mkimage: New `-C <config>' option.
Enables use for out-of-tree config files. We're not really
supporting this as a general-purpose tool but downstream users (like
me) may find this convenient to avoid local patches.
ld at virtio: Guard virtio_dequeue by virtio_vq_is_enqueued.
After triggering the DMA operation, or any previous virtio_dequeue,
virtio_vq_is_enqueued issues the necessary bus_dmamap_sync for
virtio_dequeue to observe any potential (new) result.
Normally this happens inside virtio(4) (in virtio_vq_intr) between
interrupt delivery and calling the virtqueue's done callback. But
polling mode I/O operations (and dump operations) don't take that
path, so it is necessary to call virtio_vq_is_enqueued explicitly.
PR kern/60182: ld at virtio sometimes hangs up
virtio(4): Add missing BUS_DMASYNC_PREREAD operations.
And one missing BUS_DMASYNC_POSTREAD operation.
With this change, loads from vq->vq_used->flags (which occur
immediately after a transfer is submitted to test whether we need to
kick the host device) is separated by a PREREAD/POSTREAD cycle from
loads from vq->vq_used->idx (which occur when we think a transfer may
have completed, e.g. upon receiving an interrupt, to test whether it
has, in fact, completed).
Additionally, with this change, consecutive loads from
*vq->vq_avail_event are separated by a PREREAD/POSTREAD cycle.
Should fix virtio(4) issues on m68k and other related architectures
like mips and armv<7:
PR kern/60144: virtio(4) cache coherence issue
[173 lines not shown]
PR bin/60275 one more (should be the last) correction
It wasn't possible to do this, previously, but after the 3rd
in the sequence, we can (it should have been included with that one).
Never even look at gotsig[signo] in a vforked child - it will
be reflecting the state of the parent, not the child, so has
nothing to do with the child (this wasn't true until after the
3rd fix, which made sure that the child after a vfork doesn't
step on the parent's memory).
This will fix an unbelievably unlikely situation, where a
trapped signal arrives at the parent immediately before it
vforks() a child, which happens before the trap is executed.
Depending upon which of the various fixes (or none of them)
to this PR have been included various incorrect things might
have happened - the child might have processed the signal
trap instead of the parent, the signal might be lost, or even
[2 lines not shown]
x86/efiboot: Put writable variables in .data, not .text.
And define them in the .c file where they're used; no need to have
extra unnecessary .S stuff just to define a global variable.
Based on patch by Paul Ripke to bootx64.efi, adapted for bootia32.efi
too.
PR kern/59151: efiboot hangs on new motherboard
Import unbound 1.25.1 (previous was 1.24.2)
Bug Fixes
Fix CVE-2026-33278, Possible remote code execution during DNSSEC validation.
Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, cookie,
padding EDNS options. Thanks to Qifan Zhang, Palo Alto Networks, for the
report.
Fix CVE-2026-42959, Crash during DNSSEC validation of malicious content. Thanks
to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew Griffiths
from 'calif.io' for the report.
Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan Zhang, Palo
Alto Networks, for the report.
[25 lines not shown]
mi pmap: support code for HW updated referenced and modified PTE bits
Previously the MI PMAP would rely on mod/ref emulation to update
mdpg_attrs if a page was modified or referenced. Now support checking
each mapping's HW modified PTE bits (and updating mdpg_attrs).
mi pmap: aarch64: fix ref/mod emulation in pmap_fault_fixup
If a PTE changes in pmap_fault_fixup the entry in the TLB needs
to be invalidated.
While I'm here use atomic_load_relaxed to fetch the PTE and fix a
comment.
risc-v: fix ref/mod emulation PTE handling.
The previous code has zero chance of working and now that pmap_test_mod_ref
exists it can prove this code is correct.
aarch64: pmap: misc improvements to pmap_test_mod_ref
- remove the need for pmap_debugva by using uvm_km_{alloc,free}
- deactivate curlwp so the kernel pmap is always activate
- sprinkle pmap_udpate()
CVS: ----------------------------------------------------------------------
axen(4): brush up
Align .Cd introduced in previous with the others.
Don't abuse -tag for -item. Mark up ifconfig media types.
Drop confusing parens around the sentence that says autoselect is the
default. The next sentence is the logical continuation of that
thought, and yet it was outside the parens, torn away from the
sentence it expands upon.
Avoid most 30-40 character runs of alphabet soup. A slash and an 'A'
is an especially nasty combination. Fortunately, commas are a thing.
Give remaining slashes a bit of kerning.
octeon: Add second errata syncw in membar_release
The second syncw is relevant to CN5xxx/Octeon+ for us (ERLite), we don't
currently support CN3xxx but attempt to clarify the commentary around all
this.
There is a seemingly similar detail on cnMIPS, the SYNC_PLUNGER, which is not
dealt with or changed here. This syncw is specifically to work around two
related errata in CN3xxx and CN5xxx.
The OCTEON2 path is a future breadcrumb, we don't build it yet.
Reviewed by: skrll@
axen.4: note examples of presently unsupported features
(These could go under a bugs section, but it perhaps makes more sense
to keep all this information together.)
axen.4: add and adjust examples of supported devices
Noted to work with TP-Link UE300 (those that come with ASIX chips,
apparently some come with an RTL8153) and UE306. While here, also
correct the transliteration of "Kuroutoshikou", following OpenBSD.
tcp: set initial RTO to 1s per RFC 6298
Lower TCPTV_SRTTDFLT from 3s to 1s and adjust the t_rttvar seed in
tcp_tcpcb_template() so the pre-measurement TCP_REXMTVAL() equals
TCPTV_SRTTDFLT (was 2*TCPTV_SRTTDFLT). Active opens and SYN|ACK
retransmits now start at 1s and back off 1, 2, 4, ... per RFC 6298
sections 2.1 and 5.5. Post-first-sample RTO is unchanged.
Pin tcp_msl_remote_threshold to its previous numeric default (3*PR_SLOWHZ)
so the SRTTDFLT change does not move an unrelated TIME_WAIT-shortening
tunable.
This is conceptually https://reviews.freebsd.org/D18941 which we ran at a
large CDN, modified for NetBSD's stack.
