net-mgmt/peering-manager: Fix Python version
Upstream claims to support >=3.10,<3.15 which translates to 3.10-3.14.
Reviewed by: bofh
Differential Revision: https://reviews.freebsd.org/D57709
x86: Harmonize GENERIC and MINIMAL
* Reorder MINIMAL so everything is in the same order as in GENERIC.
* Wherever comments diverged, except for the explanatory comment at
the top, copy the GENERIC version to MINIMAL.
* Add KDTRACE_FRAME to i386 GENERIC; it was already in MINIMAL, and
adding it to GENERIC seemed like the more correct move.
With these changes, MINIMAL is a strict subset of GENERIC, apart from
the identifier and the explanatory comment at the top.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D57729
firewall: unify group names
The defaults in GroupField are still a bit weird as we are showing them
even though their mandatory path is from *_interfaces() plugin registration.
If we need the value 10 we should make it the implicit default and also
add the default to the group interface registration (or not at all).
GroupField could read them correctly from config.xml...
PR: https://www.reddit.com/r/opnsense/comments/1ucvh2y/is_there_a_way_to_change_the_openvpn_group/
Revert some SSAF patches (#205279)
I've started seeing some failures on Windows permissive bots.
I'll revert my patches for now until further investigation.
errors:
https://lab.llvm.org/buildbot/#/builders/107/builds/20548
```
C:\b\slave\sanitizer-windows\llvm-project\clang\lib\Frontend\CompilerInvocation.cpp
C:\b\slave\sanitizer-windows\build\tools\clang\include\clang/Options/Options.inc(9981): error C2065: 'SSAFOpts': undeclared identifier
C:\b\slave\sanitizer-windows\build\tools\clang\include\clang/Options/Options.inc(9982): note: see reference to function template instantiation 'auto GenerateSSAFArgs::<lambda_5f504a9e8792b8b03f1d39701f31dbec>::operator ()<T>(const T &) const' being compiled
with
[
T=std::vector<std::string,std::allocator<std::string>>
]
```
Revert "Reland "[clang][ssaf][NFC] Move SSAF flags from FrontendOptions
to a dedicated SSAFOptions" (#204798)"
[4 lines not shown]
NAS-140907 / 27.0.0-BETA.1 / Tolerate malformed JSON in audit databases (#19181)
## Problem
The audit databases store `event_data`/`service_data` as JSON in TEXT
columns that SQLite does not validate on insert, so a corrupted or
otherwise non-JSON value can persist in a row (e.g. after a storage/IO
incident). Audit queries that filter or select on a JSON path compile to
`json_extract()`, and SQLite aborts the entire statement with
`OperationalError: malformed JSON` the moment it evaluates that over a
bad row. This bubbles up uncaught from the SMB alert sources as
recurring CRITICAL `AlertSourceRunFailed` alerts, and breaks
`audit.query`/`audit.export` and the UI audit page.
## Solution
Guard every JSON-path `json_extract` so a non-JSON row is skipped
instead of aborting the query, and surface the corruption rather than
dropping it silently.
- **WHERE side** (`datastore/filter.py`): an opt-in
[19 lines not shown]
Revert "[libc] Introduce the ioctl syscall wrapper and port all callers" (#205277)
Reverts llvm/llvm-project#204640
Breaks libc-x86_64-debian-fullbuild. Reverting while I investigate.
[X86] Prevent folding of volatile scalar loads into masked loads in selects (#205103)
X86 select patterns were folding scalar FP loads into AVX-512 masked
loads. Since masked loads suppress memory access when the mask is 0,
this can incorrectly eliminate the observable access of volatile loads,
leading to miscompilation. Non-volatile loads are unaffected.
Multi-use loads already avoid folding, since folding consumes the load
into the instruction's memory operand and leaves no value for the other
users, forcing it to be materialized into a register. Single-use
volatile loads did not, and this must also be prevented, as volatile
loads are required to always perform their memory access.
Fix this by using the isSimple()-guarded simple_load pattern instead of
loadf32/loadf64, ensuring volatile loads are not folded.
Found via @jlebar's X86 LLVM bug hunt / FuzzX effort:
https://github.com/SemiAnalysisAI/FuzzX/blob/master/x86/bugs/093-avx512-vmovs-x86selects-load-fold-mask-suppress
mvc: give throwReadOnly() a sibling named throwNotFullAdmin() which validates if a user has full access rights and can be treated as "provides safe input".
Although there aren't a lot of cases where user input can't be validated strictly enough, there are still one or two edge cases which offer some sort of "advanced" input which we currently wouldn't accept and are thus hard to change for historic reasons. The most prominent one is Monit, which allows local commands being executed.
throwNotFullAdmin simply raises an exception and bails before persisting changes to the configuration, which can be set on a per action or controller (internalSaveRequiresAdmin).
clang: Change TargetInfo::setCPU to take StringRef
The related APIs all use StringRef, so use StringRef for
consistency.
Co-Authored-By: Claude (Opus 4.8) <noreply at anthropic.com>
AMDGPU: Move AMDGPUTargetID to AMDGPUTargetParser
Move the AMDGPUTargetID class and TargetIDSetting enum from
AMDGPUBaseInfo to AMDGPUTargetParser, making them available in the
MC-independent TargetParser library.
Currently there is this backend implementation, and a second one in
clang. Move this here so in the future the clang copy can be deleted.
Co-Authored-By: Claude <noreply at anthropic.com>
AMDGPU: Use module flags to control xnack and sramecc
This ensures these ABI details are encoded in the IR module
rather than depending on external state from command-line flags.
Previously, these were encoded as function-level subtarget features.
The code object output was a single target ID directive implied
by the global subtarget. The backend would previously check if a
function's subtarget feature mismatched the global subtarget. This
is avoided by making xnack and sramecc module-level properties from
the start. This also provides proper linker compatibility
enforcement, moving the error point earlier.
The old encoding was also an abuse of the subtarget feature system.
Subtarget features are a bitvector, and later features in the string
can override earlier ones. The old handling added a special case
where explicit settings were preserved: ordinarily +feature,-feature
should result in the feature being disabled, but +xnack,-xnack would
preserve the explicit "-xnack" state, which differs from the absence
of any xnack setting.
[25 lines not shown]
[clang][ssaf][NFC] Make SSAFOptions available in Builders and Extractors (#204684)
Now that we have SSAFOptions, it would make it a lot more ergonomic if
it was accessible from builders and extractors.
This PR does exactly that.
Part of rdar://179151023
Co-authored-by: Jan Korous <jkorous at apple.com>
Co-authored-by: Claude Opus 4.7 <noreply at anthropic.com>
[Clang][ABI] Validate consistency between ABI lowering implementation (#203281)
If the LLVM ABI library is used, and assertions are enabled, compute the
ABI both using Clang's implementation the the LLVM ABI library, and
verify that the results are the same.
[libc] Introduce the ioctl syscall wrapper and port all callers (#204640)
This patch adds an ioctl syscall wrapper in linux_syscalls namespace and
migrates all direct SYS_ioctl calls to use it.
To handle the polymorphic nature of ioctl arguments (where some commands
expect pointers, some expect scalar integers like queue_selector, and
some expect no argument at all), I use a helper struct IoctlArg with
implicit constructors. This avoids template bloat and overload
ambiguities (particularly around literal 0) while keeping call sites
clean.
Assisted by Gemini.
[orc-rt] Add return serialization to AllocActionFunction::handle. (#205271)
Add a Serializer template parameter to AllocActionFunction::handle and
apply it to the handler's return value before forwarding as the action
result. This lets handler authors return types other than
WrapperFunctionBuffer.
For SPS, AllocActionSPSSerializer is the default Serializer used by
SPSAllocActionFunction::handle. It accepts either:
- WrapperFunctionBuffer (identity pass-through, the existing behavior),
or
- Error (success → empty WFB; failure → out-of-band-error WFB carrying
toString(Err)).
Adds AllocActionTest coverage for both Error-return paths.
