count if_enqueue/ifq_enqueue errors as oqdrops.
this helps narrow down where some "output failures" on sec interfaces
occur.
based on discussion with jason tubnor
Implement Spectre-V4 mitigations. The only real effect of this change is
that we now make a firmware call to enable the mitigations if the
firmware tells us mitigations are implemented and needed. But according
to the specification these mitigations should be enabled by default.
The open source TF-A implementation only implements mitigations for older
Cortex-A76 cores. Newer Cortex-A76 revisions are not vulnerable and as
far as I can tell we only support SoCs with the newer cores.
ok patrick@
Add support for the new layout of the CCSIDR_EL1 register that was
introduced in Armv8.3 when the CCIDX feature is advertised. This
makes us properly detect the cache size on newer CPU cores like
Neoverse N2, at least when emulated by QEMU.
ok jsg@
Cherry-pick fix for CVE-2024-28757 from libexpat.
Detect billion laughs attack with isolated external parser.
github commit 1d50b80cf31de87750103656f6eb693746854aa8
OK deraadt@
this is errata/7.3/027_expat.patch.sig
Cherry-pick fix for CVE-2024-28757 from libexpat.
Detect billion laughs attack with isolated external parser.
github commit 1d50b80cf31de87750103656f6eb693746854aa8
OK deraadt@
this is errata/7.4/015_expat.patch.sig
improve the MDA documentation
- add a pointer to the section when documenting the `mda' keyword
- rename the section to MDA COMMANDS
- document also what happens when the MDA doesn't exit with status 0
- add the missing environment variables
- sort the variables
- minor other tweaks to the text
with several improvements from jmc, ok jmc