kexec: Disallow kexec_load if securelevel > 0
kexec_load() + reboot is intended to be equivalent to a system reboot.
However kexec_load() can load arbitrary data as the target kernel,
leading to execution of arbitrary code, even though it's effectively in
a new context. Rather than being equivalent to a system reboot, it's
also equivalent to kldload(), which loads arbitrary code into the
running kernel. Since kldload() is blocked at securelevel 1, also block
kexec_load().
Reported by: markj
Fixes: e02c57ff3 ("kern: Introduce kexec system feature (MI)")
Sponsored by: Hewlett Packard Enterprise
Differential Revision: https://reviews.freebsd.org/D56580
[Hexagon] Non-pie default on hexagon-unknown-elf (#193184)
The Hexagon driver on non-linux OS should not default to position
independent executable (pie).
For standalone QuRT applications (non FastRPC), default to static
executables.
[OpenMP][OMPIRBuilder] Support complex types in atomic update/capture (#191490)
Route struct-typed values through the libcall path in
`emitAtomicUpdate`.
Previously, the libcall path was gated on `RMWOp == BAD_BINOP`, so
atomic capture swap patterns (`v = x; x = expr`) for complex values
lowered as structs fell through to the cmpxchg path. That path called
`getScalarSizeInBits()` on a struct type, produced 0, and triggered an
assertion in `IntegerType::get()`.
Remove the `BAD_BINOP` restriction so struct types always use the
libcall path. This is safe because the libcall path does not use `RMWOp`
and already handles arbitrary type sizes correctly.
Also fix `LoadSize` in the libcall path to use `XElemTy` rather than the
pointer type, which previously gave the wrong size for larger complex
types such as `complex(8)`.
[2 lines not shown]
[ItaniumDemangle] Strip __alloc_token_ to transparently demangle allocation functions (#191048)
Update the Itanium demangler to recognize and strip `__alloc_token_`
prefixes introduced by AllocToken instrumentation [1]. This ensures that
instrumented allocation functions (e.g., `__alloc_token__Znwm`) demangle
back to their original source-level names (e.g., `operator new(unsigned
long)`) with a suffix `(.alloc_token)` indicating their non-standard
origin.
Since AllocToken is intended to be transparent to users who continue to
use `operator new` as before, the demangled name should reflect this
reality instead of confusing users with internal instrumentation names
in stack traces or symbolization output.
Synchronize changes across llvm and libcxxabi copies.
[1] https://clang.llvm.org/docs/AllocToken.html
Original RFC: https://discourse.llvm.org/t/rfc-a-framework-for-allocator-partitioning-hints/87434
[lldb] Fix inappropriate uses of LLDB_INVALID_IMAGE_TOKEN (#193365)
It may not be obvious from its name, but `Process::m_image_tokens`
contains loaded image addresses, not "tokens". The tokens are actually
indices into that array.
[RISCV][P-ext] Custom legalize vector (setne X, allzeros) and (setgt X, allones) (#193360)
(setne X, allzeros) can be lowered to (setult X0, X).
(setgt X, allones) can be lowered to (not (setlt X, 0)). The not
can often be folded into and, orn, xnor, or merge.
Detect missing docker root dataset in startup validation
This commit adds changes to fix a subtle issue where `missing_required_datasets` failed to detect when the root docker dataset itself was missing. The check constructed its fatal set using `set(docker_ds)`, which iterates the dataset path string character-by-character (e.g. `"tank/.ix-apps"` becomes `{'t','a','n','k','/','.','i','x','-','p','s'}`) rather than producing a single-element set containing the path. As a result, the root dataset was never included in the intersection check and a missing root docker dataset would silently pass validation instead of raising a `CallError` during docker startup. The fix replaces `set(docker_ds)` with `{docker_ds}` so the full dataset name participates in the fatal-set membership check as intended.
devel/forgejo-cli: Make DISTFILE unique to avoid DISTDIR collisions
While here, incorporate some minor cleanups:
- Remove unnecessary CARGO_ENV values
- Move pkg-plist entries to PLIST_FILES
Reviewed by: diizzy
Sponsored by: The FreeBSD Foundation
www/py-django-bootstrap3: Unbreak build after 21c2f9c595ac
* Relax the version requirements for py-uv-build which has been updated
recently.
Reported by: pkg-fallout
games/anki: Extend memory usage of NodeJS during build
* Set a higher value for V8's old memory to fix OOM issues during build:
[...]
vite v6.3.6 building for production...
transforming...
<--- Last few GCs --->
[85302:0x40cbfe36a000] 61573 ms: Mark-Compact (reduce) 505.7 (525.0) -> 502.2 (512.8) MB, pooled: 0 MB, 53.70 / 0.00 ms (+ 530.4 ms in 111 steps since start of marking, biggest step 5.2 ms, walltime since start of marking 659 ms) (average mu = 0.194, [85302:0x40cbfe36a000] 62211 ms: Mark-Compact 503.3 (512.8) -> 498.8 (515.5) MB, pooled: 0 MB, 631.85 / 0.00 ms (average mu = 0.113, current mu = 0.009) allocation failure; scavenge might not succeed
FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory
----- Native stack trace -----
1: 0x19a5b74 node::OOMErrorHandler(char const*, v8::OOMDetails const&) [/usr/local/bin/node]
2: 0x1be1c44 node::inspector::protocol::IO::DomainDispatcherImpl::~DomainDispatcherImpl() [/usr/local/bin/node]
3: 0x1e1a6b0 v8::internal::HeapLayout::CheckYoungGenerationConsistency(v8::internal::MemoryChunk const*) [/usr/local/bin/node]
4: 0x1e1d5f4 v8::internal::HeapLayout::CheckYoungGenerationConsistency(v8::internal::MemoryChunk const*) [/usr/local/bin/node]
[5 lines not shown]
AMDGPU: Set transient stack alignment to 4
Some of the frame index handling code seems to assume
it can preserve values in SCC through an add by using an
add carry, and clearing the low bit of the resultant pointer,
which means an odd SP value could be corrupted. I haven't
found a case where this was meaningful; we always end up
using a 4 byte aligned pointer anyway. Set this just in case.
[mlir] targeted verification for transform "inlining" (#192956)
When merging named transform sequences into their include locations,
rely on the InlinerDialectInterface implementation newly added to the
transform dialect instead of the full verification after the fact. This
enables us to only verify aspects of the IR that may change in a way
compatible with the rest of the infra, reducing the overall cost of the
process.
Use `LogicalResult` as appropriate instead of returning dummy
`InFlightDiagnostic` while I'm here.
Assisted-by: Claude Opus 4.7 / Cursor
[lldb] Remove unused ExpressionPathOptions: NoFragileObjcIvar, NoSyntheticArrayRange (NFC) (#193336)
As of #193120, `eExpressionPathOptionsNoFragileObjcIvar` and
`eExpressionPathOptionsNoSyntheticArrayRange` are no longer used
anywhere, and aren't expected to be used again.
[flang][OpenMP] Remove unused member, NFC (#193512)
After e8e8b6a3d8616b5d6572f9e16442cc97ef3867bd, the member
`privateDataSharingAttributeObjects_` of OmpAttributeVisitor is no
longer used. Remove it and the associated accessor functions.
