linuxkpi: Handle bin attributes in sysfs attribute groups
For instance, this is used by DRM drivers to declare the EDID property
of an GPU output connector:
sysctl -b sys.device.drmn1.card0.card0-DP-1.edid | edid-decode
...
Block 0, Base EDID:
EDID Structure Version & Revision: 1.4
Vendor & Product Identification:
Manufacturer: SAM
Model: 29814
Serial Number: 810635354 (0x3051505a)
Made in: week 15 of 2025
...
Reviewed by: bz, emaste, wulf
Sponsored by: The FreeBSD Foundation
[3 lines not shown]
kern/proc: expose reaper PID and subtree root in struct kinfo_proc
Expose process reaper metadata through struct kinfo_proc so userland
can reconstruct reaper hierarchies from kern.proc.all without adding
a new procctl(2) operation.
Two pid_t fields are added by carving 8 bytes from ki_sparestrings
(46 -> 38), restoring KI_NSPARE_INT to 2 and keeping sizeof(struct
kinfo_proc) unchanged:
ki_reaper: PID of the owning reaper process
ki_reapsubtree: PID of the direct child of the reaper that roots
the subtree the process belongs to
fill_kinfo_proc_pgrp() populates both fields under proctree_lock.
kvm_proclist() is updated for crash dump consumers. The freebsd32
compat struct and freebsd32_kinfo_proc_out() are updated accordingly.
PR: 293871
[3 lines not shown]
kdump: tweaks for the extended errors decoding
Format the message.
Convert category to the source name if known.
Still print the raw value for the category, and the values of the
EXTERROR() optional arguments.
Requested and reviewed by: mckusick
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D56542
linuxkpi: Pass a `const void *` to `krealloc()`
This matches the API on Linux.
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56451
linuxkpi: Include <linux/uuid.h> from <linux/mod_devicetable.h>
The DRM generic code started to deppend on this indirect include of
<linux/uuid.h> in Linux 6.12.
Reviewed by: bz, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56449
linuxkpi: Passing a size of zero to `krealloc()` frees the pointer
This matches the API on Linux.
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56452
linuxkpi: Add `fop_flags` to `struct file_operations`
... along with the `FOP_*` flag constants.
Note that this `fop_flags` field is not used on FreeBSD. It is added to
make the DRM drivers compile out of the box.
The DRM generic code and drivers started this in Linux 6.12.
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56450
linuxkpi: Define `MINORBITS`
We can't really define a proper value for this constant because minor
and major are encoded in a complex way on FreeBSD which cannot be
represented with a simple shift.
The DRM generic code started to use it in Linux 6.12.
In this context, `MINORBITS` is used to define an upper limit passed to
`xa_alloc()`. Therefore it is not used to encode or decode minors. It is
used as an arbitrary value. Therefore, we define the constant to 20,
like on Linux.
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56447
linuxkpi: Define `sort_r()`
Like Linux `sort()` and FreeBSD `qsort()`, `sort_r()` is a wrapper
around FreeBSD `qsort_r()`.
The i915 DRM driver started to use it in Linux 6.12.
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56437
linuxkpi: Add several `guid_*()` functions
The DRM generic code and the amdgpu DRM driver started to use several of
these functions in Linux 6.12. Likewise for `UUID_SIZE`.
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56448
linuxkpi: Define diagnostic macros like `might_resched()` or `cant_sleep()`
They are no-ops on FreeBSD.
While here, move the already defined `might_sleep*()` macros from
<linux/wait.h> to <linux/kernel.h> where they belong.
The DRM generic code started to use `might_fault()` in Linux 6.12.
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56434
linuxkpi: Define `dev_err_probe*()`
They differ from other `dev_*()` logging functions by returning the
passed error code. The error code is also used to determine if the
message should be logged in the first place and at which log level.
The DRM generic code started to use it in Linux 6.12.
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56435
linuxkpi: Define `__GFP_THISNODE`
It is used to force the NUMA node to allocate from. This flag is
unimplemented for now because we don't have an implementation of
`alloc_pages_node()` yet.
The DRM TTM code started to use this flag in Linux 6.12.
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56436
ix(4): Add support for firmware logging for E610 adapters
This is part 3 of the support for the new Intel Ethernet E610
family of devices
The ix driver now enables firmware logging on Intel E610 devices
for debugging with Customer Support. Logs are enabled by default
and generated in binary format that requires decoding by support
teams. The collected data is firmware and hardware related for
debugging purposes only.
When the driver loads, it creates a fw_log sysctl node under the
debug section. Events are organized into categories (modules) for
targeted logging, and users can adjust verbosity levels as needed.
This adds sysctl support for the firmware logging feature and
updates the ix(4) manual page with documentation.
Signed-off-by: Yogesh Bhosale <yogesh.bhosale at intel.com>
[8 lines not shown]
tests/sys/netinet/tcp_hpts: Make a socket available in mock inpcbs
After commit 9b76228006d8, tcp_hptsi() dereferences inp_socket in order
to get the inpcb's VNET. This means that mock inpcbs created by the
HPTS test fixture must set inp_socket. Also set the current VNET there;
previously, it was NULL, and this was not noticed since VNET_DEBUG is
disabled even in debug kernels.
Fixes: 9b76228006d8 ("inpcb: retire inp_vnet")
epoch: Don't idle CPUs when there's pending epoch work
The epoch(9) subsystem implements per-CPU queues of object destructors
which get invoked once it is safe to do so. These queues are polled via
hardclock().
When a CPU is about to go idle, we reduce the hardclock frequency to 1Hz
by default, to avoid unneeded wakeups. This means that if there is any
garbage in these destructor queues, it won't be cleared for at least 1s
(and possibly longer) even if it would otherwise be safe to do so.
epoch_drain_callbacks() is used in some places to provide a barrier,
ensuring that all garbage present in the destructor queues is cleaned up
before returning. It's implemented by adding a fake destructor in the
queues and blocking until it gets run on all CPUs. The above-described
phenomenon means that it can take a long time for these calls to return,
even (especially) when some CPUs are idle. This causes long delays when
destroying VNET jails, for instance, as epoch_drain_callbacks() is
invoked each time a network interface is destroyed.
[11 lines not shown]
tty: Avoid leaving dangling pointers in tty_drop_ctty()
The TIOCNOTTY handler detaches the calling process from its controlling
terminal. It clears the link from the session to the tty, but not the
pointers from the tty to the session and process group. This means that
sess_release() doesn't call tty_rel_sess(), and that pgdelete() doesn't
call tty_rel_pgrp(), so the pointers are left dangling.
Fix this by clearing pointers in tty_drop_ctty(). Add a standalone
regression test.
Approved by: so
Security: FreeBSD-SA-26:10.tty
Security: CVE-2026-5398
Reported by: Nicholas Carlini <npc at anthropic.com>
Reviewed by: kib, kevans
Fixes: 1b50b999f9b5 ("tty: implement TIOCNOTTY")
Differential Revision: https://reviews.freebsd.org/D56046
pkru: Fix handling of 1GB largepage mappings
pmap_pkru_update_range() did not handle the case where a PDPE has PG_PS
set. More generally, the SET_PKRU and CLEAR_PKRU sysarch
implementations did not check whether the request covers a "boundary" vm
map entry. Fix this, add the missing PG_PS test, and add some tests.
Approved by: so
Security: FreeBSD-SA-26:11.amd64
Security: CVE-2026-6386
Reported by: Nicholas Carlini <npc at anthropic.com>
Reviewed by: kib, alc
Differential Revision: https://reviews.freebsd.org/D56184
vm_fault: Reset m_needs_zeroing properly
- When allocating a page, we should only consider the PG_ZERO flag when
handling the top-level page.
- Unconditionally reset the flag when restarting the fault handler.
Previously, vm_fault_busy_sleep() would fail to reset it.
Approved by: so
Security: FreeBSD-EN-26:05.vm
PR: 294039
Reviewed by: kib
Tested by: Peter Much <pmc at citylink.dinoex.sub.org>
MFC after: 3 days
Fixes: cff67bc43df1 ("vm_fault: only rely on PG_ZERO when the page was newly allocated")
Differential Revision: https://reviews.freebsd.org/D56234
(cherry picked from commit 04132e01004316ddd0e0cde6ef15b100b7b1844d)
(cherry picked from commit 50f7b62f0862f764215cee98547d5b8c0979ec26)
pkru: Fix handling of 1GB largepage mappings
pmap_pkru_update_range() did not handle the case where a PDPE has PG_PS
set. More generally, the SET_PKRU and CLEAR_PKRU sysarch
implementations did not check whether the request covers a "boundary" vm
map entry. Fix this, add the missing PG_PS test, and add some tests.
Approved by: so
Security: FreeBSD-SA-26:11.amd64
Security: CVE-2026-6386
Reported by: Nicholas Carlini <npc at anthropic.com>
Reviewed by: kib, alc
Differential Revision: https://reviews.freebsd.org/D56184
timerfd: Fix interval callout scheduling
When a timerfd interval callout misses its scheduled activation time, a
differential is calculated based on the actual activation time and the
scheduled activation time. This differential is divided by the timerfd's
interval time and the quotient is added to the timerfd's counter.
Before this change, the next callout was scheduled to activate at:
scheduled activation time + timerfd interval.
This change fixes the scheduling of the next callout to activate at:
actual activation time + timerfd interval - remainder.
Security: FreeBSD-26:06.timerfd
Approved by: so
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D55790
MFC after: 2 weeks
[2 lines not shown]
tty: Avoid leaving dangling pointers in tty_drop_ctty()
The TIOCNOTTY handler detaches the calling process from its controlling
terminal. It clears the link from the session to the tty, but not the
pointers from the tty to the session and process group. This means that
sess_release() doesn't call tty_rel_sess(), and that pgdelete() doesn't
call tty_rel_pgrp(), so the pointers are left dangling.
Fix this by clearing pointers in tty_drop_ctty(). Add a standalone
regression test.
Approved by: so
Security: FreeBSD-SA-26:10.tty
Security: CVE-2026-5398
Reported by: Nicholas Carlini <npc at anthropic.com>
Reviewed by: kib, kevans
Fixes: 1b50b999f9b5 ("tty: implement TIOCNOTTY")
Differential Revision: https://reviews.freebsd.org/D56046
vm_fault: Reset m_needs_zeroing properly
- When allocating a page, we should only consider the PG_ZERO flag when
handling the top-level page.
- Unconditionally reset the flag when restarting the fault handler.
Previously, vm_fault_busy_sleep() would fail to reset it.
Approved by: so
Security: FreeBSD-EN-26:05.vm
PR: 294039
Reviewed by: kib
Tested by: Peter Much <pmc at citylink.dinoex.sub.org>
MFC after: 3 days
Fixes: cff67bc43df1 ("vm_fault: only rely on PG_ZERO when the page was newly allocated")
Differential Revision: https://reviews.freebsd.org/D56234
(cherry picked from commit 04132e01004316ddd0e0cde6ef15b100b7b1844d)
(cherry picked from commit 9b7c0f4f81f06424899094d4381dede79669b623)
pkru: Fix handling of 1GB largepage mappings
pmap_pkru_update_range() did not handle the case where a PDPE has PG_PS
set. More generally, the SET_PKRU and CLEAR_PKRU sysarch
implementations did not check whether the request covers a "boundary" vm
map entry. Fix this, add the missing PG_PS test, and add some tests.
Approved by: so
Security: FreeBSD-SA-26:11.amd64
Security: CVE-2026-6386
Reported by: Nicholas Carlini <npc at anthropic.com>
Reviewed by: kib, alc
Differential Revision: https://reviews.freebsd.org/D56184
