Build date: 1764630002 - Mon Dec 1 23:00:02 UTC 2025 Build cvs date: 1764608256 - Mon Dec 1 16:57:36 UTC 2025 Build id: 2025-12-02.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P lib/libc/gen/disklabel.c P lib/libc/gen/login_cap.c P regress/usr.sbin/bgpd/unittests/rde_decide_test.c P sbin/nfsd/nfsd.c P sbin/pfctl/pfctl_parser.c P sbin/vnconfig/vnconfig.c P share/man/man4/iwm.4 P share/man/man4/iwx.4 P share/man/man4/qwx.4 P sys/dev/ic/qwx.c P sys/dev/ic/qwxvar.h P sys/dev/pci/if_iwm.c P sys/dev/pci/if_iwmvar.h P sys/dev/pci/if_iwx.c P sys/dev/pci/if_iwxreg.h P sys/dev/pci/if_iwxvar.h P sys/dev/pci/if_qwx_pci.c P sys/dev/pci/drm/drm_linux.c P sys/dev/pci/drm/i915/i915_pci.c P sys/dev/pci/drm/i915/gt/uc/intel_guc_submission.c P sys/dev/pci/drm/include/linux/wait.h M sys/dev/usb/uhidev.c P sys/net/if_tpmr.c P sys/net80211/ieee80211_crypto.c P sys/net80211/ieee80211_input.c P sys/net80211/ieee80211_ioctl.c P sys/net80211/ieee80211_node.c P sys/net80211/ieee80211_output.c P sys/net80211/ieee80211_pae_input.c P sys/net80211/ieee80211_proto.c P sys/uvm/uvm_fault.c P usr.bin/tmux/attributes.c P usr.bin/tmux/screen.c P usr.bin/tmux/server-client.c P usr.bin/tmux/style.c P usr.bin/tmux/tmux.h P usr.sbin/bgpd/rde.c P usr.sbin/bgpd/rde.h P usr.sbin/bgpd/rde_decide.c P usr.sbin/bgpd/rde_peer.c P usr.sbin/bgpd/rde_rib.c P usr.sbin/bgpd/rde_update.c M usr.sbin/bgpd/session.c P usr.sbin/rpki-client/cert.c P usr.sbin/rpki-client/crl.c P usr.sbin/vmd/vm.c commit Nx5hEZkp5mAXfwTW Author: stsp Date: 2025/12/01 16:57:36 add PMF support to qwx This device needs to handle IGTK/BIP in software. It is possible to send protected multicast management frames with this device even while running in station mode. Which is neat for testing but not useful in general so the code path which makes the driver do this is unreachable without additional hacks in net80211 that I am not going to commit (sending protected deauth frames to the broadcast address). Tested: qwx QCNFA765: landry, Mark Patruck, kevlo, stsp share/man/man4/qwx.4 sys/dev/ic/qwx.c sys/dev/ic/qwxvar.h sys/dev/pci/if_qwx_pci.c commit cvGAL4em04dvmMOW Author: stsp Date: 2025/12/01 16:44:13 Add PMF support to iwx. Also make MLD devices remove crypto keys from firmware. This driver was already offloading group key encryption to the device, and is now also offloading IGTK/BIP. We cannot send protected multicast management frames in station mode because the firmware won't allow it. But we do receive such frames just fine, which is all we really need in station mode. Thanks to Johannes Berg from Linux / Intel for hints about firmware behaviour regarding IGTK/BIP, and explaining how driver behaviour needs to be tested. Tested: iwx AX200: jmc, Mark Patruck, stsp iwx AX201: kirill iwx AX210: lraab, remi (interop issue with PSK-SHA256-only Arista AP) iwx AX211: sthen, kevlo, kn, jca share/man/man4/iwx.4 sys/dev/pci/if_iwx.c sys/dev/pci/if_iwxreg.h sys/dev/pci/if_iwxvar.h commit WiBWBucFBbn9wyc2 Author: stsp Date: 2025/12/01 16:30:46 implement PMF support for iwm For now, keep using software crypto for multicast data frames and multicast management frames even though iwm devices support offloading crypto for both. We should eventually add support for offloading this because in the present state iwm is not receiving protected multicast management frames (IGTK/BIP). In practice, this does not matter much because such frames are only used by 802.11 features which our net80211 stack does not yet support anyway. Protected unicast management frames work as expected which is what matters the most, and is much better than having no PMF support at all. Tested: iwm 3168: kevlo iwm 7265: stsp iwm 9260: florian, landry iwm 9560: stsp share/man/man4/iwm.4 sys/dev/pci/if_iwm.c sys/dev/pci/if_iwmvar.h commit WNZhniHkO5TZnMps Author: stsp Date: 2025/12/01 16:13:01 check the correct flag before using PMF in ieee80211_mgmt_output() The capability flag only indicates whether our driver supports PMF, not whether our peer supports it. The flag in ni_flags indicates whether PMF is mutually supported by us and the peer, and should be used here. sys/net80211/ieee80211_output.c commit btZbsGCCubqrI5T3 Author: stsp Date: 2025/12/01 16:07:53 clear MFPR flag in disable_rsn() sys/net80211/ieee80211_ioctl.c commit yPabLqVZYmIS0zWe Author: stsp Date: 2025/12/01 16:05:11 set/clear the IEEE80211_NODE_{TX,RX}MGMTPROT node flags in appropriate places ok kevlo@ sthen@ sys/net80211/ieee80211_node.c sys/net80211/ieee80211_pae_input.c sys/net80211/ieee80211_proto.c commit 4ES1fUMiAIeqKIxr Author: stsp Date: 2025/12/01 16:03:55 Update the PMF Rx code path written by damien@ to handle hardware decryption. ok kevlo@ sthen@ sys/net80211/ieee80211_input.c commit IXXxtehTibdz5S19 Author: stsp Date: 2025/12/01 16:02:36 Fix KDF sha256 inputs to match the implementation in w1.fi hostap. Cross-checked with the 802.11 spec, which mentions the use of an extra zero byte in case of PFK and mentions nothing of the sort in case of KDF. I was led here by hints left behind by github user pigworlds in https://github.com/OpenIntelWireless/itlwm/pull/676 ok kevlo@ sthen@ sys/net80211/ieee80211_crypto.c commit klbZXdHh070pDDkA Author: claudio Date: 2025/12/01 15:35:28 Update test, rde_generate_updates() has a new prototype. regress/usr.sbin/bgpd/unittests/rde_decide_test.c commit SvdmouEn0ZC0IxzA Author: dv Date: 2025/12/01 15:12:44 vmd(8): fix race in vm pause barrier usage. Moves the barrier initialization and destruction outside of the pause_vm function to eliminate a race between the vcpu thread waiting on the barrier and the event thread processing the pause request creating the barrier. ok mlarkin@ usr.sbin/vmd/vm.c commit uWhj55ZxuYyxpqtD Author: tb Date: 2025/12/01 14:40:56 rpki-client: convert cert.c and crl.c to use opaque ASN1_STRING Mostly mechanical. If the length is not zero, the data isn't NULL either because this is a deserialized extension, so drop a check. ok claudio usr.sbin/rpki-client/cert.c usr.sbin/rpki-client/crl.c commit AwYX2RfhoZpsXfgM Author: mpi Date: 2025/12/01 14:26:27 Enable parallel fault handling on amd64 and arm64. ok claudio@, jca@, phessler@ sys/uvm/uvm_fault.c commit JDZZgd8snvs8cxP9 Author: claudio Date: 2025/12/01 13:07:28 Rework the interface to rde_generate_updates() and up_genrate_XYZ() to pass the old prefix as just the path_id_tx identifier. Only up_generate_addpath_all() actually uses this information and there this is enough to find the affected prefix in the adj-rib-out. Also adjust the order of operation in up_generate_addpath_all() so the prefix is not first removed and readded for the case where a prefix is simply updated. Rework the code in prefix_evaluate_nexthop() to be much more like prefix_evaluate(), it should be possible to factor out common code at some point. In peer_add() ensure that path_id_tx can't be 0. Since 0 is now reserved for no-such-path. OK tb@ usr.sbin/bgpd/rde.c usr.sbin/bgpd/rde.h usr.sbin/bgpd/rde_decide.c usr.sbin/bgpd/rde_peer.c usr.sbin/bgpd/rde_rib.c usr.sbin/bgpd/rde_update.c commit sYdhqm01T2YM85HT Author: jsg Date: 2025/12/01 09:35:42 enable GuC TLB invalidation on Meteor Lake, matches Linux default sys/dev/pci/drm/i915/i915_pci.c commit sRvCyUZZ4fiKpLlr Author: jsg Date: 2025/12/01 09:29:59 unstub must_wait_woken() and guc_send_invalidate_tlb() sys/dev/pci/drm/i915/gt/uc/intel_guc_submission.c commit tax0DFB10pLeuqBm Author: jsg Date: 2025/12/01 09:25:03 add woken_wake_function() for inteldrm GuC TLB invalidation sys/dev/pci/drm/drm_linux.c sys/dev/pci/drm/include/linux/wait.h commit QLP9uDiMGGVvmHu5 Author: nicm Date: 2025/12/01 08:14:29 Change noattr to be an explicit attribute in the style so that it works correctly and does not delete attributes set in the style itself, GitHub issue 4713. usr.bin/tmux/attributes.c usr.bin/tmux/screen.c usr.bin/tmux/style.c usr.bin/tmux/tmux.h commit BBfxJ02CHDep4k0w Author: nicm Date: 2025/12/01 08:04:26 Add horizontal border case to server_client_check_mouse_in_pane to fix mouse resizing. GitHub issue 4720 from Michael Grant, reported by someone in GitHub issue 4715. usr.bin/tmux/server-client.c commit PhElk7n3kRDYCNJR Author: dlg Date: 2025/12/01 01:44:24 some tweaks around tpmr port refs. use the refcnt api instead of a u_int and atomic ops for counting refs. release the port ref given to the SMR pointers after smr_barrier, not before. sys/net/if_tpmr.c commit jxKijxGO4u8uUJGo Author: jsg Date: 2025/12/01 00:12:12 remove unused variables lib/libc/gen/disklabel.c lib/libc/gen/login_cap.c commit hhJ0dmRD4NbWMg3V Author: jsg Date: 2025/11/30 23:46:03 remove unused extern sbin/vnconfig/vnconfig.c commit xZHKu9N9Wc6T2M12 Author: sashan Date: 2025/11/30 23:39:45 pfctl_parser.c, ifa_load() should distinguish between broadcast and PPP peer address when it populates interface table for rule parser. OK @claudio, OK @dlg sbin/pfctl/pfctl_parser.c commit mGvhCH6G3v0nYMoT Author: jsg Date: 2025/11/30 23:07:17 remove unused variable sbin/nfsd/nfsd.c