FreeBSD/src 551d47csys/arm64/include pcpu.h

arm64: Ditch arm64-specific unsound PCPU optimisation

The current arm64 PCPU implementation uses a global register asm
variable to use x18, which we reserve with -ffixed-x18, from C. Inside a
critical_enter() or sched_pin(), it is vital that any PCPU reads use the
right PCPU pointer, as often the whole point of the critical_enter() or
sched_pin() is to ensure consistent PCPU use (e.g. for SMR it relies on
zpcpu giving the same SMR state). critical_enter() and sched_pin() both
include atomic_interrupt_fence(), i.e. asm volatile("" ::: "memory"),
barriers to ensure that memory accesses don't get moved by the compiler
outside the critical section, which on most architectures will also
order the read of the PCPU pointer itself (whether due to the read being
another asm volatile statement, or due to using a segment-relative
memory access as on x86). However, this approach on arm64 is in no sense
a memory access, and therefore the register access is not ordered with
respect to the the critical_enter() or sched_pin(), or more specifically
the curthread->td_critnest++ / curthread->td_pinned++ within.

In practice upstream today this works out ok because the read of x18 is

    [113 lines not shown]
DeltaFile
+4-6sys/arm64/include/pcpu.h
+4-61 files

FreeBSD/src fdea83asys/amd64/linux linux.h, sys/amd64/linux32 linux.h

linux: Ignore sigaction(2) flags SA_UNSUPPORTED and SA_EXPOSE_TAGBITS

SA_UNSUPPORTED was introduced in Linux 5.11 to probe support
for other flags such as SA_EXPOSE_TAGBITS, introduced
at the same time. Ignore both.

Signed-off-by:  Ricardo Branco <rbranco at suse.de>
PR:             289285
Reviewed by:    pouria, kib
Pull-Request:   https://github.com/freebsd/freebsd-src/pull/2163
DeltaFile
+8-0sys/compat/linux/linux_signal.c
+2-0sys/i386/linux/linux.h
+2-0sys/amd64/linux/linux.h
+2-0sys/amd64/linux32/linux.h
+2-0sys/arm64/linux/linux.h
+16-05 files

FreeBSD/src 04e4268sys/arm64/arm64 cpufunc_asm.S, sys/arm64/include cpufunc.h

arm64: Remove cpu_tlb_flushID now it's unused

Reviewed by:    alc
Sponsored by:   Arm Ltd
Differential Revision:  https://reviews.freebsd.org/D52185
DeltaFile
+0-16sys/arm64/arm64/cpufunc_asm.S
+0-3sys/arm64/include/cpufunc.h
+0-192 files

FreeBSD/src 4bdbb6fsys/arm64/arm64 kexec_support.c

arm64: Stop using cpu_tlb_flushID in kexec

It will be removed soon & replaces with pmap_s1_invalidate_all_kernel.
This allows us to handle errata that cpu_tlb_flushID is missing
workarounds for.

Sponsored by:   Arm Ltd
DeltaFile
+1-1sys/arm64/arm64/kexec_support.c
+1-11 files

FreeBSD/src b5bad6dsys/dev/virtio/network if_vtnet.c if_vtnetvar.h

virtio_net: Use bus_dma for command/ack buffers

While the majority of virtio platforms will be fully coherent, some may
require cache maintenance or other specific device memory handling (eg for
secure partitioning). Using bus_dma allows for these usecases.

The virtio buffers are marked as coherent; this should ensure that sync
calls are no-ops in the common cases.

Reviewed by:    andrew
Sponsored by:   Arm Ltd
Differential Revision:  https://reviews.freebsd.org/D55564
DeltaFile
+278-58sys/dev/virtio/network/if_vtnet.c
+6-0sys/dev/virtio/network/if_vtnetvar.h
+284-582 files

FreeBSD/src e63eee8lib/libgcc_s Makefile libgcc_s.ldscript

libgcc_s: Add a linker script to link to libgcc

When using outline atomics on arm64 the compiler will create a call to
a function that performs the atomic operation. This allows us to use
the fastest operation depending on the hardware.

As these functions are implemented in libgcc create a linker script
so libraries that link against libgcc_s will include libgcc to pull
them in.

Reviewed by:    imp, jhb
Sponsored by:   Arm Ltd
Differential Revision:  https://reviews.freebsd.org/D45268
DeltaFile
+2-0lib/libgcc_s/Makefile
+1-0lib/libgcc_s/libgcc_s.ldscript
+3-02 files

FreeBSD/src c16c951sys/dev/virtio/network if_vtnet.c if_vtnetvar.h

virtio_net: Use bus_dma for rxq/txq buffers

While the majority of virtio platforms will be fully coherent, some may
require cache maintenance or other specific device memory handling (eg for
secure partitioning). Using bus_dma allows for these usecases.

The virtio buffers are marked as coherent; this should ensure that sync
calls are no-ops in the common cases.

Reviewed by:    andrew
Sponsored by:   Arm Ltd
Differential Revision:  https://reviews.freebsd.org/D55492
DeltaFile
+258-17sys/dev/virtio/network/if_vtnet.c
+10-0sys/dev/virtio/network/if_vtnetvar.h
+268-172 files

FreeBSD/src e393563contrib/expat configure.ac, contrib/expat/lib xmlparse.c Makefile.in

contrib/expat: import expat 2.8.0

Changes: https://github.com/libexpat/libexpat/blob/R_2_8_0/expat/Changes

Security:       CVE-2026-41080
MFC after:      1 week
DeltaFile
+118-200contrib/expat/lib/xmlparse.c
+156-14contrib/expat/lib/Makefile.in
+13-143contrib/expat/tests/Makefile.in
+117-18contrib/expat/configure.ac
+90-0contrib/expat/lib/random_getrandom.c
+88-0contrib/expat/lib/random_rand_s.c
+582-37548 files not shown
+1,281-88654 files

FreeBSD/src 4c6d8aalib/libsys chroot.2

chroot.2: "filedescriptors" => "file descriptors"

"filedescriptors" is the odd one out when looking at other manual pages.

MFC after:      3 days
Sponsored by:   The FreeBSD Foundation
DeltaFile
+3-3lib/libsys/chroot.2
+3-31 files

FreeBSD/src 07b5223secure/caroot/trusted QuoVadis_Root_CA_3.pem SwissSign_Gold_CA_-_G2.pem, secure/caroot/untrusted Chambers_of_Commerce_Root_-_2008.pem Global_Chambersign_Root_-_2008.pem

caroot: Regenerate

Regenerate using certificate data from NSS 3.123.1.

MFC after:      1 week
Reviewed by:    kevans
DeltaFile
+0-149secure/caroot/untrusted/Chambers_of_Commerce_Root_-_2008.pem
+0-148secure/caroot/untrusted/Global_Chambersign_Root_-_2008.pem
+0-146secure/caroot/trusted/QuoVadis_Root_CA_3.pem
+146-0secure/caroot/untrusted/QuoVadis_Root_CA_3.pem
+0-138secure/caroot/trusted/SwissSign_Gold_CA_-_G2.pem
+0-138secure/caroot/untrusted/LuxTrust_Global_Root_2.pem
+146-719117 files not shown
+5,032-7,421123 files

FreeBSD/src ce33d63secure/caroot/trusted Comodo_AAA_Services_root.pem D-TRUST_EV_Root_CA_1_2020.pem

caroot: Clean up

* Get certdata.txt directly from the NSS Mercurial repository, rather
  than from the Mozilla Firefox repository which imports it from NSS at
  irregular intervals.

* Instead of always fetching the latest certdata.txt, fetch a specific
  version.  For this commit, we set this to the version that was last
  imported in May 2025.

* Add a refrence to the MPL to the generated files.

* Regenerate with latest OpenSSL.  This is purely cosmetic; mostly, the
  certificate names now contain less unnecessary whitespace and some
  elements are quoted.

MFC after:      1 week
Reviewed by:    michaelo, kevans
Differential Revision:  https://reviews.freebsd.org/D56620
DeltaFile
+6-7secure/caroot/trusted/Comodo_AAA_Services_root.pem
+6-7secure/caroot/trusted/D-TRUST_EV_Root_CA_1_2020.pem
+6-7secure/caroot/trusted/D-TRUST_BR_Root_CA_1_2020.pem
+6-7secure/caroot/trusted/D-TRUST_Root_Class_3_CA_2_2009.pem
+6-7secure/caroot/trusted/D-TRUST_Root_Class_3_CA_2_EV_2009.pem
+6-7secure/caroot/trusted/Certigna_Root_CA.pem
+36-42188 files not shown
+800-1,300194 files

FreeBSD/src 1102bff. configure.ac, lib xmlparse.c Makefile.in

Vendor import of expat 2.8.0
DeltaFile
+118-200lib/xmlparse.c
+156-14lib/Makefile.in
+13-143tests/Makefile.in
+117-18configure.ac
+90-0lib/random_getrandom.c
+88-0lib/random_rand_s.c
+582-37545 files not shown
+1,275-88051 files

FreeBSD/src c73cd9csys/arm/allwinner if_awg.c

if_awg: Add missing awg_poll() prototype

The function awg_poll() was missing a prototype, which causes the build
to fail if DEVICE_POLLING is enabled, which it is in the ARMADAXP config.

MFC after:      2 weeks
Reviewed by:    tuexen, mmel, adrian
Sponsored by:   https://www.patreon.com/bsdivy
Differential Revision:  https://reviews.freebsd.org/D56651
DeltaFile
+3-0sys/arm/allwinner/if_awg.c
+3-01 files

FreeBSD/src 221b1d4packages Makefile

packages: Don't build quotacheck if WITHOUT_QUOTAS=yes

PR:     294775
Fixes:  bb75b0d581f7 ("packages: Convert world to a subdir build")
MFC after:      2 weeks
Reported by:    Alastair Hogge <agh at riseup.net>
Sponsored by:   https://www.patreon.com/bsdivy
Differential Revision:  https://reviews.freebsd.org/D56635
DeltaFile
+1-1packages/Makefile
+1-11 files

FreeBSD/src 912f9dfsys/amd64/ia32 ia32_syscall.c

amd64: ia32_fetch_syscall_args() does not need to check params != NULL

Whatever params pointer is, it does not matter.  copyin() handles any
values.  In fact, params cannot be ever NULL.

Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D56630
DeltaFile
+1-1sys/amd64/ia32/ia32_syscall.c
+1-11 files

FreeBSD/src bd8edbasys/amd64/ia32 ia32_syscall.c

amd64 ia32_syscall(): only allow for ILP32 processes

64bit processes can issue INT $0x80 instruction, and get the syscall
dispatched through ia32_syscall().  This works because syscall argument
fetch and result return are selected from the process sysent.

But, ia32_syscall() does not verify some conditions and does not perform
some actions which are considered unnecessary because the caller is
supposed to only access lower 4G.  The INT syscall path breaks this
assumption.

We never supported such hack, so disable it.  Send the offending thread
SIGBUS as if #GP was issued by hardware due to IDT vector 0x80 having
not numerically high enough DPL value.

Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D56630
DeltaFile
+9-0sys/amd64/ia32/ia32_syscall.c
+9-01 files

FreeBSD/src e378d97sbin/init init.8

init.8: add RECOVERING section

Reviewed by:    imp, jilles
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D56536
DeltaFile
+35-0sbin/init/init.8
+35-01 files

FreeBSD/src 9e6ae89sbin/init init.8

init.8: document init_path among loader tunables

Reviewed by:    imp, jilles
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D56536
DeltaFile
+5-0sbin/init/init.8
+5-01 files

FreeBSD/src a268af3sys/kern init_main.c

kern/init_main.c: path is for the binary, not process

Reviewed by:    imp, jilles
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D56536
DeltaFile
+1-1sys/kern/init_main.c
+1-11 files

FreeBSD/src d7338bbbin/sh main.c

bin/sh: make it possible to use as interactive init

If the /sbin/init binary is broken somehow, the way out is to set the
loader environment variable init_path to something else.  The most
natural choice would be either /bin/sh or /rescue/sh.  Unfortunately,
this does not work because the init process starts withoud stdin/out
descriptors.

Make it nicer to users by teaching /bin/sh startup code to open standard
descriptors on /dev/console if the shell is run as init.

Reviewed by:    imp, jilles, zlei
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D56536
DeltaFile
+19-0bin/sh/main.c
+19-01 files

FreeBSD/src 24d8874sbin/init Makefile

init: build dynamically

This makes it easier to downgrade kernel when it stops providing some
syscall required by libc.  In this case, it is enough to downgrade libc
as well, our crt1 delegates all non-trivial work to
libc::__libc_start1().  With static init, the /sbin/init should be
downgraded as well, which might be not easy.

This does not mean that we support forward compatibility.

Reviewed by:    imp, jilles, zlei
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D56536
DeltaFile
+0-2sbin/init/Makefile
+0-21 files

FreeBSD/src f60defbsys/conf std.nodebug

conf/std.nodebug: disable DEBUG_LOCKS

(cherry picked from commit 85a04bea5a54d6879c8fbf49eea20aba7ca24692)
DeltaFile
+1-0sys/conf/std.nodebug
+1-01 files

FreeBSD/src fad4e7bsys/kern kern_membarrier.c

membarrier(2): use atomic for lockless read of curproc->p_flag2

(cherry picked from commit 950fd59955e10429c1325c327f0141a7e97fcfe5)
DeltaFile
+7-6sys/kern/kern_membarrier.c
+7-61 files

FreeBSD/src ea8fd84lib/libkvm kvm_proc.c, sys/compat/freebsd32 freebsd32.h

kern/proc: expose reaper PID and subtree root in struct kinfo_proc

PR:     293871

(cherry picked from commit 0f89380a3d208d67698f2d35afd35257e5fdbe09)
DeltaFile
+8-0lib/libkvm/kvm_proc.c
+3-1sys/compat/freebsd32/freebsd32.h
+4-0sys/kern/kern_proc.c
+3-1sys/sys/user.h
+18-24 files

FreeBSD/src b024a8dlib/libsys membarrier.2

membarrier.2: document MEMBARRIER_CMD_GET_REGISTRATIONS

(cherry picked from commit 324b3c2892a53e5fd9b1d8795a31a59ee835c5de)
DeltaFile
+6-0lib/libsys/membarrier.2
+6-01 files

FreeBSD/src 342ce4bsys/kern kern_membarrier.c, sys/sys membarrier.h

membarrier(2): implement the MEMBARRIER_CMD_GET_REGISTRATIONS command

(cherry picked from commit aaa10396a997bafc28ce6551e92563620caf3df4)
DeltaFile
+17-3sys/kern/kern_membarrier.c
+3-0sys/sys/membarrier.h
+20-32 files

FreeBSD/src f7bf9fdsys/netinet tcp_hpts_test.c

tests/tcp_hpts_test: Fix resource leaks

When a KTEST_EQUAL assertion fails, the test function returns, but this
can cause it to leak locks, which can trigger a panic under witness.
Add a variant which causes control flow to jump to a label in case of
failure, and use that to prevent this problem.

Reviewed by:    Nick Banks <nickbanks at netflix.com>, tuexen
MFC after:      1 weeks
Differential Revision:  https://reviews.freebsd.org/D56647
DeltaFile
+22-5sys/netinet/tcp_hpts_test.c
+22-51 files

FreeBSD/src 16ed84dinclude stdbit.h, sys/sys stdint.h

include/stdbit.h: declare size_t, (u)int*_t, and (u)int_least*_t

These are required by ISO/IEC 9899:2024 § 7.18.1 ¶ 1 but were forgotten
in my initial work.

The current approach leaks intptr_t, uintptr_t, intmax_t, and uintmax_t
through <sys/_stdint.h>.  This could be avoided using a more complicated
approach if desired.

PR:             294131
Fixes:          6296500a85c8474e3ff3fe2f8e4a9d56dd0acd64
Reported by:    Collin Funk <collin.funk1 at gmail.com>
Reviewed by:    imp
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D56515

(cherry picked from commit c8c9324c94dfd4eeecbcfe4a1d3daa047420d3e5)
DeltaFile
+21-1include/stdbit.h
+3-0sys/sys/stdint.h
+24-12 files

FreeBSD/src 92e5f6esys/x86/x86 ucode_subr.c

x86/ucode: fix gcc uninitialised warning

This fixes the case where selected_size is never set to anything
in the loop.  Whilst here, also set selected_fw to NULL so the case
of "no firmware" correctly sets everything to NULL/0.

```
  --- ucode_subr.o ---
  /workspace/src/sys/x86/x86/ucode_subr.c: In function 'ucode_amd_find':
  /workspace/src/sys/x86/x86/ucode_subr.c:237:25: warning: 'selected_size' may be used uninitialized [-Wmaybe-uninitialized]
    237 |         *selected_sizep = selected_size;
        |         ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~
/  workspace/src/sys/x86/x86/ucode_subr.c:105:16: note: 'selected_size' was declared here
    105 |         size_t selected_size;
        |                ^~~~~~~~~~~~~
```

Reviewed by:    emaste
Differential Revision:  https://reviews.freebsd.org/D55439
DeltaFile
+2-2sys/x86/x86/ucode_subr.c
+2-21 files

FreeBSD/src 4feeca3usr.bin/tail reverse.c

tail(1): Fix -r (reverse) to work on pseudo filesystems

Pseudo filesystems (e.g., procfs) advertise a zero file size.
Fix reverse() to handle such a case similarly as forward() so
that '-r' works on pseudo filesystems.

Signed-off-by:  Aaron LI <aly at aaronly.me>
Reviewed by:    pouria, Ricardo Branco <rbranco at suse.de>, des
Fixes:          1fb3caee7 ("tail: Do not trust st_size if it equals zero.")
Pull-Request:   https://github.com/freebsd/freebsd-src/pull/2080
DeltaFile
+1-1usr.bin/tail/reverse.c
+1-11 files