Build date: 1771282803 - Mon Feb 16 23:00:03 UTC 2026 Build cvs date: 1771254639 - Mon Feb 16 15:10:39 UTC 2026 Build id: 2026-02-17.1 Build tags: amd64-regress ports sysupgrade Applied the following diff(s): /home/anton/tmp/robsd/src-sys-em.diff /home/anton/tmp/robsd/src-sys-uhidev-sispm.diff /home/anton/tmp/robsd/src-sysupgrade.diff P regress/sys/arch/amd64/Makefile U regress/sys/arch/amd64/vmcall/Makefile U regress/sys/arch/amd64/vmcall/vmcall.c U regress/sys/arch/amd64/vmmcall/Makefile U regress/sys/arch/amd64/vmmcall/vmmcall.c P sys/arch/amd64/amd64/ghcb.c P sys/arch/amd64/amd64/trap.c P sys/arch/amd64/amd64/vmm_machdep.c P sys/arch/amd64/include/ghcb.h P sys/dev/ic/psp.c P sys/dev/pci/if_bnxt.c M sys/dev/usb/uhidev.c P usr.bin/ssh/sshconnect.c P usr.bin/ssh/sshconnect2.c P usr.bin/tmux/control-notify.c P usr.bin/tmux/control.c P usr.bin/tmux/grid.c P usr.bin/tmux/window-copy.c P usr.sbin/bgpd/rde.c P usr.sbin/bgpd/rde.h P usr.sbin/bgpd/rde_filter.c M usr.sbin/bgpd/session.c P usr.sbin/traceroute/traceroute.c commit ZAZ3NiRXfYerQiWa Author: hshoexer Date: 2026/02/16 15:10:39 Handle VMMCALL in vctrap() When SEV guest userland issues a vmmcall instruction, a #VC exception with code SVM_VMEXIT_VMMCALL will be raised in the guest kernel. For now we do not allow vmmcalls from guest userland, thus terminate the userland process with SIGILL. This is similar to the non-SEV case. ok mlarkin@ sys/arch/amd64/amd64/trap.c commit WqdEGxnJzPTK1p5Z Author: hshoexer Date: 2026/02/16 15:08:41 vmm(4): Ignore VMGEXIT request and inject #UD SEV guest userland processes are allowed to issue the vmgexit instruction. However, guest userland has no access to the GHCB. VMEXITs with exit reason SVM_VMEXIT_VMGEXIT initiated by the guest kernel will always provide a valid GHCB request. Moreover, as the guest kernel makes sure, that the GHCB contains no request when guest userland is running, a rouge guest userland process can only force repeated VMEXITs with an empty GHCB. Therefore, in vmm(4)'s vmgexit handler inject #UD when the exit reason is not updated with data from the GHCB and stays on SVM_VMEXIT_VMGEXIT. ok mlarkin@ sys/arch/amd64/amd64/vmm_machdep.c commit JrRbDu1OTMNBBnlt Author: hshoexer Date: 2026/02/16 15:06:03 vmm(4): Check for and allow empty GHCB; only clear valid bitmap The GHCB valid bitmap indicates wether the GHCB contains a request or not. When no bits are set, ignore the GHCB and do not sync with vCPU state. To clear/invalidate the GHCB just zero out the valid bitmap instead of the full GHCB. ok mlarkin@ sys/arch/amd64/amd64/ghcb.c sys/arch/amd64/amd64/vmm_machdep.c sys/arch/amd64/include/ghcb.h commit G1ilw5dfDihOSWde Author: claudio Date: 2026/02/16 14:27:40 Make sure that the filterset passed along with other objects is present. For communication with the parent the missing presence of a filter_set is cause for a panic. This should just never happen. For messages from bgpctl that are forwarded by the session engine things are more complex. Make sure the filter_set was sent and only execute the command that wraps this filter_set is present. If it is not there it may have been filtered out because it is invalid and then the command depending on this data should not be executed. OK tb@ usr.sbin/bgpd/rde.c commit 6d3iHaBNNZ8MaTT4 Author: claudio Date: 2026/02/16 14:23:56 Make sure rde_filterset_unref() can be called with a NULL pointer. OK tb@ usr.sbin/bgpd/rde_filter.c commit F2hSPWFnrMnHRGW8 Author: sthen Date: 2026/02/16 13:54:47 Make sure that internal counters do not go out of bounds if the '-n' or '-A' options are specified more than once. From Petre Rodan, ok florian@ usr.sbin/traceroute/traceroute.c commit JpcJsubxqLp0qz7v Author: hshoexer Date: 2026/02/16 13:08:57 regress: Test vmmcall raises #UD On AMD/SVM the hypervisor will inject #UD when userland tries to execute the vmmcall instruction. Same holds for vmgexit which is encode as "rep vmmcall". On Intel/VMX vmmcall and vmgexit are invalid instructions, so the CPU will raise #UD. ok mlarkin@ regress/sys/arch/amd64/Makefile regress/sys/arch/amd64/vmmcall/Makefile regress/sys/arch/amd64/vmmcall/vmmcall.c commit xgIqwqacmc7ilxIq Author: hshoexer Date: 2026/02/16 13:05:14 regress: Test vmcall raises #UD On Intel/VMX the hypervisor will inject #UD when userland tries to execute the vmcall instruction. On AMD/SVM vmcall is an invalid instruction, so the CPU will raise ok mlarkin@ regress/sys/arch/amd64/Makefile regress/sys/arch/amd64/vmcall/Makefile regress/sys/arch/amd64/vmcall/vmcall.c commit goVnX7dn5UKTMlww Author: hshoexer Date: 2026/02/16 12:43:58 vmm(4): inject #UD for VMs running on SVM/VMX While there fix typo in a debug printf. ok mlarkin@ sys/arch/amd64/amd64/vmm_machdep.c commit wevq1k3SMua24RBl Author: hshoexer Date: 2026/02/16 12:39:53 psp(4): add another firmware file ok mlarkin@ sys/dev/ic/psp.c commit QcRByHY5iQJEyg8g Author: jmatthew Date: 2026/02/16 10:46:04 On newer hardware generations, no async events are enabled by default, so explicitly enable the ones we're interested in. tested by stsp@ as part of a larger diff ok dlg@ sys/dev/pci/if_bnxt.c commit ke0rNtDkyExaqTmE Author: nicm Date: 2026/02/16 08:45:38 Format layout change string once per window in control notify, from Conor Taylor in GitHub issue 4848. usr.bin/tmux/control-notify.c commit acrqrfY9nGJ3LxxG Author: nicm Date: 2026/02/16 08:42:57 Pull format allocation outside of loop for control subs, from Conor Taylor in GitHub issue 4848. usr.bin/tmux/control.c commit Y7m44YizfDk9amZ8 Author: jsg Date: 2026/02/16 08:42:00 remove prototype for removed prefix_add_eor() usr.sbin/bgpd/rde.h commit BzCbS7JOW5Gs1tvM Author: nicm Date: 2026/02/16 08:02:04 grid_peek_cell can return NULL, so check for it. From Conor Taylor in GitHub issue 4848. usr.bin/tmux/grid.c usr.bin/tmux/window-copy.c commit IbaPTxJqURXAs5k0 Author: dtucker Date: 2026/02/16 00:45:41 Reorder headers to match KNF and Portable. Removes 3 diffs. usr.bin/ssh/sshconnect.c usr.bin/ssh/sshconnect2.c