pci: bcm2838: cleanup on attach failure to fix devmatch panic
Specifically on the RPi CM4, we currently don't set the controller up
right and it never moves into the ready state (we don't observe the link
active bit). Failure to cleanup here actually results in a panic not
long after, due to a use-after-free in the rman bits. Further down in
pci_host_generic, we have some rman stashed in the softc that are
initialized and placed onto the rman tailq, then the softc is later
freed without an rman_fini() to pull them off of the tailq properly.
Note that PCIe on this board won't come up at boot without something
plugged in, so it currently can't be booted with an empty slot with the
intent to hotplug a supported card. Some issues with controller startup
have been observed with Broadcom NICs in the wild, but no problems have
been observed with other NICs and a variety of different PCIe cards.
Shout-out to Vince <git at darkain.com> for the extensive debugging and
analysis to arrive at this conclusion.
[3 lines not shown]
lualoader: add be-list and be-switch commands
This is useful for driving BE changes from the loader command prompt,
rather than having to use the menu. Note that the active carousel in
the boot environment carousel doesn't currently reflect a switch in
boot environments done this way- I'm considering this only a minor bug,
as you probably can't or won't go back to the menu if you're using these
commands.
Reviewed by: imp (previous version)
(cherry picked from commit c7ff706b31c22f10c2403869c46b443448da3e08)
pci: pci_host_generic: provide cleanup methods outside of detach
If device_attach() fails, we're expected to actually cleanup after
ourselves because device_detach() will not be called. Factor out the
cleanup bits that don't rely on attach having actually succeeded so
that we can cleanup properly in bcm2838_pci.
Reviewed by: andrew, imp
(cherry picked from commit 31a94ec32b53ebf6227bc868ce4f7aa07650680d)
kern: ofw: provide ofw_bus_destroy_iinfo to teardown interrupt-map
For symmetry with ofw_bus_setup_iinfo, the next commits will use it to
properly cleanup on failure in bcm2838_pci.
Reviewed by: andrew
(cherry picked from commit b230a7b9a52c0fc948f4f1dcd1225a94674073f6)
linuxkpi: work with numpages > 1 in the set_pages_*() KPIs
These calls are used for buddy pages at least in drm's ttm_pool, which
leads to a panic when we invoke lowmem handlers and drm tries to shrink
the pool.
Cope with numpages > 1 by traversing the contiguous pages and executing
the adjustment there, as well, as suggested by markj@. Previous
versions have tried to use the corresponding `set_memory_*()` functions,
but it is believed that not updating `md.pat_mode` breaks subsequent
userspace mappings in ways that may result in things like screen tearing
or other artifacts when running i915kms.
This stabilized my amdgpu laptop running two VMs, chromium and a
concurrent buildworld.
Reviewed by: bz, markj
(cherry picked from commit 67f7f2781daa9bd398b424ffe2bd0be67f37f03d)
(cherry picked from commit 8dad29555a5807bf21941807752e1589e20312de)
devd: Use PF_LOCAL instead of PF_INET
Avoid dependency on INET (IPv4) by using PF_LOCAL,
allowing media check to work on systems without INET support.
PR: 295045
Reviewed by: kevans
(cherry picked from commit b2e4da0b53ad082768b8f6f83766e030fd00d02a)
jail: open the fstab files with fopen("re")
This protects against accidentally leaking them past fork()+exec()
in future refactorings.
PR: 295052
Reviewed by: kevans
(cherry picked from commit 58811b0ae096c134af372bcf475aea1d8d0e3c08)
fexecve(2): call out a scenario where you want !O_EXEC
We note a reason why you might need it, but there's an equally important
reason you may need to omit it: interpreted programs. Add a note
accordingly, along with the workaround configuration if there's reason
you can't help it.
PR: 294780
Reviewed by: Jan Bramkamp <crest_freebsd_rlwinm.de>, kib
(cherry picked from commit 9c18d55a768a3e60ecaba1325e9a3e00a25dee26)
cron: log when a crontab path is too long
Log via syslog when snprintf truncates the crontab path, instead of
silently skipping the entry.
Signed-off-by: Christos Longros <chris.longros at gmail.com>
Reviewed by: bcr, kevans
(cherry picked from commit 91bfba010bcda665cc24a76af631cc85fcb0c688)
ctld: kernel-sourced portal groups are not dummies
The current and historical versions of ctld would flag our initial set
of kernel ports as dummies, because their portal groups were empty since
portals come from the configuration on-disk.
As a result, we would never try to remove a kernel port at startup that
didn't exist in the configuration (possibly a feature if you wanted
concurrent ctld(8)), and we would always try to port->kernel_add() on
ports in the configuration (even if they actually did have an existing
kernel port).
Flag these portal groups as kernel groups so that we avoid trying to add
ports that already exist. It may be the case that the kernel_remove()
loop in conf::apply() needs to do something other than the current
`oldport->is_dummy()` to avoid removing ports that it isn't supposed to
be managing, but that wuld also seem to apply to LUNs that would be
removed today.
[3 lines not shown]
lualoader: add be-list and be-switch commands
This is useful for driving BE changes from the loader command prompt,
rather than having to use the menu. Note that the active carousel in
the boot environment carousel doesn't currently reflect a switch in
boot environments done this way- I'm considering this only a minor bug,
as you probably can't or won't go back to the menu if you're using these
commands.
Reviewed by: imp (previous version)
(cherry picked from commit c7ff706b31c22f10c2403869c46b443448da3e08)
pci: bcm2838: cleanup on attach failure to fix devmatch panic
Specifically on the RPi CM4, we currently don't set the controller up
right and it never moves into the ready state (we don't observe the link
active bit). Failure to cleanup here actually results in a panic not
long after, due to a use-after-free in the rman bits. Further down in
pci_host_generic, we have some rman stashed in the softc that are
initialized and placed onto the rman tailq, then the softc is later
freed without an rman_fini() to pull them off of the tailq properly.
Note that PCIe on this board won't come up at boot without something
plugged in, so it currently can't be booted with an empty slot with the
intent to hotplug a supported card. Some issues with controller startup
have been observed with Broadcom NICs in the wild, but no problems have
been observed with other NICs and a variety of different PCIe cards.
Shout-out to Vince <git at darkain.com> for the extensive debugging and
analysis to arrive at this conclusion.
[3 lines not shown]
pci: pci_host_generic: provide cleanup methods outside of detach
If device_attach() fails, we're expected to actually cleanup after
ourselves because device_detach() will not be called. Factor out the
cleanup bits that don't rely on attach having actually succeeded so
that we can cleanup properly in bcm2838_pci.
Reviewed by: andrew, imp
(cherry picked from commit 31a94ec32b53ebf6227bc868ce4f7aa07650680d)
linuxkpi: work with numpages > 1 in the set_pages_*() KPIs
These calls are used for buddy pages at least in drm's ttm_pool, which
leads to a panic when we invoke lowmem handlers and drm tries to shrink
the pool.
Cope with numpages > 1 by traversing the contiguous pages and executing
the adjustment there, as well, as suggested by markj@. Previous
versions have tried to use the corresponding `set_memory_*()` functions,
but it is believed that not updating `md.pat_mode` breaks subsequent
userspace mappings in ways that may result in things like screen tearing
or other artifacts when running i915kms.
This stabilized my amdgpu laptop running two VMs, chromium and a
concurrent buildworld.
Reviewed by: bz, markj
(cherry picked from commit 67f7f2781daa9bd398b424ffe2bd0be67f37f03d)
(cherry picked from commit 8dad29555a5807bf21941807752e1589e20312de)
kern: ofw: provide ofw_bus_destroy_iinfo to teardown interrupt-map
For symmetry with ofw_bus_setup_iinfo, the next commits will use it to
properly cleanup on failure in bcm2838_pci.
Reviewed by: andrew
(cherry picked from commit b230a7b9a52c0fc948f4f1dcd1225a94674073f6)
devd: Use PF_LOCAL instead of PF_INET
Avoid dependency on INET (IPv4) by using PF_LOCAL,
allowing media check to work on systems without INET support.
PR: 295045
Reviewed by: kevans
(cherry picked from commit b2e4da0b53ad082768b8f6f83766e030fd00d02a)
fexecve(2): call out a scenario where you want !O_EXEC
We note a reason why you might need it, but there's an equally important
reason you may need to omit it: interpreted programs. Add a note
accordingly, along with the workaround configuration if there's reason
you can't help it.
PR: 294780
Reviewed by: Jan Bramkamp <crest_freebsd_rlwinm.de>, kib
(cherry picked from commit 9c18d55a768a3e60ecaba1325e9a3e00a25dee26)
jail: open the fstab files with fopen("re")
This protects against accidentally leaking them past fork()+exec()
in future refactorings.
PR: 295052
Reviewed by: kevans
(cherry picked from commit 58811b0ae096c134af372bcf475aea1d8d0e3c08)
ctld: kernel-sourced portal groups are not dummies
The current and historical versions of ctld would flag our initial set
of kernel ports as dummies, because their portal groups were empty since
portals come from the configuration on-disk.
As a result, we would never try to remove a kernel port at startup that
didn't exist in the configuration (possibly a feature if you wanted
concurrent ctld(8)), and we would always try to port->kernel_add() on
ports in the configuration (even if they actually did have an existing
kernel port).
Flag these portal groups as kernel groups so that we avoid trying to add
ports that already exist. It may be the case that the kernel_remove()
loop in conf::apply() needs to do something other than the current
`oldport->is_dummy()` to avoid removing ports that it isn't supposed to
be managing, but that wuld also seem to apply to LUNs that would be
removed today.
[3 lines not shown]
ssp: fix our gets_s implementation under _FORTIFY_SOURCE
Annex K specifies an interface for handling constraint violations from
gets_s, but we previously broke this for some classes of get_s misuse.
Provide a more nuanced version that tries to dodge errors that would
trigger a constraint handler while still providing value. Notably, we
don't want to trigger a failure unless the passed-in length reasonably
fits within an RSIZE_MAX, because gets_s will immediately call larger
lengths bogus and fail.
PR: 294881
Reviewed by: markj
(cherry picked from commit d98f4f0698ef0c5178882c544b4c38542d4780f0)
cron: log when a crontab path is too long
Log via syslog when snprintf truncates the crontab path, instead of
silently skipping the entry.
Signed-off-by: Christos Longros <chris.longros at gmail.com>
Reviewed by: bcr, kevans
(cherry picked from commit 91bfba010bcda665cc24a76af631cc85fcb0c688)
security/vuxml: add FreeBSD SAs issued on 2026-06-09
FreeBSD-SA-26:25.thr affects all supported releases
FreeBSD-SA-26:26.ktls affects all supported releases
FreeBSD-SA-26:27.sound affects all supported releases
FreeBSD-SA-26:28.capsicum affects all supported releases
FreeBSD-SA-26:29.ip6_multicast affects all supported releases
FreeBSD-SA-26:30.linux affects all supported releases
FreeBSD-SA-26:31.arm64 affects all supported releases
FreeBSD-SA-26:32.elf affects all supported releases
FreeBSD-SA-26:33.unbound affects all supported releases
FreeBSD-SA-26:34.vt affects all supported releases
FreeBSD-SA-26:35.openssl affects all supported releases
FreeBSD-SA-26:36.ldns affects all supported releases
