lang/python314: fix/restore nxb-bin bytecode compile copypasta
_sysconfigdata no longer includes the FreeBSD major version, and
have ${REINPLACE_CMD} operate over all lines in the file.
Reported by: Christian Ullrich
PR: 296040
examples: Update COPTFLAGS in make.conf
We've been using -O2 for about fifteen years.
Reported by: Jan Stary <hans at stare.cz>
MFC after: 1 week
(cherry picked from commit 2ab18d3286f5e1ea08cd86e234377b673245ec15)
auditd: Fix signal handling
Rewrite the main loop to use ppoll() instead of just blocking on read,
blocking the signals we care about when we aren't polling.
I didn't bother replacing alarm() with setitimer(); the alarm code
is dead anyway since there is no way for max_idletime to acquire a
non-zero value.
While here, avoid leaking the pid file and trigger descriptors to the
log child.
PR: 295840
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D57451
(cherry picked from commit 5bd78cfc800339fd7f3945498052d67553af9e3c)
audit: Add poll / select support
It was previously not possible to poll() or select() on the trigger
device, which made implementing proper signal handling in auditd
difficult.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans, markj
Differential Revision: https://reviews.freebsd.org/D57457
(cherry picked from commit 0620c99d278b6a2fd6fe995f5bb365158e04ad7c)
audit: Replace TAILQ with STAILQ
This reduces the size of a trigger entry from 24 bytes to 16 (or from
12 bytes to 8 on 32-bit) with no additional complexity.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans, emaste
Differential Revision: https://reviews.freebsd.org/D57464
(cherry picked from commit 77e894cb09affe828f4bc81b8e4751a7e22860de)
check-old-libs: Show information about packages
If pkg is installed, for each old library found to still be present,
check if any installed packages either provide or require the library,
and inform the user.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D53977
(cherry picked from commit 8d9dff23f206cb86aed9857a985ed09cd38eb5ac)
auditd: Fix signal handling
Rewrite the main loop to use ppoll() instead of just blocking on read,
blocking the signals we care about when we aren't polling.
I didn't bother replacing alarm() with setitimer(); the alarm code
is dead anyway since there is no way for max_idletime to acquire a
non-zero value.
While here, avoid leaking the pid file and trigger descriptors to the
log child.
PR: 295840
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D57451
(cherry picked from commit 5bd78cfc800339fd7f3945498052d67553af9e3c)
examples: Update COPTFLAGS in make.conf
We've been using -O2 for about fifteen years.
Reported by: Jan Stary <hans at stare.cz>
MFC after: 1 week
(cherry picked from commit 2ab18d3286f5e1ea08cd86e234377b673245ec15)
audit: Replace TAILQ with STAILQ
This reduces the size of a trigger entry from 24 bytes to 16 (or from
12 bytes to 8 on 32-bit) with no additional complexity.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans, emaste
Differential Revision: https://reviews.freebsd.org/D57464
(cherry picked from commit 77e894cb09affe828f4bc81b8e4751a7e22860de)
audit: Add poll / select support
It was previously not possible to poll() or select() on the trigger
device, which made implementing proper signal handling in auditd
difficult.
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: kevans, markj
Differential Revision: https://reviews.freebsd.org/D57457
(cherry picked from commit 0620c99d278b6a2fd6fe995f5bb365158e04ad7c)
check-old-libs: Show information about packages
If pkg is installed, for each old library found to still be present,
check if any installed packages either provide or require the library,
and inform the user.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D53977
(cherry picked from commit 8d9dff23f206cb86aed9857a985ed09cd38eb5ac)
Merge tag 'x86_tdx_for_7.2-rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip
Pull x86 TDX updates from Dave Hansen:
"There are a few cleanups, and some changes that should allow TDX and
kexec to coexist nicely.
The biggest change, however, is support for updating the TDX module
after boot, just like CPU microcode. TDX users really want this
because it lets them do security updates without tearing things down
and rebooting.
- Add TDX module update support
- Make kexec and TDX finally place nice together
- Put TDX error codes into a single header"
* tag 'x86_tdx_for_7.2-rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip: (30 commits)
x86/virt/tdx: Document TDX module update
[20 lines not shown]
Merge tag 'x86_mm_for_7.2-rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip
Pull x86 mm updates from Dave Hansen:
"There's a small comment fixup, followed by an actual bug fix. The bug
fix is slightly new territory for us. It fixes a real regression, but
it is from ~6.18 not a _new_ regression. It was mostly only biting
folks doing hotplug memory testing. So, it was queued in here and held
for the merge window instead of going via x86/urgent.
- Fix freeing of PMD-sized vmemmap pages
- Update comment about pgd_list"
* tag 'x86_mm_for_7.2-rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip:
x86/mm: Fix freeing of PMD-sized vmemmap pages
x86: Update comment about pgd_list
Merge tag 'x86_misc_for_7.2-rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip
Pull misc x86 updates from Dave Hansen:
"These are the usual random pile, with the one exception of moving Rick
over to be a TDX maintainer. Rick has been doing a great job with TDX
contributions, especially on the host side of things. It's time to
promote him to "M".
- Move Rick Edgecombe to TDX maintainer
- Remove unused header
- Ensure printf() validation in all configs"
* tag 'x86_misc_for_7.2-rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip:
MAINTAINERS: Move Rick Edgecombe to TDX maintainer
x86: Remove unnecessary architecture-specific <asm/device.h>
x86/bug: Put HAVE_ARCH_BUG_FORMAT_ARGS WARN definitions inside __ASSEMBLER__
x86/bug: Add printf() validation to HAVE_ARCH_BUG_FORMAT_ARGS WARNs
Merge tag 'x86_sev_for_v7.2_rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip
Pull x86 SEV updates from Borislav Petkov:
- Remove redundant GHCB initialization guards in the SEV page state and
SVSM call paths now that the GHCB helpers handle early-boot fallback
internally
- Skip SNP initialization in the CCP driver immediately when the
preparation step fails rather than proceeding to an operation that
will certainly fail
- Abort SNP preparation and return an error when not all CPUs are
online, since the firmware enforces that every CPU enables SNP and
will fail init if not
- Simplify the VMM communication exception entry path by replacing
separate kernel and user mode macros with a single handler that
dispatches based on the current privilege level
[6 lines not shown]
[llvm-shlib] Fix parallel build failure in gen-msvc-exports.py on Windows (#197190)
The script was failing with OSError [Errno 22] Invalid argument when
opening a temp file during parallel Windows builds. The root cause is
that mkstemp() creates and closes a file descriptor, then the script
re-opens it by path in a loop. On Windows, between the close and
re-open, antivirus software or filesystem contention from parallel
build processes can briefly lock the file, causing the subsequent
open() to fail with EINVAL.
Fix by replacing the temp-file-based approach with
subprocess.check_output(), which captures nm's stdout directly in
memory. This eliminates the temp file entirely, removing the race
condition and simplifying the code (removing the unused mkstemp,
contextmanager, and os imports along with the helper functions).
Merge tag 'x86_microcode_for_v7.2_rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip
Pull x86 microcode loader updates from Borislav Petkov:
- Move the zero-revision fixup for AMD microcode to the patch level
retrieval function and restrict it to Zen family processors, ensuring
patch level arithmetic always operates on a valid revision
- Fix an incorrect comment about which CPUID bit is checked when
determining whether the microcode loader should be disabled
- Add the latest Intel microcode revision data for a broad range of
processor models and steppings and add the script which generates the
header of minimum expected Intel microcode revisions
* tag 'x86_microcode_for_v7.2_rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip:
x86/microcode/AMD: Move the no-revision fixup to get_patch_level()
x86/microcode: Fix comment in microcode_loader_disabled()
scripts/x86/intel: Add a script to update the old microcode list
x86/microcode/intel: Refresh old_microcode defines with Nov 2025 release
Merge tag 'x86_cleanups_for_v7.2_rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip
Pull x86 cleanups from Borislav Petkov:
- The usual pile of cleanups and fixlets the cat dragged in
* tag 'x86_cleanups_for_v7.2_rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip:
x86/cpu: Remove obsolete aperfmperf_get_khz() declaration
x86/pmem: Check for platform_device_alloc() retval
x86/platform/uv: Use str_enabled_disabled() in uv_nmi_setup_hubless_intr()
x86/cpu: Keep the PROCESSOR_SELECT menu together
x86/tlb: Convert copy_from_user() + kstrtouint() to kstrtouint_from_user()
x86/purgatory: Fix #endif comment
x86/boot: Get rid of kstrtoull()
x86/boot/compressed: Use boot_kstrtoul() for hugepages= parsing
Merge tag 'x86_cache_for_v7.2_rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip
Pull x86 resource control updates from Borislav Petkov:
"Preparatory work for MPAM counter assignment:
- Simplify the error handling path when creating monitor group event
configuration directories
- Make the MBM event filter configurable only on architectures that
support it and expose this with the respective file modes in the
event config
- Disallow the MBA software controller on systems where MBM counters
are assignable, as it requires continuous bandwidth measurement
that assignable counters do not guarantee
- Replace a compile-time Kconfig option for fixed counter assignment
with a per-architecture runtime property, and expose whether the
counter assignment mode is changeable to userspace
[18 lines not shown]
