HardenedBSD/src 254eae1sys/dev/nvme nvme_ctrlr.c, sys/net if.c if_clone.c

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+30-23sys/net/if.c
+16-1sys/net/if_clone.c
+2-2sys/dev/nvme/nvme_ctrlr.c
+0-3sys/netlink/route/iface.c
+48-294 files

HardenedBSD/src 6db7981sys/dev/nvme nvme_ctrlr.c, sys/net if.c if_clone.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+30-23sys/net/if.c
+16-1sys/net/if_clone.c
+2-2sys/dev/nvme/nvme_ctrlr.c
+0-3sys/netlink/route/iface.c
+48-294 files

HardenedBSD/ports f886437. UPDATING, benchmarks/iperf3/files patch-RELNOTES.md

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+90-0sysutils/py-ansible-core218/Makefile
+4-86sysutils/py-ansible-core/Makefile
+0-18benchmarks/iperf3/files/patch-RELNOTES.md
+17-0UPDATING
+9-5net/activemq/Makefile
+9-5sysutils/framework-system/distinfo
+129-11424 files not shown
+192-17330 files

HardenedBSD/ports 3cae44cdevel/ruby-build distinfo Makefile

devel/ruby-build: Update to 20260412

Changes:        https://github.com/rbenv/ruby-build/releases/tag/v20260412
DeltaFile
+3-3devel/ruby-build/distinfo
+1-1devel/ruby-build/Makefile
+4-42 files

HardenedBSD/src 38bd7efsys/net if.c

ifnet: Move SIOCSIFVNET from ifhwioctl() to ifioctl()

SIOCSIFVNET is not a hardware ioctl. Move it to where it belongs.

Where here, rewrite the logic of checking whether we are moving the
interface from and to the same vnet or not, since it is obviously not
stable to access the interface's vnet, given the current thread may
race with other threads those running if_vmove().

MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D55880
DeltaFile
+27-17sys/net/if.c
+27-171 files

HardenedBSD/src e9fc0c5sys/net if_clone.c if.c, sys/netlink/route iface.c

if_clone: Make ifnet_detach_sxlock opaque to consumers

The change e133271fc1b5e introduced ifnet_detach_sxlock, and change
6d2a10d96fb5 widened its coverage, but there are still consumers,
net80211 and tuntap e.g., want it. Instead of sprinkling it everywhere,
make it opaque to consumers.

Out of tree drivers shall also benefit from this change.

Reviewed by:    kp
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D56298
DeltaFile
+16-1sys/net/if_clone.c
+1-4sys/net/if.c
+0-3sys/netlink/route/iface.c
+17-83 files

HardenedBSD/src f1fae67sys/net if.c

ifnet: vnet_if_return(): Avoid unnecessary recursive acquisition of ifnet_detach_sxlock

vnet_if_return() will be invocked by vnet_sysuninit() on vnet destructing,
while the lock ifnet_detach_sxlock has been acquired in vnet_destroy()
already.

With this change the order of locking is more clear. There should be no
functional change.

Reviewed by:    pouria
Fixes:          868bf82153e8 if: avoid interface destroy race
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D56288
DeltaFile
+2-2sys/net/if.c
+2-21 files

HardenedBSD/ports 2bf152f. UPDATING, sysutils/ansible distinfo Makefile

sysutils/ansible: Update to 13.5.0

Absible 12 make significant changes. See porting guide at
        https://docs.ansible.com/projects/ansible/devel/porting_guides/porting_guide_12.html
DeltaFile
+9-0UPDATING
+3-3sysutils/ansible/distinfo
+1-1sysutils/ansible/Makefile
+13-43 files

HardenedBSD/ports 85a1b44. UPDATING, sysutils/py-ansible-core Makefile

sysutils/py-ansible-core: Switch to py-ansible-core219

Switch to ansible-core 2.19 as the default ansible-core.

See ansible-core porting guide at
        https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_core_2.19.html
DeltaFile
+8-0UPDATING
+1-1sysutils/py-ansible-core/Makefile
+9-12 files

HardenedBSD/ports 97c325fsysutils/py-ansible-core220 distinfo Makefile, sysutils/py-ansible-core220/files patch-pyproject.toml

sysutils/py-ansible-core220: Update to 2.20.4
DeltaFile
+4-4sysutils/py-ansible-core220/files/patch-pyproject.toml
+3-3sysutils/py-ansible-core220/distinfo
+1-1sysutils/py-ansible-core220/Makefile
+8-83 files

HardenedBSD/ports 8ee838csysutils/py-ansible-core219 distinfo Makefile, sysutils/py-ansible-core219/files patch-pyproject.toml

sysutils/py-ansible-core219: Update to 2.19.8
DeltaFile
+3-3sysutils/py-ansible-core219/distinfo
+2-2sysutils/py-ansible-core219/files/patch-pyproject.toml
+1-2sysutils/py-ansible-core219/Makefile
+6-73 files

HardenedBSD/ports 1f7ac89sysutils/py-ansible-core Makefile pkg-descr, sysutils/py-ansible-core/files patch-pyproject.toml

sysutils/py-ansible-core*: Convert py-ansible-core to a metaport

1. Move sysutils/py-ansible-core to sysutils/py-ansible-core218.
2. Add a metaport, sysutils/py-ansible-core pointing to
   sysutils/py-ansible-core218.
3. Convert sysutils/py-ansible-core219 and sysutils/py-ansible-core220
   to master ports for use as master ports.

This is in preparation to upgrade sysutils/py-ansible-core to 2.19.
The reason for this is as is stated in commit 8b9df0bef174,
incompatibilities may require users to adjust their playbooks and roles
in order to work on ansible-core 2.19.

See: https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_core_2.19.html
DeltaFile
+91-0sysutils/py-ansible-core218/Makefile
+4-86sysutils/py-ansible-core/Makefile
+0-9sysutils/py-ansible-core/files/patch-pyproject.toml
+9-0sysutils/py-ansible-core218/files/patch-pyproject.toml
+5-0sysutils/py-ansible-core218/pkg-descr
+0-5sysutils/py-ansible-core/pkg-descr
+109-1005 files not shown
+119-10511 files

HardenedBSD/ports 2ad02desysutils/py-ansible-core218 distinfo Makefile, sysutils/py-ansible-core218/files patch-pyproject.toml

sysutils/py-ansible-core218: Update to 2.18.15
DeltaFile
+4-4sysutils/py-ansible-core218/files/patch-pyproject.toml
+3-3sysutils/py-ansible-core218/distinfo
+1-2sysutils/py-ansible-core218/Makefile
+8-93 files

HardenedBSD/src 84561bctests/sys/kqueue kqueue_fork.c

tests: kqueue: add a basic test for CPONFORK

Just copy over a timer and a write-filter, be sure that we can observe
both in the child.  Maybe the timer should check for a minimum time
passed, but I don't know that we'd be likely to get that wrong.

This also adds a negative test with a kqueue that is *not* set for
CPONFORK being added to the first one, made readable, and confirming
that we don't see a knote for it in the child.

Some other improvements to the test noted in the review are planned in
the short term, but they're not particularly worth blocking adding this
as a basic sanity check.

Reviewed by:    kib, markj

(cherry picked from commit 0c9cec8b66e7033f50059329704515d5222b9ff4)
DeltaFile
+140-0tests/sys/kqueue/kqueue_fork.c
+140-01 files

HardenedBSD/src 60618b0sys/kern kern_event.c

kqueue: don't leak file refs on failure to knote_attach()

We'll subsequently just knote_free() since the knote is barely
constructed, but that bypasses any logic that might release references
on owned files/fops.  Defer clearing those until the knote actually owns
them and update the comment to draw the line more clearly.

Reviewed by:    kib

(cherry picked from commit 0bf4d22c37083170961c31694b90551538901a1c)
DeltaFile
+10-6sys/kern/kern_event.c
+10-61 files

HardenedBSD/src ac6173blib/libc/gen memfd_create.c, lib/libsys shm_open.2

libc: fix memfd_create's HUGETLB handling

The 'simplification' commit referenced below actually broke one aspect
of MFD_HUGETLB: the caller isn't supposed to be required to specify a
size.  MFD_HUGETLB by itself without a shift mask just requests a large
page, so we revert that part of memfd_create() back.

While we're here, fix up the related parts of the manpages a little bit,
since MFD_HUGETLB is actually supported.  The manpage claims that we
would return ENOSYS if forced mappings weren't supported, but this was
actually not true.  However, that seems like a very important
distinction to make between ENOSYS and EOPNOTSUPP, so fix the
implementation to match the docs.

Reviewed by:    kib, markj

(cherry picked from commit 9a8d333368baef356f0a611b47ec592568dd14f9)
DeltaFile
+45-0tests/sys/posixshm/posixshm.h
+13-25tests/sys/posixshm/posixshm_test.c
+35-0tests/sys/posixshm/memfd_test.c
+27-4lib/libsys/shm_open.2
+16-7lib/libc/gen/memfd_create.c
+136-365 files

HardenedBSD/src 65e1c27sys/kern kern_event.c

kqueue: slightly clarify the flow in knlist_cleardel()

This is purely a cosmetic change to make it a little easier on the eyes,
rather than jumping back to the else branch up top.  Re-flow it to use
another loop on the outside and just inline the re-lock before we repeat
after awaking from fluxwait.

The !killkn path should maybe issue a wakeup if there's a thread in
KQ_SLEEP so that userland can observe the EOF, but this isn't a
practical problem today: pretty much every case of knlist_clear is tied
to a file descriptor and called in the close(2) path.  As a consequence,
potentially affected knotes are almost always destroyed before we even
get to knlist_clear().

Reviewed by:    kib, markj

(cherry picked from commit c6dd40f2d35d596ca60a5d87616c3e4a0fd4f676)
DeltaFile
+29-21sys/kern/kern_event.c
+29-211 files

HardenedBSD/src 842bee6stand/lua core.lua core.lua.8

lualoader: allow the local module to filter out the BE list

This allows something like the following local.lua to install a filter
to implement its own notion of hidden BEs using a naming convention of
a leading dot to hide them:

-- file: /boot/lua/local.lua
local core = require("core")

local function be_hide(be)
    if core.isSingleUserBoot() then
        -- All BEs are accepted for single-user
        return true
    end

    local name = be:match("/([^/]+)$")
    if not name then
        -- Accept malformed BEs, for whatever reason
        return true

    [16 lines not shown]
DeltaFile
+18-2stand/lua/core.lua
+12-1stand/lua/core.lua.8
+30-32 files

HardenedBSD/src 9442950sys/kern kern_event.c

kqueue: compare against the size in kqueue_expand

This is a cosmetic change, rather than a functional one: comparing the
knlistsize against the fd requires a little bit of mental gymnastics to
confirm that this is fine and not doing unnecessary work in some cases.

Notably, one must consider that kq_knlistsize only grows in KQEXTENT
chunks, which means that concurrent threads trying to grow the kqueue
to consecutive fds will usually not result in the list being replaced
twice.  One can also more clearly rule out classes of arithmetic
problems in the final `else` branch.

Reviewed by:    kib, markj

(cherry picked from commit 0b4f0e0515d0c7ec855cd654ae5dc562f4931cae)
DeltaFile
+6-4sys/kern/kern_event.c
+6-41 files

HardenedBSD/src d02c545sys/kern kern_event.c

kqueue: add some kn_knlist assertions around knlist_(add|remove)

We currently assert that kn_status is accurate, but there's more room
for error.  Neither of these are very likely, but currently we'd blow up
in SLIST*() macros instead of providing more obvious diagnostics.  It's
perhaps only worth testing these because knlist_remove() requires
getting logic across both f_attach() and f_detach() correct.

Reviewed by:    kib, markj

(cherry picked from commit 306c9049c642da6a59a5dc088589605a9aa38b87)
DeltaFile
+4-0sys/kern/kern_event.c
+4-01 files

HardenedBSD/src f30a8cfsys/kern kern_event.c

kqueue: avoid a possible fork-deadlock

kqueue_fork_copy() is likely to have transitioned at least one knote
through a flux state, so we should check whether we need to wake
anything up on the way out to avoid a possible deadlock.

This was a part of D56210, but we'll close the review with the next
commit.

Reviewed by:    kib, markj

(cherry picked from commit 14d0baf2e89202cec3f9cb03a573372ccbc568b2)
DeltaFile
+1-1sys/kern/kern_event.c
+1-11 files

HardenedBSD/src e6d3072sys/kern kern_event.c

kqueue: simplify knote_fdclose()

The influx logic in knote_fdclose() is a little misguided, the resulting
wakeup() call should always be redundant: knote_drop_detached() will
always issue a wakeup before it returns, so anything waiting on *that*
knote that had entered fluxwait should have been woken up then.  This is
the obvious divergence from the other influx/wakeup pattern in the
implementation, which will kn_influx-- and then issue the wakeup after
it has processed all of the knotes it can make progress on.

While we're here, the kq_knlist cannot shrink, so we can avoid that
condition in the loop and avoid potentially excessive wakeups from
fluxwait on kqueues that we didn't touch.

Reviewed by:    kib, markj

(cherry picked from commit ff1050d2a366bd288a6ebbf63f98003272513f92)
DeltaFile
+12-10sys/kern/kern_event.c
+12-101 files

HardenedBSD/ports 44c4f4fsysutils/framework-system distinfo Makefile.crates

sysutils/framework-system: Update to 0.6.2

Sponsored by:   Framework Computer Inc

Signed-off-by: Daniel Schaefer <dhs at frame.work>
DeltaFile
+9-5sysutils/framework-system/distinfo
+3-1sysutils/framework-system/Makefile.crates
+1-2sysutils/framework-system/Makefile
+13-83 files

HardenedBSD/src 84b8715sys/kern kern_event.c, sys/sys filedesc.h

kqueue: Fix a race when adding an fd-based knote to a queue

When registering a new kevent backed by a file descriptor, we first look
up the file description with fget(), then lock the kqueue, then see if a
corresponding knote is already registered.  If not, and KN_ADD is
specified, we add the knote to the kqueue.

closefp_impl() interlocks with this process by calling knote_fdclose(),
which locks each kqueue and checks to see if the fd is registered with a
knote.  But, if userspace closes an fd while a different thread is
registering it, i.e., after fget() succeeds but before the kqueue is
locked, then we may end up with a mismatch in the knote table, where the
knote kn_fp field points to a different file description than the knote
ident.

Fix the problem by double-checking before registering a knote.  Add a
new fget_noref_unlocked() helper for this purpose.  It is a clone of
fget_noref().  We could simply use fget_noref(), but I like having an
explicit unlocked variant.

    [7 lines not shown]
DeltaFile
+17-0sys/sys/filedesc.h
+13-1sys/kern/kern_event.c
+30-12 files

HardenedBSD/src 0361497usr.sbin/rtadvd config.c

rtadvd: Fix validation of the MTU parameter when parsing config

MFC after:      1 week

(cherry picked from commit 607f6be6ec19f49ff595226afe1c8aa6515c59a0)
DeltaFile
+1-1usr.sbin/rtadvd/config.c
+1-11 files

HardenedBSD/src 2791bc4sys/vm vm_fault.c

vm_fault: Avoid creating clean, writeable superpage mappings

The pmap layer requires writeable superpage mappings to be dirty.
Otherwise, during demotion, we may miss a hw update of the PDE which
sets the dirty bit.

When creating a managed superpage mapping without promotion, i.e., with
pmap_enter(psind == 1), we must therefore ensure that a writeable
mapping is created with the dirty bit pre-set.  To that end,
vm_fault_soft_fast(), when handling a map entry with write permissions,
checks whether all constituent pages are dirty, and if so, converts the
fault to a write fault, so that pmap_enter() does the right thing.  If
one or more pages is not dirty, we simply create a 4K mapping.

vm_fault_populate(), which may also create superpage mappings, did not
do this, and thus could create mappings which violate the invariant
described above.  Modify it to instead check whether all constituent
pages are already dirty, and if so, convert the fault to a write fault.
Otherwise the mapping is downgraded to read-only.

    [7 lines not shown]
DeltaFile
+18-2sys/vm/vm_fault.c
+18-21 files

HardenedBSD/ports 8f41140net/activemq Makefile distinfo, net/activemq/files activemq.in

net/activemq: Update 6.2.0 => 6.2.4, take maintainership

Release Notes:
https://activemq.apache.org/components/classic/download/classic-06-02-01
https://activemq.apache.org/components/classic/download/classic-06-02-02
https://activemq.apache.org/components/classic/download/classic-06-02-03
https://activemq.apache.org/components/classic/download/classic-06-02-04

Improve port:
- Adjust JAVA_VERSION.
- Add substitution instead of hardcoded USER and GROUP in rc script.

PR:             294136
Approved by:    blanket (3rd in a row maintainer timeout during last 2.5 years)
Sponsored by:   UNIS Labs
MFH:            2026Q2
DeltaFile
+9-5net/activemq/Makefile
+4-4net/activemq/files/activemq.in
+3-3net/activemq/distinfo
+2-2net/activemq/pkg-plist
+18-144 files

HardenedBSD/src bd6548fsys/fs/nfs nfsid.h nfs.h, usr.sbin/nfsuserd nfsuserd.c

nfsid.h: Put the nfsd_idargs structure in a new .h

This patch moves the definition of the nfsd_idargs
structure out of nfs.h and into a new file called
nfsid.h.

This is being done so that it can be included in
nfs_diskless.c in a future commit.

There should be no semantics change from this
commit.

(cherry picked from commit e6db4dd9d7216067388ae91ac73c3917a93f9420)
DeltaFile
+67-0sys/fs/nfs/nfsid.h
+0-23sys/fs/nfs/nfs.h
+1-0sys/fs/nfs/nfs_commonport.c
+1-0sys/fs/nfs/nfs_commonsubs.c
+0-1sys/fs/nfs/nfs_var.h
+1-0usr.sbin/nfsuserd/nfsuserd.c
+70-246 files

HardenedBSD/src b5737f2share/man/man5 src.conf.5, share/mk src.opts.mk

mk: Disable blacklist when disabling blocklist

WITHOUT_BLOCKLIST, when set, should enforce WITHOUT_BLACKLIST.
This fixes the build when WITHOUT_BLOCKLIST=yes is set.

Reported by:    ivy
Reviewed by:    ivy
Fixes:          7238317403b9 ("blocklist: Rename blacklist to blocklist")
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D56118

(cherry picked from commit 0d9676e1ca92febd42fbebef8d6833a0939d3f7c)
DeltaFile
+18-1share/man/man5/src.conf.5
+8-0share/mk/src.opts.mk
+26-12 files

HardenedBSD/ports 358749cbenchmarks/iperf3 distinfo Makefile, benchmarks/iperf3/files patch-RELNOTES.md

benchmarks/iperf3: Update to iperf-3.21.

Notable changes: https://github.com/esnet/iperf/releases/tag/3.21

Sponsored by:   Energy Sciences Network (ESnet)
DeltaFile
+0-18benchmarks/iperf3/files/patch-RELNOTES.md
+3-3benchmarks/iperf3/distinfo
+1-2benchmarks/iperf3/Makefile
+4-233 files