FreeBSD/src 658bb99sys/compat/linuxkpi/common/include/linux module.h

linuxkpi: Implement `module_*()` APIs as static functions

This fixes an "unused variable" warning when building DRM drivers.

Reviewed by:    emaste
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56780
DeltaFile
+8-3sys/compat/linuxkpi/common/include/linux/module.h
+8-31 files

FreeBSD/src c295f02share/man/man9 zone.9

zone.9: Add a missing newline

MFC after:      3 days
DeltaFile
+1-0share/man/man9/zone.9
+1-01 files

FreeBSD/src 41b0393tests/sys/kern execve_overflow.c Makefile

tests: Add a simple regression test for an execve overflow bug

MFC after:      2 weeks
DeltaFile
+46-0tests/sys/kern/execve_overflow.c
+1-0tests/sys/kern/Makefile
+47-02 files

FreeBSD/src eca4dd1sys/kern kern_exec.c, sys/vm vm_kern.c vm_init.c

execve: Add guard pages around execve KVA buffers

This helps ensure that overflows will trigger a panic instead of
silently corrupting adjacent buffers, as happened in SA-26:13.exec.

Extend kmap_alloc_wait() to support allocation of guard pages on both
sides of a KVA allocation.  Modify the exec_map setup accordingly.  Add
the "vm.exec_map_guard_pages" tunable to provide control over the guard
page allocations.

Reviewed by:    kib
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D56711
DeltaFile
+32-7sys/vm/vm_kern.c
+6-2sys/vm/vm_init.c
+2-1sys/kern/kern_exec.c
+1-1sys/vm/vm_extern.h
+1-0sys/vm/vm_kern.h
+42-115 files

FreeBSD/src 77b8bc0sys/net if.c

ifnet: if_detach(): Fix races with vmove operations

The rationality is that the driver private data holds a strong reference
to the interface, and the detach operation shall never fail. Given the
vmove operation, if_vmove_loan(), if_vmove_reclaim() or vnet_if_return()
is not atomic and spans multiple steps, acquire ifnet_detach_sxlock only
for if_detach_internal() and if_vmove() is not sufficient. It is possible
that the thread running if_detach() sees stale vnet, or the vmoving is
in progress, then if_unlink_ifnet() will fail.

Fix that by extending coverage of ifnet_detach_sxlock a bit to also
cover if_unlink_ifnet(), so that the entire detach and vmove operation
is serialized.

Given it is an error when the if_unlink_ifnet() fails, and if_detach()
is a public KPI, prefer panic() over assertion on failure, to indicate
explicitly that bad thing happens. That shall also prevent potential
corrupted status of the interface, which is a bit hard to diagnose.


    [7 lines not shown]
DeltaFile
+17-6sys/net/if.c
+17-61 files

FreeBSD/src 320805atests/sys/net if_clone_test.sh

tests/net/if_clone_test: Add a test for races between if_detach() and if_vmove_reclaim()

Ideally we shall have tests for all possible races. It is races between
if_detach(), if_vmove_loan(), if_vmove_reclaim() and vnet_if_return().
Well that requires too many tests and it appears to be less valuable to
have them all. So focus on potential in future regressions related to
recent fixes [1] and [2] only.

[1] ee9456ce3753 ifnet: Fix races in if_vmove_reclaim()
[2] ba7f47d47dc1 ifnet: if_detach(): Fix races with vmove operations

MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D56606

(cherry picked from commit f4be16983dea4904f85ac20e921ad2a8c18a0f79)
(cherry picked from commit 696d1590697e9d4c0f07ce0a8d76a62bc77bdfd5)
DeltaFile
+29-0tests/sys/net/if_clone_test.sh
+29-01 files

FreeBSD/src 33da0a2tests/sys/netgraph eiface_test.sh Makefile

tests/netgraph: Add a test for races between if_detach() and vnet_if_return()

A ng_eiface(4) or physical interface does not involve the cloner hence
the detaching is a bit different with epair(4). Add more tests to cover
that.

PR:             292993
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D56609

(cherry picked from commit 0988abd52352ae0977cd3e5c10316b7d94e1cac8)
(cherry picked from commit 3a4c4d61ac2c9f369e55d0ab994c9da78aa4cb74)
DeltaFile
+67-0tests/sys/netgraph/eiface_test.sh
+2-0tests/sys/netgraph/Makefile
+69-02 files

FreeBSD/src 9598f72sys/net if_clone.c if.c, sys/netlink/route iface.c

if_clone: Make ifnet_detach_sxlock opaque to consumers

The change e133271fc1b5e introduced ifnet_detach_sxlock, and change
6d2a10d96fb5 widened its coverage, but there are still consumers,
net80211 and tuntap e.g., want it. Instead of sprinkling it everywhere,
make it opaque to consumers.

Out of tree drivers shall also benefit from this change.

Reviewed by:    kp
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D56298

(cherry picked from commit e9fc0c538264355bd3fd9120c650078281c2a290)
(cherry picked from commit c624e04a0bd0ab147ec64c17e3e53f5ebc769dcf)
DeltaFile
+16-1sys/net/if_clone.c
+1-4sys/net/if.c
+0-3sys/netlink/route/iface.c
+17-83 files

FreeBSD/src 3285980sys/net if.c

ifnet: Move SIOCSIFVNET from ifhwioctl() to ifioctl()

SIOCSIFVNET is not a hardware ioctl. Move it to where it belongs.

Where here, rewrite the logic of checking whether we are moving the
interface from and to the same vnet or not, since it is obviously not
stable to access the interface's vnet, given the current thread may
race with other threads those running if_vmove().

MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D55880

(cherry picked from commit 38bd7ef62f318f791e232e217855307a9d75efa0)
(cherry picked from commit 477c3ba3673152e88ec5c50d8f45db24102bdf07)
DeltaFile
+27-17sys/net/if.c
+27-171 files

FreeBSD/src e7063f1sys/net if.c

ifnet: vnet_if_return(): Avoid unnecessary recursive acquisition of ifnet_detach_sxlock

vnet_if_return() will be invocked by vnet_sysuninit() on vnet destructing,
while the lock ifnet_detach_sxlock has been acquired in vnet_destroy()
already.

With this change the order of locking is more clear. There should be no
functional change.

Reviewed by:    pouria
Fixes:          868bf82153e8 if: avoid interface destroy race
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D56288

(cherry picked from commit f1fae67afbb13a41d488d0e0ec66b1805925019c)
(cherry picked from commit ccfc2d91304e88aafc0ca0e13e0f8b5a156d2a01)
DeltaFile
+2-2sys/net/if.c
+2-21 files

FreeBSD/src bc73c7fsys/net if.c

ifnet: Remove unreachable code

The ioctls SIOCSIFVNET and SIOCSIFRVNET are for userland only. For
SIOCSIFVNET, if_vmove_loan(), the interface is obtained from current
VNET. For SIOCSIFRVNET, if_vmove_reclaim(), a valid child prison is
held before getting the interface. In both cases the VNET of the
obtained interfaces is stable, so there's no need to check it.

No functional change intended.

Reviewed by:    glebius, jamie (for #jails)
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D55828

(cherry picked from commit e0731059af912a27d0f842959218946b1daaa7d1)
(cherry picked from commit a989b0fbc965b453d97e3d032efb4f9c7592734a)
DeltaFile
+0-18sys/net/if.c
+0-181 files

FreeBSD/src f7145efsys/net if.c

ifnet: Fix races in if_vmove_reclaim()

The thread running if_vmove_reclaim() may race with other threads those
running if_detach(), if_vmove_loan() or if_vmove_reclaim(). In case the
current thread loses race, two issues arise,

 1. It is unstable and unsafe to access ifp->if_vnet,
 2. The interface is removed from "active" list, hence if_unlink_ifnet()
    can fail.

For the first case, check against source prison's vnet instead, given
the interface is obtained from that vnet.

For the second one, return ENODEV to indicate the interface was on the
list but the current thread loses race, to distinguish from ENXIO, which
means the interface or child prison is not found. This is the same with
if_vmove_loan().

Reviewed by:    kp, pouria

    [6 lines not shown]
DeltaFile
+9-5sys/net/if.c
+9-51 files

FreeBSD/src b1dc0bcsys/net if.c

ifnet: Add some sanity checks

To be more robust since the checking is now performed where the
interface is referenced.

While here, remove a redundant check from if_vmove_loan().

Reviewed by:    kp, glebius, pouria
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D55875

(cherry picked from commit 00d96da231d007673a1672452748d8ea4f6788ae)
(cherry picked from commit 877fa4f2a2d37dcd9e828d12dc9736c5e83ffd8c)
DeltaFile
+19-10sys/net/if.c
+19-101 files

FreeBSD/src d572835tests/sys/arch/amd64 int0x80.c

amd/int0x80 test: fix inline asm for gcc

Gcc complained about the unused %0 asm argument.

Fixes:  2c2ec6bbc9cc ("tests/sys/arch/amd64: add a program to check INT $0x80 behavior on amd64")
Reviewed by:    kib, markj
Differential Revision:  https://reviews.freebsd.org/D56781
DeltaFile
+3-2tests/sys/arch/amd64/int0x80.c
+3-21 files

FreeBSD/src 36b399fshare/man/man4 asmc.4, sys/dev/asmc asmc.c asmcvar.h

asmc: rename wol sysctl to auto_poweron

Older SMC firmware exposed AUPO as a Wake-on-LAN control. On updated
firmware, the key controls automatic power-on when AC power is restored
after a power loss; WoL is handled by the GBE controller instead.
Rename the sysctl to reflect the current semantics. No compatibility
alias is provided as the sysctl has not appeared in any release.

Reviewed by:    ziaee, adrian
Differential Revision:  https://reviews.freebsd.org/D56747
DeltaFile
+10-14sys/dev/asmc/asmc.c
+8-1share/man/man4/asmc.4
+3-1sys/dev/asmc/asmcvar.h
+21-163 files

FreeBSD/src 045a9efusr.bin/clang Makefile, usr.bin/clang/llvm-cov Makefile

llvm: Don't install /usr/bin/{gcov,objdump} twice

Commit c4f08d46c7f7 moved the symlinks for the LLVM binutils from LLVM
itself to the toolchain (usr.bin/clang/toolchain), but did not remove
the links for /usr/bin/gcov and /usr/bin/objdump from the llvm version,
meaning we installed them twice, once in the clang package and once in
the toolchain package.

Remove the links from the llvm version and move the MLINKs to toolchain,
which is where the other MLINKs dwell.

While here, fix toolchain to use the correct build option for llvm-cov,
MK_LLVM_COV.

Fixes: c4f08d46c7f7 ("llvm-*: Move all LLVM_BINUTILS symlinks to toolchain package")
Reported by:    jrm
Reviewed by:    jrm, dim, emaste
Sponsored by:   https://www.patreon.com/bsdivy
Differential Revision:  https://reviews.freebsd.org/D56788
DeltaFile
+4-0usr.bin/clang/toolchain/Makefile
+0-3usr.bin/clang/llvm-objdump/Makefile
+0-2usr.bin/clang/llvm-cov/Makefile
+1-0usr.bin/clang/Makefile
+5-54 files

FreeBSD/src 1b149c2usr.sbin/mixer mixer.c mixer.8, usr.sbin/mixer/tests mixer_test.sh

mixer(8): Deprecate some unintuitive control values

This is a follow-up to cc7479d7dc9b ("mixer(8): Improve mute and recsrc
controls"). These deprecated values will be completely removed on
2026-06-15.

Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Reviewed by:    0mp
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/21

(cherry picked from commit a28bb575c89c8de62684419ece1ff5e070e4ce24)
(cherry picked from commit 54922e4ec8909829a7ca8d2158c2a514a06df094)
DeltaFile
+31-17usr.sbin/mixer/mixer.c
+9-11usr.sbin/mixer/mixer.8
+1-17usr.sbin/mixer/tests/mixer_test.sh
+41-453 files

FreeBSD/src 8acc4c1contrib/libc-vis vis.3

vis.3: Try to better describe VIS_SAFE

The current text fails to draw the reader's attention to the fact that
VIS_SAFE essentially exempts certain characters from being encoded.

While here, fix some markup nits.

MFC after:      1 week
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D56716
DeltaFile
+19-13contrib/libc-vis/vis.3
+19-131 files

FreeBSD/src e3fc367krb5/include autoconf.h, krb5/util/build-tools krb5-config.sh Makefile

krb5: Adjust additional version strings

Fixes:          736e411a737b

(cherry picked from commit c64ee36e5d09ecee4ce4951047014c8461734fb5)
DeltaFile
+2-2krb5/include/autoconf.h
+1-1krb5/util/build-tools/krb5-config.sh
+1-0krb5/util/build-tools/Makefile
+4-33 files

FreeBSD/src ea93554krb5 Makefile.inc

krb5: Adjust version to 1.22.2

Fixes:          736e411a737b
(cherry picked from commit 8f46ba065143d9d89968a20b23844287d54c04a2)
DeltaFile
+1-1krb5/Makefile.inc
+1-11 files

FreeBSD/src 919b107crypto/krb5 README, crypto/krb5/src configure patchlevel.h

krb5: import MIT 1.22.2

Merge commit '90c687295e2d62f9411fc5b571f5af4e8ee187a7'

(cherry picked from commit 736e411a737b9f57c1303e6d15c5afd4f63af0d3)
DeltaFile
+14-23crypto/krb5/src/lib/krb5/ccache/cc_mslsa.c
+23-1crypto/krb5/README
+10-10crypto/krb5/src/configure
+8-0crypto/krb5/src/lib/krb5/ccache/cc_file.c
+3-3crypto/krb5/src/patchlevel.h
+2-2crypto/krb5/src/man/krb5kdc.man
+60-3934 files not shown
+120-9740 files

FreeBSD/src a22ad16crypto/krb5/src/lib/gssapi/spnego negoex_util.c

krb5: Fix two NegoEx parsing vulnerabilities

Bring in upstream commit 2e75f0d93 fixing two CVEs. Upstream commit
log is:

 In parse_nego_message(), check the result of the second call to
 vector_base() before dereferencing it.  In parse_message(), check for
 a short header_len to prevent an integer underflow when calculating
 the remaining message length.

 Reported by Cem Onat Karagun.

 CVE-2026-40355:

 In MIT krb5 release 1.18 and later, if an application calls
 gss_accept_sec_context() on a system with a NegoEx mechanism
 registered in /etc/gss/mech, an unauthenticated remote attacker can
 trigger a null pointer dereference, causing the process to terminate.


    [10 lines not shown]
DeltaFile
+6-1crypto/krb5/src/lib/gssapi/spnego/negoex_util.c
+6-11 files

FreeBSD/src 2157c0etests/sys/arch/amd64 int0x80.c Makefile

tests/sys/arch/amd64: add a program to check INT $0x80 behavior on amd64

(cherry picked from commit 2c2ec6bbc9cc7762a250ffe903bda6c2e44d25ff)
DeltaFile
+94-0tests/sys/arch/amd64/int0x80.c
+7-0tests/sys/arch/amd64/Makefile
+101-02 files

FreeBSD/src a42f95bsys/amd64/ia32 ia32_syscall.c

amd64 ia32_syscall(): only allow for ILP32 processes

(cherry picked from commit bd8edba0792b71be3f8ed5dea9c22287e95c986a)
DeltaFile
+9-0sys/amd64/ia32/ia32_syscall.c
+9-01 files

FreeBSD/src 0276461bin/sh main.c

bin/sh: make it possible to use as interactive init

(cherry picked from commit d7338bb4914d120e5719d3216b23a509c49ed3be)
DeltaFile
+19-0bin/sh/main.c
+19-01 files

FreeBSD/src fba39d5sbin/init Makefile

init: build dynamically

(cherry picked from commit 24d887436dcd5b6c18a7505e477c79cae3002c3a)
DeltaFile
+0-2sbin/init/Makefile
+0-21 files

FreeBSD/src cd86057sys/amd64/ia32 ia32_syscall.c

amd64: ia32_fetch_syscall_args() does not need to check params != NULL

(cherry picked from commit 912f9dfca451e359dda7cdf45539b7c19764f54d)
DeltaFile
+1-1sys/amd64/ia32/ia32_syscall.c
+1-11 files

FreeBSD/src 350d980sbin/init init.8

init.8: add RECOVERING section

(cherry picked from commit e378d97eeb2b8961f312cc04d4751579a7b70741)
DeltaFile
+35-0sbin/init/init.8
+35-01 files

FreeBSD/src 1332831sbin/init init.8

init.8: document init_path among loader tunables

(cherry picked from commit 9e6ae89d831a4ddce0925ac3682d602a71f1b26d)
DeltaFile
+5-0sbin/init/init.8
+5-01 files

FreeBSD/src e5c9bd6sys/kern init_main.c

kern/init_main.c: path is for the binary, not process

(cherry picked from commit a268af3447ebaa9712174ba2d226ffdc66f68e98)
DeltaFile
+1-1sys/kern/init_main.c
+1-11 files