FreeBSD/src c9d98c0sys/netlink netlink_snl.h

netlink: add const variants of NLA iteration macros

Add const-qualified versions of the NLA iteration helpers to allow
walking immutable netlink attribute buffers without discarding const
qualifiers.

This introduces NLA_NEXT_CONST(), _NLA_END_CONST(), and
NLA_FOREACH_CONST() in netlink_snl.h.

Signed-off-by: Ishan Agrawal <iagrawal9990 at gmail.com>
Sponsored-by : Google LLC (GSoC 2026)
DeltaFile
+12-0sys/netlink/netlink_snl.h
+12-01 files

FreeBSD/src c041b82sys/ufs/ffs ffs_vfsops.c

ffs: do not return ESTALE on attempt to ffs_unotovp() on unlinked inode

The consequences are:
- for nfs exports and fhopen(2), unlinked but still referenced inodes
  are accessible
- for ffs_vput_pair() with unlock_vp = false, spurious ESTALE is not
  returned when the inode is still alive but unlinked

Note that tmpfs does not return ESTALE for the unlinked nodes.
The same behavior is claimed for Linux in
https://github.com/openzfs/zfs/issues/18699

Reviewed by:    rmacklem
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D57982
DeltaFile
+1-1sys/ufs/ffs/ffs_vfsops.c
+1-11 files

FreeBSD/src 0cff90fsys/kern vfs_default.c, sys/sys vnode.h

VOP_VPUT_PAIR(): handle the case when dvp == vp

(cherry picked from commit be9295deedd1e837ee3645583d07e1dffbe1ead0)
DeltaFile
+23-5sys/kern/vfs_default.c
+11-7sys/ufs/ffs/ffs_vnops.c
+1-0sys/sys/vnode.h
+35-123 files

FreeBSD/src d1b6249sys/dev/acpica acpi.c acpivar.h

acpi: ignore wake button press replayed by firmware on resume

Some firmware delivers the power or sleep button press that woke the
system as an ordinary button press (Notify 0x80) shortly after resume,
rather than as the wakeup notification (Notify 0x02) the ACPI
specification requires for a button that is also a wake source.

On affected machines (e.g. the Framework Laptop 12, Intel Raptor Lake-P)
the power button is a control-method device behind the embedded
controller.  The EC latches the key press that woke the system across the
sleep transition and flushes it through its normal _Qxx query path as
soon as it is reinitialized on resume.  The replayed press is
indistinguishable from a genuine one, so the kernel honors it as a fresh
suspend request and the machine suspends again immediately after waking;
it cannot be kept awake with the button.

The event cannot be filtered at its source: it arrives over the same EC
query path that also carries legitimate events (lid, AC, thermal,
battery), so suppressing the drain would lose real notifications.

    [24 lines not shown]
DeltaFile
+43-0sys/dev/acpica/acpi.c
+1-0sys/dev/acpica/acpivar.h
+44-02 files

FreeBSD/src d4e0f4dsys/kern kern_jail.c, tests/sys/kern jail_thread.c Makefile

jail: prevent a race between jail_attach in different threads

Attaching to a jail changes its root directory and its process
credentials. These operations both require unlocking the jail, and also
need allprison_lock unlocked. That means that if two threads are trying
to attach to different jails at the same time, it's possible for the
process to end up with one jail's root directory but the other jail's
credentials.

Solve this by forcing the process into single-threaded mode during
system calls that attach to a jail (jail_attach, jail_attach_jd, and
sometimes jail_set).

Reviewed by:    kib, markj
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D57858
DeltaFile
+231-0tests/sys/kern/jail_thread.c
+61-11sys/kern/kern_jail.c
+2-0tests/sys/kern/Makefile
+294-113 files

FreeBSD/src cd61eb4sys/conf kern.pre.mk, sys/contrib/openzfs/include/os/freebsd/spl/sys simd_x86.h

zfs: Wire sha512 offload to the build

FreeBSD main just got the CPUID_STDEXT4_SHA512 define.

OpenZFS PR #18732
DeltaFile
+14-0sys/contrib/openzfs/include/os/freebsd/spl/sys/simd_x86.h
+1-2sys/conf/kern.pre.mk
+1-1sys/contrib/openzfs/module/Makefile.bsd
+1-1sys/modules/zfs/Makefile
+17-44 files

FreeBSD/src a2545f6share/man/man5 src.conf.5, tools/build/options WITH_CCACHE_BUILD

src.conf(5): Suggest using ccache4

We have separate ports for Ccache 3 and 4.  Suggest both, rather than
only the Ccache 3 port.  Rearrange the text somewhat to avoid an
excessively ragged edge on a standard 80-column terminal.

MFC after:      1 week
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D58005
DeltaFile
+8-11share/man/man5/src.conf.5
+7-10tools/build/options/WITH_CCACHE_BUILD
+15-212 files

FreeBSD/src 90130f3contrib/ofed/libirdma irdma_uk.c, sys/dev/irdma irdma_cm.c irdma_utils.c

irdma(4): update irdma to version 1.3.56-k

Update Intel irdma driver to version 1.3.56-k

Notable changes:
- adding E830 support
- adding E835 support

Signed-off-by: Sobczak, Bartosz <bartosz.sobczak at intel.com>

Reviewed by:    Andrew Zhu <anzhu at netapp.com>
Tested by:      Mateusz Moga <mateusz.moga at intel.com>
Sponsored by:   Intel Corporation
Differential Revision:  https://reviews.freebsd.org/D55479

(cherry picked from commit 5b7aa6c7bc9db19e8bd34a5b7892fb5df2a3068b)
DeltaFile
+359-134sys/dev/irdma/irdma_cm.c
+260-116sys/dev/irdma/irdma_utils.c
+240-63sys/dev/irdma/irdma_kcompat.c
+122-151sys/dev/irdma/irdma_ctrl.c
+149-113contrib/ofed/libirdma/irdma_uk.c
+147-113sys/dev/irdma/irdma_uk.c
+1,277-69031 files not shown
+2,236-1,24537 files

FreeBSD/src 43da0c9sys/dev/usb/quirk usb_quirk.c

usb/quirks: Sort the USB mass storage quirks

MFC after:      1 week
Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D57930
DeltaFile
+11-10sys/dev/usb/quirk/usb_quirk.c
+11-101 files

FreeBSD/src e1a0592sys/dev/usb usbdevs, sys/dev/usb/quirk usb_quirk.c

usb/quirks: Add entry for Verbatim Store'n'Go

PR:             199101
MFC after:      1 week
Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D57929
DeltaFile
+4-0sys/dev/usb/usbdevs
+1-0sys/dev/usb/quirk/usb_quirk.c
+5-02 files

FreeBSD/src 5cac86fsys/dev/sound/pcm feeder_eq.c sound.h

sound: Rename SD_F_EQ_ENABLED to SD_F_EQ

No functional change intended.

Sponsored by:   The FreeBSD Foundation
MFC after:      1 week

(cherry picked from commit a3d65cde7775818fb78afe935a4616a31f137c3d)
DeltaFile
+3-3sys/dev/sound/pcm/feeder_eq.c
+2-2sys/dev/sound/pcm/sound.h
+1-1sys/dev/sound/pcm/feeder_chain.c
+1-1sys/dev/sound/pcm/mixer.c
+7-74 files

FreeBSD/src 8163944sys/dev/sound/pcm feeder_chain.c sound.h

sound: Retire unused SD_F_EQ_PC

This flag is neither set anywhere, nor is there a way to set it from
userland, so it is effectively useless, and currently the effect is that
EQ can only be enabled for primary playback channels.

Retire the flag and keep this behavior, and think later whether we want
to allow virtual channels to get their own EQ feeder as well.

Sponsored by:   The FreeBSD Foundation
MFC after:      1 week

(cherry picked from commit ede0236d3b34a89bae7795f0f45696d4d94ce138)
DeltaFile
+2-4sys/dev/sound/pcm/feeder_chain.c
+2-2sys/dev/sound/pcm/sound.h
+4-62 files

FreeBSD/src 8ad097dsys/compat/linux linux_xattr.c

linuxulator: Fix operator precedence for LINUX_XATTR_FLAGS in setxattr()

The LINUX_XATTR_FLAGS macro expands to (LINUX_XATTR_CREATE|LINUX_XATTR_REPLACE).
Without parentheses around the macro expansion, the bitwise & operator has
higher precedence than |, causing incorrect flag evaluation and a compiler
warning.

Add the missing parentheses around LINUX_XATTR_FLAGS to ensure correct
operator grouping, matching the existing usage in getxattr().

Signed-off-by:  YAO, Xin <mr.yaoxin at outlook.com>
Fixes:          2c905456312b ("linuxulator: Fix O_PATH file descriptors errno for f*xattr(2)")
Reviewed by:    kib
Pull Request:   https://github.com/freebsd/freebsd-src/pull/2306
DeltaFile
+4-4sys/compat/linux/linux_xattr.c
+4-41 files

FreeBSD/src 3d3eedainclude assert.h

libc: Fix assert() sanitiser for C++ contextual bool conversion

Replace the `(bool(*)(bool))` probe in `__assert_sanitize()` with an unevaluated
conditional expression, so types with `explicit operator bool()` that require a
contextually converted constant expression of type `bool` are handled correctly.

Ergo, arity check is now performed separately via `__assert_sanitize_arity()`, a
unary template whose parameter pack must bind to exactly on argument after
`__VA_ARGS__` is substituted into the call.

Also align NDEBUG with C23 requirements.

Reported by:    dim, aokblast
Signed-off-by:  Faraz Vahedi <kfv at kfv.io>
Reviewed by:    aokblast, fuz
MFC after:      1 week
Fixes:          867b51452ea78ece0b312a387e63fdbc2a11056a
Pull Request:   https://github.com/freebsd/freebsd-src/pull/2265

(cherry picked from commit 48d20fd1cf90179e778c6155900cbed2be140273)
DeltaFile
+7-27include/assert.h
+7-271 files

FreeBSD/src 12b9412contrib/expat Changes, contrib/expat/lib xmlparse.c memory_sanitizer.h

contrib/expat: import expat 2.8.2

Changes: https://github.com/libexpat/libexpat/blob/R_2_8_2/expat/Changes

Security:       CVE-2026-50219
Security:       CVE-2026-56131
Security:       CVE-2026-56132
Security:       CVE-2026-56403
Security:       CVE-2026-56404
Security:       CVE-2026-56405
Security:       CVE-2026-56406
Security:       CVE-2026-56407
Security:       CVE-2026-56408
Security:       CVE-2026-56409
Security:       CVE-2026-56410
Security:       CVE-2026-56411
Security:       CVE-2026-56412

(cherry picked from commit c82aeee8a6d39371006f5eeb1b51704e7b97e2b7)
DeltaFile
+660-550contrib/expat/lib/xmlparse.c
+76-31contrib/expat/xmlwf/xmlwf.c
+90-2contrib/expat/Changes
+51-2contrib/expat/tests/handlers.c
+51-0contrib/expat/lib/memory_sanitizer.h
+49-0contrib/expat/lib/fallthrough.h
+977-58529 files not shown
+1,235-66435 files

FreeBSD/src 32652bfcontrib/expat Changes, contrib/expat/lib xmlparse.c memory_sanitizer.h

contrib/expat: import expat 2.8.2

Changes: https://github.com/libexpat/libexpat/blob/R_2_8_2/expat/Changes

Security:       CVE-2026-50219
Security:       CVE-2026-56131
Security:       CVE-2026-56132
Security:       CVE-2026-56403
Security:       CVE-2026-56404
Security:       CVE-2026-56405
Security:       CVE-2026-56406
Security:       CVE-2026-56407
Security:       CVE-2026-56408
Security:       CVE-2026-56409
Security:       CVE-2026-56410
Security:       CVE-2026-56411
Security:       CVE-2026-56412

(cherry picked from commit c82aeee8a6d39371006f5eeb1b51704e7b97e2b7)
DeltaFile
+660-550contrib/expat/lib/xmlparse.c
+76-31contrib/expat/xmlwf/xmlwf.c
+90-2contrib/expat/Changes
+51-2contrib/expat/tests/handlers.c
+51-0contrib/expat/lib/memory_sanitizer.h
+49-0contrib/expat/lib/fallthrough.h
+977-58529 files not shown
+1,235-66435 files

FreeBSD/src c146f5acontrib/pkgconf/libpkgconf personality.c, lib/libpkgconf Makefile

pkgconf: determine the default paths dynamically

This automatically computes the correct PKG_CONFIG_PATH with LOCALBASE
from the environment (when set) or from the "user.localbase" sysctl, in
this order.

Reviewed by:    des
Approved by:    des
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D57246
DeltaFile
+61-0contrib/pkgconf/libpkgconf/personality.c
+0-2lib/libpkgconf/Makefile
+61-22 files

FreeBSD/src f27c1dashare/man/man4 ntsync.4

ntsync.4: be explicit about the effect of automatic vs manual event on waiters

(cherry picked from commit 65251c43415aa0993b7d43962cbb71d772870c83)
DeltaFile
+7-1share/man/man4/ntsync.4
+7-11 files

FreeBSD/src 0b9f4c6sys/fs/nfsserver nfs_nfsdserv.c

nfs_nfsdserv.c: Fix setting of birthtime for some ZFS pools

Some ZFS pools do not support va_birthtime and will return
EINVAL when a VOP_SETATTR() of it is attempted.  The MacOS
NFSv4 client sets va_birthtime (TimeCreate) in the same
Setattr with ctime/mtime and other attributes after a new
file is created.  The EINVAL failure leaves these new files
messed up (mode == 0).

This patch pretends the setting of TimeCreate succeeded if
ctime/mtime were also set in the same Setattr RPC, which
resolves the problem for the MacOS client.

If this fix is not sufficient, a new pathconf name to detect
if a file system supports birthtime may be needed.

PR:     296066

(cherry picked from commit b1af05406b5117d76f567056fba0a023a6374465)
DeltaFile
+10-0sys/fs/nfsserver/nfs_nfsdserv.c
+10-01 files

FreeBSD/src 76badd2sys/fs/nfsserver nfs_nfsdserv.c

nfs_nfsdserv.c: Fix setting of birthtime for some ZFS pools

Some ZFS pools do not support va_birthtime and will return
EINVAL when a VOP_SETATTR() of it is attempted.  The MacOS
NFSv4 client sets va_birthtime (TimeCreate) in the same
Setattr with ctime/mtime and other attributes after a new
file is created.  The EINVAL failure leaves these new files
messed up (mode == 0).

This patch pretends the setting of TimeCreate succeeded if
ctime/mtime were also set in the same Setattr RPC, which
resolves the problem for the MacOS client.

If this fix is not sufficient, a new pathconf name to detect
if a file system supports birthtime may be needed.

PR:     296066

(cherry picked from commit b1af05406b5117d76f567056fba0a023a6374465)
DeltaFile
+10-0sys/fs/nfsserver/nfs_nfsdserv.c
+10-01 files

FreeBSD/src cf85111sys/x86/include specialreg.h, sys/x86/x86 identcpu.c

x86: add CPUID bits for SHA512/SM3/SM4

Reviewed by:    mav
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D58003
DeltaFile
+3-0sys/x86/include/specialreg.h
+3-0sys/x86/x86/identcpu.c
+6-02 files

FreeBSD/src 6d9bc46usr.sbin/jail config.c

jail: prevent a null derefence on array parameter assignment

The same variable was used as a counter for an inner and out loop.
Add a new one for the inner loop.

PR:             283934
Reported by:    crest at rlwinm.de
DeltaFile
+4-3usr.sbin/jail/config.c
+4-31 files

FreeBSD/src de68720cddl/lib/libzfs Makefile, cddl/lib/libzpool Makefile

zfs: fix SIMD defines to match OpenZFS HAVE_SIMD() macro

The OpenZFS merge 80aae8a3f8aa introduced HAVE_SIMD() which checks for
HAVE_TOOLCHAIN_* defines via simd_config.h.  The kernel module Makefile
was updated, but kern.pre.mk (static kernel build) and the libzpool/libzfs
Makefiles were missed, still using the old HAVE_SSE2 etc. names.  This
caused all vectorized raidz, fletcher, and blake3 implementations to be
compiled out.
DeltaFile
+5-3sys/conf/kern.pre.mk
+3-3cddl/lib/libzpool/Makefile
+3-2cddl/lib/libzfs/Makefile
+11-83 files

FreeBSD/src fbc039etests/sys/netinet ip_reass_test.c

tests: fix checksum computation

This fixes an endianness bug in sys/netinet/ip_reass_test.
Just use the code from RFC 1071.

Reported by:            glebius
Reviewed by:            glebius, Timo Völker
MFC after:              1 week
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D57988
DeltaFile
+18-14tests/sys/netinet/ip_reass_test.c
+18-141 files

FreeBSD/src 2a4b8fdsys/kern uipc_usrreq.c

unix: Fix a socket refcount leak in uipc_sendfile_wait()

Fixes:          d15792780760 ("unix: new implementation of unix/stream & unix/seqpacket")
Reviewed by:    glebius
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D57967
DeltaFile
+3-1sys/kern/uipc_usrreq.c
+3-11 files

FreeBSD/src 524fb04share/man/man9 fetch.9

fetch.9: fix a typo

Fixes:          a1c52e05f571 ("CHERI: declare fueptr and suptr")
Effort:         CHERI upstreaming
Sponsored by:   Innovate UK
DeltaFile
+1-1share/man/man9/fetch.9
+1-11 files

FreeBSD/src 17602ebsys/libkern bcopy.c

CHERI: make mem{cpy,move}(9) CHERI compatible

- Use intptr_t in place of long as the word type in the core copying
  loop where aligned words a copied.  This preserved the provenance of
  any copied pointers.
- When working with the address of src or dst use ptraddr_t rather than
  uintptr_t.  This avoid ambigious provenance in expressions involving
  multiple addresses.

As a minor tweak, rename the function to memmove since that is the
interface it implements (overlapping src and dst are permitted) and make
memcpy the alias rather than the other way around.

Reviewed by:    kib, markj
Effort:         CHERI upstreaming
Sponsored by:   Innovate UK
Differential Revision:  https://reviews.freebsd.org/D57965
DeltaFile
+11-9sys/libkern/bcopy.c
+11-91 files

FreeBSD/src f14bdfeshare/man/man9 socket.9, sys/kern uipc_socket.c

CHERI: add sooptcopyinptr to preserve pointer provenance

Most socket options don't involve pointers so make the default
sooptcopyin discard provenance and add a sooptcopyinptr that preserves.

Reviewed by:    markj, emaste
Effort:         CHERI upstreaming
Sponsored by:   DARPA, AFRL, Innovate UK
Differential Revision:  https://reviews.freebsd.org/D57665
DeltaFile
+28-6sys/kern/uipc_socket.c
+12-1share/man/man9/socket.9
+6-0sys/sys/sockopt.h
+46-73 files

FreeBSD/src 7f55dbeshare/man/man9 memcpy.9 memmove.9, sys/sys systm.h

CHERI: declare mem{cpy,move}_data

Declare kernel-only, provenance-discarding memcpy_data, and memmove_data
APIs intended to copy raw data which does not contain pointers (e.g.,
buffers on their way to or from network or storage devices).  On CHERI
architectures, they will explicitly remove tags from capabilities,
removing any provenance.  This reduces the risk of accidental spread of
pointers on CHERI systems.

Document that bcopy preserves pointer provenance.

Reviewed by:    ziaee, kib, adrian, markj
Effort:         CHERI upstreaming
Sponsored by:   DARPA, AFRL, Innovate UK
Differential Revision:  https://reviews.freebsd.org/D57662
DeltaFile
+23-7share/man/man9/memcpy.9
+24-5share/man/man9/memmove.9
+9-0sys/sys/systm.h
+4-2share/man/man9/bcopy.9
+2-0share/man/man9/Makefile
+62-145 files

FreeBSD/src 402a657lib/libsysdecode mktables

libsysdecode: Fix shutdownhow table

MFC after:      1 week
Fixes:          c3276e02beab ("sockets: make shutdown(2) how argument a enum")
Reviewed by:    glebius
Differential Revision:  https://reviews.freebsd.org/D57915
DeltaFile
+1-1lib/libsysdecode/mktables
+1-11 files