LLVM/project 1dc53ballvm/lib/Target/RISCV RISCVMoveMerger.cpp, llvm/test/CodeGen/RISCV rv32-move-merge.ll

[RISCV][P-ext] Merge paired pli/plui in RISCVMoveMerger (#202566)

64-bit packed-splat constants are returned as i64, which SelectionDAG
splits into two i32 halves materialized as single-reg
pli.b/pli.h/plui.h. Merge matching pairs writing the two halves of a
GPRPair into the paired pli.db/pli.dh/plui.dh form.
DeltaFile
+136-15llvm/lib/Target/RISCV/RISCVMoveMerger.cpp
+94-0llvm/test/CodeGen/RISCV/rv32-move-merge.ll
+230-152 files

NetBSD/pkgsrc-wip 5c0aa57brush-shell Makefile PLIST, brush-shell/patches patch-.._vendor_nix-0.31.2_src_sys_wait.rs

brush-shell: fix build
DeltaFile
+30-0brush-shell/patches/patch-.._vendor_nix-0.31.2_src_sys_wait.rs
+11-1brush-shell/Makefile
+1-3brush-shell/PLIST
+1-0brush-shell/distinfo
+43-44 files

LLVM/project 2a3342corc-rt/lib/executor/sps-ci CallSPSCI.cpp, orc-rt/unittests CallSPSCITest.cpp

[orc-rt] Fix off-by-one error in d20eca15e88 (SPS CI for calls). (#202872)

The main-function shaped caller in d20eca15e88 had an off-by-one error
that I missed as I was looking at a stale build folder. This commit
fixes the error, and makes some changes to related unit test variable
names for consistency.
DeltaFile
+23-24orc-rt/unittests/CallSPSCITest.cpp
+3-1orc-rt/lib/executor/sps-ci/CallSPSCI.cpp
+26-252 files

LLVM/project dc352aallvm/lib/IR Value.cpp

[IR] Avoid unnecessary canBeFreed() calls (NFC) (#202685)

Do not call canBeFreed() if the value can't ever be freed (e.g. for
globals) or if there are no known dereferenceable bytes. The check is
relatively expensive.

(The compile-time impact is only visible when enabling deref-at-point
semantics.)
DeltaFile
+11-3llvm/lib/IR/Value.cpp
+11-31 files

FreeBSD/ports 3b71362sysutils/restic distinfo Makefile

sysutils/restic: Update to 0.19.0

ChangeLog:      https://github.com/restic/restic/releases/tag/v0.19.0
MFH:            2026Q2
(cherry picked from commit 1ee622d177084f8a7883c401039608309d66b2ad)
DeltaFile
+5-5sysutils/restic/distinfo
+1-2sysutils/restic/Makefile
+6-72 files

LLVM/project e7dcdf0llvm/lib/Target/X86 X86ISelLowering.cpp, llvm/test/CodeGen/X86 reset-fpenv-mmo.ll

[X86] LowerRESET_FPENV - use MOLoad for the constant-pool FLDENVm MMO (#201832)

LowerRESET_FPENV builds a MachineMemOperand with the MOStore flag and
attaches it to X86ISD::FLDENVm, which is mayLoad = 1. The direction
contradicts the SDNode, and SelectionDAGISel's memref filter (in
SelectCodeCommon) silently drops the MMO, leaving the final MachineInstr
without any memrefs - no miscompile, but no useful load-side metadata
either.

Sister path LowerGET_FPENV_MEM already flips MOStore -> MOLoad before
attaching its MMO to FLDENVm. Match that here so the MMO survives ISel.

Adds a MIR-trailer regression test asserting FLDENVm carries the
expected `:: (load (s224) from constant-pool, align 4)` memref.

This was found as part of @jlebar's X86 LLVM bug hunt / FuzzX effort:
https://github.com/SemiAnalysisAI/FuzzX/tree/master/x86 :
x86/bugs/014-resetfpenv-mmo-flagged-as-store-on-load

cc @jlebar
DeltaFile
+18-0llvm/test/CodeGen/X86/reset-fpenv-mmo.ll
+1-1llvm/lib/Target/X86/X86ISelLowering.cpp
+19-12 files

OPNSense/src 88e84d7sys/dev/axgbe xgbe-phy-v2.c xgbe-i2c.c

axgbe: gracefully handle i2c bus failures

In (unknown) situations it seems the i2c bus can have trouble,
while nothing about the current link state has changed, the driver
would react by going into a link down state, and start busylooping
on up to 4 cores. Even if there was a valid link, such spinning
on a cpu by a kernel thread would wreak havoc to existing and
new connections.

This patch does the following:
1. If such a bus failure occurs, we keep the last known link state.
2. Prevent busy looping by implementing the lockmgr() facility to
be able to sleep while the i2c code waits on the i2c ISR. We cap
this with a timeout.
3. Pin the admin queues to the last CPU in the system, to prevent
other scenarios where busy looping might occur from landing on CPU
0, which especially seems to cause a lot of issues.

Given the design constraints both in hardware and in software,

    [9 lines not shown]
DeltaFile
+62-29sys/dev/axgbe/xgbe-phy-v2.c
+37-13sys/dev/axgbe/xgbe-i2c.c
+4-1sys/dev/axgbe/xgbe-mdio.c
+5-0sys/dev/axgbe/xgbe.h
+2-1sys/dev/axgbe/if_axgbe_pci.c
+1-1sys/dev/axgbe/xgbe-phy-v1.c
+111-456 files

OPNSense/src dd9da70sys/netinet ip_output.c ip_fastfwd.c, sys/netinet6 ip6_output.c ip6_fastfwd.c

pf|ipfw|netinet6?: shared IP forwarding

This removes the if_output calls in the pf(4) code that escape further
processing by defering the forwarding execution to the network stack
using on/off style sysctls for both IPv4 and IPv6.

Also see: https://reviews.freebsd.org/D8877
DeltaFile
+136-12sys/netinet6/ip6_output.c
+108-10sys/netinet/ip_output.c
+39-48sys/netinet6/ip6_fastfwd.c
+28-46sys/netpfil/ipfw/ip_fw_pfil.c
+36-31sys/netinet6/ip6_forward.c
+28-37sys/netinet/ip_fastfwd.c
+375-1846 files not shown
+459-23712 files

OPNSense/src a0ec3d8stand/efi/loader main.c bootinfo.c

stand: add EFI support for mmio serial consoles

When no legacy serial is found, we may be looking at a non-legacy mmio
serial device mapping, in which case the efi_devpath_name() for name
ConOutDev looks like this:

    VenHw(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX,0090DCFE00000000)/Uart(115200,8,N,1)/VenVt100()

Which should tell the kernel to attach a console to 0xfedc9000
(little endian 64 bit value).  The value is stored behind the
VENDOR_DEVICE_PATH struct as a byte stream hence we need to check
if said address is appended behind the node.  Also enforce use for
uart by requiring the console speed read from the same device.

There is no scientific process for "rs:2" derivation, but evidence would
indicate that this is the correct setting for existing MMIO EFI consoles.

See also: http://bsdimp.blogspot.com/2018/07/how-to-get-memory-mapped-serial-console.html
DeltaFile
+17-0stand/efi/loader/main.c
+8-0stand/efi/loader/bootinfo.c
+25-02 files

OPNSense/src 735c205sys/dev/axgbe xgbe-phy-v2.c if_axgbe_pci.c

axgbe: XXX leftovers to figure out

axgbe: several patches from 22.1 not yet present in FreeBSD
axgbe: remove old annotations and a bit of whitespace cleanup

This is a stub from applying f45a2d1e5a + b9eca9d898 on top of
the upstreamed changes.  The enable_rss remove is correct and
looks like an oversight in the upstreaming.  About the others
I'm not sure but since we have them on file here we can discuss
and rearrange.
DeltaFile
+4-0sys/dev/axgbe/xgbe-phy-v2.c
+0-1sys/dev/axgbe/if_axgbe_pci.c
+1-0sys/dev/axgbe/xgbe_osdep.h
+5-13 files

OPNSense/src 1500ae9sys/dev/axgbe xgbe-phy-v2.c if_axgbe_pci.c

axgbe: Implement ifdi_i2c_req for diagnostics information

Fixes https://github.com/opnsense/src/issues/178
DeltaFile
+23-29sys/dev/axgbe/xgbe-phy-v2.c
+11-0sys/dev/axgbe/if_axgbe_pci.c
+2-1sys/dev/axgbe/xgbe.h
+36-303 files

OPNSense/src d7b82fdsys/dev/axgbe if_axgbe_pci.c xgbe-common.h

axgbe: add support for Yellow Carp Ethernet device
DeltaFile
+4-0sys/dev/axgbe/if_axgbe_pci.c
+2-0sys/dev/axgbe/xgbe-common.h
+6-02 files

OPNSense/src b4d882csys/dev/axgbe xgbe-phy-v2.c xgbe-mdio.c

axgbe: LED control for A30 platform

Since the I/O expander chip does not do a reset when soft power
cycling, the driver will first turn off all LEDs when initializing,
although no specific routine seems to be called when powering down.
This means that the LEDs will stay on until the driver has booted up,
after which the driver will be in a consistent state.
DeltaFile
+86-0sys/dev/axgbe/xgbe-phy-v2.c
+11-2sys/dev/axgbe/xgbe-mdio.c
+10-0sys/dev/axgbe/xgbe.h
+107-23 files

OPNSense/src be80d9bsys/netpfil/pf pf_table.c

pf: align sanity checks for pfrw_free
DeltaFile
+7-3sys/netpfil/pf/pf_table.c
+7-31 files

OPNSense/src 0df99d0libexec/getty gettytab

tty: patch in 3wire autologin support

PR: https://github.com/opnsense/core/issues/3921
DeltaFile
+18-0libexec/getty/gettytab
+18-01 files

OPNSense/src 06272b4sys/netinet ip_input.c, sys/netinet6 ip6_input.c in6.h

dummynet: passin after dispatch

Based on a patch originally found in m0n0wall, expanded
to IPv6 and aligned with FreeBSD's IP input path.

The limit may not be correctly accounted for on the WAN
interface due to dummynet counting the packet again even
though it was already processed.

The problem here is that there's no proper way to reinject
the packet at the point where it was previously removed
from so we make the assumption that ip input was already
done (including pfil) and more or less directly move to
packet output processing.

While here move the passin label up to take the extra check
but avoiding a second label.  Also remove the spurious tag
read for forward check since we don't use it and we should
really trust the mbuf flag.
DeltaFile
+22-11sys/netinet/ip_input.c
+11-3sys/netinet6/ip6_input.c
+6-0sys/netpfil/ipfw/ip_dn_io.c
+1-0sys/netinet6/in6.h
+40-144 files

OPNSense/src ca5e6db.github/ISSUE_TEMPLATE bug_report.md

github: sync our template
DeltaFile
+55-0.github/ISSUE_TEMPLATE/bug_report.md
+55-01 files

OPNSense/src 7da3d1dsys/net rss_config.c if_gre.c, sys/netinet ip_input.c

rss: add sysctl enable toggle

This commit also includes the original refactoring changes

This change allows the kernel to operate with the default netisr cpu-affinity settings while having RSS compiled in. Normally, RSS changes quite a bit of the behaviour of the kernel dispatch service - this change allows for reducing impact on incompatible hardware while preserving the option to boost throughput speeds based on packet flow CPU affinity.

Make sure to compile the following options in the kernel:

    options  RSS

As well as setting the following sysctls:

    net.inet.rss.enabled: 1
    net.isr.bindthreads: 1
    net.isr.maxthreads: -1 (automatically sets it to the number of CPUs)

And optionally (to force a 1:1 mapping between CPUs and buckets):

    net.inet.rss.bits: 3 (for 8 CPUs)

    [5 lines not shown]
DeltaFile
+37-1sys/net/rss_config.c
+20-0sys/netinet6/ip6_input.c
+19-0sys/netinet/ip_input.c
+12-7sys/net/if_gre.c
+7-0sys/netinet6/frag6.c
+6-0sys/netinet6/ip6_output.c
+101-811 files not shown
+131-1017 files

OPNSense/src 4e3e18esys/netinet ip_divert.c

divert: Avoid using atomic_(load|store)_(acq|rel)_16

It's not implemented on some arches.  Use a plain int to count the
number of sockets in a divert lbgroup.

Reported by:    Jenkins
Fixes:          895a0ae67fe2 ("divert: Define semantics for SO_REUSEPORT_LB on divert sockets")
DeltaFile
+7-5sys/netinet/ip_divert.c
+7-51 files

OPNSense/src 66528ddsys/dev/ixgbe ixgbe_phy.c if_ix.c

ixgbe: workaround to prevent an i2c bus read to keep trying to read an empty slot

When executing `ifconfig -v` this will lead to stalls for a second per
interface due to the timeout being set to a static 10 without a module
placed, this patch makes sure this is only allowed once per insertion.
DeltaFile
+12-0sys/dev/ixgbe/ixgbe_phy.c
+6-0sys/dev/ixgbe/if_ix.c
+2-0sys/dev/ixgbe/ixgbe_type.h
+20-03 files

OPNSense/src 9f0104eusr.sbin/bsdinstall/include Makefile, usr.sbin/bsdinstall/partedit partedit_x86.c

bsdinstall: react to WORKAROUND_HYBRID to force UEFI install on BIOS boot

Also add branding name.
DeltaFile
+3-1usr.sbin/bsdinstall/partedit/partedit_x86.c
+1-1usr.sbin/bsdinstall/include/Makefile
+4-22 files

OPNSense/src 893644ausr.sbin/rtsold rtsol.c

rtsold: check RA lifetime before triggering the one-shot always script

Historic context: rtsold is used by *sense to get a router address which
wasn't originally the daemon's purpose.  We only ever get the first address
per interface lifetime so if the RA contains an invalid router with a zero
lifetime and we catch it we cannot get a valid one ever again.

This is suboptimal in a number of ways, but the obvious way to deal with
this is to ignore all RA messages from routers that do not advertise a
default route.

PR: https://github.com/opnsense/core/issues/9551
DeltaFile
+4-2usr.sbin/rtsold/rtsol.c
+4-21 files

OPNSense/src 8ff25e3bin/csh dot.cshrc, share/skel dot.cshrc dot.profile

etc: OPNsense customisations

o add more key bindings to .cshrc
o add .vimrc to base installation
o disable fortune cookie
DeltaFile
+16-0usr.bin/vi/dot.vimrc
+4-0share/skel/dot.cshrc
+4-0bin/csh/dot.cshrc
+4-0usr.bin/vi/Makefile
+1-1share/skel/dot.profile
+29-15 files

OPNSense/src 648e4adsys/fs/tmpfs tmpfs_subr.c

tmpfs: allow recurse as that does happen when using unionfs
DeltaFile
+1-1sys/fs/tmpfs/tmpfs_subr.c
+1-11 files

OPNSense/src b6af3a9sys/net pfvar.h, sys/netpfil/pf pf.c

pf: backport changes around the following commit #242

 commit 49f39043a02d6011c1907e1b07eb034652a1269c
 Author: phessler <phessler at openbsd.org>
 Date:   Fri Apr 28 14:08:34 2023 +0000

    Relax the "pass all" rule so all forms of neighbor advertisements are allowed
    in either direction.

    This more closely matches the IPv4 ARP behaviour.

    From sashan@
    discussed with kn@ deraadt@
DeltaFile
+37-2sys/netpfil/pf/pf.c
+3-1sys/net/pfvar.h
+40-32 files

OPNSense/src 7ddf3ablib/libsys getsockopt.2, share/man/man4 divert.4

divert: Define semantics for SO_REUSEPORT_LB on divert sockets

Allow SO_REUSEPORT_LB to be set on divert sockets.  If set, then bind()
will add the socket to a "load-balancing group".  When a divert-to rule
matches a port with an associated group, the corresponding state ID is
used to select a specific socket from the group.  Packets without an
associated state are simply forwarded to the first socket in the group.
For now I only pass a state ID from pf, as I couldn't see a useful
identifier on the ipfw side.

This implementation is simple but has a caveat, that being that if
sockets are added to the group while flows are being processed, the size
of the group will change and this changes the mapping of state IDs to
sockets.  So, to get a consistent mapping, the divert socket application
must bind all of its sockets before any traffic is diverted by the
firewall.

Reviewed by:    glebius
MFC after:      1 month

    [3 lines not shown]
DeltaFile
+143-17sys/netinet/ip_divert.c
+21-3share/man/man4/divert.4
+5-1lib/libsys/getsockopt.2
+1-1sys/netinet/ip_var.h
+1-1sys/netinet/raw_ip.c
+1-1sys/netpfil/ipfw/ip_fw_pfil.c
+172-241 files not shown
+173-257 files

OPNSense/src b5b8ca1sys/netpfil/ipfw dn_sched_fq_codel.c

dummynet: move these exessive logging messages under debug output
DeltaFile
+3-2sys/netpfil/ipfw/dn_sched_fq_codel.c
+3-21 files

OPNSense/src 9157bbcsys/amd64/conf GENERIC.hints

Revert "amd64 GENERIC: Switch uart hints from "isa" to "acpi""

This reverts commit 74b9fc7adcf4afb1c3039267e338c3cfdf022957.
DeltaFile
+4-2sys/amd64/conf/GENERIC.hints
+4-21 files

OPNSense/src 8d7d385lib/libfetch common.c

libfetch: allow use of SSL_CRL_VERIFY

Since the default store already points to /etc/ssl/certs and the
CRLs are hashed there too it is trivial to bring libfetch applications
to verifying the CRLs contained when doing a SSL connection.

libfetch: ignore the error of an absence of a CRL

... when passing SSL_CRL_FILE / SSL_CRL_VERIFY.

The situation isn't ideal, but since we don't know what we are going to deal
with the situation is tricky.  It's especially pointless in scenarios of
pkg multi-repo cases where we need to deal wit a mixed bag of URLs during
the same context.  For the benefit of the doubt print the appropriate message
for the user to see.

In general it would be a bit safer if we could enforce the existence of a
CRL distribution point as a mandatory CRL check and the others as an optional
one with the warning as printed for the user to see.  It would also need a

    [18 lines not shown]
DeltaFile
+38-3lib/libfetch/common.c
+38-31 files

OPNSense/src 8a1835dbin/date date.c

date: Include old and new time in audit log (#221)

DeltaFile
+6-1bin/date/date.c
+6-11 files