divert: Define semantics for SO_REUSEPORT_LB on divert sockets
Allow SO_REUSEPORT_LB to be set on divert sockets. If set, then bind()
will add the socket to a "load-balancing group". When a divert-to rule
matches a port with an associated group, the corresponding state ID is
used to select a specific socket from the group. Packets without an
associated state are simply forwarded to the first socket in the group.
For now I only pass a state ID from pf, as I couldn't see a useful
identifier on the ipfw side.
This implementation is simple but has a caveat, that being that if
sockets are added to the group while flows are being processed, the size
of the group will change and this changes the mapping of state IDs to
sockets. So, to get a consistent mapping, the divert socket application
must bind all of its sockets before any traffic is diverted by the
firewall.
Reviewed by: glebius
MFC after: 1 month
[3 lines not shown]
bhyve/virtio-scsi: Support multiple backends
In order to support multiple backends for virtio-scsi, we should isolate
the core of virtio-scsi from the backend-specific code. The existing
interface to CTL will become the new "CTL" backend for virtio-scsi.
Care has been taken to keep compatibility with previous configurations:
The first backend linked (CTL) will be the default backend if none is
specified, and it does provide a default configuration if no further
options such as targets are explicitly configured.
Reviewed by: markj
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D53223
bhyve/virtio-scsi: Make all I/O processing parameters configurable
This includes:
- seg_max, the number of segments allowed in a single command
- {ctl,evt,req}_ringsz, the number of descriptors in a queue
- thr_per_q, the number of processing threads per request queue
- num_queues, the number of request queues
Reviewed by: markj
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D54073
bhyve/virtio-scsi: Implement task management functions
Currently, all I/O requests are queued internally, and a number of
threads will pick I/O requests of the queue and send them to CTL with
a synchronous CTL_IO ioctl. On the other hand, TMF requests are sent
to CTL immediately using the same synchronous ioctl.
Besides being unworkable for non-CTL backends such as for SCSI
passthrough, this simple approach may easily run into situations
where a TMF request operating on a particular I/O request is sent
to CTL while it is still on our queue and thus unknown to CTL.
In addition, for target and/or LUN resets we should really clear
our queue and return all outstanding I/O requests with a proper
status.
Reviewed by: markj
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D53222
bhyve/virtio-scsi: Support for multiple targets
Currently, virtio-scsi supports only one target with 16383 LUNs, which
fits nicely with what CTL provides. It would be useful to support more
than that, multiple targets each with 16383 LUNs.
While this can be useful with CTL by attaching each target to another
CTL target port, this will be necessary to support SCSI passthrough.
The new syntax for configuring targets will look like this:
-s X,virtio-scsi,target=/dev/foo,target=/dev/bar,target=4:/dev/baz
This will create the following configuration nodes:
pci.0.X.0.device=virtio-scsi
pci.0.X.0.target.0=/dev/foo
pci.0.X.0.target.1=/dev/bar
pci.0.X.0.target.4=/dev/baz
[16 lines not shown]
www/nginx-module-lua: Add new port
Add a new port for the OpenResty lua-nginx-module dynamic
module for nginx.
WWW: https://github.com/openresty/lua-nginx-module
Sponsored by: Netzkommune GmbH
smartpqi: Add runtime sysctl for debug_level and log device state changes
The smartpqi driver did not log device add/remove or controller events
to syslog, and hw.smartpqi.debug_level could only be set at boot via
loader.conf with no runtime sysctl interface.
Add a read-write sysctl at dev.smartpqi.N.debug_level for runtime
debug level changes. Add device_printf calls for device addition,
removal, and controller events (hotplug, hardware, physical/logical
device, AIO state/config changes) so state changes always appear in
dmesg. Add DBG_DISC logging for discovery state transitions. Fix
spelling errors in strings and comments across the driver.
Bump driver version to 14.4691.1.2000 / 15.2.1.2000.
PR: 294161
Reviewed by: imp
Approved by: imp
MFC after: 2 weeks
[4 lines not shown]
smartpqi: Add runtime sysctl for debug_level and log device state changes
The smartpqi driver did not log device add/remove or controller events
to syslog, and hw.smartpqi.debug_level could only be set at boot via
loader.conf with no runtime sysctl interface.
Add a read-write sysctl at dev.smartpqi.N.debug_level for runtime
debug level changes. Add device_printf calls for device addition,
removal, and controller events (hotplug, hardware, physical/logical
device, AIO state/config changes) so state changes always appear in
dmesg. Add DBG_DISC logging for discovery state transitions. Fix
spelling errors in strings and comments across the driver.
Bump driver version to 14.4691.1.2000 / 15.2.1.2000.
PR: 294161
Reviewed by: imp
Approved by: imp
MFC after: 2 weeks
[4 lines not shown]
15.1/relnotes: Improve pkgbase notes
Move pkgbase changes to a new section at the start of the release
notes. This avoids conflating ports and pkgbase changes (which we
should avoid, since some users are already confused about the
relationship between pkgbase and ports), and provides important
information which might require user action earlier in the release
notes.
Be more explicit about when user action is and isn't required.
Remove "pkgbase" from user-facing documentation ("base system packages"
is the preferred user-facing terminology).
Suggest that people wanting to use installworld/installkernel should
depkgbasify, rather than suggesting DESTDIR=/. Overriding this check
is basically guaranteed to break the system, and should never be done;
it's only there in case of some sort of extraordinary situation where
the system can't be repaired any other way.
[4 lines not shown]
acpi: On /dev/power suspend, trigger userspace notifications
On a suspend request via ioctl(), /dev/acpi (and compatible /dev/apm)
both call acpi_ReqSleepState() instead of directly calling
acpi_EnterSleepState(). The former does more checks, returns success if
the machine is already suspending, and notifies user space (via devd(8))
about the impending suspend. In other words, it seems to have been
designed for user consumption more than the latter function.
So, use acpi_ReqSleepState() in place of acpi_EnterSleepState() in
acpi_pm_func(), which is ultimately called by power_pm_suspend(), itself
called by power_ioctl(). Other callers of power_pm_suspend() (such as
the console drivers) are also user-facing facilities, so should also
benefit from this change.
Reviewed by: mhorne, imp
Tested by: mhorne
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57239
security/vuxml: Add www/grafana vulnerabilities
- XSS in Grafana Explore stack trace (CVE-2025-41117)
- Public Dashboards time range restriction on annotations can be bypassed (CVE-2026-21722)
- RCE on Grafana via sqlExpressions (CVE-2026-27876)
- Public dashboards discloses all direct mode datasources (CVE-2026-27877)
- Query resampling can cause unbounded memory allocations (CVE-2026-27879)
- OpenFeature evaluation API reads input data with no bounds (CVE-2026-27880)
- Grafana Testdata datasource can issue unbounded memory allocations (CVE-2026-28375)
- Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS (CVE-2026-33375)
PR: 294105
Reported by: Boris Korzun <drtr0jan at yandex.ru>
