vio: Add more feature bit definitions
Add all non-legacy feature bit definitions from virtio 1.3 and the
definitions from 1.4 that are not >= bit 64. Remove VIRTIO_NET_F_GSO
which never worked and has been removed in virtio 1.x. Also add config
register definitions, fix a comment.
vio: Improve feature negotiation for LRO/TSO
OpenBSD requires that LRO can be switched on and off for things like
bridged vlan(4), vxlan(4), bpe(4). We currently only support switching
LRO on/off if the VIRTIO_NET_F_CTRL_GUEST_OFFLOADS feature was
negotiated. But this means if the hypervisor only offers
VIRTIO_NET_F_GUEST_TSO4/6 but not VIRTIO_NET_F_CTRL_GUEST_OFFLOADS,
things will break. In this case we must redo feature negotation without
the GUEST_TSO4/6 features.
Also, if the hypervisor offers GUEST_TSO4/6 but not the
VIRTIO_NET_F_MRG_RXBUF feature, we currently put rx buffers with a
single 4k mbuf into the rx queue while the standard says we SHOULD
insert buffers of at least 65562 bytes. Apple Virtualization refuses to
work with this configuration. As 65562 is larger than MAXMCLBYTES, we
would need to rework how we allocate our rx buffers to make this work.
For now, we would to like to simply disable GUEST_TSO4/6 if MRG_RXBUF is
missing. Unfortunately, Apple Virtualization still refuses to work
unless HOST_TSO4/6 is also disabled. Therefore, we disable all TSO if
[5 lines not shown]
rpki-client: only accept BGPsec certs with a single AS number
We've long been pointing out that the possibility of adding multiple AS
numbers and in particular AS ranges to BGPsec Router Certificates is at
best dubious. Enforce that there is a single AS, encoded as an ASID, not
as an ASRange with a single element (cf. eid7653 to RFC 3779).
Prompted by a report by Xie Yifan
with/ok claudio job
this is errata/7.7/018_rpki.patch.sig
rpki-client: check purpose for .cer files in Manifests
Only intermediate CAs and BGPsec certificates are allowed in a Manifest
fileList. Check this is the case, otherwise stop processing the cert.
Missing check reported by Xie Yifan
ok claudio job
rpki-client: only accept BGPsec certs with a single AS number
We've long been pointing out that the possibility of adding multiple AS
numbers and in particular AS ranges to BGPsec Router Certificates is at
best dubious. Enforce that there is a single AS, encoded as an ASID, not
as an ASRange with a single element (cf. eid7653 to RFC 3779).
Prompted by a report by Xie Yifan
with/ok claudio job
this is errata/7.8/012_rpki.patch.sig
replace do-test targets of some go modules to use TEST_TARGET variable
- devel/gopls
- security/gosec
- sysutils/fzf
ok Laurent Cheylus (MAINTAINER) tb@
viogpu_wsmmap() returns a kva but instead should return a physical
address via bus_dmamem_mmap(9). Without this, QEMU would only show a
black screen when starting X11. On the Apple Hypervisor, the kernel
would panic.
Also add calls to bus_dmamap_sync(9) before transferring the framebuffer
to host memory. It was working for me without this, but this ensures
that the host running on another CPU will see updates to the
framebuffer.
Thanks to kettenis@ for reviewing and providing feedback.
ok sf@
Back out use of pledge(2) in mupen64plus-ui-console.
Although pledge(2) was only called at the last possible moment, after
nearly all initialization had been done, it turns out there was one case
I missed: if the user is playing with a ujoy(4) gamepad, then SDL will
call ioctl(2) with USB_GET_REPORT_DESC. No pledge(2) promise allows this.
Due to mupen64plus's design, pledge(2) cannot be moved any later. The
USB initialization takes place in a .so plugin with a documented public
API. Calling pledge(2) inside the plugin would certainly break other
mupen64plus frontends.
It may be possible to reintroduce pledge(2) in mupen64plus, by hoisting
joystick initialization to a place that gets executed earlier. However,
this too might not be possible without breaking other frontends.
Other alternatives could be to modify SDL's joystick initialization to
not require USB_GET_REPORT_DESC, or perhaps to add a new "ujoy" promise.
Either of these would benefit other SDL/ujoy(4)/pledge-using programs
[13 lines not shown]
