bus: Add device_has_children predicate
Add a device_has_children() function which can be used to check if a
device has children without allocating a list of them which we aren't
going to use, or even counting them.
Also modify device_get_children() so it can be used to query the count
without allocating a list.
MFC after: 1 week
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
Reviewed by: imp, markj
Differential Revision: https://reviews.freebsd.org/D53918
Export t4_tom's symbols for other offload modules
This allows iw_cxgbe.ko, cxgbei.ko, nvmf_che.ko, etc. to be loaded when
debug.link_elf_leak_locals and debug.link_elf_obj_leak_locals are
disabled.
PR: 291250
MFC after: 1 week
Sponsored by: Chelsio Communications
kgssapi: Remove broken MOD_UNLOAD code
The module panicked at unload with "recursing but non-recursive rw".
There is a comment that "Unloading of the kgssapi module is not
currently supported" and the MOD_UNLOAD case falls through to returning
EOPNOTSUPP anyway. Just #if 0 the code in the unload path, leaving it
as a hint in case someone implements unload support later on.
PR: 291249
Reviewed by: rmacklem
Fixes: ad704a34bc2c ("Use syscall_helper_register(9) rather than syscall_register().")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53949
git-arc: Fix failure to call arc() function
As of b3e53f9fff11, git-arc attempted to call the internal shell
function, arc(), using env(1). However, because env(1) does not call
shell functions, it actually attempted to run the arc utility. This led
to errors:
% git arc create -r xxx HEAD
env: arc: No such file or directory
git-arc: could not create Phabricator diff
This change removes the unnecessary use of env(1), so the arc() function
is correctly called.
Reviewed by: markj
Fixes: b3e53f9fff11 ("git-arc: Don't require devel/arcanist")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53972
Mitigate YXDOMAIN and nodata non-referral answer poisoning.
Add a fix to apply scrubbing of unsolicited NS RRSets (and their
respective address records) for YXDOMAIN and nodata non-referral
answers. This prevents a malicious actor from exploiting a possible
cache poison attack.
Obtained from: NLnet Labs
Security: FreeBSD-SA-25:10.unbound
Security: CVE-2025-11411
(cherry picked from commit 2a3a6a1771148a709c2d9694c1d66c41ce8dee79)
(cherry picked from commit cd40a23fb249bba461e38ca0c3d243a20a12eef4)
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
pkg: Move FreeBSD-base to pkg.freebsd.org
Rather than fetching packages directly from the CDN which currently
backs pkgbase.freebsd.org, requests will go to pkg.freebsd.org mirrors
and be 302ed to the correct servers. This adds ~70 seconds to the
process of installing or upgrading a pkgbase system; it also orphans
systems with 15.0-{PRERELEASE,ALPHA*,BETA*} installed since they are
expecting to see pkgbase files signed with the pkg keys, not the new
pkgbase signing keys.
Reviewed by: dch, philip
MFC after: immediately (for 15.0-RELEASE)
With hat: re
Requested by: clusteradm, core
Differential Revision: https://reviews.freebsd.org/D53964
(cherry picked from commit a3b0902d73901e7243103e60cf78c53cd7f566a1)
pkg: Move FreeBSD-base to pkg.freebsd.org
Rather than fetching packages directly from the CDN which currently
backs pkgbase.freebsd.org, requests will go to pkg.freebsd.org mirrors
and be 302ed to the correct servers. This adds ~70 seconds to the
process of installing or upgrading a pkgbase system; it also orphans
systems with 15.0-{PRERELEASE,ALPHA*,BETA*} installed since they are
expecting to see pkgbase files signed with the pkg keys, not the new
pkgbase signing keys.
Reviewed by: dch, philip
MFC after: immediately (for 15.0-RELEASE)
With hat: re
Requested by: clusteradm, core
Differential Revision: https://reviews.freebsd.org/D53964
exports.5: Typo: "auomatically" => "automatically"
Fixes: 9d975e47d5a3 ("exports.5: Clarify that exported dirs should be local mount points")
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
git-arc: Don't require devel/arcanist
Instead of invoking just “arc”, which requires devel/arcanist, which
conflicts with archivers/arc, invoke the underlying script installed by
devel/arcanist-lib.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D53942
sys/_types.h: centralize __vm_offset_t and __vm_size_t definitions
Use __ptraddr_t to define __vm_offset_t and __size_t for __vm_size_t
rather than per-pointer-size definitions.
Reviewed by: kib, markj
Effort: CHERI upstreaming
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D53818
sys/_types.h: add __intptr_t to __mbstate_t
Extend __mbstate_t to include an intptr_t to ensure it can hold a
pointer if required.
Reviewed by: kib, markj
Effort: CHERI upstreaming
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D53822
add types: (u)int64ptr_t
This type represents an integer value of at least 64 bits which is
capable of being cast to and from pointer types. It is intended to
replace various spellings of (u)int64_t there the value is expected to
hold a pointer. This is common in Linux code to allow 32-bit and 64-bit
structures to be the same and used other places including OpenZFS. With
the introduction of CHERI this no longer works, but we need to preserve
the ABI for integer pointer targets. Rather than adding ifdefs in every
case, we introduce a new type.
Reviewed by: kib, markj
Effort: CHERI upstreaming
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D53823
sys/_types.h: define __(u)int(f)ptr_t for CHERI
On pure-capability ABIs, uintptr_t and variants are capabilities and
defined to the new primative type __uintcap_t and variants. This is
required to allow pointers (capabilities) to round trip through
uintptr_t as required by the C standard.
Reviewed by: kib, markj
Effort: CHERI upstreaming
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D53819