FreeBSD/src ef1cde5sys/dev/asmc asmc.c

chore: asmc: use designated initializers in macros

This code cleanup makes it easier for human readers to understand what each
of the fields actually represents, as well as makes it easier to modify
what the macros actually do under the covers, without introducing
potential human errors.

No functional change intended.

MFC after:      1 week
DeltaFile
+33-18sys/dev/asmc/asmc.c
+33-181 files

FreeBSD/src 90edc16sys/dev/asmc asmc.c

asmc: use symbolic names with the MacPro3,1 model

Use `ASMC_LIGHT_FUNCS_DISABLED` and `ASMC_SMS_FUNCS_DISABLED` instead of
the unrolled versions of the macros.

This makes it easier to adjust the underlying macros/fields for
`struct asmc_model`.

No functional change intended.

MFC after:      1 week
DeltaFile
+2-2sys/dev/asmc/asmc.c
+2-21 files

FreeBSD/src 7b862cfsys/dev/asmc asmc.c

asmc: use `ASMC_FAN_FUNCS2` with the Macmini4,1

The Macmini4,1 model does not have "fansafespeed" support. This issue
typically manifests with messages like so:

```
asmc0: asmc_key_read for key F0Sf failed 10 times, giving up
```

Swap out `ASMC_FAN_FUNCS` with `ASMC_FAN_FUNCS2` to explicitly drop
"fansafespeed" checks in the driver for the model as it doesn't support
that hardware feature.

MFC after:      1 week
Reported by:    @probonopd
Closes:         https://github.com/helloSystem/ISO/issues/357
DeltaFile
+1-1sys/dev/asmc/asmc.c
+1-11 files

FreeBSD/src 15c33b6sys/netpfil/ipfilter/netinet fil.c

ipfilter: Fix possible overrun

The destination buffer is FR_GROUPLEN (16 bytes) in length. When
gname is created, the userspace utilities correctly use FR_GROUPLEN
as the buffer length. The kernel should also limit its copy operation to
FR_GROUPLEN bytes to avoid any user written code from exploiting this
vulnerability.

Reported by:    Ilja Van Sprundel <ivansprundel at ioactive.com>

(cherry picked from commit e40817302ebdf89df2f3bcd679fb7f2a18c244dc)
DeltaFile
+1-1sys/netpfil/ipfilter/netinet/fil.c
+1-11 files

FreeBSD/src bdf97b8sys/netpfil/ipfilter/netinet fil.c

ipfilter: Interface name must not extend beyond end of buffer

sifpidx (an interface name) cannot extend beyond the end of the
fr_names buffer.

We do the validation for fr_sifpidx here because it is a union that
contains an offset only when fr_sifpidx points to an interface name,
an offset into fr_names. The union is  an offset into fr_names in this
case only.

interr_tbl now becomes a static variable outside a function to facilitate
its use by two functions within fil.c

Note that sifpidx is only used in ipf_sync() which implments ipf -y.

Reported by:    Ilja Van Sprundel <ivansprundel at ioactive.com>
MFC after:      1 week

(cherry picked from commit 47fb51847fdea3f1cce841b5f2bbbcd6f8a04ee0)
DeltaFile
+21-2sys/netpfil/ipfilter/netinet/fil.c
+21-21 files

FreeBSD/src 6004313sys/netpfil/ipfilter/netinet fil.c

ipfilter: Interface name must not extend beyond end of buffer

sifpidx (an interface name) cannot extend beyond the end of the
fr_names buffer.

We do the validation for fr_sifpidx here because it is a union that
contains an offset only when fr_sifpidx points to an interface name,
an offset into fr_names. The union is  an offset into fr_names in this
case only.

interr_tbl now becomes a static variable outside a function to facilitate
its use by two functions within fil.c

Note that sifpidx is only used in ipf_sync() which implments ipf -y.

Reported by:    Ilja Van Sprundel <ivansprundel at ioactive.com>
MFC after:      1 week

(cherry picked from commit 47fb51847fdea3f1cce841b5f2bbbcd6f8a04ee0)
DeltaFile
+21-2sys/netpfil/ipfilter/netinet/fil.c
+21-21 files

FreeBSD/src 53e1019sys/netpfil/ipfilter/netinet fil.c

ipfilter: Fix possible overrun

The destination buffer is FR_GROUPLEN (16 bytes) in length. When
gname is created, the userspace utilities correctly use FR_GROUPLEN
as the buffer length. The kernel should also limit its copy operation to
FR_GROUPLEN bytes to avoid any user written code from exploiting this
vulnerability.

Reported by:    Ilja Van Sprundel <ivansprundel at ioactive.com>

(cherry picked from commit e40817302ebdf89df2f3bcd679fb7f2a18c244dc)
DeltaFile
+1-1sys/netpfil/ipfilter/netinet/fil.c
+1-11 files

FreeBSD/src afaf984sys/netpfil/ipfilter/netinet fil.c

ipfilter: Interface name must not extend beyond end of buffer

sifpidx (an interface name) cannot extend beyond the end of the
fr_names buffer.

We do the validation for fr_sifpidx here because it is a union that
contains an offset only when fr_sifpidx points to an interface name,
an offset into fr_names. The union is  an offset into fr_names in this
case only.

interr_tbl now becomes a static variable outside a function to facilitate
its use by two functions within fil.c

Note that sifpidx is only used in ipf_sync() which implments ipf -y.

Reported by:    Ilja Van Sprundel <ivansprundel at ioactive.com>
MFC after:      1 week

(cherry picked from commit 47fb51847fdea3f1cce841b5f2bbbcd6f8a04ee0)
DeltaFile
+21-2sys/netpfil/ipfilter/netinet/fil.c
+21-21 files

FreeBSD/src dda404esys/netpfil/ipfilter/netinet fil.c

ipfilter: Fix possible overrun

The destination buffer is FR_GROUPLEN (16 bytes) in length. When
gname is created, the userspace utilities correctly use FR_GROUPLEN
as the buffer length. The kernel should also limit its copy operation to
FR_GROUPLEN bytes to avoid any user written code from exploiting this
vulnerability.

Reported by:    Ilja Van Sprundel <ivansprundel at ioactive.com>

(cherry picked from commit e40817302ebdf89df2f3bcd679fb7f2a18c244dc)
DeltaFile
+1-1sys/netpfil/ipfilter/netinet/fil.c
+1-11 files

FreeBSD/src 0c49d9fsys/conf newvers.sh

14.3: Update to BETA3

Approved by:    re (implicit)
Sponsored by:   OpenSats Initiative
DeltaFile
+1-1sys/conf/newvers.sh
+1-11 files

FreeBSD/src 7c81bf5sys/netgraph ng_ksocket.c

ng_ksocket: use new macros to lock socket buffers

PR:             292885
Reported by:    Walker R. Thompson <walker.thompson at urz.uni-heidelberg.de>

(cherry picked from commit 1a3d1be4965afddded0b2582b9c4969c1e6a4129)
(cherry picked from commit 4dc38e71ccd522bc5460f3ded3977baa35dad4b9)
DeltaFile
+8-8sys/netgraph/ng_ksocket.c
+8-81 files

FreeBSD/src 10d5404usr.sbin/bhyve usb_mouse.c

bhyve: fix USB mouse requests

USB HCI requests may not include HCI transfer block structures (i.e.,
xfer->data[] == NULL), but in several places, the USB mouse emulation
code assumes one will exist. This can lead to a NULL pointer dereference
and a SEGV in the bhyve process as observed via experiments with an
Ubuntu guest and PyUSB code. Note that many of the cases processing
other request types already checked for data == NULL.

While in the neighborhood, fix a typo in the loop iterating over the
usb_data_xfer_block array which used the wrong variable to check for
valid data (idx vs. i).

Reported by: danmcd at edgecast.io
Obtained from: SmartOS
MFC after: 1 week
Relnotes: yes

Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D54661
DeltaFile
+17-9usr.sbin/bhyve/usb_mouse.c
+17-91 files

FreeBSD/src e334b70sys/x86/include x86_var.h, sys/x86/x86 cpu_machdep.c

x86: provide extended description for x86_msr_op(9)

(cherry picked from commit cb81a9c18db93a2046c47b0c7dc0bd6adcdd2495)
DeltaFile
+43-0sys/x86/x86/cpu_machdep.c
+2-4sys/x86/include/x86_var.h
+45-42 files

FreeBSD/src 0558fa8sys/x86/include x86_var.h, sys/x86/x86 cpu_machdep.c

x86: add a safe variant of MSR_OP_SCHED* operations for x86_msr_op(9)

(cherry picked from commit af99e40af1dd4e8b39ca986240ee8b9aea722958)
DeltaFile
+68-7sys/x86/x86/cpu_machdep.c
+2-1sys/x86/include/x86_var.h
+70-82 files

FreeBSD/src b0bc769sys/x86/x86 cpu_machdep.c

x86_msr_op(9): consistently return the value read from MSR

(cherry picked from commit 36ceb5509d01ff2e6482a78ca809c344574e9a25)
DeltaFile
+15-4sys/x86/x86/cpu_machdep.c
+15-41 files

FreeBSD/src c721ceeusr.sbin/syslogd/tests syslogd_format_test_common.sh

syslogd/tests: use kern.features to detect INET support

This fixes INET feature detection with kernel configs
that do not include the kern.conftxt sysctl, such as
riscv64 currently[0].

[0] https://ci.freebsd.org/view/Test/job/FreeBSD-main-riscv64-test/16514/testReport/usr.sbin.syslogd/syslogd_forwarded_format_test/O_flag_bsd_forwarded_legacy/

Reviewed by:    markj
Approved by:    emaste (mentor)
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D55383
DeltaFile
+1-2usr.sbin/syslogd/tests/syslogd_format_test_common.sh
+1-21 files

FreeBSD/src 1e64949sys/riscv/conf GENERIC

riscv: GENERIC: enable KERN_TLS

This unskips 585 sys/kern/ktls_test testcases[0] in CI. All 585 tests currently pass.

[0] https://ci.freebsd.org/view/Test/job/FreeBSD-main-riscv64-test/16514/testReport/sys.kern/

Approved by:            emaste (mentor)
MFC after:              3 days
Sponsored by:           The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D55376
DeltaFile
+1-0sys/riscv/conf/GENERIC
+1-01 files

FreeBSD/src 818971cusr.sbin/bhyve rfb.c

bhyve: Fix unchecked stream I/O in RFB handler

Convert rfb_send_* helpers to return status codes and check their
results. Add missing checks for stream_read() and stream_write() returns
during the handshake in rfb_handle() to avoid acting on failed I/O.

Signed-off-by:  Hayzam Sherif <hayzam at gmail.com>

Reviewed by:    markj
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D55343
DeltaFile
+54-22usr.sbin/bhyve/rfb.c
+54-221 files

FreeBSD/src 0213827share/misc usb_vendors

usb_vendors: update to 2025.12.13

(cherry picked from commit 8d4c1043bb0630710cbea9f744cdaef499c0ed79)
(cherry picked from commit 2f866e0547bd85e4fc66cf5468e8349931e365be)
DeltaFile
+3-2share/misc/usb_vendors
+3-21 files

FreeBSD/src 7805899share/misc pci_vendors

pci_vendors: update to 2026-02-10

(cherry picked from commit 1acfc913e6b936dec3effc7d1e902a50e5432406)
(cherry picked from commit b28b6c6d33ac7a015c55184b162e060cedeed4f6)
DeltaFile
+358-108share/misc/pci_vendors
+358-1081 files

FreeBSD/src 65338ffusr.bin/tr tr.c

tr: fix class handling in unicode world

toupper/tolower logic was only handled for CCLASS_TOUPPER and
CCLASS_TOLOWER, add support for CCLASS ([:alpha:])

PR:             219900
MFC After:      1 week

(cherry picked from commit 625dc44832cd760be3d7242d8e21a530c7e32bfc)
(cherry picked from commit 45d84c2f06fa72e405f09e2468b10bdf10b806cf)
DeltaFile
+34-0usr.bin/tr/tr.c
+34-01 files

FreeBSD/src 28b5b65sys/netinet6 icmp6.c

icmp6: clear csum_flags on mbuf reuse

When icmp6 sends an ICMPv6 message, it reuses the mbuf of the packet
that triggered the ICMPv6 message and prepends an IPv6 and ICMPv6
header. For a locally generated packet with checksum offloading, the
mbuf still has csum_flags set indicating that a SCTP/TCP/UDP checksum
has to be computed and inserted. Since this not the case anymore,
csum_flags need to be cleared.

PR:                     293227
Reviewed by:            kp, zlei, tuexen
MFC after:              3 days
Differential Revision:  https://reviews.freebsd.org/D55367

(cherry picked from commit ada4dc77577f7162353e8c2916ba5c258b6210f0)
(cherry picked from commit 0a87ae18331d5c52dde1e5a4f13ee577e8e5e188)
DeltaFile
+1-0sys/netinet6/icmp6.c
+1-01 files

FreeBSD/src 0d08a24sys/contrib/openzfs/include/os/freebsd/spl/sys time.h

Merge commit bfb276e55c76 from upstream OpenZFS (by Jessica Clarke)

  Once upon a time, 32-bit PowerPC did indeed have a 32-bit time_t, but
  FreeBSD 12.0 switched to a 64-bit time_t for PowerPC as an ABI break,
  which predates the addition of FreeBSD support to OpenZFS. Moreover,
  64-bit PowerPC has existed since FreeBSD 9.0, where __powerpc__ is also
  defined (alongside __powerpc64__ to disambiguate), which has always had
  a 64-bit time_t. This code has therefore always been wrong for all
  PowerPC variants. Fix this by limiting the 32-bit case to just i386,
  which is the only architecture in FreeBSD to have a 32-bit time_t and
  not have broken ABI, due to its special legacy compatibility status.

  Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
  Reviewed-by: Alexander Motin <alexander.motin at TrueNAS.com>
  Signed-off-by: Jessica Clarke <jrtc27 at jrtc27.com>
  Closes #18217
  Closes #18218

Reported by:    fuz

    [4 lines not shown]
DeltaFile
+1-1sys/contrib/openzfs/include/os/freebsd/spl/sys/time.h
+1-11 files

FreeBSD/src 8755b5flib/libfetch common.c

libfetch: Restore timeout functionality

PR:             293124
MFC after:      1 week
Fixes:          792ef1ae7b94 ("Refactor fetch_connect() and fetch_bind() to improve readability and avoid repeating the same DNS lookups.")
Reverts:        8f8a7f6fffd7 ("libfetch: apply timeout to SSL_read()")
Reviewed by:    eugen, imp
Differential Revision:  https://reviews.freebsd.org/D55293

(cherry picked from commit 73b82d1b0a2f09224e6d0f7a13dd73c66d740207)
(insta-mfc requested by re@)
(cherry picked from commit d97c824f5b4c9e7e3a1400699022cba146e450fa)
DeltaFile
+3-8lib/libfetch/common.c
+3-81 files

FreeBSD/src c8191c3tools/build/mk OptionalObsoleteFiles.inc

OptionalObsoleteFiles: Don't mark /usr/lib/debug/boot directory obsolete

The intent of the currect code is to ignore anything under
/usr/lib/debug/boot/*.  But we also should make sure that
/usr/lib/debug/boot directory is also ignored and is not marked
obsolete.  If we don't do that, `make DBATCH_DELETE_OLD_FILES
delete-old` will try to rmdir(1) this directory, which will cause an
error, since /usr/lib/debug/boot may have nested directories like
kernel/ and modules/.

Reviewed by:    markj
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D55077
DeltaFile
+2-2tools/build/mk/OptionalObsoleteFiles.inc
+2-21 files

FreeBSD/src 0a87ae1sys/netinet6 icmp6.c

icmp6: clear csum_flags on mbuf reuse

When icmp6 sends an ICMPv6 message, it reuses the mbuf of the packet
that triggered the ICMPv6 message and prepends an IPv6 and ICMPv6
header. For a locally generated packet with checksum offloading, the
mbuf still has csum_flags set indicating that a SCTP/TCP/UDP checksum
has to be computed and inserted. Since this not the case anymore,
csum_flags need to be cleared.

PR:                     293227
Reviewed by:            kp, zlei, tuexen
MFC after:              3 days
Differential Revision:  https://reviews.freebsd.org/D55367

(cherry picked from commit ada4dc77577f7162353e8c2916ba5c258b6210f0)
DeltaFile
+1-0sys/netinet6/icmp6.c
+1-01 files

FreeBSD/src 3a0c63ashare/man/man4 vmm.4

vmm.4: Fix width

Reported by:    ziaee
Fixes:          d26c8ae527bb ("vmm.4: Add information on VM access control")
DeltaFile
+1-1share/man/man4/vmm.4
+1-11 files

FreeBSD/src 83cf9b5. RELNOTES

RELNOTES: Document some recent vmm changes
DeltaFile
+8-0RELNOTES
+8-01 files

FreeBSD/src d4c05edsys/dev/vmm vmm_dev.c, sys/sys priv.h

vmm: Add privilege checks to vmmctl operations

In preparation for supporting creation of VMs by unprivileged users, add
some restrictions:
- Disallow creation of non-transient VMs by unprivileged users.  That
  is, if an unprivileged user creates a VM, the VM must be destroyed
  automatically once the last fd referencing it is gone.
- Disallow destroying VMs created by a different user, unless the caller
  has the PRIV_VMM_DESTROY privilege.

Reviewed by:    bnovkov
MFC after:      2 months
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D54740
DeltaFile
+21-0sys/dev/vmm/vmm_dev.c
+3-1sys/sys/priv.h
+24-12 files

FreeBSD/src af099eaetc group, sys/dev/vmm vmm_dev.c

vmm: Enable unprivileged bhyve

- Add the vmm group.
- Let /dev/vmmctl belong to the vmm group by default, and give group
  write permissions.
- When creating a VM's device files, make them owned by the creating
  process' effective UID.

Reviewed by:    bnovkov
MFC after:      2 months
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D54741
DeltaFile
+5-5sys/dev/vmm/vmm_dev.c
+1-0etc/group
+1-0sys/sys/conf.h
+7-53 files