Add SECURITY.md policy file
Add a basic SECURITY.md file to establish the repository's security
reporting policy. Includes guidance for reporting security issues
and what to expect.
Reviewed-by: Allan Jude <allan at klarasystems.com>
Reviewed-by: George Melikov <mail at gmelikov.ru>
Signed-off-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Closes #18766
devel/perfetto: new port
thj@ and adrian@ did all of the underlying FreeBSD-specific
porting work and testing. I helped with creating the Ports
tree Makefile.
Co-authored-by: Tom Jones <thj at FreeBSD.org>
Co-authored-by: Adrian Chadd <adrian at FreeBSD.org>
Differential Revision: https://reviews.freebsd.org/D56762
[PowerPC] Use INT64_MAX instead of LONG_MAX. (#208249)
The value of LONG_MAX is dependent on the host environment used to build
the compiler. For example, X86-64 Windows has a different value than
X86-64 Linux. Using LONG_MAX would give inconsistent results when cross
compiling.
[docs] Enable colon_fence myst extension, fix admonitions (#208322)
The colon_fence myst extension enables triple-colon fences for
admonitions, as in:
:::{note}
**Regular** _markdown_ text, not code.
:::
Using triple colon fences for admonition blocks helps markdown editors
treat the body as markdown text, rather than fixed-width code with a
syntax highlight.
This change fixes a live doc bug in MyFirstTypoFix.md, which uses this
admonition style:
https://llvm.org/docs/MyFirstTypoFix.html
Currently ":::{note} The code changes presented" leaks through in the
HTML, and this one line change fixes it.
[BOLT] Register PIE indirect goto relocations (#206819)
PIE binaries use R_*_RELATIVE dynamic relocations for indirect goto jump
tables. BOLT creates entry points for their targets but does not mark
these addresses as targets from data relocations, so indirect jumps with
unknown control flow (which originates from indirect goto) have no CFG
successors and are interpreted as potential tail calls, while the jump
targets are incorrectly identified as additional entry points.
Add these offsets to the function's list of non-entry relocation
references instead of marking them as entry points. Extend relocation
rewriting to also check whether a block is externally referenced. This
mirrors behavior of data-to-code relocations in non-pie binaries.
p5-Imager: update to 1.033.
Imager 1.033 - 7 July 2026
============
- fix mishandling of large EXIF IFD entry count values, treating them
as negative numbers. This could lead to an attempt to allocate a
block nearly the size of the address space, which fails and causes
an exit. Such counts are now treated as unsigned and caught either
when the multiplication result is checked, or when the end of the
IFD referenced memory is outside the EXIF block.
Thanks to cpan-security.
CVE-2026-14454
- JPEG: depend on Imager 1.033 for the EXIF fix.
- fix a thread context object reference count leak in the bumpmap and
bumpmap_complex filters.
[2 lines not shown]
[mlir][acc] Add acc.on_device op (#208096)
Add an operation to represent the runtime call to acc_on_device.
This runtime call is important to fold early in the compilation pipeline
and having an operation allows us to easily recognize it when emitted by
frontends.
[SimpleLoopUnswitch] Don't latch-redirect trivial unswitch across convergent ops (#207047)
The trivial-unswitch case added in #204934 can redirect a loop-invariant
branch's latch edge to the loop exit, turning it into an exit branch
that then gets hoisted to the preheader. That changes how many
iterations (and, on GPUs, which lanes) execute the loop body.
When the loop contains a convergent operation that runs each iteration,
hoisting the branch lets one (possibly non-uniform) path bypass the loop
entirely and skip the convergent op. Concretely, this miscompiles an
AMDGPU warp reduction (llvm.amdgcn.update.dpp): lanes drop out of the
cross-lane shuffle, so block reductions come back with partial results.
Guard the new latch-redirect transform with the same convergent /
cross-block-token check that isSafeForNonTrivialUnswitching already
applies (refactored into a shared loopContainsConvergentOrTokenOp
helper). Adds a target-independent lit test that fails before this
change and passes after.
Co-authored-by: Claude Opus
[bazel] Correct config.h definitions for musl (#207295)
The Bazel overlay encodes several configure-time config.h results
manually. It currently treats all Linux platforms as having
execinfo.h/backtrace() and mallinfo(). That matches glibc, but is false
when the build is configured for musl libc.
The upstream .bazelrc provides --config=hermetic-toolchain. A musl build
can be selected by pairing that with the platform labels from the
external Bazel module named llvm, for example:
bazel build --config=hermetic-toolchain \
--platforms=@llvm//platforms:linux_x86_64_musl \
--extra_execution_platforms=@llvm//toolchain:linux_x86_64_platform \
@llvm-project//llvm:not
Only define HAVE_BACKTRACE/BACKTRACE_HEADER when not targeting musl, and
only define HAVE_MALLINFO for GNU libc. With the old definitions, this
fails in LLVM Support, e.g.:
[5 lines not shown]
[docs] Enable colon_fence myst extension, fix admonitions
The colon_fence myst extension enables triple-colon fences for
admonitions, as in:
:::{note}
**Regular** _markdown_ text, not code.
:::
Using triple colon fences for admonition blocks helps markdown editors
treat the body as markdown text, rather than fixed-width code with a
syntax highlight.
This change fixes a live doc bug in MyFirstTypoFix.md, which uses this
admonition style:
https://llvm.org/docs/MyFirstTypoFix.html
Currently ":::{note} The code changes presented" leaks through in the
HTML, and this one line change fixes it.
[Hexagon] Drop artificial VF sub-registers from W0-W15 (PR183850) (#208260)
Declaring VF0-VF15 as an artificial (vsub_fake) third sub-register of
W0-W15 caused MachineCopyPropagation to associate DBG_VALUEs of $wN with
unrelated $vM COPYs via reg-unit overlap, tripping the
hasDebugOperandForReg assertion in updateDbgUsersToReg.
Remove the fake sub-register from W0-W15. The reverse-alias WR0-WR15
keep vsub_fake intentionally.
[flang][OpenACC] Attach `OpenACCLoopLocAttr` to `acc.loop` op (#208238)
Introduce an attribute `OpenACCLoopLocAttr` that can be attached to an
`acc.loop` operation to record loop locations and directive location
separately.
Attach it to `acc.loop` when building the op in flang.
clang/AMDGPU: Remove driver restriction on --gpu-max-threads-per-block
Previously this flag was only handled for HIP, and would produce an unused
argument warning. There is a custom warning produced by cc1 that the
argument isn't supported, but practically speaking that was unreachable
due to not forwarding the argument. Also add a test for the untested warning.
Also use a simpler method for forwarding the flag to cc1.
clang/AMDGPU: Fix double linking opencl libs with --libclc-lib
Noticed by inspection. If using an explicit --libclc-lib flag,
do not attempt to also link the rocm device libs which will contain
different implementations of the same opencl symbols.
Co-Authored-By: Claude <noreply at anthropic.com>
clang/AMDGPU: Merge toolchain subclasses
Simplify the toolchain implementations by collapsing
them into one. Previously we had a confusing split. The
AMDGPUToolChain base class implemented much of the base
support. It was subclassed by ROCMToolChain, which would
have been more accurately described as the offloading subclass.
That was further subclassed into HIP and OpenMP specific subclasses.
Deleting those two is the important part of this change. There was
code duplication, and features arbitrarily handled in one but not
the other. The offload kind is passed in almost everywhere if you
really need to know the original language. However, I consider
this an antifeature, and it is really poor QoI to have the HIP
and OpenMP toolchains behave differently in any way. The platform
should be consistent and the driver behaviors should not depend
on the language.
There is additional mess in the handling of spirv, which this
[9 lines not shown]
[lldb] Remove unused AnyMatches functions from DataFormatters (#208288)
The only `AnyMatches` function actually used is in TypeCategoryImpl and
TieredFormatterContainer.