[Git][hardenedbsd/HardenedBSD][hardened/current/cross-dso-cfi] 19 commits: bsnmpd: avoid warnings about too-long initializer strings

[HardenedBSD Services (@hardenedbsd-services)]

HardenedBSD Services pushed to branch hardened/current/cross-dso-cfi at HardenedBSD / HardenedBSD


Commits:
3054e22e by Dimitry Andric at 2025-12-26T14:27:23+01:00
bsnmpd: avoid warnings about too-long initializer strings

Mark `UTC` as `__non_string`, to avoid a warning from clang 21 similar
to:

usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptc.c:339:29: error: initializer-string for character array is too long, array size is 3 but initializer has size 4 (including the null terminating character); did you mean to use the 'nonstring' attribute? [-Werror,-Wunterminated-string-initialization]
--- all_subdir_usr.sbin ---
339 | static const char UTC[3] = "UTC";
| ^~~~~

MFC after: 3 days

- - - - -
cd880010 by Dimitry Andric at 2025-12-26T14:37:53+01:00
pmcannotate: avoid accessing uninitialized local variables

Initialize `tbfl` and `tofl` to NULL, and check whether they are
non-NULL before calling remove(3) on them, to avoid warnings from clang
21 similar to:

usr.sbin/pmcannotate/pmcannotate.c:746:3: error: variable 'tbfl' is uninitialized when used here [-Werror,-Wuninitialized]
746 | FATAL(exec, "%s: Impossible to locate the binary file\n",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
747 | exec);
| ~~~~~
usr.sbin/pmcannotate/pmcannotate.c:57:9: note: expanded from macro 'FATAL'
57 | remove(tbfl); \
| ^~~~
usr.sbin/pmcannotate/pmcannotate.c:695:12: note: initialize the variable 'tbfl' to silence this warning
695 | char *tbfl, *tofl, *tmpdir;
| ^
| = NULL
usr.sbin/pmcannotate/pmcannotate.c:746:3: error: variable 'tofl' is uninitialized when used here [-Werror,-Wuninitialized]
746 | FATAL(exec, "%s: Impossible to locate the binary file\n",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
747 | exec);
| ~~~~~
usr.sbin/pmcannotate/pmcannotate.c:58:9: note: expanded from macro 'FATAL'
58 | remove(tofl); \
| ^~~~
usr.sbin/pmcannotate/pmcannotate.c:695:19: note: initialize the variable 'tofl' to silence this warning
695 | char *tbfl, *tofl, *tmpdir;
| ^
| = NULL

MFC after: 3 days

- - - - -
e2c93ed0 by Dimitry Andric at 2025-12-26T15:32:09+01:00
sys/font.h: avoid warnings about too-long initializer strings

Mark `font_header::fh_magic` as `__non_string`, to avoid a warning from
clang 21 similar to:

/usr/src/usr.bin/vtfontcvt/vtfontcvt.c:763:15: error: initializer-string for character array is too long, array size is 8 but initializer has size 9 (including the null terminating character); did you mean to use the 'nonstring' attribute? [-Werror,-Wunterminated-string-initialization]
763 | .fh_magic = FONT_HEADER_MAGIC,
| ^~~~~~~~~~~~~~~~~
/usr/obj/usr/src/amd64.amd64/tmp/usr/include/sys/font.h:109:27: note: expanded from macro 'FONT_HEADER_MAGIC'
109 | #define FONT_HEADER_MAGIC "VFNT0002"
| ^~~~~~~~~~

MFC after: 3 days

- - - - -
66604463 by Michael Osipov at 2025-12-26T15:52:47+01:00
bhyve_config.5: Fix consistency and terms in manpage

Correct inconsistent spelling of terms and duplication.

Reviewed by: ziaee
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D54370

- - - - -
1c9ff80f by Dimitry Andric at 2025-12-26T16:26:13+01:00
tools.build: add sys/cdefs.h to SYSINCS, since lots of other headers use it

This is needed to let the legacy stage compile against newer versions of
sys/font.h, which transitively includes sys/cdefs.h, and requires the
new __nonstring macro from it.

Fixes: e2c93ed09f25
MFC after: 3 days

- - - - -
6b2e4da4 by John Baldwin at 2025-12-26T10:35:59-05:00
acpidump: Extend the decoding of entries in the EINJ and ERST tables

- Decode the Action, Instruction, and Flags fields for these tables

- Omit the Flags field if it is zero

- Omit the Value field for instrunctions that do not use it

Reviewed by: imp
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D54308

- - - - -
5b39245a by John Baldwin at 2025-12-26T10:36:12-05:00
acpi: Free ivars in bus_child_deleted method

Reviewed by: imp
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D54309

- - - - -
88f8e3c5 by John Baldwin at 2025-12-26T10:36:24-05:00
acpi_apei: Remove the hest member from the softc

This is only used during attach and freed after use, so just use a
local variable in the attach routine instead to avoid leaving a
dangling pointer around in the softc.

Reviewed by: imp
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D54310

- - - - -
4eb560fa by John Baldwin at 2025-12-26T10:36:38-05:00
acpi: Reject duplicate handlers for ioctl commands

Reviewed by: imp
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D54311

- - - - -
425b41f8 by John Baldwin at 2025-12-26T10:36:48-05:00
acpi: Use M_WAITOK in acpi_register_ioctl

This function is only called from device attach routines which can
sleep.

Reviewed by: imp
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D54312

- - - - -
11757b14 by John Baldwin at 2025-12-26T10:37:10-05:00
acpi: Statically initialize acpi_ioctl_hooks

Reviewed by: imp
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D54313

- - - - -
fe74d52d by John Baldwin at 2025-12-26T10:37:20-05:00
sys/modules/acpi/Makefile: One line per subdirectory

This makes diffs that add or remove modules easier to read.

Reviewed by: imp
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D54314

- - - - -
bd8296bd by John Baldwin at 2025-12-26T10:37:34-05:00
Build acpi kernel modules on aarch64

For now, the only kernel module built is acpi_ged.ko.

Sponsored by: Netflix
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D54315

- - - - -
02376be3 by Ed Maste at 2025-12-26T11:32:27-05:00
tests/ci: Use :H:H rather than ../..

In general we want to strip subdir components, rather than appending
`..`s.

Reviewed by: lwhsu
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54352

- - - - -
e1bfd541 by Michael Osipov at 2025-12-26T17:35:20+01:00
bhyve: Document that MAC address has to be unicast

bhyve accepts any MAC address even foreign as long it is a unicast one.

Reviewed by: ziaee
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D54372

- - - - -
ee472934 by Shawn Webb at 2025-12-26T18:16:36+00:00
HBSD: Disable SafeStack for the Unbound daemon

When Unbound is built with SafeStack, attempts to kill the running
daemon process with SIGTERM does not kill the process. Instead, the
daemon stops responding.

Signed-off-by: Shawn Webb <shawn...@hardenedbsd.org>
Reported-by: @northboot
issue: #110
MFC-to: 15-STABLE

- - - - -
0d31189c by Michael Osipov at 2025-12-26T19:53:43+01:00
linprocfs.4: Improve docs around pid/self entries

Mark <pid> as a placeholder and document that self is a symlink to a directory.

PR: 283080
Reviewed by: ziaee
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D54358

- - - - -
c23cc843 by HardenedBSD Sync Services at 2025-12-26T12:01:29-07:00
Merge branch 'freebsd/current/main' into hardened/current/master

- - - - -
98740fba by HardenedBSD Sync Services at 2025-12-26T12:01:43-07:00
Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi

- - - - -


14 changed files:

- share/man/man4/linprocfs.4
- sys/dev/acpica/acpi.c
- sys/dev/acpica/acpi_apei.c
- sys/modules/Makefile
- sys/modules/acpi/Makefile
- sys/sys/font.h
- tests/ci/Makefile
- tools/build/Makefile
- usr.sbin/acpi/acpidump/acpi.c
- usr.sbin/bhyve/bhyve.8
- usr.sbin/bhyve/bhyve_config.5
- usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptc.c
- usr.sbin/pmcannotate/pmcannotate.c
- usr.sbin/unbound/daemon/Makefile


Changes:

=====================================
share/man/man4/linprocfs.4
=====================================
@@ -1,7 +1,7 @@
.\" Written by Garrett Wollman
.\" This file is in the public domain.
.\"
-.Dd May 29, 2025
+.Dd December 26, 2025
.Dt LINPROCFS 4
.Os
.Sh NAME
@@ -126,11 +126,11 @@ Information about the swap device if any.
Time since the last boot and time spent in idle state.
.It Pa /compat/linux/proc/version
Version of the emulated linux system.
-.It Pa /compat/linux/proc/pid
+.It Pa /compat/linux/proc/ Ns Ao Ar pid Ac
A directory containing process information for process
-.Pa pid .
+.Ar pid .
.It Pa /compat/linux/proc/self
-A directory containing process information for the current process.
+A symlink to a directory containing process information for the current process.
.El
.Sh EXAMPLES
To mount a


=====================================
sys/dev/acpica/acpi.c
=====================================
@@ -1116,6 +1116,7 @@ acpi_child_deleted(device_t dev, device_t child)

if (acpi_get_device(dinfo->ad_handle) == child)
AcpiDetachData(dinfo->ad_handle, acpi_fake_objhandler);
+ free(dinfo, M_ACPIDEV);
}

/*
@@ -4196,25 +4197,28 @@ struct acpi_ioctl_hook
void *arg;
};

-static TAILQ_HEAD(,acpi_ioctl_hook) acpi_ioctl_hooks;
-static int acpi_ioctl_hooks_initted;
+static TAILQ_HEAD(,acpi_ioctl_hook) acpi_ioctl_hooks =
+ TAILQ_HEAD_INITIALIZER(acpi_ioctl_hooks);

int
acpi_register_ioctl(u_long cmd, acpi_ioctl_fn fn, void *arg)
{
- struct acpi_ioctl_hook *hp;
+ struct acpi_ioctl_hook *hp, *thp;

- if ((hp = malloc(sizeof(*hp), M_ACPIDEV, M_NOWAIT)) == NULL)
- return (ENOMEM);
+ hp = malloc(sizeof(*hp), M_ACPIDEV, M_WAITOK);
hp->cmd = cmd;
hp->fn = fn;
hp->arg = arg;

ACPI_LOCK(acpi);
- if (acpi_ioctl_hooks_initted == 0) {
- TAILQ_INIT(&acpi_ioctl_hooks);
- acpi_ioctl_hooks_initted = 1;
+ TAILQ_FOREACH(thp, &acpi_ioctl_hooks, link) {
+ if (thp->cmd == cmd) {
+ ACPI_UNLOCK(acpi);
+ free(hp, M_ACPIDEV);
+ return (EBUSY);
+ }
}
+
TAILQ_INSERT_TAIL(&acpi_ioctl_hooks, hp, link);
ACPI_UNLOCK(acpi);

@@ -4266,11 +4270,10 @@ acpiioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag, struct thread *t
* Scan the list of registered ioctls, looking for handlers.
*/
ACPI_LOCK(acpi);
- if (acpi_ioctl_hooks_initted)
- TAILQ_FOREACH(hp, &acpi_ioctl_hooks, link) {
- if (hp->cmd == cmd)
- break;
- }
+ TAILQ_FOREACH(hp, &acpi_ioctl_hooks, link) {
+ if (hp->cmd == cmd)
+ break;
+ }
ACPI_UNLOCK(acpi);
if (hp)
return (hp->fn(cmd, addr, hp->arg));


=====================================
sys/dev/acpica/acpi_apei.c
=====================================
@@ -86,7 +86,6 @@ struct apei_pges {
};

struct apei_softc {
- ACPI_TABLE_HEST *hest;
TAILQ_HEAD(, apei_ge) ges;
struct apei_nges nges;
struct apei_iges iges;
@@ -562,9 +561,8 @@ hest_parse_structure(struct apei_softc *sc, void *addr, int remaining)
}

static void
-hest_parse_table(struct apei_softc *sc)
+hest_parse_table(ACPI_TABLE_HEST *hest, struct apei_softc *sc)
{
- ACPI_TABLE_HEST *hest = sc->hest;
char *cp;
int remaining, consumed;

@@ -662,6 +660,7 @@ static int
apei_attach(device_t dev)
{
struct apei_softc *sc = device_get_softc(dev);
+ ACPI_TABLE_HEADER *hest;
struct acpi_softc *acpi_sc;
struct apei_pges *pges;
struct apei_ge *ge;
@@ -691,11 +690,11 @@ apei_attach(device_t dev)
}

/* Search and parse HEST table. */
- status = AcpiGetTable(ACPI_SIG_HEST, 0, (ACPI_TABLE_HEADER **)&sc->hest);
+ status = AcpiGetTable(ACPI_SIG_HEST, 0, &hest);
if (ACPI_FAILURE(status))
return (ENXIO);
- hest_parse_table(sc);
- AcpiPutTable((ACPI_TABLE_HEADER *)sc->hest);
+ hest_parse_table((ACPI_TABLE_HEST *)hest, sc);
+ AcpiPutTable(hest);

rid = 0;
TAILQ_FOREACH(ge, &sc->ges, link) {


=====================================
sys/modules/Makefile
=====================================
@@ -576,6 +576,7 @@ _mlx5ib= mlx5ib

.if ${MACHINE_CPUARCH} == "aarch64" || ${MACHINE_CPUARCH} == "amd64" || \
${MACHINE_CPUARCH} == "i386"
+_acpi= acpi
_ena= ena
_gve= gve
_igc= igc
@@ -770,7 +771,6 @@ _wdatwd= wdatwd

_aac= aac
_aacraid= aacraid
-_acpi= acpi
.if ${MK_CRYPT} != "no" || defined(ALL_MODULES)
_aesni= aesni
.endif


=====================================
sys/modules/acpi/Makefile
=====================================
@@ -1,5 +1,21 @@
-SUBDIR= acpi_asus acpi_asus_wmi acpi_dock acpi_fujitsu acpi_hp \
- acpi_ged acpi_ibm acpi_panasonic acpi_sbl_wmi acpi_sony \
- acpi_toshiba acpi_video acpi_wmi aibs
+.if ${MACHINE_CPUARCH} == "amd64" || ${MACHINE_CPUARCH} == "i386"
+SUBDIR= \
+ acpi_asus \
+ acpi_asus_wmi \
+ acpi_dock \
+ acpi_fujitsu \
+ acpi_hp \
+ acpi_ibm \
+ acpi_panasonic \
+ acpi_sbl_wmi \
+ acpi_sony \
+ acpi_toshiba \
+ acpi_video \
+ acpi_wmi \
+ aibs
+.endif
+
+SUBDIR+= \
+ acpi_ged

.include <bsd.subdir.mk>


=====================================
sys/sys/font.h
=====================================
@@ -108,7 +108,7 @@ typedef STAILQ_HEAD(font_list, fontlist) font_list_t;

#define FONT_HEADER_MAGIC "VFNT0002"
struct font_header {
- uint8_t fh_magic[8];
+ uint8_t fh_magic[8] __nonstring;
uint8_t fh_width;
uint8_t fh_height;
uint16_t fh_pad;


=====================================
tests/ci/Makefile
=====================================
@@ -18,7 +18,7 @@
# USE_QEMU: Use QEMU for testing rather than bhyve
#

-WORLDDIR?= ${.CURDIR}/../..
+WORLDDIR?= ${.CURDIR:H:H}
RELEASEDIR= ${WORLDDIR}/release
MAKECONF?= /dev/null
SRCCONF?= /dev/null


=====================================
tools/build/Makefile
=====================================
@@ -350,6 +350,10 @@ MSDOSFSINCS+= ${SRCTOP}/sys/fs/msdosfs/fat.h
MSDOSFSINCS+= ${SRCTOP}/sys/fs/msdosfs/msdosfsmount.h
DISKINCS+= ${SRCTOP}/sys/sys/disk/bsd.h

+# Needed to build most of the things below, which include sys/cdefs.h either
+# directly or transitively
+SYSINCS+= ${SRCTOP}/sys/sys/cdefs.h
+
# Needed to build config (since it uses libnv)
SYSINCS+= ${SRCTOP}/sys/sys/_nv.h
SYSINCS+= ${SRCTOP}/sys/sys/nv.h ${SRCTOP}/sys/sys/cnv.h \


=====================================
usr.sbin/acpi/acpidump/acpi.c
=====================================
@@ -623,16 +623,89 @@ acpi_handle_bert(ACPI_TABLE_HEADER *sdp)
printf(END_COMMENT);
}

+static const char *
+einj_action(UINT8 Action)
+{
+ static char buf[32];
+
+#define ACTION(name) \
+ case __CONCAT(ACPI_EINJ_, name): \
+ return (__STRING(name))
+#define ACTIONV2(name) \
+ case __CONCAT(ACPI_EINJV2_, name): \
+ return (__XSTRING(__CONCAT(V2_, name)))
+
+ switch (Action) {
+ ACTION(BEGIN_OPERATION);
+ ACTION(GET_TRIGGER_TABLE);
+ ACTION(SET_ERROR_TYPE);
+ ACTION(GET_ERROR_TYPE);
+ ACTION(END_OPERATION);
+ ACTION(EXECUTE_OPERATION);
+ ACTION(CHECK_BUSY_STATUS);
+ ACTION(GET_COMMAND_STATUS);
+ ACTION(SET_ERROR_TYPE_WITH_ADDRESS);
+ ACTION(GET_EXECUTE_TIMINGS);
+ ACTIONV2(GET_ERROR_TYPE);
+ ACTION(TRIGGER_ERROR);
+ default:
+ snprintf(buf, sizeof(buf), "UNKNOWN (%#x)", Action);
+ return (buf);
+ }
+
+#undef ACTION
+#undef ACTIONV2
+}
+
+static const char *
+einj_instruction(UINT8 Instruction)
+{
+ static char buf[32];
+
+#define INSTRUCTION(name) \
+ case __CONCAT(ACPI_EINJ_, name): \
+ return (__STRING(name))
+
+ switch (Instruction) {
+ INSTRUCTION(READ_REGISTER);
+ INSTRUCTION(READ_REGISTER_VALUE);
+ INSTRUCTION(WRITE_REGISTER);
+ INSTRUCTION(WRITE_REGISTER_VALUE);
+ INSTRUCTION(NOOP);
+ INSTRUCTION(FLUSH_CACHELINE);
+ default:
+ snprintf(buf, sizeof(buf), "UNKNOWN (%#x)", Instruction);
+ return (buf);
+ }
+
+#undef INSTRUCTION
+}
+
static void
-acpi_print_whea(ACPI_WHEA_HEADER *w)
+acpi_print_einj_entry(ACPI_EINJ_ENTRY *entry)
{
+ ACPI_WHEA_HEADER *w = &entry->WheaHeader;

- printf("\n\tAction=%d\n", w->Action);
- printf("\tInstruction=%d\n", w->Instruction);
- printf("\tFlags=%02x\n", w->Flags);
+ printf("\n\tAction=%s\n", einj_action(w->Action));
+ printf("\tInstruction=%s\n", einj_instruction(w->Instruction));
+ if (w->Flags != 0) {
+ printf("\tFlags=%02x", w->Flags);
+ if (w->Flags & 0x1)
+ printf("<PRESERVE_REGISTER>");
+ printf("\n");
+ }
printf("\tRegisterRegion=");
acpi_print_gas(&w->RegisterRegion);
- printf("\n\tValue=0x%016jx\n", w->Value);
+ printf("\n");
+ switch (w->Instruction) {
+ case ACPI_EINJ_READ_REGISTER:
+ case ACPI_EINJ_WRITE_REGISTER:
+ case ACPI_EINJ_NOOP:
+ case ACPI_EINJ_FLUSH_CACHELINE:
+ break;
+ default:
+ printf("\tValue=0x%016jx\n", w->Value);
+ }
printf("\tMask=0x%016jx\n", w->Mask);
}

@@ -640,7 +713,7 @@ static void
acpi_handle_einj(ACPI_TABLE_HEADER *sdp)
{
ACPI_TABLE_EINJ *einj;
- ACPI_WHEA_HEADER *w;
+ ACPI_EINJ_ENTRY *w;
u_int i;

printf(BEGIN_COMMENT);
@@ -649,18 +722,125 @@ acpi_handle_einj(ACPI_TABLE_HEADER *sdp)
printf("\tHeaderLength=%d\n", einj->HeaderLength);
printf("\tFlags=0x%02x\n", einj->Flags);
printf("\tEntries=%d\n", einj->Entries);
- w = (ACPI_WHEA_HEADER *)(einj + 1);
+ w = (ACPI_EINJ_ENTRY *)(einj + 1);
for (i = 0; i < MIN(einj->Entries, (sdp->Length -
- sizeof(ACPI_TABLE_EINJ)) / sizeof(ACPI_WHEA_HEADER)); i++)
- acpi_print_whea(w + i);
+ sizeof(ACPI_TABLE_EINJ)) / sizeof(ACPI_EINJ_ENTRY)); i++)
+ acpi_print_einj_entry(w + i);
printf(END_COMMENT);
}

+static const char *
+erst_action(UINT8 Action)
+{
+ static char buf[32];
+
+#define ACTION(name) \
+ case __CONCAT(ACPI_ERST_, name): \
+ return (__STRING(name))
+
+ switch (Action) {
+ ACTION(BEGIN_WRITE);
+ ACTION(BEGIN_READ);
+ ACTION(BEGIN_CLEAR);
+ ACTION(END);
+ ACTION(SET_RECORD_OFFSET);
+ ACTION(EXECUTE_OPERATION);
+ ACTION(CHECK_BUSY_STATUS);
+ ACTION(GET_COMMAND_STATUS);
+ ACTION(GET_RECORD_ID);
+ ACTION(SET_RECORD_ID);
+ ACTION(GET_RECORD_COUNT);
+ ACTION(BEGIN_DUMMY_WRIITE);
+ ACTION(GET_ERROR_RANGE);
+ ACTION(GET_ERROR_LENGTH);
+ ACTION(GET_ERROR_ATTRIBUTES);
+ ACTION(EXECUTE_TIMINGS);
+ default:
+ snprintf(buf, sizeof(buf), "UNKNOWN (%#x)", Action);
+ return (buf);
+ }
+
+#undef ACTION
+}
+
+static const char *
+erst_instruction(UINT8 Instruction)
+{
+ static char buf[32];
+
+#define INSTRUCTION(name) \
+ case __CONCAT(ACPI_ERST_, name): \
+ return (__STRING(name))
+
+ switch (Instruction) {
+ INSTRUCTION(READ_REGISTER);
+ INSTRUCTION(READ_REGISTER_VALUE);
+ INSTRUCTION(WRITE_REGISTER);
+ INSTRUCTION(WRITE_REGISTER_VALUE);
+ INSTRUCTION(NOOP);
+ INSTRUCTION(LOAD_VAR1);
+ INSTRUCTION(LOAD_VAR2);
+ INSTRUCTION(STORE_VAR1);
+ INSTRUCTION(ADD);
+ INSTRUCTION(SUBTRACT);
+ INSTRUCTION(ADD_VALUE);
+ INSTRUCTION(SUBTRACT_VALUE);
+ INSTRUCTION(STALL);
+ INSTRUCTION(STALL_WHILE_TRUE);
+ INSTRUCTION(SKIP_NEXT_IF_TRUE);
+ INSTRUCTION(GOTO);
+ INSTRUCTION(SET_SRC_ADDRESS_BASE);
+ INSTRUCTION(SET_DST_ADDRESS_BASE);
+ INSTRUCTION(MOVE_DATA);
+ default:
+ snprintf(buf, sizeof(buf), "UNKNOWN (%#x)", Instruction);
+ return (buf);
+ }
+
+#undef INSTRUCTION
+}
+
+static void
+acpi_print_erst_entry(ACPI_ERST_ENTRY *entry)
+{
+ ACPI_WHEA_HEADER *w = &entry->WheaHeader;
+
+ printf("\n\tAction=%s\n", erst_action(w->Action));
+ printf("\tInstruction=%s\n", erst_instruction(w->Instruction));
+ if (w->Flags != 0) {
+ printf("\tFlags=%02x", w->Flags);
+ if (w->Flags & 0x1)
+ printf("<PRESERVE_REGISTER>");
+ printf("\n");
+ }
+ printf("\tRegisterRegion=");
+ acpi_print_gas(&w->RegisterRegion);
+ printf("\n");
+ switch (w->Instruction) {
+ case ACPI_ERST_READ_REGISTER:
+ case ACPI_ERST_WRITE_REGISTER:
+ case ACPI_ERST_NOOP:
+ case ACPI_ERST_LOAD_VAR1:
+ case ACPI_ERST_LOAD_VAR2:
+ case ACPI_ERST_STORE_VAR1:
+ case ACPI_ERST_ADD:
+ case ACPI_ERST_SUBTRACT:
+ case ACPI_ERST_SET_SRC_ADDRESS_BASE:
+ case ACPI_ERST_SET_DST_ADDRESS_BASE:
+ case ACPI_ERST_MOVE_DATA:
+ break;
+ default:
+ printf("\tValue=0x%016jx\n", w->Value);
+ break;
+ }
+ printf("\tMask=0x%016jx\n", w->Mask);
+}
+
static void
acpi_handle_erst(ACPI_TABLE_HEADER *sdp)
{
ACPI_TABLE_ERST *erst;
- ACPI_WHEA_HEADER *w;
+ ACPI_ERST_ENTRY *w;
u_int i;

printf(BEGIN_COMMENT);
@@ -668,10 +848,10 @@ acpi_handle_erst(ACPI_TABLE_HEADER *sdp)
erst = (ACPI_TABLE_ERST *)sdp;
printf("\tHeaderLength=%d\n", erst->HeaderLength);
printf("\tEntries=%d\n", erst->Entries);
- w = (ACPI_WHEA_HEADER *)(erst + 1);
+ w = (ACPI_ERST_ENTRY *)(erst + 1);
for (i = 0; i < MIN(erst->Entries, (sdp->Length -
- sizeof(ACPI_TABLE_ERST)) / sizeof(ACPI_WHEA_HEADER)); i++)
- acpi_print_whea(w + i);
+ sizeof(ACPI_TABLE_ERST)) / sizeof(ACPI_ERST_ENTRY)); i++)
+ acpi_print_erst_entry(w + i);
printf(END_COMMENT);
}



=====================================
usr.sbin/bhyve/bhyve.8
=====================================
@@ -25,7 +25,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd December 23, 2025
+.Dd December 26, 2025
.Dt BHYVE 8
.Os
.Sh NAME
@@ -551,6 +551,7 @@ If
is not specified, the MAC address is derived from a fixed OUI, and the
remaining bytes from an MD5 hash of the slot and function numbers and
the device name.
+If specified, it must be a unicast MAC address.
.Pp
The MAC address is an ASCII string in
.Xr ethers 5


=====================================
usr.sbin/bhyve/bhyve_config.5
=====================================
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd August 21, 2024
+.Dd December 26, 2025
.Dt BHYVE_CONFIG 5
.Os
.Sh NAME
@@ -135,10 +135,10 @@ All variables will be persistent even on reboots of the guest.
Generate ACPI tables.
.It Va acpi_tables_in_memory Ta bool Ta true Ta
.Xr bhyve 8
-always exposes ACPI tables by FwCfg.
+always exposes ACPI tables by fw_cfg.
For backward compatibility bhyve copies them into the guest memory as well.
This can cause problems if the guest uses the in-memory version, since certain
-advanced features, such as TPM emulation, are exposed only via FwCfg.
+advanced features, such as TPM emulation, are exposed only via fw_cfg.
Therefore, it is recommended to set this flag to false when running Windows guests.
.It Va destroy_on_poweroff Ta bool Ta false Ta
Destroy the VM on guest-initiated power-off.
@@ -284,7 +284,7 @@ Intel e82545 network interface.
VGA framebuffer device attached to VNC server.
.It Li lpc
LPC PCI-ISA bridge with COM1-COM4 16550 serial ports,
-a boot ROM, and, optionally, a TPM module, a fwcfg type,
+a boot ROM, and, optionally, a TPM module, a fw_cfg type,
and a debug/test device.
This device must be configured on bus 0.
.It Li hda
@@ -494,7 +494,8 @@ or
.Dq hd .
.It Va nmrr Ta integer Ta 0 Ta
Nominal Media Rotation Rate, also known as RPM.
-A value 1 of indicates a device with no rate such as a Solid State Disk.
+A value 1 of indicates that the device is a solid state drive, i.e,
+non-rotational.
.It Va ser Ta string Ta generated Ta
Serial number of up to twenty characters.
A default serial number is generated using a hash of the backing
@@ -516,8 +517,10 @@ Intel e82545 network interfaces support the following variables:
.It Sy Name Ta Sy Format Ta Sy Default Ta Sy Description
.It Va mac Ta MAC address Ta generated Ta
MAC address.
-If an explicit address is not provided,
-a MAC address is generated from a hash of the device's PCI address.
+If not specified, the MAC address is derived from a fixed OUI, and the
+remaining bytes from an MD5 hash of the slot and function numbers and
+the device name.
+If specified, it must be a unicast MAC address.
.El
.Ss Frame Buffer Settings
.Bl -column "password" "[IP:]port" "127.0.0.1:5900"
@@ -574,12 +577,12 @@ Settings for the COM3 serial port device.
.It Va com4 Ta node Ta Ta
Settings for the COM4 serial port device.
.It Va fwcfg Ta string Ta bhyve Ta
-The fwcfg type to be used.
+The fw_cfg type to be used.
Supported values are
.Dq bhyve
for fwctl and
.Dq qemu
-for fwcfg.
+for fw_cfg.
.It Va pc-testdev Ta bool Ta false Ta
Enable the PC debug/test device.
.It Va pcireg.* Ta integer Ta Ta
@@ -656,7 +659,7 @@ IEEE Extended Unique Identifier.
If an EUI is not provided, a default is generated using a checksum of the
device's PCI address.
.It Va dsm Ta string Ta auto Ta
-Whether or not to advertise DataSet Management support.
+Whether or not to advertise Dataset Management support.
One of
.Dq auto ,
.Dq enable ,
@@ -745,8 +748,10 @@ VirtIO network interfaces support the following variables:
.It Sy Name Ta Sy Format Ta Sy Default Ta Sy Description
.It Va mac Ta MAC address Ta generated Ta
MAC address.
-If an explicit address is not provided,
-a MAC address is generated from a hash of the device's PCI address.
+If not specified, the MAC address is derived from a fixed OUI, and the
+remaining bytes from an MD5 hash of the slot and function numbers and
+the device name.
+If specified, it must be a unicast MAC address.
.It Va mtu Ta integer Ta 1500 Ta
The largest supported MTU advertised to the guest.
.El


=====================================
usr.sbin/bsnmpd/tools/libbsnmptools/bsnmptc.c
=====================================
@@ -336,7 +336,7 @@ static char *
snmp_date2asn_oid(char *str, struct asn_oid *oid)
{
char *endptr, *ptr;
- static const char UTC[3] = "UTC";
+ static const char UTC[3] __nonstring = "UTC";
int32_t saved_errno;
uint32_t v;



=====================================
usr.sbin/pmcannotate/pmcannotate.c
=====================================
@@ -54,8 +54,10 @@
if ((ptr) != NULL) \
perror(ptr); \
fprintf(stderr, ##x); \
- remove(tbfl); \
- remove(tofl); \
+ if (tbfl != NULL) \
+ remove(tbfl); \
+ if (tofl != NULL) \
+ remove(tofl); \
exit(EXIT_FAILURE); \
} while (0)

@@ -702,6 +704,8 @@ main(int argc, char *argv[])
uintptr_t tmppc, ostart, oend;
int cget, asmsrc;

+ tbfl = NULL;
+ tofl = NULL;
exec = argv[0];
ofile = NULL;
bin = NULL;


=====================================
usr.sbin/unbound/daemon/Makefile
=====================================
@@ -14,5 +14,6 @@ LIBADD= unbound util ssl crypto pthread
MAN= local-unbound.8 local-unbound.conf.5

NOCFI= yes
+NOSAFESTACK= yes

.include <bsd.prog.mk>



View it on GitLab: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/compare/c66cb444266ac0a00beda88759b70e89d39037b0...98740fbab9c968027dc77457ae8d58c729fb39b1

--
View it on GitLab: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/compare/c66cb444266ac0a00beda88759b70e89d39037b0...98740fbab9c968027dc77457ae8d58c729fb39b1
You're receiving this email because of your account on git.hardenedbsd.org.