HardenedBSD/src 79b00a4. Makefile.inc1, contrib/xz ChangeLog

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+477-0contrib/xz/ChangeLog
+347-0sys/arm/broadcom/bcm2835/raspberrypi_virtgpio.c
+21-0contrib/xz/src/liblzma/common/index.c
+9-10contrib/xz/src/common/tuklib_integer.h
+12-0sys/arm/broadcom/bcm2835/bcm2835_firmware.h
+6-6Makefile.inc1
+872-1620 files not shown
+921-3826 files

HardenedBSD/src eca6e7acontrib/xz ChangeLog, contrib/xz/src/common tuklib_integer.h

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+477-0contrib/xz/ChangeLog
+347-0sys/arm/broadcom/bcm2835/raspberrypi_virtgpio.c
+21-0contrib/xz/src/liblzma/common/index.c
+9-10contrib/xz/src/common/tuklib_integer.h
+12-0sys/arm/broadcom/bcm2835/bcm2835_firmware.h
+10-0contrib/xz/src/xz/main.c
+876-1013 files not shown
+902-2319 files

HardenedBSD/src 7176f76contrib/xz ChangeLog THANKS, contrib/xz/src/common tuklib_integer.h

MFV: xz 5.8.3.

Security:       CVE-2026-34743

(cherry picked from commit f81c1f4339cd20ea89dad51c0f7d96e0e34313a9)
DeltaFile
+477-0contrib/xz/ChangeLog
+21-0contrib/xz/src/liblzma/common/index.c
+9-10contrib/xz/src/common/tuklib_integer.h
+7-3lib/liblzma/config.h
+10-0contrib/xz/src/xz/main.c
+5-0contrib/xz/THANKS
+529-139 files not shown
+541-2215 files

HardenedBSD/src f81c1f4contrib/xz ChangeLog THANKS, contrib/xz/src/common tuklib_integer.h

MFV: xz 5.8.3.

Security:       CVE-2026-34743
MFC after:      3 days
DeltaFile
+477-0contrib/xz/ChangeLog
+21-0contrib/xz/src/liblzma/common/index.c
+9-10contrib/xz/src/common/tuklib_integer.h
+7-3lib/liblzma/config.h
+10-0contrib/xz/src/xz/main.c
+5-0contrib/xz/THANKS
+529-139 files not shown
+541-2215 files

HardenedBSD/src 788f701. ChangeLog THANKS, src/common tuklib_integer.h tuklib_gettext.h

Vendor import of xz 5.8.3 (trimmed)
DeltaFile
+477-0ChangeLog
+21-0src/liblzma/common/index.c
+9-10src/common/tuklib_integer.h
+10-0src/xz/main.c
+5-0THANKS
+2-2src/common/tuklib_gettext.h
+524-129 files not shown
+535-2015 files

HardenedBSD/src 1d1bd59sys/dev/vmm vmm_ktr.h

vmm: Add an include to vmm_ktr.h for vm_name()

Required when KTR is configured.

Remove the pcpu.h include while here, as it seems to be unneeded.

Reported by:    Jenkins
Fixes:          5f13d6b60740 ("vmm: Move common accessors and vm_eventinfo into sys/dev/vmm")

(cherry picked from commit 0aaa95ae02803ba0195c5da695ffbb17a79135bc)
DeltaFile
+3-1sys/dev/vmm/vmm_ktr.h
+3-11 files

HardenedBSD/src dc46e4asys/amd64/vmm vmm.c

amd64/vmm: remove unused static function vcpu_state2str()

It is guarded by #ifdef KTR, so the warning does not show up under usual
kernel configs.

Fixes:  ed85203fb7a0334041db6da07e45ddda4caef13d
Sponsored by:   The FreeBSD Foundation
Differential revision:  https://reviews.freebsd.org/D54781

(cherry picked from commit 002c50ea23b99b415b1b392d3dd5ea6223c3a74c)
DeltaFile
+0-20sys/amd64/vmm/vmm.c
+0-201 files

HardenedBSD/src b20f0e6sys/netinet ip_divert.c

divert: unbreak the LINT-NOIP build

Only expose `dcb` when either `INET` or `INET6` is defined.

Reported by:    clang (`-Wunused`)
MFC after:      1 week
Fixes 5547a7bb39 ("divert: Use a better source identifier...")
Differential Revision: https://reviews.freebsd.org/D55548

(cherry picked from commit bd758ebac3272f720c051570e043e4bc653dcd48)
DeltaFile
+3-2sys/netinet/ip_divert.c
+3-21 files

HardenedBSD/src 7da0434. Makefile.inc1

HBSD: Resolve merge conflict

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+2-12Makefile.inc1
+2-121 files

HardenedBSD/src fdfa095. Makefile.inc1, lib/libc/stdlib atexit.3

Merge remote-tracking branch 'origin/freebsd/current/main' into hardened/current/master

Conflicts:
        Makefile.inc1 (unresolved)
DeltaFile
+12-2Makefile.inc1
+5-4lib/libsys/_exit.2
+5-1sys/kern/kern_jail.c
+2-1lib/libc/stdlib/atexit.3
+1-1sys/conf/files
+0-1tools/build/options/WITHOUT_LLVM_BINUTILS_BOOTSTRAP
+25-101 files not shown
+25-117 files

HardenedBSD/src be79a42share/man/man9 malloc.9

malloc.9: adjust flag table indentation

The current indentation is shorter than all but one of these flags. This
renders much more nicely.

MFC after:      3 days
DeltaFile
+1-1share/man/man9/malloc.9
+1-11 files

HardenedBSD/src 84c68dbsys/arm/broadcom/bcm2835 raspberrypi_virtgpio.c bcm2835_firmware.h, sys/conf files.arm64

bcm2835_virtgpio: Add driver for virtual GPIO controller on some RPi models

This driver enables bcm2835-virtgpio GPIO controller found on RPi3B and
some CM boards. On which, the ACT (green) LED is connected to this
controller. It is essential for FreeBSD to have this driver to control
this LED.

It will be exposed via gpioled(4).

Reviewed by:    mhorne
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D51456
DeltaFile
+347-0sys/arm/broadcom/bcm2835/raspberrypi_virtgpio.c
+12-0sys/arm/broadcom/bcm2835/bcm2835_firmware.h
+1-0sys/conf/files.arm64
+360-03 files

HardenedBSD/src 6087050sys/kern kern_jail.c

Jail sysctls: deprecate generic sysctls in favour of allow-flags

- add a missing sysctl to the deprecated list
- add a comment to not add new generic sysctls and point to SYSCTL_JAIL_PARAM instead

Reviewed by:    jamie
Differential Revision:  https://reviews.freebsd.org/D51150
DeltaFile
+5-1sys/kern/kern_jail.c
+5-11 files

HardenedBSD/src 9b1f77e. Makefile.inc1, share/man/man5 src.conf.5

Makefile.inc1: Drop AS and RANLIB variables

These are not used in our world and kernel build targets.  We use the
compiler driver for assembly, and ar adds the archive index (symbol
table) automatically.

Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55964
DeltaFile
+5-5Makefile.inc1
+0-1tools/build/options/WITHOUT_LLVM_BINUTILS_BOOTSTRAP
+0-1share/man/man5/src.conf.5
+5-73 files

HardenedBSD/src c082e56lib/libc/stdlib atexit.3, lib/libsys _exit.2

_exit.2: Cross-reference atexit(3)

atexit(3) is one of the cases when _exit(2) must be used instead of
exit(3).

MFC after:              3 days
Reviewed by:            mhorne, ziaee
Differential Revision:  https://reviews.freebsd.org/D54467
DeltaFile
+5-4lib/libsys/_exit.2
+2-1lib/libc/stdlib/atexit.3
+7-52 files

HardenedBSD/src 407b1e4sys/conf files

rss: make toeplitz.c standard part of the kernel

This will fix LINT-NOIP build.  This actually adds very little to the
kernel text, e.g. 500 bytes on amd64.  A perfect solution would be to
instead declare rss_config.c as 'optional inet | inet6', but that would
fail to build LINT-NOIP in several NIC drivers, that use RSS and
absolutely ignore that both INET and INET6 are optional.  It is very
unlikely that vendors who maintain these drivers will will ever chase the
holy grail of a build that doesn't support IPv4 and IPv6.

Fixes:  d9c55b2e8cd6b79f6926278e10a79f1bcca27a4b
DeltaFile
+1-1sys/conf/files
+1-11 files

HardenedBSD/src ff68a58sys/modules/ath12k Makefile

ath12k: update module Makefile after vendor import of v6.19

Sponsored by:   The FreeBSD Foundation

(cherry picked from commit 03ba27c194ca5937478502cb52a0eda8146f9be1)
DeltaFile
+32-6sys/modules/ath12k/Makefile
+32-61 files

HardenedBSD/src 40be048sys/kern subr_sbuf.c

sbuf: make assertion message a lot more useable

Saying that we are called with an (un)finished or corrupted sbuf
is like saying "error" (though [un]finished is an extra hint).

Add the pointer to the sbuf so one could easily check it,
add the flags we are checking so one could see quickly about
a possible state mismatch.

Given we already dereference the pointer in the KASSERT there is no
extra harm adding it to the message.

Found while:    testing lindebugfs changes
Sponsored by:   The FreeBSD Foundation
Reviewed by:    jhb
Differential Revision: https://reviews.freebsd.org/D55919

(cherry picked from commit 2ce06d25431a6c96ef5719165cb73e138a0ed89c)
DeltaFile
+2-2sys/kern/subr_sbuf.c
+2-21 files

HardenedBSD/src 29dce45sys/compat/linuxkpi/common/include/linux highmem.h spinlock.h

LinuxKPI: add supporting #includes

Compiling drm-kmod on !X86 does not include asm/smp.h which includes
preempt.h on FreeBSD.  In order to compile drm-kmod on other
architectures add the secondary #includes for preempt.h to
spinlock.h and hardirq.h (which now also gets included from highmem.h)
to connect the #include chain.

Sponsored by:   The FreeBSD Foundation
PR:             279864
Reviewed by:    jhibbits, emaste
Differential Revision: https://reviews.freebsd.org/D55974

(cherry picked from commit 1d18872c2519d7ca726ddc49735180ab1d8916e0)
DeltaFile
+1-0sys/compat/linuxkpi/common/include/linux/highmem.h
+1-0sys/compat/linuxkpi/common/include/linux/spinlock.h
+1-0sys/compat/linuxkpi/common/include/linux/hardirq.h
+3-03 files

HardenedBSD/src 931b526sys/contrib/dev/athk/ath12k mac.c debugfs_htt_stats.c

ath12k: update Atheros/QCA's ath12k driver

This version is based on
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
05f7e89ab9731565d8a62e3b5d1ec206485eeb0b ( tag: v6.19 ).

Sponsored by:   The FreeBSD Foundation

(cherry picked from commit a96550206e4bde15bf615ff2127b80404a7ec41f)
DeltaFile
+9,336-1,825sys/contrib/dev/athk/ath12k/mac.c
+6,178-0sys/contrib/dev/athk/ath12k/debugfs_htt_stats.c
+4,684-353sys/contrib/dev/athk/ath12k/wmi.c
+2,346-505sys/contrib/dev/athk/ath12k/dp_mon.c
+2,076-0sys/contrib/dev/athk/ath12k/debugfs_htt_stats.h
+1,814-206sys/contrib/dev/athk/ath12k/wmi.h
+26,434-2,88958 files not shown
+42,613-5,23564 files

HardenedBSD/src 5a35d50sys/modules/ath11k Makefile

ath11k: update module Makefile after vendor import of v6.19[-rc6]

Sponsored by:   The FreeBSD Foundation

(cherry picked from commit 09cacabd8ca0cc89c8d46b2f4c1dcdd6bb1e1cab)
DeltaFile
+43-20sys/modules/ath11k/Makefile
+43-201 files

HardenedBSD/src ea86e32sys/contrib/dev/athk/ath11k mac.c pci.c

ath11k: update Atheros/QCA's ath11k driver

This version is based on
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
24d479d26b25bce5faea3ddd9fa8f3a6c3129ea7 ( tag: v6.19-rc6 ).

Sponsored by:   The FreeBSD Foundation

(cherry picked from commit 187d8a3ce55a4e2d41fbe61465d5ff4ac0fc6bd5)
(cherry picked from commit 3c4eef5d838b906e8dc30e29ca98b2c4025e2bb2)
DeltaFile
+316-139sys/contrib/dev/athk/ath11k/mac.c
+52-4sys/contrib/dev/athk/ath11k/pci.c
+19-19sys/contrib/dev/athk/ath11k/hal.h
+15-7sys/contrib/dev/athk/ath11k/wmi.c
+9-9sys/contrib/dev/athk/ath11k/pci.h
+3-15sys/contrib/dev/athk/ath11k/wmi.h
+414-1931 files not shown
+415-1947 files

HardenedBSD/src d86a85esys/fs/nullfs null_vfsops.c

nullfs: Fix handling of doomed vnodes in nullfs_unlink_lowervp()

nullfs_unlink_lowervp() is called with the lower vnode locked, so the
nullfs vnode is locked too.  The following can occur:
1. the vunref() call decrements the usecount 2->1,
2. a different thread calls vrele() on the vnode, decrements the
   usecount 0->1, then blocks on the vnode lock,
3. the first thread tests vp->v_usecount == 0 and observes that it is
   true,
4. the first thread incorrectly unlocks the lower vnode.

Fix this by testing VN_IS_DOOMED directly.  Since
nullfs_unlink_lowervp() holds the vnode lock, the value of the
VIRF_DOOMED flag is stable.

Thanks to leres@ for patiently helping to track this down.

PR:             288345
MFC after:      1 week

    [4 lines not shown]
DeltaFile
+4-10sys/fs/nullfs/null_vfsops.c
+4-101 files

HardenedBSD/src d442011usr.sbin/bhyve rfb.c

bhyve: Fix unchecked stream I/O in RFB handler

Convert rfb_send_* helpers to return status codes and check their
results. Add missing checks for stream_read() and stream_write() returns
during the handshake in rfb_handle() to avoid acting on failed I/O.

Signed-off-by:  Hayzam Sherif <hayzam at gmail.com>

Reviewed by:    markj
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D55343

(cherry picked from commit 818971cc403e78d42b77eb6c18a2d2a073e5541f)
DeltaFile
+54-22usr.sbin/bhyve/rfb.c
+54-221 files

HardenedBSD/src 132d9d5sys/kern kern_sysctl.c

sysctl: Avoid calling priv_check() unnecessarily

After commit 7d1d9cc440f80 we only serialize large sysctl requests for
non-root users, but we should avoid calling priv_check() unless the
request actually is large, as that's not the common case.  In
particular, priv_check() might not be cheap to evaluate if MAC hooks are
installed.

Reviewed by:    olce, kib
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D55377

(cherry picked from commit 0fa6ce255661acc984a45deaf2d710149b957ce6)
DeltaFile
+2-2sys/kern/kern_sysctl.c
+2-21 files

HardenedBSD/src 61a6418usr.sbin/bhyve rfb.c

bhyve: Propagate errors from rfb_recv_* functions

Update rfb_recv_* functions to return -1 on failure and 0 on success.
Update rfb_handle to check these return values and drop the connection
if an error occurs.

Signed-off-by: Hayzam Sherif <hayzam at gmail.com>

Reviewed by:    markj
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation

(cherry picked from commit 757b0bf5cf46230bcbeeb298f734b9bb7cde1817)
DeltaFile
+76-25usr.sbin/bhyve/rfb.c
+76-251 files

HardenedBSD/src a426ae1sys/netinet ip_divert.c

divert: Use a better source identifier for netisr_queue_src() calls

These opaque IDs are used by netisr to distribute work among threads.
The mapping function is simply SourceID % numthreads, so using socket
addresses as source IDs isn't going to distribute packets well due to
alignment.

Use the divert socket's generation number instead, as that suits this
purpose much better.

Reviewed by:    zlei, glebius
MFC after:      1 week
Sponsored by:   OPNsense
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D55537

(cherry picked from commit 5547a7bb39accd8f151b53e90b41d13b55f84c95)
DeltaFile
+4-2sys/netinet/ip_divert.c
+4-21 files

HardenedBSD/src ddd241dsys/amd64/include vmm.h, sys/amd64/vmm vmm.c

vmm: Deduplicate VM and vCPU state management code

Now that the machine-independent fields of struct vm and struct vcpu are
available in a header, we can move lots of duplicated code into
sys/dev/vmm/vmm_vm.c.  This change does exactly that.

No functional change intended.

MFC after:      2 months
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D53585

(cherry picked from commit ed85203fb7a0334041db6da07e45ddda4caef13d)
DeltaFile
+5-478sys/amd64/vmm/vmm.c
+476-0sys/dev/vmm/vmm_vm.c
+5-312sys/riscv/vmm/vmm.c
+5-312sys/arm64/vmm/vmm.c
+47-2sys/dev/vmm/vmm_vm.h
+0-37sys/amd64/include/vmm.h
+538-1,14112 files not shown
+551-1,22718 files

HardenedBSD/src 1befa93usr.sbin/bhyve pci_passthru.c

bhyve: Fix a misleading error message

The ioctl might fail because it's run in a jail which doesn't have
permission to invoke ppt ioctls.

Reviewed by:    jhb
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D55070

(cherry picked from commit 7ab5e3f29a50bc9294a139cc0e8e661a7c036ba3)
DeltaFile
+7-2usr.sbin/bhyve/pci_passthru.c
+7-21 files

HardenedBSD/src e857398sys/amd64/include vmm.h, sys/amd64/vmm vmm.c

vmm: Consolidate vm and vcpu definitions

There is quite a lot of duplication of code between amd64, arm64 and
riscv with respect to VM and vCPU state management.  This is a bit
tricky to resolve since struct vm and struct vcpu are private to vmm.c
and both structures contain a mix of machine-dependent and
machine-independent fields.

To allow deduplication without also introducing a lot of churn, follow
the approach of struct pcpu and 1) lift the definitions of those
structures into a new header, sys/dev/vmm/vmm_vm.h, and 2) define
machine-dependent macros, VMM_VM_MD_FIELDS and VMM_VCPU_MD_FIELDS which
lay out the machine-dependent fields.

One disadvantage of this approach is that the two structures are no
longer private to vmm.c, but I think this is acceptable.

No functional change intended.  A follow-up change will move a good deal
of machine/vmm/vmm.c into sys/dev/vmm/vmm_vm.c.

    [7 lines not shown]
DeltaFile
+121-0sys/dev/vmm/vmm_vm.h
+1-82sys/amd64/vmm/vmm.c
+36-35sys/arm64/include/vmm.h
+2-65sys/arm64/vmm/vmm.c
+1-55sys/riscv/vmm/vmm.c
+27-28sys/amd64/include/vmm.h
+188-26514 files not shown
+239-30220 files