FreeBSD/src 955ab1ausr.sbin/pkg FreeBSD.conf.quarterly FreeBSD.conf.latest

pkg/FreeBSD.conf: Fix comments to reflect -kmods

Now that this file lists two repositories, the text "to disable *this*
repository" no longer makes sense.  Also, expand the example to list
how to disable both FreeBSD and FreeBSD-kmods repositories.

Reported by:    Graham Perrin
MFC after:      3 days
DeltaFile
+3-2usr.sbin/pkg/FreeBSD.conf.quarterly
+3-2usr.sbin/pkg/FreeBSD.conf.latest
+6-42 files

FreeBSD/src 3383279sys/conf newvers.sh

14.3: Update to RC1

Approved by:    re (implicit)
Sponsored by:   Amazon
DeltaFile
+1-1sys/conf/newvers.sh
+1-11 files

FreeBSD/src 99b8be4sys/dev/sound/pcm dsp.c

sound: Terminate stream properly when closing vchans

When a channel is closed, dsp_close() either calls vchan_destroy() on vchans,
or chn_abort()/chn_flush() on primary channels. However, the problem with this
is that, when closing a vchan, we end up not terminating the stream properly.

The call sequence we are interested in is the following:

        vchan_destroy(vchan) -> chn_kill(vchan) -> chn_trigger(vchan) ->
        vchan_trigger(vchan) -> chn_notify(parent)

Even though chn_notify() contains codepaths which call chn_abort(parent),
apparently we do not execute any of those codepaths in this case, so the
DMA remains unterminated, hence why we keep seeing the primary
channel(s) being interrupted even once the application has exited:

root at freebsd:~ # sndctl interrupts
dsp0.play.0.interrupts=1139
dsp0.record.0.interrupts=0

    [111 lines not shown]
DeltaFile
+19-14sys/dev/sound/pcm/dsp.c
+19-141 files

FreeBSD/src 85739bcrelease/pkg_repos release-dvd.conf

14.3: Switch from "quarterly" to "release" pkgs

Approved by:    re (implicit)
Sponsored by:   Amazon
DeltaFile
+1-1release/pkg_repos/release-dvd.conf
+1-11 files

FreeBSD/src b760fa5sys/dev/sound dummy.c

snd_dummy: Make callout stopping more robust

If the callout gets rescheduled during detach, we might access freed
pcm_channel resources in dummy_chan_io(), which will cause a panic
similar to this:

panic: ASan: Invalid access, 8-byte read at 0xfffffe00479f65d8, UMAUseAfterFree(fd)
cpuid = 1
time = 1747433047
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xa5/frame 0xfffffe0046a8d730
kdb_backtrace() at kdb_backtrace+0xc6/frame 0xfffffe0046a8d890
vpanic() at vpanic+0x226/frame 0xfffffe0046a8da30
panic() at panic+0xb5/frame 0xfffffe0046a8db00
kasan_code_name() at kasan_code_name/frame 0xfffffe0046a8dbd0
__mtx_lock_flags() at __mtx_lock_flags+0xd3/frame 0xfffffe0046a8dcc0
chn_intr() at chn_intr+0x3d/frame 0xfffffe0046a8dce0
dummy_chan_io() at dummy_chan_io+0x9c/frame 0xfffffe0046a8dd10
softclock_call_cc() at softclock_call_cc+0x2bb/frame 0xfffffe0046a8de80

    [8 lines not shown]
DeltaFile
+15-2sys/dev/sound/dummy.c
+15-21 files

FreeBSD/src 0c6aa44sys/dev/sound/pcm dsp.c

sound: Terminate stream properly when closing vchans

When a channel is closed, dsp_close() either calls vchan_destroy() on vchans,
or chn_abort()/chn_flush() on primary channels. However, the problem with this
is that, when closing a vchan, we end up not terminating the stream properly.

The call sequence we are interested in is the following:

        vchan_destroy(vchan) -> chn_kill(vchan) -> chn_trigger(vchan) ->
        vchan_trigger(vchan) -> chn_notify(parent)

Even though chn_notify() contains codepaths which call chn_abort(parent),
apparently we do not execute any of those codepaths in this case, so the
DMA remains unterminated, hence why we keep seeing the primary
channel(s) being interrupted even once the application has exited:

root at freebsd:~ # sndctl interrupts
dsp0.play.0.interrupts=1139
dsp0.record.0.interrupts=0

    [108 lines not shown]
DeltaFile
+19-14sys/dev/sound/pcm/dsp.c
+19-141 files

FreeBSD/src d5e5e24usr.bin/mail/tests mailx_signal_test.c

mail: tests: reset signal disposition before testing

As a good citizen of the OS, mail(1) won't try to catch signals that
were ignored when it started and it won't reconfigure its signal mask
unless it's going to try and handle a signal.  The test should start
mail(1) off in a well-known state for the signal that it's trying to
test in order to get the behavior that's desired.

No functional change, just improves the resilience of the test.

Reviewed by:    des
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D50599
DeltaFile
+11-0usr.bin/mail/tests/mailx_signal_test.c
+11-01 files

FreeBSD/src 2e47009usr.bin/mail collect.c util.c

mail: don't rewrite buffer sizes as much

Thes buffers are arrays with a known size, just use sizeof() rather than
rewriting their sizes -- no functional change, slightly more resilient
against future possible errors.

Reviewed by:    markj
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D50582
DeltaFile
+6-5usr.bin/mail/collect.c
+5-5usr.bin/mail/util.c
+2-1usr.bin/mail/lex.c
+13-113 files

FreeBSD/src a47542fusr.sbin/pkg FreeBSD.conf.quarterly FreeBSD.conf.latest

pkg.conf: Use kmod repositories

The kmod repositories were added shortly after 14.2-RELEASE.  Point at
them here so that users don't need to manually add the configuration
in order to get e.g. working graphics.

Approved by:    re (cperciva)
MFC after:      1 minute
Sponsored by:   Amazon
Differential Revision:  https://reviews.freebsd.org/D50583

(cherry picked from commit 29f076ae0cb536d1e891d3375edf28f1bc82df79)
(cherry picked from commit 8a2ce9f9dd6745e77bdfe78f03e96ddc8ad1b9d7)
DeltaFile
+7-0usr.sbin/pkg/FreeBSD.conf.quarterly
+7-0usr.sbin/pkg/FreeBSD.conf.latest
+14-02 files

FreeBSD/src 8a2ce9fusr.sbin/pkg FreeBSD.conf.latest FreeBSD.conf.quarterly

pkg.conf: Use kmod repositories

The kmod repositories were added shortly after 14.2-RELEASE.  Point at
them here so that users don't need to manually add the configuration
in order to get e.g. working graphics.

MFC after:      1 minute
Sponsored by:   Amazon
Differential Revision:  https://reviews.freebsd.org/D50583

(cherry picked from commit 29f076ae0cb536d1e891d3375edf28f1bc82df79)
DeltaFile
+7-0usr.sbin/pkg/FreeBSD.conf.latest
+7-0usr.sbin/pkg/FreeBSD.conf.quarterly
+14-02 files

FreeBSD/src 29f076ausr.sbin/pkg FreeBSD.conf.latest FreeBSD.conf.quarterly

pkg.conf: Use kmod repositories

The kmod repositories were added shortly after 14.2-RELEASE.  Point at
them here so that users don't need to manually add the configuration
in order to get e.g. working graphics.

MFC after:      1 minute
Sponsored by:   Amazon
Differential Revision:  https://reviews.freebsd.org/D50583
DeltaFile
+7-0usr.sbin/pkg/FreeBSD.conf.latest
+7-0usr.sbin/pkg/FreeBSD.conf.quarterly
+14-02 files

FreeBSD/src 3267e08tests/sys/kern unix_passfd_test.c

tests/unix: test MSG_PEEK read from a socket that has a descriptor
DeltaFile
+46-0tests/sys/kern/unix_passfd_test.c
+46-01 files

FreeBSD/src f20e8cdsys/kern uipc_socket.c uipc_debug.c, sys/sys domain.h

sockets: remove dom_externalize

It was used only by unix(4) and now is completely isolated.
DeltaFile
+2-11sys/kern/uipc_socket.c
+0-3sys/kern/uipc_debug.c
+0-2sys/sys/domain.h
+0-1sys/kern/uipc_usrreq.c
+2-174 files

FreeBSD/src 2320471sys/kern uipc_usrreq.c

unix: don't free the source mbuf in unp_externalize()

This makes calling the function simplier.
DeltaFile
+4-17sys/kern/uipc_usrreq.c
+4-171 files

FreeBSD/src 9486d6dstand/lua gfx-fbsdbw.lua gfx-beastie.lua

loader: Fix beastie and fbsdbw logo positions

Fix the beaste, beastiebw and fbsdbw postions broken after
ee233742a569

PR: 285044, 286356
Fixes: 1b4e11713153
Reviewed by: imp
MFC After: 2 days (14.3 candiate)
Sponsored by: PANS Jarosław
DeltaFile
+1-1stand/lua/gfx-fbsdbw.lua
+1-0stand/lua/gfx-beastie.lua
+1-0stand/lua/gfx-beastiebw.lua
+3-13 files

FreeBSD/src 198d2edsys/fs/devfs devfs_vnops.c

devfs: Set eofflag in devfs_readdir()

At least vn_dir_next_dirent() checks that eofflag is set appropriately
when INVARIANTS is enabled, so the omission here could cause an
assertion failure.

Reviewed by:    kib
MFC after:      2 weeks
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D50598
DeltaFile
+2-0sys/fs/devfs/devfs_vnops.c
+2-01 files

FreeBSD/src 18378efcrypto/openssl/crypto/http http_client.c

OSSL_HTTP_get(): Reset redirection_url in each iteration

Also remove some dead assignments.

Obtained from:  openssl (e78c8b791c0e03e750ef7196bc7bfee8e5bd00a0)

MFC after:      2 weeks
Requested by:   Phillip Sabatino
Sponsored by:   Dell, Inc.
DeltaFile
+7-7crypto/openssl/crypto/http/http_client.c
+7-71 files

FreeBSD/src 48fd084libexec/rtld-elf rtld.c rtld.h

rtld-elf: Pass TCB to allocate_module_tls to avoid re-getting

The only caller already has the current TCB to hand, so just pass it
down rather than get it again. This also makes it clear in the caller
that it depends on the (current) TCB, rather than being storage that
could be assigned to any thread (concurrency issues aside).

Reviewed by:    kib
Differential Revision:  https://reviews.freebsd.org/D50594
DeltaFile
+4-4libexec/rtld-elf/rtld.c
+1-1libexec/rtld-elf/rtld.h
+5-52 files

FreeBSD/src 250b2edlib/libc/arm static_tls.h, lib/libc/powerpc static_tls.h

libc, libthr: Ditch MD __pthread_distribute_static_tls helpers

_libc_get_static_tls_base() is just _tcb_get() followed by adding (for
Variant I) or subtracting (for Variant II) the offset, so just inline
that as the implementation (like we do in rtld-elf) rather than having
another copy (or equivalent) of _tcb_get()'s assembly.

_get_static_tls_base() doesn't even have any MD assembly as it's
reading thr->tcb, the only difference is whether to add or subtract, so
again just inline that.

Whilst here add some missing blank lines to comply with style(9) for
elf_utils.c's includes, and use a pointer type rather than uintptr_t to
reduce the need to cast, as is done in rtld-elf.

Reviewed by:    kib
Differential Revision:  https://reviews.freebsd.org/D50592
DeltaFile
+0-46lib/libc/riscv/static_tls.h
+0-45lib/libc/arm/static_tls.h
+0-44lib/libc/powerpc/static_tls.h
+0-44lib/libc/powerpc64/static_tls.h
+0-44lib/libthr/arch/aarch64/include/pthread_tls.h
+0-44lib/libthr/arch/amd64/include/pthread_tls.h
+0-2679 files not shown
+28-58915 files

FreeBSD/src 960f40blibexec/rtld-elf rtld.c, libexec/rtld-elf/aarch64 reloc.c

rtld-elf: Pass struct tcb * around rather than struct dtv **

When this code was first written we didn't have even a struct tcb, so to
make it MI a pointer to the DTV pointer in the TCB was passed around.
Now that we have a struct tcb we can simplify the code by instead
passing around a pointer to that, and the MI code can access the tcb_dtv
member wherever it happens to be in the layout. This reduces boilerplate
in all the various callers of tls_get_addr_common/slow and makes it
clearer that tls_get_addr_common/slow are operating on the TCB, rather
than obfuscating it slightly through the double pointer.

Whilst here, clarify the comments in aarch64's TLSDESC dynamic resolver,
which were using tp without clarifying what this was for (previously a
pointer to the DTV pointer, now a pointer to the TCB, which happen to be
the same thing for Variant I TLS, and in the case of AArch64 are what
TPIDR_EL0 point to directly, with no offset/bias).

Reviewed by:    kib
Differential Revision:  https://reviews.freebsd.org/D50591
DeltaFile
+8-11libexec/rtld-elf/rtld.c
+2-8libexec/rtld-elf/i386/reloc.c
+1-4libexec/rtld-elf/aarch64/reloc.c
+1-4libexec/rtld-elf/arm/reloc.c
+1-4libexec/rtld-elf/powerpc64/reloc.c
+1-4libexec/rtld-elf/riscv/reloc.c
+14-354 files not shown
+19-4610 files

FreeBSD/src 1d193b1share/man/man4 linprocfs.4

Update linprocfs.4

Add documentation for missing files and directories.
Also reorganize a bit.

Approved by:            gbe@, ziaee@ (manpages)
Differential Revision:  https://reviews.freebsd.org/D50408
DeltaFile
+78-9share/man/man4/linprocfs.4
+78-91 files

FreeBSD/src 9997693sys/kern sys_process.c

PT_CONTINUE: undo transparent attach consequences

PR:     287050
Reported and tested by: Paul Floyd <pjfloyd at wanadoo.fr>
Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D50556
DeltaFile
+22-0sys/kern/sys_process.c
+22-01 files

FreeBSD/src def0c05sys/kern sys_process.c

PT_CONTINUE: if pc is set, mark the thread state as modified by user

Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differrential revision: https://reviews.freebsd.org/D50556
DeltaFile
+1-0sys/kern/sys_process.c
+1-01 files

FreeBSD/src b57eb80sys/kern kern_sig.c, sys/sys signalvar.h

kern_sig.c: make pt_attach_transparent global

Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differrential revision: https://reviews.freebsd.org/D50556
DeltaFile
+1-1sys/kern/kern_sig.c
+1-0sys/sys/signalvar.h
+2-12 files

FreeBSD/src 58b2bd3sys/sys namei.h

namei: clear internal flags in NDREINIT()

same as it is done for NDRESTART()

Fixes:  e05e33041c252
Reported and tested by: pho
Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
DeltaFile
+1-0sys/sys/namei.h
+1-01 files

FreeBSD/src 82c41c9sys/dev/usb/net if_umb.c

umb: avoid wild pointer dereference in umb_decap()

When processing messages produced by the USB device, umb_decap() trusts
ptroff and later dlen and doff with pointer arithmetic, without
sufficient sanity checks. The resulting pointer address may be outside
of the valid boundary, causing the wrong memory to be copied or a page
fault.

This fix from Gerhard Roth was obtained after coordination upstream with
OpenBSD. It converts the variables to 64-bit integers, which should
mitigate the risk of overflows.

PR:             284920
Reported by:    Robert Morris <rtm at lcs.mit.edu>
Approved by:    philip (mentor)
Sponsored by:   The FreeBSD Foundation
DeltaFile
+4-2sys/dev/usb/net/if_umb.c
+4-21 files

FreeBSD/src 152bb8esys/dev/usb/net if_umb.c

umb: avoid buffer overflow in umb_getinfobuf()

umb_getinfobuf() is called with offs and size taken from messages sent
by the USB device. The sanity check is not sufficient, due to a possible
integer wrap. This can allow a broken or malicious USB device, or
possibly the network operator, to cause a buffer overflow.

This fix from Gerhard Roth was obtained after coordination upstream with
OpenBSD. It converts the variables to 64-bit integers, which should
mitigate the risk of overflows.

PR:             284906
Reported by:    Robert Morris <rtm at lcs.mit.edu>
Approved by:    philip (mentor)
Sponsored by:   The FreeBSD Foundation
DeltaFile
+2-3sys/dev/usb/net/if_umb.c
+2-31 files

FreeBSD/src 5ed36e2sys/dev/usb/net if_umb.c

umb: avoid buffer overflow in umb_in_len2mask()

len comes from ipv4elem.prefixlen in a MBIM_CID_IP_CONFIGURATION message
from the USB device, and should not be trusted, as it could be any
uint32_t value. Without this extra check, a potential buffer overflow
could subsequently occur in umb_in_len2mask().

Fix from Gerhard Roth, after coordination upstream with OpenBSD.

PR:             284904
Reported by:    Robert Morris <rtm at lcs.mit.edu>
Approved by:    philip (mentor)
Sponsored by:   The FreeBSD Foundation
DeltaFile
+2-1sys/dev/usb/net/if_umb.c
+2-11 files

FreeBSD/src 7f81f87sys/netpfil/pf pf_norm.c

pf: remove unused 'dir' argument in pf_reassemble()

pf_reassemble() only uses it to pass to pf_ip2key(), which also does not use it.

Sponsored by:   Rubicon Communications, LLC ("Netgate")
DeltaFile
+5-5sys/netpfil/pf/pf_norm.c
+5-51 files

FreeBSD/src 0432b21sys/dev/sound dummy.c

snd_dummy: Make callout stopping more robust

If the callout gets rescheduled during detach, we might access freed
pcm_channel resources in dummy_chan_io(), which will cause a panic
similar to this:

panic: ASan: Invalid access, 8-byte read at 0xfffffe00479f65d8, UMAUseAfterFree(fd)
cpuid = 1
time = 1747433047
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xa5/frame 0xfffffe0046a8d730
kdb_backtrace() at kdb_backtrace+0xc6/frame 0xfffffe0046a8d890
vpanic() at vpanic+0x226/frame 0xfffffe0046a8da30
panic() at panic+0xb5/frame 0xfffffe0046a8db00
kasan_code_name() at kasan_code_name/frame 0xfffffe0046a8dbd0
__mtx_lock_flags() at __mtx_lock_flags+0xd3/frame 0xfffffe0046a8dcc0
chn_intr() at chn_intr+0x3d/frame 0xfffffe0046a8dce0
dummy_chan_io() at dummy_chan_io+0x9c/frame 0xfffffe0046a8dd10
softclock_call_cc() at softclock_call_cc+0x2bb/frame 0xfffffe0046a8de80

    [6 lines not shown]
DeltaFile
+15-2sys/dev/sound/dummy.c
+15-21 files