unbound: Install a default configuration.
This way, setting unbound=YES is enough to get a working local
recursive resolver listening on 127.0.0.1:53 and [::1]:53.
PR misc/60339: unbound=YES in rc.conf should be enough to get a
recursive resolver
Additionally, this includes the workaround for:
PR bin/60325: unbound emits warning: so-sndbuf 4194304 was not
granted
x86/efi: Bypass kASAN memcpy when copying the efi runtime.
Fixes crash at boot with `options KASAN' enabled on EFI systems.
We could try to find some way to exclude the EFI runtime mappings
from kASAN, e.g. by hacking kasan_md_unsupported. But there's a lot
of detailed exclusions to pass through to that (every entry in the
EFI memory map), and this is the only memcpy in the whole kernel that
all those details are likely to be applicable.
PR kern/60391: kernel panic in efi_init() with "options KASAN"
Introduce EFIKA_OFW_WORKAROUNDS - patch OFW trampoline for EFIKA.
Long story short, is that SmartFirmware (EFIKA's OpenFirmware) misbehaves
on every OF call from the kernel by zeroing SDR1 and messing with BATs.
In the olden days, these problems were worked around with FIRMWORKSBUGS
option. However, that option does not work currently on EFIKA. Presumaly,
something has changed between 2012 and now, which causes FIRMWORKSBUGS
to hang on SmartFirmware very early (before NetBSD copyright banner is
printed).
So we get this kludge, which only does the bare minimum to let OFW
call succeed, and the kernel continue after the call.
citrus/HZ: Be more careful about encoding buffer.
1. Use unsigned char for chlen, since it's never negative and only
needs to be big enough for the ch array.
2. Expand the ch array by space for two escape sequences, each of
which is two characters.
I don't think it is currently possible with the i18n data we ship
for it to emit two escape sequences in a row -- there is a code
path to do this, but I don't think it can be reached without
setting escape sequences for variable 1 and extending this in some
way. Nevertheless, let's err on the side of safety.
3. Sprinkle assertions everywhere.
PR 59019: various iconv issues
iconv(3): Fix printing bytes on test failure.
Don't sign-extend to a 32-bit quantity causing the left to be padded
with f's; just print the 8-bit quantity.
PR 59019: various iconv issues
Start wiring up MPC5200B support into ofppc port.
Interrupt controller peculiarities, properly gating legacy code under kernel
appropriate options, PSC console support (kludge).
Several enchancements and bug fixes to FEC driver.
- Fix SRAM leak in fec_stop()
- Skip busy wait link-poll on reset and recovery
- Properly program muilticast hash filter
- 802.3 full duplex flow control, advertise and honor received pause
- Statistics exposed via if_stats
- Accept VLAN frames
wg(4): Move DoS mitigation a little earlier.
1. Don't store the cookie -- just recompute it on the fly as a
pseudorandom function of the current two-minute unit, under a
secret key generated at interface configuration time.
This way we don't need to find what peer we're talking with --
which requires a DH key agreement -- before we can verify mac2.
2. Actually, recompute _two_ cookies on the fly, one for
floor(now/60) and the other for 1 + floor(now/60), and accept a
valid mac2 under either cookie, or if mac2 is not valid, send the
1 + floor(now/60) cookie.
This way every cookie is valid for a total possible time of 2min,
but the cookie we send is always valid for at least 1min in the
future, so we never send a cookie that's going to immediately
expire and require another REKEY-TIMEOUT delay (and this works
without keeping any state).
[28 lines not shown]
Clamp PMAP_DIRECT_MAPPED_LEN below USER_SR/KERNEL_SR
Derive it from MIN(USER_SR, KERNEL_SR) so the direct-mapped region never
overlaps the kernel HTAB window on ports where KERNEL_SR < USER_SR,
like ofppc. This made pmap_pvo_find_va() panic on legit lookup misses.