pfctl tests: test rdr-to and nat-to in one rule
OpenBSD fixed this separately (in their 6a338f3f70). We appear to not
have had this bug, but test for it anyway.
Sponsored by: Rubicon Communications, LLC ("Netgate")
pfctl: parser must not ignore error from pfctl_optimize_ruleset()
Ignoring the error may cause pfctl(8) to load inconsistent ruleset
preventing pf(4) to enforce desired policy.
Issue reported and fix suggested by berts _from_ fastmail _dot_ com
'Looks good.' @deraadt
MFC after: 1 week
Obtained from: OpenBSD, sashan <sashan at openbsd.org>, 9fd28a8cca
Sponsored by: Rubicon Communications, LLC ("Netgate")
release.sh: add chroot cleanup routine
The chroot_cleanup routine handles any cleanup needed post-chroot_setup,
etc. This consists of purely tearing down `${CHROOTDIR}/dev` today, but
might involve additional steps, as needed for custom functions. This
allows end-users to override the various chroot functions without having
to modify code in main() or replicate the unmount procedure in an
equivalent routine setup via the trap builtin.
This change modifies the /dev unmount process to use `umount -f` instead
of `umount`. The latter can result in failures if resources are still
mounted or are running post-build, whereas the former will clean up any
resources still in use by processes running in the chroot at time of
build. Moreover, the `chroot_cleanup` routine is now called when the
script is killed with `SIGINT` and `SIGTERM`, as well as at `EXIT`,
better ensuring that the script's resources are cleaned up in relatively common
scenarios that can be detected/handled.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D55450 (as part of a larger change)
release.sh: document user-overriddable functions
This helps others attempting to customize the behavior of `release.sh`.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D55450 (as part of a larger change)
libc: Fix cxa_thread_atexit{,nothr} test.
After patch 9d26b82, we don't provide recursive call protection anymore.
Therefore, to pass the test, we adjust the testcase by protecting on
caller and the testcase is to make sure the dtors is properly handled.
Reported by: siva
Reviewed by: kib
Approved by: markj (mentor)
Fixes: 9d26b82826d9 ("libc: Fix dtor order in __cxa_thread_atexit")
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55893
hwpstate_amd: Refactor the cpufreq code by using delegation pattenr
We separate the code of CPPC and legacy pstate driver to make it easier
to read.
Reviewed by: olce
Approved by: markj (mentor)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55604
diff3: Produce correct exit status
Use exit status 2 for errors, 1 only to indicate that differences were
found between the inputs (in some operating modes).
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: ngie, bapt
Differential Revision: https://reviews.freebsd.org/D55608
(cherry picked from commit fe5341287c6c9bacc18879b25ed72ceb42e1c811)
diff3: Code cleanup
* Order includes.
* Turn the diff type into an enum.
* Turn an unreachable error message into an assertion.
* Remove unused debugging code.
* Remove some dead assignments.
* Consistently use 1 instead of EXIT_FAILURE.
* Turn a return from main() into an exit().
MFC after: 1 week
Sponsored by: Klara, Inc.
Reviewed by: bapt
[3 lines not shown]
diff3: fix diff3 -A
for cases where file2 differs but file1 and file3 agrees, the code
stored the file2 and file3 line numbers in the de[] editing script
entries but used them as if they were file1 line numbers.
Reviewed by: thj
Differential Revision: https://reviews.freebsd.org/D55276
(cherry picked from commit 8d442cf32e4fb29fbb85090ac29d32d1e30fd824)
diff3: fix merge mode
Make the merge mode compatible with GNU diff3
Add tests for all the changes, those tests are extracted from the
etcupdate testsuite.
This version passes the etcupdate testsuite and the diffutils diff3
test suite.
MFC After: 1 week
(cherry picked from commit 2cfca8e710f260b8a1bb1ee5e1836a52e468ef4b)
libcrypto: compile all PIC objects with -DOPENSSL_PIC -fPIC
This change modifies the libcrypto PIC objects to always compile with
`-DOPENSSL_PIC -fPIC` to restore parity with the upstream build process.
This ensures that the legacy provider is built with parity to the
upstream legacy provider.
MFC after: 12 days
Tested with: `make check` (legacy provider), `make universe`
Fixes: 14b9955e
Differential Revision: https://reviews.freebsd.org/D44896
nfs_clstate.c: Handle the same stateid case correctly
When an NFSv4.1/4.2 sarver upgrades a read delegation to
a write delegation, it does not need to change the
delegation's stateid.
Without this patch, a DELEGRETURN of the stateid was done
for the case where the delegation stateid had not changed.
This return was bogus, since the delegation stateid now
represents the new write delegation.
This patch fixes the priblem by checking for "same stateid"
and only doing the DELEGRETURN when it is not the same.
PR: 289711
(cherry picked from commit 016570c4463d5908953355ee1cf9a385ad9601b4)
nfs_clstate.c: Handle the same stateid case correctly
When an NFSv4.1/4.2 sarver upgrades a read delegation to
a write delegation, it does not need to change the
delegation's stateid.
Without this patch, a DELEGRETURN of the stateid was done
for the case where the delegation stateid had not changed.
This return was bogus, since the delegation stateid now
represents the new write delegation.
This patch fixes the priblem by checking for "same stateid"
and only doing the DELEGRETURN when it is not the same.
PR: 289711
(cherry picked from commit 016570c4463d5908953355ee1cf9a385ad9601b4)
amd64: revert back struct trapframe to the pre-FRED definition
Trying to use the grown struct trapframe for IDT case broke in cases
where code supposed that hardware consumed sizeof(struct trapframe) of
the stack space when delivering interrupt or exception. In particular,
this was broken for #NM/#DB/#MC. Naive attempt of using IDT-trapframe
size for stack consumption caused later problems with larger C type.
Instead of pretending that IDT event delivery pushed two never-accessed
doubleword to the stack, keep it honest and provide separate type for
the FRED interrupt frame, i.e. struct trapframe_fred.
Convert between trapframe_fred and trapframe can be done by trivial pointer
arithmetic.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
LinuxKPI: add supporting #includes
Compiling drm-kmod on !X86 does not include asm/smp.h which includes
preempt.h on FreeBSD. In order to compile drm-kmod on other
architectures add the secondary #includes for preempt.h to
spinlock.h and hardirq.h (which now also gets included from highmem.h)
to connect the #include chain.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
PR: 279864
Reviewed by: jhibbits, emaste
Differential Revision: https://reviews.freebsd.org/D55974
sbuf: make assertion message a lot more useable
Saying that we are called with an (un)finished or corrupted sbuf
is like saying "error" (though [un]finished is an extra hint).
Add the pointer to the sbuf so one could easily check it,
add the flags we are checking so one could see quickly about
a possible state mismatch.
Given we already dereference the pointer in the KASSERT there is no
extra harm adding it to the message.
Found while: testing lindebugfs changes
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D55919
Revert "vmimage.subr: pkg autoremove after pkg install"
This reverts commit 6a13aeac3c1f98db7cf156f24a4d6bc8d3c321f6.
The "bogus dependencies being installed" issue was traced down to pkg
confusion surrounding libclang_rt.asan-i386.so linking to a 32-bit
libgcc_s.so.1, and a more minimal workaround of "install clibs-lib32"
has been applied, so this hack is no longer required.
MFC after: 3 days
Sponsored by: Amazon
EC2: Add clibs-lib32 pkg to small/builder images
The FreeBSD-clang package on amd64 contains libclang_rt.asan-i386.so,
which links to the 32-bit version of libgcc_s.so.1. It is not clear
if that file belongs in FreeBSD-clang or if it should be placed into
a different package.
For unknown reasons, pkg *sometimes* recognizes this and decides that
it needs to install a package to supply libgcc_s.so.1:32.
In particular, when we initially install the VM with 'pkg install
[long list of FreeBSD-* packages]', pkg does not recognize that it
wants this; but the *next* time 'pkg install' runs, it decides that
it needs libgcc_s.so.1:32 -- even though that particular library is
not needed by the particular package we're trying to install -- and
goes looking for it... and ends up picking gcc12-devel as a provider.
Later in the EC2 image building process, we run 'pkg autoremove' (which
was added during 15.0 to get rid of the "bogus dependencies" which were
[19 lines not shown]
tunefs: Don't combine GEOM journaling with SU
GEOM journaling shouldn't be used at the same time as soft updates, so
don't enable one if the other is already in use.
MFC after: 1 week
PR: 293896
Reviewed by: mckusick
Differential Revision: https://reviews.freebsd.org/D56002
kernel: Be clearer about what ZSTDIO is for
ZSTDIO is not just for core dumps, and it is now required by ZFS, so
move it (and GZIO, which is still just for dumps) to a new “Compression
support” section in GENERIC, and add them both to MINIMAL.
MFC after: 1 week
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D55940
newfs: Don't combine GEOM journaling with SU
GEOM journaling shouldn't be used at the same time as soft updates, so
don't enable soft updates if GEOM journaling has been requested, and
error out if both are explicitly requested.
MFC after: 1 week
PR: 293896
Reviewed by: mckusick
Differential Revision: https://reviews.freebsd.org/D55999
alloca.3: Add entry about defining VLAs in same block as alloca() to BUGS
Refer to alloca() as a (builtin) function or macro, as it could be
defined as either depending on the compiler.
Paragraph about bug comes from Darwin's libc, and example added to
illustrate it.
Reviewed by: bnovkov
Approved by: bnovkov
MFC after: 3 days
Obtained from: https://github.com/apple-oss-distributions/libc (partially)
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55370
(cherry picked from commit 4da237aee328f368cd85b659854c4556a39f15ef)
acpi.4: Update sysctl descriptions for new stypes
The previous S1-S5 options are still accepted for compatibility, but
they are now deprecated in favour of the new generic sleep types.
Reported by: markj
Reviewed by: markj
Approved by: markj
Fixes: 97d152698f48 ("acpi: Use sleep types defined in sys/power.h")
Event: AsiaBSDCon 2026
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56008
acpi: Print sysctl name in deprecated sleep type warning
Reported by: markj
Fixes: 97d152698f48 ("acpi: Use sleep types defined in sys/power.h")
Event: AsiaBSDCon 2026
Sponsored by: The FreeBSD Foundation
