FreeBSD/src b5dce0alib/libutil login_class.c

login_class: Fix kqueues, pipebuf resource types

* kqueues is a count but is listed as a size

* pipebuf is a size but is listed as a count

PR:             295623
MFC after:      1 week
Fixes:          a4c04958f526 ("libutil: support RLIMIT_PIPEBUF")
Fixes:          85a0ddfd0b26 ("Add a resource limit for the total...")
Reviewed by:    kib
Differential Revision:  https://reviews.freebsd.org/D57333
DeltaFile
+2-2lib/libutil/login_class.c
+2-21 files

FreeBSD/src c5ad71csys/kern subr_eventhandler.c

eventhandler: Fix the NODEBUG build

Reported by:    Michael Butler <imb at protected-networks.net>
Fixes:          735b16d490ae ("eventhandler: Fix a race when pruning eventhandlers")

(cherry picked from commit 3d8928114c4fec6cefbb1cd566ef8d1b3d2999e2)
DeltaFile
+3-1sys/kern/subr_eventhandler.c
+3-11 files

FreeBSD/src 795416bsys/netinet tcp_subr.c tcp_var.h

tcp: Remove a no-op eventhandler

It has done nothing since commit bc7d18ae7224.  No functional change
intended.

Reviewed by:    tuexen
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D57101

(cherry picked from commit bc041630fae2ea89bf041bf5d13df220aae4b2bf)
DeltaFile
+0-8sys/netinet/tcp_subr.c
+0-1sys/netinet/tcp_var.h
+0-92 files

FreeBSD/src 048458asys/amd64/include vmparam.h

amd64/vmparam: Fix KASAN shadow map size in comment

The address range 0xfffff78000000000 - 0xfffff7bfffffffff spans exactly 256GB
(0x4000000000 bytes), not 512GB.

For a 2TB kernel map, based on the KASAN 1:8 shadow map ratio, the required
shadow map size is indeed 256GB. The current comment incorrectly states 512GB,
which can be misleading and cause confusion.

Reviewed by:    markj
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D57129

(cherry picked from commit b36fd09a834be586fbc1630294e17554e1f76175)
DeltaFile
+2-2sys/amd64/include/vmparam.h
+2-21 files

FreeBSD/src 7f8d45bsys/amd64/linux linux_vdso_gtod.c, sys/amd64/linux32 linux32_vdso_gtod.c

linux: Fix some problems with header pollution

- Avoid including sys/proc.h in linux_vdso_gtod.c.  It's not needed, but
  the implicit inclusion of sys/param.h via sys/ucred.h->bsm/audit.h was
  bringing in some required definitions.
- Include a couple of required headers: sys/time.h (for struct bintime),
  and limits.h (for INT_MAX).
- Move some helpers from linux.h, which depend on sys/param.h for NODEV,
  to the one CU where they're actually used.

No functional change intended.

Reviewed by:    imp, kib, emaste
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D56982

(cherry picked from commit b99954433d42d978b257e846dbfe568e9af7b140)
DeltaFile
+0-50sys/compat/linux/linux.h
+46-0sys/compat/linux/linux_stats.c
+3-1sys/amd64/linux/linux_vdso_gtod.c
+3-1sys/amd64/linux32/linux32_vdso_gtod.c
+3-1sys/arm64/linux/linux_vdso_gtod.c
+3-1sys/i386/linux/linux_vdso_gtod.c
+58-546 files

FreeBSD/src 25bb939sys/cddl/dev/kinst/aarch64 kinst_isa.c

kinst/arm64: Fix return values from kinst_invop()

After commit 853cd8723494 it became invalid for kinst_invop() to return
0: dtrace_invop_start() would convert this to a sentinel value
indicating that it did not consume the breakpoint, and so we'd just
call kdb_trap() to handle it.

Change kinst_invop() to return NOP_INSTR after handling a matching
breakpoint.  NOP_INSTR is handled by advancing the ELR, so we have to
compensate by subtracting INSTR_SIZE before returning.

Reviewed by:    christos
MFC after:      1 week
Fixes:          853cd8723494 ("arm64: Clean up usage of the dtrace invop handler")
Differential Revision:  https://reviews.freebsd.org/D56987

(cherry picked from commit d6f0e671d0797b56011880f84d12ce5fb20bf099)
DeltaFile
+20-18sys/cddl/dev/kinst/aarch64/kinst_isa.c
+20-181 files

FreeBSD/src cb62bc1sys/cddl/dev/kinst/aarch64 kinst_isa.c kinst_isa.h

kinst/arm64: Handle an additional PC-relative instruction

"ldr <reg>, <literal>" loads a value from a literal memory address into
a register.  It's PC-relative and so cannot be directly implemented
using the trampoline mechanism.  Unfortunately, on arm64 it can't easily
be emulated either since the return-to-EL1 handler does not restore
callee-saved registers, so like adr/adrp, we simply don't handle it.
These instructions are fairly rare in an arm64 kernel.

While here, refactor the code so that all instruction decoding is done
in one place: introduce an enum type which characterizes the instruction
type, add a helper to map instructions to enum values, and store the
corresponding enum value in the probe description.

Reviewed by:    christos
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D56988

(cherry picked from commit e6be6dedeea1e6d2e5206e1e7422e2d556a6da0c)
DeltaFile
+55-66sys/cddl/dev/kinst/aarch64/kinst_isa.c
+14-1sys/cddl/dev/kinst/aarch64/kinst_isa.h
+69-672 files

FreeBSD/src e97ce8ctests/sys/netinet Makefile

tests/if_carp: Run all tests with execenv=jail

Otherwise failures can occur when running tests in parallel since some
tests reuse jail names.

MFC after:      1 week

(cherry picked from commit eeffed5aa0d9a67adb21bf188515cb374340e9cb)
DeltaFile
+2-0tests/sys/netinet/Makefile
+2-01 files

FreeBSD/src 81e894dsys/kern kern_clocksource.c

epoch: Don't idle CPUs when there's pending epoch work

The epoch(9) subsystem implements per-CPU queues of object destructors
which get invoked once it is safe to do so.  These queues are polled via
hardclock().

When a CPU is about to go idle, we reduce the hardclock frequency to 1Hz
by default, to avoid unneeded wakeups.  This means that if there is any
garbage in these destructor queues, it won't be cleared for at least 1s
(and possibly longer) even if it would otherwise be safe to do so.

epoch_drain_callbacks() is used in some places to provide a barrier,
ensuring that all garbage present in the destructor queues is cleaned up
before returning.  It's implemented by adding a fake destructor in the
queues and blocking until it gets run on all CPUs.  The above-described
phenomenon means that it can take a long time for these calls to return,
even (especially) when some CPUs are idle.  This causes long delays when
destroying VNET jails, for instance, as epoch_drain_callbacks() is
invoked each time a network interface is destroyed.

    [13 lines not shown]
DeltaFile
+2-1sys/kern/kern_clocksource.c
+2-11 files

FreeBSD/src 4a875b1sys/kern subr_eventhandler.c, sys/sys eventhandler.h

eventhandler: Fix a race when pruning eventhandlers

By default, eventhandler_deregister() blocks until it reaches some point
where no threads are invoking the event.  At this point, it knows that
1) no threads are currently executing the handler,
2) some thread has freed the eventhandler structure by virtue of having
   called eventhandler_prune_list(),
so it is safe to return.

Suppose a thread is trying to deregister an event handler.  A different
thread prunes it, and wakes up the first thread.  Before the first
thread runs, a third thread grabs the event handler lock, and starts
executing handlers.  The first thread observes el_runcount > 0, and goes
back to sleep.  The third thread sees no event handlers to prune, and
doesn't wake up the first thread, which sleeps forever.

This change fixes the race and tries to make eventhandler_invoke() more
efficient: keep a count of the number of dead list entries and only
prune the list if there is at least one dead entry.  Also, in

    [9 lines not shown]
DeltaFile
+14-4sys/kern/subr_eventhandler.c
+2-2sys/sys/eventhandler.h
+16-62 files

FreeBSD/src d11ff01contrib/capsicum-test capmode.cc, sys/kern kern_sig.c

sigqueue: In capability mode, only allow signalling self

This is copied from the check in kern_kill.

Reviewed by:    markj, oshogbo
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57244

(cherry picked from commit b9d16b7fd2fa6bc4b3e8364804cbdc1b76ebe8a5)
(cherry picked from commit defd9b86ef995ce70363eae9b323d616bda865be)
DeltaFile
+9-3contrib/capsicum-test/capmode.cc
+10-0sys/kern/kern_sig.c
+19-32 files

FreeBSD/src defd9b8sys/kern kern_sig.c, tests/sys/capsicum capmode.cc

sigqueue: In capability mode, only allow signalling self

This is copied from the check in kern_kill.

Reviewed by:    markj, oshogbo
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57244

(cherry picked from commit b9d16b7fd2fa6bc4b3e8364804cbdc1b76ebe8a5)
DeltaFile
+9-3tests/sys/capsicum/capmode.cc
+10-0sys/kern/kern_sig.c
+19-32 files

FreeBSD/src dce6afflib/libc/gen fts.3

fts: Improve the description of FTS_NOSTAT

Note that we still need to stat directories and the roots.

MFC after:      1 week
Sponsored by:   Klara, Inc.
Reviewed by:    kevans
Differential Revision:  https://reviews.freebsd.org/D57325
DeltaFile
+8-1lib/libc/gen/fts.3
+8-11 files

FreeBSD/src b2b9524lib/libc/gen fts.c

fts: Check link count before using it

* Check the range of the link count before trying to use it.

* Rewrite the comment explaining what the link count is used for.

MFC after:      1 week
Sponsored by:   Klara, Inc.
Reviewed by:    kevans
Differential Revision:  https://reviews.freebsd.org/D57324
DeltaFile
+39-5lib/libc/gen/fts.c
+39-51 files

FreeBSD/src 7ec5498lib/libc/tests/gen fts_options_test.c

fts: Add some depth to the options test

MFC after:      1 week
Sponsored by:   Klara, Inc.
Reviewed by:    kevans
Differential Revision:  https://reviews.freebsd.org/D57323
DeltaFile
+74-0lib/libc/tests/gen/fts_options_test.c
+74-01 files

FreeBSD/src ee41a88usr.sbin/spi spi.c

spi: switch to switch

use recommended switch with default case to catch invalid values

Reviewed by:    kevans, adrian
Differential Revision:  https://reviews.freebsd.org/D54759
DeltaFile
+15-20usr.sbin/spi/spi.c
+15-201 files

FreeBSD/src aa02908tools/test/stress2/misc msdos24.sh msdos22.sh

tools/test/stress2/misc: Add msdosfs tests (currently failing)

Test msdos22.sh creates 1000 files with long random names consisting
of only ASCII characters. The mount is performed without -L option,
therefore no use of iconv to convert between character sets.

Test msdos23.sh mixes some non-ASCII characters into the file names.
The file system is therefore mounted with -L C.UTF-8 to include tests
of the conversions between UTF-8 and UTF-16.

Test msdos24.sh adds emojis to the names to test the (not yet
committed) support of UTF-16 surrogate pairs in filenames.

All 3 tests succeed with a small number of files (e.g., 10), but fail
most of the time when testing with 1000 files.

The tests have been added to all.exclude since they are expected to
fail. They shall be enabled as regression tests, when the msdosfs code
has been fixed.
DeltaFile
+80-0tools/test/stress2/misc/msdos24.sh
+79-0tools/test/stress2/misc/msdos22.sh
+79-0tools/test/stress2/misc/msdos23.sh
+3-0tools/test/stress2/misc/all.exclude
+241-04 files

FreeBSD/src f6911b9sys/sys signal.h

sys: Renumber MTE SEGV codes

Some third party software expects these to not conflict. As the MTE
support isn't fully in the tree, and these values aren't in a release
we can renumber them without any backwards compatibility issues.

Sponsored by:   Arm Ltd
DeltaFile
+2-2sys/sys/signal.h
+2-21 files

FreeBSD/src 1a5ab1dsys/kern kern_time.c

Revert "kern_time: Honor the precise option when counting diff"

This will not work because this kernel version does not support a
precise option. We handle the clock uniformly in all cases.

This reverts commit 3886f1b488e47eba98e1523f85cb570694e97385.
DeltaFile
+1-3sys/kern/kern_time.c
+1-31 files

FreeBSD/src 8514990tests/sys/mac/do consistency.sh Makefile

MAC/do: Add consistency tests

Test that:
1. Concurrent changes to different parameters on the same jail are
   independent/atomic.
2. Inheritance works.
3. Relaxing only parent jail rules does not leak to a subjail thanks to
   sequential consistency.
4. Sysctl knobs and jail parameters stay consistent.

Some of these tests may be extended in the future with several layers of
jails (there is only a single subjail currently).

Reviewed by:    bapt
MFC after:      1 month
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38
DeltaFile
+211-0tests/sys/mac/do/consistency.sh
+1-1tests/sys/mac/do/Makefile
+212-12 files

FreeBSD/src a95ff5etests/sys/mac/do common.sh

MAC/do: Tests: Add support for exec paths, jail parameters, subjails

And also allow configuration of the mdo(1) executable path.

This commit only contains new or modified infrastructure.  No functional
change intended at this point.

Reviewed by:    bapt
MFC after:      1 month
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38
DeltaFile
+110-9tests/sys/mac/do/common.sh
+110-91 files

FreeBSD/src 33daea3tests/sys/mac/do invalid_configs.sh valid_configs.sh

MAC/do: Tests: Quote the source directory

In a standard test suite installation, this is not necessary, but be
bullet-proof to custom ones, however improbable.

Reviewed by:    bapt
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38
DeltaFile
+1-1tests/sys/mac/do/invalid_configs.sh
+1-1tests/sys/mac/do/valid_configs.sh
+2-22 files

FreeBSD/src 6159187tests/sys/mac/do common.sh Makefile

MAC/do: Tests: Declare required programs closer to use

Reviewed by:    bapt
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38
DeltaFile
+2-0tests/sys/mac/do/common.sh
+0-1tests/sys/mac/do/Makefile
+2-12 files

FreeBSD/src b0c948ftests/sys/mac/do invalid_configs.sh valid_configs.sh

MAC/do: Tests: Fix copyrights

No comma needed after a single year.  Add SPDX.

Reviewed by:    bapt
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38
DeltaFile
+3-1tests/sys/mac/do/invalid_configs.sh
+3-1tests/sys/mac/do/valid_configs.sh
+2-1tests/sys/mac/do/common.sh
+8-33 files

FreeBSD/src 79a987atests/sys/mac/do invalid_configs.sh valid_configs.sh

MAC/do: Tests: Remove shebang lines

They are automatically added by <bsd.test.mk>.

Reviewed by:    bapt
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38
DeltaFile
+0-2tests/sys/mac/do/invalid_configs.sh
+0-2tests/sys/mac/do/valid_configs.sh
+0-42 files

FreeBSD/src 3981865share/man/man4 mac_do.4

mac_do.4: Document executable paths, default jail values and consistency

While here, fix the bug of mentioning 'enable' as a possible value for
the 'mac.do' jail parameter whereas it is 'new' instead.

Reviewed by:    bapt
MFC after:      1 month
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38
DeltaFile
+143-46share/man/man4/mac_do.4
+143-461 files

FreeBSD/src fcb0018sys/security/mac_do mac_do.c

MAC/do: Update copyright

Update years for the Foundation.

While here, remove the initial '/*-' which has been useless for a long
time.

While here, add a missing space on bapt@'s copyright line (approved by
him).

Reviewed by:    bapt
MFC after:      1 month
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38
DeltaFile
+3-3sys/security/mac_do/mac_do.c
+3-31 files

FreeBSD/src 1fa1e3fsys/security/mac_do mac_do.c

MAC/do: Do not skip blanks when parsing executable paths

The kind of tolerance we apply to parsing rules, whose format we have
defined, cannot be applied to paths since blank characters are allowed
there.

There is still the limitation that no escape character is currently
supported, and so it is not possible to configure a path having a ':'
character.

Reviewed by:    bapt
Fixes:          9818224174c4 ("MAC/do: Executable paths feature (GSoC 2025's final state)")
MFC after:      1 month
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38
DeltaFile
+1-1sys/security/mac_do/mac_do.c
+1-11 files

FreeBSD/src 4c98f7asys/security/mac_do mac_do.c

MAC/do: Serialize installing/modifying some jail's configuration

See the immediately preceding commit for explanations on what this is
fixing.

When setting 'mac.do' to 'inherit' on a jail with 'mac.do.rules' and
'mac.do.exec_paths' also specified in the same call, ensure that the
check that these passed parameters are the same as those to be inherited
is atomic with respect to enabling the inheritance (i.e., removing the
jail's 'struct conf' object).  (See previous commit "MAC/do: Fix the
recent logic to set jail parameters, make it more tolerant" as for why
this check exists.)

Because we currently only modify a single configuration object per
transaction, we introduce the parse_and_commit_conf() wrapper around
parse_and_set_conf() to remove duplicated code that would ensue from
calling the latter directly, namely, releasing the 'mac_do_rwl' lock and
freeing the old configuration object (if any).


    [9 lines not shown]
DeltaFile
+76-23sys/security/mac_do/mac_do.c
+76-231 files

FreeBSD/src 0db7f11sys/security/mac_do mac_do.c

MAC/do: Support for atomically modifying configurations

As mentioned in previous commits "MAC/do: parse_and_set_conf(): Require
the model configuration" and "MAC/do: Sequential consistency for
configuration retrieval", the introduction of the "executable path"
feature, more fundamentally, the fact that there is now more than one
per-jail parameter and that parameters can be independently modified or
copied, causes an atomicity problem in case of concurrent accesses to of
a jail's applicable configuration.

Partially modifying a configuration is indeed akin to
a read-modify-write operation, where the read is either to the current
or an inherited configuration.  More precisely, once pointed to by
a jail, a configuration object is immutable, and changing the jail's
configuration means making the jail point to another configuration
object.  To change a jail's configuration, a new configuration object is
thus built, and if only some parameters have been explicitly specified,
those that have not been are set by copying the corresponding values
from an existing configuration object (in case of partial modification

    [34 lines not shown]
DeltaFile
+49-15sys/security/mac_do/mac_do.c
+49-151 files