bhyve: Use PCIOCGETCONF to find the host LPC bridge
pci_host_read_config() requires write access to /dev/pci so cannot be
used with unprivileged bhyve. The lpc init code uses it to find the
host system's LPC bridge device and so was generating warnings with
bhyve running as a non-root user.
Refactor the implementation to use PCIOCGETCONF instead, which doesn't
require any special privileges. This isn't formally necessary, as we
only care about copying the host system's identifiers in order to
support Intel GPU passthrough (see commit f4ceaff56ddaa), but it's
straightforward and lets an unprivileged user run bhyve without seeing
warnings about failing to open /dev/pci with write permissions.
Reviewed by: corvink, rew
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54851
arm64/vmm: Simplify vmmpmap_remove()
This function handles invalid intermediate PTP entries, but there's no
reason for this: the passed range should be mapped. In particular, we
assert that all L3 entries encountered are mapped. So let's simplify
the code a bit. No functional change intended.
Reviewed by: andrew
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54738
textproc/libxml2*: update to 2.15.1, split -core
libxml2 now requires xsltproc from libxslt to build,
yet libxslt depends on libxml2,
so we need to break a dependency cycle.
documentation needed to be split out to a separate port.
libxml2 has therefore been split into two ports,
* libxml2 builds the documentation (unless disabled),
* library and executables in libxml2-core.
Pull in one contributor patch suggested by the former libxml2 maintainer
to address one downstream security issue in recent libxslt versions.
This should address arrowd@'s hint that installing libxml2 should
provide a full-featured package.
While here, deprecate libxml2-python according to upstream plans, we
have very few users in the ports tree, and expire end of 2026Q1.
[2 lines not shown]
Add pdrfork to OpenBSM
It's necessary for auditd to be able to log its events. Note that the
recently added pdwait() syscall is only auditable because an audit event
of that name was preemptively added back in 2012.
PR: 292739
MFC after: 1 week
Fixes: 5c2ee618d5e "sys: add pdrfork(2)"
Sponsored by: ConnectWise
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D54897
net-mgmt/bgpuma: Bump after update net/libbgpdump, improve port
- Replace PORTVERSION with DISTVERSION.
- Improve LICENSE section.
- Use USES=localbase instead of CFLAGS and LDFLAGS.
- Remove GNU_CONFIGURE_MANPREFIX - this is default value.
PR: 272484
Approved by: pi (maintainer)
capsicum.4: Replace 'fi' ligature and smart quotation mark
While here, wrap the line to 80 characters.
Reviewed by: jlduran
Fixes: c54534e60263 ("capsicum.4: Add some more detail from the Capsicum paper")
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D54761
(cherry picked from commit e6bafbeb1ee7a61ddfe92ba052c476c7646c405b)
capsicum.4: Replace 'fi' ligature and smart quotation mark
While here, wrap the line to 80 characters.
Reviewed by: jlduran
Fixes: c54534e60263 ("capsicum.4: Add some more detail from the Capsicum paper")
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D54761
(cherry picked from commit e6bafbeb1ee7a61ddfe92ba052c476c7646c405b)
witness: Provide facility to print detailed lock tree
When witness(4) detects lock order reversals (LORs), it prints
information about the stack trace which caused the LOR. If available,
it can also print information about the first stack trace which
established the other lock ordering. However, it only does this for
"simple" LORs where the two locks in question were directly locked
in the opposite order. When the lock order was established through
a more complex pattern of intermediate locks, WITNESS only prints
the stack trace where it detected the LOR.
This commit provides new functionality to provide more verbose
information about the lock chain(s) which established the lock
ordering. The new functionality can be disabled by setting the
debug.witness.trace sysctl/tunable to 1. The new functionality
is also available through the debug.witness.badstacks sysctl,
which has been modified to always show the more verbose
information.
[4 lines not shown]