLsYsSh0lAbXucbg5bD BqvExEo0W841KXCYSbILLMr8eW0FlUewploysCJzuvzMttDZwlnQManG+Nbyrx15LiWDSZ NNuH9uKtB6gwH2iaWyxVoIYM0EMPr9bAJh8yBUSl+MGVI23JB2j84+A92YV+1AZSC741BZ dca6kZY2HP9duE079Kge1BY8Ta15U2XZvwG6PDlXLNX8yOBpek+7xBdVghTD1bSl77AuSU 7jnouk5y7kcgPIz4TQxMmA5qdecvSLZUqcxGwT9IuyBqo7l7TV7CzWHwb5WGlg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5Sh0gNVzVXx for ; Thu, 26 Mar 2026 01:16:04 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 18f9b by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:16:04 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Kristof Provost From: Philip Paeps Subject: git: 89ab511c1ce2 - releng/14.3 - pf tests: verify that we handle address range rules correctly List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.3 X-Git-Reftype: branch X-Git-Commit: 89ab511c1ce2a979b5d0e7fdbb3289442b35d8a3 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:16:04 +0000 Message-Id: <69c488d4.18f9b.32a95ae5@gitrepo.freebsd.org> The branch releng/14.3 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=89ab511c1ce2a979b5d0e7fdbb3289442b35d8a3 commit 89ab511c1ce2a979b5d0e7fdbb3289442b35d8a3 Author: Kristof Provost AuthorDate: 2026-03-12 14:23:32 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 16:13:33 +0000 pf tests: verify that we handle address range rules correctly There's been a problem where rules which differed only in address ranges were considered duplicates and not added. Test for this. Approved by: so Security: FreeBSD-SA-26:09.pf Security: CVE-2026-4748 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit ab74151e8d097b263237942c0b12277098bc9533) (cherry picked from commit 958dbc87e9c59a2e9f83d84115ce03fb96e9b249) --- tests/sys/netpfil/pf/pass_block.sh | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/tests/sys/netpfil/pf/pass_block.sh b/tests/sys/netpfil/pf/pass_block.sh index 792b73b4a0a5..b91ba7f9ee68 100644 --- a/tests/sys/netpfil/pf/pass_block.sh +++ b/tests/sys/netpfil/pf/pass_block.sh @@ -255,6 +255,43 @@ urpf_cleanup() pft_cleanup } +atf_test_case "addr_range" "cleanup" +addr_range_head() +{ + atf_set descr 'Test rulesets with multiple address ranges' + atf_set require.user root +} + +addr_range_body() +{ + pft_init + + epair=$(vnet_mkepair) + ifconfig ${epair}b 192.0.2.2/24 up + + vnet_mkjail alcatraz ${epair}a + jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up + + # Sanity check + atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1 + + jexec alcatraz pfctl -e + pft_set_rules alcatraz \ + "block" \ + "pass inet from any to 10.100.100.1 - 10.100.100.20" \ + "pass inet from any to 192.0.2.1 - 192.0.2.10" + +jexec alcatraz pfctl -sr -vv + + atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1 +jexec alcatraz pfctl -sr -vv +} + +addr_range_cleanup() +{ + pft_cleanup +} + atf_init_test_cases() { atf_add_test_case "v4" @@ -262,4 +299,5 @@ atf_init_test_cases() atf_add_test_case "noalias" atf_add_test_case "nested_inline" atf_add_test_case "urpf" + atf_add_test_case "addr_range" } From nobody Thu Mar 26 01:16:05 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5Sj63GZz6X4J1 for ; Thu, 26 Mar 2026 01:16:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5Sj1vZcz3Ln9 for ; Thu, 26 Mar 2026 01:16:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487765; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tTEEjQ5M16rZNVRnIlkP48Jfk7JEl+KRI7av39GqOdk=; b=dVuVM2dOhKbYX8g5Ntiirilcwbej1mU38tYwbDikTcFXlzisYv/orOSV9nZ5QRV4G6V6NO PhLua2Lwu59KWtYfbOoT/J9ZRewVynBk9KtMNp7A0UxbnaMf6PnWKSatPPSL2vCQTY9xAy 1PWZo0+AQaSfFR6FSZtRh9x3D0CY8ITzvojiaXV3JL2RxBu1djxuWbE8TYnaBBN+I1NS/m Csee9EHnFUW1eVPw0tSVaTriGLChNklPVcMVOwAfbN4t7sDMfubXpKUFq8Gjahf2jMwPUY vbSrMQQa61q3tbP8ootKLwNPWy+ADqdEYyjnWe+/C0Zgo121R4XWXQ4tT+HPZw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487765; a=rsa-sha256; cv=none; b=SMmSZnIGknGPCeziY/7BRy7h6vxjgrS/CSyR1spqwO0YfrX8DakbGHyuC0Z+MkJuXqGIdU Vl756mAHjZplXA+Ym02NVk6aR260IzyMYG72S0ankB6SL+cZLhNsGwh76FcGTOKFfaBVfy 5EWudzqknNIQRl6QeCRdVUKUh+BkKzGLqmlSsENbm5YBbPWIxk3iYsyTYMT0Mrh6WQFHo/ j6gRuaBuUu0t1uSTmwvzw9DpsFycJBsdAOqLhye4pmOe4l206IpyTj+nD23jR5e68GDdiL 44/BDMgIOzCfIQAWcS+cOTLXjLaEbwxgmcklcfyNy2vTn9XLVRCxKW2q4YWWRQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487765; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tTEEjQ5M16rZNVRnIlkP48Jfk7JEl+KRI7av39GqOdk=; b=b7yvzZqu4RQ09vtbpy+uox32r3xp6qgF6WNIco7zCet7s1aQpCTDsy51TyLpbWEiVF5s7T GXiOzRXNHSTgYM+BY1SUSf7KH3hy/txnUqdTQ2UPYMNgpHisOIo64aTKY/8F4tKCpzFt8j QMkclpMv+KUrtctGek6imgdqthFznkBBm2PpSUdC6pwE/mgDEIB9VeE/BqXkBHmRxeBgYk UUdsU8EDU0yEXBz9W+CAOU2598LgRqtUdHksSJVqiBazVxmv1XGcpFBnrS2tCG6ndEBibo AOblUx9A5mis9ra2C99UWQrj0Dh4hfKQxQWgKjOXafvIQm6/VE2xKXoFhR0i9g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5Sj1RBkzTsy for ; Thu, 26 Mar 2026 01:16:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 18da1 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:16:05 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Kristof Provost From: Philip Paeps Subject: git: 926ee630b73d - releng/14.3 - pfctl: always warn if a duplicate rule was detected List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.3 X-Git-Reftype: branch X-Git-Commit: 926ee630b73d5bf0264bf69284ef4a407b2462d4 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:16:05 +0000 Message-Id: <69c488d5.18da1.61dec6fe@gitrepo.freebsd.org> The branch releng/14.3 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=926ee630b73d5bf0264bf69284ef4a407b2462d4 commit 926ee630b73d5bf0264bf69284ef4a407b2462d4 Author: Kristof Provost AuthorDate: 2026-03-12 14:24:42 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 16:13:37 +0000 pfctl: always warn if a duplicate rule was detected Approved by: so Security: FreeBSD-SA-26:09.pf Security: CVE-2026-4748 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 66d66dd0f6f83926980fc1d68dd366c0057350c5) (cherry picked from commit e79818ec36efafc994d8c5a912dcb94986c038c5) --- sbin/pfctl/pfctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c index d6bb0ae7f46f..518b32085565 100644 --- a/sbin/pfctl/pfctl.c +++ b/sbin/pfctl/pfctl.c @@ -2043,13 +2043,13 @@ pfctl_load_rule(struct pfctl *pf, char *path, struct pfctl_rule *r, int depth) } } - if (pf->opts & PF_OPT_VERBOSE) { + if (pf->opts & PF_OPT_VERBOSE || was_present) { INDENT(depth, !(pf->opts & PF_OPT_VERBOSE2)); print_rule(r, name, pf->opts & PF_OPT_VERBOSE2, pf->opts & PF_OPT_NUMERIC); if (was_present) - printf(" -- rule was already present"); + printf(" -- rule was already present\n"); } path[len] = '\0'; pfctl_clear_pool(&r->rpool); From nobody Thu Mar 26 01:16:07 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5Sm0ZnHz6X4J4 for ; Thu, 26 Mar 2026 01:16:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5Sl3HSzz3LcX for ; Thu, 26 Mar 2026 01:16:07 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487767; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=VLYjhn7cUNQqZreWvY2pkcpSfC5ft/AQHZXZuDn+Om8=; b=RVzdMQe+G5SRD4CaSnLdZlmMYcTNt6mzA8ADS1ZETxfcphEUWlI1po3/EGAHInnpc8swqe MJrVBV11EtZ5bE+hKYDJ36iLlJoQwUwXgH5fidRtbjx0x2OsNb3f0H/g0RZ829E7pQ/1Kq tDy+kWDcUX/RIHpD74YOixAvVw8ZIdCor0VTBxEw1DGEr9q9fUwW648uYROwnclG25oDin ObHnygpU+M4bOqwirckdgm5hChrbPlyBNX0AlpHFRghHIWj60Bi8v1+XEWW7doC4v96hst O9MENb3ghwDocTT+C5ZpA1d5b4O/5gdlb0+DvawivGUBpAKG3sVLd558fjToqQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487767; a=rsa-sha256; cv=none; b=Byc3atWxF6uHGNu4mzoyug14SJc4aXIVc02a2E1nPcWh6UDUUx1MujS7pFAoFPei6iT0pO 9XlQQYUbFSJESRfsMJf0zVknkWtcGcTkn9vwXz4wP+SaYUCnROqkiGJu+umY9kpC9I9TNe NiN4woE72Qp+5H0CJNelrZfohsiY14ae3gKosOTq7BlpZIxk+222Nc8P9DaOtO9ScBeVQc nEfyExAW9KM+BbNuLQWx5TlCHwxCODMH/parfvu21b8ncLJ92+1lvAk0n++b9mvkpuDhsv tfJaRenXtG1MyvQHF1Eec5S0kKQoC3EPSVujF+fOY6cfD824DhbxVBFnFz/tbg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487767; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=VLYjhn7cUNQqZreWvY2pkcpSfC5ft/AQHZXZuDn+Om8=; b=kfKhgULrnoGKvD6e7klBPAG0PINcgCohxM45iceu9Uqh41B8SR74/27hgf0eVkX5p8WKXI Jd2rTQl7ecf79gjheDLGGRsA7TNpzsysUgSUBblFvGAlKG7y/40+6iMBQEnGfRmge4UKPK ntUarPPp2HvU3IkKWpyHtfctFHoi2WmniiUq25GdANIprSjA7wrOoywTuLacmdB40q9ZXn J9vhwZDPnnrtpKe6ZpTY3nQWdSctTmixmi/B20zxo39CNpHGnTXT2/bbdQGd0gdzPquBjy ALl1dVOmkuPTgqjyTSYQLIq7wuJy52urhM1m5FQltNw2f6GvthmtIQn+mvPuJQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5Sl2gvBzVMp for ; Thu, 26 Mar 2026 01:16:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 18e35 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:16:07 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Philip Paeps Subject: git: 2321f541c307 - releng/14.3 - Add UPDATING entries and bump version List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.3 X-Git-Reftype: branch X-Git-Commit: 2321f541c307590bb326f6785047275faf4c981b Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:16:07 +0000 Message-Id: <69c488d7.18e35.6d3aba1f@gitrepo.freebsd.org> The branch releng/14.3 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=2321f541c307590bb326f6785047275faf4c981b commit 2321f541c307590bb326f6785047275faf4c981b Author: Philip Paeps AuthorDate: 2026-03-25 06:09:04 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 16:13:44 +0000 Add UPDATING entries and bump version Approved by: so --- UPDATING | 11 +++++++++++ sys/conf/newvers.sh | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/UPDATING b/UPDATING index 328fd425b883..20c41179af63 100644 --- a/UPDATING +++ b/UPDATING @@ -12,6 +12,17 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before updating system packages and/or ports. +20260325: + 14.3-RELEASE-p10 SA-26:06.tcp + SA-26:08.rpcsec_gss + SA-26:09.pf + + TCP: remotely exploitable DoS vector (mbuf leak). [SA-26:06.tcp] + + Remote code execution via RPCSEC_GSS packet validation. [SA-26:08.rpcsec_gss] + + pf silently ignores certain rules. [SA-26:09.pf] + 20250224: 14.3-RELEASE-p9 SA-26:04.jail SA-26:05.route diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 6f6d7ac69d2c..7c77782c1c00 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -53,7 +53,7 @@ TYPE="FreeBSD" REVISION="14.3" -BRANCH="RELEASE-p9" +BRANCH="RELEASE-p10" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi From nobody Thu Mar 26 01:16:06 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5Sk5Kcfz6X4Kf for ; Thu, 26 Mar 2026 01:16:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5Sk2NFTz3LSs for ; Thu, 26 Mar 2026 01:16:06 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487766; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xzuLfroASNCo5IXmeZxj1xN80hp8bUV4G0HTdVIJ5bE=; b=KpXCTfuf3W0Qs6bJVzRxPiNgD15R3l5DSfVxcgoMzMhj/1sljfUA3roeE5wEQbg2v8Lst2 xn6EVVL/pVFPMVeuJWczsjVZBftyVtey/qfxeGtd2/aqrE5LmsXCzT/7mFsEPzONLIQ27B BIcNdcVrHMBtJvM8MKtZwKTRfTHONcZjY4I6Y/VRI78FOQ++wCdLNwC561EkTed2mJV9k6 +9aaXYJ6kCfbd3SCYZ11o7pcQmHIyeknDCreisD0K7HYX820lIHff6VVCLW0IYLyQ9Bbto KBTDx3zf28XbBLJ5pHkZbYNNUJ+3Bddbf0xeszigSAD2DN7e2e06ZBH3xGPiEQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774487766; a=rsa-sha256; cv=none; b=ED9APcL8WHR7jGoS+IeTbAWMQEt5iX75oG72KM6N/VKobrvKOU8pKwRFZzJym1I0QrgCRW wjkYEAnIRbEpGo7S1CftFUAL58qaTtKKz6YmBHyJ+xKnzphpXWFshrwTLRVy8HSdwRdHCu qB11Ep221l7EHB1p4GRwfmtmP5IjbQJvCOGt9UiZUYPESsOfQcR2HBqXieVMNJRg5geVcr H29AKD4Fj3DCqD0JwVpKexd7rdqwRgdl8pxiP2mbu3M4rFNs49SK8b8EJmINXhdDkbXs84 bwAaNdcTP6Uv8T5YpxkI55D6r8svF5JMRSyJ/OCHmr4CHwNA5SbW4R9pisfMAA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774487766; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xzuLfroASNCo5IXmeZxj1xN80hp8bUV4G0HTdVIJ5bE=; b=d7WI0MgVTZN5kMLzaPO0yvfOfRZlli8T4VDCbOgJV0Ha/4Bz9PGO1rekyto3PK6rTszETF cK095M6ZdhmY3tbo/+hEqPlbF48dtmGVjL9x6nRdmQ1wwOZDgiFuThK4DKXrBr434p2QTt LAV2e/4bjgYabqUT118cfiZxSD8L85Vqzi4plZub5yplOg0ELMX/k+50foD9nJ+8jrbF1X wtTPSDaODKo60Qf1J+kI7IcbaS/px6ZEEl1nwZZmvKgRvD47iNtvEYqTzCOGhqCjDssS++ EvCcnDZi0u2k8aHTBpCrAzACZ7xxI5V9P052ZIjwNDMF407+ifkuzC7oWLIM9g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5Sk1vBczVY1 for ; Thu, 26 Mar 2026 01:16:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 18d24 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:16:06 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Kristof Provost From: Philip Paeps Subject: git: c03577d99d2d - releng/14.3 - pf: include all elements when hashing rules List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.3 X-Git-Reftype: branch X-Git-Commit: c03577d99d2d3b4be1bd90a2238faa5070430d30 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:16:06 +0000 Message-Id: <69c488d6.18d24.1b60be01@gitrepo.freebsd.org> The branch releng/14.3 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=c03577d99d2d3b4be1bd90a2238faa5070430d30 commit c03577d99d2d3b4be1bd90a2238faa5070430d30 Author: Kristof Provost AuthorDate: 2026-03-19 07:21:51 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 16:13:40 +0000 pf: include all elements when hashing rules Approved by: so Security: FreeBSD-SA-26:09.pf Security: CVE-2026-4748 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit c6bcf6e6fd507d952a48226b51cc161b8ef972a2) (cherry picked from commit e3b801edded92c1ccef67f9aef8653e996493460) --- sys/netpfil/pf/pf_ioctl.c | 91 ++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 83 insertions(+), 8 deletions(-) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 898bfafcee21..cd4a5ee0151f 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -1269,6 +1269,12 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, addr.v.a.addr.addr32); PF_MD5_UPD(pfr, addr.v.a.mask.addr32); break; + case PF_ADDR_NOROUTE: + case PF_ADDR_URPFFAILED: + /* These do not use any address data. */ + break; + default: + panic("Unknown address type %d", pfr->addr.type); } PF_MD5_UPD(pfr, port[0]); @@ -1277,6 +1283,28 @@ pf_hash_rule_addr(MD5_CTX *ctx, struct pf_rule_addr *pfr) PF_MD5_UPD(pfr, port_op); } +static void +pf_hash_pool(MD5_CTX *ctx, struct pf_kpool *pool) +{ + uint16_t x; + int y; + + if (pool->cur) { + PF_MD5_UPD(pool, cur->addr); + PF_MD5_UPD_STR(pool, cur->ifname); + } + PF_MD5_UPD(pool, key); + PF_MD5_UPD(pool, counter); + + PF_MD5_UPD(pool, mape.offset); + PF_MD5_UPD(pool, mape.psidlen); + PF_MD5_UPD_HTONS(pool, mape.psid, x); + PF_MD5_UPD_HTONL(pool, tblidx, y); + PF_MD5_UPD_HTONS(pool, proxy_port[0], x); + PF_MD5_UPD_HTONS(pool, proxy_port[1], x); + PF_MD5_UPD(pool, opts); +} + static void pf_hash_rule_rolling(MD5_CTX *ctx, struct pf_krule *rule) { @@ -1287,37 +1315,84 @@ pf_hash_rule_rolling(MD5_CTX *ctx, struct pf_krule *rule) pf_hash_rule_addr(ctx, &rule->dst); for (int i = 0; i < PF_RULE_MAX_LABEL_COUNT; i++) PF_MD5_UPD_STR(rule, label[i]); + PF_MD5_UPD_HTONL(rule, ridentifier, y); PF_MD5_UPD_STR(rule, ifname); + PF_MD5_UPD_STR(rule, qname); + PF_MD5_UPD_STR(rule, pqname); + PF_MD5_UPD_STR(rule, tagname); PF_MD5_UPD_STR(rule, match_tagname); - PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */ + + PF_MD5_UPD_STR(rule, overload_tblname); + + pf_hash_pool(ctx, &rule->rpool); + PF_MD5_UPD_HTONL(rule, os_fingerprint, y); + + PF_MD5_UPD_HTONL(rule, rtableid, y); + for (int i = 0; i < PFTM_MAX; i++) + PF_MD5_UPD_HTONL(rule, timeout[i], y); + PF_MD5_UPD_HTONL(rule, max_states, y); + PF_MD5_UPD_HTONL(rule, max_src_nodes, y); + PF_MD5_UPD_HTONL(rule, max_src_states, y); + PF_MD5_UPD_HTONL(rule, max_src_conn, y); + PF_MD5_UPD_HTONL(rule, max_src_conn_rate.limit, y); + PF_MD5_UPD_HTONL(rule, max_src_conn_rate.seconds, y); + PF_MD5_UPD_HTONS(rule, qid, x); + PF_MD5_UPD_HTONS(rule, pqid, x); + PF_MD5_UPD_HTONS(rule, dnpipe, x); + PF_MD5_UPD_HTONS(rule, dnrpipe, x); + PF_MD5_UPD_HTONL(rule, free_flags, y); PF_MD5_UPD_HTONL(rule, prob, y); + + PF_MD5_UPD_HTONS(rule, return_icmp, x); + PF_MD5_UPD_HTONS(rule, return_icmp6, x); + PF_MD5_UPD_HTONS(rule, max_mss, x); + PF_MD5_UPD_HTONS(rule, tag, x); /* dup? */ + PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */ + PF_MD5_UPD_HTONS(rule, scrub_flags, x); + + PF_MD5_UPD(rule, uid.op); PF_MD5_UPD_HTONL(rule, uid.uid[0], y); PF_MD5_UPD_HTONL(rule, uid.uid[1], y); - PF_MD5_UPD(rule, uid.op); + PF_MD5_UPD(rule, gid.op); PF_MD5_UPD_HTONL(rule, gid.gid[0], y); PF_MD5_UPD_HTONL(rule, gid.gid[1], y); - PF_MD5_UPD(rule, gid.op); + PF_MD5_UPD_HTONL(rule, rule_flag, y); + PF_MD5_UPD_HTONL(rule, rule_ref, y); PF_MD5_UPD(rule, action); PF_MD5_UPD(rule, direction); - PF_MD5_UPD(rule, af); + PF_MD5_UPD(rule, log); + PF_MD5_UPD(rule, logif); PF_MD5_UPD(rule, quick); PF_MD5_UPD(rule, ifnot); PF_MD5_UPD(rule, match_tag_not); PF_MD5_UPD(rule, natpass); + PF_MD5_UPD(rule, keep_state); + PF_MD5_UPD(rule, af); PF_MD5_UPD(rule, proto); - PF_MD5_UPD(rule, type); - PF_MD5_UPD(rule, code); + PF_MD5_UPD_HTONS(rule, type, x); + PF_MD5_UPD_HTONS(rule, code, x); PF_MD5_UPD(rule, flags); PF_MD5_UPD(rule, flagset); + PF_MD5_UPD(rule, min_ttl); PF_MD5_UPD(rule, allow_opts); PF_MD5_UPD(rule, rt); + PF_MD5_UPD(rule, return_ttl); PF_MD5_UPD(rule, tos); - PF_MD5_UPD(rule, scrub_flags); - PF_MD5_UPD(rule, min_ttl); PF_MD5_UPD(rule, set_tos); + PF_MD5_UPD(rule, anchor_relative); + PF_MD5_UPD(rule, anchor_wildcard); + + PF_MD5_UPD(rule, flush); + PF_MD5_UPD(rule, prio); + PF_MD5_UPD(rule, set_prio[0]); + PF_MD5_UPD(rule, set_prio[1]); + + PF_MD5_UPD(rule, divert.addr); + PF_MD5_UPD_HTONS(rule, divert.port, x); + if (rule->anchor != NULL) PF_MD5_UPD_STR(rule, anchor->path); } From nobody Thu Mar 26 01:23:48 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5dd06pzz6X4mr for ; Thu, 26 Mar 2026 01:23:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5dc5Zvpz3QQr for ; Thu, 26 Mar 2026 01:23:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488228; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nzy1dv+BkQb7XUSkuYc5lV8Zh7HXUAi+1d/MT69NzEs=; b=xDVvH+4NDUMkelB1P6jPUKzdt9z5MItCwKh7ngaKjTzUUse992YjExArsMG0C8/EWOEV+0 C01O2oekic+WE4Q3Dtz8Ir9JnQfvdw9ycdQ6NPcL9SBkWN7lb7pyA2ONmGF9G+ks6QRJQQ Zu16+IV47ci/XSL77Ko7kCWSjLEl4SSYpFAfh2TMkz7RWz4jTSlXkoB39FJ78r8o86oW9M OD5x0mkZG8nqXZeQiZpPJroXbuba/AHIylZt0dkg/kZHw3z4F8n17cbx2EWE0bm/AHtnub IczsBcqkgJH80E7ywoNlvARmvQy6AUVmc/QWG0YEMLie6SZvbfBLr0MESYsNuA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774488228; a=rsa-sha256; cv=none; b=W0NJieuUwWD8Os/1uxMqIGIDacVwkUlacsnDT/BmGp6ILZOClkp5aOTINWIoQSnq13Vxy8 bsRBbk4zxFD0fhg2qSwCsvfKTOeHj8L6Zzxb4WORtO/LpzfXuKPGws5chZ+WhsIjVucggG 3/ytpP+uj3/WILSQD30+Lp1y3KYP8sdtsZkVy8LtnXF8NB8S9mKrp6P98PIV/H2S9QPpWF MfhUZZZ2Me6hv+IzaIiODyh1CVxBePS9riwQ8LpT1ToDxwtiwOouShlYcBS+uuUCIDoUOd 121CWHIXSqnkA/QwBtiCn9/LGa6MrzboupPPHEnesTu8kq15bF4Qnxd93lJKUA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488228; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nzy1dv+BkQb7XUSkuYc5lV8Zh7HXUAi+1d/MT69NzEs=; b=hvzlZ9VGXqF2huDB026YczwqH87dyAbstfv7yzXDtbJNMMWpKmEz5GebmxF+zf8zZIYadF mF+bTnMewKiHj4TcaOAprWoHb0DJO2A1wC1I6Nye8zwVCMyyZst55tzWh3m/N2FZpP2B1s LWUCxg1tstaITrGbQCaZLXgr2zxMDFD6drGPlNoOywCrvkBwTXYelcxBMW4rpZzzls8Jwk 79tL+jgY6Y9iKwfoeDnSDZhouo4NDJMgBH6O/4y/6AnUH5erkawJXwxp/IZy1gxHQ+JRrg cHPDAaJzE6DO1IJL60RgQLqsRCWIPmhW7q/kX8e7EIFwAhzbfgbra6XITPJ2qg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5dc4n5TzWGX for ; Thu, 26 Mar 2026 01:23:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 471f4 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:23:48 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Philip Paeps Subject: git: 8d86be861deb - Create tag release/15.0.0-p5 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/tags/release/15.0.0-p5 X-Git-Reftype: annotated tag X-Git-Commit: 8d86be861deb160518e33044b2011a4fc25e12c4 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:23:48 +0000 Message-Id: <69c48aa4.471f4.3fde4994@gitrepo.freebsd.org> The annotated tag release/15.0.0-p5 has been created by philip: URL: https://cgit.FreeBSD.org/src/tag/?h=release/15.0.0-p5 tag release/15.0.0-p5 Tagger: Philip Paeps TaggerDate: 2026-03-26 01:21:53 +0000 Tag FreeBSD 15.0-RELEASE-p5 commit 0730d5233286ff35e9fa83309faa1b2d52fe9a65 Author: Philip Paeps AuthorDate: 2026-03-25 05:59:59 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 16:06:30 +0000 Add UPDATING entries and bump version Approved by: so From nobody Thu Mar 26 01:25:22 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5gQ445Bz6X4hN for ; Thu, 26 Mar 2026 01:25:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5gQ2cV9z3Qqc for ; Thu, 26 Mar 2026 01:25:22 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488322; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vieKAWh9yfz3OlwSQ+9ktZDbpISSeP8IZA3Ovy4uoF4=; b=Eb4MY4waFcVizf0T+A5/tbLZvM8pnKaoD4lyKPGNNBAQZ2rdQXSIT/HR3jd3yFpGjMgUHo LJFjP4lHmycFej+SrCmabo1Tcqzizx0+F9+dyW7MG6gy2eIvAJkzWCNT8796XwTwNQT+xb M6d4sgoMdBtxdmvhkoUjL7rUhhwwfaiROeAgM4UYbekLlVWPr40VVcmc+cla6Yj7nqoYWe wk76t0vPeDDNm5okLC/gULhLAiZDy8ttC2MkvOow5/FeFFKmbWecnC1T2SoJkQgWtr3O79 FkD9zZ0kg4Q9xHiL3M89PTQF0f9PFu79d2k6/VNLZH3sndANAY42iFALe+vPKg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774488322; a=rsa-sha256; cv=none; b=JyjxEDI7NZI9S2PrmUFj5s1DTaMr6cGxveI7XC7RCpczzfSDQbevUDXk1c4SFiNdRm8Xu4 UBNtQLQXndR70GoT+wk3g6+u36GScPQNb+2zddDJ/iIk7SlrxWtxZQA8bCqLuKpUhuiO8N kXim/8A5PhcEe1pOYsjEJiOd9nEvO0yvE92OCEoWxXkKlLsRRhYIumk1xUqDulFGqlCBaJ kqA+XSVsw5JM2Os8KB+NZuS4i9motivdQSGxUuoKs/fKd7qd/5Kq2zYAxS4j03Ninj5on3 4oAaTuKSqPmkgByyDN5+Mz3FyiDYm5fMPH4t4D+zjseWlvjI1YlG8tFS0xHdnA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488322; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vieKAWh9yfz3OlwSQ+9ktZDbpISSeP8IZA3Ovy4uoF4=; b=SgsLLeNxb7jwW4YO6NqDPq0IpWbef7a9o2+SXtFsYD7XcUgRuZwulxThaBrg8+3kQaEDKd 2kpMKtiWVOu19XP4Pnup84uC+lKVxUV5aB6gFeEVnqMhy+Q1uvYz9QuKSiHRoDq9+lJFNS 63T/8PKM3sTkfAMQykkCX0uI1kHIOzywJywbg3r3lvte8mSucsQc+mLTAEylt8B6lspP1R XHyA8KQbMRNouJJjc6vqDIay2acC7rbXUk4yrLaozMZ0PceI9AuJwO32CfQnumOSQ0J9RP SGY+JzQNeospTW8FCuSuoAmjy1cJTvPVr+IMCQRPBayLQmSyHHfqVLunSZRz3A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5gQ2CZfzVgv for ; Thu, 26 Mar 2026 01:25:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 47ee6 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:25:22 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Michael Tuexen From: Gordon Tetlow Subject: git: 1fddb5435315 - stable/15 - tcp: plug an mbuf leak List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 1fddb5435315ca44c96960b16bdda8338afd15a1 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:25:22 +0000 Message-Id: <69c48b02.47ee6.519c42bb@gitrepo.freebsd.org> The branch stable/15 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=1fddb5435315ca44c96960b16bdda8338afd15a1 commit 1fddb5435315ca44c96960b16bdda8338afd15a1 Author: Michael Tuexen AuthorDate: 2026-03-25 05:53:56 +0000 Commit: Gordon Tetlow CommitDate: 2026-03-26 01:25:02 +0000 tcp: plug an mbuf leak When a challenge ACK should be sent via tcp_send_challenge_ack(), but the rate limiter suppresses the sending, free the mbuf chain. The caller of tcp_send_challenge_ack() expects this similar to the callers of tcp_respond(). Approved by: so Security: FreeBSD-SA-26:06.tcp Security: CVE-2026-4247 Reviewed by: lstewart Tested by: lstewart Sponsored by: Netflix, Inc. (cherry picked from commit 6b2d6ccad2552e46a5c9c3ba70b2d0ed27c70ca8) --- sys/netinet/tcp_subr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index b6f428b279b3..5e2b1eb1a86d 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -2202,6 +2202,8 @@ tcp_send_challenge_ack(struct tcpcb *tp, struct tcphdr *th, struct mbuf *m) tcp_respond(tp, mtod(m, void *), th, m, tp->rcv_nxt, tp->snd_nxt, TH_ACK); tp->last_ack_sent = tp->rcv_nxt; + } else { + m_freem(m); } } From nobody Thu Mar 26 01:25:23 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5gS03rRz6X4nN for ; Thu, 26 Mar 2026 01:25:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5gR3Yvrz3Qsv for ; Thu, 26 Mar 2026 01:25:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488323; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3yLXqJp4stIq7Vcl5diGqeUgw49HjfZp4iYCFSoqZtQ=; b=a0mQ/+OSOjgNt6T0dGrQxAvl4qqCvvpKwlhC+rrNLlpCPOpNKzYGGZD19Bp0TShIb5SP5B n7O3AoTyExDaZw4t5WDI56P/zGyze/j0tVTq6RoNo67ew8fsIvIUHzur2I+4jNlZfJyzEU f3GEQ5/BfmlYsWgycH0/bFM5yO56cWOwCmM2z1aXhyyYLDO812DRUYrueuAsriRWFlnKMW g2adYxmXLKaRbxUn5qaVq3tms5RCV8Ac0WMmqB1yLLkP2s/5qGAbehUSoDKEpQewAgyraz EtypliDmsURRPDDEntA1H2js2SsZR5EUZJEG9cU/fbdgsvTD2rnh3XKE9bj6MQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774488323; a=rsa-sha256; cv=none; b=YsNNiKuO9QBM7zCZycIxqbMEv3gS/wokeoQ8rMfHI+OFW+YA0efD3yq3gB+Zhlf/OTuzKX +cKO0yLF9Iw6IQDPaGjNhmRqBy3RdGq4YP59jr0yXFg+OgCuEMi3/WJyFbSNfj01tMbwLu KVtUeO7Pbu6v2R/6za8bNiovPdioGvxpSD+vapDk/h3wVoHeet4h7xPJaj4Yzufge9wMbS 3dpQ12NWZ5Infyh5onSV5TXQOIbYqT2x0z/PPAGm5d/wJxeUOITrfXuLatnuPEUY06whcS cQqiuh6dVSxBeyOGWNi/UxSx0Xk+PP/NaWCvL49vF9e45iupJEHyMXtstYA3bA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488323; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=3yLXqJp4stIq7Vcl5diGqeUgw49HjfZp4iYCFSoqZtQ=; b=GkKf5eCjx9eQaMsd29oJfyCaqA6l9huuKYzpfVtgFPW599674QjUbyq2tSBfu2/UEbmI3E T5mjq2ewjXyPkBzc6FU0KHzLnR3iIql7sct87xV4+kMHJQXhlNm8ijWcQdAzg5VgREW0x6 KUUQvPW0eJ5b3RPYvf59OTdHbexJoiK9v5YcfqSh+r9LZFKE5p5mHcqyhcPpZ6ZuODrLM8 MzKnQhyQ1K8wT2sMVsBM0RkHWZ6WdOkm/O3x5AGPtub2dHEyDtQv1aTMsq79OIB3uLqniR bCYW+gS7CLVzCVB4DhG5+t7SKb3soP0lhgyu5jhogyPhAp/Q5JBEIJkeQA93aA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5gR32P1zVkq for ; Thu, 26 Mar 2026 01:25:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 19c90 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:25:23 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Mark Johnston From: Gordon Tetlow Subject: git: 1b00fdc1f3cd - stable/15 - rpcsec_gss: Fix a stack overflow in svc_rpc_gss_validate() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 1b00fdc1f3cd1311e4b52be253e0fecbca35941d Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:25:23 +0000 Message-Id: <69c48b03.19c90.103f1df0@gitrepo.freebsd.org> The branch stable/15 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=1b00fdc1f3cd1311e4b52be253e0fecbca35941d commit 1b00fdc1f3cd1311e4b52be253e0fecbca35941d Author: Mark Johnston AuthorDate: 2026-03-24 02:12:42 +0000 Commit: Gordon Tetlow CommitDate: 2026-03-26 01:25:05 +0000 rpcsec_gss: Fix a stack overflow in svc_rpc_gss_validate() svc_rpc_gss_validate() copies the input message into a stack buffer without ensuring that the buffer is large enough. Sure enough, oa_length may be up to 400 bytes, much larger than the provided space. This enables an unauthenticated user to trigger an overflow and obtain remote code execution. Add a runtime check which verifies that the copy won't overflow. Approved by: so Security: FreeBSD-SA-26:08.rpcsec_gss Security: CVE-2026-4747 Reported by: Nicholas Carlini Reviewed by: rmacklem Fixes: a9148abd9da5d (cherry picked from commit 143293c14f8de00c6d3de88cd23fc224e7014206) --- lib/librpcsec_gss/svc_rpcsec_gss.c | 9 ++++++++- sys/rpc/rpcsec_gss/svc_rpcsec_gss.c | 10 +++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/librpcsec_gss/svc_rpcsec_gss.c b/lib/librpcsec_gss/svc_rpcsec_gss.c index e9d39a813f86..73b92371e6d0 100644 --- a/lib/librpcsec_gss/svc_rpcsec_gss.c +++ b/lib/librpcsec_gss/svc_rpcsec_gss.c @@ -758,6 +758,14 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, memset(rpchdr, 0, sizeof(rpchdr)); + oa = &msg->rm_call.cb_cred; + + if (oa->oa_length > sizeof(rpchdr) - 8 * BYTES_PER_XDR_UNIT) { + log_debug("auth length %d exceeds maximum", oa->oa_length); + client->cl_state = CLIENT_STALE; + return (FALSE); + } + /* Reconstruct RPC header for signing (from xdr_callmsg). */ buf = rpchdr; IXDR_PUT_LONG(buf, msg->rm_xid); @@ -766,7 +774,6 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, IXDR_PUT_LONG(buf, msg->rm_call.cb_prog); IXDR_PUT_LONG(buf, msg->rm_call.cb_vers); IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); - oa = &msg->rm_call.cb_cred; IXDR_PUT_ENUM(buf, oa->oa_flavor); IXDR_PUT_LONG(buf, oa->oa_length); if (oa->oa_length) { diff --git a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c index 35c904560836..528112d5642a 100644 --- a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c +++ b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c @@ -1170,6 +1170,15 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, memset(rpchdr, 0, sizeof(rpchdr)); + oa = &msg->rm_call.cb_cred; + + if (oa->oa_length > sizeof(rpchdr) - 8 * BYTES_PER_XDR_UNIT) { + rpc_gss_log_debug("auth length %d exceeds maximum", + oa->oa_length); + client->cl_state = CLIENT_STALE; + return (FALSE); + } + /* Reconstruct RPC header for signing (from xdr_callmsg). */ buf = rpchdr; IXDR_PUT_LONG(buf, msg->rm_xid); @@ -1178,7 +1187,6 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, IXDR_PUT_LONG(buf, msg->rm_call.cb_prog); IXDR_PUT_LONG(buf, msg->rm_call.cb_vers); IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); - oa = &msg->rm_call.cb_cred; IXDR_PUT_ENUM(buf, oa->oa_flavor); IXDR_PUT_LONG(buf, oa->oa_length); if (oa->oa_length) { From nobody Thu Mar 26 01:25:37 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5gj5cbnz6X58Q for ; Thu, 26 Mar 2026 01:25:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5gj323kz3RKC for ; Thu, 26 Mar 2026 01:25:37 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488337; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=z0IgxCaD/uqjOfhlfVkJbncOXr7TnJIIm8BWB4vw9Fw=; b=TkQXbrDV5eYDaVN1ztxmPE9qGrpddFXF/zNVnhKLMA3hmcE4YgGmhufL7HugiVevTpfUdn 2ayjl7OxqlApxlh2TLGtGwYABRqE/g4r2pYLkcbXs4xgWMWTAXO7SZUAfU1PXafi+2+Eui CPuLUnS4mMR2T2F9txMdNtwBSKnzVZhuPhz3wehtIU041FSlbavcq4knGfOGFKQFIwkptF 9iYymcR3zWKvd4cQWWTfF4YetXDvKayOw1WZp/HGi/eapbFu6o9BgojliAk8PqSrOewy7e 4nC/IPxAEJtesg5lDg48mLs0M4rWuCKGZT3ljo0ChDx+J8wZJSGn78fXloU9/g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774488337; a=rsa-sha256; cv=none; b=FL0oGsFsa/PIWswZ4DrmrqIvv1B7p8o1YC9KroSXAqRTjJJcFALj8aflgKL3Lm10te00U8 p73zLRGe2nfkElKE6Gin6tyi3gLLz70Qs/XAzbOe1A1vXmLoDozskPPZVvClcguK/xmh3+ wykQi2P61IgFREi+YdhFy0CMea4ebxSp07asDYQ0DIqKmMMJDlOh8pLXlTONeLfnlrANCX Xe7F4vOV2S2fMOakrAK3fq1wglPf6nsvArTSzTWOflCnd/HtQgX3RqNigJ7WgZyJLSu1eA ZH0tl4ZCgM/qcgqcMn9KvjPCyuWFBwght4M1VwuYBY0UAEAlBUS4ideB21lNIQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488337; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=z0IgxCaD/uqjOfhlfVkJbncOXr7TnJIIm8BWB4vw9Fw=; b=cGBpLeY4U0bE1LB2jNNDCo3zt1SZhc0X6pPVzsi0oJ6CRCxF2iyrh5up/DO89GVB+vYNDi guobaqzre8vN8J13wHmV1nyP00M8cGjK9rxVwaS5GFzuopqy2YNZMhcIQd/b9AQVffddRz zSRrUKWuQsUR1rqi5HxrbXbQ+JGyAzDXKjaNg1heRGWaHXN3TjeYf88obWcXq0Ec8+Lr4x HGq6pscLwtAnEa7dv1oEYW7D8+VbwlMH/dJbyrxmDY6m9PeN3FTD+IvuEoqNOy1jS/TR/P Sqcfm+ddd31UZZHKy17/YeWWa2pMPBfw3hRkUdh2gc7U1YoCyHyA0E3/9mKTkA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5gj1VvQzWGf for ; Thu, 26 Mar 2026 01:25:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 19d97 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:25:37 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Philip Paeps Subject: git: 37a7f1fb3aaf - Create tag release/14.4.0-p1 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/tags/release/14.4.0-p1 X-Git-Reftype: annotated tag X-Git-Commit: 37a7f1fb3aaf186fbb9241d92dad93d35c54ec50 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:25:37 +0000 Message-Id: <69c48b11.19d97.7b948608@gitrepo.freebsd.org> The annotated tag release/14.4.0-p1 has been created by philip: URL: https://cgit.FreeBSD.org/src/tag/?h=release/14.4.0-p1 tag release/14.4.0-p1 Tagger: Philip Paeps TaggerDate: 2026-03-26 01:23:48 +0000 Tag FreeBSD 14.4-RELEASE-p1 commit a5812c77639bde4b460db04e8050b09281dd7835 Author: Philip Paeps AuthorDate: 2026-03-25 06:05:40 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 16:11:11 +0000 Add UPDATING entries and bump version Approved by: so From nobody Thu Mar 26 01:27:28 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5jr5YPMz6X54l for ; Thu, 26 Mar 2026 01:27:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5jr3gKtz3Ry2 for ; Thu, 26 Mar 2026 01:27:28 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488448; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GXimvZHQYVK+zzu25BcxSQnjRn9TEguKPgZxWxla+vw=; b=D0f2sdxiGKPTCe2BnULy5wzDtJnIE8hQLV4bsHmPBlx3oIYgiUTfG8elyTWOCTGzrj12Xu 8cw5UYjzsA/zdLDA964YnoOPI83puVATUf/DfybXdGw7Wwt+jxSGGBcZjey2a+0FF9pLjr FCl/MkjnRIF39P3dOlIbXfuU6WnF75sfJflJ/qFqJg2vCfkENJe9v5Jo25c5XlGooNP92N igGZyYoJlL1Ql9BM8oZLrUFn0gM8nym2PM2UbDi+UmxGtzfjbhQGvbSPatIeDkc1gCP2R1 AYSgDKn0ZZU8VVWxaPBNUDz1yJiMzPaBDLmf5T+Kgt14WNtVZgTDD9BIxcaxLg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774488448; a=rsa-sha256; cv=none; b=ONQvBOSDQCTTmjno1S7hGLDnq81HHOmOum8P54vQKajqKZK01tnO2i4JablKu1daTxyUex 5EiK/5ia37gnhDlH0Wu9x8AMir+1fuQrn46/rm2vmSe5FzOorcXm7XRVBdxLD7yPXHfrON tFFhmyv2fuvl9G29aQP1JLOg+sn6sUFvk8oPOejTFVMTj2X3Y2Wl9y1Wf1uQC1GSqRRZDg jejzUjbJyLzw8LATbAUWfhRd/s1jdIRr+jdSqWKYIcohlW7Lz2Z4Wcquz2dv14Xl43VSBV hZncyDjZSC+fgQYDWTjg8qkp40YeNJtUUCMpHPkBPfGxJfHBDZa+1z+KGm/E7A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488448; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GXimvZHQYVK+zzu25BcxSQnjRn9TEguKPgZxWxla+vw=; b=jyVML05B9245W7gCXzUmDbmP2ODx0c+qUicx7GB7NhzRSMQqpsmHcU9KlT/yImQqIa0ruO +Av9zJYLEI7Md7aZxGDON6jmUrMnC97yJqTlDHRQIrNjvNS0+q3XBmtXHkLATgVcBJJBwz /kBpJq34U7qf25c2Wp1Iuix3KFHEdQSsCASSDZNts+bpEMSQMV+ocu+h6v6CzM6qXXpfnf avyGBO+c+Pl4rBLGiy6ZLSKkPBbFXRl7R/F5fhMiidPW95xo632bkFgS4u+3NCQKaGzlhr 0pNJeGCLB+fLiI/154d3GmYpGpP2LosUXZl2+EGKygaI7WWi5CLxIqWo+tsvLQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5jr2rzpzWGc for ; Thu, 26 Mar 2026 01:27:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 19f86 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:27:28 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Philip Paeps Subject: git: 548b0f63e34e - Create tag release/14.3.0-p10 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/tags/release/14.3.0-p10 X-Git-Reftype: annotated tag X-Git-Commit: 548b0f63e34e5cad2fb4803152c5dafd0201ae52 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:27:28 +0000 Message-Id: <69c48b80.19f86.50626b02@gitrepo.freebsd.org> The annotated tag release/14.3.0-p10 has been created by philip: URL: https://cgit.FreeBSD.org/src/tag/?h=release/14.3.0-p10 tag release/14.3.0-p10 Tagger: Philip Paeps TaggerDate: 2026-03-26 01:25:44 +0000 Tag FreeBSD 14.3-RELEASE-p10 commit 2321f541c307590bb326f6785047275faf4c981b Author: Philip Paeps AuthorDate: 2026-03-25 06:09:04 +0000 Commit: Philip Paeps CommitDate: 2026-03-25 16:13:44 +0000 Add UPDATING entries and bump version Approved by: so From nobody Thu Mar 26 01:28:46 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5lL2SSWz6X5Cw for ; Thu, 26 Mar 2026 01:28:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5lL1kgsz3SDW for ; Thu, 26 Mar 2026 01:28:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488526; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1kJ43XqtHPYfN9joVcZN4nwlTu9atQR4PUZAz2dS/So=; b=kD3uJQ/7/nhMHYmq/H1g8WY6XBWYyuHALNbX2YsbJro7NzVolJVDuf0XDxsIQLzzBkfnI3 Rhzdd5WFDkZSQ0TjT6TqtxHuWtsxbzzdGhItYIwSC8Tj48u8F/8ppCdFWdY6Q/uZzJiPxv qrIC1vIzLOu53jqSmKYAs4cbHPm3kkRgMMbtxWsNLKvDdq3Kk1ijeW1JRrgAnJte+4z4Uv 7mmTWokumGtuy9p+k1oradCE4rqcW100YpNN4zd0rBuLpzE2a4sa5Nt9b5Mwiuovt9SEX6 LromvjsQ2qkAwO3McZxpUGhzfK0UmbKpIY5rd/hI1aA3dWsND/DOnAyazxhh5A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774488526; a=rsa-sha256; cv=none; b=SJUOIxYamhwgSxlCvBVhv2ZQIlkOOXNMvpHkC6uGWP+QMNymnP8ugUIopnsD3uvHOavhbF yD/VjLxDK7RSWpJEZvHWsXAWgZI3j2PS1yxx6YBkl279thbF58J6kFoLG9GgQ+LViuT9AR iPVbW6PpGclIVszphle9gc5mTHqOb88Ah9/bH1DGyZk38fqWMUe4GTAmK2NbQ19m/mdzNT eQ6TBJTrF1q8yIqtm/EM989pR7KgvJXu7ViL9Pd9XwswGf9+kCshTAv6sfSfQaILKURBaf l4CdBJoei56oW34yb3P2VdSUODtnMoS93hnNedE6SsNGJjRMtxWPJU9rJSn2ZQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488526; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1kJ43XqtHPYfN9joVcZN4nwlTu9atQR4PUZAz2dS/So=; b=NsxzTmIFtXtkedmH8Xdc8TymqkXUYSfnzoFmUpjIG77JeR3J0RCb7YApHjeFnB+MPUzjq3 wDQoQXfIxZk+rQrvxCbmPeWwWcUR9FpfzHnLD6hrcmncICFR2i9wPWA+ANuiFmT+/31g/+ WJ78nCxDfUDVBQblDE/QOYw+QAea3ZOOcVjBuR9Emw882dveePRORH1zhugonsgmiD2W9U N30Ne+RZMe/4VkHwfnM0E2fzJtuH2Bgi/XXC63JogcIdGDja7K9Rv6ebJCRANBM3e9hPyE VjcmEJQbg3nv0f0IfaLH0i5pUSxkd/x6Yk8YAkFbUYcLurndFl2Q4MPEN8KFNQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5lL0wqqzW9f for ; Thu, 26 Mar 2026 01:28:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 191c3 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:28:46 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Michael Tuexen From: Gordon Tetlow Subject: git: b45e7530ffb9 - stable/14 - tcp: plug an mbuf leak List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: b45e7530ffb92fbaa24ad25c368479d4eb80dbf4 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:28:46 +0000 Message-Id: <69c48bce.191c3.69ca1884@gitrepo.freebsd.org> The branch stable/14 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=b45e7530ffb92fbaa24ad25c368479d4eb80dbf4 commit b45e7530ffb92fbaa24ad25c368479d4eb80dbf4 Author: Michael Tuexen AuthorDate: 2026-03-25 05:53:56 +0000 Commit: Gordon Tetlow CommitDate: 2026-03-26 01:28:29 +0000 tcp: plug an mbuf leak When a challenge ACK should be sent via tcp_send_challenge_ack(), but the rate limiter suppresses the sending, free the mbuf chain. The caller of tcp_send_challenge_ack() expects this similar to the callers of tcp_respond(). Approved by: so Security: FreeBSD-SA-26:06.tcp Security: CVE-2026-4247 Reviewed by: lstewart Tested by: lstewart Sponsored by: Netflix, Inc. (cherry picked from commit 6b2d6ccad2552e46a5c9c3ba70b2d0ed27c70ca8) --- sys/netinet/tcp_subr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 81b378f496c9..32c30dc4d067 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -2276,6 +2276,8 @@ tcp_send_challenge_ack(struct tcpcb *tp, struct tcphdr *th, struct mbuf *m) tcp_respond(tp, mtod(m, void *), th, m, tp->rcv_nxt, tp->snd_nxt, TH_ACK); tp->last_ack_sent = tp->rcv_nxt; + } else { + m_freem(m); } } From nobody Thu Mar 26 01:28:47 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5lM3X56z6X5PH for ; Thu, 26 Mar 2026 01:28:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5lM2Jbcz3SK1 for ; Thu, 26 Mar 2026 01:28:47 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488527; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+kFw9oIQO6YLpNO5tc8BU03x9eCWA61fGq3jRvYSCek=; b=usTB8VHwoKpOEjP4JcD6OeM3Ju8pc6xS8oKjXzuKoQhRFHad740lnHRqxeD9UucKgxc7+n GJhsILcVHEMhQaohCRXta3A4oT+EUzT7zp5K13HXO9i1i4D9r3lu+Q8UbUUm/j5nY3rNGI ilJjG28id+rHRIRROkOpEq530doy5hygeTToJwrcr4t5jtf+MK8a+2av+pKH8Rqh93DvfE XAZscrMPdfFboRxfSDO+ltzufGxIKXuqOt1G6tE5MpM8CUM2+Y2yIuuNm+7lcR6/HkOy7Q //Hj3pcmrGosqcJIkVvYr+8xuxHQ5CaQHVcNQJJMCR5SqsacXwkE5mr5ygbcWg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774488527; a=rsa-sha256; cv=none; b=MY3IL9NlcOruR91evvS3DK0Fp9QoWppQV662eHBCzLG4MnFiOiDiYohaZ9D1ez7pSE2wbM oLSVi6UnGnsuv11uM4iBuwvO7fuNjM4pMdepqvftelCgeHn0/DFgvLpy75c8HxiesDjn18 mGluTT/hCrZibLc7m9E/2ua6YH1QKKUb7tFroWQCuW40oshHPHDfQ/M8TfhIc5DuscqDob y6bInHPqxg4jqjHE7zJfEHl4YFEOeHZ6m8DFdeKRPpuM7Ezs6SXSQmFKSJX7eBCIjQiTEI mMNW3VP4ZhUWICDx3uBZZ/M/P+X9VLaZaxMJntnx5UL/kuA81875EjhFOAOu/g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488527; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+kFw9oIQO6YLpNO5tc8BU03x9eCWA61fGq3jRvYSCek=; b=tYQ06i94pYtOniW4HU1lYBS7Gn6usF7ymVFK5m1SuZD4VcRPvaRF5wRAHDTdhhJmaJ58+Q X6oaWq0A6WIZBnYBBa0hv1y0XbNuLWfJCx2FBysn7er+iClLldkqCj7DrKbkda/i4au1cM G7Og+M3DpLdxiBZRF08zbq/gz+4uVNkRdvb83MB2A78a2UKAr7bUZ97xKGw75fQEiBIsfC sTGrlNORWOs8HdmkvfHtdrN2LBOJAJPg9yiNcdG3uH82i3Xn0x8nANAoA1A/GyR/Vp3O0y M9J8JD+pft6/KqTZvoG3XjPafrQxJl87WK6ZXnic2Qe7wBCDBpUaxrMYvLta4w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5lM1m6kzVFx for ; Thu, 26 Mar 2026 01:28:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 190b9 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:28:47 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Mark Johnston From: Gordon Tetlow Subject: git: e5ed09ffd592 - stable/14 - rpcsec_gss: Fix a stack overflow in svc_rpc_gss_validate() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: e5ed09ffd5927040a789b4333a856279181cef4a Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:28:47 +0000 Message-Id: <69c48bcf.190b9.598a9ef2@gitrepo.freebsd.org> The branch stable/14 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=e5ed09ffd5927040a789b4333a856279181cef4a commit e5ed09ffd5927040a789b4333a856279181cef4a Author: Mark Johnston AuthorDate: 2026-03-24 02:12:42 +0000 Commit: Gordon Tetlow CommitDate: 2026-03-26 01:28:31 +0000 rpcsec_gss: Fix a stack overflow in svc_rpc_gss_validate() svc_rpc_gss_validate() copies the input message into a stack buffer without ensuring that the buffer is large enough. Sure enough, oa_length may be up to 400 bytes, much larger than the provided space. This enables an unauthenticated user to trigger an overflow and obtain remote code execution. Add a runtime check which verifies that the copy won't overflow. Approved by: so Security: FreeBSD-SA-26:08.rpcsec_gss Security: CVE-2026-4747 Reported by: Nicholas Carlini Reviewed by: rmacklem Fixes: a9148abd9da5d (cherry picked from commit 143293c14f8de00c6d3de88cd23fc224e7014206) --- lib/librpcsec_gss/svc_rpcsec_gss.c | 9 ++++++++- sys/rpc/rpcsec_gss/svc_rpcsec_gss.c | 10 +++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/librpcsec_gss/svc_rpcsec_gss.c b/lib/librpcsec_gss/svc_rpcsec_gss.c index e9d39a813f86..73b92371e6d0 100644 --- a/lib/librpcsec_gss/svc_rpcsec_gss.c +++ b/lib/librpcsec_gss/svc_rpcsec_gss.c @@ -758,6 +758,14 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, memset(rpchdr, 0, sizeof(rpchdr)); + oa = &msg->rm_call.cb_cred; + + if (oa->oa_length > sizeof(rpchdr) - 8 * BYTES_PER_XDR_UNIT) { + log_debug("auth length %d exceeds maximum", oa->oa_length); + client->cl_state = CLIENT_STALE; + return (FALSE); + } + /* Reconstruct RPC header for signing (from xdr_callmsg). */ buf = rpchdr; IXDR_PUT_LONG(buf, msg->rm_xid); @@ -766,7 +774,6 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, IXDR_PUT_LONG(buf, msg->rm_call.cb_prog); IXDR_PUT_LONG(buf, msg->rm_call.cb_vers); IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); - oa = &msg->rm_call.cb_cred; IXDR_PUT_ENUM(buf, oa->oa_flavor); IXDR_PUT_LONG(buf, oa->oa_length); if (oa->oa_length) { diff --git a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c index 64038240ab37..031e6af5c1b2 100644 --- a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c +++ b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c @@ -1107,6 +1107,15 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, memset(rpchdr, 0, sizeof(rpchdr)); + oa = &msg->rm_call.cb_cred; + + if (oa->oa_length > sizeof(rpchdr) - 8 * BYTES_PER_XDR_UNIT) { + rpc_gss_log_debug("auth length %d exceeds maximum", + oa->oa_length); + client->cl_state = CLIENT_STALE; + return (FALSE); + } + /* Reconstruct RPC header for signing (from xdr_callmsg). */ buf = rpchdr; IXDR_PUT_LONG(buf, msg->rm_xid); @@ -1115,7 +1124,6 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, IXDR_PUT_LONG(buf, msg->rm_call.cb_prog); IXDR_PUT_LONG(buf, msg->rm_call.cb_vers); IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); - oa = &msg->rm_call.cb_cred; IXDR_PUT_ENUM(buf, oa->oa_flavor); IXDR_PUT_LONG(buf, oa->oa_length); if (oa->oa_length) { From nobody Thu Mar 26 01:30:12 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5n13tbyz6X5DP for ; Thu, 26 Mar 2026 01:30:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5n0620pz3T1H for ; Thu, 26 Mar 2026 01:30:12 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488612; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NKhKzb5KHK8MnMmH3ERJjdacnZXMaXlCrPV65sTlPs8=; b=IHCnty39L9W4s5PQcq6ZY0qrBcEMRswgyQx2m9sQM/giVcUZQbRLwH2/KkAgB3NkiN5Rle TDGjz3vUbH4sAQoaEzjzh62TGGf9RfhWF4i8ifiS5xZmhGdaz6OIk7dntdLjJJTYSuoTLm FZjm9+/yoVVfL8vkcQ5KTvqgMxCzMDieHvABdXQ/ysKSp16EGlfcmkn3BDCU8wt6XrGfJU 8R3I18RP1TIYusPUWK7Wzn/nYrPn6WIEyuBPVPgjxooeYdiSUyxdggn4rfDZ+IbuW05yR7 UQ1MqFAzwgN4S8bGQQH9h1+BiVBW7x8FNv61Kbblmgt3UBztmCLA9e8sG8ZABQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774488612; a=rsa-sha256; cv=none; b=TUGf8JeD5mmnq1CF1J6BY3r29auiO6O1qTQyS+gUq7CbiYGM7dWvJvS9OC2uohp9rbNryd suz61SAX7iGmkNvaNGSkm2/rqzqEU2Zsi2HkL1/3Ao2MXOSvKwxkpfYS93AKbm2h28Ulha v9qEND9Ib6zuVvn2KyFf6XcOTBnHdIO234UYnypWCp0oFC0nigPmRvUB2jZlDUMdlgeeLL mWgHkTkwLwdp5OwLUNKeNZAqVqK7tQgBnfLORFNCeQXVT10cMVKyRa4rZgEYk4ByLQYbY9 T6QR1Qfn4J8DvXu61F4e2/qRmagWDczGNkOSNXkg57N0WF8Srqof5WYGW8WDGQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488612; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NKhKzb5KHK8MnMmH3ERJjdacnZXMaXlCrPV65sTlPs8=; b=MbrAbt2AEReEp0UU6pYeOHXVsJeaDc/BNR780LLnusb7RG9zy32MBCi0R+Nu/U3t/GFpD+ z+ylDS/9c6dANEuXYoYCUJ46IDV5m4ahC/pWTHJxPrl1nwIiShyJABnJy/zglppRIptH+D d1gW6d6zXBKj6DuJr2NBAGaZLckwhl4yZtsd43VDKknddrMUJWqvLMvSGm3WD2RQpxUy1C uwB3mJBDi/S4CT4KXMJF8vl5jzSyQkn8S0pR1/s50IofhO46fGR3GrTEUCc8V2oo9vUemU Q8ThlSQLHtkcdS9UQi9YJdCBkmKmard02dEpJdfe/3t1Yb94X6mZCG/s0NFu5g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5n05VldzWH1 for ; Thu, 26 Mar 2026 01:30:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1c11f by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:30:12 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Mark Johnston From: Gordon Tetlow Subject: git: 99ec7f9b9e48 - stable/13 - rpcsec_gss: Fix a stack overflow in svc_rpc_gss_validate() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 99ec7f9b9e4836733fbfeea272422a4d0d7adfd8 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:30:12 +0000 Message-Id: <69c48c24.1c11f.4f743d75@gitrepo.freebsd.org> The branch stable/13 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=99ec7f9b9e4836733fbfeea272422a4d0d7adfd8 commit 99ec7f9b9e4836733fbfeea272422a4d0d7adfd8 Author: Mark Johnston AuthorDate: 2026-03-24 02:12:42 +0000 Commit: Gordon Tetlow CommitDate: 2026-03-26 01:30:00 +0000 rpcsec_gss: Fix a stack overflow in svc_rpc_gss_validate() svc_rpc_gss_validate() copies the input message into a stack buffer without ensuring that the buffer is large enough. Sure enough, oa_length may be up to 400 bytes, much larger than the provided space. This enables an unauthenticated user to trigger an overflow and obtain remote code execution. Add a runtime check which verifies that the copy won't overflow. Approved by: so Security: FreeBSD-SA-26:08.rpcsec_gss Security: CVE-2026-4747 Reported by: Nicholas Carlini Reviewed by: rmacklem Fixes: a9148abd9da5d (cherry picked from commit 143293c14f8de00c6d3de88cd23fc224e7014206) --- lib/librpcsec_gss/svc_rpcsec_gss.c | 9 ++++++++- sys/rpc/rpcsec_gss/svc_rpcsec_gss.c | 10 +++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/librpcsec_gss/svc_rpcsec_gss.c b/lib/librpcsec_gss/svc_rpcsec_gss.c index e9d39a813f86..73b92371e6d0 100644 --- a/lib/librpcsec_gss/svc_rpcsec_gss.c +++ b/lib/librpcsec_gss/svc_rpcsec_gss.c @@ -758,6 +758,14 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, memset(rpchdr, 0, sizeof(rpchdr)); + oa = &msg->rm_call.cb_cred; + + if (oa->oa_length > sizeof(rpchdr) - 8 * BYTES_PER_XDR_UNIT) { + log_debug("auth length %d exceeds maximum", oa->oa_length); + client->cl_state = CLIENT_STALE; + return (FALSE); + } + /* Reconstruct RPC header for signing (from xdr_callmsg). */ buf = rpchdr; IXDR_PUT_LONG(buf, msg->rm_xid); @@ -766,7 +774,6 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, IXDR_PUT_LONG(buf, msg->rm_call.cb_prog); IXDR_PUT_LONG(buf, msg->rm_call.cb_vers); IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); - oa = &msg->rm_call.cb_cred; IXDR_PUT_ENUM(buf, oa->oa_flavor); IXDR_PUT_LONG(buf, oa->oa_length); if (oa->oa_length) { diff --git a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c index 93a41dc045cc..8e98a87b36be 100644 --- a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c +++ b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c @@ -1079,6 +1079,15 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, memset(rpchdr, 0, sizeof(rpchdr)); + oa = &msg->rm_call.cb_cred; + + if (oa->oa_length > sizeof(rpchdr) - 8 * BYTES_PER_XDR_UNIT) { + rpc_gss_log_debug("auth length %d exceeds maximum", + oa->oa_length); + client->cl_state = CLIENT_STALE; + return (FALSE); + } + /* Reconstruct RPC header for signing (from xdr_callmsg). */ buf = rpchdr; IXDR_PUT_LONG(buf, msg->rm_xid); @@ -1087,7 +1096,6 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, IXDR_PUT_LONG(buf, msg->rm_call.cb_prog); IXDR_PUT_LONG(buf, msg->rm_call.cb_vers); IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); - oa = &msg->rm_call.cb_cred; IXDR_PUT_ENUM(buf, oa->oa_flavor); IXDR_PUT_LONG(buf, oa->oa_length); if (oa->oa_length) { From nobody Thu Mar 26 01:34:11 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5sc08Ggz6X5wX for ; Thu, 26 Mar 2026 01:34:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5sb6S9Gz3Tl7 for ; Thu, 26 Mar 2026 01:34:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488851; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TWr+uj91o6UhBrkLYd1lEaDdw1N56yZE8cJuVDgA1bI=; b=e6ySpns7LE0mUuh93JG7g6qaGygdwqhB1dQjyLf/C9zTrSYpScml99Zt/VPqjoBubtox24 V57c4eB7CmufA5CFfwUmY24N2U5vF4KW06CgD+ZJ7U5scqMc8gmq9rGn+ZdeuwK3VXz5hd ndeaMPckZ1tvD2gOz0YalHy2Otdj0sfZwlT8YARSdAzEp1x8YQJF1XV5IgQzxg00C+Q0Jm v1imDSJUAx0gq18nTOZiHAKgZljN7Z3SSUDXzJGzytqju4yvm0Rz5lf92GH1kdvmZ9ttQ1 txwmc/RNXv1Eghdfov4dyAFoSbKqt1sHV0H5q8XAaX/Kt0KbgGaMtoBYYPyazw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774488851; a=rsa-sha256; cv=none; b=U3klDMXKkVhIt+4J8uBsgX+y/i2cqdQjalJNHTMWk+X80d4U5lXtmOipPlh4iUSn2BeOr4 iKNTB0JxAvAPrm1KouV7JTvSJczVBVzbvckqEcVz4rsyXx+ZPaqxI1/L4lHk+6sKYP0Trb IQ9qJqdYwKclbHbUC4bBiAdKMxjzIfqMN5hIyM2tLFtzRuayjNb8ERAUXq5s+gDqjRCGMb eOGet3FGrhYAx5Fwf4OGoA9XdUWyCa0isxp5vQQE/i+Ao5TlB861lU2vD5c8/4vrXR3XbK nII02E+y/svengvv43poz7AXjfMwTPk7O7jC8mOv250Is4pY+f4DyGeqL6FBOQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488851; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TWr+uj91o6UhBrkLYd1lEaDdw1N56yZE8cJuVDgA1bI=; b=XcDJDaTJRwSyThGJtNFW4Uap7CJJrtNfVJleqYxs9gCz8P0oP9nchPwbzMpUJWWWLYboZw P0XfGOs6a0tsaIuyW9yiTbkhhiegsu2nMw0S6NabYKn5Zl4kcbPbhcOic+lxQbgWGNQ5sM L4RJsmxEpDqFZf+3mfeNVNHc1H8nFcIWHWMU4iuMBctqpt/4h6YsyCZ8D1CJ4jQtj2JXur AJXaPAyrzBKAHWtuSon63FEbNbqSphSIl8ZlCBK+7dhVjHvQDvKX+tyEXMwEtRoXUUG73C yj6IvCD51VN6LHw6K2qq5aj0RWlLXXxhqVvNqcz2BGYp4BSVr6l2INpYoIyLuQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5sb5xsrzWtH for ; Thu, 26 Mar 2026 01:34:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 19f3d by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:34:11 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Mark Johnston From: Philip Paeps Subject: git: 5c4e558ab4fc - releng/13.5 - Add UPDATING entries and bump version List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.5 X-Git-Reftype: branch X-Git-Commit: 5c4e558ab4fc9ab437e208ff9d7e70c923654a06 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:34:11 +0000 Message-Id: <69c48d13.19f3d.5e775c89@gitrepo.freebsd.org> The branch releng/13.5 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=5c4e558ab4fc9ab437e208ff9d7e70c923654a06 commit 5c4e558ab4fc9ab437e208ff9d7e70c923654a06 Author: Mark Johnston AuthorDate: 2026-03-25 02:16:23 +0000 Commit: Philip Paeps CommitDate: 2026-03-26 01:31:01 +0000 Add UPDATING entries and bump version Approved by: so --- UPDATING | 5 +++++ sys/conf/newvers.sh | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/UPDATING b/UPDATING index 629e14fdcecc..da2cb44b6e3d 100644 --- a/UPDATING +++ b/UPDATING @@ -12,6 +12,11 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before updating system packages and/or ports. +20260325: + 13.5-RELEASE-p11 SA-26:08.rpcsec_gss + + Remote code execution via RPCSEC_GSS packet validation. [SA-26:08.rpcsec_gss] + 20260224: 13.5-RELEASE-p10 SA-26:04.jail SA-26:05.route diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 4506455b52a2..353695cf896c 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -53,7 +53,7 @@ TYPE="FreeBSD" REVISION="13.5" -BRANCH="RELEASE-p10" +BRANCH="RELEASE-p11" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi From nobody Thu Mar 26 01:34:10 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5sh4H5qz6X5wb for ; Thu, 26 Mar 2026 01:34:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5sh0gPwz3VGH for ; Thu, 26 Mar 2026 01:34:16 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488856; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BCPV+sSZ5qKo/xqje/8/lQHFj5swkV+D7SVxoQKI17k=; b=FvD07XM24zU+eZfhqAKHM8w3pBUPRCIdQIU8eYiMBzcoG3w3OCvspozB7d4mWVCVTW8AHD ef9jt33IMvd2m+/reiY10E57mcTegoqAlJ+c+RhFV2MoezLoyCDYpNd/lGW83KdYgEER9u VPV8wSCo3+ODNGRMemWLf/iweRumFNaV+khP6v7RWVgrGKs89gSaTj5eU2U2Zs2I37TmtA d0vq0xfFmVyNEdVjWg1pfn5emjV+eqVHLVN1b4AqTOb2hhwAxF0j526aibBI9AKu04jlme cZ37e6BiS4GSNmtfwjwVznHaaNHNPZzBYxPM/comQUrfKD3Ut2B1oZjrO13FeA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774488856; a=rsa-sha256; cv=none; b=uo1LCCublR7avWqoNvqmHEKdr10MsuuQB9jxB6Wmlb1FLm8uYtZAfzo4GNGpGpB0roqN3E pYNn03Mxzi3EmRAKnKJ0ou9JQ6ts3Qsur38E4VNb7K7zh2AMuVH1KJQoZBJCFZkhqwjKY6 5wKNoVBAqbtnqEwTbRAVSPtjC3Bjr4QCRt0Fn+nMgGm08ngUkk2RhHPbSsPM5yFcgeiNQO WFBk8kau3cy1XgfREjKwzuYb+NEnMJqZxhN8yuZBRRiTYKrBru0XjPATdjliTbteWFsA8p htzukcQfNq3bofbplNImvcLd88Nx/QluqMjZZm1h0rZDcmGpMGwREJaiUy9qVQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488856; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BCPV+sSZ5qKo/xqje/8/lQHFj5swkV+D7SVxoQKI17k=; b=RgowRUw3qp28H0p0HzH4r05cwVCs9Wah8BFFvTxLNeHJo+s+9BRUvA+1VDts9/eqBTzVWt xAR5z38hLR2+lcy92Q9j8acNpfj7/1NODYCHHcYJvS1s5NlCaYOjjyb7NQxJdZ1W4j7lMT xRXieyFT0lG3nR1nDgbZjwrlmvQ2q7+PCJeCDxxwKaFKj+W8Azq5ZW9UaEnClDVc833J9c HIzvziR9vsVix6AktbqZSaLqT+QnVdbUWPflCPjOm0JN4pjKVDmUy29MOQcMXqFYsgCc0+ yuhndfIOJFxbT3Xxz7L2+88g8GBLX0vmh1T2P+chCR6norpILfIByrqeku5njw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5sh05xjzWtL for ; Thu, 26 Mar 2026 01:34:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1c7b0 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:34:10 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Mark Johnston From: Philip Paeps Subject: git: c4f53a1adbd4 - releng/13.5 - rpcsec_gss: Fix a stack overflow in svc_rpc_gss_validate() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.5 X-Git-Reftype: branch X-Git-Commit: c4f53a1adbd4d5209b45043d25e590f0c27b5314 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:34:10 +0000 Message-Id: <69c48d12.1c7b0.4f914cd2@gitrepo.freebsd.org> The branch releng/13.5 has been updated by philip: URL: https://cgit.FreeBSD.org/src/commit/?id=c4f53a1adbd4d5209b45043d25e590f0c27b5314 commit c4f53a1adbd4d5209b45043d25e590f0c27b5314 Author: Mark Johnston AuthorDate: 2026-03-24 02:12:42 +0000 Commit: Philip Paeps CommitDate: 2026-03-26 01:30:59 +0000 rpcsec_gss: Fix a stack overflow in svc_rpc_gss_validate() svc_rpc_gss_validate() copies the input message into a stack buffer without ensuring that the buffer is large enough. Sure enough, oa_length may be up to 400 bytes, much larger than the provided space. This enables an unauthenticated user to trigger an overflow and obtain remote code execution. Add a runtime check which verifies that the copy won't overflow. Approved by: so Security: FreeBSD-SA-26:08.rpcsec_gss Security: CVE-2026-4747 Reported by: Nicholas Carlini Reviewed by: rmacklem Fixes: a9148abd9da5d --- lib/librpcsec_gss/svc_rpcsec_gss.c | 9 ++++++++- sys/rpc/rpcsec_gss/svc_rpcsec_gss.c | 10 +++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/librpcsec_gss/svc_rpcsec_gss.c b/lib/librpcsec_gss/svc_rpcsec_gss.c index e9d39a813f86..73b92371e6d0 100644 --- a/lib/librpcsec_gss/svc_rpcsec_gss.c +++ b/lib/librpcsec_gss/svc_rpcsec_gss.c @@ -758,6 +758,14 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, memset(rpchdr, 0, sizeof(rpchdr)); + oa = &msg->rm_call.cb_cred; + + if (oa->oa_length > sizeof(rpchdr) - 8 * BYTES_PER_XDR_UNIT) { + log_debug("auth length %d exceeds maximum", oa->oa_length); + client->cl_state = CLIENT_STALE; + return (FALSE); + } + /* Reconstruct RPC header for signing (from xdr_callmsg). */ buf = rpchdr; IXDR_PUT_LONG(buf, msg->rm_xid); @@ -766,7 +774,6 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, IXDR_PUT_LONG(buf, msg->rm_call.cb_prog); IXDR_PUT_LONG(buf, msg->rm_call.cb_vers); IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); - oa = &msg->rm_call.cb_cred; IXDR_PUT_ENUM(buf, oa->oa_flavor); IXDR_PUT_LONG(buf, oa->oa_length); if (oa->oa_length) { diff --git a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c index 93a41dc045cc..8e98a87b36be 100644 --- a/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c +++ b/sys/rpc/rpcsec_gss/svc_rpcsec_gss.c @@ -1079,6 +1079,15 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, memset(rpchdr, 0, sizeof(rpchdr)); + oa = &msg->rm_call.cb_cred; + + if (oa->oa_length > sizeof(rpchdr) - 8 * BYTES_PER_XDR_UNIT) { + rpc_gss_log_debug("auth length %d exceeds maximum", + oa->oa_length); + client->cl_state = CLIENT_STALE; + return (FALSE); + } + /* Reconstruct RPC header for signing (from xdr_callmsg). */ buf = rpchdr; IXDR_PUT_LONG(buf, msg->rm_xid); @@ -1087,7 +1096,6 @@ svc_rpc_gss_validate(struct svc_rpc_gss_client *client, struct rpc_msg *msg, IXDR_PUT_LONG(buf, msg->rm_call.cb_prog); IXDR_PUT_LONG(buf, msg->rm_call.cb_vers); IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); - oa = &msg->rm_call.cb_cred; IXDR_PUT_ENUM(buf, oa->oa_flavor); IXDR_PUT_LONG(buf, oa->oa_length); if (oa->oa_length) { From nobody Thu Mar 26 01:35:33 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fh5v95HkSz6X62B for ; Thu, 26 Mar 2026 01:35:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fh5v94gsnz3Vd0 for ; Thu, 26 Mar 2026 01:35:33 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488933; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=UZ8MmcT1A8upupQ/bjiL/TVbT6O2sLSV0RAnPlSZOaQ=; b=r9QWwf5P5ESqqsX7EdBM8+dUSMmvc9qeOQicsB2EtuAjBUzJjUy8jGiKSEC5xOZB06LpTf VmdDnj21cyfsXrQuh9k8HTfFm+mcmoE8SxUYB6A/CnNYnTQ8JOGaSPtbM3fY5b5nR/3MhT 9qejEJdgUhXz6EPdFJ+hXtZ9EgFH0s6IBwwpcvUwf9Dzbro60ludfWeSbSWr4cyRBYQRJB Ey2Rklom1wn6YLPJmQZZL+31jGjet0l+eLLOd+sILpXfOaQK8N2lwfBJAuH/+IskrAMJSQ h3eqBhHb/ygVWQLCMCd35rtZ9FUgDaigcVXYN4NeGkNRYgmNZdeg6CW49XjZ0Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774488933; a=rsa-sha256; cv=none; b=ZuiVKHlYrqoAPhXkBwQnmWjhXZuuiUzBX1bGn+2XOiR3BMrGxYNXYxtZoD75fqXHl2G+SF Xs9kb18B94daseBhTRXeDZ8uhJa6/XW0OiEJjnR598Woje+5/PLVn+DYFReiwLJk5KGjr1 JhhqBTqMbSRF1+l3ji8nSLpGP+XyS8ABnfEOwHVYrxyb7dVWhqeZsWNLL3y2a8cO6YKoIE so1KrVhaT8FArHQbeiStO70IxzBQyIs7wSpV/n3dg+WL8bxdsZNUegYQqgD1c+CitWGFqU VkVHp92IVebDyD4oops9E/lHgtNvDW+DM25uR6GW094TFHJXoS3c+EkeTnOI6g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774488933; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=UZ8MmcT1A8upupQ/bjiL/TVbT6O2sLSV0RAnPlSZOaQ=; b=PVnMyXwvP4Yp0HXrnV4Km0sOe+z3PrWG1L/8fn9iCLu8NknclvHSPf4uK9Yeve1+mFacls IRAhrHfgMJ+0r64r4lsgsYA24aA0mqNynDheihVcSuWMYtgbsAXtYfMvW90vvGopTKlL1y vXbRZ62QRTrq8Oi+Bqj4RTwU6SiCQ3LmuYzb4ZzQX6dQPW0kamEQ2qOFaj0OEtZEd6+sdd ljeL+rYn5DFrghWXVR85dP3szI/w7N5gNRlPKHFRzeC81sU3YH5e70aSFAf5gP67F+fyGo xczliH+Y0+H0DN4+4pmUXwf4YyWjteT6jcJ8MY20i8EyLxa4tp6ILivKO3ZFiw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fh5v93kZXzWtM for ; Thu, 26 Mar 2026 01:35:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 19eab by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 01:35:33 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Philip Paeps Subject: git: 8c3b69a72907 - Create tag release/13.5.0-p11 List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: philip X-Git-Repository: src X-Git-Refname: refs/tags/release/13.5.0-p11 X-Git-Reftype: annotated tag X-Git-Commit: 8c3b69a72907300569bb1b5555f4906a05bb57d7 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 01:35:33 +0000 Message-Id: <69c48d65.19eab.2edd6adb@gitrepo.freebsd.org> The annotated tag release/13.5.0-p11 has been created by philip: URL: https://cgit.FreeBSD.org/src/tag/?h=release/13.5.0-p11 tag release/13.5.0-p11 Tagger: Philip Paeps TaggerDate: 2026-03-26 01:33:41 +0000 Tag FreeBSD 13.5-RELEASE-p11 commit 5c4e558ab4fc9ab437e208ff9d7e70c923654a06 Author: Mark Johnston AuthorDate: 2026-03-25 02:16:23 +0000 Commit: Philip Paeps CommitDate: 2026-03-26 01:31:01 +0000 Add UPDATING entries and bump version Approved by: so From nobody Thu Mar 26 05:42:34 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhCNB6sWhz6WDvD for ; Thu, 26 Mar 2026 05:42:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhCNB6JZSz3Y3w for ; Thu, 26 Mar 2026 05:42:34 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774503754; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Op/PIPu3FDWcijhUgrWKs+ACeXaPqFtA9cYi5nAvwjA=; b=M3mfPsDnV/1bUpeb721bKj0TNTBVgJ/ZZDXX1FiMozwk5tGnBuRC3kqBEslbL/oM8vSSFn KPta7TL3fypzaKnT1lYEHwvIDtmKWFYfPFRUw9RvkAZCs2ICtaEJmVFz8A512HGqe1kzXM yqqyyGXGg3Ov2nn3FvVvKUnhxvUzyFdypJAXGUeE3Ti1fblNR/bi0C7e8G/P9HrL0K2OyJ VxZGUyZWx4hHFEoIvnh0/LFdYBUGw589lL1o+GMa+4efWfHKOzKqy7qRTw/h03XFBAGnhi Wxb/UcamdLDocDzRzZBAI4B+dt+RmSe/vckYYBsZXGmK8ysJzPo7YskbPG0fmw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774503754; a=rsa-sha256; cv=none; b=pfssUvcRM3wOfJNvT384YdQn71OoZIsjnMd/O5ascA5+UXKq5NWZ/0gQDXbO1uHsYjVJtZ 7v/3fd/O0pdJTh1iFh+U8oAa/CBvS354bnoZfigRLm5Uu9ZcDWvuo1GBNaM0Ik4BrI7wCQ NDKY/7N6yhhg8/ufLERRcZ3p6P2bZytjlSINMllaRCAyBM1y0yrFqUQzVYrnYGfU648hwI 6nH+oNU5JPoBj5LzFGMCAamSo/YDmsIlU8o1T0/r4dzqcVqNIFSeQnSko/TpSeAEKx9ntB vjrLUFasQGJE8WJFBLFNzrt1UkLETLCuqP1CiCXlSFRne96bWsOBsQ10qir9mg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774503754; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Op/PIPu3FDWcijhUgrWKs+ACeXaPqFtA9cYi5nAvwjA=; b=dD0bygfoJHlD1LfwOh43YaKYiTDfZUBgg3Dnv8LfoiWLyZ+9IHw0G9g9W0h/AA+wxW6zSP YaD3ZuvU7NLF9jmV+IWGHiwOeDBtFzne5yolrgoVV0sgFCkN7GBpQfnIQ/wSbY1Qp3z8D0 gVZFtZqUZ8fXskMAaFSQdHgfiRKhLjFlYYYm/SBQVsOb94i7bG/vM/EV6RZi9oskcGEYbx HzNttqSqs5T6iVjEtotCYN+w2N1oH1ucUTZV+AQXZsj9NG+7SfCQkI2JLW6X4lyS8KDHdx XcvDct0yAmKuljxCXb3a2WvIHgfCHdZYiI2HHBiO8AW/6KcDj4Rz53B67/kJ0Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhCNB5rPpzfly for ; Thu, 26 Mar 2026 05:42:34 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3ea6a by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 05:42:34 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kirk McKusick Subject: git: b0ef93ae3f63 - stable/15 - Delete error-check code that can never happen. List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mckusick X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: b0ef93ae3f63a31a493d00a8d9e43b411384ef51 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 05:42:34 +0000 Message-Id: <69c4c74a.3ea6a.3f3fd193@gitrepo.freebsd.org> The branch stable/15 has been updated by mckusick: URL: https://cgit.FreeBSD.org/src/commit/?id=b0ef93ae3f63a31a493d00a8d9e43b411384ef51 commit b0ef93ae3f63a31a493d00a8d9e43b411384ef51 Author: Kirk McKusick AuthorDate: 2026-03-19 00:45:23 +0000 Commit: Kirk McKusick CommitDate: 2026-03-26 05:42:21 +0000 Delete error-check code that can never happen. Near the top of kern_mmap() that implements the mmap(2) system call, it sets prot = PROT_EXTRACT(prot); with So prot can only be the three PROT_ flags. The following test of the user's mmap(2) parameters (near line 275 in vm/vm_mmap.c): if (prot != PROT_NONE && (prot & ~(PROT_READ | PROT_WRITE | PROT_EXEC)) != 0) { return (EXTERROR(EINVAL, "invalid prot %#jx", prot)); } can never fail. This commit deletes it. No functional change intended. Reviewed by: kib Sponsored by: Netflix (cherry picked from commit 51446d33c6fbc27ce21f54ebb4c27caace48c3be) --- sys/vm/vm_mmap.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/sys/vm/vm_mmap.c b/sys/vm/vm_mmap.c index 234586893b59..cb5906440f56 100644 --- a/sys/vm/vm_mmap.c +++ b/sys/vm/vm_mmap.c @@ -271,10 +271,6 @@ kern_mmap(struct thread *td, const struct mmap_req *mrp) return (EXTERROR(EINVAL, "both SHARED and PRIVATE set (flags %#jx)", flags)); } - if (prot != PROT_NONE && - (prot & ~(PROT_READ | PROT_WRITE | PROT_EXEC)) != 0) { - return (EXTERROR(EINVAL, "invalid prot %#jx", prot)); - } if ((flags & MAP_GUARD) != 0 && (prot != PROT_NONE || fd != -1 || pos != 0 || (flags & ~(MAP_FIXED | MAP_GUARD | MAP_EXCL | MAP_32BIT | MAP_ALIGNMENT_MASK)) != 0)) { From nobody Thu Mar 26 05:48:11 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhCVg5NdZz6WFPp for ; Thu, 26 Mar 2026 05:48:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhCVg4nvQz3b7s for ; Thu, 26 Mar 2026 05:48:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774504091; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nh74RB8x9hZLjiE35xuSod3pkMgL0OF28iO/mIqAPy8=; b=q06VCvTgPAHPRTXG9vBALU6lfy9jk3R1Aubkb3r+mPgPILQBC2zFrXhobFPmnFd0RJxsMI F1cgxNLdjDHIC9RioEm68kyFFUpTMtJRAYq5vbZ9IA+NhGOgPGt5bpzE3hmxN8V6mRm6qI cGn5LHcvKt1UV6sGgmX/uME6qZb5GbtWmXh1DtaA3YMaQsYvnJS2DfT4XhvYbIywrD+Rxp 1tN2MiPwwrH4z/SfJeA+dOfkFU83Sw2S00ZIM0M0Qe06WB+t3z6ErTKiUDppdHlKlqVDDF 3QR+l418QBH2BtA+yR0aLyLyQv8qQxgbyPD47WlnhtaXMv9rbmFbLhN6I+vFUA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774504091; a=rsa-sha256; cv=none; b=Z9phRaq/IVjKim/mBJ76pu7Wy51vEL+NNNesBwA49U54FgXVD+cOBrypciWMFKpTmMlUDh RK2Pg12yEnf17g9D4BEG6sdBpdRmI9HERfx2uSsDRIvtXb1VH+lexJy2vxsGsW84kKEXvg HHuHOqQHXz1LRm7Ias9tZRIIw+z/4lmb9YuzF6rzJ2NeJkvY6rwsRiLX1+NGhCPR/dym9T S3a2cm0pRhfmWIj8Y8brXG3RCbFD04WBkjtCORCFvuLOssc29UvVA6pOcZNiaDEQpdObzJ m0MJWMrL1NHVKLtsLjMZvrsyUomV3AKU/8LxAa5G4kAUFEioYMo22sQ6yMBKOA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774504091; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nh74RB8x9hZLjiE35xuSod3pkMgL0OF28iO/mIqAPy8=; b=R+M8RKCPpPyMvhR+DKiCMWP6u0BtIWCV8qYtV17bMp8HoF6VcKxcEmXW2G529XDETjMRAv RI+C1IN/6XMZFtQtwWRz28U3BSK6rNkSjIO58x0Z0O5Ku16CBNJkAt2YCDNXwJccIqIBRO BVSrLZGZXSm4j8l2+b4BILVcXrrjvc/QCHiAvGD8USCa/uZ+yPaeFMYnm+M50UyiNIREbI hw1igMUwqoJsgZVICr5vNP3uPosZYxbn3rTFKItWUwc/y64jQ8FGyD2+8tUHDFoyDka+WV xVwoHyzkSNegTORs1UJZz7jaJd8LbnYNvfHd7TVyU/WH5TXObsixCfqGxmXm6w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhCVg43k4zg97 for ; Thu, 26 Mar 2026 05:48:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3e389 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 05:48:11 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kirk McKusick Subject: git: 981cd082a40e - stable/15 - Provide more precise error explanations for mmap(2) EINVAL errors. List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mckusick X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 981cd082a40e92cdee66c1b24439bcd1d1b9fe32 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 05:48:11 +0000 Message-Id: <69c4c89b.3e389.5971b610@gitrepo.freebsd.org> The branch stable/15 has been updated by mckusick: URL: https://cgit.FreeBSD.org/src/commit/?id=981cd082a40e92cdee66c1b24439bcd1d1b9fe32 commit 981cd082a40e92cdee66c1b24439bcd1d1b9fe32 Author: Kirk McKusick AuthorDate: 2026-03-19 00:52:10 +0000 Commit: Kirk McKusick CommitDate: 2026-03-26 05:43:25 +0000 Provide more precise error explanations for mmap(2) EINVAL errors. Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D55888 Sponsored by: Netflix (cherry picked from commit dad6e6fc1ea4b737e9f1661ebd30da5d551e3d4a) --- sys/vm/vm_mmap.c | 36 +++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/sys/vm/vm_mmap.c b/sys/vm/vm_mmap.c index cb5906440f56..8d71bce67d58 100644 --- a/sys/vm/vm_mmap.c +++ b/sys/vm/vm_mmap.c @@ -235,11 +235,15 @@ kern_mmap(struct thread *td, const struct mmap_req *mrp) * pos. */ if (!SV_CURPROC_FLAG(SV_AOUT)) { - if ((len == 0 && p->p_osrel >= P_OSREL_MAP_ANON) || - ((flags & MAP_ANON) != 0 && (fd != -1 || pos != 0))) { - return (EXTERROR(EINVAL, - "offset %#jd not zero/fd %#jd not -1 for MAP_ANON", - fd, pos)); + if (len == 0 && p->p_osrel >= P_OSREL_MAP_ANON) + return (EXTERROR(EINVAL, "mapping with zero length")); + if ((flags & MAP_ANON) != 0) { + if (fd != -1) + return (EXTERROR(EINVAL, + "fd %#jd not -1 for MAP_ANON", fd)); + if (pos != 0) + return (EXTERROR(EINVAL, + "offset %#jd not zero for MAP_ANON", pos)); } } else { if ((flags & MAP_ANON) != 0) @@ -293,10 +297,14 @@ kern_mmap(struct thread *td, const struct mmap_req *mrp) /* Ensure alignment is at least a page and fits in a pointer. */ align = flags & MAP_ALIGNMENT_MASK; - if (align != 0 && align != MAP_ALIGNED_SUPER && - (align >> MAP_ALIGNMENT_SHIFT >= sizeof(void *) * NBBY || - align >> MAP_ALIGNMENT_SHIFT < PAGE_SHIFT)) { - return (EXTERROR(EINVAL, "bad alignment %#jx", align)); + if (align != 0 && align != MAP_ALIGNED_SUPER) { + if (align >> MAP_ALIGNMENT_SHIFT >= sizeof(void *) * NBBY) + return (EXTERROR(EINVAL, "bad alignment %#jx >= %#jx", + align >> MAP_ALIGNMENT_SHIFT, + sizeof(void *) * NBBY)); + else if (align >> MAP_ALIGNMENT_SHIFT < PAGE_SHIFT) + return (EXTERROR(EINVAL, "bad alignment %#jx < %#jx", + align >> MAP_ALIGNMENT_SHIFT, PAGE_SHIFT)); } /* @@ -312,15 +320,17 @@ kern_mmap(struct thread *td, const struct mmap_req *mrp) addr -= pageoff; if ((addr & PAGE_MASK) != 0) { return (EXTERROR(EINVAL, - "fixed mapping at %#jx not aligned", addr)); + "fixed mapping at %#jx not page aligned %#jx", addr, + PAGE_SIZE)); } /* Address range must be all in user VM space. */ if (!vm_map_range_valid(&vms->vm_map, addr, addr + size)) { - EXTERROR(EINVAL, "mapping outside vm_map"); - return (EINVAL); + return (EXTERROR(EINVAL, + "mapping %#jx-%#jx outside vm_map", addr, + addr + size)); } - if (flags & MAP_32BIT && addr + size > MAP_32BIT_MAX_ADDR) { + if ((flags & MAP_32BIT) && addr + size > MAP_32BIT_MAX_ADDR) { return (EXTERROR(EINVAL, "fixed 32bit mapping of [%#jx %#jx] does not fit into 4G", addr, addr + size)); From nobody Thu Mar 26 11:20:45 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhLtQ1y6xz6WnTt for ; Thu, 26 Mar 2026 11:20:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhLtQ00BHz3F8P for ; Thu, 26 Mar 2026 11:20:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774524046; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=z5E/OjJjxmtH6iMPBwHQef1Bax9Si2zA2rXNfC8R+S8=; b=XLUWzBwOPpcEwrq9yk3+etm0W+lEKcjOXWKrEBT/606t75pgs7KAobJousI4jYQnJkHnfh U+uLNdQz0IAwWc3Tf3HHxR/UztCYxSSxoRsVYV6zujA3ORQ014MWzprxin2XTOTcFIuruW I7j2+wRqe3vq+PlKZBthPo/iTFD7Uc7YZVQJ8zH6j/O6IQ8JQlS/G3T1T6JtGIPLdH1F73 YuVJuaArbsohV+vxNQcsl/c0DGwE+UAOLVh1d2wrgs251VvMMRtfoLE6nlu/0ZHia9qHKB Q309bOXJwVj7CfhBMmPw3cQxYhog+ifZkKj5VW2vyCoKfBf5C2oqWWsqDbPfBw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774524046; a=rsa-sha256; cv=none; b=U8kDoopjYoXU53aejLWVwDAlQZSWMN+2F9c6FEWXi56Tv+GlAkOkBaptkvmwC1wPeMsmj1 IOO2jXXWEMeQk0DW1oClfUjZSl0ips6xxXzIZ81u780ZO8mrUjoh93hmEGmEvLbJt5rW17 aUEWgJWh7zkiS2bsRKzucUZQtzVshQWAbqUFSPXrzGvcZ58hYjTSPPciS/HnmSIo5HSnok DKnW+dw9i2n94TxsVg3GL6FSXxhmn4FV6rhD3AltC7LJf/Vxgk9XxrPvWkP9H2S8fLCRei +BOWJ1pTFexJnwyAb8mEWtMbsDIVrMdSiFlpOBUaoN2+x/pGqTPEPGHarHG6jg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774524046; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=z5E/OjJjxmtH6iMPBwHQef1Bax9Si2zA2rXNfC8R+S8=; b=JpY6rFGrRFMkY83syZJDSS2rs0hqFfFJjaW+BtUeeyDlDldO3GLaLVE7x/vyohtf05RES0 PzSBxdSRTIqsHHjQEYVX5vxPXTIMlHHmUJwTGNPkcsoUYWy+7rWa9PTimRZR5F9/Em6Glz sfK6K9LIp21rVgmlGIX7THnbLvtS5cIHcVyGOXqAts+jiNoy/NyVPfurQqd5hanzu9GfIv 2wkhE5+5MReDd/+1ZwmaqTNgzPRzbMuLElM+yU32WfjlaZuuoHiROX0zGpnOScD8klbFQM 1fANso1lckyPFBtxlLN5NNRRN2rK7jr3A2msQInaduk4HGgBsrNiP4LZbOBrUA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhLtP6cKgzq7M for ; Thu, 26 Mar 2026 11:20:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3ae59 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 11:20:45 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Pouria Mousavizadeh Tehrani Subject: git: b51cfb5e3c2e - stable/15 - rtnetlink: Add support for nexthop expiration in new/get route List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: pouria X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: b51cfb5e3c2edbe1c487a80e7e9c7ce8095525e9 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 11:20:45 +0000 Message-Id: <69c5168d.3ae59.3f790dec@gitrepo.freebsd.org> The branch stable/15 has been updated by pouria: URL: https://cgit.FreeBSD.org/src/commit/?id=b51cfb5e3c2edbe1c487a80e7e9c7ce8095525e9 commit b51cfb5e3c2edbe1c487a80e7e9c7ce8095525e9 Author: Pouria Mousavizadeh Tehrani AuthorDate: 2026-02-22 17:46:12 +0000 Commit: Pouria Mousavizadeh Tehrani CommitDate: 2026-03-26 09:12:10 +0000 rtnetlink: Add support for nexthop expiration in new/get route Before this change, netlink only shows nexthop expire value if route is not multipath. Now it can set expire time during route creation. Also, show expire time of multipath nexthops. Reviewed by: glebius MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D55442 (cherry picked from commit ff6d1faa65a1a77d04746b43023feb457cfa27b8) --- sys/netlink/netlink_snl_route_parsers.h | 2 ++ sys/netlink/route/rt.c | 12 +++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/sys/netlink/netlink_snl_route_parsers.h b/sys/netlink/netlink_snl_route_parsers.h index 6b7a8188180d..70a12ad3ad74 100644 --- a/sys/netlink/netlink_snl_route_parsers.h +++ b/sys/netlink/netlink_snl_route_parsers.h @@ -53,6 +53,7 @@ struct rta_mpath_nh { uint8_t rtnh_weight; uint32_t rtax_mtu; uint32_t rta_rtflags; + uint32_t rta_expire; }; #define _IN(_field) offsetof(struct rtnexthop, _field) @@ -67,6 +68,7 @@ static const struct snl_attr_parser _nla_p_mp_nh[] = { { .type = NL_RTA_METRICS, .arg = &_metrics_mp_nh_parser, .cb = snl_attr_get_nested }, { .type = NL_RTA_RTFLAGS, .off = _OUT(rta_rtflags), .cb = snl_attr_get_uint32 }, { .type = NL_RTA_VIA, .off = _OUT(gw), .cb = snl_attr_get_ipvia }, + { .type = NL_RTA_EXPIRES, .off = _OUT(rta_expire), .cb = snl_attr_get_uint32 }, }; static const struct snl_field_parser _fp_p_mp_nh[] = { diff --git a/sys/netlink/route/rt.c b/sys/netlink/route/rt.c index dcd19b43105c..4d7f676d2aec 100644 --- a/sys/netlink/route/rt.c +++ b/sys/netlink/route/rt.c @@ -179,7 +179,7 @@ static void dump_rc_nhg(struct nl_writer *nw, const struct nhgrp_object *nhg, struct rtmsg *rtm) { uint32_t uidx = nhgrp_get_uidx(nhg); - uint32_t num_nhops; + uint32_t num_nhops, nh_expire; const struct weightened_nhop *wn = nhgrp_get_nhops(nhg, &num_nhops); uint32_t base_rtflags = nhop_get_rtflags(wn[0].nh); @@ -206,6 +206,9 @@ dump_rc_nhg(struct nl_writer *nw, const struct nhgrp_object *nhg, struct rtmsg * nlattr_add_u32(nw, NL_RTA_RTFLAGS, rtflags); if (rtflags & RTF_FIXEDMTU) dump_rc_nhop_mtu(nw, wn[i].nh); + nh_expire = nhop_get_expire(wn[i].nh); + if (nh_expire > 0) + nlattr_add_u32(nw, NL_RTA_EXPIRES, nh_expire - time_uptime); rtnh = nlattr_restore_offset(nw, nh_off, struct rtnexthop); /* * nlattr_add() allocates 4-byte aligned storage, no need to aligh @@ -487,6 +490,7 @@ struct nl_parsed_route { uint32_t rta_rtflags; uint32_t rta_nh_id; uint32_t rta_weight; + uint32_t rta_expire; uint32_t rtax_mtu; uint8_t rtm_table; uint8_t rtm_family; @@ -513,6 +517,7 @@ static const struct nlattr_parser nla_p_rtmsg[] = { { .type = NL_RTA_RTFLAGS, .off = _OUT(rta_rtflags), .cb = nlattr_get_uint32 }, { .type = NL_RTA_TABLE, .off = _OUT(rta_table), .cb = nlattr_get_uint32 }, { .type = NL_RTA_VIA, .off = _OUT(rta_gw), .cb = nlattr_get_ipvia }, + { .type = NL_RTA_EXPIRES, .off = _OUT(rta_expire), .cb = nlattr_get_uint32 }, { .type = NL_RTA_NH_ID, .off = _OUT(rta_nh_id), .cb = nlattr_get_uint32 }, }; @@ -851,6 +856,7 @@ create_nexthop_from_attrs(struct nl_parsed_route *attrs, { struct nhop_object *nh = NULL; int error = 0; + uint32_t nh_expire = 0; if (attrs->rta_multipath != NULL) { #ifdef ROUTE_MPATH @@ -907,6 +913,10 @@ create_nexthop_from_attrs(struct nl_parsed_route *attrs, nhop_set_transmit_ifp(nh, attrs->rta_oif); if (attrs->rtax_mtu != 0) nhop_set_mtu(nh, attrs->rtax_mtu, true); + if (attrs->rta_expire > 0) { + nh_expire = attrs->rta_expire - time_second + time_uptime; + nhop_set_expire(nh, nh_expire); + } if (attrs->rta_rtflags & RTF_BROADCAST) nhop_set_broadcast(nh, true); if (attrs->rtm_protocol > RTPROT_STATIC) From nobody Thu Mar 26 11:20:47 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhLtR3qn2z6WnTv for ; Thu, 26 Mar 2026 11:20:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhLtR12zBz3F3j for ; Thu, 26 Mar 2026 11:20:47 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774524047; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=kuzgJBoH35EoDvlpUfplrKaWIL2xtzrfNWj79zDPcro=; b=YiqeJApqFcdR4R67rQv8Q0q9twFmD918uSPjuqbv6wHd1CNtGV6HNH/ChDmPauFZLvQW3s O1GCRz7RPkI00Odj6WW30LfhjU+8N5gYm3LEZLt09SaOV0JO6UTDWtD+4j5cb+K8w18oDk 6DRgGg+256Tkf7Zi9OXdBRFQYQKygCZKIoJhch0YQ++UbXo+Ik+RwAxa79u6l3JgR/Wuij 6NnMirpC2r9GDoCAlTa7feW/Ea/CV9XbGgqoyK3OIo8tPd5v3yfYyT2F/Bh3Xxs7sQ+/qi O6bQPadES99Y7UuZV+Ryov+XZj5IQGr+tkqMYx31AWI5xJwQEsRkflEcZdcpxA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774524047; a=rsa-sha256; cv=none; b=p1DvFnbiSMaoX2RwiZf5tsJCDAhiiOC97XKij3sIYHFiDVQU8Gz5W6yj/HeVivacevY/zY c/QOnsKCOlA817zJiu828y1APj1G24kteVvJUtETTRpQllfAAUoHivTGimhdejWggm0Mw7 2FG/02fudM4TBt/kwxfyKd2OZSPTlfu0plA+SBus2QcsceTHS3S+qjy+gKbDoJKvjKq4fr pVbyrWJGcoXf3sTC5Q+oos0KYfKnInClPwSssjDptaJxgVPfw0dj7W57tPLRLPZL8j2qpw e8XhAxtJRfQOsKVCmamiGpi+9/xRcDfp24G6liijw0bRnosAOb6HO4FYWz4EKg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774524047; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=kuzgJBoH35EoDvlpUfplrKaWIL2xtzrfNWj79zDPcro=; b=q9vDwEliOCv4z7Z3wl9MlKX0ntN2upEMGWgTZGGIs4ZAiwcJ31f7bqMhekDgyER8Owo+3A A0GtU2qIRiCoN4hYJ8Txs3tBZUky8d4exkI2w0vJt0OjtmZyhq1uEvHIpAlLSY9q2UE5+J mDuoUJnMYAQnNawr3ZrN7TjFRKVpfTjYpXuFOpNNOs+SsuVvx6qGm288hBrmPrGUn/JRpT 7zeDS/UFxecDITbFM9FbO3OR1l2gqrijdkf0U2QpHnbUA1vebhR0noG/msP1PzWbPdgnHm JC6CPmAFLsiLT40cnOEyNKPHUF0skrwF2xjKQqV1Da1SaKzFKVTbYJxZVGcVsQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhLtR0K5qzqSk for ; Thu, 26 Mar 2026 11:20:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3ae5d by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 11:20:47 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Pouria Mousavizadeh Tehrani Subject: git: 824f5e72176d - stable/15 - netstat(1): Fix expire column in -r flag using netlink List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: pouria X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 824f5e72176d17fdfc14be0f2c6f752d7972471c Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 11:20:47 +0000 Message-Id: <69c5168f.3ae5d.12b4180c@gitrepo.freebsd.org> The branch stable/15 has been updated by pouria: URL: https://cgit.FreeBSD.org/src/commit/?id=824f5e72176d17fdfc14be0f2c6f752d7972471c commit 824f5e72176d17fdfc14be0f2c6f752d7972471c Author: Pouria Mousavizadeh Tehrani AuthorDate: 2026-02-22 16:35:23 +0000 Commit: Pouria Mousavizadeh Tehrani CommitDate: 2026-03-26 09:12:13 +0000 netstat(1): Fix expire column in -r flag using netlink Reviewed by: glebius MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D55440 (cherry picked from commit 2f7cfeebcc4356d3bb85e953900ba5d3f75831ff) --- usr.bin/netstat/route_netlink.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/usr.bin/netstat/route_netlink.c b/usr.bin/netstat/route_netlink.c index e7b2a1964602..2c4b7a5c6b00 100644 --- a/usr.bin/netstat/route_netlink.c +++ b/usr.bin/netstat/route_netlink.c @@ -218,8 +218,8 @@ p_path(struct snl_parsed_route *rt, bool is_mpath) else xo_emit("{t:interface-name/%*.*s}", wid.iface, wid.iface, prettyname); - if (rt->rta_expires > 0) { - xo_emit(" {:expire-time/%*u}", wid.expire, rt->rta_expires); + if (rt->rta_expire > 0) { + xo_emit(" {:expire-time/%*u}", wid.expire, rt->rta_expire); } } @@ -244,6 +244,7 @@ p_rtentry_netlink(struct snl_state *ss, const char *name, struct nlmsghdr *hdr) rt.rtax_weight = nhop->rtnh_weight; rt.rta_rtflags = nhop->rta_rtflags ? nhop->rta_rtflags : orig_rtflags; rt.rtax_mtu = nhop->rtax_mtu ? nhop->rtax_mtu : orig_mtu; + rt.rta_expire = nhop->rta_expire; xo_open_instance(name); p_path(&rt, true); From nobody Thu Mar 26 11:20:48 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhLtS55wVz6WnZw for ; Thu, 26 Mar 2026 11:20:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhLtS28pFz3F8Q for ; Thu, 26 Mar 2026 11:20:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774524048; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sZb97VNwBDfXkFqwASM2G6VstbJIC77qacLqA0EaMCU=; b=WylS7GWTSswFankulGs94nsTi6/he6ojHSYU339tBwGTzkGNAiK4mTflkofh7AkH6/58fL 6rcjWu+Lsk2F7JIEUsGgyJlNk8wQrxG5/wO2dPU/jQ/spd4Gjbi/IhIez00MJX5MXO9/Po ukch1T8OrdDkmVGny/vABGtjeJTZyBsU8+5j8l605HWb0x1zrpsQjtCux9HprxWkyGbR5J hGriIRU9GeemcEaKW3G5RxMNrBv2Y61hwGIUeBNlpspuuv0g7mHM0A6ZgLjucqBkc64kX/ GkcTmVcYnGVQ8aijwiv4dlmgYoChSia5KgWgPQwhessBZB4T36Gf8YJfZXcsVA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774524048; a=rsa-sha256; cv=none; b=a7pPMKzyo57RIFhb0Nwt6PKH5ds11LOgW1KjLvbhUFeJCwKtZvovfM4KcU9YySZ3Zhfutg c3S/3W+zQ7Tu2EGR9BqrA74TsYeiGLqxVIjzxvYJuBJCl1pdYIOQqJr+l+Zx/k/rxELRcG 9EG9bLhj5oCqoVM1PRnGvGt5m0/cQUQQzCnfqj6fkSnE4arO7i5dy9LqxOg3qfNufep6NU SDzx8e4AO7+hSeNc1jYby1BQitXsCunYnEpJcSpak4aWwLw+PoK6frDnp1/z1UrYHuHGWD wXNkFmWPwLa+xFkk0xTkHzWpwjWOD4PovXT3TCgNj5plGQYS5cOyIXFTZn6v0A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774524048; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=sZb97VNwBDfXkFqwASM2G6VstbJIC77qacLqA0EaMCU=; b=YXHkQVzGyQq5B9DGgx+RulJLMwONl+xJOJOP6vKFTHhdWrcqZASutCLz5V+G30I+xTpJ0S w+0bFMtgESmj0fOwtnAAF9Y+Z4c72//fdwXdU9rsLZYAI9ZgLW8n87YxVpWQ4p1BTdmU+6 lxW+AltgwZRlVDf/lZLeL+4t1NpNZ1t2aezwRPu3bwQIO7MgG63BkdbZLECj1aDOE8yasL Hurv3R2lm2nv0hd2yCANctxs7oSBE7PLXiMpCERiL5z6EeyLWhczfFQ91KIpK5y/SyeSKq dncVYUCFFQFg3aBz9sb0lCyP2orZG5WG24wSZOi/OGUI6ly8SeEBOrj/zx6VTw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhLtS17SpzqDc for ; Thu, 26 Mar 2026 11:20:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3a41f by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 11:20:48 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Pouria Mousavizadeh Tehrani Subject: git: f088a26db73c - stable/15 - route(8): Fix -expire argument when using netlink List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: pouria X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: f088a26db73c269e2aa11caed33294ae1ece3814 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 11:20:48 +0000 Message-Id: <69c51690.3a41f.2c7bc549@gitrepo.freebsd.org> The branch stable/15 has been updated by pouria: URL: https://cgit.FreeBSD.org/src/commit/?id=f088a26db73c269e2aa11caed33294ae1ece3814 commit f088a26db73c269e2aa11caed33294ae1ece3814 Author: Pouria Mousavizadeh Tehrani AuthorDate: 2026-02-22 18:41:31 +0000 Commit: Pouria Mousavizadeh Tehrani CommitDate: 2026-03-26 09:12:14 +0000 route(8): Fix -expire argument when using netlink Also fixes nexthop expire value on route get using netlink. Reviewed by: glebius MFC after: 3 weeks Differential Revision: https://reviews.freebsd.org/D55444 (cherry picked from commit 8230cf1aa18d9215ee17fec743fc7c7c8fa2da13) --- sbin/route/route_netlink.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/sbin/route/route_netlink.c b/sbin/route/route_netlink.c index ba22a2ec1e22..5dde7501d6b4 100644 --- a/sbin/route/route_netlink.c +++ b/sbin/route/route_netlink.c @@ -263,6 +263,9 @@ rtmsg_nl_int(struct nl_helper *h, int cmd, int rtm_flags, int fib, int rtm_addrs snl_end_attr_nested(&nw, off); } + if (rt_metrics->rmx_expire > 0) + snl_add_msg_attr_u32(&nw, NL_RTA_EXPIRES, rt_metrics->rmx_expire); + if (rt_metrics->rmx_weight > 0) snl_add_msg_attr_u32(&nw, NL_RTA_WEIGHT, rt_metrics->rmx_weight); @@ -343,7 +346,6 @@ static void print_getmsg(struct nl_helper *h, struct nlmsghdr *hdr, struct sockaddr *dst) { struct snl_state *ss = &h->ss_cmd; - struct timespec ts; struct snl_parsed_route r = { .rtax_weight = RT_DEFAULT_WEIGHT }; if (!snl_parse_nlmsg(ss, hdr, &snl_rtm_route_parser, &r)) @@ -385,11 +387,7 @@ print_getmsg(struct nl_helper *h, struct nlmsghdr *hdr, struct sockaddr *dst) printf("%8lu ", 0UL); printf("%8lu ", rmx.rmx_mtu); printf("%8lu ", rmx.rmx_weight); - if (rmx.rmx_expire > 0) - clock_gettime(CLOCK_REALTIME_FAST, &ts); - else - ts.tv_sec = 0; - printf("%8ld \n", (long)(rmx.rmx_expire - ts.tv_sec)); + printf("%8ld \n", rmx.rmx_expire); } static void From nobody Thu Mar 26 14:40:59 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhRKS0Nc6z6RbZN for ; Thu, 26 Mar 2026 14:41:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhRKR6jBxz3gl2 for ; Thu, 26 Mar 2026 14:40:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774536060; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=67kGm/bT9AvuiBUSgPPxXlRkLNCEaSEgayoFws3Wj5w=; b=bi1fazHsXZAw/tbMeROvUR8MuQaOPKd8xp0RJSq7nQRu4dHAzill1TUhGiL8HTFMa5ALQa h/VqVmgiOduU8p4X6HSZOj0SQeLf3xi8YnMCw6lqTMAj0yW6z5l+HCltIw7yBaHrad7OkU B+wL/cnDTrvXqibtfhc33qH+3m7r/AaCuWd52HPQ0/Rw9QSOkuZrJhnIFqiaPHoj0J9PBV TaBaPTFVjXNSJdGmDSpNh1sqqY3pb9cepIDZTHq8ogQJZBOdYtn6r7LM4j1dk04QPQqUEg GwOBkGM/aTOwvWOirW3ky1CdKBmRwUptrmAwxnS96T9WMaSX+ida7dEAqtpGVg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774536060; a=rsa-sha256; cv=none; b=grX2HWRmuKioLwNntHbN7D2we+BelBtbNsBWrSVcukEi+GWI9w57wRJ0Tqkt1CKdo01whr Gl11BGZL5c/eQCHKCB+nJCReh6RXmn4tsJdM2VeGkKMnVxYAL4RvCKJltSCr9r+2uhisGh EHlMi16tYsJlc1E3FeAH/qSxkM2nFEAQfvV/7G7H7q0YND3G216oX2cwi4cV7MLrQXZZAm cnSSCLWgJGGB6zFnRc8NIkt8XsIIzAVHrIOOl3Ee8GWGHaCtaNK3+kle+H1INep+lGlIam URZJT8tu5JqwSMpBKttJlzHoWvGy28mi6FAAFPUO9FjE3pXTYGLBK/351SV8ag== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774536060; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=67kGm/bT9AvuiBUSgPPxXlRkLNCEaSEgayoFws3Wj5w=; b=qt+TW0Od53ERFoTkUK0AFgKM+tcluj+O/kKdREUbdU/UHvbAnx9KWl30OcUkfU5XaffT8d VJ40Aa9gGd1hVJ17LJBJgW46jVZjaxseRD8aTn23Z3EgP2QO2bCeB3XGQYj7+DUB+gl/bw bwJL1l4guMHSzQsBJ01JGu1Owki+dtFQfPV8FtH/fwjkLJ8X4FIgTlnQl0piqrJRkKNgm1 HbGHMMNvWD+zU+VKYtlm/Xng93pwlkGgnj4pZ23d8LgaTSqsxNl7+Q2bcptsToDIgDyNXI EdecNDtBg6CRUxARvb583zLFS+UHGyXy+0qi6bDSf2ciPyGimbBUUBVv+ydtjw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhRKR6JTBzwrf for ; Thu, 26 Mar 2026 14:40:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1ede0 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 14:40:59 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Alan Somers Subject: git: e3e71c6a8a92 - stable/15 - tests: sys/capsicum/functional requires mqueuefs List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: asomers X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: e3e71c6a8a921e924a40a7db9378d58194bebe02 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 14:40:59 +0000 Message-Id: <69c5457b.1ede0.4efe74c3@gitrepo.freebsd.org> The branch stable/15 has been updated by asomers: URL: https://cgit.FreeBSD.org/src/commit/?id=e3e71c6a8a921e924a40a7db9378d58194bebe02 commit e3e71c6a8a921e924a40a7db9378d58194bebe02 Author: Alan Somers AuthorDate: 2026-01-27 00:04:58 +0000 Commit: Alan Somers CommitDate: 2026-03-26 14:40:33 +0000 tests: sys/capsicum/functional requires mqueuefs Skip this test if mqueuefs isn't loaded. Unfortunately, that will skip the entire googletest test program, including test cases that don't require mqueuefs. But the test's own skipping logic doesn't work, and we don't yet have a googletest-compatible require_kmods() function. Sponsored by: ConnectWise Reviewed by: emaste, ngie Differential Revision: https://reviews.freebsd.org/D54902 (cherry picked from commit df68a09ea2ec18ee975fb937d46a18250d4663c8) --- tests/sys/capsicum/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/sys/capsicum/Makefile b/tests/sys/capsicum/Makefile index 38c1f8285910..a8f72d399af9 100644 --- a/tests/sys/capsicum/Makefile +++ b/tests/sys/capsicum/Makefile @@ -15,6 +15,7 @@ GTESTS_WRAPPER_SH.capsicum-test= functional # unprivileged user. Serialize them since some tests access global namespaces, # e.g., mqueuefs, and can trample on each other. TEST_METADATA.functional+= is_exclusive="true" +TEST_METADATA.functional+= required_kmods="mqueuefs" SRCS.capsicum-test+= \ capsicum-test-main.cc \ From nobody Thu Mar 26 14:43:30 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhRNS1kJ8z6RcCs for ; Thu, 26 Mar 2026 14:43:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhRNR6hc9z3hj6 for ; Thu, 26 Mar 2026 14:43:35 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774536216; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xrlpxGZY7Ru1VjpeEpCjz9ncqCiy8lNQl6J0L+pqK/E=; b=yWsskKBiJ49ZRUcyAI6Ub7F+1EblAkcoiB6hcc475DwcAMHEf9P1BnKGEaKmAVXO1LACCN ZcgajnbMAmq1lFB13E3lQDSyMH3tRd1UmSfq7WRn9xuoaVdgQ4rCT7XXBFoH3AqlbG1ouD JlYTtlfZ6flWwxZRg+rZUivlhCRwSyJTRgtToprCT2cMb1+kxRP2UjKluuvke12fG/3j7I dMCAe/jyBbroP2Tym1HtsD5wRd3eEdtxK9wPVxzMJhsed3HhWrMby8aHgDDV0Klu3LvDpc CQJNeJICT4RT49keBGSqlFPrHqX+mpT+0Xkv4/uh3dO2dGEUA/T3PP+HDvl8nQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774536216; a=rsa-sha256; cv=none; b=m9tKdzp7PrL5FZh924Z8xaWMaH0sqofsyx83ofjmbtUIrKjIxc1Dx/2rBANz9Ywpoh83BD d7iqA5YheD9nYmjX6s58sdq3+EE2C1ac+DAozaWn7XDq1fUPqpbXiqSaZo+88ZKg/jcZg1 L+YzRc2CVna+bXaPar5Y81FRGYXTWn0wgA4x3xWljuzPmQX1ETuaC+lzFDm2iPN2Re9OE8 aE4rw0Iz583PW/FTzAfScA4wYAOzqj+WMvjGPy9kd0wpkwdqvLpboC4afBv9pMUhFPthea iZOxf/7lqN7oxG/HtIMYz1v0KTMVqJCzlnL87xPWgmRKYHvhS7JyW31ZeJDb+A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774536216; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xrlpxGZY7Ru1VjpeEpCjz9ncqCiy8lNQl6J0L+pqK/E=; b=ZtdAKT+sXgHDVu8dmKNBLXbqowXfn5Ron3qIdhzOSgM31KWZlInr/0bVYMqSOTqxfyoDtv yaiFOOkN0yZfQN9CW+euStSL+rW4m239/YIwo1fOhCM+ZcD3HCeTrjMdWiXdcn4Mmmggj+ vF36VhOtAHWSrsAgtfLPjtyogIughr/S3mN4yn1FCcGsS89Dp6ABOElmn1OcRurqabPw23 JP538sobWDlR3kX4UltrD6lcUbm3B7Xg2kpi5s/5TblhuK6EQ3flgkaboknEZfjKL6i/9+ bB8QwXfyRHrHn7A7k1wApNcbBUdpPiqAQ29YgT0zWaZ5RZGarYFiHkQUQtgLvw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhRNR67yrzxJG for ; Thu, 26 Mar 2026 14:43:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1d7da by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 14:43:30 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Alan Somers Subject: git: c595e21c989f - stable/15 - procdesc: Add a test for pid recycling behavior List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: asomers X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: c595e21c989fba006d1b3717d8d2a09b8c27dbb4 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 14:43:30 +0000 Message-Id: <69c54612.1d7da.7ad5cc4@gitrepo.freebsd.org> The branch stable/15 has been updated by asomers: URL: https://cgit.FreeBSD.org/src/commit/?id=c595e21c989fba006d1b3717d8d2a09b8c27dbb4 commit c595e21c989fba006d1b3717d8d2a09b8c27dbb4 Author: Alan Somers AuthorDate: 2026-01-13 00:45:23 +0000 Commit: Alan Somers CommitDate: 2026-03-26 14:42:10 +0000 procdesc: Add a test for pid recycling behavior Sponsored by: ConnectWise (cherry picked from commit e35df41f68916cc23893a29e0284f386ec727462) --- tests/sys/kern/Makefile | 1 + tests/sys/kern/procdesc.c | 98 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 99 insertions(+) diff --git a/tests/sys/kern/Makefile b/tests/sys/kern/Makefile index 946a1c2b9b8d..950893a81b18 100644 --- a/tests/sys/kern/Makefile +++ b/tests/sys/kern/Makefile @@ -32,6 +32,7 @@ ATF_TESTS_C+= listener_wakeup ATF_TESTS_C+= module_test ATF_TESTS_C+= pdrfork ATF_TESTS_C+= prace +ATF_TESTS_C+= procdesc ATF_TESTS_C+= ptrace_test TEST_METADATA.ptrace_test+= timeout="15" ATF_TESTS_C+= reaper diff --git a/tests/sys/kern/procdesc.c b/tests/sys/kern/procdesc.c new file mode 100644 index 000000000000..3334ee404518 --- /dev/null +++ b/tests/sys/kern/procdesc.c @@ -0,0 +1,98 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2026 ConnectWise + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include +#include + +#include +#include + +/* Tests for procdesc(4) that aren't specific to any one syscall */ + +/* + * Even after waiting on a process descriptor with waitpid(2), the kernel will + * not recycle the pid until after the process descriptor is closed. That is + * important to prevent users from trying to wait() twice, the second time + * using a dangling pid. + * + * Whether this same anti-recycling behavior is used with pdwait() is + * unimportant, because pdwait _always_ uses a process descriptor. + */ +ATF_TC_WITHOUT_HEAD(pid_recycle); +ATF_TC_BODY(pid_recycle, tc) +{ + size_t len; + int i, pd, pid_max; + pid_t dangle_pid; + + len = sizeof(pid_max); + ATF_REQUIRE_EQ_MSG(0, + sysctlbyname("kern.pid_max", &pid_max, &len, NULL, 0), + "sysctlbyname: %s", strerror(errno)); + + /* Create a process descriptor */ + dangle_pid = pdfork(&pd, PD_CLOEXEC | PD_DAEMON); + ATF_REQUIRE_MSG(dangle_pid >= 0, "pdfork: %s", strerror(errno)); + if (dangle_pid == 0) { + // In child + _exit(0); + } + /* + * Reap the child, but don't close the pd, creating a dangling pid. + * Notably, it isn't a Zombie, because the process is reaped. + */ + ATF_REQUIRE_EQ(dangle_pid, waitpid(dangle_pid, NULL, WEXITED)); + + /* + * Now create and kill pid_max additional children. Test to see if pid + * gets reused. If not, that means the kernel is correctly reserving + * the dangling pid from reuse. + */ + for (i = 0; i < pid_max; i++) { + pid_t pid; + + pid = vfork(); + ATF_REQUIRE_MSG(pid >= 0, "vfork: %s", strerror(errno)); + if (pid == 0) + _exit(0); + ATF_REQUIRE_MSG(pid != dangle_pid, + "pid got recycled after %d forks", i); + ATF_REQUIRE_EQ(pid, waitpid(pid, NULL, WEXITED)); + } + close(pd); +} + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, pid_recycle); + + return (atf_no_error()); +} From nobody Thu Mar 26 14:47:23 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhRSq4Dqyz6Rc55 for ; Thu, 26 Mar 2026 14:47:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhRSq3705z3j0d for ; Thu, 26 Mar 2026 14:47:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774536443; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=I6UURd8zxIpN5/mHLnytD4umpTXKyPprnDU5lxAytH4=; b=LOZXwow8Ziz3DhyQVeogc38/xJn+keSEf/ZCv7I9xy8DvXhOfDQcq8/TZwVJ/cQwYkMJLz QPJJeUM4pafYQOTihGPQoECqh8OTkQR8li9uIehGm1Qftfczq4PjwBc6/wjd3bZcECFqq4 7bYBVy6+xaIwcqyyVsBZlI6xH1Ykles4Z25NRZIZQ2eevHo80eyjVFzd8Jo24f5hKs/+kM WidSW1BhNZ0J+oiSWXTiwg29vgyrWHI8b5GMq1avZxJc9jTyxWw1nRAR+TuVl/2SUKNud7 8DZt1vEhOR6RewJ4JfXT/8qM+AslQI663f/WmRMimVcXhQF36tFkqD/xBwCwRQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774536443; a=rsa-sha256; cv=none; b=lINDniF8vfNhzPx86aLlOV1nNoef5oK+Er6cbWfsZeRGP+ohMJBGQB3smesJHP3O/vEnCQ B+ibMTMCkbDSvqUs6D7hPhcEbp+z1vP26SYkF9YDvNHRASHnXSgffadFYvQge9oqFc5CgV QXJ8LTKjoP7UkR8sXr5j5U1Lc5/TX/TemtTqRKW8q6WYqaxyDyxUlubh+J8GyCjZp4PEzP R+gdxqVLoeRNDk/5xir3XYq9jiO5DRIG7oRWtBH/6DrFTIJtXqbkRFHebHmhZ6+YunOgg1 Djy5AF59x0PqFIZ++eSIjFGNF7TLtX/qqyZU0NOaVK7utqzH5ywu2gCcTWgrJQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774536443; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=I6UURd8zxIpN5/mHLnytD4umpTXKyPprnDU5lxAytH4=; b=XYnQzFng8VS4UkG0EeRJsU8dpiffM9Rwiq57X+SLaIcvqjxeQkqj2e42LpwsMpLFMTgVNK 5ZYNRkTx1v7R7UsDcLHfd+aiD1Uu3D8R2ycXVB3NbX0khaXUfWRA4LQMsQQk+yK1meeG6I hJCabIY3wQAQnVjKKfqcHigAEv1B+gSwsL2re8KIpXi4XEMePqCk5FEHulg5u3NRNhSZ1g v3L15QygNmqFxT/3S6rY7Vf363j4U3CEN/mO3J6pUa98UvNTmmneK4+sxUQc3ANyj5OSB9 8gmUxPggLO+CYylfpNLdajDb9j1/fGlXerZq2JCTpI7NltTnQ+HQ1BeiJukl0A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhRSq1xlnzx6D for ; Thu, 26 Mar 2026 14:47:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1f766 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 14:47:23 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Alan Somers Subject: git: 34ecd902d428 - stable/15 - Add tests for pdwait List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: asomers X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 34ecd902d428d1d3ea7e9301842882e4f914bcfc Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 14:47:23 +0000 Message-Id: <69c546fb.1f766.ca35df8@gitrepo.freebsd.org> The branch stable/15 has been updated by asomers: URL: https://cgit.FreeBSD.org/src/commit/?id=34ecd902d428d1d3ea7e9301842882e4f914bcfc commit 34ecd902d428d1d3ea7e9301842882e4f914bcfc Author: Alan Somers AuthorDate: 2026-01-25 16:14:03 +0000 Commit: Alan Somers CommitDate: 2026-03-26 14:45:11 +0000 Add tests for pdwait Sponsored by: ConnectWise (cherry picked from commit 277539ae7f2f07a8dd29d4deb318d66414f8ae2a) pdwait(2) tests: do not rely on (int *)-1 being invalid address Explicitly mmap guard and use it as the invalid address instead. (cherry picked from commit 05492ff6f636108c4fac40c259defe9b2eac7833) --- tests/sys/kern/Makefile | 1 + tests/sys/kern/pdwait.c | 309 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 310 insertions(+) diff --git a/tests/sys/kern/Makefile b/tests/sys/kern/Makefile index 950893a81b18..00afd03c15ce 100644 --- a/tests/sys/kern/Makefile +++ b/tests/sys/kern/Makefile @@ -31,6 +31,7 @@ ATF_TESTS_C+= ktrace_test ATF_TESTS_C+= listener_wakeup ATF_TESTS_C+= module_test ATF_TESTS_C+= pdrfork +ATF_TESTS_C+= pdwait ATF_TESTS_C+= prace ATF_TESTS_C+= procdesc ATF_TESTS_C+= ptrace_test diff --git a/tests/sys/kern/pdwait.c b/tests/sys/kern/pdwait.c new file mode 100644 index 000000000000..c7b2c40a87ba --- /dev/null +++ b/tests/sys/kern/pdwait.c @@ -0,0 +1,309 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2026 ConnectWise + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +static void* +unmapped(void) { + void *unmapped; + + unmapped = mmap(NULL, PAGE_SIZE, PROT_NONE, MAP_GUARD, -1, 0); + ATF_REQUIRE(unmapped != MAP_FAILED); + + return(unmapped); +} + +/* basic usage */ +ATF_TC_WITHOUT_HEAD(basic); +ATF_TC_BODY(basic, tc) +{ + int fdp = -1; + pid_t pid; + int r, status; + struct __wrusage ru; + siginfo_t si; + + bzero(&ru, sizeof(ru)); + + pid = pdfork(&fdp, 0); + if (pid == 0) + _exit(42); + ATF_REQUIRE_MSG(pid >= 0, "pdfork failed: %s", strerror(errno)); + ATF_REQUIRE_MSG(fdp >= 0, "pdfork didn't return a process descriptor"); + + r = pdwait(fdp, &status, WEXITED, &ru, &si); + ATF_CHECK_EQ(r, 0); + ATF_REQUIRE(WIFEXITED(status) && WEXITSTATUS(status) == 42); + ATF_CHECK(ru.wru_self.ru_stime.tv_usec > 0); + ATF_CHECK_EQ(si.si_signo, SIGCHLD); + ATF_CHECK_EQ(si.si_pid, pid); + ATF_CHECK_EQ(si.si_status, WEXITSTATUS(status)); + + close(fdp); +} + +/* pdwait should work in capability mode */ +ATF_TC_WITHOUT_HEAD(capsicum); +ATF_TC_BODY(capsicum, tc) +{ + int fdp = -1; + pid_t pid; + int status, r; + + pid = pdfork(&fdp, 0); + if (pid == 0) + _exit(42); + ATF_REQUIRE_MSG(pid >= 0, "pdfork failed: %s", strerror(errno)); + ATF_REQUIRE_MSG(fdp >= 0, "pdfork didn't return a process descriptor"); + + ATF_CHECK_EQ_MSG(0, cap_enter(), "cap_enter: %s", strerror(errno)); + r = pdwait(fdp, &status, WEXITED, NULL, NULL); + ATF_CHECK_EQ(r, 0); + ATF_REQUIRE(WIFEXITED(status) && WEXITSTATUS(status) == 42); + + close(fdp); +} + +/* pdwait should return EBADF if its argument is not a file descriptor */ +ATF_TC_WITHOUT_HEAD(ebadf); +ATF_TC_BODY(ebadf, tc) +{ + ATF_REQUIRE_ERRNO(EBADF, pdwait(99999, NULL, WEXITED, NULL, NULL) < 0); +} + +/* pdwait should return efault if the status argument is invalid. */ +ATF_TC_WITHOUT_HEAD(efault1); +ATF_TC_BODY(efault1, tc) +{ + int fdp = -1; + pid_t pid; + + pid = pdfork(&fdp, 0); + if (pid == 0) + _exit(42); + ATF_REQUIRE_MSG(pid >= 0, "pdfork failed: %s", strerror(errno)); + ATF_REQUIRE_MSG(fdp >= 0, "pdfork didn't return a process descriptor"); + + ATF_CHECK_ERRNO(EFAULT, + pdwait(fdp, (int*)unmapped(), WEXITED, NULL, NULL) < 0); + + close(fdp); +} + +/* pdwait should return efault2 if the usage argument is invalid. */ +ATF_TC_WITHOUT_HEAD(efault2); +ATF_TC_BODY(efault2, tc) +{ + int fdp = -1; + pid_t pid; + + pid = pdfork(&fdp, 0); + if (pid == 0) + _exit(42); + ATF_REQUIRE_MSG(pid >= 0, "pdfork failed: %s", strerror(errno)); + ATF_REQUIRE_MSG(fdp >= 0, "pdfork didn't return a process descriptor"); + + ATF_CHECK_ERRNO(EFAULT, + pdwait(fdp, NULL, WEXITED, (struct __wrusage*)unmapped(), NULL) < 0 + ); + + close(fdp); +} + +/* pdwait should return efault if the siginfo argument is invalid. */ +ATF_TC_WITHOUT_HEAD(efault3); +ATF_TC_BODY(efault3, tc) +{ + int fdp = -1; + pid_t pid; + + pid = pdfork(&fdp, 0); + if (pid == 0) + _exit(42); + ATF_REQUIRE_MSG(pid >= 0, "pdfork failed: %s", strerror(errno)); + ATF_REQUIRE_MSG(fdp >= 0, "pdfork didn't return a process descriptor"); + + ATF_CHECK_ERRNO(EFAULT, + pdwait(fdp, NULL, WEXITED, NULL, (struct __siginfo*)unmapped()) < 0 + ); + + close(fdp); +} + +/* pdwait should return einval if the arguments are bad */ +ATF_TC_WITHOUT_HEAD(einval); +ATF_TC_BODY(einval, tc) +{ + int fdp = -1; + pid_t pid; + + pid = pdfork(&fdp, 0); + if (pid == 0) + _exit(42); + ATF_REQUIRE_MSG(pid >= 0, "pdfork failed: %s", strerror(errno)); + ATF_REQUIRE_MSG(fdp >= 0, "pdfork didn't return a process descriptor"); + + ATF_CHECK_ERRNO(EINVAL, pdwait(fdp, NULL, 0, NULL, NULL) < 0); + ATF_CHECK_ERRNO(EINVAL, pdwait(fdp, NULL, -1, NULL, NULL) < 0); + ATF_CHECK_ERRNO(EINVAL, + pdwait(STDERR_FILENO, NULL, WEXITED, NULL, NULL) < 0); + + close(fdp); +} + +/* pdwait should fail without the cap_pdwait_rights bit */ +ATF_TC_WITHOUT_HEAD(enotcap); +ATF_TC_BODY(enotcap, tc) +{ + cap_rights_t rights; + int fdp = -1; + pid_t pid; + int status; + + /*cap_rights_init(&rights, CAP_RIGHTS_ALL);*/ + CAP_ALL(&rights); + cap_rights_clear(&rights, CAP_PDWAIT); + + pid = pdfork(&fdp, 0); + if (pid == 0) + _exit(42); + ATF_REQUIRE_MSG(pid >= 0, "pdfork failed: %s", strerror(errno)); + ATF_REQUIRE_MSG(fdp >= 0, "pdfork didn't return a process descriptor"); + + ATF_CHECK_EQ_MSG(0, cap_enter(), "cap_enter: %s", strerror(errno)); + ATF_REQUIRE_EQ_MSG(0, cap_rights_limit(fdp, &rights), + "cap_rights_limit %s", strerror(errno)); + + ATF_REQUIRE_ERRNO(ENOTCAPABLE, + pdwait(fdp, &status, WEXITED, NULL, NULL) < 0); + + close(fdp); +} + +/* + * Even though the process descriptor is still open, there is no more process + * to signal after pdwait() has returned. + */ +ATF_TC_WITHOUT_HEAD(pdkill_after_pdwait); +ATF_TC_BODY(pdkill_after_pdwait, tc) +{ + int fdp = -1; + pid_t pid; + int r, status; + + pid = pdfork(&fdp, 0); + if (pid == 0) + _exit(42); + ATF_REQUIRE_MSG(pid >= 0, "pdfork failed: %s", strerror(errno)); + ATF_REQUIRE_MSG(fdp >= 0, "pdfork didn't return a process descriptor"); + + r = pdwait(fdp, &status, WEXITED, NULL, NULL); + ATF_CHECK_EQ(r, 0); + ATF_REQUIRE(WIFEXITED(status) && WEXITSTATUS(status) == 42); + + ATF_REQUIRE_ERRNO(ESRCH, pdkill(fdp, SIGTERM) < 0); + + close(fdp); +} + +/* + * Even though the process descriptor is still open, there is no more status to + * return after a pid-based wait() function has already returned it. + */ +ATF_TC_WITHOUT_HEAD(pdwait_after_waitpid); +ATF_TC_BODY(pdwait_after_waitpid, tc) +{ + int fdp = -1; + pid_t pid, waited_pid; + int status; + + pid = pdfork(&fdp, 0); + if (pid == 0) + _exit(42); + ATF_REQUIRE_MSG(pid >= 0, "pdfork failed: %s", strerror(errno)); + ATF_REQUIRE_MSG(fdp >= 0, "pdfork didn't return a process descriptor"); + + waited_pid = waitpid(pid, &status, WEXITED); + + ATF_CHECK_EQ(pid, waited_pid); + ATF_REQUIRE(WIFEXITED(status) && WEXITSTATUS(status) == 42); + + ATF_REQUIRE_ERRNO(ESRCH, pdwait(fdp, NULL, WEXITED, NULL, NULL) < 0); + + close(fdp); +} + +/* Called twice, waitpid should return ESRCH the second time */ +ATF_TC_WITHOUT_HEAD(twice); +ATF_TC_BODY(twice, tc) +{ + int fdp = -1; + pid_t pid; + int r, status; + + pid = pdfork(&fdp, 0); + if (pid == 0) + _exit(42); + ATF_REQUIRE_MSG(pid >= 0, "pdfork failed: %s", strerror(errno)); + ATF_REQUIRE_MSG(fdp >= 0, "pdfork didn't return a process descriptor"); + + r = pdwait(fdp, &status, WEXITED, NULL, NULL); + ATF_CHECK_EQ(r, 0); + ATF_REQUIRE(WIFEXITED(status) && WEXITSTATUS(status) == 42); + + ATF_REQUIRE_ERRNO(ESRCH, pdwait(fdp, NULL, WEXITED, NULL, NULL) < 0); + + close(fdp); +} + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, basic); + ATF_TP_ADD_TC(tp, capsicum); + ATF_TP_ADD_TC(tp, ebadf); + ATF_TP_ADD_TC(tp, enotcap); + ATF_TP_ADD_TC(tp, twice); + ATF_TP_ADD_TC(tp, efault1); + ATF_TP_ADD_TC(tp, efault2); + ATF_TP_ADD_TC(tp, efault3); + ATF_TP_ADD_TC(tp, einval); + ATF_TP_ADD_TC(tp, pdwait_after_waitpid); + ATF_TP_ADD_TC(tp, pdkill_after_pdwait); + + return (atf_no_error()); +} From nobody Thu Mar 26 14:47:24 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhRSr6zpbz6RbkL for ; Thu, 26 Mar 2026 14:47:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhRSr5C0Cz3hqt for ; Thu, 26 Mar 2026 14:47:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774536444; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=h3DPZ2USr0YPX4eRNh/jCZlwfceGlqFCkj9dUt7hP8k=; b=sSwDhuq82O38kQAYm2wrxM5Tyx3ZdyfKFt0Efig2+Korvr/Kh6OMq1Zo3UQiEXy9VrMObR 58YSL76cyJ2j+Y8vLUZuyVoPie1yK6AyvT9eovIrw4xSXUbj9fcalC1G2rBXrKrmb6EJ6M DpNQAeITG1LGJJckWr87POtPebKmKwxe/sVtbLy6G7dtH+jWuqJsHRU13kJzRd8UVqdJVy +WJlY1JKZ//j9PZhF4PNaE7qRw87h2mzQHLpk/nfgR9j6JLzr4iKnAlzSMg9qfUVX5tkOR IDRmbgzzkxZI642+itStr+fjSR1iQ+aOIGBu7kdHNzY2OCLQF6ehlZWZlo8CwQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774536444; a=rsa-sha256; cv=none; b=sXLvJ5asEkH06c0lNuPcvw35dLp7qeYnyZ/v/2gUx9xmn13DymPgledJdsF6SYwZTA7xi0 fwSbdiJFdaXF7PO88RIz1PfvreApbzWMJ1T1vem9NKlbOY9mqGb7R2lzAedBCuXviphSVw eHuwpOXukVRIYeytZEcQkrd44s9A/qVzO3hMsNkE9yXBmsHpPtKZFa0wY+Noc3rjaSYguj UVSmPpd3q8hw5t92qqlOK7/Auv0eBe/BRMZds426ysh1Z4/YGD91cYl2jOSRr+pkzJFtxn nZ+y9OHhlyj4EuvdOgPJmhLJIso42px8i55zd9EdO8wXHQrDZt4VORJ/Vn9WuQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774536444; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=h3DPZ2USr0YPX4eRNh/jCZlwfceGlqFCkj9dUt7hP8k=; b=eqzPam8depm9HRsO1Bbe5+J2xw8R+5NJNn7hfqh2o1AOHliE3W8gREjdvkSYtvqFKx39BJ WT2txFBdrXRJ3XLKosXX5H8rT7DH0toYAKh4W3wtt0cPPvEWdUZq63OzhDBEuiZTIPFQK4 t9/vZJ30DYSZ0gCsBbp5nea4sIusvzDkb6MZm6a/vvUkdpIhK5goT7AB3rAyn3yqT44MBZ VdpwWn5vhPjVCTbzrt147BIZoNVfiNLBZi4+2+hwBMnYa9FFJiQJEGNWuSnGip4ccbJZeX T9mfNfVXPOjevu577KAK/V2h2zDRsWNcFDvpj0KH8Eh2AGnr0i4ilBPFFJNh/A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhRSr36pPzwJW for ; Thu, 26 Mar 2026 14:47:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1e4cc by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 14:47:24 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Alan Somers Subject: git: 1ce3d3f610e2 - stable/15 - aio(4) tests: do not rely on (int *)-1 being invalid address List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: asomers X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 1ce3d3f610e26c2a90c195551725b2f669b0f871 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 14:47:24 +0000 Message-Id: <69c546fc.1e4cc.18049ad5@gitrepo.freebsd.org> The branch stable/15 has been updated by asomers: URL: https://cgit.FreeBSD.org/src/commit/?id=1ce3d3f610e26c2a90c195551725b2f669b0f871 commit 1ce3d3f610e26c2a90c195551725b2f669b0f871 Author: Alan Somers AuthorDate: 2026-02-17 00:27:02 +0000 Commit: Alan Somers CommitDate: 2026-03-26 14:45:17 +0000 aio(4) tests: do not rely on (int *)-1 being invalid address Explicitly mmap guard and use it as the invalid address instead. (cherry picked from commit dc9a8d300ba5c4c319589d78231e9d0e76576cbf) --- tests/sys/aio/aio_test.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/sys/aio/aio_test.c b/tests/sys/aio/aio_test.c index 64939825ec66..1a4baf70b1e3 100644 --- a/tests/sys/aio/aio_test.c +++ b/tests/sys/aio/aio_test.c @@ -39,6 +39,7 @@ #include #include +#include #include #include #include @@ -1689,6 +1690,7 @@ ATF_TC_BODY(aio_writev_efault, tc) struct aiocb aio; ssize_t buflen; char *buffer; + void *unmapped; struct iovec iov[2]; long seed; int fd; @@ -1698,13 +1700,16 @@ ATF_TC_BODY(aio_writev_efault, tc) fd = aio_md_setup(); + unmapped = mmap(NULL, PAGE_SIZE, PROT_NONE, MAP_GUARD, -1, 0); + ATF_REQUIRE(unmapped != MAP_FAILED); + seed = random(); buflen = 4096; buffer = malloc(buflen); aio_fill_buffer(buffer, buflen, seed); iov[0].iov_base = buffer; iov[0].iov_len = buflen; - iov[1].iov_base = (void*)-1; /* Invalid! */ + iov[1].iov_base = (void*)unmapped; /* Invalid! */ iov[1].iov_len = buflen; bzero(&aio, sizeof(aio)); aio.aio_fildes = fd; From nobody Thu Mar 26 15:08:17 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhRwy0j4Yz6RfJd for ; Thu, 26 Mar 2026 15:08:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhRwx6Xznz3n2K for ; Thu, 26 Mar 2026 15:08:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774537698; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KNNJxL+V7Dnw3z9TDLh99e0TGt4p6tVyMYr6qNkg46Q=; b=JlTv1JHAqIIOg8d2jnuYM3+7876xMl81dURaKYyQbQFukjE0J3y3wnUQu7lli5mEVsCJ9/ Z+x5aiehCTnR9IiTzpdGL+Z+l6q6snzERit+on0ukN3U4fNgtvJXhDNNqtWvv8J+Ci5pB+ FPbR+2dNsEPGe5fLyECfU1k7s6E34fWCZkS+asm1sGErLS/ew0+q5hrTfCAM0XpikPOdaf CX3iRRAT40KxuLggL26sbbky/1NFvJsDcnx2BwGk4KRHdchsD8uN2LBWVB0WrEAEB7GtyJ NGoW0lq4VB65ndnelZ+c4Hk6Ka3cfQFGYeVl4/vhFVhkJy91/Osa4tHVdqVBbw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774537698; a=rsa-sha256; cv=none; b=LehPldNH54JQnFLpvcyEIgcbP0N7Mw1xSPGVg4K58V2g8eQsXBeMWWwHk6gGKT2+GEiP5l P+M6cJ7Ntet7+PsQfGeqFqlPL1b95DLeKnr+5R3LSYeH9y2pZXGH0nxLKLAWalaxRMKMbN RCdIm0irQZn2UBEqRp1fTJYD3b3AFE720cB43/q81HBWz2QlrKPCmpsn2cmsbEhORH5OQ6 nJ8kjap8FEgdxBOf3XZzAYrNPPBKl9BD3I5EibXCn7fsis03d/GTMYivM0obGl1ByBy3e/ 45FiScqA7gTB4gGxXXhrwbAUEKrVUZw1Wug240QA2hGXnbvqk/BRS4C5x/T0jg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774537697; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KNNJxL+V7Dnw3z9TDLh99e0TGt4p6tVyMYr6qNkg46Q=; b=tdSDD1FROM4rXGacm5S0p+vsOtKwD+FetrTOf68/U3RnfgAlYocQw7a2Uksgp9g/zRPgdL BLJx8EVqWjH6I1xBrdsE2pG5MhrhfuULxNDwUNxHYxMRE4gdyALLdhBqy68V+Ds3aEjoQd ERfotRBPx3eDLOzxJeR1Q3nauZNDiwgUyy0BMG0Xl6zXHjGyjS7aSyDAdIaJSpJci+XdOs DZF/spN8E9PpNRc9jovC2LIjjWQNy/JcpMJHeGoL29CA9xcWXFW0kH3+fFXwszzPHNRrzS 377gnnnDr8lFml6SileLHSGl3GdjY8OTxJpqOtUrGmHEVmGn4vyvAvziK9PhCw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhRwx62XCzxZF for ; Thu, 26 Mar 2026 15:08:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 205fe by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 15:08:17 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Alan Somers Subject: git: d0692508bc40 - stable/15 - fusefs: remove the obsolete rename_lock List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: asomers X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: d0692508bc40ee7e06609e7421767a6a3d15c5de Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 15:08:17 +0000 Message-Id: <69c54be1.205fe.7ebe74de@gitrepo.freebsd.org> The branch stable/15 has been updated by asomers: URL: https://cgit.FreeBSD.org/src/commit/?id=d0692508bc40ee7e06609e7421767a6a3d15c5de commit d0692508bc40ee7e06609e7421767a6a3d15c5de Author: Alan Somers AuthorDate: 2026-02-10 20:45:23 +0000 Commit: Alan Somers CommitDate: 2026-03-26 15:02:12 +0000 fusefs: remove the obsolete rename_lock This lock was included in the original GSoC submission. Its purpose seems to have been to prevent concurrent FUSE_RENAME operations for the current mountpoint, as well as to synchronize FUSE_RENAME with fuse_vnode_setparent. But it's obsolete, now that ef6ea91593e added mnt_renamelock . Sponsored by: ConnectWise Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D55231 (cherry picked from commit 7755a406a6ae3801e885a79f714155f97c4d2bc6) --- sys/fs/fuse/fuse_ipc.c | 2 -- sys/fs/fuse/fuse_ipc.h | 2 -- sys/fs/fuse/fuse_vnops.c | 2 -- 3 files changed, 6 deletions(-) diff --git a/sys/fs/fuse/fuse_ipc.c b/sys/fs/fuse/fuse_ipc.c index bc36f0070d7d..3810313124b6 100644 --- a/sys/fs/fuse/fuse_ipc.c +++ b/sys/fs/fuse/fuse_ipc.c @@ -550,7 +550,6 @@ fdata_alloc(struct cdev *fdev, struct ucred *cred) TAILQ_INIT(&data->aw_head); data->daemoncred = crhold(cred); data->daemon_timeout = FUSE_DEFAULT_DAEMON_TIMEOUT; - sx_init(&data->rename_lock, "fuse rename lock"); data->ref = 1; return data; @@ -565,7 +564,6 @@ fdata_trydestroy(struct fuse_data *data) return; /* Driving off stage all that stuff thrown at device... */ - sx_destroy(&data->rename_lock); crfree(data->daemoncred); mtx_destroy(&data->aw_mtx); knlist_delete(&data->ks_rsel.si_note, curthread, 0); diff --git a/sys/fs/fuse/fuse_ipc.h b/sys/fs/fuse/fuse_ipc.h index d9d79f38c269..374d0891617d 100644 --- a/sys/fs/fuse/fuse_ipc.h +++ b/sys/fs/fuse/fuse_ipc.h @@ -194,8 +194,6 @@ struct fuse_data { */ u_long ticketer; - struct sx rename_lock; - uint32_t fuse_libabi_major; uint32_t fuse_libabi_minor; diff --git a/sys/fs/fuse/fuse_vnops.c b/sys/fs/fuse/fuse_vnops.c index 3bfc5396c365..e3d475135c90 100644 --- a/sys/fs/fuse/fuse_vnops.c +++ b/sys/fs/fuse/fuse_vnops.c @@ -2193,7 +2193,6 @@ fuse_vnop_rename(struct vop_rename_args *ap) if (err) goto out; } - sx_xlock(&data->rename_lock); err = fuse_internal_rename(fdvp, fcnp, tdvp, tcnp); if (err == 0) { if (tdvp != fdvp) @@ -2201,7 +2200,6 @@ fuse_vnop_rename(struct vop_rename_args *ap) if (tvp != NULL) fuse_vnode_setparent(tvp, NULL); } - sx_unlock(&data->rename_lock); if (tvp != NULL && tvp != fvp) { cache_purge(tvp); From nobody Thu Mar 26 15:08:18 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhRwz3bxMz6Rf7s for ; Thu, 26 Mar 2026 15:08:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhRwz0tCVz3mpQ for ; Thu, 26 Mar 2026 15:08:19 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774537699; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pmqGeN/WaeS2cZtJFLzE1hIONNqlVdpbqtmqFk77Ecc=; b=xQuUjW9d05bwxvcsDd5lzjI8enO9TtfcqrNAVWrEmfTGgzkRe27wnP12FyP2Lor2k2Yyak rKbppEDgIRlsMKnHtNO+1y3EInJksa48JAiaEYsjIN29Qzh9VyuBCe/E95PFyrDusgPPM1 a2uoPdzGqYLabCJ+vq1wBfjyqAGqUb01hDMqFjo0qnfuLyqEtv3MXZGLJNN4PddVnoSYkj Z4fJNhrwhypHZ6t03uwiyVCN7J6Z3e0x//bjlhsRthfWbUTmYSMoL8V3l8949EqzhTK0Pi Js02DmnrQHYc5HKWGyuPLQLHsxL81VZXF7QcFb/B2Fab32urWJBxoTEiGVHcCg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774537699; a=rsa-sha256; cv=none; b=PYxWqneJ+wCRdavgyZZyHnUGnKZjSosyTnHDNR9XZ+AzgMg1vV0duhyIfmCDN17SU+sjuk lUgV4FxK4vpo5WTp0sAMbS20/45CjDEhHncXOtdKShjnA5s4nolEji3Hb6iGcilndw6WZl PLTlbuiQMNp2VEnlmSpI971f92i+wKp3NlBcoACALUjSugKHg3jID8SsGEVwOvLNgVcDgO oFFUbsdNHjsA+cR4d0nnDVJ4b5dNAz1jznwWpKeludpT7Upn4ukI14SxgFX0Kw9WLzNmF8 r6okT+GfiWp5i8fPa14iZksjP38XHglBjRwyCFzWV55rpPED5yNqCLuuMLakuw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774537699; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pmqGeN/WaeS2cZtJFLzE1hIONNqlVdpbqtmqFk77Ecc=; b=Rs2N4/TvjqcGtZ6VvlC490aeXr/3X7jC8x9faZkH8cqwsR1DHK2X6zEglQ5awFB+oMqT+F ZdTEFMtk/oPzAFHGC8MSB9OR5p663NEBpl2wRn07mOrTWsGJtd/tVE4irIt68pckL+YP/s DxES62DMm9oxNTB8TEHdkqi8tAJLwgh1o3BMk3NQwv7m1VIMyc7DKji3fFm9awKPYmTmZR q+tRp51ET/ZXwRlBJVAbChFupGS4Xy9hbDduclDZ2tpKsFiUYCoIMnQkcXye4Rvl5KgLKI PEN6wPNEFPGpBP6GF8bnv98/smAJZ1IaSqEK9tnNJQX7ZvUMozvSi+br9iD6iQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhRwy6s5Jzxmv for ; Thu, 26 Mar 2026 15:08:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 21796 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 15:08:18 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Gleb Popov From: Alan Somers Subject: git: 1ebccc3b0f68 - stable/15 - vfs_cluster.c: Do not propagate VOP_BMAP errors to the caller List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: asomers X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 1ebccc3b0f68dccb2447a6f251e6fa409cb3b2eb Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 15:08:18 +0000 Message-Id: <69c54be2.21796.6df3eaca@gitrepo.freebsd.org> The branch stable/15 has been updated by asomers: URL: https://cgit.FreeBSD.org/src/commit/?id=1ebccc3b0f68dccb2447a6f251e6fa409cb3b2eb commit 1ebccc3b0f68dccb2447a6f251e6fa409cb3b2eb Author: Gleb Popov AuthorDate: 2025-07-11 07:42:09 +0000 Commit: Alan Somers CommitDate: 2026-03-26 15:02:16 +0000 vfs_cluster.c: Do not propagate VOP_BMAP errors to the caller The code that makes this VOP_BMAP call tries to perform a read-ahead I/O operation. Failing to do that for any reason isn't fatal for `cluster_read()`, because we still can return some data to the caller. This change is consistent with other places within `cluster_read()`, where error returned by VOP_BMAP is not returned to the caller - see the `if (nblks > 1)` block above the changed lines and `if (reqbp)` at the end of the function. PR: 264196 Approved by: markj, kib Differential Revision: https://reviews.freebsd.org/D51254 (cherry picked from commit 62aef3f73f38db9fb68bffc12cc8900fecd58f0e) --- sys/kern/vfs_cluster.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sys/kern/vfs_cluster.c b/sys/kern/vfs_cluster.c index 2e397b8e9e8f..b674313993c4 100644 --- a/sys/kern/vfs_cluster.c +++ b/sys/kern/vfs_cluster.c @@ -260,8 +260,10 @@ cluster_read(struct vnode *vp, u_quad_t filesize, daddr_t lblkno, long size, */ while (lblkno < (origblkno + maxra)) { error = VOP_BMAP(vp, lblkno, NULL, &blkno, &ncontig, NULL); - if (error) + if (error) { + error = 0; break; + } if (blkno == -1) break; From nobody Thu Mar 26 15:08:20 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhRx02pwwz6Rf7y for ; Thu, 26 Mar 2026 15:08:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhRx00kXhz3n05 for ; Thu, 26 Mar 2026 15:08:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774537700; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KPkzIwudM8hIel8z+POG+Vhjc6+poRj1ZpxpPZfuqcQ=; b=JFCX+2fysLsatRFDrhCSY+LNE7sJ0mkRLuH4C1JzvgAdosVJ8EqiTnswZ2zG6G5xM2eciq 10skhPWtDk61fnh+sbup1c4I+uDcAm8bNwMu9j/0NqxeFukEHPP5UTOR5jsxArLyA4MdCz HKJEhbc6ppwwOh7AWUJrqwS+cAEKjdyCmxvHMcuuNs0vY/1ieJ8kqmfSPGELFKo7o6cgnZ CrTdE0qpOhbtry8PQIbyrZAjqA3tvAiMzfs8vQo4SbnEHM0/b5/3psJmJ8KMxM8lM18NM5 od28hqfTymDjJhObwrILVXp0M/6s621Z9MRLVM0ZzvYe+0bl5Zm1DTejXGm9qQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774537700; a=rsa-sha256; cv=none; b=WcyRhuB/cAk2rICamr2GwywLlpP5OX+FQ4tgYydOqcdjRDyXZ1Ke5u3ba4iP9LTXBNgGq3 Nk0OwX3Y9606blf2hkS0vlUgNHsq0cGoeY6gjyNin/M2SMTcCQXX6o4NNXZ0vjhXsSkLs5 I0e/nlU9CEOLJXYzUx6LqiB0n+a9a6ZXb1hPaxSavsZ0K03Rg+dgRCMr/5CAuzRGOc2BsG yEeJrttodjvKnxCeys3CtrW039zqK8m+3I2nuS+CXxisagKrcg/VdqjIlZqumvIDBqEK/S YdqEXCDVVXSY/Ua6NTj/yVnyiq6Y8LYi0ES4wd4TI9xKkGTlQhl1vNLaz9WoAg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774537700; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KPkzIwudM8hIel8z+POG+Vhjc6+poRj1ZpxpPZfuqcQ=; b=QmM80UvMR7e3rdJVpsFJeQJBGSk5Ff5MAFF/vygQzLy1ztfPr0olV7JF/5j5Q4ycK7zlQI x8GnJaO3MV/pSXiVCnJlkAqVQgp+6LXM96ecBfDc/VBjz8ieuE4raqAxBBfxbnFddY6nvx GxN2WcjUU+Snc2NR9xO/9RSHL0K2IdiVPSjCwIAyiRK927IdSk+Q+QLhDHWFfVsVw75mx7 K/y6L/8psBTzEndXD4/l69qdciPnYB0v7Ie0osp86eyunNxmcD7/z/tj7qmyStoeGFvHWS GJh2TuYGVIZFss1n8ejEQVv6CwBDPPGTxC9klKfZiSYoHhLzPYR1Q78lun8/sQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhRx0079GzxKp for ; Thu, 26 Mar 2026 15:08:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 22900 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 15:08:20 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Alan Somers Subject: git: 9ac21f8f168c - stable/15 - fusefs: add a regression test for a cluster_read bug List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: asomers X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 9ac21f8f168c6d497e8174ea0ddb136ec9c5ece1 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 15:08:20 +0000 Message-Id: <69c54be4.22900.4265625e@gitrepo.freebsd.org> The branch stable/15 has been updated by asomers: URL: https://cgit.FreeBSD.org/src/commit/?id=9ac21f8f168c6d497e8174ea0ddb136ec9c5ece1 commit 9ac21f8f168c6d497e8174ea0ddb136ec9c5ece1 Author: Alan Somers AuthorDate: 2025-10-23 13:40:56 +0000 Commit: Alan Somers CommitDate: 2026-03-26 15:02:23 +0000 fusefs: add a regression test for a cluster_read bug VOP_BMAP is purely advisory. If VOP_BMAP returns an error during readahead, cluster_read should still succeed, because the actual data was still read just fine. Add a regression test for PR 264196, wherein cluster_read would fail if VOP_BMAP did. PR: 264196 Reported by: danfe Reviewed by: arrowd Differential Revision: https://reviews.freebsd.org/D51316 (cherry picked from commit 6d408ac490730614b3ed0ebd3caffcd23f303fb4) --- tests/sys/fs/fusefs/bmap.cc | 87 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) diff --git a/tests/sys/fs/fusefs/bmap.cc b/tests/sys/fs/fusefs/bmap.cc index 30612079657d..e61dadb6d79e 100644 --- a/tests/sys/fs/fusefs/bmap.cc +++ b/tests/sys/fs/fusefs/bmap.cc @@ -177,6 +177,93 @@ TEST_F(Bmap, default_) leak(fd); } +/* + * The server returns an error for some reason for FUSE_BMAP. fusefs should + * faithfully report that error up to the caller. + */ +TEST_F(Bmap, einval) +{ + struct fiobmap2_arg arg; + const off_t filesize = 1 << 30; + int64_t lbn = 100; + const ino_t ino = 42; + int fd; + + expect_lookup(RELPATH, 42, filesize); + expect_open(ino, 0, 1); + EXPECT_CALL(*m_mock, process( + ResultOf([=](auto in) { + return (in.header.opcode == FUSE_BMAP && + in.header.nodeid == ino); + }, Eq(true)), + _) + ).WillOnce(Invoke(ReturnErrno(EINVAL))); + + fd = open(FULLPATH, O_RDWR); + ASSERT_LE(0, fd) << strerror(errno); + + arg.bn = lbn; + arg.runp = -1; + arg.runb = -1; + ASSERT_EQ(-1, ioctl(fd, FIOBMAP2, &arg)); + EXPECT_EQ(EINVAL, errno); + + leak(fd); +} + +/* + * Even if the server returns EINVAL during VOP_BMAP, we should still be able + * to successfully read a block. This is a regression test for + * https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264196 . The bug did not + * lie in fusefs, but this is a convenient place for a regression test. + */ +TEST_F(Bmap, spurious_einval) +{ + const off_t filesize = 4ull << 30; + const ino_t ino = 42; + int fd, r; + char buf[1]; + + expect_lookup(RELPATH, 42, filesize); + expect_open(ino, 0, 1); + EXPECT_CALL(*m_mock, process( + ResultOf([=](auto in) { + return (in.header.opcode == FUSE_BMAP && + in.header.nodeid == ino); + }, Eq(true)), + _) + ).WillRepeatedly(Invoke(ReturnErrno(EINVAL))); + EXPECT_CALL(*m_mock, process( + ResultOf([=](auto in) { + return (in.header.opcode == FUSE_READ && + in.header.nodeid == ino && + in.body.read.offset == 0 && + in.body.read.size == (uint64_t)m_maxbcachebuf); + }, Eq(true)), + _) + ).WillOnce(Invoke(ReturnImmediate([=](auto in, auto& out) { + size_t osize = in.body.read.size; + + assert(osize < sizeof(out.body.bytes)); + out.header.len = sizeof(struct fuse_out_header) + osize; + bzero(out.body.bytes, osize); + }))); + + fd = open(FULLPATH, O_RDWR); + ASSERT_LE(0, fd) << strerror(errno); + + /* + * Read the same block multiple times. On a system affected by PR + * 264196 , the second read will fail. + */ + r = read(fd, buf, sizeof(buf)); + EXPECT_EQ(r, 1) << strerror(errno); + r = read(fd, buf, sizeof(buf)); + EXPECT_EQ(r, 1) << strerror(errno); + r = read(fd, buf, sizeof(buf)); + EXPECT_EQ(r, 1) << strerror(errno); +} + /* * VOP_BMAP should not query the server for the file's size, even if its cached * attributes have expired. From nobody Thu Mar 26 15:08:21 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhRx13zrvz6RfJh for ; Thu, 26 Mar 2026 15:08:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhRx11Sr5z3ms6 for ; Thu, 26 Mar 2026 15:08:21 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774537701; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ATKAcbQHoHoBUumju3T0HIE38eUfqzI48QLeeZJdgGc=; b=LY3GIZFa8fpgDgMWsir9kZsP273K+u5QyrLAEtqCHJ/uzPkADOc23Re5g+1/DgpUitgMYO vc5hgZsGp0vHxx2av8B6XonCJLTR3Zbov+ukYTPh9w6+mblXJdXrzzfFcE///a3NaZ7D2j TdDYA4JzSwr5wJtWDJIbdSonhpCK4ojsEoePZLxYHjx7fwyUlOkHnR1Q+jU1Lh4pRiJUDz o6btLO1MT894OpI/q2rjOkyooKVetrhFRJlSXX10NsUiWnsTtVEjG1XauPI3AXUQKXPW5n 32PmCXdT0XLy7TC9esuZE+r8jORFI/dqwOLTek1OO4CIkkrEE7x2IxpP29oA4Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774537701; a=rsa-sha256; cv=none; b=A4g0nQYP5ZBJZP4pfRPIZ7CGTqnH9bf9HVCJmLw7fnPf1m9ZLoA/GHz1q89Fjg4++9W9IO NczPUfufD2w5Qz55UyXGGfArHH9hX94v4MfiFmlCIILct/M9U1ygY/fQO6HaNasdJaujQD ObsKzHEc5cY7v9Un7mhm1dkLuZqa8nnWgwNUl9jxu7DfdPjswqbOV5rpbMqfWGbMiA6URA 598EcRkVr3vj/OFm5+dbd7Ga1CXbPDhX4/SlKFSTtsgXctQHJ5Q2cjadvojpc4j9/4sd4Q x3GgAo8jass6XuJbtOx0jKcUXARcl6TwqvAjrMTyuzrTBImi7/ArM9fzh18m1Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774537701; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ATKAcbQHoHoBUumju3T0HIE38eUfqzI48QLeeZJdgGc=; b=GefdPQB4c+tuNbIwKYLYiq7v7vQ+LV0Nn1Qz0xQjHsDvmgHAZiTHPI2Bwg++MtmUIYuQAh bN3tTXvgGJAMO151OKV6n+OfKN0omOTC1h43orHW0diLyQTzg0KvEYFuBy5lr4oQMIiZZs z5GyYiZc4O7lgIeyVjRxLuLp4ULTNxYHRR8socQT16jW7st6s6VrH2K5vAuqEwyKlODAZE yhnWrUYk7z2dzG+hOOOlw02TpVdfTCC03aLlNGxso/XAo/AQoNjHN6hJzrkcRlfE9QZNcf RGaaXcAq2gb/hXHWZyBzmYGsqdgJ/hNonLB++t/+U81aWukSl6+gRifqy3ddgw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhRx111sRzxbf for ; Thu, 26 Mar 2026 15:08:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 2231d by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 15:08:21 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Alan Somers Subject: git: 6a1ebd14aa96 - stable/15 - fusefs: redo vnode attribute locking List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: asomers X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 6a1ebd14aa96f9876c5bd96a33ebc76b2d0d44d8 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 15:08:21 +0000 Message-Id: <69c54be5.2231d.19fcfc1f@gitrepo.freebsd.org> The branch stable/15 has been updated by asomers: URL: https://cgit.FreeBSD.org/src/commit/?id=6a1ebd14aa96f9876c5bd96a33ebc76b2d0d44d8 commit 6a1ebd14aa96f9876c5bd96a33ebc76b2d0d44d8 Author: Alan Somers AuthorDate: 2026-01-23 21:23:51 +0000 Commit: Alan Somers CommitDate: 2026-03-26 15:02:28 +0000 fusefs: redo vnode attribute locking Previously most fields in fuse_vnode_data were protected by the vnode lock. But because DEBUG_VFS_LOCKS was never enabled by default until stable/15 the assertions were never checked, and many were wrong. Others were missing. This led to panics in stable/15 and 16.0-CURRENT, when a vnode was expected to be exclusively locked but wasn't, for fuse file systems that mount with "-o async". In some places it isn't possible to exclusively lock the vnode when accessing these fields. So protect them with a new mutex instead. This fixes panics and unprotected field accesses in VOP_READ, VOP_COPY_FILE_RANGE, VOP_GETATTR, VOP_BMAP, and FUSE_NOTIFY_INVAL_ENTRY. Add assertions everywhere the protected fields are accessed. Lock the vnode exclusively when handling FUSE_NOTIFY_INVAL_INODE. During fuse_vnode_setsize, if the vnode isn't already exclusively locked, use the vn_delayed_setsize mechanism. This fixes panics during VOP_READ or VOP_GETATTR. Also, ensure that fuse_vnop_rename locks the "from" vnode. Finally, reorder elements in struct fuse_vnode_data to reduce the structure size. Fixes: 283391 Reported by: kargl, markj, vishwin, Abdelkader Boudih, groenveld@acm.org Sponsored by: ConnectWise Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D55230 (cherry picked from commit 7e68af7ce2c1b892954df415774fe59fd2f1b62f) --- sys/fs/fuse/fuse_file.c | 8 +- sys/fs/fuse/fuse_internal.c | 42 +++++---- sys/fs/fuse/fuse_io.c | 21 ++++- sys/fs/fuse/fuse_node.c | 89 ++++++++++++++++---- sys/fs/fuse/fuse_node.h | 91 +++++++++++++++++--- sys/fs/fuse/fuse_vfsops.c | 2 + sys/fs/fuse/fuse_vnops.c | 81 ++++++++++++++++-- tests/sys/fs/fusefs/bmap.cc | 34 +++++--- tests/sys/fs/fusefs/notify.cc | 38 ++++++--- tests/sys/fs/fusefs/read.cc | 192 ++++++++++++++++++++++++++++++++++++++++++ tests/sys/fs/fusefs/rename.cc | 90 ++++++++++++++++++++ 11 files changed, 609 insertions(+), 79 deletions(-) diff --git a/sys/fs/fuse/fuse_file.c b/sys/fs/fuse/fuse_file.c index 5f5819c2ccae..2cb8ef84e511 100644 --- a/sys/fs/fuse/fuse_file.c +++ b/sys/fs/fuse/fuse_file.c @@ -194,6 +194,8 @@ fuse_filehandle_close(struct vnode *vp, struct fuse_filehandle *fufh, int err = 0; int op = FUSE_RELEASE; + ASSERT_VOP_ELOCKED(vp, __func__); + if (fuse_isdeadfs(vp)) { goto out; } @@ -381,7 +383,11 @@ fuse_filehandle_init(struct vnode *vp, fufh_type_t fufh_type, } else { if ((foo->open_flags & FOPEN_KEEP_CACHE) == 0) fuse_io_invalbuf(vp, td); - VTOFUD(vp)->flag &= ~FN_DIRECTIO; + /* + * XXX Update the flag without the lock for now. See + * https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293088 + */ + VTOFUD(vp)->flag &= ~FN_DIRECTIO; } } diff --git a/sys/fs/fuse/fuse_internal.c b/sys/fs/fuse/fuse_internal.c index eba0a8a79ff3..c902b93a4946 100644 --- a/sys/fs/fuse/fuse_internal.c +++ b/sys/fs/fuse/fuse_internal.c @@ -262,7 +262,7 @@ fuse_internal_cache_attrs(struct vnode *vp, struct fuse_attr *attr, fvdat = VTOFUD(vp); data = fuse_get_mpdata(mp); - ASSERT_VOP_ELOCKED(vp, "fuse_internal_cache_attrs"); + ASSERT_CACHED_ATTRS_LOCKED(vp); fuse_validity_2_bintime(attr_valid, attr_valid_nsec, &fvdat->attr_cache_timeout); @@ -478,7 +478,9 @@ fuse_internal_invalidate_entry(struct mount *mp, struct uio *uio) cn.cn_namelen = fnieo.namelen; err = cache_lookup(dvp, &vp, &cn, NULL, NULL); MPASS(err == 0); + CACHED_ATTR_LOCK(dvp); fuse_vnode_clear_attr_cache(dvp); + CACHED_ATTR_UNLOCK(dvp); vput(dvp); return (0); } @@ -498,8 +500,8 @@ fuse_internal_invalidate_inode(struct mount *mp, struct uio *uio) if (fniio.ino == FUSE_ROOT_ID) err = VFS_ROOT(mp, LK_EXCLUSIVE, &vp); else - err = fuse_internal_get_cached_vnode(mp, fniio.ino, LK_SHARED, - &vp); + err = fuse_internal_get_cached_vnode(mp, fniio.ino, + LK_EXCLUSIVE, &vp); SDT_PROBE2(fusefs, , internal, invalidate_inode, vp, &fniio); if (err != 0 || vp == NULL) return (err); @@ -694,6 +696,8 @@ fuse_internal_remove(struct vnode *dvp, nlink_t nlink; int err = 0; + ASSERT_CACHED_ATTRS_LOCKED(vp); + fdisp_init(&fdi, cnp->cn_namelen + 1); fdisp_make_vp(&fdi, op, dvp, curthread, cnp->cn_cred); @@ -891,15 +895,9 @@ fuse_internal_do_getattr(struct vnode *vp, struct vattr *vap, struct fuse_vnode_data *fvdat = VTOFUD(vp); struct fuse_getattr_in *fgai; struct fuse_attr_out *fao; - off_t old_filesize = fvdat->cached_attrs.va_size; - struct timespec old_atime = fvdat->cached_attrs.va_atime; - struct timespec old_ctime = fvdat->cached_attrs.va_ctime; - struct timespec old_mtime = fvdat->cached_attrs.va_mtime; __enum_uint8(vtype) vtyp; int err; - ASSERT_VOP_LOCKED(vp, __func__); - fdisp_init(&fdi, sizeof(*fgai)); fdisp_make_vp(&fdi, FUSE_GETATTR, vp, td, cred); fgai = fdi.indata; @@ -917,22 +915,27 @@ fuse_internal_do_getattr(struct vnode *vp, struct vattr *vap, fao = (struct fuse_attr_out *)fdi.answ; vtyp = IFTOVT(fao->attr.mode); + + CACHED_ATTR_LOCK(vp); if (fvdat->flag & FN_SIZECHANGE) - fao->attr.size = old_filesize; + fao->attr.size = fvdat->cached_attrs.va_size; if (fvdat->flag & FN_ATIMECHANGE) { - fao->attr.atime = old_atime.tv_sec; - fao->attr.atimensec = old_atime.tv_nsec; + fao->attr.atime = fvdat->cached_attrs.va_atime.tv_sec; + fao->attr.atimensec = fvdat->cached_attrs.va_atime.tv_nsec; } if (fvdat->flag & FN_CTIMECHANGE) { - fao->attr.ctime = old_ctime.tv_sec; - fao->attr.ctimensec = old_ctime.tv_nsec; + fao->attr.ctime = fvdat->cached_attrs.va_ctime.tv_sec; + fao->attr.ctimensec = fvdat->cached_attrs.va_ctime.tv_nsec; } if (fvdat->flag & FN_MTIMECHANGE) { - fao->attr.mtime = old_mtime.tv_sec; - fao->attr.mtimensec = old_mtime.tv_nsec; + fao->attr.mtime = fvdat->cached_attrs.va_mtime.tv_sec; + fao->attr.mtimensec = fvdat->cached_attrs.va_mtime.tv_nsec; } + fuse_internal_cache_attrs(vp, &fao->attr, fao->attr_valid, fao->attr_valid_nsec, vap, true); + + CACHED_ATTR_UNLOCK(vp); if (vtyp != vnode_vtype(vp)) { fuse_internal_vnode_disappear(vp); err = ENOENT; @@ -950,10 +953,13 @@ fuse_internal_getattr(struct vnode *vp, struct vattr *vap, struct ucred *cred, { struct vattr *attrs; + CACHED_ATTR_LOCK(vp); if ((attrs = VTOVA(vp)) != NULL) { *vap = *attrs; /* struct copy */ + CACHED_ATTR_UNLOCK(vp); return 0; - } + } else + CACHED_ATTR_UNLOCK(vp); return fuse_internal_do_getattr(vp, vap, cred, td); } @@ -1141,7 +1147,7 @@ int fuse_internal_setattr(struct vnode *vp, struct vattr *vap, int err = 0; __enum_uint8(vtype) vtyp; - ASSERT_VOP_ELOCKED(vp, __func__); + ASSERT_CACHED_ATTRS_LOCKED(vp); mp = vnode_mount(vp); fvdat = VTOFUD(vp); diff --git a/sys/fs/fuse/fuse_io.c b/sys/fs/fuse/fuse_io.c index 0760d7641c7d..9f864e48effc 100644 --- a/sys/fs/fuse/fuse_io.c +++ b/sys/fs/fuse/fuse_io.c @@ -401,6 +401,7 @@ retry: fuse_warn(data, FSESS_WARN_WROTE_LONG, "wrote more data than we provided it."); /* This is bonkers. Clear attr cache. */ + ASSERT_CACHED_ATTRS_LOCKED(vp); fvdat->flag &= ~FN_SIZECHANGE; fuse_vnode_clear_attr_cache(vp); err = EINVAL; @@ -416,8 +417,10 @@ retry: fuse_vnode_setsize(vp, as_written_offset, false); getnanouptime(&fvdat->last_local_modify); } - if (as_written_offset - diff >= filesize) + if (as_written_offset - diff >= filesize) { + ASSERT_CACHED_ATTRS_LOCKED(vp); fvdat->flag &= ~FN_SIZECHANGE; + } if (diff > 0) { /* Short write */ @@ -454,8 +457,11 @@ retry: fdisp_destroy(&fdi); - if (wrote_anything) + if (wrote_anything) { + CACHED_ATTR_LOCK(vp); fuse_vnode_undirty_cached_timestamps(vp, false); + CACHED_ATTR_UNLOCK(vp); + } vn_rlimit_fsizex_res(uio, r); return (err); @@ -556,6 +562,7 @@ again: err = fuse_vnode_setsize(vp, uio->uio_offset + n, false); filesize = uio->uio_offset + n; getnanouptime(&fvdat->last_local_modify); + ASSERT_CACHED_ATTRS_LOCKED(vp); fvdat->flag |= FN_SIZECHANGE; if (err) { brelse(bp); @@ -806,6 +813,7 @@ fuse_io_strategy(struct vnode *vp, struct buf *bp) left = uiop->uio_resid; bzero((char *)bp->b_data + nread, left); + CACHED_ATTR_LOCK(vp); if ((fvdat->flag & FN_SIZECHANGE) == 0) { /* * A short read with no error, when not using @@ -838,6 +846,7 @@ fuse_io_strategy(struct vnode *vp, struct buf *bp) "Short read of a dirty file"); uiop->uio_resid = 0; } + CACHED_ATTR_UNLOCK(vp); } if (error) { bp->b_ioflags |= BIO_ERROR; @@ -855,10 +864,18 @@ fuse_io_strategy(struct vnode *vp, struct buf *bp) * anything about it. In particular, we can't invalidate any * part of the file's buffers because VOP_STRATEGY is called * with them already locked. + * + * Normally the vnode should be exclusively locked at this + * point. However, if clustered reads are in use, then in a + * mixed read-write workload getblkx may need to flush a + * partially written buffer to disk during a read. In such a + * case, the vnode may only have a shared lock at this point. */ + CACHED_ATTR_LOCK(vp); filesize = fvdat->cached_attrs.va_size; /* filesize must've been cached by fuse_vnop_open. */ KASSERT(filesize != VNOVAL, ("filesize should've been cached")); + CACHED_ATTR_UNLOCK(vp); if ((off_t)bp->b_lblkno * biosize + bp->b_dirtyend > filesize) bp->b_dirtyend = filesize - diff --git a/sys/fs/fuse/fuse_node.c b/sys/fs/fuse/fuse_node.c index 742dc66bcafc..f4fb993a7ca1 100644 --- a/sys/fs/fuse/fuse_node.c +++ b/sys/fs/fuse/fuse_node.c @@ -157,6 +157,8 @@ fuse_vnode_init(struct vnode *vp, struct fuse_vnode_data *fvdat, fvdat->nid = nodeid; LIST_INIT(&fvdat->handles); + mtx_init(&fvdat->cached_attr_mtx, "fuse attr cache mutex", NULL, + MTX_DEF); vattr_null(&fvdat->cached_attrs); fvdat->cached_attrs.va_birthtime.tv_sec = -1; fvdat->cached_attrs.va_birthtime.tv_nsec = 0; @@ -181,6 +183,7 @@ fuse_vnode_destroy(struct vnode *vp) struct fuse_vnode_data *fvdat = vp->v_data; vp->v_data = NULL; + mtx_destroy(&fvdat->cached_attr_mtx); KASSERT(LIST_EMPTY(&fvdat->handles), ("Destroying fuse vnode with open files!")); free(fvdat, M_FUSEVN); @@ -386,7 +389,8 @@ fuse_vnode_savesize(struct vnode *vp, struct ucred *cred, pid_t pid) struct fuse_setattr_in *fsai; int err = 0; - ASSERT_VOP_ELOCKED(vp, "fuse_io_extend"); + ASSERT_VOP_ELOCKED(vp, __func__); /* For flag and last_local_modify */ + ASSERT_CACHED_ATTRS_LOCKED(vp); if (fuse_isdeadfs(vp)) { return EBADF; @@ -439,10 +443,10 @@ fuse_vnode_setsize(struct vnode *vp, off_t newsize, bool from_server) struct vattr *attrs; off_t oldsize; size_t iosize; - struct buf *bp = NULL; int err = 0; - ASSERT_VOP_ELOCKED(vp, "fuse_vnode_setsize"); + ASSERT_VOP_LOCKED(vp, __func__); + ASSERT_CACHED_ATTRS_LOCKED(vp); iosize = fuse_iosize(vp); oldsize = fvdat->cached_attrs.va_size; @@ -450,7 +454,45 @@ fuse_vnode_setsize(struct vnode *vp, off_t newsize, bool from_server) if ((attrs = VTOVA(vp)) != NULL) attrs->va_size = newsize; - if (newsize < oldsize) { + if (from_server && newsize > oldsize && oldsize != VNOVAL) { + /* + * The FUSE server changed the file size behind our back. We + * should invalidate the entire cache. + */ + daddr_t end_lbn; + + end_lbn = howmany(newsize, iosize); + v_inval_buf_range(vp, 0, end_lbn, iosize); + } + + if (VOP_ISLOCKED(vp) == LK_EXCLUSIVE) { + err = fuse_vnode_setsize_immediate(vp, newsize < oldsize); + } else { + /* Without an exclusive vnode lock, we must defer the operation */ + fvdat->flag |= FN_DELAYED_TRUNCATE; + vn_delayed_setsize(vp); + } + + return err; +} + +/* Immediately set the vnode's size in the pager */ +int +fuse_vnode_setsize_immediate(struct vnode *vp, bool shrink) +{ + struct fuse_vnode_data *fvdat = VTOFUD(vp); + struct buf *bp = NULL; + size_t iosize; + off_t newsize; + int err = 0; + + MPASS(fvdat); + ASSERT_VOP_ELOCKED(vp, __func__); + + iosize = fuse_iosize(vp); + newsize = fvdat->cached_attrs.va_size; + + if (shrink) { daddr_t lbn; err = vtruncbuf(vp, newsize, fuse_iosize(vp)); @@ -474,21 +516,13 @@ fuse_vnode_setsize(struct vnode *vp, off_t newsize, bool from_server) MPASS(bp->b_flags & B_VMIO); vfs_bio_clrbuf(bp); bp->b_dirtyend = MIN(bp->b_dirtyend, newsize - lbn * iosize); - } else if (from_server && newsize > oldsize && oldsize != VNOVAL) { - /* - * The FUSE server changed the file size behind our back. We - * should invalidate the entire cache. - */ - daddr_t end_lbn; - - end_lbn = howmany(newsize, iosize); - v_inval_buf_range(vp, 0, end_lbn, iosize); } out: if (bp) brelse(bp); vnode_pager_setsize(vp, newsize); - return err; + + return (err); } /* Get the current, possibly dirty, size of the file */ @@ -497,15 +531,28 @@ fuse_vnode_size(struct vnode *vp, off_t *filesize, struct ucred *cred, struct thread *td) { struct fuse_vnode_data *fvdat = VTOFUD(vp); + struct vattr va; int error = 0; + ASSERT_VOP_LOCKED(vp, __func__); + + CACHED_ATTR_LOCK(vp); if (!(fvdat->flag & FN_SIZECHANGE) && (!fuse_vnode_attr_cache_valid(vp) || - fvdat->cached_attrs.va_size == VNOVAL)) - error = fuse_internal_do_getattr(vp, NULL, cred, td); - - if (!error) + fvdat->cached_attrs.va_size == VNOVAL)) { + CACHED_ATTR_UNLOCK(vp); + /* + * It incurs a large struct copy, but we supply &va so we don't + * have to acquire the lock a second time after + * fuse_internal_do_getattr returns. + */ + error = fuse_internal_do_getattr(vp, &va, cred, td); + if (!error) + *filesize = va.va_size; + } else { *filesize = fvdat->cached_attrs.va_size; + CACHED_ATTR_UNLOCK(vp); + } return error; } @@ -515,6 +562,8 @@ fuse_vnode_undirty_cached_timestamps(struct vnode *vp, bool atime) { struct fuse_vnode_data *fvdat = VTOFUD(vp); + ASSERT_CACHED_ATTRS_LOCKED(vp); + fvdat->flag &= ~(FN_MTIMECHANGE | FN_CTIMECHANGE); if (atime) fvdat->flag &= ~FN_ATIMECHANGE; @@ -537,6 +586,8 @@ fuse_vnode_update(struct vnode *vp, int flags) if (mp->mnt_flag & MNT_NOATIME) flags &= ~FN_ATIMECHANGE; + CACHED_ATTR_LOCK(vp); + if (flags & FN_ATIMECHANGE) fvdat->cached_attrs.va_atime = ts; if (flags & FN_MTIMECHANGE) @@ -545,6 +596,8 @@ fuse_vnode_update(struct vnode *vp, int flags) fvdat->cached_attrs.va_ctime = ts; fvdat->flag |= flags; + + CACHED_ATTR_UNLOCK(vp); } void diff --git a/sys/fs/fuse/fuse_node.h b/sys/fs/fuse/fuse_node.h index 97774de9eeb5..b6e388d01702 100644 --- a/sys/fs/fuse/fuse_node.h +++ b/sys/fs/fuse/fuse_node.h @@ -79,6 +79,11 @@ * cache_attrs.va_size field does not time out. */ #define FN_SIZECHANGE 0x00000100 +/* + * Whether I/O to this vnode should bypass the cache. + * XXX BUG: this should be part of the file handle, not the vnode data. + * https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293088 + */ #define FN_DIRECTIO 0x00000200 /* Indicates that parent_nid is valid */ #define FN_PARENT_NID 0x00000400 @@ -92,38 +97,81 @@ #define FN_CTIMECHANGE 0x00001000 #define FN_ATIMECHANGE 0x00002000 +/* vop_delayed_setsize should truncate the file */ +#define FN_DELAYED_TRUNCATE 0x00004000 + +#define CACHED_ATTR_LOCK(vp) \ +do { \ + ASSERT_VOP_LOCKED(vp, __func__); \ + if (VOP_ISLOCKED(vp) != LK_EXCLUSIVE) \ + mtx_lock(&VTOFUD(vp)->cached_attr_mtx); \ +} while(0) + +#define CACHED_ATTR_UNLOCK(vp) \ +do { \ + ASSERT_VOP_LOCKED(vp, __func__); \ + if (VOP_ISLOCKED(vp) != LK_EXCLUSIVE) \ + mtx_unlock(&VTOFUD(vp)->cached_attr_mtx); \ +} while(0) + struct fuse_vnode_data { - /** self **/ + /* self's node id, similar to an inode number. Immutable. */ uint64_t nid; + /* + * Generation number. Distinguishes files with same nid but that don't + * overlap in time. Immutable. + */ uint64_t generation; - /** parent **/ + /* parent's node id. Protected by the vnode lock. */ uint64_t parent_nid; /** I/O **/ - /* List of file handles for all of the vnode's open file descriptors */ + /* + * List of file handles for all of the vnode's open file descriptors. + * Protected by the vnode lock. + */ LIST_HEAD(, fuse_filehandle) handles; - /** flags **/ - uint32_t flag; + /* Protects flag, attr_cache_timeout and cached_attrs */ + struct mtx cached_attr_mtx; - /** meta **/ - /* The monotonic time after which the attr cache is invalid */ + /* + * The monotonic time after which the attr cache is invalid + * Protected by an exclusive vnode lock or the cached_attr_mtx + */ struct bintime attr_cache_timeout; - /* + + /* * Monotonic time after which the entry is invalid. Used for lookups - * by nodeid instead of pathname. + * by nodeid instead of pathname. Protected by the vnode lock. */ struct bintime entry_cache_timeout; + /* * Monotonic time of the last FUSE operation that modified the file * size. Used to avoid races between mutator ops like VOP_SETATTR and - * unlocked accessor ops like VOP_LOOKUP. + * unlocked accessor ops like VOP_LOOKUP. Protected by the vnode lock. */ struct timespec last_local_modify; + + /* Protected by an exclusive vnode lock or the cached_attr_mtx */ struct vattr cached_attrs; + + /* Number of FUSE_LOOKUPs minus FUSE_FORGETs. Protected by vnode lock */ uint64_t nlookup; + + /* + * Misc flags. Protected by an exclusive vnode lock or the + * cached_attr_mtx, because some of the flags reflect the contents of + * cached_attrs. + */ + uint32_t flag; + + /* Vnode type. Immutable */ __enum_uint8(vtype) vtype; + + /* State for clustered writes. Protected by vnode lock */ struct vn_clusterw clusterw; }; @@ -141,18 +189,32 @@ struct fuse_fid { #define VTOFUD(vp) \ ((struct fuse_vnode_data *)((vp)->v_data)) #define VTOI(vp) (VTOFUD(vp)->nid) + +#define ASSERT_CACHED_ATTRS_LOCKED(vp) \ +do { \ + ASSERT_VOP_LOCKED(vp, __func__); \ + VNASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE || \ + mtx_owned(&VTOFUD(vp)->cached_attr_mtx), vp, \ + ("cached attrs not locked")); \ +} while(0) + static inline bool fuse_vnode_attr_cache_valid(struct vnode *vp) { + struct fuse_vnode_data *fvdat = VTOFUD(vp); struct bintime now; + ASSERT_CACHED_ATTRS_LOCKED(vp); + getbinuptime(&now); - return (bintime_cmp(&(VTOFUD(vp)->attr_cache_timeout), &now, >)); + return (bintime_cmp(&fvdat->attr_cache_timeout, &now, >)); } static inline struct vattr* VTOVA(struct vnode *vp) { + ASSERT_CACHED_ATTRS_LOCKED(vp); + if (fuse_vnode_attr_cache_valid(vp)) return &(VTOFUD(vp)->cached_attrs); else @@ -162,6 +224,8 @@ VTOVA(struct vnode *vp) static inline void fuse_vnode_clear_attr_cache(struct vnode *vp) { + ASSERT_CACHED_ATTRS_LOCKED(vp); + bintime_clear(&VTOFUD(vp)->attr_cache_timeout); } @@ -184,10 +248,14 @@ static inline void fuse_vnode_setparent(struct vnode *vp, struct vnode *dvp) { if (dvp != NULL && vp->v_type == VDIR) { + ASSERT_VOP_ELOCKED(vp, __func__); /* for parent_nid */ + MPASS(dvp->v_type == VDIR); VTOFUD(vp)->parent_nid = VTOI(dvp); VTOFUD(vp)->flag |= FN_PARENT_NID; } else { + ASSERT_CACHED_ATTRS_LOCKED(vp); + VTOFUD(vp)->flag &= ~FN_PARENT_NID; } } @@ -207,6 +275,7 @@ void fuse_vnode_open(struct vnode *vp, int32_t fuse_open_flags, int fuse_vnode_savesize(struct vnode *vp, struct ucred *cred, pid_t pid); int fuse_vnode_setsize(struct vnode *vp, off_t newsize, bool from_server); +int fuse_vnode_setsize_immediate(struct vnode *vp, bool shrink); void fuse_vnode_undirty_cached_timestamps(struct vnode *vp, bool atime); diff --git a/sys/fs/fuse/fuse_vfsops.c b/sys/fs/fuse/fuse_vfsops.c index e7a34f716370..b22adb58dad1 100644 --- a/sys/fs/fuse/fuse_vfsops.c +++ b/sys/fs/fuse/fuse_vfsops.c @@ -600,6 +600,8 @@ fuse_vfsop_vget(struct mount *mp, ino_t ino, int flags, struct vnode **vpp) error = fuse_vnode_get(mp, feo, nodeid, NULL, vpp, NULL, vtyp); if (error) goto out; + /* for last_local_modify and fuse_internal_cache_attrs */ + ASSERT_VOP_ELOCKED(*vpp, __func__); fvdat = VTOFUD(*vpp); if (timespeccmp(&now, &fvdat->last_local_modify, >)) { diff --git a/sys/fs/fuse/fuse_vnops.c b/sys/fs/fuse/fuse_vnops.c index e3d475135c90..80db04a25166 100644 --- a/sys/fs/fuse/fuse_vnops.c +++ b/sys/fs/fuse/fuse_vnops.c @@ -133,6 +133,7 @@ static vop_close_t fuse_vnop_close; static vop_copy_file_range_t fuse_vnop_copy_file_range; static vop_create_t fuse_vnop_create; static vop_deallocate_t fuse_vnop_deallocate; +static vop_delayed_setsize_t fuse_vnop_delayed_setsize; static vop_deleteextattr_t fuse_vnop_deleteextattr; static vop_fdatasync_t fuse_vnop_fdatasync; static vop_fsync_t fuse_vnop_fsync; @@ -190,6 +191,7 @@ struct vop_vector fuse_vnops = { .vop_copy_file_range = fuse_vnop_copy_file_range, .vop_create = fuse_vnop_create, .vop_deallocate = fuse_vnop_deallocate, + .vop_delayed_setsize = fuse_vnop_delayed_setsize, .vop_deleteextattr = fuse_vnop_deleteextattr, .vop_fsync = fuse_vnop_fsync, .vop_fdatasync = fuse_vnop_fdatasync, @@ -628,6 +630,8 @@ fuse_vnop_allocate(struct vop_allocate_args *ap) return (EXTERROR(EINVAL, "This server does not implement " "FUSE_FALLOCATE")); + ASSERT_CACHED_ATTRS_LOCKED(vp); + io.uio_offset = *offset; io.uio_resid = *len; err = vn_rlimit_fsize(vp, &io, curthread); @@ -700,7 +704,7 @@ fuse_vnop_bmap(struct vop_bmap_args *ap) struct fuse_data *data; struct fuse_vnode_data *fvdat = VTOFUD(vp); uint64_t biosize; - off_t fsize; + off_t fsize = VNOVAL; daddr_t lbn = ap->a_bn; daddr_t *pbn = ap->a_bnp; int *runp = ap->a_runp; @@ -743,9 +747,10 @@ fuse_vnop_bmap(struct vop_bmap_args *ap) * and the risk of getting it wrong is not worth the cost of * another upcall. */ - if (fvdat->cached_attrs.va_size != VNOVAL) - fsize = fvdat->cached_attrs.va_size; - else + CACHED_ATTR_LOCK(vp); + fsize = fvdat->cached_attrs.va_size; + CACHED_ATTR_UNLOCK(vp); + if (fsize == VNOVAL) error = fuse_vnode_size(vp, &fsize, td->td_ucred, td); if (error == 0) *runp = MIN(MAX(0, fsize / (off_t)biosize - lbn - 1), @@ -815,6 +820,7 @@ fuse_vnop_close(struct vop_close_args *ap) cred = td->td_ucred; err = fuse_flush(vp, cred, pid, fflag); + ASSERT_CACHED_ATTRS_LOCKED(vp); /* For fvdat->flag */ if (err == 0 && (fvdat->flag & FN_ATIMECHANGE) && !vfs_isrdonly(mp)) { struct vattr vap; struct fuse_data *data; @@ -832,6 +838,7 @@ fuse_vnop_close(struct vop_close_args *ap) } if (access_e == 0) { VATTR_NULL(&vap); + ASSERT_CACHED_ATTRS_LOCKED(vp); vap.va_atime = fvdat->cached_attrs.va_atime; /* * Ignore errors setting when setting atime. That @@ -956,6 +963,7 @@ fuse_vnop_copy_file_range(struct vop_copy_file_range_args *ap) *ap->a_inoffp += fwo->size; *ap->a_outoffp += fwo->size; fuse_internal_clear_suid_on_write(outvp, outcred, td); + ASSERT_CACHED_ATTRS_LOCKED(outvp); if (*ap->a_outoffp > outfvdat->cached_attrs.va_size) { fuse_vnode_setsize(outvp, *ap->a_outoffp, false); getnanouptime(&outfvdat->last_local_modify); @@ -1258,6 +1266,7 @@ fuse_vnop_inactive(struct vop_inactive_args *ap) int need_flush = 1; + ASSERT_CACHED_ATTRS_LOCKED(vp); /* For fvdat->flag */ LIST_FOREACH_SAFE(fufh, &fvdat->handles, next, fufh_tmp) { if (need_flush && vp->v_type == VREG) { if ((VTOFUD(vp)->flag & FN_SIZECHANGE) != 0) { @@ -1474,6 +1483,7 @@ fuse_vnop_lookup(struct vop_lookup_args *ap) else if ((err = fuse_internal_access(dvp, VEXEC, td, cred))) return err; + ASSERT_CACHED_ATTRS_LOCKED(dvp); /* For flag */ is_dot = cnp->cn_namelen == 1 && *(cnp->cn_nameptr) == '.'; if (isdotdot && !(data->dataflags & FSESS_EXPORT_SUPPORT)) { if (!(VTOFUD(dvp)->flag & FN_PARENT_NID)) { @@ -1877,6 +1887,10 @@ fuse_vnop_read(struct vop_read_args *ap) "to be closed")); } + /* + * XXX Check this flag without the lock. See + * https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293088 + */ if (VTOFUD(vp)->flag & FN_DIRECTIO) { ioflag |= IO_DIRECT; } @@ -2137,6 +2151,8 @@ fuse_vnop_remove(struct vop_remove_args *ap) return err; } +SDT_PROBE_DEFINE4(fusefs, , vnops, erelookup, "struct vnode*", + "struct vnode*", "struct vnode*", "struct vnode*"); /* struct vnop_rename_args { struct vnode *a_fdvp; @@ -2159,6 +2175,7 @@ fuse_vnop_rename(struct vop_rename_args *ap) struct fuse_data *data; bool newparent = fdvp != tdvp; bool isdir = fvp->v_type == VDIR; + int locktype; int err = 0; if (fuse_isdeadfs(fdvp)) { @@ -2187,11 +2204,32 @@ fuse_vnop_rename(struct vop_rename_args *ap) * have write permission to it, so ".." can be modified. */ data = fuse_get_mpdata(vnode_mount(tdvp)); + + if (tdvp != fdvp) + locktype = LK_EXCLUSIVE; /* for fuse_vnode_setparent */ + else + locktype = LK_SHARED; + + /* + * Must use LK_NOWAIT to prevent LORs between fvp and tdvp or + * tvp + */ + if (vn_lock(fvp, locktype | LK_NOWAIT) != 0) { + /* + * Can't release tdvp or tvp to try avoiding the LOR. + * Must return instead. + */ + SDT_PROBE4(fusefs, , vnops, erelookup, fdvp, fvp, tdvp, + tvp); + err = ERELOOKUP; + goto out; + } + if (data->dataflags & FSESS_DEFAULT_PERMISSIONS && isdir && newparent) { err = fuse_internal_access(fvp, VWRITE, curthread, tcnp->cn_cred); if (err) - goto out; + goto unlock; } err = fuse_internal_rename(fdvp, fcnp, tdvp, tcnp); if (err == 0) { @@ -2210,6 +2248,8 @@ fuse_vnop_rename(struct vop_rename_args *ap) } cache_purge(fdvp); } +unlock: + VOP_UNLOCK(fvp); out: if (tdvp == tvp) { vrele(tdvp); @@ -2485,6 +2525,7 @@ static int fuse_vnop_write(struct vop_write_args *ap) { struct vnode *vp = ap->a_vp; + struct fuse_vnode_data *fvdat = VTOFUD(vp); struct uio *uio = ap->a_uio; int ioflag = ap->a_ioflag; struct ucred *cred = ap->a_cred; @@ -2500,9 +2541,12 @@ fuse_vnop_write(struct vop_write_args *ap) "to be closed")); } - if (VTOFUD(vp)->flag & FN_DIRECTIO) { + /* + * XXX Check this flag without the lock. See + * https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293088 + */ + if (fvdat->flag & FN_DIRECTIO) ioflag |= IO_DIRECT; - } err = fuse_filehandle_getrw(vp, FWRITE, &fufh, cred, pid); if (err == EBADF && vnode_mount(vp)->mnt_flag & MNT_EXPORTED) { @@ -3136,6 +3180,29 @@ fallback: return (vop_stddeallocate(ap)); } +/* + struct vop_delayed_setsize_args { + struct vop_generic_args a_gen; + struct vnode *a_vp; + }; + */ +static int +fuse_vnop_delayed_setsize(struct vop_delayed_setsize_args *ap) +{ + struct vnode *vp = ap->a_vp; + struct fuse_vnode_data *fvdat = VTOFUD(ap->a_vp); + bool shrink = (fvdat->flag & FN_DELAYED_TRUNCATE) != 0; + int err; + + if (!fvdat) + return (0); + + err = fuse_vnode_setsize_immediate(vp, shrink); + fvdat->flag &= ~FN_DELAYED_TRUNCATE; + + return (err); +} + /* struct vop_deleteextattr_args { struct vop_generic_args a_gen; diff --git a/tests/sys/fs/fusefs/bmap.cc b/tests/sys/fs/fusefs/bmap.cc index e61dadb6d79e..622a3c3debcc 100644 --- a/tests/sys/fs/fusefs/bmap.cc +++ b/tests/sys/fs/fusefs/bmap.cc @@ -44,10 +44,13 @@ using namespace testing; const static char FULLPATH[] = "mountpoint/foo"; const static char RELPATH[] = "foo"; -class Bmap: public FuseTest { +class Bmap: public FuseTest, + public WithParamInterface> +{ public: virtual void SetUp() { m_maxreadahead = UINT32_MAX; + m_init_flags |= get<0>(GetParam()); FuseTest::SetUp(); } void expect_bmap(uint64_t ino, uint64_t lbn, uint32_t blocksize, uint64_t pbn) @@ -73,12 +76,12 @@ void expect_lookup(const char *relpath, uint64_t ino, off_t size) } }; -class BmapEof: public Bmap, public WithParamInterface {}; +class BmapEof: public Bmap {}; /* * Test FUSE_BMAP */ -TEST_F(Bmap, bmap) +TEST_P(Bmap, bmap) { struct fiobmap2_arg arg; /* @@ -124,7 +127,7 @@ TEST_F(Bmap, bmap) * If the daemon does not implement VOP_BMAP, fusefs should return sensible * defaults. */ -TEST_F(Bmap, default_) +TEST_P(Bmap, default_) { struct fiobmap2_arg arg; const off_t filesize = 1 << 30; @@ -181,7 +184,7 @@ TEST_F(Bmap, default_) * The server returns an error for some reason for FUSE_BMAP. fusefs should * faithfully report that error up to the caller. */ -TEST_F(Bmap, einval) +TEST_P(Bmap, einval) { struct fiobmap2_arg arg; const off_t filesize = 1 << 30; @@ -217,7 +220,7 @@ TEST_F(Bmap, einval) * https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264196 . The bug did not * lie in fusefs, but this is a convenient place for a regression test. */ -TEST_F(Bmap, spurious_einval) +TEST_P(Bmap, spurious_einval) { const off_t filesize = 4ull << 30; const ino_t ino = 42; @@ -288,7 +291,7 @@ TEST_P(BmapEof, eof) int fd; int ngetattrs; - ngetattrs = GetParam(); + ngetattrs = get<1>(GetParam()); FuseTest::expect_lookup(RELPATH, ino, mode, filesize, 1, 0); expect_open(ino, 0, 1); // Depending on ngetattrs, FUSE_READ could be called with either @@ -348,6 +351,17 @@ TEST_P(BmapEof, eof) leak(fd); } -INSTANTIATE_TEST_SUITE_P(BE, BmapEof, - Values(1, 2, 3) -); +/* + * Try with and without async reads, because it affects the type of vnode lock + * on entry to fuse_vnop_bmap. + */ +INSTANTIATE_TEST_SUITE_P(B, Bmap, Values( + tuple(0, 0), + tuple(FUSE_ASYNC_READ, 0) +)); + +INSTANTIATE_TEST_SUITE_P(BE, BmapEof, Values( + tuple(0, 1), + tuple(0, 2), + tuple(0, 3) +)); diff --git a/tests/sys/fs/fusefs/notify.cc b/tests/sys/fs/fusefs/notify.cc index d370a1e6e706..69742fb2a54b 100644 --- a/tests/sys/fs/fusefs/notify.cc +++ b/tests/sys/fs/fusefs/notify.cc @@ -47,8 +47,15 @@ using namespace testing; * invalidation. This file tests our client's handling of those messages. */ -class Notify: public FuseTest { +class Notify: public FuseTest, + public WithParamInterface +{ public: +virtual void SetUp() { + m_init_flags |= GetParam(); + FuseTest::SetUp(); +} + /* Ignore an optional FUSE_FSYNC */ void maybe_expect_fsync(uint64_t ino) { @@ -154,7 +161,7 @@ static void* store(void* arg) { } /* Invalidate a nonexistent entry */ -TEST_F(Notify, inval_entry_nonexistent) +TEST_P(Notify, inval_entry_nonexistent) { const static char *name = "foo"; struct inval_entry_args iea; @@ -173,7 +180,7 @@ TEST_F(Notify, inval_entry_nonexistent) } /* Invalidate a cached entry */ -TEST_F(Notify, inval_entry) +TEST_P(Notify, inval_entry) { *** 405 LINES SKIPPED *** From nobody Thu Mar 26 16:02:35 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhT7n4G0Sz6VySX for ; Thu, 26 Mar 2026 16:02:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhT7h3PTCz3tZy for ; Thu, 26 Mar 2026 16:02:40 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774540960; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RUh1wL0eWeks0+H+7/Cu1FeiyiXjEAfN1cgfvYJA9Fk=; b=HRlCQbQKa8UcJ0ilTSe5r0GiggkcYCGBrDHd4cmwbRJlhkAKVYhVF/fcy2RN3K1xmr+lUh 23nQyKO0V4nsTpy0o6s775fM30eWdposNC7JE0B6/k/8vUqwZHKw7PTR/GsWh+aNf14o3y G6QxYgy5wsajQTgoDVKozC7OLdy+HA+Cfp2E54rBLq4HqCRGiSe50hGN/iORp5h+kaD5Om OBHgZleG094IBEuKy0X0Io2cZ4EsR/ZGmG6wyTzxzE0HCEq4F5GUEMamKyVAkP0/pIz4U+ VEOqISp/Shl6ixWAuH08UaVrv+YBBUYGH5iTmElmyiwwev2oFydyqdIQhFdfqA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774540960; a=rsa-sha256; cv=none; b=yIH95fva/SEsnJb6a8FY5KKwtFIbZJGL13NtjzN7x6mb9YLMWh/eI6010iulFo1uPJkfHJ NWjT81o9acS/hxWiDXaFzor0IP3efICivoSxLGOILKhO1+Ds6RWbWi5N3RJot3nBcJuvDL K5eW7p8WiHtJxDjxjxAcqaukXUEvrpvpjgKUdeasVrPZQBSS2RopbSmbQjpvZyRWxyslG5 1mVJAxT+EGYyujKc/WEYiC+nDu5K80XuaBV0fF9392eQtx76+s3VqHlHYfJmMYXFSc4uwC GLtplaTjA1pJeeMQdNdo1PkppP6c5mgh7lzrL0yNqhCsovRk3sR42BwT08frFw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774540960; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RUh1wL0eWeks0+H+7/Cu1FeiyiXjEAfN1cgfvYJA9Fk=; b=Ti7KEqgcS5BGHosmr6sr1/aJhFEoOIvEOH0LD3Gmt96as6IEwXBcb5/WHDE+twU466QlJZ fxW+/dTsLYQc/5nSG4FeuuvIS00qVl5GzlQTRYYiVs8acxuEsMgVfho/YOVru6NhwjSfFK uZI5eXXnXTlrQaB80wWfoEDhWIv3LT9Kzj8GYvntKjUKxZV5SqcyNM6Hr1CUlZJm7n5OeT CiFag28sKtcfpBWTGmoL6SlrOjc9cz9cYMk2yCRn6OoMwBIs4kVMd3s1UR8ESVioNJ+RRh OvaEoU6JFsZDGzg7L2IvGW+BFPySGSNM+qQblWN4AA7RaTE3fwuHSGl7b3BEFg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhT7h2svTz10Ht for ; Thu, 26 Mar 2026 16:02:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 26d3a by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 26 Mar 2026 16:02:35 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Olivier Certner From: Warner Losh Subject: git: 557f50263905 - stable/14 - sys: vt_efifb: EFI not supported on i386; move it back to amd64/NOTES List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: imp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 557f50263905ffa68d748048753ac84658b1bca8 Auto-Submitted: auto-generated Date: Thu, 26 Mar 2026 16:02:35 +0000 Message-Id: <69c5589b.26d3a.1747415c@gitrepo.freebsd.org> The branch stable/14 has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=557f50263905ffa68d748048753ac84658b1bca8 commit 557f50263905ffa68d748048753ac84658b1bca8 Author: Olivier Certner AuthorDate: 2026-01-12 09:28:54 +0000 Commit: Warner Losh CommitDate: 2026-03-26 15:55:49 +0000 sys: vt_efifb: EFI not supported on i386; move it back to amd64/NOTES We do not support EFI boot on i386. Thus: 1. Move (back) 'device vt_efifb' from x86/NOTES to amd64/NOTES. 2. Remove 'device vt_efifb' from i386/MINIMAL. Reported by: jhb Fixes: f224591746bd ("Add ASMC_DEBUG make option") Fixes: 67599eef01f5 ("sys/x86/NOTES: Add vt_efifb") Sponsored by: The FreeBSD Foundation (cherry picked from commit 9c25620e57f01d8227f0d53c6b2134ab37a49fdf) --- sys/amd64/conf/NOTES | 3 +++ sys/i386/conf/MINIMAL | 1 - 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/sys/amd64/conf/NOTES b/sys/amd64/conf/NOTES index 187d5676d55e..9640a7a59766 100644 --- a/sys/amd64/conf/NOTES +++ b/sys/amd64/conf/NOTES @@ -43,6 +43,9 @@ cpu HAMMER # aka K8, aka Opteron & Athlon64 # Optional devices: # +# vt(4) drivers. +device vt_efifb # EFI framebuffer + # 3Dfx Voodoo Graphics, Voodoo II /dev/3dfx CDEV support. This will create # the /dev/3dfx0 device to work with glide implementations. This should get # linked to /dev/3dfx and /dev/voodoo. Note that this is not the same as diff --git a/sys/i386/conf/MINIMAL b/sys/i386/conf/MINIMAL index 3d97f84058a9..e543f2089124 100644 --- a/sys/i386/conf/MINIMAL +++ b/sys/i386/conf/MINIMAL @@ -113,7 +113,6 @@ options SC_PIXEL_MODE # add support for the raster text mode # vt is the default video console driver device vt device vt_vga -device vt_efifb device vt_vbefb device agp # support several AGP chipsets From nobody Fri Mar 27 01:52:19 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhkD41NSWz6WY90 for ; Fri, 27 Mar 2026 01:52:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhkD35dcWz419Q for ; Fri, 27 Mar 2026 01:52:19 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576339; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=VWx/1M/WNNfPmMmBLjo3GJaTaDhWyxsEJ+B/JvNXV5U=; b=mFczUWB1eUGdr1gEd7P5VFJ3q15xk0KCKrzofYryAxA0Ep4/xQZi+7+7qcv59eEd6mgBqR aH2UyuhNnv299aaqc0xCYDFtl8CS7ryTDpQTQ2LDDFB6i+qnvo9iQIS8J8e1ANY1APXH65 CDkZ9f5As1mwQnIwbLzOuhNxxDf/xb67u5SnNyqHq1bKJDxvt+wrr2wgIbs5DORqwgkEOj cVxITRGCurv8IBGt9whmHZwuKv0E6tQNRdbjH8NS45cybOzEBz2f0YOrenH96e+RpM5B2B GWKofcGkcrc4gAHfq+/Y5ONkdPCHxckRpSc+Qd2h2NThTijdWe5li4L9tDvsOw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774576339; a=rsa-sha256; cv=none; b=ssCIPKGT87wFUcRlPKb1M93X33/BeUWr3avALgzMj/wGzTagpAMDmo8ycT4rV4RhmVVvdw XLcapQLT2bZ9d8Hq7cKKMEji9cfAzcH3EYnj4Ea0w0MGlkECAOUYrHzdyyZNK/LG/mwZxD lJ/9DdSEi9wHCaLiYdYZoK12KeM3QteyrEMGVi2PzijO/dilzLf6qXIHqwrpZnsf4qDEHQ tMtxxFvYEmq8OLjo3F8+khB4PhFuVXNA2KM5/rp0qpu9/2RLDqfNGf6TU/RcdZxfNZoz5p jw0/oIe0qm1fjY28df+l8ns092XHVjQXvTphbctXk79dwDJcCEtWgwBLzk2jtg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576339; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=VWx/1M/WNNfPmMmBLjo3GJaTaDhWyxsEJ+B/JvNXV5U=; b=C6+TlmAEFN7PsZGRRcOZuHc9OGqAHiR6ELXiF/whaPgqJVnrCQBOsCLgeWY06N+2Wy45gD iBw3pp9B/O4xtkMjUQf1jJBVZdqyeXOZ0PKNVm6UxrBPLuR2Qdnae407tFk1isKy3C/xoL Eff0HjNh6G03rhppRCitGH8fGvaNspnTTPyvArqDO7HGeNnyRogLWjyzfUlp+WwCliTf7G cxX8hc0NCPPf4YQo3A66oarkSQrPwx/CCysC3E38PHeQV+2VU7wLRu2ReD8UoykrM4MqKb lDmRbEy1DlNPHrdDXH3ypJjSQcu2rNevsKZIQNkWak8HrrEd5Y2uwKIZZTQjLw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhkD35BG6z3k2 for ; Fri, 27 Mar 2026 01:52:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1ea8b by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 27 Mar 2026 01:52:19 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 975969096784 - stable/15 - amd64: move efirt trap checks into the helper List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 9759690967840388fcb68edc46b478b4d4df7c3b Auto-Submitted: auto-generated Date: Fri, 27 Mar 2026 01:52:19 +0000 Message-Id: <69c5e2d3.1ea8b.575d5784@gitrepo.freebsd.org> The branch stable/15 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=9759690967840388fcb68edc46b478b4d4df7c3b commit 9759690967840388fcb68edc46b478b4d4df7c3b Author: Konstantin Belousov AuthorDate: 2026-03-11 11:53:52 +0000 Commit: Konstantin Belousov CommitDate: 2026-03-26 23:42:56 +0000 amd64: move efirt trap checks into the helper (cherry picked from commit 914a53570750ce5a104a5870403d7669656fddc3) --- sys/amd64/amd64/trap.c | 55 ++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 29 deletions(-) diff --git a/sys/amd64/amd64/trap.c b/sys/amd64/amd64/trap.c index d173f57e2e4f..a4676f156431 100644 --- a/sys/amd64/amd64/trap.c +++ b/sys/amd64/amd64/trap.c @@ -218,6 +218,30 @@ trap_uprintf_signal(struct thread *td, struct trapframe *frame, register_t addr, fubyte((void *)(frame->tf_rip + 7))); } +static bool +trap_check_efirt(struct thread *td, struct trapframe *frame) +{ + /* + * Most likely, EFI RT faulted. This check prevents + * kdb from handling breakpoints set on the BIOS text, + * if such option is ever needed. + */ + if ((td->td_pflags & TDP_EFIRT) != 0 && + curpcb->pcb_onfault != NULL) { + u_long cnt = atomic_fetchadd_long(&cnt_efirt_faults, 1); + + if ((print_efirt_faults == 1 && cnt == 0) || + print_efirt_faults == 2) { + printf("EFI RT fault %s\n", + traptype_to_msg(frame->tf_trapno)); + trap_diag(frame, 0); + } + frame->tf_rip = (long)curpcb->pcb_onfault; + return (true); + } + return (false); +} + /* * Table of handlers for various segment load faults. */ @@ -465,24 +489,8 @@ trap(struct trapframe *frame) KASSERT(cold || td->td_ucred != NULL, ("kernel trap doesn't have ucred")); - /* - * Most likely, EFI RT faulted. This check prevents - * kdb from handling breakpoints set on the BIOS text, - * if such option is ever needed. - */ - if ((td->td_pflags & TDP_EFIRT) != 0 && - curpcb->pcb_onfault != NULL && type != T_PAGEFLT) { - u_long cnt = atomic_fetchadd_long(&cnt_efirt_faults, 1); - - if ((print_efirt_faults == 1 && cnt == 0) || - print_efirt_faults == 2) { - printf("EFI RT fault %s\n", - traptype_to_msg(type)); - trap_diag(frame, 0); - } - frame->tf_rip = (long)curpcb->pcb_onfault; + if (type != T_PAGEFLT && trap_check_efirt(td, frame)) return; - } switch (type) { case T_PAGEFLT: /* page fault */ @@ -891,19 +899,8 @@ trap_pfault(struct trapframe *frame, bool usermode, int *signo, int *ucode) return (1); after_vmfault: if (td->td_intr_nesting_level == 0 && - curpcb->pcb_onfault != NULL) { - if ((td->td_pflags & TDP_EFIRT) != 0) { - u_long cnt = atomic_fetchadd_long(&cnt_efirt_faults, 1); - - if ((print_efirt_faults == 1 && cnt == 0) || - print_efirt_faults == 2) { - printf("EFI RT page fault\n"); - trap_diag(frame, eva); - } - } - frame->tf_rip = (long)curpcb->pcb_onfault; + trap_check_efirt(td, frame)) return (0); - } trap_fatal(frame, eva); return (-1); } From nobody Fri Mar 27 01:52:20 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhkD51Qhxz6WXvy for ; Fri, 27 Mar 2026 01:52:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhkD46Sw2z419S for ; Fri, 27 Mar 2026 01:52:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576340; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NIdKL5jKQM2n1M3gmd8mO1pg0w/ibOeKv89tUKCOzNE=; b=Xo8X5mV42GFYW05IfIKzTzvmFPqV0b6wuOZUDD6IDVf5xEyEVV2MEYemxVvRAfT1FW7jXj Cla6Mof4E1br/U3IPnyxvQE5Uu3HQ8LGqW1oQOqGigGuM+WWJBob3OMJ7iyOmd1/u/4CIU z4ecxCONhuaq4e3VjClqnb6pTL4earFPODSBtziIJXu28CMhRIUAhIsylCfZS3g+DnLamJ PLdoNzI6sQthKHSm19K3DLFdB4vErtkVN6m0N5O6o5UIL07asqvXfeQaI6bsnye8A4SYdG jynXrQ2FVahunXI6clkDU7hjDLsqeYGb6SBxlRqzX60rN3/FQOD6VKZ/crvQTQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774576340; a=rsa-sha256; cv=none; b=amE1ylcY2k7MIURrId03vuU3UHZFz180qdEQtsOJ6bqN/PS0SFB+Y9vRJFDi/ZIcmyDYIl 5FhVPtZ+RqcaMmGzaE3ybIxx9a3D8KNKCX2Hl48QJz649hgNcCcNNFam0AjHZ537sn7LEF R3kdyN/4ayhxRBJswWL7NjAw3VjOJEQexQ/C/4ZCsegaa9N+OfU0QrOUp9vYv2J1qrpnmK mPZrVSXLHXuz9uG42EAk/lUuM3WIho2D466fOgVHapCOBzF93NVmf+9ynw+PUrOu+7a7fF gJFGd9WK4tVKnZ4MeBv+dzmFV5Ee6iY4cVKgiCCwjmeRPSfjz346fx7kcd6XtA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576340; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NIdKL5jKQM2n1M3gmd8mO1pg0w/ibOeKv89tUKCOzNE=; b=s0cDqWwC4oy/Gy6tGCO74zj0bFTWE0IR2Ho0gUDoiXsQTWsol0Dqi5LDB8lc2DPCN0b6sm FyoazwyEeRsH3mcjuPlbdVechbc0FXa6+Uguv3fxXPdKTcMkNho3rnojQKt683J2ZOfiVF 4PCnF8SFqSCbLj8YpHrNUU0JT973fX3gH1c8oilXOaInFau85m+kYg4T5Vzcc2DycVfHnD d+v1uTS4VjiBkZQA269iXbwpWpreRyyyeq+B9JByM80jqtHF50T1l5rmNlU46ZcZrn1qW9 sDDfd00hpbBZHT6iKvgiqaQudKa0JmuG5KOEWEd4Zpdj0Q8vco6veXspAGJNEw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhkD4618Kz3Rv for ; Fri, 27 Mar 2026 01:52:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1c858 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 27 Mar 2026 01:52:20 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 81c2819ce8e3 - stable/15 - amd64: do reset %rip after page fault if pcb_onfault is set List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 81c2819ce8e38900f04f0d96fc9709126dad9c75 Auto-Submitted: auto-generated Date: Fri, 27 Mar 2026 01:52:20 +0000 Message-Id: <69c5e2d4.1c858.23d63b24@gitrepo.freebsd.org> The branch stable/15 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=81c2819ce8e38900f04f0d96fc9709126dad9c75 commit 81c2819ce8e38900f04f0d96fc9709126dad9c75 Author: Konstantin Belousov AuthorDate: 2026-03-14 11:40:07 +0000 Commit: Konstantin Belousov CommitDate: 2026-03-26 23:42:56 +0000 amd64: do reset %rip after page fault if pcb_onfault is set (cherry picked from commit 8365f877b1e4b6d4c30df72e0826ca60a412ce7d) --- sys/amd64/amd64/trap.c | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/sys/amd64/amd64/trap.c b/sys/amd64/amd64/trap.c index a4676f156431..6393da186db5 100644 --- a/sys/amd64/amd64/trap.c +++ b/sys/amd64/amd64/trap.c @@ -219,15 +219,19 @@ trap_uprintf_signal(struct thread *td, struct trapframe *frame, register_t addr, } static bool -trap_check_efirt(struct thread *td, struct trapframe *frame) +trap_check_pcb_onfault(struct thread *td, struct trapframe *frame) { - /* - * Most likely, EFI RT faulted. This check prevents - * kdb from handling breakpoints set on the BIOS text, - * if such option is ever needed. - */ - if ((td->td_pflags & TDP_EFIRT) != 0 && - curpcb->pcb_onfault != NULL) { + bool res = false; + + if (curpcb->pcb_onfault == NULL) + return (res); + + if (__predict_false((td->td_pflags & TDP_EFIRT) != 0)) { + /* + * Most likely, EFI RT faulted. This check prevents + * kdb from handling breakpoints set on the BIOS text, + * if such option is ever needed. + */ u_long cnt = atomic_fetchadd_long(&cnt_efirt_faults, 1); if ((print_efirt_faults == 1 && cnt == 0) || @@ -236,10 +240,13 @@ trap_check_efirt(struct thread *td, struct trapframe *frame) traptype_to_msg(frame->tf_trapno)); trap_diag(frame, 0); } - frame->tf_rip = (long)curpcb->pcb_onfault; - return (true); + res = true; + } else if (frame->tf_trapno == T_PAGEFLT) { + res = true; } - return (false); + if (res) + frame->tf_rip = (register_t)curpcb->pcb_onfault; + return (res); } /* @@ -489,7 +496,7 @@ trap(struct trapframe *frame) KASSERT(cold || td->td_ucred != NULL, ("kernel trap doesn't have ucred")); - if (type != T_PAGEFLT && trap_check_efirt(td, frame)) + if (type != T_PAGEFLT && trap_check_pcb_onfault(td, frame)) return; switch (type) { @@ -899,7 +906,7 @@ trap_pfault(struct trapframe *frame, bool usermode, int *signo, int *ucode) return (1); after_vmfault: if (td->td_intr_nesting_level == 0 && - trap_check_efirt(td, frame)) + trap_check_pcb_onfault(td, frame)) return (0); trap_fatal(frame, eva); return (-1); From nobody Fri Mar 27 01:52:22 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhkD74LsMz6WYF4 for ; Fri, 27 Mar 2026 01:52:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhkD70jM3z41RY for ; Fri, 27 Mar 2026 01:52:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576343; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PxvFvQBjMieoya6Q1HoGKVFz5zi20snZ5R3YRIko4Vs=; b=xPqT3v+y0ARUIZdwB3ndSz8E3yvZjlnVwLlCj4CTbYKc/bKX3jjCni/YcC/VbdbXWOAAia qY+iovPmourOVw3hRL+PhJjajB1M3vQ+Vg3Rh1vCIOusVqc4SX9jfvK1ReiI6tFETpHqsz b3U0A6zvUJxdFj8RdYhIivG7idWOz+xRVeaa6JPMYK7YpL0xKi28uJ5V7hocDyj/UKM7dy xPgo0L8plu7E2Cc88NKtMXGzY9rFTX4F96eYat7BdJUCIKLdOZh6iVJYx8tXvr/2tfpInA wTNvfKba2jdAxdc8WUHqyIu7FtNa0nXP+7D4HDtRYsr1dPjbMtYO6+T5p+onVA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774576343; a=rsa-sha256; cv=none; b=wwgfUhC8CSSfLpMNVpeoj+alK4ff2Yo0iL2U6O40Ypm0Vf+/hvQIQjcdK6cMdFVg1Cq/DK KpT7+hUwDOOqECO4jYOfRk59u3DsIZJDahD0PmZCa0WHErwKcrUei1NvaiphD8ALjBLIJI bI90r0xec0yHtgo05W+7HX6PwNL6NtRC9zTV5VLrXIz+aQQHKv93TZXi+cDRXl9uznOtu4 +7J7G1CKLJXXunmAvGoAuGudrtsfGpAMeZ2deb7DAy1OUw+WI5M3vGCpd/yxQVQoRsPhbZ fSza2Dhri+QbkpVRO3YRI3I54PT79hnPmLpUQceRorrDUi1gRsbXMmgR/we1JA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576343; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PxvFvQBjMieoya6Q1HoGKVFz5zi20snZ5R3YRIko4Vs=; b=L9L26g/oKWGTM7G2449RZ44/VUK3isS4Beiif75WxrND0L8nSFSjQbJBy9UlUKt0p8pMIY Tj9f1zg3F/N6s9DjPfxx7hsV6xsCV8O9cWb3gHL1I2ZK7uAK65TXI4pEHnF7VLN1va7SUB MvbnMdpwjzgB99gd5JHS6/SCr2wpfvzJN9Fs0TfWsLdnlAu7S5ICUHblP0TjQsMLKI0xfu fl9n06MQRCfshNPM6rWslGlsnTLdtJJTP1yrJTuGe2CjrwR5c5lPpXiNtpR0sxjy3vNxCA 8goQTa5VvVe+fPCqiYZJS+q6/w4CyCBo698NUqBAPDBQsqLu3bGLSrHvieLxbw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhkD70169z3Cn for ; Fri, 27 Mar 2026 01:52:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1c6f0 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 27 Mar 2026 01:52:22 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 06e71cfc1d5a - stable/15 - x86 FRED: add CPUID, MSR, and CR4 bits List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 06e71cfc1d5a32a28dd506f0b4adc4524d5775fd Auto-Submitted: auto-generated Date: Fri, 27 Mar 2026 01:52:22 +0000 Message-Id: <69c5e2d6.1c6f0.6657648d@gitrepo.freebsd.org> The branch stable/15 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=06e71cfc1d5a32a28dd506f0b4adc4524d5775fd commit 06e71cfc1d5a32a28dd506f0b4adc4524d5775fd Author: Konstantin Belousov AuthorDate: 2026-02-07 10:22:22 +0000 Commit: Konstantin Belousov CommitDate: 2026-03-26 23:42:56 +0000 x86 FRED: add CPUID, MSR, and CR4 bits (cherry picked from commit eb0a78f6cef0c2924b565d7c297cb08bb4de7cb0) --- sys/x86/include/specialreg.h | 23 +++++++++++++++++++++++ sys/x86/x86/identcpu.c | 11 +++++++---- 2 files changed, 30 insertions(+), 4 deletions(-) diff --git a/sys/x86/include/specialreg.h b/sys/x86/include/specialreg.h index e9dde5c3b46a..f14c8c56d0e3 100644 --- a/sys/x86/include/specialreg.h +++ b/sys/x86/include/specialreg.h @@ -91,6 +91,7 @@ #define CR4_LASS 0x08000000 /* Linear Address Space Separation */ #define CR4_LAM_SUP 0x10000000 /* Linear-Address Masking for Supervisor */ +#define CR4_FRED 0x100000000ull /* FRED */ /* * Bits in AMD64 special registers. EFER is 64 bits wide. @@ -548,6 +549,10 @@ * CPUID instruction 7 Structured Extended Features, leaf 1 eax info */ #define CPUID_STDEXT4_LASS 0x00000040 +#define CPUID_STDEXT4_FRED 0x00020000 +#define CPUID_STDEXT4_LKGS 0x00040000 +#define CPUID_STDEXT4_WRMSRNS 0x00080000 +#define CPUID_STDEXT4_NMISRC 0x00100000 #define CPUID_STDEXT4_LAM 0x04000000 /* CPUID_HYBRID_ID leaf 0x1a */ @@ -643,6 +648,15 @@ #define MSR_IA32_ENERGY_PERF_BIAS 0x1b0 #define MSR_IA32_PKG_THERM_STATUS 0x1b1 #define MSR_IA32_PKG_THERM_INTERRUPT 0x1b2 +#define MSR_FRED_RSP0 0x1cc +#define MSR_FRED_RSP1 0x1cd +#define MSR_FRED_RSP2 0x1ce +#define MSR_FRED_RSP3 0x1cf +#define MSR_FRED_STKLVLS 0x1d0 +#define MSR_FRED_SSP1 0x1d1 +#define MSR_FRED_SSP2 0x1d2 +#define MSR_FRED_SSP3 0x1d3 +#define MSR_FRED_CONFIG 0x1d4 #define MSR_DEBUGCTLMSR 0x1d9 #define MSR_LASTBRANCHFROMIP 0x1db #define MSR_LASTBRANCHTOIP 0x1dc @@ -924,6 +938,15 @@ /* MSR IA32_PKG_THERM_INTERRUPT */ #define IA32_PKG_THERM_INTERRUPT_HFI_ENABLE (0x1ULL << 25) +/* MSR IA32_FRED_CONFIG */ +#define IA32_FRED_CONFIG_CSL_MASK 0x00000003 +#define IA32_FRED_CONFIG_DECR_SSP 0x00000008 +#define IA32_FRED_CONFIG_REDZONESZ_MASK 0x000000e0 +#define IA32_FRED_CONFIG_REDZONESZ_SHIFT 6 +#define IA32_FRED_CONFIG_REDZONESZ_MULT 64 +#define IA32_FRED_CONFIG_EXTINT_SLC_MASK 0x00000600 +#define IA32_FRED_CONFIG_EXTINT_SLC_SHIFT 9 + /* * PAT modes. */ diff --git a/sys/x86/x86/identcpu.c b/sys/x86/x86/identcpu.c index 4d64eaf78b29..e8ac6d2a812c 100644 --- a/sys/x86/x86/identcpu.c +++ b/sys/x86/x86/identcpu.c @@ -1046,16 +1046,19 @@ printcpuinfo(void) "\040SSBD" ); } -#define STDEXT4_MASK (CPUID_STDEXT4_LASS | CPUID_STDEXT4_LAM) - if ((cpu_stdext_feature4 & STDEXT4_MASK) != 0) { + + if (cpu_stdext_feature4 != 0) { printf("\n Structured Extended Features4=0x%b", - cpu_stdext_feature4 & STDEXT4_MASK, + cpu_stdext_feature4, "\020" "\007LASS" + "\022FRED" + "\023LKGS" + "\024WRMSRNS" + "\025NMISRC" "\033LAM" ); } -#undef STDEXT4_MASK if ((cpu_feature2 & CPUID2_XSAVE) != 0) { cpuid_count(0xd, 0x1, regs); From nobody Fri Mar 27 01:52:21 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhkD65JYlz6WYF2 for ; Fri, 27 Mar 2026 01:52:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhkD572SWz414P for ; Fri, 27 Mar 2026 01:52:21 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576342; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qqlJsqzqWl1JNzvTAggNX9hClkOnlqPLVgpB8YsdTXw=; b=AO1+yiBUHWTgwOXszBRqVma2eE1+1zhQ/VYA2ImsqCgaT2uNmTTYWL4/WITDsbNTWHcLDW Dec54OOj9KD4jfeCwbkBJ9QMKtDmhyffu+GqUB2/yeFMyTobmeCJtSR3FNb8lXm0BFYLwk 7upo1yLqNzDFIcn8e71UYwnPdD/zNB82bJZWu0jqVGkM+Yi1CtexnaW6JjN5TNhn5nw00z MBhThZmXWuRFPmlyineBaDk+8Ql+Kxtp4URHgnARo+NJ1EDUvyF2Qq7hGixS7OrkiUyjky pISU1rlndnCJceLDAvrwxC+YQ8nYXhiV5mC3jsauNIliiLIBbsY3aLibCHbKBA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774576342; a=rsa-sha256; cv=none; b=tpuIsIVQvanUXVu0aAjKfsreQw18pK36nDacl8P5BdDB1v5JexuJERe5G9V1+qjUTWro1l GChrx4rQrIKyTjAS/Qk2Wy4PC6Wnxowb6fn0X2PNiaEjjPa4GO1NCL5Hd2kqfen4srZIka bEjswJTgxkmLybQVJQfjBc0k+nyngZ8bqUUKiFdC0udPzy0EvyYrg5Hcg6EMFzW5+7srhN oubkieDUJk2CwPhmbE+3KuMZCFLcM3PykWuxLY5IeIrZt1Rko+7Qf3FKwlEGtvd8Csf1Ju ofqyRlilMNl9zy9MuRDlKk756wLzLjBw7qXdPKjzQ97ADof1Uii+pXdPqFnwlw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576342; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=qqlJsqzqWl1JNzvTAggNX9hClkOnlqPLVgpB8YsdTXw=; b=tLHoukir3f3cPBcvSwqJtk1IXOGHoaABh9h0ynsqaPGtOOOC6H9ymU7vzvf8DzrHVK2FcV 3wB6fLdXpnKp+3dF8kVgDd5/0h9Ilz1k9/e7m5CuIhb4ljnKjXYIHv2++P/Hc8Yy0VEDaG HXbxZzNpm3+UJOW8CQdmzQedehaILM+0pKZnZ9aTkD/Iq01Bev0+TMxLDxFPQlqai+csu1 nka0x15x0zD/pZCdB/2rDBDmAc184jGFTzLpfCuaA/KtLBiwgsgmDAjCixhmMTNyGQAilk djjreW4IR6iYnlkyhyxFPlf2J405JUZlarJLgiUMPaBd+bkn6M2tQgLWi5Kp2Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhkD56Rz1z3hl for ; Fri, 27 Mar 2026 01:52:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1f887 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 27 Mar 2026 01:52:21 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 0d98b06ab1ce - stable/15 - amd64: move code to clear PSL_T on debug exception into a helper List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 0d98b06ab1ce08d5b0b2d403a97d83410f2da425 Auto-Submitted: auto-generated Date: Fri, 27 Mar 2026 01:52:21 +0000 Message-Id: <69c5e2d5.1f887.65695a35@gitrepo.freebsd.org> The branch stable/15 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=0d98b06ab1ce08d5b0b2d403a97d83410f2da425 commit 0d98b06ab1ce08d5b0b2d403a97d83410f2da425 Author: Konstantin Belousov AuthorDate: 2026-03-12 09:40:44 +0000 Commit: Konstantin Belousov CommitDate: 2026-03-26 23:42:56 +0000 amd64: move code to clear PSL_T on debug exception into a helper (cherry picked from commit d92ebde76430e99f78156fb1d865a18916380aed) --- sys/amd64/amd64/trap.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/sys/amd64/amd64/trap.c b/sys/amd64/amd64/trap.c index 6393da186db5..3a9323936d2d 100644 --- a/sys/amd64/amd64/trap.c +++ b/sys/amd64/amd64/trap.c @@ -249,6 +249,17 @@ trap_check_pcb_onfault(struct thread *td, struct trapframe *frame) return (res); } +static void +trap_clear_step(struct thread *td, struct trapframe *frame) +{ + PROC_LOCK(td->td_proc); + if ((td->td_dbgflags & TDB_STEP) != 0) { + td->td_frame->tf_rflags &= ~PSL_T; + td->td_dbgflags &= ~TDB_STEP; + } + PROC_UNLOCK(td->td_proc); +} + /* * Table of handlers for various segment load faults. */ @@ -395,14 +406,8 @@ trap(struct trapframe *frame) signo = SIGTRAP; ucode = TRAP_TRACE; dr6 = rdr6(); - if ((dr6 & DBREG_DR6_BS) != 0) { - PROC_LOCK(td->td_proc); - if ((td->td_dbgflags & TDB_STEP) != 0) { - td->td_frame->tf_rflags &= ~PSL_T; - td->td_dbgflags &= ~TDB_STEP; - } - PROC_UNLOCK(td->td_proc); - } + if ((dr6 & DBREG_DR6_BS) != 0) + trap_clear_step(td, frame); break; case T_ARITHTRAP: /* arithmetic trap */ From nobody Fri Mar 27 01:52:24 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhkD84ysmz6WY99 for ; Fri, 27 Mar 2026 01:52:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhkD814F1z412x for ; Fri, 27 Mar 2026 01:52:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576344; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fSMvvHabQ5Gx+uWdHmpUUOxS+CjGNKlQxD1QFffZ5+s=; b=IA2hFQiU4aU2zgVAdcbymUdRqnvrVRuDzWcC0WpZgU9KhDS+zgdQVsgkvqN3NGUetFAkoU eUXTEMsteLeByaqpxx0E+B2ZrUAfJKjjWAmN/UPBEQu55FXPNZDcpT2MmQjULFssXf4wUX C5q9yjKDgXX74kWh4QW+13IYYtgKtRNxNIUdwBfwGpMplWXxl3oXFwzc9QHvQIcTeYThUE oWVhAOdB2kLYblIuDQLzywmoI5e7SXos7SOnGAf/Euxhpqgcd1zygwdIlC/fDpEf6x6d+r 1OPXv1oC34cfiftw2JsWCewAoexmZkheKrqy6e1NF8QsXRx0VTrwU7EQeAdwPw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774576344; a=rsa-sha256; cv=none; b=h6u16saOgsIGHw3Ud5OjEaFQkSVplI7YF65+JGgEpDGSGydhOarK/j9S5fRS/HHwGkdNzQ QAPt3B9wZ2ISJMjJ3lVSg8y9p6Q4iqJABLm/3P1xue2Qhhp6EX4iRJvsDxRtbqtgzGpuU4 0/Vl8CctHJZ3gvOF6bIMxDJGdoOtH0eGbbzvKwHTYcCf9H+iEtH2gl9PtbcdyQGlJXub57 iJd5jELlOhbErdBrvbDIAwY7mFIPV3FnEvXW6aNEUAs9N6+eVruJr9sGxCvpQ5qw8sgYYd 8tENpL2nFxxGFhJqKveS9OLVPBpV2DQg27IY+kxj/sNhRx6HniVPodhn8JdvvQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576344; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fSMvvHabQ5Gx+uWdHmpUUOxS+CjGNKlQxD1QFffZ5+s=; b=jUImQZybcLl6Wv2NpwfsbW924GGq95Zn36oqa9X/WzG+CcQLEe7+yhMJ7blG+7+Eadi9Yf lJcvXy3O5htCye7ce+f0frCA9Ud76xcZRoWkr8u9olTNgrTmYZD2XnVLi8jochB16QtEg8 BXuWiMRsb6f16ow05Z4MssD32OV88cX5Mr+Yib+seYFg3Jt+fuiTxU6vQNwavU48E0pxOU 7Svb3o5RFVq0kUzJuiq1AFoJ3f4uEdinJczr8DtNLS61U9zSH5Zv/DhYNhytsfy6DkMTd2 xBSGGjDZMRE8kbpcEIjqC4bm25dHZZIdHPQ1hM7FDDioLxb+AuLq8yrGxo4hOA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhkD80cdKz3Ry for ; Fri, 27 Mar 2026 01:52:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1f032 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 27 Mar 2026 01:52:24 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 41ca79b247ea - stable/15 - amd64: move code to check for traps with interrupts disabled into helpers List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 41ca79b247ea8ea228ba8d0d3fd561cf8fbecc72 Auto-Submitted: auto-generated Date: Fri, 27 Mar 2026 01:52:24 +0000 Message-Id: <69c5e2d8.1f032.45421d59@gitrepo.freebsd.org> The branch stable/15 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=41ca79b247ea8ea228ba8d0d3fd561cf8fbecc72 commit 41ca79b247ea8ea228ba8d0d3fd561cf8fbecc72 Author: Konstantin Belousov AuthorDate: 2026-03-11 12:04:55 +0000 Commit: Konstantin Belousov CommitDate: 2026-03-26 23:42:56 +0000 amd64: move code to check for traps with interrupts disabled into helpers (cherry picked from commit e18449fbe2731399862e82e61fffaadd6739642c) --- sys/amd64/amd64/trap.c | 96 ++++++++++++++++++++++++++++++-------------------- 1 file changed, 58 insertions(+), 38 deletions(-) diff --git a/sys/amd64/amd64/trap.c b/sys/amd64/amd64/trap.c index 3a9323936d2d..e4e4e98fbf7d 100644 --- a/sys/amd64/amd64/trap.c +++ b/sys/amd64/amd64/trap.c @@ -260,6 +260,62 @@ trap_clear_step(struct thread *td, struct trapframe *frame) PROC_UNLOCK(td->td_proc); } +/* + * Warn with a message on the user's tty if application code has + * disabled interrupts and then trapped. + */ +static void +trap_check_intr_user(struct thread *td, struct trapframe *frame) +{ + MPASS(TRAPF_USERMODE(frame)); + + if (__predict_true((frame->tf_rflags & PSL_I) != 0)) + return; + + uprintf("pid %ld (%s): trap %d (%s) with interrupts disabled\n", + (long)td->td_proc->p_pid, td->td_name, frame->tf_trapno, + trap_msg[frame->tf_trapno]); +} + +/* + * Some exceptions can occur on kernel attempt to reload a corrupted + * user context, which is done with interrupts enabled. Interrupts + * such as NMIs and debugging faults can be also taken in the kernel + * while interrupts are disabled. Other traps shouldn't occur with + * interrupts disabled unless the kernel has a bug. Re-enable + * interrupts in case this occurs, unless the interrupted thread holds + * a spin lock. + */ +static void +trap_check_intr_kernel(struct thread *td, struct trapframe *frame) +{ + MPASS(!TRAPF_USERMODE(frame)); + + if (__predict_true((frame->tf_rflags & PSL_I) != 0)) + return; + + switch (frame->tf_trapno) { + case T_NMI: + case T_BPTFLT: + case T_TRCTRAP: + case T_PROTFLT: + case T_SEGNPFLT: + case T_STKFLT: + break; + default: + printf("kernel trap %d with interrupts disabled\n", + frame->tf_trapno); + + /* + * We shouldn't enable interrupts while holding a + * spin lock. + */ + if (td->td_md.md_spinlock_count == 0) + enable_intr(); + break; + } +} + /* * Table of handlers for various segment load faults. */ @@ -337,46 +393,9 @@ trap(struct trapframe *frame) return; } - if ((frame->tf_rflags & PSL_I) == 0) { - /* - * Buggy application or kernel code has disabled - * interrupts and then trapped. Enabling interrupts - * now is wrong, but it is better than running with - * interrupts disabled until they are accidentally - * enabled later. - */ - if (TRAPF_USERMODE(frame)) { - uprintf( - "pid %ld (%s): trap %d (%s) " - "with interrupts disabled\n", - (long)curproc->p_pid, curthread->td_name, type, - trap_msg[type]); - } else { - switch (type) { - case T_NMI: - case T_BPTFLT: - case T_TRCTRAP: - case T_PROTFLT: - case T_SEGNPFLT: - case T_STKFLT: - break; - default: - printf( - "kernel trap %d with interrupts disabled\n", - type); - - /* - * We shouldn't enable interrupts while holding a - * spin lock. - */ - if (td->td_md.md_spinlock_count == 0) - enable_intr(); - } - } - } - if (TRAPF_USERMODE(frame)) { /* user trap */ + trap_check_intr_user(td, frame); td->td_pticks = 0; td->td_frame = frame; @@ -497,6 +516,7 @@ trap(struct trapframe *frame) } } else { /* kernel trap */ + trap_check_intr_kernel(td, frame); KASSERT(cold || td->td_ucred != NULL, ("kernel trap doesn't have ucred")); From nobody Fri Mar 27 01:52:26 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhkDB4qhCz6WY9B for ; Fri, 27 Mar 2026 01:52:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhkDB2K5Nz41PB for ; Fri, 27 Mar 2026 01:52:26 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576346; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0MRYAAXUlVMHsPjcfvdea+nnlfZsoz+40grS/6AvRHY=; b=oWXh7fNuQEAz6Bn6rWP7DP6WuyyeKLp7YTYH/JuhZJSO3BZiX5eUxEtNhZv8LkppZoAN4E ez45EZFrEPHwzZD/vyTVU0LIazTd1/z/sqZzHvyW0MBxbDC31DaikPPBaBaOWbipXXt8/n iIHHZ+F1AFUvRnWFQp9ckSMOv2djH41eVstDCZG6X1H+7G9bADnW5wKSeMciUHSmdLahTg 359xKRrS93UX6YPFqLQo7IgPhvqRUv7QN6zNxEazrp0E8XqMm0Qs2NkcmGTXzWs3og2HmY 6em0a3Z2iNMvVWP6Hh+KHKRLFo5YU68CGFjBYJYvci3AMFZVoW1UWf0NMRykjA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774576346; a=rsa-sha256; cv=none; b=EOZG1wimEfIzS71yuYheMmbaY+ZF4x0V20Jwtd5gWGyyEQUMbbasp2Tdhkum8ssy6ZU15J sqvfWvyM0h65LtB0Bf4xesL4vY0XXPPpSC2SLuVjOV8yOJ6JlXPceks2GY7z2Cgy32R2ci TWCuxdjlMemTxLZLZVu6RZBtaJtZIcSd9lAuiLLfZeGGqwkZo0PNJyul0srRfu1tcUuWQ1 Lk9W0MbJ/MH3YwWRWFmo3tlQldzUc6ZepJ5X5PnHGPyBDFfUxiI1nAXmRsjYIATxdCzVGB ye6/hzXXH7I6cTFZEwkpUoC7FOhlHZiMiZd3zAIOAKF8TQ6r60lr1ys7XaSL6Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576346; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0MRYAAXUlVMHsPjcfvdea+nnlfZsoz+40grS/6AvRHY=; b=wwWANS3Tlu7TyXOomOLpETs5S2ORCjVu1mavugsE8Jm0skkXAdGaiJ6PdgS7YvEWEdhlOn ez69/eOv53BYWkbLb1w3pfQkBxgClsdZp9Ahie1vWcu2UmJ7DyR7OgsZ1IwRXXPuztFbYv NRdhH9hXDgY8PNPCDBlQJxFOM3YaJn/sMl4mnQWmf9DG1WL5VwY9Aht+FhMh7cq+dngppW HzAWTtTPS4O0nzbtsyt92fZemMH29wDfbZBConRmxS6YchIw6z6eujICnXgSLWIFCHZY9H LWWwJggcX4ZsMuZ1QmVLtPgz2pzm9Kt+rAczbGsjaZZMxhPfBI4xYSvWBGXvvw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhkDB1skrz3TX for ; Fri, 27 Mar 2026 01:52:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1edaa by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 27 Mar 2026 01:52:26 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 9f174a7fc758 - stable/15 - x86 FRED: add hardware definitions for the trap frames fields List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 9f174a7fc758c5c3d9b7861e0b0cdda5e7edf14c Auto-Submitted: auto-generated Date: Fri, 27 Mar 2026 01:52:26 +0000 Message-Id: <69c5e2da.1edaa.b4c2e04@gitrepo.freebsd.org> The branch stable/15 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=9f174a7fc758c5c3d9b7861e0b0cdda5e7edf14c commit 9f174a7fc758c5c3d9b7861e0b0cdda5e7edf14c Author: Konstantin Belousov AuthorDate: 2026-02-07 03:35:17 +0000 Commit: Konstantin Belousov CommitDate: 2026-03-26 23:42:56 +0000 x86 FRED: add hardware definitions for the trap frames fields (cherry picked from commit e90950627327de9226b052851b36f341bc72b746) --- sys/amd64/amd64/trap.c | 17 ++++++++------- sys/x86/include/frame.h | 55 +++++++++++++++++++++++++++++++++++++++++++------ 2 files changed, 58 insertions(+), 14 deletions(-) diff --git a/sys/amd64/amd64/trap.c b/sys/amd64/amd64/trap.c index e4e4e98fbf7d..8a1d1528e6da 100644 --- a/sys/amd64/amd64/trap.c +++ b/sys/amd64/amd64/trap.c @@ -940,7 +940,7 @@ after_vmfault: static void trap_diag(struct trapframe *frame, vm_offset_t eva) { - int code, ss; + int code; u_int type; struct soft_segment_descriptor softseg; struct user_segment_descriptor *gdt; @@ -948,7 +948,7 @@ trap_diag(struct trapframe *frame, vm_offset_t eva) code = frame->tf_err; type = frame->tf_trapno; gdt = *PCPU_PTR(gdt); - sdtossd(&gdt[IDXSEL(frame->tf_cs & 0xffff)], &softseg); + sdtossd(&gdt[IDXSEL(frame->tf_cs)], &softseg); printf("\n\nFatal trap %d: %s while in %s mode\n", type, type < nitems(trap_msg) ? trap_msg[type] : UNKNOWN, @@ -967,11 +967,12 @@ trap_diag(struct trapframe *frame, vm_offset_t eva) code & PGEX_RSV ? "reserved bits in PTE" : code & PGEX_P ? "protection violation" : "page not present"); } - printf("instruction pointer = 0x%lx:0x%lx\n", - frame->tf_cs & 0xffff, frame->tf_rip); - ss = frame->tf_ss & 0xffff; - printf("stack pointer = 0x%x:0x%lx\n", ss, frame->tf_rsp); - printf("frame pointer = 0x%x:0x%lx\n", ss, frame->tf_rbp); + printf("instruction pointer = %#hx:%#lx\n", + frame->tf_cs, frame->tf_rip); + printf("stack pointer = %#hx:%#lx\n", frame->tf_ss, + frame->tf_rsp); + printf("frame pointer = %#hx:%#lx\n", frame->tf_ss, + frame->tf_rbp); printf("code segment = base 0x%lx, limit 0x%lx, type 0x%x\n", softseg.ssd_base, softseg.ssd_limit, softseg.ssd_type); printf(" = DPL %d, pres %d, long %d, def32 %d, gran %d\n", @@ -1065,7 +1066,7 @@ dblfault_handler(struct trapframe *frame) "r8 %#lx r9 %#lx r10 %#lx\n" "r11 %#lx r12 %#lx r13 %#lx\n" "r14 %#lx r15 %#lx rflags %#lx\n" - "cs %#lx ss %#lx ds %#hx es %#hx fs %#hx gs %#hx\n" + "cs %#hx ss %#hx ds %#hx es %#hx fs %#hx gs %#hx\n" "fsbase %#lx gsbase %#lx kgsbase %#lx\n", frame->tf_rip, frame->tf_rsp, frame->tf_rbp, frame->tf_rax, frame->tf_rdx, frame->tf_rbx, diff --git a/sys/x86/include/frame.h b/sys/x86/include/frame.h index feef41ac7bfe..a6444d55cfaf 100644 --- a/sys/x86/include/frame.h +++ b/sys/x86/include/frame.h @@ -143,17 +143,60 @@ struct trapframe { /* below portion defined in hardware */ register_t tf_err; register_t tf_rip; - register_t tf_cs; + uint16_t tf_cs; + uint16_t tf_fred_evinfo3; + uint32_t tf_fred_zero2; register_t tf_rflags; /* the amd64 frame always has the stack registers */ register_t tf_rsp; - register_t tf_ss; + uint16_t tf_ss; + uint16_t tf_fred_evinfo1; + uint32_t tf_fred_evinfo2; + /* two long words added by FRED */ + uint64_t tf_fred_evdata; + uint64_t tf_fred_zero1; }; -#define TF_HASSEGS 0x1 -#define TF_HASBASES 0x2 -#define TF_HASFPXSTATE 0x4 -#define TF_RESERV0 0x8 /* no tlsbase in the trapframe */ +#define TF_FRED_EVDATA_B0 0x0000000000000001ull /* %dr6 B0 */ +#define TF_FRED_EVDATA_B1 0x0000000000000002ull +#define TF_FRED_EVDATA_B2 0x0000000000000004ull +#define TF_FRED_EVDATA_B3 0x0000000000000008ull +#define TF_FRED_EVDATA_BLD 0x0000000000000800ull /* bus lock acq + detected */ +#define TF_FRED_EVDATA_BD 0x0000000000002000ull /* dr access detected */ +#define TF_FRED_EVDATA_BS 0x0000000000004000ull /* single step */ +#define TF_FRED_EVDATA_RTM 0x0000000000010000ull /* #db or #bp in RTM */ + +#define TF_FRED_EVINFO1_STIINT 0x0001 /* hw intr blocked by STI */ +#define TF_FRED_EVINFO1_SYSCALL 0x0002 /* SYSCALL/SYSENTER/INTn */ +#define TF_FRED_EVINFO1_NMI 0x0004 /* NMI */ + +#define TF_FRED_EVINFO2_VECMASK 0x000000ff /* event vector mask */ +#define TF_FRED_EVINFO2_TYPEMASK 0x000f0000 /* event type mask */ +#define TF_FRED_EVINFO2_TYPE_EXTINT 0x00000000 +#define TF_FRED_EVINFO2_TYPE_NMI 0x00020000 +#define TF_FRED_EVINFO2_TYPE_EXC 0x00030000 +#define TF_FRED_EVINFO2_TYPE_INTn 0x00040000 +#define TF_FRED_EVINFO2_TYPE_INT1 0x00050000 +#define TF_FRED_EVINFO2_TYPE_INT3 0x00060000 +#define TF_FRED_EVINFO2_TYPE_SYSCALL 0x00070000 +#define TF_FRED_EVINFO2_ENCL 0x01000000 /* SGX-related */ +#define TF_FRED_EVINFO2_LM 0x02000000 /* in 64bit mode */ +#define TF_FRED_EVINFO2_NEST 0x04000000 /* during ev delivery */ +#define TF_FRED_EVINFO2_INSTLENMASK 0xf0000000 /* instr length mask */ +#define TF_FRED_EVINFO2_INSTLENSHIFT 28 /* instr length shift */ + +#define TF_FRED_EVINFO2_VEC_SYSCALL 1 +#define TF_FRED_EVINFO2_VEC_SYSENTER 2 + +#define TF_FRED_EVINFO3_CSLMASK 0x0003 /* event CSL mask */ +#define TF_FRED_EVINFO3_WFE 0x0004 /* in WAIT_FOR_ENDBRANCH */ + +#define TF_HASSEGS 0x00000001 +#define TF_HASBASES 0x00000002 +#define TF_HASFPXSTATE 0x00000004 +#define TF_RESERV0 0x00000008 /* no tlsbase in the trapframe */ +#define TF_FRED 0x00000010 #endif /* __amd64__ */ #endif /* _MACHINE_FRAME_H_ */ From nobody Fri Mar 27 01:52:25 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhkDB4pQzz6WXw0 for ; Fri, 27 Mar 2026 01:52:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhkD91t8vz410b for ; Fri, 27 Mar 2026 01:52:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576345; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4HqntNZPrxZYSrHGA52T2zuBOdU1Z8qbedy0nmK6dak=; b=mCpZr2Xw5de9C94cta0MVZDUS4FMXCH4t1wcvTEa08bpOjE3O1DAOTRuzJSg/C3IYv7czJ cRAJAUeUaHvTwvE0veqtHbiStgfGHYiXIX9F/pgOCe1tiTrGcIEuALUktxpHAzkW8BZag5 yDzjqBVjfPUjAMyXAxzT1k24dXusLBmHipvWaGfLptcXmFfernAJ5A6i68lISiWxSSQq8c iOBd07qGNSG/nlPw0B96RyfZ81xvfBePNji6Mdq619Y3UuK/ru3VHarEyiXW7e8cCaoFok AW/N04zc6BOWF6YnpNM5FvRnJjG2jFdhAUd9FzTIzx91+LtqdKtteWjBcD3sGw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774576345; a=rsa-sha256; cv=none; b=XohPyM1weyhGavqdFCAv0NWaQxKhTyHUKs4sWwPpeVkEQ3Uh9ZoqWGwJna7ahy9XspOwEu 0wdFtMEpwjPhkRc2h35CUmQxgR9nJpax8wWIzx9LxxQFVfXTzv7OjMReLRV/3xZi8AW71X tmYDBddN1TxLOApgYV6vgYgPWjLhQpPIy9JovEzx9Fy/iJcVtaJIcgO8wP2Mf1LLEP4Nq3 Bm/Ph1jTKKh0ZHW1uZR6v10LMEZdHw8zDPBVEWKAjN1Ns4Ws7bgRWNyNsFJBL4987aHal6 huc2IdRNpC/iEmsaV4vf4aMIZQoV+p01gyGc49t9buX+OQCQbReOYntgQRSSBQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576345; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4HqntNZPrxZYSrHGA52T2zuBOdU1Z8qbedy0nmK6dak=; b=AAARp7XsNUodJb047zEacUe7PDi96GgKncf/u/E9UvdsauPHeTQrauXQ+OEFSsvlAdx92N Snbvcd3CdXHLOnz+Kr+j7GbMucOlCRTaMr+lldPbHFrnC4P4IKdo0V9KsI4vZLu2LkhS7U qu3v9+fY9S4Nt/N2HswFHI59c2cRNn2aAvIasJ79W81pVMjcUvXVBwXipbGlYQkh/GfKFI PAkVbsY9hBhkeN2kKcU7Txe/LgkUx74euAPcJn68EsCoobGpfPRKaQm3qqAto5A4vdVH3M 3Jayjm71ukbOsU6jZv5Dn4jf1DTWijpiSYMNOq4OASdPh0RbKBDjV/Q5n41/JQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhkD91SqYz3S0 for ; Fri, 27 Mar 2026 01:52:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1f901 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 27 Mar 2026 01:52:25 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 870bb8d0d32b - stable/15 - amd64: check that %cs and %ss values from ucontext fit into registers List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 870bb8d0d32b029e2ce074d93ea269f0c637e19f Auto-Submitted: auto-generated Date: Fri, 27 Mar 2026 01:52:25 +0000 Message-Id: <69c5e2d9.1f901.7c7edeed@gitrepo.freebsd.org> The branch stable/15 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=870bb8d0d32b029e2ce074d93ea269f0c637e19f commit 870bb8d0d32b029e2ce074d93ea269f0c637e19f Author: Konstantin Belousov AuthorDate: 2026-03-15 07:17:24 +0000 Commit: Konstantin Belousov CommitDate: 2026-03-26 23:42:56 +0000 amd64: check that %cs and %ss values from ucontext fit into registers (cherry picked from commit 8892176c86db18bd175cc00a2d52dff080babec1) --- sys/amd64/amd64/exec_machdep.c | 19 +++++++++++++++++++ sys/amd64/ia32/ia32_signal.c | 28 ++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/sys/amd64/amd64/exec_machdep.c b/sys/amd64/amd64/exec_machdep.c index 6752b716deb5..a4880175990f 100644 --- a/sys/amd64/amd64/exec_machdep.c +++ b/sys/amd64/amd64/exec_machdep.c @@ -94,6 +94,15 @@ _Static_assert(sizeof(mcontext_t) == 800, "mcontext_t size incorrect"); _Static_assert(sizeof(ucontext_t) == 880, "ucontext_t size incorrect"); _Static_assert(sizeof(siginfo_t) == 80, "siginfo_t size incorrect"); +/* + * Check that the value r is 16bit, i.e. fits into a segment register. + */ +static bool +is_seg_val(register_t r) +{ + return ((uint64_t)r <= 0xffff); +} + /* * Send an interrupt to process. * @@ -262,6 +271,14 @@ sys_sigreturn(struct thread *td, struct sigreturn_args *uap) return (EINVAL); } + if (!is_seg_val(ucp->uc_mcontext.mc_ss) || + !is_seg_val(ucp->uc_mcontext.mc_cs)) { + uprintf("pid %d (%s): sigreturn cs = %#lx ss = %#lx\n", + p->p_pid, td->td_name, ucp->uc_mcontext.mc_cs, + ucp->uc_mcontext.mc_ss); + return (EINVAL); + } + /* * Don't allow users to load a valid privileged %cs. Let the * hardware check for invalid selectors, excess privilege in @@ -659,6 +676,8 @@ set_mcontext(struct thread *td, mcontext_t *mcp) if (mcp->mc_len != sizeof(*mcp) || (mcp->mc_flags & ~_MC_FLAG_MASK) != 0) return (EINVAL); + if (!is_seg_val(mcp->mc_ss) || !is_seg_val(mcp->mc_cs)) + return (EINVAL); rflags = (mcp->mc_rflags & PSL_USERCHANGE) | (tp->tf_rflags & ~PSL_USERCHANGE); if (mcp->mc_flags & _MC_HASFPXSTATE) { diff --git a/sys/amd64/ia32/ia32_signal.c b/sys/amd64/ia32/ia32_signal.c index 54e170450dba..3b26244932b4 100644 --- a/sys/amd64/ia32/ia32_signal.c +++ b/sys/amd64/ia32/ia32_signal.c @@ -88,6 +88,15 @@ extern char _binary_elf_vdso32_so_1_size; static void freebsd4_ia32_sendsig(sig_t, ksiginfo_t *, sigset_t *); #endif +/* + * Check that the value r is 16bit, i.e. fits into a segment register. + */ +static bool +is_seg_val(uint32_t r) +{ + return (r <= 0xffff); +} + static void ia32_get_fpcontext(struct thread *td, struct ia32_mcontext *mcp, char **xfpusave, size_t *xfpusave_len) @@ -205,6 +214,8 @@ ia32_set_mcontext(struct thread *td, struct ia32_mcontext *mcp) tp = td->td_frame; if (mcp->mc_len != sizeof(*mcp)) return (EINVAL); + if (!is_seg_val(mcp->mc_ss) || !is_seg_val(mcp->mc_cs)) + return (EINVAL); rflags = (mcp->mc_eflags & PSL_USERCHANGE) | (tp->tf_rflags & ~PSL_USERCHANGE); if (mcp->mc_flags & _MC_IA32_HASFPXSTATE) { @@ -707,6 +718,8 @@ ofreebsd32_sigreturn(struct thread *td, struct ofreebsd32_sigreturn_args *uap) if (!EFL_SECURE(eflags, regs->tf_rflags)) { return (EINVAL); } + if (!is_seg_val(scp->sc_ss) || !is_seg_val(scp->sc_cs)) + return (EINVAL); if (!CS_SECURE(scp->sc_cs)) { ksiginfo_init_trap(&ksi); ksi.ksi_signo = SIGBUS; @@ -772,6 +785,13 @@ freebsd4_freebsd32_sigreturn(struct thread *td, return (EINVAL); } + if (!is_seg_val(ucp->uc_mcontext.mc_ss) || + !is_seg_val(ucp->uc_mcontext.mc_cs)) { + uprintf("pid %d (%s): sigreturn cs = %#x ss = %#x\n", + td->td_proc->p_pid, td->td_name, ucp->uc_mcontext.mc_cs, + ucp->uc_mcontext.mc_ss); + return (EINVAL); + } /* * Don't allow users to load a valid privileged %cs. Let the * hardware check for invalid selectors, excess privilege in @@ -841,6 +861,14 @@ freebsd32_sigreturn(struct thread *td, struct freebsd32_sigreturn_args *uap) return (EINVAL); } + if (!is_seg_val(ucp->uc_mcontext.mc_ss) || + !is_seg_val(ucp->uc_mcontext.mc_cs)) { + uprintf("pid %d (%s): sigreturn cs = %#x ss = %#x\n", + td->td_proc->p_pid, td->td_name, ucp->uc_mcontext.mc_cs, + ucp->uc_mcontext.mc_ss); + return (EINVAL); + } + /* * Don't allow users to load a valid privileged %cs. Let the * hardware check for invalid selectors, excess privilege in From nobody Fri Mar 27 01:52:27 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhkDC5jnZz6WYSl for ; Fri, 27 Mar 2026 01:52:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhkDC39Y8z41Rc for ; Fri, 27 Mar 2026 01:52:27 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576347; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=W8eOz1aBrxe0iTcWnjtXtr5TGniDFuHvh4Zq0tBN14I=; b=GwRPMQp2DgdUbQJmVXQy7RmgTsjo35aXpS5BA6GpXMPPL0ADuoraHJwPgIfdnSY+uvimBD fJeLsB5oO2i7Of3SJ76g2LPbElN8cFzg9PYDN33Oc1cM6e9+tZaoD98TtRZk6NYZh6POep ZRa9gAxef4YpI+21kP0tDJ4SKqJoQvEeRmmr+/T3HbopCO8V0KC3Gnw2QwIkckIpMDDlKZ EdFE3YJkNv0qd4ydFUn6B9oS4OhdbEjNw4DKfYf7wuTo+wBYL9FA0cfmtxwDzaYWUAlEYD xRO9UG2KH4fybl2wqCOaQ51PQM3s04Dg1I/+qKdeKtmntav7aP2U1sQiGnrLlA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774576347; a=rsa-sha256; cv=none; b=ryMAhOSeP3mzzV58YJ/jrnBxkY5OOs6r9hRGeCgbzfVg334PHICwgufB4BDW3Qzz9M0xls RX3wax+Iq2CfvBmJensSPApl6miCYj3su94lcjVabAehZk1pMqQP+hCatk3/5y/CtxyzGl ZVzHxk/USLj2SDPfJqfjMU2O6PLSWtC1ayFjg1BBNiHWAV9fBTZaXvxLZZsRfW8/GlKkqH 5bZ2qGt0TcaR9Hh3W+V3H21xm6S2gDWrAK0o/J8lDXqotD/kunMAz0EdIJZ3UgwxmS2EMi meg98ZZPC5hBDkSJxt4n3kwN39ElMx4uLvcEXi+zbsYYxuByJ/g2VbCHbe2WBA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576347; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=W8eOz1aBrxe0iTcWnjtXtr5TGniDFuHvh4Zq0tBN14I=; b=ya5cuOj/n0qGSadUxHKQ5djdtBxpZFRdW4ij7Wr2s0ptpufCgSPxkX765mnqwC0M88OCrS XCt4/tmnq9/6ppMsX5a6NpFtVbsD0HLxGnxfpoo8i/GWKzV/nf0g/ygTHyvSMIEeukzs2N om1mP0zdCu/QE50Eo37juBuqzs10vjoUNkc1DyR0cOgyArF6sRB5VI15zD2v3UjJv8oknw ud3MxkjpH6fgKx5eG7ys5E/7UXNdQpywI7R7d2jaX2PqJlgveChIyEQs+4XqeeIMFnvKCc OsbS48v+ZJmZ9bN/pAnTrTiAdgL7Q3/4bQcGfCGZbVvxqoceBV88fu979I64jg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhkDC2j0xz3Jc for ; Fri, 27 Mar 2026 01:52:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1edae by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 27 Mar 2026 01:52:27 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: bd708359f64c - stable/15 - sys/param.h: bump __FreeBSD_version for amd64 struct trapframe size change List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: bd708359f64c9b0260c23682d4ecd49745d6fa33 Auto-Submitted: auto-generated Date: Fri, 27 Mar 2026 01:52:27 +0000 Message-Id: <69c5e2db.1edae.620c86d9@gitrepo.freebsd.org> The branch stable/15 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=bd708359f64c9b0260c23682d4ecd49745d6fa33 commit bd708359f64c9b0260c23682d4ecd49745d6fa33 Author: Konstantin Belousov AuthorDate: 2026-03-19 16:03:14 +0000 Commit: Konstantin Belousov CommitDate: 2026-03-26 23:42:56 +0000 sys/param.h: bump __FreeBSD_version for amd64 struct trapframe size change (cherry picked from commit 6275cd73aca7f31cbb3b9da2d031f6664814d58c) --- sys/sys/param.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/sys/param.h b/sys/sys/param.h index 2ba2af796ed1..c29110945401 100644 --- a/sys/sys/param.h +++ b/sys/sys/param.h @@ -74,7 +74,7 @@ * cannot include sys/param.h and should only be updated here. */ #undef __FreeBSD_version -#define __FreeBSD_version 1500506 +#define __FreeBSD_version 1500507 /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, @@ -109,6 +109,7 @@ #define P_OSREL_ARM64_SPSR 1400084 #define P_OSREL_TLSBASE 1500044 #define P_OSREL_EXTERRCTL 1500045 +#define P_OSREL_AMD64_TF_FRED 1600014 #define P_OSREL_MAJOR(x) ((x) / 100000) #endif From nobody Fri Mar 27 01:52:28 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhkDF2Ygxz6WYFD for ; Fri, 27 Mar 2026 01:52:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhkDD4BBMz41PP for ; Fri, 27 Mar 2026 01:52:28 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576348; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hT6EHJipMkVEgPd2RVGy/Qjc21mwhVc7OHRxZ77wgeg=; b=Jv7AZvHrgmKKuHluT9vOQKx6ThH8+6StgZHBvVWPh5pTDnyrJKcuxtep89U+rdGJke858Z ZvVbchef/ygp+Kixyr13+YvVRtSeBVe2+3sSeCk+kxarD+zqaANFhrvBIbjjKb7+Wkl/Tj t2pQYNKEswEvbEc9E1JN5n+rYtMS/S5B7loX2cyIeGKDN+5Y8QONKXdjDBQD0TgsBH3DeY kZL3v5MX519eBUSvd6J3sLiu1bXKW1THLBT1I4xNh0Q2g8ywKthnqIi8Srm3TGZehiMiGV Km856qhzqbKaZ71b8TwrEecpIOTFICvt6accYX3nPp64Twkvv7p+pDKaudGsxw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774576348; a=rsa-sha256; cv=none; b=TM0akQKiEfGJUBZgrHL7sFeU9IqpOivOvzdw8G3CM7mA3ppM4tGWA8vXN0wqyTq4Jsd4aZ DuIKS4FKC+6ESif+Aedi1zt7MHDK8KeSlMZUcwJB1RY+Os97DSIoUcvxINylsu/MF+1Esw TaNVXJ+5vKNTMRki2+xkvb1QIPM1nd4rCMdPDyaRp7MIsMkMy81imOQUhcMaEeCAe7I0jl aQVISO6B3mn/zEDt53RKw1BgYLDCikHGmjsmeWWRMDbv3cVIhMU8UyOZp4aOCVkNsZ6TW8 9XOFhvo/tx978KESczvpg4TkLx5vdYww+O5UusTSvvW4slB9CXrRiMGHUCAytA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576348; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hT6EHJipMkVEgPd2RVGy/Qjc21mwhVc7OHRxZ77wgeg=; b=BFR0JSZQG3UOyrOQgcO6UlAY+fIXVRJAq1Ln/pVKhKw9ezTPRTe6dvnvwLdMAZF38YZkyl lxXvtPL6alvYMNLg0NxeuLO/MYPSZK6pbOcpg9ZvRqGtlQcVVDJxN7G0f0OlP/zklcmx/T H2UcPyonbVq7A4a6CrdLbizk7K1DXM8wVjLwhEeBOqfN+GoKfOhcTjYWXho8kpjX3I6Wx1 6nZqx/9y9q+l+2BuCQryzQUmpNiwcq3C1eSvOck0CUKcgcA98r3SLJGuJ2XqY1j6SYbnaz 0AAzX2i6+R5NqBvizBQRD0CzXqDBH3wTMurMpvoGwlMeCJjTFs/MgtS62twCig== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhkDD3V92z3X4 for ; Fri, 27 Mar 2026 01:52:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1f27a by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 27 Mar 2026 01:52:28 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 504b27e67dee - stable/15 - amd64: remove assertion about sizeof(struct pcb) List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 504b27e67dee9e1e024b4dc82daa330badcf6551 Auto-Submitted: auto-generated Date: Fri, 27 Mar 2026 01:52:28 +0000 Message-Id: <69c5e2dc.1f27a.13ab5c6@gitrepo.freebsd.org> The branch stable/15 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=504b27e67dee9e1e024b4dc82daa330badcf6551 commit 504b27e67dee9e1e024b4dc82daa330badcf6551 Author: Konstantin Belousov AuthorDate: 2026-03-19 03:43:01 +0000 Commit: Konstantin Belousov CommitDate: 2026-03-26 23:42:56 +0000 amd64: remove assertion about sizeof(struct pcb) (cherry picked from commit acce5fa3dbe87ea953fb5060a03859e424398db8) --- sys/amd64/amd64/fpu.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/sys/amd64/amd64/fpu.c b/sys/amd64/amd64/fpu.c index 48bfaa53c7b4..11f9c5b98134 100644 --- a/sys/amd64/amd64/fpu.c +++ b/sys/amd64/amd64/fpu.c @@ -143,13 +143,6 @@ CTASSERT(sizeof(struct savefpu) == 512); CTASSERT(sizeof(struct xstate_hdr) == 64); CTASSERT(sizeof(struct savefpu_ymm) == 832); -/* - * This requirement is to make it easier for asm code to calculate - * offset of the fpu save area from the pcb address. FPU save area - * must be 64-byte aligned. - */ -CTASSERT(sizeof(struct pcb) % XSAVE_AREA_ALIGN == 0); - /* * Ensure the copy of XCR0 saved in a core is contained in the padding * area. From nobody Fri Mar 27 01:52:30 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhkDH4fXHz6WY9L for ; Fri, 27 Mar 2026 01:52:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhkDG6nX3z41N7 for ; Fri, 27 Mar 2026 01:52:30 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576351; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iR3S7/HYogf8uZKCUTmZ1m0sqhgZ4wzgREsq1vhahAw=; b=wDbaJj+6qmvzwJ6nY4UrZ4IcvKWL4CiwsbOh4R5tVwFWSqYZRQFq0omzP9+/iy527U0BvO xCasqFV6mzQMw7dZyO/3XOYGeFxUUl8SxN0pj0c4FZTOyBhgohxWsof0qghW0jEvExfwfb Hy7hQNmhzm2syaAsA5s2cEKbUULuGfv68p8IRdwWnLoOYBeIqKJagE8ZjnlFXccOkG5Ddf VpYalS7AyC5lcHuxVNWZEMyVv7EXPs86j+z26bdJzs3MjuFGH8DTYiviWzrwaaeghERIOc C/MW0ueBM6yGhizIJq8ubiZU5Jvjc9A2CefjZb+Bhk7YuLGkU3qV9Bp9++xGfg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774576351; a=rsa-sha256; cv=none; b=QMs108MLXXMf6ctK8l4GMiwFPU21sB4pZ/RNtEUqFUHljA4CqQG0hTQNnyke7k+0ViuZUB 9hrnYLcrBqHy84vgAVbL7YEOt84sxO2ZYFbZ1JR25+kTUfBZsp3QOrkA3I8hpxTE0ACOGm v0X5/a23/VxPO42AjLJQxJwAzD1YJ4ElHg3ge8nETrulcx4I88MW+W1PKSmGziMXR+xhc6 cbSz2drc221b9lpmo2rlWuQTd6q/3yyM9yRVjYM6BObAggmm840K6t+gCWwjbItgyZnEmS YWPFLMP8wt3rs4kpTOZXpMPLX8+qrL+k10wyvxLqGAfQtyTEtgT980Qsxli86w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576351; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iR3S7/HYogf8uZKCUTmZ1m0sqhgZ4wzgREsq1vhahAw=; b=SD56pgwRpPUkrlyw8/Zdyfcjsmqp5HvME3OP2DNc7RtEspFqyAlBRrH5RnTYMsik8XOxf9 zsjVIDjrulA27Z0MiSGyw5mHx3SN1sk05k1+owVTdsiOppl7xCdrJKrV6WpWTqc2df2Ba2 fZVyJiMOspT5/Ttdhe69w93KRX1zrziNfhxOFtrHyayPkXlzhcAB1/t/F1MPNyXBCeo5iV JcQ6JnJs3fuzyUnecpVcEJ4JXGI3LSGM84RgjfYuNZNJJQpjQbKknYAXy2ZaDJ2MYEzm2a gbPgNfQoQzmOv9c70dPhTMlKQ2ELeY9x+OPYTRpO0xdZVXTvfuzAp89jwEs0YQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhkDG4mmjz3Jh for ; Fri, 27 Mar 2026 01:52:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1c66c by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 27 Mar 2026 01:52:30 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 1c0357fe612a - stable/15 - amd64 trap.c: provide tag for the struct sfhandlers definition List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 1c0357fe612ae69d1106b3ae37c10f87cc186506 Auto-Submitted: auto-generated Date: Fri, 27 Mar 2026 01:52:30 +0000 Message-Id: <69c5e2de.1c66c.6ea04131@gitrepo.freebsd.org> The branch stable/15 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=1c0357fe612ae69d1106b3ae37c10f87cc186506 commit 1c0357fe612ae69d1106b3ae37c10f87cc186506 Author: Konstantin Belousov AuthorDate: 2026-03-03 06:37:03 +0000 Commit: Konstantin Belousov CommitDate: 2026-03-26 23:42:56 +0000 amd64 trap.c: provide tag for the struct sfhandlers definition (cherry picked from commit 8cc1c0f35ec8d5a3edb4ee1ede962a3c1f6baef0) --- sys/amd64/amd64/trap.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sys/amd64/amd64/trap.c b/sys/amd64/amd64/trap.c index 8a1d1528e6da..359b3dfe3609 100644 --- a/sys/amd64/amd64/trap.c +++ b/sys/amd64/amd64/trap.c @@ -319,10 +319,12 @@ trap_check_intr_kernel(struct thread *td, struct trapframe *frame) /* * Table of handlers for various segment load faults. */ -static const struct { +struct sfhandler { uintptr_t faddr; uintptr_t fhandler; -} sfhandlers[] = { +}; + +static const struct sfhandler sfhandlers[] = { { .faddr = (uintptr_t)ld_ds, .fhandler = (uintptr_t)ds_load_fault, From nobody Fri Mar 27 01:52:29 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhkDG1XwNz6WY42 for ; Fri, 27 Mar 2026 01:52:30 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhkDF4zQ3z419t for ; Fri, 27 Mar 2026 01:52:29 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576349; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=L/5e7f5l/JiTNdUFMLeM0RK09Xxv491lx/yfIi6kA9o=; b=vCpYsyD0O/YrJbdLXIDamXWYKhDMzSNlg2bc8aQyelxbAFKEoDDE3mYaa2IZ5nvi9pYcIA rvnNPfZlFmRpUara1WOTeZAR3jVJwstCkD8xsrHdFct29UeY2owWefWpJ38Yele22LyUE6 66SNugTBA/09LqkDGVm1PM5hYS8wU1mkYz+aV69KsrFen5tNhVsPGbegopGjINLk3nOcfS +/uVcsPwAzMey3zN5oNtzHpmM/7lpNLaHQkIvqadF6Jq4B4PI4kt5pLovOrfU4TIbvzwHO bdni1+UMos9ubzC1M0Ugo64uXI/GoXWtDAaGCHFXVyJBSYketPuJXfgCNMgggA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774576349; a=rsa-sha256; cv=none; b=h5TZrqIJmp+mFlSLSLbwpGyMuecpJBxQyJbS34EA0Tv570b+uWRiOOJB12pd0Umuq3nFag chZXI+r/ybnsUW9RCQSzy71FCjKEbeoYncu/eQxF1eRXGI+aeLez1M9UBCSllQAUOh6Qz2 XaNpS1PoWxdbOs35hRUXDobbJeyZXfKrtYFadkIWcgV24LDpqDbYG0wofUjU1qf0iBgjHc 7WoeshUum9KWtr26QjHVZI4gvzvTaXgFNAwl81MWl8L29aQAuywQH9uKPmsSpXOjY2a3kX MB04x5Cgh7QgKs7ssQyd1EeYwrHzg58202zR3lxeoNdlyezONBAQEc1ChTGBqw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576349; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=L/5e7f5l/JiTNdUFMLeM0RK09Xxv491lx/yfIi6kA9o=; b=qTpu980vdgsjcyEPfF0UBoiPigV9NHaFIb3bgJy77e8H1wZa45yHrsXF2dvfMgrO0SFwdd 5V4ydSmQ5nLb3Mt3YWOzHDSxgEetN3LD2ZB92fIFa9sGiQIrpxSRgm+CTfbYMZCP7SUA+9 H7F4GBU4SVwKi1dEZj1M9ChNj7U6DQGJtMnKeZVWDTo1PeI+36Z+8TOlLy1Y/ucTY0WNFg a2qSX50tjRPnKR52fOoJZLlY5iTBMSX2Ce2zeeo8pO3WmGxE827RArlXTMQ/q5JzFZ1O9i j/GcMECy8VhhqS5wLI26zh79v1oSHwdzwjLm/dkwkt8OgXCz99TaUj1btgc0/g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhkDF4GBTz3Jg for ; Fri, 27 Mar 2026 01:52:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1eb0a by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 27 Mar 2026 01:52:29 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 25b6a309eebd - stable/15 - amd64: add prototype for ia32_syscall() List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 25b6a309eebd6ef84a8debdea81d648f13918f00 Auto-Submitted: auto-generated Date: Fri, 27 Mar 2026 01:52:29 +0000 Message-Id: <69c5e2dd.1eb0a.78d01d2f@gitrepo.freebsd.org> The branch stable/15 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=25b6a309eebd6ef84a8debdea81d648f13918f00 commit 25b6a309eebd6ef84a8debdea81d648f13918f00 Author: Konstantin Belousov AuthorDate: 2026-02-26 00:55:59 +0000 Commit: Konstantin Belousov CommitDate: 2026-03-26 23:42:56 +0000 amd64: add prototype for ia32_syscall() (cherry picked from commit 23dc4850fbc9e7abfc54f0ce11f343e4677fd0fb) --- sys/amd64/include/md_var.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/amd64/include/md_var.h b/sys/amd64/include/md_var.h index 7bb8ace27061..46a30518b212 100644 --- a/sys/amd64/include/md_var.h +++ b/sys/amd64/include/md_var.h @@ -62,6 +62,7 @@ struct __mcontext; struct pcpu; struct savefpu; struct sysentvec; +struct trapframe; void amd64_conf_fast_syscall(void); void amd64_db_resume_dbreg(void); @@ -77,6 +78,7 @@ void cpu_init_small_core(void); void doreti_iret(void) __asm(__STRING(doreti_iret)); void doreti_iret_fault(void) __asm(__STRING(doreti_iret_fault)); void flush_l1d_sw_abi(void); +void ia32_syscall(struct trapframe *); void ld_ds(void) __asm(__STRING(ld_ds)); void ld_es(void) __asm(__STRING(ld_es)); void ld_fs(void) __asm(__STRING(ld_fs)); From nobody Fri Mar 27 01:52:31 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhkDJ4v19z6WYT0 for ; Fri, 27 Mar 2026 01:52:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhkDH6JD9z415L for ; Fri, 27 Mar 2026 01:52:31 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576351; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=UoO7vXjDYH5p4Wk438DuJ3z2qNy2n4giJmxp2kgWSuk=; b=JLZov5XWn1w7+9fey+WSBR9jiekVSAQjiyoluAES5V7jJbcPFqPjORL2FvDhP4jvVPkV0v iODbLxPCB6Lza2xGEO/qN76HvJUev3jDU6ovtwGguVlE5HYCkt0OXd1ZaRieUOyZCAs1Zn C1YYPp5nHBdju+8hUXMVX+VJKT4Nd0ffKoYGuuzPUDfFP8F9vnc3yzAr+nXcU75pKkvMhq nzaSSSIYXmdsacMzQYcxILHsvPF+YNCADfF82CC+qTr5NQ5KQY5T1+E9yd8gqzlC23udU7 uYwVQ+dS10l3M6AG6s1iP4TecDSli1g9l3ou7i//c641qOJwYlGBz2ffRkxiRQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774576351; a=rsa-sha256; cv=none; b=L/u5zaFQuShUZCTNQVZTLd/wVwrU2RD9RuewNb5MMs8k4laSvViKCOKvZ1IuNkXVapn4IH 3KFLLbB0je4XHD42ZH1kborZslic33xgpC4DUcWBmbefFchuh0/mUdD3NCry2M6bsEFjiO WrIs+nIiaXCP5TzBRO5k1t499JsePKvMjje13MpMu57mHibYgJOBl8elvBt1M16+9QPa3q hEovm2QDZvOf+lhCVxTr4IhFMbtirI7xo1yBcgGi6+c1KcliYMvA4VKXIQMWF4pfI2l4kI RJvNWNnkEecSJQonJyNidljZ0EC2VybVZJImUa2I5s9FCU1fLnRwp7Fr9P371Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576351; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=UoO7vXjDYH5p4Wk438DuJ3z2qNy2n4giJmxp2kgWSuk=; b=VM0jVcEgQZWqJsLZwHYEJPmsVapAL4GnNK3FRHxr2I8bQc2HghwvU0fJqKGlTsBoAJTX10 1/E1wbS7ufBTce03HmV5ebNIQijkDtV2FkxGp4xi4O43cNqsAObHtrYKSPy5C5PhGn8IGj tlhW8wr2WSFJp5l+xaXMMwQDO5LW5Ymn3xPEdQDxNXHbCj7og2DooxDAHvUlVzjIE8Fo3e 0uYqrcVSLuQsM9izgFW5eaP/IJ4mLtFSfTjP+Fk1lkpTWhzVz2WLedGdKDR3KOlsdLhVz6 JV7PI68bEv45fkOG6RrP9GaCfPCarR5PWTVXamFPKRkgTARBDAXWMXPrPQsl2Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhkDH5ghlz3Jl for ; Fri, 27 Mar 2026 01:52:31 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1ea2a by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 27 Mar 2026 01:52:31 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: 8823ca95fd45 - stable/15 - amd64: revert back struct trapframe to the pre-FRED definition List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 8823ca95fd45455d24a7bdd1d573b651932c3c54 Auto-Submitted: auto-generated Date: Fri, 27 Mar 2026 01:52:31 +0000 Message-Id: <69c5e2df.1ea2a.15c9260b@gitrepo.freebsd.org> The branch stable/15 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=8823ca95fd45455d24a7bdd1d573b651932c3c54 commit 8823ca95fd45455d24a7bdd1d573b651932c3c54 Author: Konstantin Belousov AuthorDate: 2026-03-21 22:26:48 +0000 Commit: Konstantin Belousov CommitDate: 2026-03-26 23:42:57 +0000 amd64: revert back struct trapframe to the pre-FRED definition (cherry picked from commit 1ba29614c4ce5e261ade0bd7def94079b7b9647a) --- sys/x86/include/frame.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/x86/include/frame.h b/sys/x86/include/frame.h index a6444d55cfaf..b8e090ff95d0 100644 --- a/sys/x86/include/frame.h +++ b/sys/x86/include/frame.h @@ -152,6 +152,10 @@ struct trapframe { uint16_t tf_ss; uint16_t tf_fred_evinfo1; uint32_t tf_fred_evinfo2; +}; + +struct trapframe_fred { + struct trapframe tf_idt; /* two long words added by FRED */ uint64_t tf_fred_evdata; uint64_t tf_fred_zero1; From nobody Fri Mar 27 01:52:32 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhkDK2PlBz6WYFP for ; Fri, 27 Mar 2026 01:52:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhkDJ6s0bz41SK for ; Fri, 27 Mar 2026 01:52:32 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576353; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AtHSe3RFrYGV6bP/wzhR03vX6ESnhJ6IWLaSFAZWLHU=; b=fMUdtBEKapWI/y14JHDSioVyuqd/u73ojc5U3In54B/EqzAQV3+gBz+ufXlcBrGLLDlVHU uEUX+z3dvwmSXedEkZyIFavIC3heGMpnd/dQ/t+vWKWBhUGXWbMz+XlatQ7OqjnQjZ1Sv/ mGBxF0ezGYKaAC5at3tXNMKtO+HZGwnDvqoRrOWLX/OgJlBxeZKaLkO4xRtGUR33svfU0q q8tHyJiFdMn8mL3FIJE11NFzA21ukc6AL9f4NaNMW1vJ1g+1b+LowyXAXkj0rB31JB/LUP Wn9EIuI9PBc4Hh73PR/+tWsq0mV8xvyJMOEpe9RJmL5oaewrcyT97eoxCv/GlQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774576353; a=rsa-sha256; cv=none; b=HEaibmnJeM1BKbd/AZ4rJco9wD0P4rz2FdL17bsig3Qe6p/y3Y79V5XeXXoEZ3hW2D7dsa qw/R3fD5J8EozG/XG36wXAjd2Qe9/QTdUJ3UyB0VhdcRlLQquvA9wnfcWYxWhsRV1jnrVq aPhEi2Bf01eUgzZprEbV+yOHB4x3m16xu/TYCH99ETFwXoaVdajU/XVblUUnZPKzUX8PYh 7u0hWkVazCcdQ76tiPkQZ3aGKtpNrFOIKcqf5zneyjUJmB4l8ldzQdrF7OXuzZZtBx/1M9 gPEKQmwGZQlp4LqPbAv2iSebp4tkdz60keh6KpDlgtmGSJDskNOw3FzPOaLFqQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774576353; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AtHSe3RFrYGV6bP/wzhR03vX6ESnhJ6IWLaSFAZWLHU=; b=jcvLe8jRLzEKFmqltBKx/UPy0kvv/7gfZmpa4Os46qCAX2x8v2aXHEtT7yP0bcAlgsDQ9J /Zh2d098nzodpah++rRze4y44Dl20pVz2eJvejxG9n28MepcU7qkUyX7Z+hmDLIUTmsqHr nl22ejUZjZVGK0CReJoxOFfcZgmBqogIMPWahXgn8GSnG8yDHbuTbtQcZDusujr3KX9AVd Qq5iw7B3iHbBbuEiATdNgI5QxfKIPnnpGx7f1epf9dr5fm6r/DBw0+ZZv7mUhlKCv5GnMv z/8w+SsgmNkDzEOnlQw2JRsLLAwoGW47cfdu1zFEkwLjBxczqzwQOaBWtwzCrA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhkDJ6KN2z39D for ; Fri, 27 Mar 2026 01:52:32 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 1ea8f by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 27 Mar 2026 01:52:32 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Konstantin Belousov Subject: git: a7182edc1025 - stable/15 - mlx5: postpone freeing the completed command entity to taskqueue List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: a7182edc1025e4e55bba3fa67a9c57896abc8cb9 Auto-Submitted: auto-generated Date: Fri, 27 Mar 2026 01:52:32 +0000 Message-Id: <69c5e2e0.1ea8f.1329565@gitrepo.freebsd.org> The branch stable/15 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=a7182edc1025e4e55bba3fa67a9c57896abc8cb9 commit a7182edc1025e4e55bba3fa67a9c57896abc8cb9 Author: Konstantin Belousov AuthorDate: 2026-03-10 07:32:00 +0000 Commit: Konstantin Belousov CommitDate: 2026-03-26 23:42:57 +0000 mlx5: postpone freeing the completed command entity to taskqueue (cherry picked from commit f0d5f46a1e42b801d96447e544cc3820612748b1) --- sys/dev/mlx5/driver.h | 1 + sys/dev/mlx5/mlx5_core/mlx5_cmd.c | 12 +++++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/sys/dev/mlx5/driver.h b/sys/dev/mlx5/driver.h index cdefe7e013f6..ba6714c5c7b6 100644 --- a/sys/dev/mlx5/driver.h +++ b/sys/dev/mlx5/driver.h @@ -890,6 +890,7 @@ struct mlx5_cmd_work_ent { u16 op; u8 busy; bool polling; + struct work_struct freew; }; struct mlx5_pas { diff --git a/sys/dev/mlx5/mlx5_core/mlx5_cmd.c b/sys/dev/mlx5/mlx5_core/mlx5_cmd.c index 86c721a83cb7..e314a04c294f 100644 --- a/sys/dev/mlx5/mlx5_core/mlx5_cmd.c +++ b/sys/dev/mlx5/mlx5_core/mlx5_cmd.c @@ -802,6 +802,15 @@ static void cb_timeout_handler(struct work_struct *work) mlx5_cmd_comp_handler(dev, 1UL << ent->idx, MLX5_CMD_MODE_EVENTS); } +static void +cmd_free_work(struct work_struct *work) +{ + struct mlx5_cmd_work_ent *ent = container_of(work, + struct mlx5_cmd_work_ent, freew); + + free_cmd(ent); +} + static void complete_command(struct mlx5_cmd_work_ent *ent) { struct mlx5_cmd *cmd = ent->cmd; @@ -856,7 +865,8 @@ static void complete_command(struct mlx5_cmd_work_ent *ent) free_msg(dev, ent->in); err = err ? err : ent->status; - free_cmd(ent); + INIT_WORK(&ent->freew, cmd_free_work); + schedule_work(&ent->freew); callback(err, context); } else { complete(&ent->done); From nobody Fri Mar 27 06:22:20 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhrCc75kkz6XDgT for ; Fri, 27 Mar 2026 06:22:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhrCc6N9lz3D98 for ; Fri, 27 Mar 2026 06:22:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774592540; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dgQ6fJkcXd1hszWY2ETgD6rLasouL9ebcEdB1ud9AfI=; b=qdX6vvQ3WjNoO5B8EvTjXsE+YN5J/Oltz1pj+fHiFRj2/FjBueCkh6xFzMGav0h/2cULjF FNNaamlLe1xXxCYvYg7qM8pe0hxpy04kmaEow8bbwh/tnXxsyuJHWnkdHUHfGx8TuFlnGB ifUhOfT9xJMttZQ9mMvDpGqxX2vlO1060lIx8JJlgQkRweBzv4qH3a7rjYzT1UnprAV6XS YeCjtbJdU8YtAFu3o6OdFcSq57Ks5/nhYUgoUHL+x57mjWDTbWVgRx7oOSRrxlAe255UP7 3CegUOHvXL3vi53/iPBudCS48/XnIWQ5eMLDYtZcw4kglmuwN9GyikfZd9UfOQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774592540; a=rsa-sha256; cv=none; b=YhUSKMaox6tfnnlTp6eEebtXcIivUJ73sMcGholmVM9MfoJcu499q7pecjU3zHSy4U1815 hJqZMcmTm/MfJXgE4f/2wIxiWAVitGrJQMh1DlAQnDkflCrEuUa7btzM/7GAugJ2HzCobN B3g3dBL48QZatwdURlhK2w6Ii/peMdXoOS3aNIzolXmnJqU0PEfeuV4PpX6hAZIiNxjIhJ lEacNZPjgomPKTrChbvaDxz0aYpK+0vpBc6NNMsYZcvQ7gciu1V5s7mWuSQAMCV1Pdd24K Cn55MvaPwNKF5TLYido94IcLIbCdr1+qc/fXiDktp+N+GE23qIFknk8Q27VXWw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774592540; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dgQ6fJkcXd1hszWY2ETgD6rLasouL9ebcEdB1ud9AfI=; b=GkwAkRNYTL/nKAc1qdgLcDifM+Q3MEvvWSry0JD9Ip1m9LfGpghz0NvqHw1FmxI8AWcVF1 +FQa9YNLtzZ637vFPjoRLwg0fBnUhiaSWk/npRQVDjHzK/Hth0cC87dGK2JaEurD+nBj7C mX75DZA7Q2dolX5LvSJ0UC4AmzG8NWY1k3VfqVbSEk3kcvmVXie8BqsBhrDuimM6R2/rmU 1SF72KqGdcl1lMhkH55KQY0RA79sDUzGi07DWVioNVuvLljkfpc5EtshzWNx8ZiPBJSFEl Kulhtj1/kVjB8qM+XlEotKwGElX/QhPkIiJ+J+lIAzWfrAqsGzbq68LiJru5Bg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhrCc5rbjzBXN for ; Fri, 27 Mar 2026 06:22:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 43121 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 27 Mar 2026 06:22:20 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Xin LI Subject: git: 74f357256769 - stable/15 - MFC: MFV: zlib 1.3.2. List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: delphij X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 74f357256769e12c3a843c75d1def483234312f3 Auto-Submitted: auto-generated Date: Fri, 27 Mar 2026 06:22:20 +0000 Message-Id: <69c6221c.43121.3633e3f0@gitrepo.freebsd.org> The branch stable/15 has been updated by delphij: URL: https://cgit.FreeBSD.org/src/commit/?id=74f357256769e12c3a843c75d1def483234312f3 commit 74f357256769e12c3a843c75d1def483234312f3 Author: Xin LI AuthorDate: 2026-03-13 23:49:53 +0000 Commit: Xin LI CommitDate: 2026-03-27 06:22:02 +0000 MFC: MFV: zlib 1.3.2. Relnotes: yes (cherry picked from commit 7aa1dba6b00ccfb7d66627badc8a7aaa06b02946) --- lib/libz/Symbol.map | 13 + lib/libz/Versions.def | 6 + sys/contrib/zlib/ChangeLog | 51 +++ sys/contrib/zlib/FAQ | 46 +- sys/contrib/zlib/LICENSE | 2 +- sys/contrib/zlib/README | 28 +- sys/contrib/zlib/compress.c | 44 +- sys/contrib/zlib/contrib/README.contrib | 57 --- sys/contrib/zlib/contrib/gcc_gvmat64/gvmat64.S | 574 ------------------------- sys/contrib/zlib/crc32.c | 164 +++---- sys/contrib/zlib/deflate.c | 176 +++++--- sys/contrib/zlib/deflate.h | 8 +- sys/contrib/zlib/doc/algorithm.txt | 2 +- sys/contrib/zlib/gzguts.h | 64 +-- sys/contrib/zlib/gzlib.c | 103 +++-- sys/contrib/zlib/gzread.c | 296 ++++++++----- sys/contrib/zlib/gzwrite.c | 267 +++++++----- sys/contrib/zlib/infback.c | 87 +--- sys/contrib/zlib/inffast.c | 13 +- sys/contrib/zlib/inffixed.h | 182 ++++---- sys/contrib/zlib/inflate.c | 189 ++------ sys/contrib/zlib/inflate.h | 2 +- sys/contrib/zlib/inftrees.c | 143 +++++- sys/contrib/zlib/inftrees.h | 4 +- sys/contrib/zlib/test/example.c | 14 +- sys/contrib/zlib/test/infcover.c | 10 +- sys/contrib/zlib/test/minigzip.c | 89 ++-- sys/contrib/zlib/trees.c | 28 +- sys/contrib/zlib/uncompr.c | 62 ++- sys/contrib/zlib/zconf.h | 54 ++- sys/contrib/zlib/zconf.h.in | 46 +- sys/contrib/zlib/zlib.3 | 22 +- sys/contrib/zlib/zlib.h | 309 +++++++++---- sys/contrib/zlib/zlib.map | 16 + sys/contrib/zlib/zlib.pc.in | 1 + sys/contrib/zlib/zutil.c | 84 ++-- sys/contrib/zlib/zutil.h | 99 ++++- 37 files changed, 1613 insertions(+), 1742 deletions(-) diff --git a/lib/libz/Symbol.map b/lib/libz/Symbol.map index 7bfe7cceda77..5df1d5253f91 100644 --- a/lib/libz/Symbol.map +++ b/lib/libz/Symbol.map @@ -7,6 +7,19 @@ ZLIB_1.2.12 { crc32_combine_op; }; +ZLIB_1.3.1.2 { + deflateUsed; +}; + +ZLIB_1.3.2 { + compressBound_z; + compress_z; + compress2_z; + deflateBound_z; + uncompress_z; + uncompress2_z; +}; + ZLIB_1.2.9 { inflateCodesUsed; inflateValidate; diff --git a/lib/libz/Versions.def b/lib/libz/Versions.def index 2ee0106b5bfe..73b197240a4c 100644 --- a/lib/libz/Versions.def +++ b/lib/libz/Versions.def @@ -14,6 +14,12 @@ ZLIB_1.2.9 { ZLIB_1.2.12 { } ZLIB_1.2.9; +ZLIB_1.3.1.2 { +} ZLIB_1.2.12; + +ZLIB_1.3.2 { +} ZLIB_1.3.1.2; + FBSD_1.2 { } ZLIB_1.2.4.0; diff --git a/sys/contrib/zlib/ChangeLog b/sys/contrib/zlib/ChangeLog index b801a1031ec0..312753edadef 100644 --- a/sys/contrib/zlib/ChangeLog +++ b/sys/contrib/zlib/ChangeLog @@ -1,6 +1,57 @@ ChangeLog file for zlib +Changes in 1.3.2 (17 Feb 2026) +- Continued rewrite of CMake build [Vollstrecker] +- Various portability improvements +- Various github workflow additions and improvements +- Check for negative lengths in crc32_combine functions +- Copy only the initialized window contents in inflateCopy +- Prevent the use of insecure functions without an explicit request +- Add compressBound_z and deflateBound_z functions for large values +- Use atomics to build inflate fixed tables once +- Add definition of ZLIB_INSECURE to build tests with c89 and c94 +- Add --undefined option to ./configure for UBSan checker +- Copy only the initialized deflate state in deflateCopy +- Zero inflate state on allocation +- Remove untgz from contrib +- Add _z versions of the compress and uncompress functions +- Vectorize the CRC-32 calculation on the s390x +- Set bit 11 of the zip header flags in minizip if UTF-8 +- Update OS/400 support +- Add a test to configure to check for a working compiler +- Check for invalid NULL pointer inputs to zlib operations +- Add --mandir to ./configure to specify manual directory +- Add LICENSE.Info-Zip to contrib/minizip +- Remove vstudio projects in lieu of cmake-generated projects +- Replace strcpy() with memcpy() in contrib/minizip + +Changes in 1.3.1.2 (8 Dec 2025) +- Improve portability to RISC OS +- Permit compiling contrib/minizip/unzip.c with decryption +- Enable build of shared library on AIX +- Make deflateBound() more conservative and handle Z_STREAM_END +- Add zipAlreadyThere() to minizip zip.c to help avoid duplicates +- Make z_off_t 64 bits by default +- Add deflateUsed() function to get the used bits in the last byte +- Avoid out-of-bounds pointer arithmetic in inflateCopy() +- Add Haiku to configure for proper LDSHARED settings +- Add Bazel targets +- Complete rewrite of CMake build [Vollstrecker] +- Clarify the use of errnum in gzerror() +- Note that gzseek() requests are deferred until the next operation +- Note the use of gzungetc() to run a deferred seek while reading +- Fix bug in inflatePrime() for 16-bit ints +- Add a "G" option to force gzip, disabling transparency in gzread() +- Improve the discrimination between trailing garbage and bad gzip +- Allow gzflush() to write empty gzip members +- Remove redundant frees of point list on error in examples/zran.c +- Clarify the use of inflateGetHeader() +- Update links to the RFCs +- Return all available uncompressed data on error in gzread.c +- Support non-blocking devices in the gz* routines +- Various other small improvements + Changes in 1.3.1 (22 Jan 2024) - Reject overflows of zip header fields in minizip - Fix bug in inflateSync() for data held in bit buffer diff --git a/sys/contrib/zlib/FAQ b/sys/contrib/zlib/FAQ index 92f5d3e29fab..95c1a825acd4 100644 --- a/sys/contrib/zlib/FAQ +++ b/sys/contrib/zlib/FAQ @@ -3,8 +3,8 @@ If your question is not there, please check the zlib home page -http://zlib.net/ which may have more recent information. -The latest zlib FAQ is at http://zlib.net/zlib_faq.html +https://zlib.net/ which may have more recent information. +The latest zlib FAQ is at https://zlib.net/zlib_faq.html 1. Is zlib Y2K-compliant? @@ -19,7 +19,7 @@ The latest zlib FAQ is at http://zlib.net/zlib_faq.html 3. Where can I get a Visual Basic interface to zlib? See - * http://marknelson.us/1997/01/01/zlib-engine/ + * https://zlib.net/nelson/ * win32/DLL_FAQ.txt in the zlib distribution 4. compress() returns Z_BUF_ERROR. @@ -38,7 +38,7 @@ The latest zlib FAQ is at http://zlib.net/zlib_faq.html made with more input or output space. A Z_BUF_ERROR may in fact be unavoidable depending on how the functions are used, since it is not possible to tell whether or not there is more output pending when - strm.avail_out returns with zero. See http://zlib.net/zlib_how.html for a + strm.avail_out returns with zero. See https://zlib.net/zlib_how.html for a heavily annotated example. 6. Where's the zlib documentation (man pages, etc.)? @@ -109,8 +109,8 @@ The latest zlib FAQ is at http://zlib.net/zlib_faq.html 16. Can zlib decode Flate data in an Adobe PDF file? - Yes. See http://www.pdflib.com/ . To modify PDF forms, see - http://sourceforge.net/projects/acroformtool/ . + Yes. See https://www.pdflib.com/ . To modify PDF forms, see + https://sourceforge.net/projects/acroformtool/ . 17. Why am I getting this "register_frame_info not found" error on Solaris? @@ -156,6 +156,10 @@ The latest zlib FAQ is at http://zlib.net/zlib_faq.html library memory allocation routines by default. zlib's *Init* functions allow for the application to provide custom memory allocation routines. + If the non-default BUILDFIXED or DYNAMIC_CRC_TABLE defines are used on a + system without atomics (e.g. pre-C11), then inflate() and crc32() will not + be thread safe. + Of course, you should only operate on any given zlib or gzip stream from a single thread at a time. @@ -235,7 +239,7 @@ The latest zlib FAQ is at http://zlib.net/zlib_faq.html As far as we know, no. In fact, that was originally the whole point behind zlib. Look here for some more information: - http://www.gzip.org/#faq11 + https://web.archive.org/web/20180729212847/http://www.gzip.org/#faq11 32. Can zlib work with greater than 4 GB of data? @@ -258,20 +262,20 @@ The latest zlib FAQ is at http://zlib.net/zlib_faq.html 33. Does zlib have any security vulnerabilities? The only one that we are aware of is potentially in gzprintf(). If zlib is - compiled to use sprintf() or vsprintf(), then there is no protection - against a buffer overflow of an 8K string space (or other value as set by - gzbuffer()), other than the caller of gzprintf() assuring that the output - will not exceed 8K. On the other hand, if zlib is compiled to use - snprintf() or vsnprintf(), which should normally be the case, then there is - no vulnerability. The ./configure script will display warnings if an - insecure variation of sprintf() will be used by gzprintf(). Also the - zlibCompileFlags() function will return information on what variant of - sprintf() is used by gzprintf(). + compiled to use sprintf() or vsprintf(), which requires that ZLIB_INSECURE + be defined, then there is no protection against a buffer overflow of an 8K + string space (or other value as set by gzbuffer()), other than the caller + of gzprintf() assuring that the output will not exceed 8K. On the other + hand, if zlib is compiled to use snprintf() or vsnprintf(), which should + normally be the case, then there is no vulnerability. The ./configure + script will display warnings if an insecure variation of sprintf() will be + used by gzprintf(). Also the zlibCompileFlags() function will return + information on what variant of sprintf() is used by gzprintf(). If you don't have snprintf() or vsnprintf() and would like one, you can - find a portable implementation here: + find a good portable implementation in stb_sprintf.h here: - http://www.ijs.si/software/snprintf/ + https://github.com/nothings/stb Note that you should be using the most recent version of zlib. Versions 1.1.3 and before were subject to a double-free vulnerability, and versions @@ -283,7 +287,7 @@ The latest zlib FAQ is at http://zlib.net/zlib_faq.html Probably what you want is to use zlib in Java. zlib is already included as part of the Java SDK in the java.util.zip package. If you really want a version of zlib written in the Java language, look on the zlib home - page for links: http://zlib.net/ . + page for links: https://zlib.net/ . 35. I get this or that compiler or source-code scanner warning when I crank it up to maximally-pedantic. Can't you guys write proper code? @@ -314,9 +318,9 @@ The latest zlib FAQ is at http://zlib.net/zlib_faq.html zlib doesn't support encryption. The original PKZIP encryption is very weak and can be broken with freely available programs. To get strong - encryption, use GnuPG, http://www.gnupg.org/ , which already includes zlib + encryption, use GnuPG, https://www.gnupg.org/ , which already includes zlib compression. For PKZIP compatible "encryption", look at - http://www.info-zip.org/ + https://infozip.sourceforge.net/ 39. What's the difference between the "gzip" and "deflate" HTTP 1.1 encodings? diff --git a/sys/contrib/zlib/LICENSE b/sys/contrib/zlib/LICENSE index ab8ee6f71428..b7a69d058e61 100644 --- a/sys/contrib/zlib/LICENSE +++ b/sys/contrib/zlib/LICENSE @@ -1,6 +1,6 @@ Copyright notice: - (C) 1995-2022 Jean-loup Gailly and Mark Adler + (C) 1995-2026 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages diff --git a/sys/contrib/zlib/README b/sys/contrib/zlib/README index c5f917540b6f..2b1e6f36fe3e 100644 --- a/sys/contrib/zlib/README +++ b/sys/contrib/zlib/README @@ -1,10 +1,10 @@ ZLIB DATA COMPRESSION LIBRARY -zlib 1.3.1 is a general purpose data compression library. All the code is -thread safe. The data format used by the zlib library is described by RFCs -(Request for Comments) 1950 to 1952 in the files -http://tools.ietf.org/html/rfc1950 (zlib format), rfc1951 (deflate format) and -rfc1952 (gzip format). +zlib 1.3.2 is a general purpose data compression library. All the code is +thread safe (though see the FAQ for caveats). The data format used by the zlib +library is described by RFCs (Request for Comments) 1950 to 1952 at +https://datatracker.ietf.org/doc/html/rfc1950 (zlib format), rfc1951 (deflate +format) and rfc1952 (gzip format). All functions of the compression library are documented in the file zlib.h (volunteer to write man pages welcome, contact zlib@gzip.org). A usage example @@ -21,17 +21,17 @@ make_vms.com. Questions about zlib should be sent to , or to Gilles Vollant for the Windows DLL version. The zlib home page is -http://zlib.net/ . Before reporting a problem, please check this site to +https://zlib.net/ . Before reporting a problem, please check this site to verify that you have the latest version of zlib; otherwise get the latest version and check whether the problem still exists or not. -PLEASE read the zlib FAQ http://zlib.net/zlib_faq.html before asking for help. +PLEASE read the zlib FAQ https://zlib.net/zlib_faq.html before asking for help. Mark Nelson wrote an article about zlib for the Jan. 1997 issue of Dr. Dobb's Journal; a copy of the article is available at -https://marknelson.us/posts/1997/01/01/zlib-engine.html . +https://zlib.net/nelson/ . -The changes made in version 1.3.1 are documented in the file ChangeLog. +The changes made in version 1.3.2 are documented in the file ChangeLog. Unsupported third party contributions are provided in directory contrib/ . @@ -43,9 +43,9 @@ can be found at https://github.com/pmqs/IO-Compress . A Python interface to zlib written by A.M. Kuchling is available in Python 1.5 and later versions, see -http://docs.python.org/library/zlib.html . +https://docs.python.org/3/library/zlib.html . -zlib is built into tcl: http://wiki.tcl.tk/4610 . +zlib is built into tcl: https://wiki.tcl-lang.org/page/zlib . An experimental package to read and write files in .zip format, written on top of zlib by Gilles Vollant , is available in the @@ -69,9 +69,7 @@ Notes for some targets: - zlib doesn't work on HP-UX 9.05 with some versions of /bin/cc. It works with other compilers. Use "make test" to check your compiler. -- gzdopen is not supported on RISCOS or BEOS. - -- For PalmOs, see http://palmzlib.sourceforge.net/ +- For PalmOs, see https://palmzlib.sourceforge.net/ Acknowledgments: @@ -83,7 +81,7 @@ Acknowledgments: Copyright notice: - (C) 1995-2024 Jean-loup Gailly and Mark Adler + (C) 1995-2026 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages diff --git a/sys/contrib/zlib/compress.c b/sys/contrib/zlib/compress.c index f43bacf7ab97..bd74b9488eb8 100644 --- a/sys/contrib/zlib/compress.c +++ b/sys/contrib/zlib/compress.c @@ -1,5 +1,5 @@ /* compress.c -- compress a memory buffer - * Copyright (C) 1995-2005, 2014, 2016 Jean-loup Gailly, Mark Adler + * Copyright (C) 1995-2026 Jean-loup Gailly, Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -18,13 +18,19 @@ compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough memory, Z_BUF_ERROR if there was not enough room in the output buffer, Z_STREAM_ERROR if the level parameter is invalid. + + The _z versions of the functions take size_t length arguments. */ -int ZEXPORT compress2(Bytef *dest, uLongf *destLen, const Bytef *source, - uLong sourceLen, int level) { +int ZEXPORT compress2_z(Bytef *dest, z_size_t *destLen, const Bytef *source, + z_size_t sourceLen, int level) { z_stream stream; int err; const uInt max = (uInt)-1; - uLong left; + z_size_t left; + + if ((sourceLen > 0 && source == NULL) || + destLen == NULL || (*destLen > 0 && dest == NULL)) + return Z_STREAM_ERROR; left = *destLen; *destLen = 0; @@ -43,23 +49,36 @@ int ZEXPORT compress2(Bytef *dest, uLongf *destLen, const Bytef *source, do { if (stream.avail_out == 0) { - stream.avail_out = left > (uLong)max ? max : (uInt)left; + stream.avail_out = left > (z_size_t)max ? max : (uInt)left; left -= stream.avail_out; } if (stream.avail_in == 0) { - stream.avail_in = sourceLen > (uLong)max ? max : (uInt)sourceLen; + stream.avail_in = sourceLen > (z_size_t)max ? max : + (uInt)sourceLen; sourceLen -= stream.avail_in; } err = deflate(&stream, sourceLen ? Z_NO_FLUSH : Z_FINISH); } while (err == Z_OK); - *destLen = stream.total_out; + *destLen = (z_size_t)(stream.next_out - dest); deflateEnd(&stream); return err == Z_STREAM_END ? Z_OK : err; } - +int ZEXPORT compress2(Bytef *dest, uLongf *destLen, const Bytef *source, + uLong sourceLen, int level) { + int ret; + z_size_t got = *destLen; + ret = compress2_z(dest, &got, source, sourceLen, level); + *destLen = (uLong)got; + return ret; +} /* =========================================================================== */ +int ZEXPORT compress_z(Bytef *dest, z_size_t *destLen, const Bytef *source, + z_size_t sourceLen) { + return compress2_z(dest, destLen, source, sourceLen, + Z_DEFAULT_COMPRESSION); +} int ZEXPORT compress(Bytef *dest, uLongf *destLen, const Bytef *source, uLong sourceLen) { return compress2(dest, destLen, source, sourceLen, Z_DEFAULT_COMPRESSION); @@ -69,7 +88,12 @@ int ZEXPORT compress(Bytef *dest, uLongf *destLen, const Bytef *source, If the default memLevel or windowBits for deflateInit() is changed, then this function needs to be updated. */ +z_size_t ZEXPORT compressBound_z(z_size_t sourceLen) { + z_size_t bound = sourceLen + (sourceLen >> 12) + (sourceLen >> 14) + + (sourceLen >> 25) + 13; + return bound < sourceLen ? (z_size_t)-1 : bound; +} uLong ZEXPORT compressBound(uLong sourceLen) { - return sourceLen + (sourceLen >> 12) + (sourceLen >> 14) + - (sourceLen >> 25) + 13; + z_size_t bound = compressBound_z(sourceLen); + return (uLong)bound != bound ? (uLong)-1 : (uLong)bound; } diff --git a/sys/contrib/zlib/contrib/README.contrib b/sys/contrib/zlib/contrib/README.contrib deleted file mode 100644 index 5e5f95054090..000000000000 --- a/sys/contrib/zlib/contrib/README.contrib +++ /dev/null @@ -1,57 +0,0 @@ -All files under this contrib directory are UNSUPPORTED. They were -provided by users of zlib and were not tested by the authors of zlib. -Use at your own risk. Please contact the authors of the contributions -for help about these, not the zlib authors. Thanks. - - -ada/ by Dmitriy Anisimkov - Support for Ada - See http://zlib-ada.sourceforge.net/ - -blast/ by Mark Adler - Decompressor for output of PKWare Data Compression Library (DCL) - -delphi/ by Cosmin Truta - Support for Delphi and C++ Builder - -dotzlib/ by Henrik Ravn - Support for Microsoft .Net and Visual C++ .Net - -gcc_gvmat64/by Gilles Vollant - GCC Version of x86 64-bit (AMD64 and Intel EM64t) code for x64 - assembler to replace longest_match() and inflate_fast() - -infback9/ by Mark Adler - Unsupported diffs to infback to decode the deflate64 format - -iostream/ by Kevin Ruland - A C++ I/O streams interface to the zlib gz* functions - -iostream2/ by Tyge Løvset - Another C++ I/O streams interface - -iostream3/ by Ludwig Schwardt - and Kevin Ruland - Yet another C++ I/O streams interface - -minizip/ by Gilles Vollant - Mini zip and unzip based on zlib - Includes Zip64 support by Mathias Svensson - See http://www.winimage.com/zLibDll/minizip.html - -pascal/ by Bob Dellaca et al. - Support for Pascal - -puff/ by Mark Adler - Small, low memory usage inflate. Also serves to provide an - unambiguous description of the deflate format. - -testzlib/ by Gilles Vollant - Example of the use of zlib - -untgz/ by Pedro A. Aranda Gutierrez - A very simple tar.gz file extractor using zlib - -vstudio/ by Gilles Vollant - Building a minizip-enhanced zlib with Microsoft Visual Studio - Includes vc11 from kreuzerkrieg and vc12 from davispuh diff --git a/sys/contrib/zlib/contrib/gcc_gvmat64/gvmat64.S b/sys/contrib/zlib/contrib/gcc_gvmat64/gvmat64.S deleted file mode 100644 index dd858ddbd16b..000000000000 --- a/sys/contrib/zlib/contrib/gcc_gvmat64/gvmat64.S +++ /dev/null @@ -1,574 +0,0 @@ -/* -;uInt longest_match_x64( -; deflate_state *s, -; IPos cur_match); // current match - -; gvmat64.S -- Asm portion of the optimized longest_match for 32 bits x86_64 -; (AMD64 on Athlon 64, Opteron, Phenom -; and Intel EM64T on Pentium 4 with EM64T, Pentium D, Core 2 Duo, Core I5/I7) -; this file is translation from gvmat64.asm to GCC 4.x (for Linux, Mac XCode) -; Copyright (C) 1995-2010 Jean-loup Gailly, Brian Raiter and Gilles Vollant. -; -; File written by Gilles Vollant, by converting to assembly the longest_match -; from Jean-loup Gailly in deflate.c of zLib and infoZip zip. -; and by taking inspiration on asm686 with masm, optimised assembly code -; from Brian Raiter, written 1998 -; -; This software is provided 'as-is', without any express or implied -; warranty. In no event will the authors be held liable for any damages -; arising from the use of this software. -; -; Permission is granted to anyone to use this software for any purpose, -; including commercial applications, and to alter it and redistribute it -; freely, subject to the following restrictions: -; -; 1. The origin of this software must not be misrepresented; you must not -; claim that you wrote the original software. If you use this software -; in a product, an acknowledgment in the product documentation would be -; appreciated but is not required. -; 2. Altered source versions must be plainly marked as such, and must not be -; misrepresented as being the original software -; 3. This notice may not be removed or altered from any source distribution. -; -; http://www.zlib.net -; http://www.winimage.com/zLibDll -; http://www.muppetlabs.com/~breadbox/software/assembly.html -; -; to compile this file for zLib, I use option: -; gcc -c -arch x86_64 gvmat64.S - - -;uInt longest_match(s, cur_match) -; deflate_state *s; -; IPos cur_match; // current match / -; -; with XCode for Mac, I had strange error with some jump on intel syntax -; this is why BEFORE_JMP and AFTER_JMP are used - */ - - -#define BEFORE_JMP .att_syntax -#define AFTER_JMP .intel_syntax noprefix - -#ifndef NO_UNDERLINE -# define match_init _match_init -# define longest_match _longest_match -#endif - -.intel_syntax noprefix - -.globl match_init, longest_match -.text -longest_match: - - - -#define LocalVarsSize 96 -/* -; register used : rax,rbx,rcx,rdx,rsi,rdi,r8,r9,r10,r11,r12 -; free register : r14,r15 -; register can be saved : rsp -*/ - -#define chainlenwmask (rsp + 8 - LocalVarsSize) -#define nicematch (rsp + 16 - LocalVarsSize) - -#define save_rdi (rsp + 24 - LocalVarsSize) -#define save_rsi (rsp + 32 - LocalVarsSize) -#define save_rbx (rsp + 40 - LocalVarsSize) -#define save_rbp (rsp + 48 - LocalVarsSize) -#define save_r12 (rsp + 56 - LocalVarsSize) -#define save_r13 (rsp + 64 - LocalVarsSize) -#define save_r14 (rsp + 72 - LocalVarsSize) -#define save_r15 (rsp + 80 - LocalVarsSize) - - -/* -; all the +4 offsets are due to the addition of pending_buf_size (in zlib -; in the deflate_state structure since the asm code was first written -; (if you compile with zlib 1.0.4 or older, remove the +4). -; Note : these value are good with a 8 bytes boundary pack structure -*/ - -#define MAX_MATCH 258 -#define MIN_MATCH 3 -#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1) - -/* -;;; Offsets for fields in the deflate_state structure. These numbers -;;; are calculated from the definition of deflate_state, with the -;;; assumption that the compiler will dword-align the fields. (Thus, -;;; changing the definition of deflate_state could easily cause this -;;; program to crash horribly, without so much as a warning at -;;; compile time. Sigh.) - -; all the +zlib1222add offsets are due to the addition of fields -; in zlib in the deflate_state structure since the asm code was first written -; (if you compile with zlib 1.0.4 or older, use "zlib1222add equ (-4)"). -; (if you compile with zlib between 1.0.5 and 1.2.2.1, use "zlib1222add equ 0"). -; if you compile with zlib 1.2.2.2 or later , use "zlib1222add equ 8"). -*/ - - - -/* you can check the structure offset by running - -#include -#include -#include "deflate.h" - -void print_depl() -{ -deflate_state ds; -deflate_state *s=&ds; -printf("size pointer=%u\n",(int)sizeof(void*)); - -printf("#define dsWSize %u\n",(int)(((char*)&(s->w_size))-((char*)s))); -printf("#define dsWMask %u\n",(int)(((char*)&(s->w_mask))-((char*)s))); -printf("#define dsWindow %u\n",(int)(((char*)&(s->window))-((char*)s))); -printf("#define dsPrev %u\n",(int)(((char*)&(s->prev))-((char*)s))); -printf("#define dsMatchLen %u\n",(int)(((char*)&(s->match_length))-((char*)s))); -printf("#define dsPrevMatch %u\n",(int)(((char*)&(s->prev_match))-((char*)s))); -printf("#define dsStrStart %u\n",(int)(((char*)&(s->strstart))-((char*)s))); -printf("#define dsMatchStart %u\n",(int)(((char*)&(s->match_start))-((char*)s))); -printf("#define dsLookahead %u\n",(int)(((char*)&(s->lookahead))-((char*)s))); -printf("#define dsPrevLen %u\n",(int)(((char*)&(s->prev_length))-((char*)s))); -printf("#define dsMaxChainLen %u\n",(int)(((char*)&(s->max_chain_length))-((char*)s))); -printf("#define dsGoodMatch %u\n",(int)(((char*)&(s->good_match))-((char*)s))); -printf("#define dsNiceMatch %u\n",(int)(((char*)&(s->nice_match))-((char*)s))); -} -*/ - -#define dsWSize 68 -#define dsWMask 76 -#define dsWindow 80 -#define dsPrev 96 -#define dsMatchLen 144 -#define dsPrevMatch 148 -#define dsStrStart 156 -#define dsMatchStart 160 -#define dsLookahead 164 -#define dsPrevLen 168 -#define dsMaxChainLen 172 -#define dsGoodMatch 188 -#define dsNiceMatch 192 - -#define window_size [ rcx + dsWSize] -#define WMask [ rcx + dsWMask] -#define window_ad [ rcx + dsWindow] -#define prev_ad [ rcx + dsPrev] -#define strstart [ rcx + dsStrStart] -#define match_start [ rcx + dsMatchStart] -#define Lookahead [ rcx + dsLookahead] //; 0ffffffffh on infozip -#define prev_length [ rcx + dsPrevLen] -#define max_chain_length [ rcx + dsMaxChainLen] -#define good_match [ rcx + dsGoodMatch] -#define nice_match [ rcx + dsNiceMatch] - -/* -; windows: -; parameter 1 in rcx(deflate state s), param 2 in rdx (cur match) - -; see http://weblogs.asp.net/oldnewthing/archive/2004/01/14/58579.aspx and -; http://msdn.microsoft.com/library/en-us/kmarch/hh/kmarch/64bitAMD_8e951dd2-ee77-4728-8702-55ce4b5dd24a.xml.asp -; -; All registers must be preserved across the call, except for -; rax, rcx, rdx, r8, r9, r10, and r11, which are scratch. - -; -; gcc on macosx-linux: -; see http://www.x86-64.org/documentation/abi-0.99.pdf -; param 1 in rdi, param 2 in rsi -; rbx, rsp, rbp, r12 to r15 must be preserved - -;;; Save registers that the compiler may be using, and adjust esp to -;;; make room for our stack frame. - - -;;; Retrieve the function arguments. r8d will hold cur_match -;;; throughout the entire function. edx will hold the pointer to the -;;; deflate_state structure during the function's setup (before -;;; entering the main loop. - -; ms: parameter 1 in rcx (deflate_state* s), param 2 in edx -> r8 (cur match) -; mac: param 1 in rdi, param 2 rsi -; this clear high 32 bits of r8, which can be garbage in both r8 and rdx -*/ - mov [save_rbx],rbx - mov [save_rbp],rbp - - - mov rcx,rdi - - mov r8d,esi - - - mov [save_r12],r12 - mov [save_r13],r13 - mov [save_r14],r14 - mov [save_r15],r15 - - -//;;; uInt wmask = s->w_mask; -//;;; unsigned chain_length = s->max_chain_length; -//;;; if (s->prev_length >= s->good_match) { -//;;; chain_length >>= 2; -//;;; } - - - mov edi, prev_length - mov esi, good_match - mov eax, WMask - mov ebx, max_chain_length - cmp edi, esi - jl LastMatchGood - shr ebx, 2 -LastMatchGood: - -//;;; chainlen is decremented once beforehand so that the function can -//;;; use the sign flag instead of the zero flag for the exit test. -//;;; It is then shifted into the high word, to make room for the wmask -//;;; value, which it will always accompany. - - dec ebx - shl ebx, 16 - or ebx, eax - -//;;; on zlib only -//;;; if ((uInt)nice_match > s->lookahead) nice_match = s->lookahead; - - - - mov eax, nice_match - mov [chainlenwmask], ebx - mov r10d, Lookahead - cmp r10d, eax - cmovnl r10d, eax - mov [nicematch],r10d - - - -//;;; register Bytef *scan = s->window + s->strstart; - mov r10, window_ad - mov ebp, strstart - lea r13, [r10 + rbp] - -//;;; Determine how many bytes the scan ptr is off from being -//;;; dword-aligned. - - mov r9,r13 - neg r13 - and r13,3 - -//;;; IPos limit = s->strstart > (IPos)MAX_DIST(s) ? -//;;; s->strstart - (IPos)MAX_DIST(s) : NIL; - - - mov eax, window_size - sub eax, MIN_LOOKAHEAD - - - xor edi,edi - sub ebp, eax - - mov r11d, prev_length - - cmovng ebp,edi - -//;;; int best_len = s->prev_length; - - -//;;; Store the sum of s->window + best_len in esi locally, and in esi. - - lea rsi,[r10+r11] - -//;;; register ush scan_start = *(ushf*)scan; -//;;; register ush scan_end = *(ushf*)(scan+best_len-1); -//;;; Posf *prev = s->prev; - - movzx r12d,word ptr [r9] - movzx ebx, word ptr [r9 + r11 - 1] - - mov rdi, prev_ad - -//;;; Jump into the main loop. - - mov edx, [chainlenwmask] - - cmp bx,word ptr [rsi + r8 - 1] - jz LookupLoopIsZero - - - -LookupLoop1: - and r8d, edx - - movzx r8d, word ptr [rdi + r8*2] - cmp r8d, ebp - jbe LeaveNow - - - - sub edx, 0x00010000 - BEFORE_JMP - js LeaveNow - AFTER_JMP - -LoopEntry1: - cmp bx,word ptr [rsi + r8 - 1] - BEFORE_JMP - jz LookupLoopIsZero - AFTER_JMP - -LookupLoop2: - and r8d, edx - - movzx r8d, word ptr [rdi + r8*2] - cmp r8d, ebp - BEFORE_JMP - jbe LeaveNow - AFTER_JMP - sub edx, 0x00010000 - BEFORE_JMP - js LeaveNow - AFTER_JMP - -LoopEntry2: - cmp bx,word ptr [rsi + r8 - 1] - BEFORE_JMP - jz LookupLoopIsZero - AFTER_JMP - -LookupLoop4: - and r8d, edx - - movzx r8d, word ptr [rdi + r8*2] - cmp r8d, ebp - BEFORE_JMP - jbe LeaveNow - AFTER_JMP - sub edx, 0x00010000 - BEFORE_JMP - js LeaveNow - AFTER_JMP - -LoopEntry4: - - cmp bx,word ptr [rsi + r8 - 1] - BEFORE_JMP - jnz LookupLoop1 - jmp LookupLoopIsZero - AFTER_JMP -/* -;;; do { -;;; match = s->window + cur_match; -;;; if (*(ushf*)(match+best_len-1) != scan_end || -;;; *(ushf*)match != scan_start) continue; -;;; [...] -;;; } while ((cur_match = prev[cur_match & wmask]) > limit -;;; && --chain_length != 0); -;;; -;;; Here is the inner loop of the function. The function will spend the -;;; majority of its time in this loop, and majority of that time will -;;; be spent in the first ten instructions. -;;; -;;; Within this loop: -;;; ebx = scanend -;;; r8d = curmatch -;;; edx = chainlenwmask - i.e., ((chainlen << 16) | wmask) -;;; esi = windowbestlen - i.e., (window + bestlen) -;;; edi = prev -;;; ebp = limit -*/ -.balign 16 -LookupLoop: - and r8d, edx - - movzx r8d, word ptr [rdi + r8*2] - cmp r8d, ebp - BEFORE_JMP - jbe LeaveNow - AFTER_JMP - sub edx, 0x00010000 - BEFORE_JMP - js LeaveNow - AFTER_JMP - -LoopEntry: - - cmp bx,word ptr [rsi + r8 - 1] - BEFORE_JMP - jnz LookupLoop1 - AFTER_JMP -LookupLoopIsZero: - cmp r12w, word ptr [r10 + r8] - BEFORE_JMP - jnz LookupLoop1 - AFTER_JMP - - -//;;; Store the current value of chainlen. - mov [chainlenwmask], edx -/* -;;; Point edi to the string under scrutiny, and esi to the string we -;;; are hoping to match it up with. In actuality, esi and edi are -;;; both pointed (MAX_MATCH_8 - scanalign) bytes ahead, and edx is -;;; initialized to -(MAX_MATCH_8 - scanalign). -*/ - lea rsi,[r8+r10] - mov rdx, 0xfffffffffffffef8 //; -(MAX_MATCH_8) - lea rsi, [rsi + r13 + 0x0108] //;MAX_MATCH_8] - lea rdi, [r9 + r13 + 0x0108] //;MAX_MATCH_8] - - prefetcht1 [rsi+rdx] - prefetcht1 [rdi+rdx] - -/* -;;; Test the strings for equality, 8 bytes at a time. At the end, -;;; adjust rdx so that it is offset to the exact byte that mismatched. -;;; -;;; We already know at this point that the first three bytes of the -;;; strings match each other, and they can be safely passed over before -;;; starting the compare loop. So what this code does is skip over 0-3 -;;; bytes, as much as necessary in order to dword-align the edi -;;; pointer. (rsi will still be misaligned three times out of four.) -;;; -;;; It should be confessed that this loop usually does not represent -;;; much of the total running time. Replacing it with a more -;;; straightforward "rep cmpsb" would not drastically degrade -;;; performance. -*/ - -LoopCmps: - mov rax, [rsi + rdx] - xor rax, [rdi + rdx] - jnz LeaveLoopCmps - - mov rax, [rsi + rdx + 8] - xor rax, [rdi + rdx + 8] - jnz LeaveLoopCmps8 - - - mov rax, [rsi + rdx + 8+8] - xor rax, [rdi + rdx + 8+8] - jnz LeaveLoopCmps16 - - add rdx,8+8+8 - - BEFORE_JMP - jnz LoopCmps - jmp LenMaximum - AFTER_JMP - -LeaveLoopCmps16: add rdx,8 -LeaveLoopCmps8: add rdx,8 -LeaveLoopCmps: - - test eax, 0x0000FFFF *** 5225 LINES SKIPPED *** From nobody Fri Mar 27 11:45:24 2026 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fhzNN1v46z6W2P5 for ; Fri, 27 Mar 2026 11:45:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fhzNN1H0Vz3l8b for ; Fri, 27 Mar 2026 11:45:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774611924; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SoYWa4huMpO5idNzeftr2jW/zrV7RdoWD9fqsVi9nFY=; b=dz8RB+6XzKWJS739CfEyhPOniNmaO99Ez0VE4i3O3hcYRGZj6kDDbQ6e06H8q5XoFGEUTA OGaVbLNXBDAzRXQsJM/12FacMnB86+ynybl3AJz+RzCAUlq/2wO206nSadqQwbrFI/lMJ2 BD89fQMw/U/GJKbyR4PA/0ku8ccM57WZFzBc30wfcGjr93fc5KK/163wwPEmBRX9bcW1Jg qWdTpLuMi9oWZfvmHOCF+qMBOfaIge0lbgDs39Y2LXKpliMb+mGAp8mDwmeMN9w5Hr9vqc suEtMTGQNVrmC61cfLJ+jwz3H7dZPHrlpVVN9OmmImAcA0LC2jrs0QhFz8Cdqw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774611924; a=rsa-sha256; cv=none; b=dSd4KOBR5eAJWE08A3Bqxeg0bw+JRpDhW9qEA446panJWKT1DmVuTSnRjHo4ihFbQ40o7d fz4ybkApiJcKnrXI2c69xsDTRPYgUnojKDa9zyE8OXYjoXFA5OjKCqfXPiPnlDCpUkPWUX 1v0YjE7vZ4ibACmdM2IdVOVSlgd7FMeLSsnXYmkK2pmeCghBAB0W4a02pt+DcxBJhlyRR9 6Rc16Ty2f74x2NYd9uuUzCJ6A7/i4s33e7iJSzg/hMzhqpfvn2T14EUe44oDzRRwajQpkE o4lWiiNexhcqroSWRlP3qCf+T5/SJ31Wuw8kkKP89DBKK5xDYdl8RQHU19th7A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774611924; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=SoYWa4huMpO5idNzeftr2jW/zrV7RdoWD9fqsVi9nFY=; b=DuFzS5p7IA5imF0belgJ80fi5vlIV7npf0ClzVVxNxldjS3ZbM5c56QupNAiBH4mNBbQFl b/ZTQQ47t+Luf/CL7zHbpPEwQNgFZHRUJFtppmmOlYABMlsMbwUTt9WhBbXo2rzHCihLEe TMoA7gNaFXU2YdSWIgZP2548a3sfKhNr3rMILzzdQodanwUeqG7h8BPLDbOTYFbzX3n+LK QDMkMjrGqlTnbhXdRBq0nM4uBro8gEDq9p9cSj6U94EXP8MMpiSFVOkfDiIZHonc6GUH8l lIzNFkoHgSNrTHhx67mX2/8ieJfRmk06LYliQwiONPEc1xXVTleqGiHVzZ1uvg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fhzNN0dsszclH for ; Fri, 27 Mar 2026 11:45:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3ac5b by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 27 Mar 2026 11:45:24 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Krzysztof Galazka Subject: git: ebe529eedb79 - stable/15 - ix(4): Add EEE support for E610 adapters List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kgalazka X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: ebe529eedb790f8bf93813cff453d6c1f06a3056 Auto-Submitted: auto-generated Date: Fri, 27 Mar 2026 11:45:24 +0000 Message-Id: <69c66dd4.3ac5b.75395f96@gitrepo.freebsd.org> The branch stable/15 has been updated by kgalazka: URL: https://cgit.FreeBSD.org/src/commit/?id=ebe529eedb790f8bf93813cff453d6c1f06a3056 commit ebe529eedb790f8bf93813cff453d6c1f06a3056 Author: Krzysztof Galazka AuthorDate: 2026-03-13 11:48:12 +0000 Commit: Krzysztof Galazka CommitDate: 2026-03-27 11:43:22 +0000 ix(4): Add EEE support for E610 adapters The ix driver now supports Energy Efficient Ethernet (EEE) on Intel E610 devices. EEE allows the network interface to enter low-power states during periods of low link utilization, reducing power consumption while maintaining full performance when needed. E610 adapters provide EEE support through BASE-T PHY functionality. Due to this PHY-based implementation, EEE is supported only on 2.5Gb speeds and above. Signed-off-by: Yogesh Bhosale Signed-off-by: Krzysztof Galazka Authored-by: Yogesh Bhosale Approved by: kbowling (mentor) Tested by: Mateusz Moga Sponsored by: Intel Corporation Differential Revision: https://reviews.freebsd.org/D55304 (cherry picked from commit 13ee84c591f8df7553fc8e3dac7e92409046f4d2) --- sys/dev/ixgbe/if_ix.c | 34 ++++++++++++++++++++++++ sys/dev/ixgbe/ixgbe_e610.c | 48 ++++++++++++++++++++++++---------- sys/dev/ixgbe/ixgbe_type_e610.h | 57 +++++++++++++++++++++++++++++++---------- 3 files changed, 112 insertions(+), 27 deletions(-) diff --git a/sys/dev/ixgbe/if_ix.c b/sys/dev/ixgbe/if_ix.c index 7f234ce45dbd..f94b43afbfd5 100644 --- a/sys/dev/ixgbe/if_ix.c +++ b/sys/dev/ixgbe/if_ix.c @@ -1066,6 +1066,10 @@ ixgbe_if_attach_pre(if_ctx_t ctx) /* Ensure SW/FW semaphore is free */ ixgbe_init_swfw_semaphore(hw); + /* Enable EEE power saving */ + if (sc->feat_en & IXGBE_FEATURE_EEE) + hw->mac.ops.setup_eee(hw, true); + /* Set an initial default flow control value */ hw->fc.requested_mode = ixgbe_flow_control; @@ -4591,6 +4595,20 @@ ixgbe_if_update_admin_status(if_ctx_t ctx) "Link is up %s Full Duplex\n", ixgbe_link_speed_to_str(sc->link_speed)); sc->link_active = true; + + /* If link speed is <= 1Gbps and EEE is enabled, + * log info. + */ + if (sc->hw.mac.type == ixgbe_mac_E610 && + (sc->feat_en & IXGBE_FEATURE_EEE) && + sc->link_speed <= IXGBE_LINK_SPEED_1GB_FULL) { + device_printf(sc->dev, + "Energy Efficient Ethernet (EEE) feature " + "is not supported on link speeds equal to " + "or below 1Gbps. EEE is supported on " + "speeds above 1Gbps.\n"); + } + /* Update any Flow Control changes */ ixgbe_fc_enable(&sc->hw); /* Update DMA coalescing config */ @@ -5584,6 +5602,17 @@ ixgbe_sysctl_eee_state(SYSCTL_HANDLER_ARGS) if ((new_eee < 0) || (new_eee > 1)) return (EINVAL); + /* If link speed is <= 1Gbps and EEE is being enabled, log info */ + if (sc->hw.mac.type == ixgbe_mac_E610 && + new_eee && + sc->link_speed <= IXGBE_LINK_SPEED_1GB_FULL) { + device_printf(dev, + "Energy Efficient Ethernet (EEE) feature is not " + "supported on link speeds equal to or below 1Gbps. " + "EEE is supported on speeds above 1Gbps.\n"); + return (EINVAL); + } + retval = ixgbe_setup_eee(&sc->hw, new_eee); if (retval) { device_printf(dev, "Error in EEE setup: 0x%08X\n", retval); @@ -5647,6 +5676,8 @@ ixgbe_sysctl_tso_tcp_flags_mask(SYSCTL_HANDLER_ARGS) static void ixgbe_init_device_features(struct ixgbe_softc *sc) { + s32 error; + sc->feat_cap = IXGBE_FEATURE_NETMAP | IXGBE_FEATURE_RSS | IXGBE_FEATURE_MSI | @@ -5702,6 +5733,9 @@ ixgbe_init_device_features(struct ixgbe_softc *sc) case ixgbe_mac_E610: sc->feat_cap |= IXGBE_FEATURE_RECOVERY_MODE; sc->feat_cap |= IXGBE_FEATURE_DBG_DUMP; + error = ixgbe_get_caps(&sc->hw); + if (error == 0 && sc->hw.func_caps.common_cap.eee_support != 0) + sc->feat_cap |= IXGBE_FEATURE_EEE; break; default: break; diff --git a/sys/dev/ixgbe/ixgbe_e610.c b/sys/dev/ixgbe/ixgbe_e610.c index 18c4612446e0..b76d96814933 100644 --- a/sys/dev/ixgbe/ixgbe_e610.c +++ b/sys/dev/ixgbe/ixgbe_e610.c @@ -776,6 +776,10 @@ ixgbe_parse_common_caps(struct ixgbe_hw *hw, struct ixgbe_hw_common_caps *caps, DEBUGOUT2("%s: next_cluster_id_support = %d\n", prefix, caps->next_cluster_id_support); break; + case IXGBE_ACI_CAPS_EEE: + caps->eee_support = (u8)number; + DEBUGOUT2("%s: eee_support = %x\n", prefix, caps->eee_support); + break; default: /* Not one of the recognized common capabilities */ found = false; @@ -1332,6 +1336,7 @@ void ixgbe_copy_phy_caps_to_cfg(struct ixgbe_aci_cmd_get_phy_caps_data *caps, cfg->link_fec_opt = caps->link_fec_options; cfg->module_compliance_enforcement = caps->module_compliance_enforcement; + cfg->eee_entry_delay = caps->eee_entry_delay; } /** @@ -1351,10 +1356,12 @@ s32 ixgbe_aci_set_phy_cfg(struct ixgbe_hw *hw, struct ixgbe_aci_cmd_set_phy_cfg_data *cfg) { struct ixgbe_aci_desc desc; + bool use_1p40_buff; s32 status; if (!cfg) return IXGBE_ERR_PARAM; + use_1p40_buff = hw->func_caps.common_cap.eee_support != 0; /* Ensure that only valid bits of cfg->caps can be turned on. */ if (cfg->caps & ~IXGBE_ACI_PHY_ENA_VALID_MASK) { @@ -1364,8 +1371,18 @@ s32 ixgbe_aci_set_phy_cfg(struct ixgbe_hw *hw, ixgbe_fill_dflt_direct_cmd_desc(&desc, ixgbe_aci_opc_set_phy_cfg); desc.flags |= IXGBE_CPU_TO_LE16(IXGBE_ACI_FLAG_RD); - status = ixgbe_aci_send_cmd(hw, &desc, cfg, sizeof(*cfg)); + if (use_1p40_buff) { + status = ixgbe_aci_send_cmd(hw, &desc, cfg, sizeof(*cfg)); + } else { + struct ixgbe_aci_cmd_set_phy_cfg_data_pre_1_40 cfg_obsolete; + + memcpy(&cfg_obsolete, cfg, sizeof(cfg_obsolete)); + + status = ixgbe_aci_send_cmd(hw, &desc, &cfg_obsolete, + sizeof(cfg_obsolete)); + } + /* even if the old buffer is used no need to worry about conversion */ if (!status) hw->phy.curr_user_phy_cfg = *cfg; @@ -1599,6 +1616,7 @@ s32 ixgbe_aci_get_link_info(struct ixgbe_hw *hw, bool ena_lse, li->topo_media_conflict = link_data.topo_media_conflict; li->pacing = link_data.cfg & (IXGBE_ACI_CFG_PACING_M | IXGBE_ACI_CFG_PACING_TYPE_M); + li->eee_status = link_data.eee_status; /* update fc info */ tx_pause = !!(link_data.an_info & IXGBE_ACI_LINK_PAUSE_TX); @@ -3883,9 +3901,14 @@ s32 ixgbe_init_ops_E610(struct ixgbe_hw *hw) /* PHY */ phy->ops.init = ixgbe_init_phy_ops_E610; phy->ops.identify = ixgbe_identify_phy_E610; - phy->eee_speeds_supported = IXGBE_LINK_SPEED_10_FULL | - IXGBE_LINK_SPEED_100_FULL | - IXGBE_LINK_SPEED_1GB_FULL; + + if (hw->device_id == IXGBE_DEV_ID_E610_2_5G_T) + phy->eee_speeds_supported = IXGBE_LINK_SPEED_2_5GB_FULL; + else + phy->eee_speeds_supported = IXGBE_LINK_SPEED_2_5GB_FULL | + IXGBE_LINK_SPEED_5GB_FULL | + IXGBE_LINK_SPEED_10GB_FULL; + phy->eee_speeds_advertised = phy->eee_speeds_supported; /* Additional ops overrides for e610 to go here */ @@ -4513,19 +4536,18 @@ s32 ixgbe_setup_eee_E610(struct ixgbe_hw *hw, bool enable_eee) phy_cfg.caps |= IXGBE_ACI_PHY_ENA_LINK; phy_cfg.caps |= IXGBE_ACI_PHY_ENA_AUTO_LINK_UPDT; + /* setup only speeds which are defined for [0x0601/0x0600].eee_cap */ if (enable_eee) { - if (phy_caps.phy_type_low & IXGBE_PHY_TYPE_LOW_100BASE_TX) + if (hw->phy.eee_speeds_advertised & IXGBE_LINK_SPEED_100_FULL) eee_cap |= IXGBE_ACI_PHY_EEE_EN_100BASE_TX; - if (phy_caps.phy_type_low & IXGBE_PHY_TYPE_LOW_1000BASE_T) + if (hw->phy.eee_speeds_advertised & IXGBE_LINK_SPEED_1GB_FULL) eee_cap |= IXGBE_ACI_PHY_EEE_EN_1000BASE_T; - if (phy_caps.phy_type_low & IXGBE_PHY_TYPE_LOW_1000BASE_KX) - eee_cap |= IXGBE_ACI_PHY_EEE_EN_1000BASE_KX; - if (phy_caps.phy_type_low & IXGBE_PHY_TYPE_LOW_10GBASE_T) + if (hw->phy.eee_speeds_advertised & IXGBE_LINK_SPEED_2_5GB_FULL) + eee_cap |= IXGBE_ACI_PHY_EEE_EN_2_5GBASE_T; + if (hw->phy.eee_speeds_advertised & IXGBE_LINK_SPEED_5GB_FULL) + eee_cap |= IXGBE_ACI_PHY_EEE_EN_5GBASE_T; + if (hw->phy.eee_speeds_advertised & IXGBE_LINK_SPEED_10GB_FULL) eee_cap |= IXGBE_ACI_PHY_EEE_EN_10GBASE_T; - if (phy_caps.phy_type_low & IXGBE_PHY_TYPE_LOW_10GBASE_KR_CR1) - eee_cap |= IXGBE_ACI_PHY_EEE_EN_10GBASE_KR; - if (phy_caps.phy_type_high & IXGBE_PHY_TYPE_HIGH_10BASE_T) - eee_cap |= IXGBE_ACI_PHY_EEE_EN_10BASE_T; } /* Set EEE capability for particular PHY types */ diff --git a/sys/dev/ixgbe/ixgbe_type_e610.h b/sys/dev/ixgbe/ixgbe_type_e610.h index e300030c3ba4..da46e503f660 100644 --- a/sys/dev/ixgbe/ixgbe_type_e610.h +++ b/sys/dev/ixgbe/ixgbe_type_e610.h @@ -721,6 +721,7 @@ struct ixgbe_aci_cmd_list_caps_elem { #define IXGBE_ACI_CAPS_EXT_TOPO_DEV_IMG3 0x0084 #define IXGBE_ACI_CAPS_OROM_RECOVERY_UPDATE 0x0090 #define IXGBE_ACI_CAPS_NEXT_CLUSTER_ID 0x0096 +#define IXGBE_ACI_CAPS_EEE 0x009B u8 major_ver; u8 minor_ver; /* Number of resources described by this capability */ @@ -836,10 +837,8 @@ struct ixgbe_aci_cmd_get_phy_caps_data { #define IXGBE_ACI_PHY_EEE_EN_100BASE_TX BIT(0) #define IXGBE_ACI_PHY_EEE_EN_1000BASE_T BIT(1) #define IXGBE_ACI_PHY_EEE_EN_10GBASE_T BIT(2) -#define IXGBE_ACI_PHY_EEE_EN_1000BASE_KX BIT(3) -#define IXGBE_ACI_PHY_EEE_EN_10GBASE_KR BIT(4) -#define IXGBE_ACI_PHY_EEE_EN_25GBASE_KR BIT(5) -#define IXGBE_ACI_PHY_EEE_EN_10BASE_T BIT(11) +#define IXGBE_ACI_PHY_EEE_EN_5GBASE_T BIT(11) +#define IXGBE_ACI_PHY_EEE_EN_2_5GBASE_T BIT(12) __le16 eeer_value; u8 phy_id_oui[4]; /* PHY/Module ID connected on the port */ u8 phy_fw_ver[8]; @@ -869,7 +868,9 @@ struct ixgbe_aci_cmd_get_phy_caps_data { #define IXGBE_ACI_MOD_TYPE_BYTE2_SFP_PLUS 0xA0 #define IXGBE_ACI_MOD_TYPE_BYTE2_QSFP_PLUS 0x86 u8 qualified_module_count; - u8 rsvd2[7]; /* Bytes 47:41 reserved */ + u8 rsvd2; + __le16 eee_entry_delay; + u8 rsvd3[4]; #define IXGBE_ACI_QUAL_MOD_COUNT_MAX 16 struct { u8 v_oui[3]; @@ -893,11 +894,38 @@ struct ixgbe_aci_cmd_set_phy_cfg { IXGBE_CHECK_PARAM_LEN(ixgbe_aci_cmd_set_phy_cfg); +/* Set PHY config obsolete command data structure (; Fri, 27 Mar 2026 12:34:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fj0Sg470bz3s9D for ; Fri, 27 Mar 2026 12:34:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774614851; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LO/cidVo3g5n9XLwysQ8+CBgVYLSX2sU1QUut5A4cPU=; b=wasqAyPF652aKdtL/yMPdK2pd/7g95yQj33yVshKiXnl20ni4lmupeSSHYRn25kSfB0EeE Ij4mDtBCuSXlPXW84ELbxl1yzBoLgAjqYhjS25CbZ+5A0r5yeXeCyjuBY1WkemCRaW67J6 QFQlxJ11GbUC++qVMurcoYODXgC44LkHTxmcyjFZiHdLA3hbB0WziwChxXVfVplsK0TtXl S30KuohC2e57VrdhjXEqPPiRLkFx8llIT0unBJmasfOdhYZWyew5e+C+qFjO2ADfwAFe0+ Xd2TKkUJczz1vId4/qYZjinBsvmie1iNtOaA+z/EwgSiAX/4eiIFHvDx+aaMeA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1774614851; a=rsa-sha256; cv=none; b=p2ZfqGHqJSOqML1ywYJ6sFIFLKpxmRVYehhQ9VkOXdobpjHLpx2K5Qa7xhC3IWuA9/IT8f uZmMEVbaUgxypzDq1svQJPt6oCDGtEfr/7hAdBGBB9vQ0CjtnBWsap2VAq/cEn+dNCBvTn FF2ggYY5GxvQFNnKvj6RjJALiJ1eDLRwgeoygMS/a3gJHpdk1muF2t5I5blOIM+2FCkM8J czVQybLdyuPS/vmWdRCEW7ZNHfm9HuyXYaa7ZBuf1XiGH2+fs8RgeWjNExOVqdNlsYBscF ED2VoVfnW/qNk4Ov6+YF05Ct1vSbfngi9maeKxBFdiNMDM50DuNF5YplOJCuzQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1774614851; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=LO/cidVo3g5n9XLwysQ8+CBgVYLSX2sU1QUut5A4cPU=; b=YCFPTfDAU8D9+QhT2QJ8YcjkzNb9lE78v09Ono1n4kXgr6NEoNKVRRn2BJQjQj1w7C+n7J LXiD+IGlucwn9PruEF533OWwcmzAiRAvAEPtrNNnlSXD9gqihCXyQ/yJdlSK3BMlFCpL9K gL46fdHI/fBXxPBQo6uIrVawMxFlD8JAuw3/wEQoO4YkF/E70rtkeSX6V4Teus1s3Hf38e GR8l3LlxgnnB8hyqs3/Z4CMnkmy3HkXIyqi5OneNrPcUXji7IvZEnAtW6hbrFrHj/3j7K9 kaALxNYFX0g87iD1nULEGYc8E9gGAqvcZ0RvTlvN6J0R04xqrBIr3M2EBab4Bg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fj0Sg3gmFzg2y for ; Fri, 27 Mar 2026 12:34:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 42105 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 27 Mar 2026 12:34:11 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Olivier Certner Subject: git: 97934f737548 - stable/14 - Revert superfluous mis-MFC of "Add ASMC_DEBUG make option" List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 97934f737548d1979aadd4acc54cc4de88d05dd2 Auto-Submitted: auto-generated Date: Fri, 27 Mar 2026 12:34:11 +0000 Message-Id: <69c67943.42105.41ba77e6@gitrepo.freebsd.org> The branch stable/14 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=97934f737548d1979aadd4acc54cc4de88d05dd2 commit 97934f737548d1979aadd4acc54cc4de88d05dd2 Author: Olivier Certner AuthorDate: 2026-03-27 08:46:51 +0000 Commit: Olivier Certner CommitDate: 2026-03-27 11:14:19 +0000 Revert superfluous mis-MFC of "Add ASMC_DEBUG make option" Revert commit 12e1ab887d58 ("Add ASMC_DEBUG make option, 2026-01-04"), as the original commit it intended to MFC has already been MFCed as ab3eaa6ea29d846d on 2026/02/22 (UTC). The reverted commit introduced some (superfluous) duplicate lines and an unrelated change. This is a direct commit to stable/14. Fixes: 12e1ab887d58 ("Add ASMC_DEBUG make option, 2026-01-04") Sponsored by: The FreeBSD Foundation --- sys/amd64/conf/NOTES | 4 ---- sys/conf/options.amd64 | 3 --- 2 files changed, 7 deletions(-) diff --git a/sys/amd64/conf/NOTES b/sys/amd64/conf/NOTES index 9640a7a59766..5599f0503887 100644 --- a/sys/amd64/conf/NOTES +++ b/sys/amd64/conf/NOTES @@ -114,10 +114,6 @@ options EFIRT device asmc options ASMC_DEBUG # Enable asmc(4)-specific debug logic. -# Apple System Management Controller (SMC) -device asmc -options ASMC_DEBUG # Enable asmc(4)-specific debug logic. - # # Intel QuickAssist driver with OpenCrypto support # diff --git a/sys/conf/options.amd64 b/sys/conf/options.amd64 index a3a735731438..c7c1f4da2a4a 100644 --- a/sys/conf/options.amd64 +++ b/sys/conf/options.amd64 @@ -66,8 +66,5 @@ NO_LEGACY_PCIB opt_cpu.h # Compatibility with Linux MP table bugs. MPTABLE_LINUX_BUG_COMPAT -# x86 specific uart options -UART_NS8250_EARLY_PORT opt_uart.h - # Enable asmc(4)-specific debug logic. ASMC_DEBUG opt_asmc.h