FreeBSD/src 50f7b62sys/vm vm_fault.c

vm_fault: Reset m_needs_zeroing properly

- When allocating a page, we should only consider the PG_ZERO flag when
  handling the top-level page.
- Unconditionally reset the flag when restarting the fault handler.
  Previously, vm_fault_busy_sleep() would fail to reset it.

PR:             294039
Reviewed by:    kib
Tested by:      Peter Much <pmc at citylink.dinoex.sub.org>
MFC after:      3 days
Fixes:          cff67bc43df1 ("vm_fault: only rely on PG_ZERO when the page was newly allocated")
Differential Revision:  https://reviews.freebsd.org/D56234

(cherry picked from commit 04132e01004316ddd0e0cde6ef15b100b7b1844d)
DeltaFile
+3-4sys/vm/vm_fault.c
+3-41 files

FreeBSD/ports 44c4f4fsysutils/framework-system distinfo Makefile.crates

sysutils/framework-system: Update to 0.6.2

Sponsored by:   Framework Computer Inc

Signed-off-by: Daniel Schaefer <dhs at frame.work>
DeltaFile
+9-5sysutils/framework-system/distinfo
+3-1sysutils/framework-system/Makefile.crates
+1-2sysutils/framework-system/Makefile
+13-83 files

FreeBSD/src bb5347csys/kern kern_event.c, sys/sys filedesc.h

kqueue: Fix a race when adding an fd-based knote to a queue

When registering a new kevent backed by a file descriptor, we first look
up the file description with fget(), then lock the kqueue, then see if a
corresponding knote is already registered.  If not, and KN_ADD is
specified, we add the knote to the kqueue.

closefp_impl() interlocks with this process by calling knote_fdclose(),
which locks each kqueue and checks to see if the fd is registered with a
knote.  But, if userspace closes an fd while a different thread is
registering it, i.e., after fget() succeeds but before the kqueue is
locked, then we may end up with a mismatch in the knote table, where the
knote kn_fp field points to a different file description than the knote
ident.

Fix the problem by double-checking before registering a knote.  Add a
new fget_noref_unlocked() helper for this purpose.  It is a clone of
fget_noref().  We could simply use fget_noref(), but I like having an
explicit unlocked variant.

    [7 lines not shown]
DeltaFile
+17-0sys/sys/filedesc.h
+13-1sys/kern/kern_event.c
+30-12 files

FreeBSD/src 9b7c0f4sys/vm vm_fault.c

vm_fault: Reset m_needs_zeroing properly

- When allocating a page, we should only consider the PG_ZERO flag when
  handling the top-level page.
- Unconditionally reset the flag when restarting the fault handler.
  Previously, vm_fault_busy_sleep() would fail to reset it.

PR:             294039
Reviewed by:    kib
Tested by:      Peter Much <pmc at citylink.dinoex.sub.org>
MFC after:      3 days
Fixes:          cff67bc43df1 ("vm_fault: only rely on PG_ZERO when the page was newly allocated")
Differential Revision:  https://reviews.freebsd.org/D56234

(cherry picked from commit 04132e01004316ddd0e0cde6ef15b100b7b1844d)
DeltaFile
+3-4sys/vm/vm_fault.c
+3-41 files

FreeBSD/src 88535adsys/kern kern_event.c, sys/sys filedesc.h

kqueue: Fix a race when adding an fd-based knote to a queue

When registering a new kevent backed by a file descriptor, we first look
up the file description with fget(), then lock the kqueue, then see if a
corresponding knote is already registered.  If not, and KN_ADD is
specified, we add the knote to the kqueue.

closefp_impl() interlocks with this process by calling knote_fdclose(),
which locks each kqueue and checks to see if the fd is registered with a
knote.  But, if userspace closes an fd while a different thread is
registering it, i.e., after fget() succeeds but before the kqueue is
locked, then we may end up with a mismatch in the knote table, where the
knote kn_fp field points to a different file description than the knote
ident.

Fix the problem by double-checking before registering a knote.  Add a
new fget_noref_unlocked() helper for this purpose.  It is a clone of
fget_noref().  We could simply use fget_noref(), but I like having an
explicit unlocked variant.

    [7 lines not shown]
DeltaFile
+17-0sys/sys/filedesc.h
+13-1sys/kern/kern_event.c
+30-12 files

FreeBSD/src 84b8715sys/kern kern_event.c, sys/sys filedesc.h

kqueue: Fix a race when adding an fd-based knote to a queue

When registering a new kevent backed by a file descriptor, we first look
up the file description with fget(), then lock the kqueue, then see if a
corresponding knote is already registered.  If not, and KN_ADD is
specified, we add the knote to the kqueue.

closefp_impl() interlocks with this process by calling knote_fdclose(),
which locks each kqueue and checks to see if the fd is registered with a
knote.  But, if userspace closes an fd while a different thread is
registering it, i.e., after fget() succeeds but before the kqueue is
locked, then we may end up with a mismatch in the knote table, where the
knote kn_fp field points to a different file description than the knote
ident.

Fix the problem by double-checking before registering a knote.  Add a
new fget_noref_unlocked() helper for this purpose.  It is a clone of
fget_noref().  We could simply use fget_noref(), but I like having an
explicit unlocked variant.

    [7 lines not shown]
DeltaFile
+17-0sys/sys/filedesc.h
+13-1sys/kern/kern_event.c
+30-12 files

FreeBSD/src 0361497usr.sbin/rtadvd config.c

rtadvd: Fix validation of the MTU parameter when parsing config

MFC after:      1 week

(cherry picked from commit 607f6be6ec19f49ff595226afe1c8aa6515c59a0)
DeltaFile
+1-1usr.sbin/rtadvd/config.c
+1-11 files

FreeBSD/src 2791bc4sys/vm vm_fault.c

vm_fault: Avoid creating clean, writeable superpage mappings

The pmap layer requires writeable superpage mappings to be dirty.
Otherwise, during demotion, we may miss a hw update of the PDE which
sets the dirty bit.

When creating a managed superpage mapping without promotion, i.e., with
pmap_enter(psind == 1), we must therefore ensure that a writeable
mapping is created with the dirty bit pre-set.  To that end,
vm_fault_soft_fast(), when handling a map entry with write permissions,
checks whether all constituent pages are dirty, and if so, converts the
fault to a write fault, so that pmap_enter() does the right thing.  If
one or more pages is not dirty, we simply create a 4K mapping.

vm_fault_populate(), which may also create superpage mappings, did not
do this, and thus could create mappings which violate the invariant
described above.  Modify it to instead check whether all constituent
pages are already dirty, and if so, convert the fault to a write fault.
Otherwise the mapping is downgraded to read-only.

    [7 lines not shown]
DeltaFile
+18-2sys/vm/vm_fault.c
+18-21 files

NetBSD/pkgsrc ytRy92Ldoc CHANGES-2026

   doc: Updated comms/asterisk22 to 22.9.0
VersionDeltaFile
1.2260+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc asWxYURcomms/asterisk22 distinfo, comms/asterisk22/patches patch-main_stdtime_localtime.c patch-configure

   Update to Asterisk 22.9.0:


   ## Change Log for Release asterisk-22.9.0

   ### Links:

    - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-22.9.0.html)
    - [GitHub Diff](https://github.com/asterisk/asterisk/compare/22.8.2...22.9.0)

   ### Summary:

   - Commits: 50
   - Commit Authors: 21
   - Issues Resolved: 34
   - Security Advisories Resolved: 0

   ### User Notes:


    [145 lines not shown]
VersionDeltaFile
1.9+19-19comms/asterisk22/distinfo
1.2+13-13comms/asterisk22/patches/patch-main_stdtime_localtime.c
1.3+9-9comms/asterisk22/patches/patch-configure
1.3+8-8comms/asterisk22/patches/patch-build__tools_make__xml__documentation
1.3+7-7comms/asterisk22/patches/patch-include_asterisk_autoconfig.h.in
1.2+6-6comms/asterisk22/patches/patch-main_cel.c
+62-623 files not shown
+76-729 files

FreeBSD/ports c45ce58net/activemq Makefile distinfo, net/activemq/files activemq.in

net/activemq: Update 6.2.0 => 6.2.4, take maintainership

Release Notes:
https://activemq.apache.org/components/classic/download/classic-06-02-01
https://activemq.apache.org/components/classic/download/classic-06-02-02
https://activemq.apache.org/components/classic/download/classic-06-02-03
https://activemq.apache.org/components/classic/download/classic-06-02-04

Improve port:
- Adjust JAVA_VERSION.
- Add substitution instead of hardcoded USER and GROUP in rc script.

PR:             294136
Approved by:    blanket (3rd in a row maintainer timeout during last 2.5 years)
Sponsored by:   UNIS Labs
MFH:            2026Q2

(cherry picked from commit 8f41140a8cc479a9c574d06fa314b25051174d95)
DeltaFile
+9-5net/activemq/Makefile
+4-4net/activemq/files/activemq.in
+3-3net/activemq/distinfo
+2-2net/activemq/pkg-plist
+18-144 files

FreeBSD/ports 8f41140net/activemq Makefile distinfo, net/activemq/files activemq.in

net/activemq: Update 6.2.0 => 6.2.4, take maintainership

Release Notes:
https://activemq.apache.org/components/classic/download/classic-06-02-01
https://activemq.apache.org/components/classic/download/classic-06-02-02
https://activemq.apache.org/components/classic/download/classic-06-02-03
https://activemq.apache.org/components/classic/download/classic-06-02-04

Improve port:
- Adjust JAVA_VERSION.
- Add substitution instead of hardcoded USER and GROUP in rc script.

PR:             294136
Approved by:    blanket (3rd in a row maintainer timeout during last 2.5 years)
Sponsored by:   UNIS Labs
MFH:            2026Q2
DeltaFile
+9-5net/activemq/Makefile
+4-4net/activemq/files/activemq.in
+3-3net/activemq/distinfo
+2-2net/activemq/pkg-plist
+18-144 files

FreeBSD/src bd6548fsys/fs/nfs nfsid.h nfs.h, usr.sbin/nfsuserd nfsuserd.c

nfsid.h: Put the nfsd_idargs structure in a new .h

This patch moves the definition of the nfsd_idargs
structure out of nfs.h and into a new file called
nfsid.h.

This is being done so that it can be included in
nfs_diskless.c in a future commit.

There should be no semantics change from this
commit.

(cherry picked from commit e6db4dd9d7216067388ae91ac73c3917a93f9420)
DeltaFile
+67-0sys/fs/nfs/nfsid.h
+0-23sys/fs/nfs/nfs.h
+1-0sys/fs/nfs/nfs_commonport.c
+1-0sys/fs/nfs/nfs_commonsubs.c
+0-1sys/fs/nfs/nfs_var.h
+1-0usr.sbin/nfsuserd/nfsuserd.c
+70-246 files

OpenBSD/src Jogop0Zsys/net if_wg.c

   check the prefix (cidr) len for an allowedip is valid.

   ie, don't allow prefixes greater than 32 or 128 bits for ipv4 and
   ipv6 respectively.

   found by Daniel Wade (danjwade95 at gmail dot com), who also suggested
   the fix.
   ok deraadt@ jmatthew@
VersionDeltaFile
1.48+4-1sys/net/if_wg.c
+4-11 files

OpenBSD/src EbbRpHSshare/man/man4 acpi.4

   mention inthid(4) and ispi(4)
VersionDeltaFile
1.80+6-2share/man/man4/acpi.4
+6-21 files

OpenBSD/src 5HY123nshare/man/man4 ispi.4 Makefile

   add ispi(4)
VersionDeltaFile
1.1+38-0share/man/man4/ispi.4
1.876+2-2share/man/man4/Makefile
+40-22 files

FreeBSD/src b5737f2share/man/man5 src.conf.5, share/mk src.opts.mk

mk: Disable blacklist when disabling blocklist

WITHOUT_BLOCKLIST, when set, should enforce WITHOUT_BLACKLIST.
This fixes the build when WITHOUT_BLOCKLIST=yes is set.

Reported by:    ivy
Reviewed by:    ivy
Fixes:          7238317403b9 ("blocklist: Rename blacklist to blocklist")
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D56118

(cherry picked from commit 0d9676e1ca92febd42fbebef8d6833a0939d3f7c)
DeltaFile
+18-1share/man/man5/src.conf.5
+8-0share/mk/src.opts.mk
+26-12 files

FreeBSD/ports 358749cbenchmarks/iperf3 distinfo Makefile, benchmarks/iperf3/files patch-RELNOTES.md

benchmarks/iperf3: Update to iperf-3.21.

Notable changes: https://github.com/esnet/iperf/releases/tag/3.21

Sponsored by:   Energy Sciences Network (ESnet)
DeltaFile
+0-18benchmarks/iperf3/files/patch-RELNOTES.md
+3-3benchmarks/iperf3/distinfo
+1-2benchmarks/iperf3/Makefile
+4-233 files

LLVM/project 121f5a9.ci compute_projects_test.py compute_projects.py, libclc CMakeLists.txt README.md

[libclc] Enable LLVM_RUNTIME_TARGETS in build system (#189892)

libclc target is now passed in from LLVM_RUNTIME_TARGETS.

The old configure flow based on `-DLLVM_ENABLE_RUNTIMES=libclc` is
deprecated because libclc no longer has a default target.
`-DLLVM_ENABLE_RUNTIMES=libclc -DLLVM_RUNTIME_TARGETS="<target-triple>"`
still works but it is considered legacy.

The new standard build requires:
Each target must now be selected explicitly on the CMake command line
through the runtimes target-specific cache entry and
LLVM_RUNTIME_TARGETS.
For example:
-DRUNTIMES_amdgcn-amd-amdhsa-llvm_LLVM_ENABLE_RUNTIMES=libclc
-DLLVM_RUNTIME_TARGETS="amdgcn-amd-amdhsa-llvm"
-DRUNTIMES_nvptx64-nvidia-cuda_LLVM_ENABLE_RUNTIMES=libclc
-DLLVM_RUNTIME_TARGETS="nvptx64-nvidia-cuda"
-DRUNTIMES_clspv--_LLVM_ENABLE_RUNTIMES=libclc

    [17 lines not shown]
DeltaFile
+156-162libclc/CMakeLists.txt
+66-15libclc/README.md
+13-10.ci/compute_projects_test.py
+7-14libclc/test/CMakeLists.txt
+14-3.ci/compute_projects.py
+10-2.ci/monolithic-windows.sh
+266-2062 files not shown
+287-2098 files

LLVM/project 507d823llvm/lib/Transforms/Scalar LoopStrengthReduce.cpp, llvm/test/CodeGen/X86/AMX amx-across-func.ll

[LSR] Use TTI to check if zero-start IV is free in getSetupCost (#190587)

This avoids a downstream regression where LSR prefers {-1,+1}.
When constant zero typically doesn't require preheader initialization
(queried via TTI::getIntImmCost), consider it as free in getSetupCost.

Three test changes are improvements: amx-across-func.ll,
2011-11-29-postincphi.ll and pr62660-normalization-failure.ll.
Other test changes are neutral.
DeltaFile
+16-8llvm/lib/Transforms/Scalar/LoopStrengthReduce.cpp
+6-8llvm/test/Transforms/LoopStrengthReduce/X86/2011-11-29-postincphi.ll
+6-7llvm/test/Transforms/LoopStrengthReduce/X86/pr62660-normalization-failure.ll
+4-6llvm/test/CodeGen/X86/AMX/amx-across-func.ll
+4-4llvm/test/Transforms/LoopStrengthReduce/X86/postinc-iv-used-by-urem-and-udiv.ll
+4-4llvm/test/Transforms/LoopStrengthReduce/duplicated-phis.ll
+40-371 files not shown
+41-387 files

LLVM/project 7b94b9alibclc/clc/lib/generic/workitem clc_get_sub_group_size.cl

[libclc] Refine generic __clc_get_sub_group_size with fast full sub-group path (#188895)

Add a fast path for the common case that total work-group size is
multiple of max sub-group size.

The fallback path is ported from amdgpu/workitem/clc_get_sub_group_size.cl.

Compiler can generate predicated instructions for the fallback path to
avoid branches.
DeltaFile
+12-12libclc/clc/lib/generic/workitem/clc_get_sub_group_size.cl
+12-121 files

FreeBSD/src 27ac9d3crypto/openssl/apps testrsa.h, crypto/openssl/crypto/ec ecp_nistz256_table.c curve25519.c

crypto/openssl: update from 3.0.16 to 3.0.20

### Description

This particular change contains all functional and security fixes made
between 3.0.16 and 3.0.20, with the net-resulting security issues being
the ones addressed in 3.0.20 [1] [2].

This is a direct commit to stable/14 as stable/15 and later use OpenSSL
3.5, as of writing, and thus this change could not have been merged
through main and stable/15 since the 3.0.17+ was released after :main
switched to OpenSSL 3.5.

This does not contain any merge commits as any MFV changes are banned
unless they go through :main.

### Process used when updating the component

1. Run the subtree merge command in a staging tree.

    [12 lines not shown]
DeltaFile
+14,894-9,513crypto/openssl/crypto/ec/ecp_nistz256_table.c
+10,184-10,183crypto/openssl/test/ecdsatest.h
+3,556-3,166crypto/openssl/ssl/s3_lib.c
+2,611-2,462crypto/openssl/crypto/ec/curve25519.c
+4,465-447crypto/openssl/apps/testrsa.h
+2,454-2,338crypto/openssl/test/sslapitest.c
+38,164-28,1092,714 files not shown
+165,411-132,9752,720 files

HardenedBSD/src 47c48c3sys/netinet in_pcb.c tcp_usrreq.c, usr.sbin/bluetooth/iwmbtfw iwmbt_hw.c iwmbt_fw.c

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+213-139sys/netinet/in_pcb.c
+93-151sys/netinet/tcp_usrreq.c
+47-103usr.sbin/bluetooth/iwmbtfw/iwmbt_hw.c
+24-96sys/netinet/raw_ip.c
+105-0usr.sbin/bluetooth/iwmbtfw/iwmbt_fw.c
+50-44sys/netinet/in_pcb.h
+532-53341 files not shown
+904-87647 files

HardenedBSD/src e7398a4sys/netinet in_pcb.c tcp_usrreq.c, usr.sbin/bluetooth/iwmbtfw iwmbt_hw.c iwmbt_fw.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+213-139sys/netinet/in_pcb.c
+93-151sys/netinet/tcp_usrreq.c
+47-103usr.sbin/bluetooth/iwmbtfw/iwmbt_hw.c
+24-96sys/netinet/raw_ip.c
+105-0usr.sbin/bluetooth/iwmbtfw/iwmbt_fw.c
+50-44sys/netinet/in_pcb.h
+532-53341 files not shown
+904-87647 files

HardenedBSD/src dff0b5c. Makefile.inc1, release/packages generate-ucl.sh create-sets.sh

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+33-30usr.bin/lockf/lockf.1
+19-20Makefile.inc1
+2-1usr.sbin/mfiutil/mfiutil.8
+1-1release/packages/generate-ucl.sh
+1-1release/packages/create-sets.sh
+0-2tools/build/Makefile
+56-556 files

HardenedBSD/ports 1cde06bdns/dnst distinfo Makefile.crates, java/openjdk22 Makefile

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+319-289dns/dnst/distinfo
+158-143dns/dnst/Makefile.crates
+0-209java/openjdk22/files/patch-src_java.desktop_share_native_libfontmanager_freetypeScaler.c
+0-191java/openjdk22/Makefile
+0-89java/openjdk22/files/patch-src_jdk.management_unix_native_libmanagement__ext_OperatingSystemImpl.c
+80-0security/vuxml/vuln/2026.xml
+557-92187 files not shown
+959-1,15393 files

OpenBSD/src C4Wt50nsbin/slaacd engine.c, usr.sbin/rad engine.c

   These programs spin if they receive a RA from the local network with
   ND option with length 0.  from Daniel Wade
   ok florian
   this will be errata 7.7/036_v6daemons.patch and 7.8/030_v6daemons.patch
VersionDeltaFile
1.100+5-1sbin/slaacd/engine.c
1.30+3-1usr.sbin/rad/engine.c
+8-22 files

LLVM/project 00328f1flang/lib/Optimizer/Transforms MIFOpConversion.cpp

[flang][NFC] Fix typo in comment for multi-image environment (#191722)
DeltaFile
+1-1flang/lib/Optimizer/Transforms/MIFOpConversion.cpp
+1-11 files

FreeBSD/src 8085c5asys/dev/nvme nvme_ctrlr.c

nvme_ctrlr_linux_passthru_cmd: correct size of upages_small array

The size broke when upages was converted from array to double pointer.

Reported by:    gcc -Wsizeof-pointer-div
Reviewed by:    imp
Fixes:          82ff1c334b97 ("nvme: Allow larger user request sizes")
Differential Revision:  https://reviews.freebsd.org/D56368
DeltaFile
+2-2sys/dev/nvme/nvme_ctrlr.c
+2-21 files

OpenBSD/src nyB4qTisys/dev/pci/drm/amd/display/dc/resource/dce100 dce100_resource.c, sys/dev/pci/drm/amd/display/dc/resource/dce110 dce110_resource.c

   drm/amd/display: Fix DCE LVDS handling

   From Alex Deucher
   24ce568f7553a55404cddf8f0fca2a7c0ea9451c in linux-6.18.y/6.18.22
   90d239cc53723c1a3f89ce08eac17bf3a9e9f2d4 in mainline linux
VersionDeltaFile
1.2+7-6sys/dev/pci/drm/amd/display/dc/resource/dce60/dce60_resource.c
1.3+3-2sys/dev/pci/drm/amd/display/dc/resource/dce110/dce110_resource.c
1.3+3-2sys/dev/pci/drm/amd/display/dc/resource/dce112/dce112_resource.c
1.3+3-2sys/dev/pci/drm/amd/display/dc/resource/dce120/dce120_resource.c
1.3+3-2sys/dev/pci/drm/amd/display/dc/resource/dce80/dce80_resource.c
1.3+3-2sys/dev/pci/drm/amd/display/dc/resource/dce100/dce100_resource.c
+22-166 files