sound: Remove vchan_passthrough() and hw.snd.passthrough_verbose
Unused and confusing.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
(cherry picked from commit 3612ef642f511a1bd9f759da87abeafe7d6ff110)
sound: Fix KASSERT panics in chn_read() and chn_write()
INVARIANTS kernels may trigger a KASSERT panic from sndbuf_acquire(),
when fuzzing write(2) using stress2, because of a race in chn_write().
In the case of chn_write(), what sndbuf_acquire() does is extend the
ready-to-read area of the buffer by a specified amount of bytes. The
KASSERT in question makes sure the number of bytes we want to extend the
ready area by, is less than or equal to the number of free bytes in the
buffer. This makes sense, because we cannot extend the ready area to
something larger than what is available (i.e., free) in the first place.
What chn_write() currently does for every write is; calculate the
appropriate write size, let's say X, unlock the channel, uiomove() X
bytes to the channel's buffer, lock the channel, and call
sndbuf_acquire() to extend the ready area by X bytes. The problem with
this approach, however, is the following.
Suppose an empty channel buffer with a length of 1024 bytes, and 2
[45 lines not shown]
papers: Retire phkmalloc paper
It has not been installed since commit cdc37953165c ("In preparation for
the removal of the roff toolchain, disconnect the") and turned up in
a search for outdated MALLOC_OPTIONS settings.
The rendered paper is available at
https://papers.freebsd.org/1998/phk-malloc
PR: 287357
Reviewed by: bapt
Event: Kitchener-Waterloo Hackathon 202506
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50908
vt: Allow VT_SETMODE with frsig=0
Linux does not check that any of the signals in vt_mode VT_SETMODE ioctl
(relsig, acqsig, frsig) are valid, but FreeBSD required that all three
are valid. frsig is unusued in both Linux and FreeBSD, and software
typically leaves it unset. To improve portability, allow frsig to be
set to zero.
PR: 289812
Reported by: Dušan Gvozdenović
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52835
ipfilter: fix broken build
Every commit earns me a dozen emails that LINT is broken. This should
stop that.
Fixes: eda1756d0454f ipfilter: Verify frentry on entry into kernel
Sponsored by: Netflix
mqueuefs: Export another symbol required by linux.ko
Fixes: e00a781c216c ("mqueue: Export kern_kmq_* symbols from kernel module")
Sponsored by: The FreeBSD Foundation
ipfilter: Load optionlist prior to ippool invocation
As a safety precaution df381bec2d2b limits ippool hash table size to 1K.
This causes any legitimely large hash table to fail to load. The
htable_size_max ipf tuneable adjusts this but the adjustment is made
in the ipfilter rc script, invoked after the ippool script (because it
depends on ippool). Let's load the ipfilter_optionlist in ippool as well.
ipfilter_optionlist load will also occur in the ipfilter rc script in case
the user uses ipfilter without ippool.
Fixes: df381bec2d2b
MFC after: 3 days
openzfs: We are FreeBSD, not posix.
Partially revert:
https://github.com/openzfs/zfs/commit/99d7453b43dc0ef04a35e461ef14db72e1326c7c
which introduced this file upstream. This causes this definition to be
preferred for all builds. Make the smallest change possible to this file
to change the default to FreeBSD. We're talking to the upstraem folks
about the right fix. Feel free to revert this in the future, so long as
`bectl activate -t` still works properly afterwards.
Sponsored by: Netflix
strfmon: Fix negative sign handling for C locale
If the locale's positive_sign and negative_sign values would both be
returned by localeconv() as empty strings, strfmon() shall behave as if
the negative_sign value was the string "-".
This occurs with the C locale. The implementation previously assigned
"0" to sign_posn (parentheses around the entire string); now it assigns
it to "1" (sign before the string) when it is undefined (CHAR_MAX).
Austin Group Defect 1199[1] is applied, changing the requirements for
the '+' and '(' flags.
[1]: https://www.austingroupbugs.net/view.php?id=1199
Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D53913
strfmon: Add tests for Austin Group Defect 1199
Add tests for The Open Group Base Specifications Issue 8[1], Austin
Group Defect 1199[2].
Items marked with XXX represent an invalid output. These items will be
fixed in subsequent commits.
Notice that an existing test is now considered invalid.
Our locale definitions do not include int_p_sep_by_space nor
int_n_sep_by_space[3]. Those will be addressed in a subsequent commit.
However, the CLDR project defines them as "0", which causes the output
to appear as "USD123.45". If our locale definitions were to set the
international {n,p}_sep_by_space to "1", the output would display as the
expected "USD 123.45".
While here, use the SPDX license identifier and add my name to the
file.
[8 lines not shown]
mdo.1: Document group-related and fine-grained control functionalities
This is a manual page update describing the functionality that was added
to mdo(1) in commit 3ca1e69028ac ("mdo(1): Add support and shortcuts for
fully specifying users and groups"). Please either refer to that commit
or the new manual page's content for more information.
While here:
- Add to the introduction a description of process credentials and some
specific vocabulary that is used throughout the page, as well as the
relationship between mdo(1) and mac_do(4).
- Update the HISTORY section.
- Add AUTHORS and SECURITY CONSIDERATIONS sections.
Reviewed by: ziaee
MFC after: 1 minute
Sponsored by: The FreeBSD Foundation
Sponsored by: Google LLC (GSoC 2025)
Co-authored-by: Kushagra Srivastava <kushagra1403 at gmail.com>
[3 lines not shown]
mdo.1: Document group-related and fine-grained control functionalities
This is a manual page update describing the functionality that was added
to mdo(1) in commit 3ca1e69028ac ("mdo(1): Add support and shortcuts for
fully specifying users and groups"). Please either refer to that commit
or the new manual page's content for more information.
While here:
- Add to the introduction a description of process credentials and some
specific vocabulary that is used throughout the page, as well as the
relationship between mdo(1) and mac_do(4).
- Update the HISTORY section.
- Add AUTHORS and SECURITY CONSIDERATIONS sections.
Reviewed by: ziaee
MFC after: 1 minute
Sponsored by: The FreeBSD Foundation
Sponsored by: Google LLC (GSoC 2025)
Co-authored-by: Kushagra Srivastava <kushagra1403 at gmail.com>
Differential Revision: https://reviews.freebsd.org/D53905
sound examples: Fix buffer mapping/allocation
The buffer in struct config should be allocated or mmap'ed. The code
without this patch allocates the buffer unconditionally, even for mmap
configs.
MFC after: 1 week
Reviewed by: christos
Differential Revision: https://reviews.freebsd.org/D53939
nfs_nfsdstate.c: Add sanity checks for lock stateids
Bugzilla PR reported a crash caused by a synthetic client
doing a Lock operation request with a delegation stateid.
This patch fixes the problem by adding sanity checks
for the type of stateid provided as an argument to the
Lock and LockU operations.
It has been tested with the FreeBSD, Linux and Solaris 11.4
clients. Hopefully, other NFSv4 clients will work ok
as well.
PR: 291080
Tested by: Robert Morris <rtm at lcs.mit.edu>
MFC after: 2 weeks
bsdinstall: Ignore -p[0-9]+ in determining BRANCH
The patch level is not part of the branch per se and should not be
used in constructing the FreeBSD-base.conf file used by bsdinstall.
MFC after: 1 day
xae(4), axidma(4): rewrite DMA operation.
Due to performance constraints on a synthesized CHERI RISC-V core,
remove usage of xdma(4) scatter-gather framework. Instead, provide
a minimalistic interface between two drivers.
This increases performance ~4-5 times.
Tested using scp(1) and nc(1) on Codasip Prime.
Sponsored by: CHERI Research Centre
Differential Revision: https://reviews.freebsd.org/D53932
Mitigate YXDOMAIN and nodata non-referral answer poisoning.
Add a fix to apply scrubbing of unsolicited NS RRSets (and their
respective address records) for YXDOMAIN and nodata non-referral
answers. This prevents a malicious actor from exploiting a possible
cache poison attack.
Approved by: so
Approved by: re (cperciva)
Obtained from: NLnet Labs
Security: FreeBSD-SA-25:10.unbound
Security: CVE-2025-11411
Mitigate YXDOMAIN and nodata non-referral answer poisoning.
Add a fix to apply scrubbing of unsolicited NS RRSets (and their
respective address records) for YXDOMAIN and nodata non-referral
answers. This prevents a malicious actor from exploiting a possible
cache poison attack.
Obtained from: NLnet Labs
Security: FreeBSD-SA-25:10.unbound
Security: CVE-2025-11411
(cherry picked from commit 2a3a6a1771148a709c2d9694c1d66c41ce8dee79)
Mitigate YXDOMAIN and nodata non-referral answer poisoning.
Add a fix to apply scrubbing of unsolicited NS RRSets (and their
respective address records) for YXDOMAIN and nodata non-referral
answers. This prevents a malicious actor from exploiting a possible
cache poison attack.
Obtained from: NLnet Labs
Security: FreeBSD-SA-25:10.unbound
Security: CVE-2025-11411
(cherry picked from commit 2a3a6a1771148a709c2d9694c1d66c41ce8dee79)
Mitigate YXDOMAIN and nodata non-referral answer poisoning.
Add a fix to apply scrubbing of unsolicited NS RRSets (and their
respective address records) for YXDOMAIN and nodata non-referral
answers. This prevents a malicious actor from exploiting a possible
cache poison attack.
Obtained from: NLnet Labs
Security: FreeBSD-SA-25:10.unbound
Security: CVE-2025-11411
(cherry picked from commit 2a3a6a1771148a709c2d9694c1d66c41ce8dee79)
Mitigate YXDOMAIN and nodata non-referral answer poisoning.
Add a fix to apply scrubbing of unsolicited NS RRSets (and their
respective address records) for YXDOMAIN and nodata non-referral
answers. This prevents a malicious actor from exploiting a possible
cache poison attack.
Obtained from: NLnet Labs
Security: CVE-2025-11411
