bsdinstall: Ignore -p[0-9]+ in determining BRANCH
The patch level is not part of the branch per se and should not be
used in constructing the FreeBSD-base.conf file used by bsdinstall.
MFC after: 1 day
xae(4), axidma(4): rewrite DMA operation.
Due to performance constraints on a synthesized CHERI RISC-V core,
remove usage of xdma(4) scatter-gather framework. Instead, provide
a minimalistic interface between two drivers.
This increases performance ~4-5 times.
Tested using scp(1) and nc(1) on Codasip Prime.
Sponsored by: CHERI Research Centre
Differential Revision: https://reviews.freebsd.org/D53932
Mitigate YXDOMAIN and nodata non-referral answer poisoning.
Add a fix to apply scrubbing of unsolicited NS RRSets (and their
respective address records) for YXDOMAIN and nodata non-referral
answers. This prevents a malicious actor from exploiting a possible
cache poison attack.
Obtained from: NLnet Labs
Security: FreeBSD-SA-25:10.unbound
Security: CVE-2025-11411
(cherry picked from commit 2a3a6a1771148a709c2d9694c1d66c41ce8dee79)
Mitigate YXDOMAIN and nodata non-referral answer poisoning.
Add a fix to apply scrubbing of unsolicited NS RRSets (and their
respective address records) for YXDOMAIN and nodata non-referral
answers. This prevents a malicious actor from exploiting a possible
cache poison attack.
Obtained from: NLnet Labs
Security: FreeBSD-SA-25:10.unbound
Security: CVE-2025-11411
(cherry picked from commit 2a3a6a1771148a709c2d9694c1d66c41ce8dee79)
Mitigate YXDOMAIN and nodata non-referral answer poisoning.
Add a fix to apply scrubbing of unsolicited NS RRSets (and their
respective address records) for YXDOMAIN and nodata non-referral
answers. This prevents a malicious actor from exploiting a possible
cache poison attack.
Obtained from: NLnet Labs
Security: CVE-2025-11411
local-unbound: Read a tab separated resolv.conf
Use [[:space:]] rather than a white space character to delimit the keys
and the values in the resolv.conf file.
PR: 236079
Reviewed by: des
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D53811
(cherry picked from commit 0628400590e025b7db1c0905e6ee488a24ef3f60)
local-unbound: Read a tab separated resolv.conf
Use [[:space:]] rather than a white space character to delimit the keys
and the values in the resolv.conf file.
PR: 236079
Reviewed by: des
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D53811
(cherry picked from commit 0628400590e025b7db1c0905e6ee488a24ef3f60)
ipfilter: Verify ipnat on entry into kernel
The ipnat struct is built by ipnat(8), specifically ipnat_y.y when
parsing the ipnat configuration file (typically ipnat.conf). ipnat
contains a variable length string field at the end of the struct. This
data field, called in_names, may contain various text strings such as
NIC names. There is no upper bound limit to the length of strings as
long as the in_namelen length field specifies the length of in_names
within the ipnat structure and in_size specifies the size of the ipnat
structure itself.
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
Reviewed by: markj
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D53843
ipfilter: Verify frentry on entry into kernel
The frentry struct is built by ipf(8), specifically ipf_y.y when parsing
the ipfilter configuration file (typically ipf.conf). frentry contains
a variable length string field at the end of the struct. This data field,
called fr_names, may contain various text strings such as NIC names,
destination list (dstlist) names, and filter rule comments. The length
field specifies the length of fr_names within the frentry structure and
fr_size specifies the size of the frentry structure itself.
The upper bound limit to the length of strings field is controlled by the
fr_max_namelen sysctl/kenv or the max_namelen ipfilter tuneable.
The initial concepts were discussed with emaste and jrm.
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
Reviewed by: markj
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D53843
ipfilter: Add ipf_check_names_string()
ipf_check_names_string will verify userland inputs in names strings
(fr.fr_names, in.in_names) for correctness.
Original concept of ipf_check_names_string() instead of macros by
markj.
Reviewed by: markj
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D53843
mqueue: Export kern_kmq_* symbols from kernel module
linux.ko supports POSIX message queues using these symbols, so they need
to be exported rather than relying on the kernel linker's misfeature of
linking against debug or local symbols (which will soon be disabled by
default).
Reported by: mav
Reviewed by: zlei
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53907
tests: detect built-in modules
When checking vnet test prerequisites we check if if_epair and if_bridge are
available, but we only checked for loadable modules. It's possible for these to
be built into the kernel instead.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Reapply "Merge commit e24f90190c77 from llvm git (by Brad Smith):"
[Driver] Enable outline atomics for FreeBSD/aarch64 (#156089)
The compiler_rt helper functions have been built since 12.4, 13.1, 14
and anything newer.
This reverts commit bd27bd1f51d049538cc7a0053be9d99110a53ae1.
Only some people (including the release manager, unfortunately) ran into
build issues with the previous iteration of this commit, because they
were bootstrapping the compiler, either via the WITHOUT_SYSTEM_COMPILER
src.conf(5) setting, or because the build system determined that their
base system compiler was out of date.
The bootstrapped compiler would then enable outline atomics and compile
libgcc_s with these, but because libgcc_s is linked with -nodefaultlibs,
it could not find the helper routines in libcompiler_rt.a.
[17 lines not shown]
Reapply "Merge commit e24f90190c77 from llvm git (by Brad Smith):"
[Driver] Enable outline atomics for FreeBSD/aarch64 (#156089)
The compiler_rt helper functions have been built since 12.4, 13.1, 14
and anything newer.
This reverts commit bd27bd1f51d049538cc7a0053be9d99110a53ae1.
Only some people (including the release manager, unfortunately) ran into
build issues with the previous iteration of this commit, because they
were bootstrapping the compiler, either via the WITHOUT_SYSTEM_COMPILER
src.conf(5) setting, or because the build system determined that their
base system compiler was out of date.
The bootstrapped compiler would then enable outline atomics and compile
libgcc_s with these, but because libgcc_s is linked with -nodefaultlibs,
it could not find the helper routines in libcompiler_rt.a.
[17 lines not shown]
nda: fix setting of unmappedio flag
The upstream refactoring of ndaregister() to split out ndasetgeom()
accidentally used an uninitialed variable to decide whether or not
to set DISKFLAG_UNMAPPED_BIO. Fix this by moving that portion of
ndasetgeom() back up to ndaregister(). The check for PIM_UNMAPPED
is not really needed because nvme devices always have that set,
so it cannot change in the other path that ndasetgeom() is now called.
Reviewed by: imp
Fixes: dffd882d12d2a71aca464f48209ec9ae6f393b15
Sponsored by: Netflix
MFC After: 1 minute
(cherry picked from commit 2b4dbad2db5766294ee97bb96228ec6826a9e7c3)
nda: fix setting of unmappedio flag
The upstream refactoring of ndaregister() to split out ndasetgeom()
accidentally used an uninitialed variable to decide whether or not
to set DISKFLAG_UNMAPPED_BIO. Fix this by moving that portion of
ndasetgeom() back up to ndaregister(). The check for PIM_UNMAPPED
is not really needed because nvme devices always have that set,
so it cannot change in the other path that ndasetgeom() is now called.
Reviewed by: imp
Fixes: dffd882d12d2a71aca464f48209ec9ae6f393b15
Sponsored by: Netflix
MFC After: 1 minute