Create a new header lwp_private.h to contain _lwp_getprivate_fast,
_lwp_gettcb_fast, _lwp_settcb and remove them from mcontext.h, so that:
1. we don't need special hacks to hide them
2. we can include <lwp.h> where needed to get the necessary prototypes
without redefining them locally.

Undo previous lwp.h change.

Split __lwp_getprivate_fast and __lwp_*tcb from mcontext.h into a separate
lwp.h file.

branches: 1.22.36;
Revert my kasan addition in this makefile, it looks like it causes
asan.h to be installed, while we don't want it to be.

Move the MI parts of KASAN into kern/subr_asan.c. This file includes
machine/asan.h, which contains the MD functions. We use an include rather
than a plain C file, because we want GCC to optimize/inline some functions
into one single block.

The amd64 MD parts of KASAN are moved accordingly.

The naming convention we use is:

kasan_*
a generic kasan object, declared in subr_asan.c
kasan_md_*
an MD kasan object, declared in machine/asan.h, and used
in subr_asan.c
__md_*
an MD object, declared in machine/asan.h, and not used
outside

Overall this makes it easier to add KASAN support on more architectures.

Discussed with several people.

Remove the kernel PMC code. Sent yesterday on tech-kern@.

This change:

* Removes "options PERFCTRS", the associated includes, and the associated
ifdefs. In doing so, it removes several XXXSMPs in the MI code, which is
good.

* Removes the PMC code of ARM XSCALE.

* Removes all the pmc.h files. They were all empty, except for ARM XSCALE.

* Reorders the x86 PMC code not to rely on the legacy pmc.h file. The
definitions are put in sysarch.h.

* Removes the kern/sys_pmc.c file, and along with it, the sys_pmc_control
and sys_pmc_get_info syscalls. They are marked as OBSOL in kern,
netbsd32 and rump.

* Removes the pmc_evid_t and pmc_ctr_t types.

* Removes all the associated man pages. The sets are marked as obsolete.

branches: 1.19.16; 1.19.18;
Add cpu_rng, a framework for simple on-CPU random number generators.

branches: 1.18.4;
Rename sljitarch.h to sljit_machdep.h.

branches: 1.17.2;
Copy fpu.h to release

Move sys/arch/amd64/amd64/fpu.c and sys/arch/amd64/include/fpu.h
into sys/arch/x86 in preparation for using the same code for i386.

Build sljit test when MKSLJIT != no and set MKSLJIT to yes on amd64 and i386.

branches: 1.14.2;
on x86, <machine/cpufunc.h> only pulls in <x86/cpufunc.h>. The latter
is not installed to userland and noone missed it, so the former ones
can not be useful either. Don't install them.

branches: 1.13.2;
Retire varargs.h support. Move machine/stdarg.h logic into MI
sys/stdarg.h and expect compiler to provide proper builtins, defaulting
to the GCC interface. lint still has a special fallback.
Reduce abuse of _BSD_VA_LIST_ by defining __va_list by default and
derive va_list as required by standards.

On amd64, good-bye <machine/bus.h>.

Up next: update set lists.

Add support for fenv.h interface for i386 and amd64.

Submitted by Stathis Kamperis as part of GSoC 2010 and ported from
FreeBSD.

branches: 1.10.10; 1.10.24; 1.10.30; 1.10.32;
Change the way that the trap/intr/syscall frames and the __gregset_t[]
indexes are defined so that only a single list of the registers is used.
The code no longer relies on the two structures matching.
There should be no binary change.

- Make __cpu_simple_lock and similar real functions and patch at runtime.
- Remove old x86 atomic ops.
- Drop text alignment back to 16 on i386 (really, this time).
- Minor cleanup.

branches: 1.8.12; 1.8.24; 1.8.30; 1.8.32; 1.8.36;
Merge newlock2 to head.

branches: 1.7.14;
Add initial (but unfinished) COMPAT_LINUX32 for amd64. This is good enough so
that the i386 license manager part of amd64 version of Fluent works.

While I'm here, add SysV IPC to COMPAT_LINUX/amd64

Revert yesterday's change that attempted to fix the detection of the
boot device when using a Multiboot boot loader. It couldn't work because
these boot loaders do not pass a checksum of the disk so matchbiosdisk()
cannot really find any matches. I should have gone to sleep before
commiting...

Found by xtraeme@.

branches: 1.5.2;
When booting an i386 kernel with Multiboot, properly detect the boot device
by looking it up in the x86_alldisks table (instead of trying to match it
to 'wd*' manually).

In order to do this, move the cpu_rootconf function from x86 common code
to amd64 and i386 specific one. This way, i386 can do an extra step (call
the appropriate Multiboot code) in the appropriate place (after
x86_matchbiosdisks and before findroot()).

branches: 1.4.2; 1.4.4;
merge ktrace-lwp.

branches: 1.3.12;
add a <machine/joystick.h> which just includes the new common one

Factor out W{CHAR,INT}_{MAX,MIN} into their own header file.

branches: 1.1.2; 1.1.4;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Disable SSE and AVX for kernel modules too.

branches: 1.4.2; 1.4.14;
make dtrace work on amd64.

branches: 1.3.4; 1.3.8; 1.3.10; 1.3.18; 1.3.24;
Move -mcmodel=kernel CFLAGS from bsd.klinks.mk to amd64/include/Makefile.inc
to avoid having the kernel toolchain flags split over a billion different
files.

Enable SSP (Stack Smash Protection) in x86 kernels by default (except
in i386 *TINY kernels). The NetBSD/i386 "ALL" kernel is unconditionally
compiled with SSP enabled.

Change approved by the core team.

branches: 1.1.2; 1.1.4;
Build kernel modules with -mno-red-zone like kernel is build. This fixes
frequent panics in amd64 zfs module. This should also fix problem reported
by Nicolas Joly in:

http://mail-index.netbsd.org/port-amd64/2008/12/09/msg000646.html

Thanks to cube@ for his help with this.

MI implementation of AcpiAcquireGlobalLock and AcpiReleaseGlobalLock.

branches: 1.5.2; 1.5.4; 1.5.6;
Revert previous.

Remove code erroneously copied from i386 ACPI_ACQUIRE_GLOBAL_LOCK.

branches: 1.3.6;
Re-sync the (broken) amd64 ACPI Global Lock macros with their i386
counterparts.

As discussed on port-amd64, these will be replaced by portable C code
in the near future.

branches: 1.2.24; 1.2.40; 1.2.50; 1.2.56;
Remove leading __ from __(const|inline|signed|volatile) -- it is obsolete.

branches: 1.1.18;
ACPI support. Wakeup code still to be done.

ACPI support. Wakeup code still to be done.

Switch all users (except ia64) of custom machine/ansi.h to common_ansi.h

Deduplicate the code among ports and poll definitions of types
directly from a compiler.

This fixes miscompilation of certain programs that instruct compilers
to generate code for different types. This bug has been detected with
-fshort-wchar in EFI firmware.

Proposed and discussed on a mailing list (twice).

Itanium uses custom !ELF fallback switch, temporarily leave it as it is.

branches: 1.10.54;
Retire varargs.h support. Move machine/stdarg.h logic into MI
sys/stdarg.h and expect compiler to provide proper builtins, defaulting
to the GCC interface. lint still has a special fallback.
Reduce abuse of _BSD_VA_LIST_ by defining __va_list by default and
derive va_list as required by standards.

1. {wctype,wctrans,mbstate}_t: switch MD to MI like other
libc implementation (such as *BSD and glibc2).

2. don't typedef void * wc{type,trans}_t, suggested by soda@-san.
it may pass through compiler type check, it's harmful.
so i introduce dummy struct __tag_wc{type,trans}_t(iconv_t already does).

no ABI change was made.

branches: 1.8.2; 1.8.4; 1.8.6;
merge christos-time_t

branches: 1.7.2;
put the contents of these header files around #ifdef __x86_64__, and
#include the <i386/foo.h> in the #else clause, making these files
largely bit-size independant.

branches: 1.6.16; 1.6.18; 1.6.22; 1.6.28;
Merge the ppcoea-renovation branch to HEAD.

This branch was a major cleanup and rototill of many of the various OEA
cpu based PPC ports that focused on sharing as much code as possible
between the various ports to eliminate near-identical copies of files in
every tree. Additionally there is a new PIC system that unifies the
interface to interrupt code for all different OEA ppc arches. The work
for this branch was done by a variety of people, too long to list here.

TODO:
bebox still needs work to complete the transition to -renovation.
ofppc still needs a bunch of work, which I will be looking at.
ev64260 still needs to be renovated
amigappc was not attempted.

NOTES:
pmppc was removed as an arch, and moved to a evbppc target.

clean up some definitions around rune_t which are not needed anymore

branches: 1.4.8; 1.4.16; 1.4.22; 1.4.26; 1.4.28;
fix gcc -Werror -Wmissing-braces problem
mbstate_t(this is opaque object)'s initializer should be ``{ 0 }'',
so changed 1st field of union from character array to integer.

branches: 1.3.20; 1.3.22;
merge ktrace-lwp.

branches: 1.2.16;
Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22364, verified by myself.

branches: 1.1.2;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

amd64/asan.h, amd64/msan.h: Add include guards.

Sprinkle "#include <machine/pmap_private.h>", kernel ALL/amd64
compiles again.

x86: Split bootspace out of x86/pmap.h into new x86/bootspace.h.

kasan: fix the copyright notices

Round of uvm.h cleanup.

The poorly named uvm.h is generally supposed to be for uvm-internal
users only.

- Narrow it to files that actually need it -- mostly files that need
to query whether curlwp is the pagedaemon, which should maybe be
exposed by an external header.

- Use uvm_extern.h where feasible and uvm_*.h for things not exposed
by it. We should split up uvm_extern.h but this will serve for now
to reduce the uvm.h dependencies.

- Use uvm_stat.h and #ifdef UVMHIST uvm.h for files that use
UVMHIST(ubchist), since ubchist is declared in uvm.h but the
reference evaporates if UVMHIST is not defined, so we reduce header
file dependencies.

- Make uvm_device.h and uvm_swap.h independently includable while
here.

ok chs@

Rename __MD_CANONICAL_BASE -> __MD_KERNMEM_BASE for clarity.

Call kasan_early_init earlier, to unbreak KASAN after the recent RNG
changes. Will also prevent further trouble.

Merge the bouyer-xenpvh branch, bringing in Xen PV drivers support under HVM
guests in GENERIC.
Xen support can be disabled at runtime with
boot -c
disable hypervisor

Use large pages for the kASan shadow, same as kMSan.

branches: 1.3.4; 1.3.12;
Start replacing the x86 PTE bits.

Add more symbols to the unwinder, in case we get a KASAN message inside
an exception handler.

branches: 1.1.2;
Move the MI parts of KASAN into kern/subr_asan.c. This file includes
machine/asan.h, which contains the MD functions. We use an include rather
than a plain C file, because we want GCC to optimize/inline some functions
into one single block.

The amd64 MD parts of KASAN are moved accordingly.

The naming convention we use is:

kasan_*
a generic kasan object, declared in subr_asan.c
kasan_md_*
an MD kasan object, declared in machine/asan.h, and used
in subr_asan.c
__md_*
an MD object, declared in machine/asan.h, and not used
outside

Overall this makes it easier to add KASAN support on more architectures.

Discussed with several people.

x86 machine/asm.h: Avoid juxtaposition for concatenation.

clang asm doesn't seem to like it. Instead of `.asciz "foo" "bar"',
do `.ascii "foo"; .asciz "bar"'.

PR toolchain/58960: Missing support for _NETBSD_REVISIONID on various
ports

branches: 1.23.2;
amd64/asm.h: Respect _NETBSD_REVISIONID.

sys/arch/amd64: remove trailing whitespace

Merge the bouyer-xenpvh branch, bringing in Xen PV drivers support under HVM
guests in GENERIC.
Xen support can be disabled at runtime with
boot -c
disable hypervisor

Mark the .ident section as mergable string section to avoid redundant
entries.

branches: 1.19.28; 1.19.38;
Indent.

branches: 1.18.2;
Pass PICFLAGS down to cc-as-as and use __PIC__ to decide if it is small
vs big PIC mode. Retire -DPIC and -DBIGPIC.

branches: 1.17.2;
Define IDTVEC_END(), from i386/asm.h.

Add END(y) as i386/asm.h does.

branches: 1.15.2;
make dtrace work on amd64.

branches: 1.14.8; 1.14.14;
Consistently use .gnu.warning with .pushsectio and .popsection on all
architectures instead of obsolete STABS frames for linker warnings.

branches: 1.13.8; 1.13.16;
put the contents of these header files around #ifdef __x86_64__, and
#include the <i386/foo.h> in the #else clause, making these files
largely bit-size independant.

Make RCSID() use section .ident like the C version and i386's asm does.
OK ad@

branches: 1.11.6; 1.11.10; 1.11.12; 1.11.16;
- Make __cpu_simple_lock and similar real functions and patch at runtime.
- Remove old x86 atomic ops.
- Drop text alignment back to 16 on i386 (really, this time).
- Minor cleanup.

branches: 1.10.2; 1.10.6;
Drop text alignment back to 16 - the usual size of blocks the instruction
decoder works with.

branches: 1.9.2;
Merge the ppcoea-renovation branch to HEAD.

This branch was a major cleanup and rototill of many of the various OEA
cpu based PPC ports that focused on sharing as much code as possible
between the various ports to eliminate near-identical copies of files in
every tree. Additionally there is a new PIC system that unifies the
interface to interrupt code for all different OEA ppc arches. The work
for this branch was done by a variety of people, too long to list here.

TODO:
bebox still needs work to complete the transition to -renovation.
ofppc still needs a bunch of work, which I will be looking at.
ev64260 still needs to be renovated
amigappc was not attempted.

NOTES:
pmppc was removed as an arch, and moved to a evbppc target.

Merge most x86 changes from the vmlocking branch, except the threaded soft
interrupt stuff. This is mostly comprised of changes to the pmap modules to
work on multiprocessor systems without kernel_lock, and changes to speed up
tlb shootdowns.

branches: 1.7.6; 1.7.14; 1.7.18; 1.7.22; 1.7.24;
Merge newlock2 to head.

branches: 1.6.2;
Add an SPLLOWER() macro.

branches: 1.5.2; 1.5.6;
Add a STRONG_ALIAS macro

branches: 1.4.2;
merge ktrace-lwp.

branches: 1.3.16;
Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22364, verified by myself.

branches: 1.2.2;
set symbol to be a function using .type directive in IDTVEC macro
so that ddb backtrace can pick them up after recent ksyms changes.

suggested by Matt Thomas on tech-kern.
ok'ed by Frank van der Linden.

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

- Make __cpu_simple_lock and similar real functions and patch at runtime.
- Remove old x86 atomic ops.
- Drop text alignment back to 16 on i386 (really, this time).
- Minor cleanup.

branches: 1.9.2; 1.9.4; 1.9.8;
Merge the ppcoea-renovation branch to HEAD.

This branch was a major cleanup and rototill of many of the various OEA
cpu based PPC ports that focused on sharing as much code as possible
between the various ports to eliminate near-identical copies of files in
every tree. Additionally there is a new PIC system that unifies the
interface to interrupt code for all different OEA ppc arches. The work
for this branch was done by a variety of people, too long to list here.

TODO:
bebox still needs work to complete the transition to -renovation.
ofppc still needs a bunch of work, which I will be looking at.
ev64260 still needs to be renovated
amigappc was not attempted.

NOTES:
pmppc was removed as an arch, and moved to a evbppc target.

Fix the ifdefs to match i386.

Make the atomics inline unless !__GNUC__.

branches: 1.6.2;
Merge most x86 changes from the vmlocking branch, except the threaded soft
interrupt stuff. This is mostly comprised of changes to the pmap modules to
work on multiprocessor systems without kernel_lock, and changes to speed up
tlb shootdowns.

branches: 1.5.6; 1.5.12; 1.5.14; 1.5.18; 1.5.22; 1.5.24;
Merge newlock2 to head.

branches: 1.4.20;
inline -> __inline

__asm__ -> __asm
__const__ -> const
__inline__ -> inline
__volatile__ -> volatile

Remove leading __ from __(const|inline|signed|volatile) -- it is obsolete.

branches: 1.1.18;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Define some optional routines that will help device_register() to
register ISA & PCI devices. Add stub implementations of the routines.

Revert yesterday's change that attempted to fix the detection of the
boot device when using a Multiboot boot loader. It couldn't work because
these boot loaders do not pass a checksum of the disk so matchbiosdisk()
cannot really find any matches. I should have gone to sleep before
commiting...

Found by xtraeme@.

branches: 1.1.2;
When booting an i386 kernel with Multiboot, properly detect the boot device
by looking it up in the x86_alldisks table (instead of trying to match it
to 'wd*' manually).

In order to do this, move the cpu_rootconf function from x86 common code
to amd64 and i386 specific one. This way, i386 can do an extra step (call
the appropriate Multiboot code) in the appropriate place (after
x86_matchbiosdisks and before findroot()).

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

put the contents of these header files around #ifdef __x86_64__, and
#include the <i386/foo.h> in the #else clause, making these files
largely bit-size independant.

branches: 1.2.72; 1.2.76; 1.2.82;
Change sys/arch/xxx/include/bswap.h to #include machine/byte_swap.h then
sys/bswap.h in order to pick up the MD inline routines and the constant
folding definitions in the right order.
Code can include either sys/bswap.h or machine/bswap.h with the same effect.

branches: 1.1.18; 1.1.30;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

On amd64, good-bye <machine/bus.h>.

Up next: update set lists.

branches: 1.1.122;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

branches: 1.1.2;
Per discussion at
<http://mail-index.netbsd.org/tech-kern/2010/04/02/msg007941.html>,
divide each machine's bus.h into bus_defs.h (constants & data types)
and bus_funcs.h (macro implementations of bus_space(9) routines and MD
prototypes).

Note that some bus_space(9) routines' implementation will move to .c
files from inline subroutines or macros in .h files.

I've only made the split for machine architectures where there is PCI.
All of the non-PCI-having architectures will require a similar split.

These #include files are not referenced by any (committed) Makefiles or
header files, yet. Changes to Makefiles, to <sys/bus.h>, and to some
more machine-dependent files will dribble in before I throw the switch.

branches: 1.1.2;
Per discussion at
<http://mail-index.netbsd.org/tech-kern/2010/04/02/msg007941.html>,
divide each machine's bus.h into bus_defs.h (constants & data types)
and bus_funcs.h (macro implementations of bus_space(9) routines and MD
prototypes).

Note that some bus_space(9) routines' implementation will move to .c
files from inline subroutines or macros in .h files.

I've only made the split for machine architectures where there is PCI.
All of the non-PCI-having architectures will require a similar split.

These #include files are not referenced by any (committed) Makefiles or
header files, yet. Changes to Makefiles, to <sys/bus.h>, and to some
more machine-dependent files will dribble in before I throw the switch.

merge ktrace-lwp.

branches: 1.1.2; 1.1.4; 1.1.12;
add files which i forgot to add with arch/x86/x86/bus_dma.c rev.1.21.

Eliminate recursive dependency on <sys/bswap.h> in MD <byte_swap.h>

On certain NetBSD archs, it isn't possible to include <sys/bswap.h>
directly without including <sys/endian.h> first. This has been
broken since at least before netbsd-10, but recent changes elsewhere
have made this problem more visible for some reason.

Fix this by not including <sys/types.h>, eliminating recursive
inclusion - <sys/types.h> includes <machine/endian.h>. It would
be nice to remove that line from types.h, since it's no longer
necessary, but currently the kernel assumes that <sys/endian.h> is
included from <sys/types.h> in various places (and possibly userspace
software does too).

For now we can take the less dangerous option by avoiding
including <sys/types.h> from these bswap headers. They don't need the
full header, and applications that assume transclusion aren't portable
anyway, since architectures like sparc64 don't include <sys/types.h>
via <sys/bswap.h>.

PR pkg/59839 palemoon, firefox, etc., don't build on arm64 any more

branches: 1.8.24;
sys/arch/amd64: remove trailing whitespace

Provide inline assembly version of bswap64.

branches: 1.6.4; 1.6.8; 1.6.12;
put the contents of these header files around #ifdef __x86_64__, and
#include the <i386/foo.h> in the #else clause, making these files
largely bit-size independant.

branches: 1.5.6;
Remove clause 3 and 4 from TNF licenses

branches: 1.4.72; 1.4.74; 1.4.76;
Move all the stuff that detects bswapxx(constant) into the MI sys/bswap.h
Put the minimum to define the required inline assembler or C into the MD files.
NB: there may be some fallout from this!

branches: 1.3.2;
inline -> __inline

Remove leading __ from __(const|inline|signed|volatile) -- it is obsolete.

branches: 1.1.18;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Change CMSG_SPACE and CMSG_LEN to provide Integer Constant Expressions
again. This was changed in sys/socket.h r1.51 to work around fallout
from the IPv6 aux data migration. It broke the historic ABI on some
platforms. This commit restores compatibility for netbsd32 code on such
platforms and provides a template for future changes to the CMSG_*
alignment. Revert PCC/Clang workarounds in postfix and tmux.

branches: 1.2.28; 1.2.32;
put the contents of these header files around #ifdef __x86_64__, and
#include the <i386/foo.h> in the #else clause, making these files
largely bit-size independant.

branches: 1.1.104; 1.1.108; 1.1.114;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

x86: avoid annoying GCC 12 bounds check in curcpu() and curlwp().

these functions read %gs and return an pointer at an offset from this
value (the current cpu, or lwp pointers), and GCC is complaining that
they're accessing a array cpu_info[0] (ie, zero length, no storage.)

several attempts to workaround it have failed, and because of the
asm volatile nature of this, it seems very unlikely a compiler would
take this and do something wrong with it.

amd64: Make curlwp and curcpu() flushable.

The only effect of the `volatile' qualifier on an asm block with
outputs is to force the instructions to appear in the generated code,
even if the outputs end up being unused. Since these instructions
have no (architectural) side effects -- provided %gs is set
correctly, which must be the case here -- there's no need for the
volatile qualifier, so nix it.

In order to prevent _mcount() from being recursively called when built with COPTS=-O0,
sprinkle `__always_inline' to make _mcount() be generated as a single function.

sys/arch/amd64: remove trailing whitespace

Add a redzone between the pcb and the stack. Sent to port-amd64@.

Use the inlines; it is actually fine, since the compiler drops the inlines
if the caller is kmsan-instrumented, forcing a white-listing of the memory
access.

mi_userret(): take care of calling preempt(), set spc_curpriority directly,
and remove MD code that does the same.

Add support for Kernel Memory Sanitizer (kMSan). It detects uninitialized
memory used by the kernel at run time, and just like kASan and kCSan, it
is an excellent feature. It has already detected 38 uninitialized variables
in the kernel during my testing, which I have since discreetly fixed.

We use two shadows:
- "shad", to track uninitialized memory with a bit granularity (1:1).
Each bit set to 1 in the shad corresponds to one uninitialized bit of
real kernel memory.
- "orig", to track the origin of the memory with a 4-byte granularity
(1:1). Each uint32_t cell in the orig indicates the origin of the
associated uint32_t of real kernel memory.

The memory consumption of these shadows is consequent, so at least 4GB of
RAM is recommended to run kMSan.

The compiler inserts calls to specific __msan_* functions on each memory
access, to manage both the shad and the orig and detect uninitialized
memory accesses that change the execution flow (like an "if" on an
uninitialized variable).

We mark as uninit several types of memory buffers (stack, pools, kmem,
malloc, uvm_km), and check each buffer passed to copyout, copyoutstr,
bwrite, if_transmit_lock and DMA operations, to detect uninitialized memory
that leaves the system. This allows us to detect kernel info leaks in a way
that is more efficient and also more user-friendly than KLEAK.

Contrary to kASan, kMSan requires comprehensive coverage, ie we cannot
tolerate having one non-instrumented function, because this could cause
false positives. kMSan cannot instrument ASM functions, so I converted
most of them to __asm__ inlines, which kMSan is able to instrument. Those
that remain receive special treatment.

Contrary to kASan again, kMSan uses a TLS, so we must context-switch this
TLS during interrupts. We use different contexts depending on the interrupt
level.

The orig tracks precisely the origin of a buffer. We use a special encoding
for the orig values, and pack together in each uint32_t cell of the orig:
- a code designating the type of memory (Stack, Pool, etc), and
- a compressed pointer, which points either (1) to a string containing
the name of the variable associated with the cell, or (2) to an area
in the kernel .text section which we resolve to a symbol name + offset.

This encoding allows us not to consume extra memory for associating
information with each cell, and produces a precise output, that can tell
for example the name of an uninitialized variable on the stack, the
function in which it was pushed on the stack, and the function where we
accessed this uninitialized variable.

kMSan is available with LLVM, but not with GCC.

The code is organized in a way that is similar to kASan and kCSan, so it
means that other architectures than amd64 can be supported.

We reorganise definitions for XEN source support as follows:

XEN - common sources required for baseline XEN support.
XENPV - sources required for support of XEN in PV mode.
XENPVHVM - sources required for support for XEN in HVM mode.
XENPVH - sources required for support for XEN in PVH mode.

On Xen, copy just the bits we need from the trapframe for hardclock(9)
and statclock(9).

Current, the macros that use the trapframe are:
CLKF_USERMODE()
CLKF_PC()
CLKF_INTR()

Of these, CLKF_INTR() already ignores the frame and uses the ci_idepth
variable to do its job.

Convert the two remaining ones to do this, but only for XEN.

branches: 1.62.2;
Remove the prototypes for cpu_uarea_*, I removed these functions two
minutes ago.

branches: 1.61.2;
Remove the second argument from USERMODE and KERNELMODE, it is unused
now that we don't have vm86 anymore.

branches: 1.60.6; 1.60.40;
allocate uareas contiguously and access them via the direct map.

branches: 1.59.14; 1.59.18;
_LKM -> _MODULE

branches: 1.58.2;
put the contents of these header files around #ifdef __x86_64__, and
#include the <i386/foo.h> in the #else clause, making these files
largely bit-size independant.

branches: 1.57.4;
Mark x86_curlwp() with __attribute__ ((const)), so gcc can CSE it and know
that it does not clobber global data.

Wrap stuff in #ifdef _KERNEL

Share cpu.h between the x86 ports.

Simplify x86 identcpu code, and share between i386/amd64.

Improve x86 tsc handling:

- Ditch the cross-CPU calibration stuff. It didn't work properly, and it's
near impossible to synchronize the CPUs in a running system, because bus
traffic will interfere with any calibration attempt, messing up the
timings.

- Only enable the TSC on CPUs where we are sure it does not drift. If we are
On a known good CPU, give the TSC high timecounter quality, making it the
default.

- When booting CPUs, detect TSC skew and account for it. Most Intel MP
systems have synchronized counters, but that need not be true if the
system has a complicated bus structure. As far as I know, AMD systems
do not have synchronized TSCs and so we need to handle skew.

- While an AP is waiting to be set running, try and make the TSC drift by
entering a reduced power state. If we detect drift, ensure that the TSC
does not get a high timecounter quality. This should not happen and is
only for safety.

- Make cpu_counter() stuff LKM safe.

Make cpu_idle a macro calling a function pointer on x86.
Select the Xen idle routine for Xen, mwait if supported by the CPU and
it is not AMD and halt otherwise. As reported by Christoph Egger,
AMD Barcelona keeps the CPU in C0 state with MWAIT, contrary to HLT,
which uses C1 and therefore much less power.

branches: 1.51.2;
Avoid unneeded AST faults.

Add support for kernel preeemption to the i386 and amd64 ports. Notes:

- I have seen one isolated panic in the x86 pmap, but otherwise i386
seems stable with preemption enabled.

- amd64 is missing the FPU handling changes and it's not yet safe to
enable it there.

- The usual level for kern.sched.kpreempt_pri will be 128 once enabled
by default. For testing, setting it to 0 helps to shake out bugs.

branches: 1.49.2;
- Give ci_want_resched a single cache line, and align. This is for monitor/
mwait. At least one errata sheet from Intel notes that a single line
should be used.
- Align cc_microtime.

Ensure that offsetof() is in scope by including <sys/systm.h>.
Fixes build problem found while building swapnetbsd.o for XEN3_DOM0.

Access Xen's vcpu info structure per-CPU.
Tested on i386 and amd64 (both dom0 and domU) by me.
Xen2 tested (both dom0 and domU) by bouyer.
OK bouyer

branches: 1.46.2;
use POSIX integer types

Remove CTL_MACHDEP_NAMES, it's not used anywhere.

Ok by martin@.

branches: 1.44.2; 1.44.6;
GC i8254_microtime.

remove no longer necessary cpu_maxproc.

- make amd64 use per-cpu tss.
- fix iopl syscall for amd64+xen.

g/c unused members

g/c ci_idle_pcb_paddr

try to detect processor resource sharing topologies. ie. package/core/smt IDs.

Convert many of the uses of __attribute__ to equivalent
__packed, __unused and __dead macros from cdefs.h

Define 'struct intrframe' in terms of 'struct trapframe' since the two are
assumed to match by a lot of code (including that which saves the regs).
This only slightly reduces the number of places the trapframe register
layout is defined.

Add new IPI for saving CPU state explicitly, share high-level part of
ACPI wakeup code and teach it how to start the APs again. As a side
effect the CPU_START interface allows choosing between different
bootstrap codes more easily now.

branches: 1.35.2;
Merge jmcneill-pm branch.

branches: 1.34.2;
Add a CPU local timer based on the LAPIC. This is consistently faster
than TSC, but doesn't suffer from SpeedStep as TSC does.

The default quality is higher than HPET for UP, but -100 for
MULTIPROCESSOR as it needs CPU local state which doesn't exist yet.

branches: 1.33.2;
Pull up the bouyer-xenamd64 branch to HEAD. This brings in amd64 support
to NetBSD/Xen, both Dom0 and DomU.

- cpu_vendor was both an int and char[] on amd64 - fix it.
- Run the errata check/patch on all CPUs, not just the boot processor.

branches: 1.31.2;
Mark cpu_info::ci_tlbstate volatile to ensure that the compiler doesn't
reorder accesses to it. It's updated from the TLB IPI handlers and we don't
block those, so the order in which things are read/updated is important.

Match delay/DELAY on x86 with delay(9). It takes an unsigned int as
argument. Use this and replace the inline assembly (mul + div using the
64bit intermediate result) with normal 32bit multiplication and
division. The compiler can turn the division into a multiplication and
shift, making it even cheaper then the original assembly. For extreme
long delays, just use 64bit arithmetic.

merge yamt-x86pmap branch.

- reduce differences between amd64 and i386. notably, share pmap.c
between them. it makes several i386 pmap improvements available to
amd64, including tlb shootdown reduction and bug fixes from Stephan Uphoff.
- implement deferred pmap switching for amd64.
- remove LARGEPAGES option. always use large pages if available.
also, make it work on amd64.

Merge the ppcoea-renovation branch to HEAD.

This branch was a major cleanup and rototill of many of the various OEA
cpu based PPC ports that focused on sharing as much code as possible
between the various ports to eliminate near-identical copies of files in
every tree. Additionally there is a new PIC system that unifies the
interface to interrupt code for all different OEA ppc arches. The work
for this branch was done by a variety of people, too long to list here.

TODO:
bebox still needs work to complete the transition to -renovation.
ofppc still needs a bunch of work, which I will be looking at.
ev64260 still needs to be renovated
amigappc was not attempted.

NOTES:
pmppc was removed as an arch, and moved to a evbppc target.

branches: 1.27.2;
x86 changes for pcc and LKMs.

- Replace most inline assembly with proper functions. As a side effect
this reduces the size of amd64 GENERIC by about 120kB, and i386 by a
smaller amount. Nearly all of the inlines did something slow, or something
that does not need to be fast.
- Make curcpu() and curlwp functions proper, unless __GNUC__ && _KERNEL.
In that case make them inlines. Makes curlwp LKM and preemption safe.
- Make bus_space and bus_dma more LKM friendly.
- Share a few more files between the ports.
- Other minor changes.

ci_astpending is no more.

branches: 1.25.2;
Merge most x86 changes from the vmlocking branch, except the threaded soft
interrupt stuff. This is mostly comprised of changes to the pmap modules to
work on multiprocessor systems without kernel_lock, and changes to speed up
tlb shootdowns.

branches: 1.24.4; 1.24.8; 1.24.10;
Revert fs/gs changes until I figure out issues with them.

merge yamt-idlelwp branch. asked by core@. some ports still needs work.

from doc/BRANCHES:

idle lwp, and some changes depending on it.

1. separate context switching and thread scheduling.
(cf. gmcgarry_ctxsw)
2. implement idle lwp.
3. clean up related MD/MI interfaces.
4. make scheduler(s) modular.

Don't save/restore %fs and %gs in trapframe. The kernel won't touch them.
Instead, save/restore them on context switch. For 32bit processes, save/restore
the selector values only, for 64bit processes, save/restore the appropriate
MSRs. Iff the defaults have been changed.

branches: 1.21.4;
- Remove ci_msr_rvalue, it's not useful anymore as yamt@ pointed out.
- Remove completely debug from msr_ipifuncs, now it's known to work.

MSR read and write IPI handlers for x86. A MSR will be read or written
in all CPUs available in the system. This adds another member
to struct cpu_info, ci_msr_rvalue; it will contain the value of the MSR
in a previous operation.

Tested with clockmod in UP and SMP by me, tested with est in SMP
by Daniel Carosone and Michael Van Elst.

Ok'ed by Andrew Doran and Matthew R. Green.

struct cpu_info: add a ci_feature2_flags member.
identcpu: print extended cpuid features with ci_feature2_flags.

"Looks good" by christos and njoly.

Remove __P(), remove k8_powernow_init proto... it was moved to
x86/include/powernow.h long time ago.

branches: 1.17.2; 1.17.4;
Include sys/simplelock.h, not sys/lock.h.

branches: 1.16.2;
clean up how cpus and ioapics are attached at the mainbus:
Seperate "cpubus" and "ioapicbus" -- while they share a common "address
space" (the apic id), the kernel doesn't use this fact. There are different
data passed to cpus and apics, which caused some ugly polymorphism. This
also saves the special "submatch" functions needed to distingush cpus
and ioapics for autoconf. (And it makes that "apid" locators wired
in the kernel configuration are honored now; this allows one to dumb down
an mp box to singleprocessor by userconfig.)
Print "apid" locators in the buses "print" function "as everyone does",
so the per-port cpu drivers don't need to do it.
Being here, constify "struct cpu_functions" and g/c the unused MP_PICMODE
flag.

Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.

branches: 1.14.2;
Remove spllowersoftclock() and CLKF_BASEPRI(), and always dispatch callouts
via a soft interrupt. In the near future, softclock will be run from process
context.

Merge newlock2 to head.

branches: 1.12.4; 1.12.8; 1.12.10;
AMD PowerNow!/Cool`n'Quiet driver for NetBSD/amd64,
adapted from OpenBSD.

Tested on a few machines:

http://bigbird.dohd.org:3021/NetBSD/dmesg
http://www.bsd.org.il/netbsd/acpi/dmesg

Thanks to cube, elad and others for testing and fixes.

Enabled by default on GENERIC.

convert to timecounters (from branch simonb-timecounters)

branches: 1.10.6;
delay() is gone, so don't declare it. That way other parts of code that
use a variable named delay (say, netinet6/in6.c) won't shadow something
that doesn't exist anyway.

branches: 1.9.4; 1.9.6; 1.9.8;
bare asm -> __asm

merge ktrace-lwp.

Change all archs that did:

#define clockframe somethingelse

to:

struct clockframe {
struct somethingelse cf_se;
};

and change access macros accordingly.

That means that, at least for that very issue, things will not go
ka-boomy if you don't have the actual definition of struct clockframe
before including systm.h.

branches: 1.6.12;
don't expose cpu_info and friends to userland.

fix a typo in a comment.

move some per-cpu data definitions to MI place so that they can be modified
without touching all ports. discussed on tech-kern@.

Replace the traditional buffer memory management -- based on fixed per buffer
virtual memory reservation and a private pool of memory pages -- by a scheme
based on memory pools.

This allows better utilization of memory because buffers can now be allocated
with a granularity finer than the system's native page size (useful for
filesystems with e.g. 1k or 2k fragment sizes). It also avoids fragmentation
of virtual to physical memory mappings (due to the former fixed virtual
address reservation) resulting in better utilization of MMU resources on some
platforms. Finally, the scheme is more flexible by allowing run-time decisions
on the amount of memory to be used for buffers.

On the other hand, the effectiveness of the LRU queue for buffer recycling
may be somewhat reduced compared to the traditional method since, due to the
nature of the pool based memory allocation, the actual least recently used
buffer may release its memory to a pool different from the one needed by a
newly allocated buffer. However, this effect will kick in only if the
system is under memory pressure.

Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22364, verified by myself.

branches: 1.1.2;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Merge cpu_counter.h.

branches: 1.6.2;
Remove clause 3 and 4 from TNF licenses

branches: 1.5.16; 1.5.18; 1.5.20;
Merge the ppcoea-renovation branch to HEAD.

This branch was a major cleanup and rototill of many of the various OEA
cpu based PPC ports that focused on sharing as much code as possible
between the various ports to eliminate near-identical copies of files in
every tree. Additionally there is a new PIC system that unifies the
interface to interrupt code for all different OEA ppc arches. The work
for this branch was done by a variety of people, too long to list here.

TODO:
bebox still needs work to complete the transition to -renovation.
ofppc still needs a bunch of work, which I will be looking at.
ev64260 still needs to be renovated
amigappc was not attempted.

NOTES:
pmppc was removed as an arch, and moved to a evbppc target.

branches: 1.4.10;
Move x86 common cpu_counter functions into <x86/cpu_counter.h>.

branches: 1.3.24; 1.3.26; 1.3.32;
Change "inline" back to "__inline" in .h files -- C99 is still too
new, and some apps compile things in C89 mode. C89 keywords stay.

As per core@.

branches: 1.2.2; 1.2.4; 1.2.6;
Remove leading __ from __(const|inline|signed|volatile) -- it is obsolete.

branches: 1.1.18;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

branches: 1.1.2; 1.1.18;
Add cpu_rng, a framework for simple on-CPU random number generators.

Introduce smap_enable()/smap_disable() functions, to be used from
C code.

branches: 1.19.120;
Merge the ppcoea-renovation branch to HEAD.

This branch was a major cleanup and rototill of many of the various OEA
cpu based PPC ports that focused on sharing as much code as possible
between the various ports to eliminate near-identical copies of files in
every tree. Additionally there is a new PIC system that unifies the
interface to interrupt code for all different OEA ppc arches. The work
for this branch was done by a variety of people, too long to list here.

TODO:
bebox still needs work to complete the transition to -renovation.
ofppc still needs a bunch of work, which I will be looking at.
ev64260 still needs to be renovated
amigappc was not attempted.

NOTES:
pmppc was removed as an arch, and moved to a evbppc target.

x86 changes for pcc and LKMs.

- Replace most inline assembly with proper functions. As a side effect
this reduces the size of amd64 GENERIC by about 120kB, and i386 by a
smaller amount. Nearly all of the inlines did something slow, or something
that does not need to be fast.
- Make curcpu() and curlwp functions proper, unless __GNUC__ && _KERNEL.
In that case make them inlines. Makes curlwp LKM and preemption safe.
- Make bus_space and bus_dma more LKM friendly.
- Share a few more files between the ports.
- Other minor changes.

branches: 1.17.8; 1.17.10; 1.17.12;
Revert fs/gs changes until I figure out issues with them.

Don't save/restore %fs and %gs in trapframe. The kernel won't touch them.
Instead, save/restore them on context switch. For 32bit processes, save/restore
the selector values only, for 64bit processes, save/restore the appropriate
MSRs. Iff the defaults have been changed.

branches: 1.15.2; 1.15.4; 1.15.10;
Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.

branches: 1.14.2;
Merge newlock2 to head.

.. but only if _KERNEL is defined.

On second thought, implement x86_pause() as a regular function. The small
delay from the call is useful for spinlock backoff.

x86_pause(): do issue the 'pause' instruction, for EMT64 CPUs.

Report on and where possible, try to work around some of the known errata
for Athlon 64 and Opteron processors. Tested briefly by cube@ and elad@.

branches: 1.9.2;
Add x86_sfence(), x86_mfence().

Fix the amd64 INSTALL kernel (builds of machdep.c with -Os and -O3).
Load the idt with non-randmon data.

branches: 1.7.4; 1.7.8; 1.7.18;
inline -> __inline

Remove leading __ from __(const|inline|signed|volatile) -- it is obsolete.

merge ktrace-lwp.

branches: 1.4.14; 1.4.16;
issue memory read barrier for BUS_DMASYNC_POSTREAD operation.
PR/21665 from Stephan Uphoff.

branches: 1.3.2;
Move x86_pause() out of ifdef _KERNEL.

Add x86_pause() inline function, containing the "pause" instruction
for i386, and nothing for amd64. Sprinkle it in various spinloops,
as recommended by Intel.

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

branches: 1.2.4;
Merge newlock2 to head.

branches: 1.1.2;
file cputypes.h was initially added on branch newlock2.

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

PTE_BASE is defined in <machine/pmap_private.h>.

branches: 1.4.26;
kcsan: fix the copyright notices

branches: 1.3.8;
Exclude the PTE space from KCSAN, since there the same VA can point to
different PAs.

Change kcsan_md_is_avail() to always return true; I was testing with
interrupts disabled as debugging. Change the delay/sample parameters
to have better fluidity.

Add Kernel Concurrency Sanitizer (kCSan) support. This sanitizer allows us
to detect race conditions at runtime. It is a variation of TSan that is
easy to implement and more suited to kernel internals, albeit theoretically
less precise than TSan's happens-before.

We do basically two things:

- On every KCSAN_NACCESSES (=2000) memory accesses, we create a cell
describing the access, and delay the calling CPU (10ms).

- On all memory accesses, we verify if the memory we're reading/writing
is referenced in a cell already.

The combination of the two means that, if for example cpu0 does a read that
is selected and cpu1 does a write at the same address, kCSan will fire,
because cpu1's write collides with cpu0's read cell.

The coverage of the instrumentation is the same as that of kASan. Also, the
code is organized in a way similar to kASan, so it is easy to add support
for more architectures than amd64. kCSan is compatible with KCOV.

Reviewed by Kamil.

sys/arch/amd64: remove trailing whitespace

Cleanup and clarify the ELFSIZE mess:

We now have 2 variables automatically set in elf_machdep.h:

ARCH_ELFSIZE: the size for userland binaries
KERN_ELFSIZE: the size for the kernel binaries

DB_ELFSIZE has been deleted and KERN_ELFSIZE should have always the
same values DB_ELFSIZE used to have.

In sys/exec_elf.h, if ELFSIZE is not set, it is set to KERN_ELFSIZE
for the kernel and ARCH_ELFSIZE for userland. These defaults should
eliminate the need for most manual ELFSIZE setting.

properly copy regs for kgdb, and define the number of registers properly.
from openbsd via Vicente Chaves and PR port-amd64/50091.

branches: 1.14.6;
add missing _

we need to return something here.

use the parameter for instruction macros

branches: 1.11.4; 1.11.14; 1.11.18;
Introduce DDB_EXPR_FMT and replace the logic around DB_EXPR_T_IS_QUAD.

Merge db_trace for x86. From: Vladimir Kirillov proger at wilab dot org dot ua

branches: 1.9.4; 1.9.6;
Remove all the __P() from sys (excluding sys/dist)
Diff checked with grep and MK1 eyeball.
i386 and amd64 GENERIC and sys still build.

add a missing _KERNEL_OPT ifdef.

branches: 1.7.2; 1.7.8;
put the contents of these header files around #ifdef __x86_64__, and
#include the <i386/foo.h> in the #else clause, making these files
largely bit-size independant.

branches: 1.6.42; 1.6.46; 1.6.52;
Replace the Mach-derived boolean_t type with the C99 bool type. A
future commit will replace use of TRUE and FALSE with true and false.

branches: 1.5.10;
define PC_ADVANCE to avoid a LHS cast which makes gcc4 unhappy.
From Kurt Schreiner

branches: 1.4.4;
closes: PR kern/32359

modifies machine/db_machdep.h: BKPT_SET(inst) to BKPT_SET(inst, addr) for all archs ie; passess the
breakpoint address as well.

Patch from cherry@mahiti.org

branches: 1.3.18; 1.3.32; 1.3.34; 1.3.36; 1.3.38; 1.3.40;
Make sure to include opt_foo.h if a defflag option FOO is used.

Add a BKPT_ADDR() macro which gives MD code a chance to munge a
breakpoint address before it's used. Currently a no-op on all but sh5.

This is useful on sh5, for example, to mask off the instruction
type encoding in the bottom two address bits, and makes it possible
to do "db> break $rXX" instead of manually munging the address.

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Add getlabelusesmbr(), as proposed in
http://mail-index.netbsd.org/tech-userlevel/2011/08/25/msg005404.html
This is used by disk tools such as disklabel(8) to dynamically decide is
the undelyling platform uses a disklabel-in-mbr-partition or not
(instead of using a compile-time list of ports).
getlabelusesmbr() reads the sysctl kern.labelusesmbr, takes its value from the
machdep #define LABELUSESMBR.
For evbmips, make LABELUSESMBR 1 if the platform uses pmon
as bootloader, and 0 (the previous value) otherwise.

If cpu_disklabel includes struct dkbad, define __HAVE_DISKLABEL_DKBAD.
This allows use of subr_disk_mbr on all archs. Default to it for
the rump disk component. No functional change for regular kernels.
(The other option would've been to include dkbad in disklabels
everywhere, but arguably this approach has less possible side-effects,
especially given that wedges and related magic will take over the
world any second now).

branches: 1.8.6;
if HAVE_NBTOOL_CONFIG_H is defined, also use the contents of this
file, not <i386/disklabel.h>.

XXX: the way tools/disklabel builds is gross.

branches: 1.7.2;
put the contents of these header files around #ifdef __x86_64__, and
#include the <i386/foo.h> in the #else clause, making these files
largely bit-size independant.

branches: 1.6.74; 1.6.78; 1.6.84;
merge ktrace-lwp.

Make disklabel(8) and fdisk(8) into "host tools " last step: build
and install ${TOOLDIR}/bin/${MACHINE_GNU_PLATFORM}-disklabel,
${TOOLDIR}/bin/${MACHINE_GNU_PLATFORM}-fdisk by "reaching over" to
the sources in ${NETBSDSRCDIR}/sbin/{disklabel fdisk}/.

To avoid clashes with a build-host's header files, especially on
*BSD, the host-tools versions of fdisk and disklabel search for
#includes such as disklabel.h, disklabel_acorn.h, disklabel_gpt.h,
and bootinfo.h in a new #includes namespace, nbinclude/. That is,
they #include <nbinclude/sys/disklabel.h>, <nbinclude/machine/disklabel.h>,
<nbinclude/sparc64/disklabel.h>, instead of <sys/disklabel.h> and
such. I have also updated the system headers to #include from
nbinclude/-space when HAVE_NBTOOL_CONFIG_H is #defined.

Overhaul MBR handling (part 1):

<sys/bootblock.h>:
* Added definitions for the Master Boot Record (MBR) used by
a variety of systems (primarily i386), including the format
of the BIOS Parameter Block (BPB).
This information was cribbed from a variety of sources
including <sys/disklabel_mbr.h> which this is a superset of.

As part of this, some data structure elements and #defines
were renamed to be more "namespace friendly" and consistent
with other bootblocks and MBR documentation.
Update all uses of the old names to the new names.

<sys/disklabel_mbr.h>:
* Deprecated in favor of <sys/bootblock.h> (the latter is more
"host tool" friendly).

amd64 & i386:
* Renamed /usr/mdec/bootxx_dosfs to /usr/mdec/bootxx_msdos, to
be consistent with the naming convention of the msdosfs tools.

* Removed /usr/mdec/bootxx_ufs, as it's equivalent to bootxx_ffsv1
and it's confusing to have two functionally equivalent bootblocks,
especially given that "ufs" has multiple meanings (it could be
a synonym for "ffs", or the group of ffs/lfs/ext2fs file systems).

* Rework pbr.S (the first sector of bootxx_*):
+ Ensure that BPB (bytes 11..89) and the partition table
(bytes 446..509) do not contain code.
+ Add support for booting from FAT partitions if BOOT_FROM_FAT
is defined. (Only set for bootxx_msdos).
+ Remove "dummy" partition 3; if people want to installboot(8)
these to the start of the disk they can use fdisk(8) to
create a real MBR partition table...
+ Compile with TERSE_ERROR so it fits because of the above.
Whilst this is less user friendly, I feel it's important
to have a valid partition table and BPB in the MBR/PBR.

* Renamed /usr/mdec/biosboot to /usr/mdec/boot, to be consistent
with other platforms.

* Enable SUPPORT_DOSFS in /usr/mdec/boot (stage2), so that
we can boot off FAT partitions.

* Crank version of /usr/mdec/boot to 3.1, and fix some of the other
entries in the version file.

installboot(8) (i386):
* Read the existing MBR of the filesystem and retain the BIOS
Parameter Block (BPB) in bytes 11..89 and the MBR partition
table in bytes 446..509. (Previously installboot(8) would
trash those two sections of the MBR.)

mbrlabel(8):
* Use sys/lib/libkern/xlat_mbr_fstype.c instead of homegrown code
to map the MBR partition type to the NetBSD disklabel type.


Test built "make release" for i386, and new bootblocks verified to work
(even off FAT!).

mbr partition stuff isn't saved here (or anywhere else) anymore.

branches: 1.2.2;
Remove redundant bounds_check_with_label() prototype.

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

x86: Support EFI runtime services.

This creates a special pmap, efi_runtime_pmap, which avoids setting
PTE_U but allows mappings to lie in what would normally be user VM --
this way we don't fall afoul of SMAP/SMEP when executing EFI runtime
services from CPL 0. SVS does not apply to the EFI runtime pmap.

The mechanism is intended to work with either physical addressing or
virtual addressing; currently the bootloader does physical addressing
but in principle it could be modified to do virtual addressing
instead, if it allocated virtual pages, assigned them in the memory
map, and issued RT->SetVirtualAddressMap.

Not sure pmap_activate_sync and pmap_deactivate_sync are correct,
need more review from an x86 wizard.

If this causes fallout, it can be disabled temporarily without
reverting anything by just making efi_runtime_init return immediately
without doing anything, or by removing options EFI_RUNTIME.

amd64-only for now pending type fixes and testing on i386.

amd64/elf_machdep.h: Organize symbols into local and psABI groups.

Permit this file to be used alongside <sys/elfdefinitions.h>.

PR lib/59564

Cleanup and clarify the ELFSIZE mess:

We now have 2 variables automatically set in elf_machdep.h:

ARCH_ELFSIZE: the size for userland binaries
KERN_ELFSIZE: the size for the kernel binaries

DB_ELFSIZE has been deleted and KERN_ELFSIZE should have always the
same values DB_ELFSIZE used to have.

In sys/exec_elf.h, if ELFSIZE is not set, it is set to KERN_ELFSIZE
for the kernel and ARCH_ELFSIZE for userland. These defaults should
eliminate the need for most manual ELFSIZE setting.

Add more relocation constants

branches: 1.4.18; 1.4.36;
buildfix: invert comparison to get the 64bit defines by default.
Fixes 'i386/elf_machdep.h: No such file or directory error' when compiling
amd64 toolchain on OSX.

branches: 1.3.2; 1.3.4;
Add TLS relocation definitions.

branches: 1.2.8;
put the contents of these header files around #ifdef __x86_64__, and
#include the <i386/foo.h> in the #else clause, making these files
largely bit-size independant.

branches: 1.1.104; 1.1.108; 1.1.114;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Move the definitions of ntohl() and friends into sys/endian.h where they
are defined in terms of bswap32() and bswap16().
This makes the definition be in the same place for all systems regardless
of creed^Wendianness.

branches: 1.3.2;
merge ktrace-lwp.

branches: 1.2.12;
Reflect <sys/endian.h> rev. 1.4: make htonl() et al. arguments and
results uint{16,32}_t. Noted by Ian Zagorskih.

branches: 1.1.2; 1.1.4;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Add definitions of the default control words directly to this file
instead of pulling the kernel definition of the fpu (etc) into
userspace programs.
I've included machine/fenv.h into x86/cpu.c to ensure the duplicated
definitions stay in step.
The default control words are now the hardware defaults.
XXX: Anyone care to explain the differences between the i386 and amd64
versions of this file?

Move sys/arch/amd64/amd64/fpu.c and sys/arch/amd64/include/fpu.h
into sys/arch/x86 in preparation for using the same code for i386.

branches: 1.1.2; 1.1.4; 1.1.6; 1.1.12; 1.1.16; 1.1.26; 1.1.30;
Add support for fenv.h interface for i386 and amd64.

Submitted by Stathis Kamperis as part of GSoC 2010 and ported from
FreeBSD.

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

It seems that firefox includes machine/fpu.h on amd64.
Add the file back so that the firwfox source doesn't have to depend
on the version of netbsd it is being compiled for.
(The i386 version doesn't play the same games in its SIGFPE handler.)

Move sys/arch/amd64/amd64/fpu.c and sys/arch/amd64/include/fpu.h
into sys/arch/x86 in preparation for using the same code for i386.

Convert the amd64 build to use x86/cpu_extended_state.h so that the fpu
definitions match those of i386.
Mostly just structure and field renames, in addition:
1) process_xmm_to_s87() and process_s87_to_xmm() moved into
x86/convert_xmm_s87.c so they can be used by amd64's netbsd32 code.
2) The linux signal code simplified to use a structure copy for ths fxsave
data - it matches the hardware definition and won't change.

Remove the fields that were used to save the i387 fp state on interrupt.
They were written but never read.
Possibly they should be saved for 32 bit processes, but that might be a relic
from real i387 where the fpu was actully asynchronous.

revert fpu/pcu changes until we figure out what's wrong; they cause random
freezes

NetBSD 6.99.26: Switch i386 and amd64 to the x87 default control word
as initial value for new processes. This means that long double
computations get the expected 63bit mantissa. Binaries tagged as
compiled for 6.99.25 and older get the old value.

Add a simple test case to ensure that double and long double computation
are working correctly.

Use the MI "pcu" framework for bookkeeping of npx/fpu states on x86.
This reduces the amount of MD code enormously, and makes it easier
to implement support for newer CPU features which require more fpu
state, or for fpu usage by the kernel.
For access to FPU state across CPUs, an xcall kthread is used now
rather than a dedicated IPI.
No user visible changes intended.

branches: 1.7.2;
Move the two fields used to save some i387 state on the last fpu trap
into their own sub-structure of the pcb (from 'struct savefpu').
They only (seem) to be used in some code that generates core dumps
for 32bit processes (code that might be broken as well!).
'struct safefpu' is now identical to 'struct fxsave64'. One (or both)
needs extending to support AVX - might need to be dynamically sized.
Removed all the __aligned(16) except for the one in struct pcb itself.
Only the copy used for the fsave instruction need be aligned.

Add the offsets and comments for the members of 'struct fxsave64.
Spilt the 'fx_unused2' field into its reserved and available halves.
The latter could be used by the kernel software (cpu won't read/write it).
Remove the __padded from 'struct fxsave64', everything is aligned.
Add a CTASSERT that the size is correct (512).
Remove the unused 'struct oldfsave'.
Everything still builds.

branches: 1.5.38; 1.5.48;
use POSIX integer types

branches: 1.4.6;
Introduce optional cpu_offline_md to execute MD actions at the end of
cpu_offline. Use this on amd64/i386 to force a FPU save. As this was
triggered by npxsave_cpu/fpusave_cpu not working for a different CPU,
remove the cpu_info argument and adjust npxsave_*/fpusave_* to use bool
for the save.

OK ad@

Convert many of the uses of __attribute__ to equivalent
__packed, __unused and __dead macros from cdefs.h

branches: 1.2.2; 1.2.6;
Add aligned(16) in savefpu like the i386 port has. Suggested by Matthias
Drochner.

branches: 1.1.18; 1.1.60; 1.1.78; 1.1.80; 1.1.86;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Grammar and spelling fixes, mainly in comments. A few in documentation,
logging, test description, and SCSI ASC/ASCQ assignment descriptions.

branches: 1.22.36;
Welcome XENPVHVM mode.

It is UP only, has xbd(4) and xennet(4) as PV drivers.

The console is com0 at isa and the native portion is very
rudimentary AT architecture, so is probably suboptimal to
run without PV support.

We reorganise definitions for XEN source support as follows:

XEN - common sources required for baseline XEN support.
XENPV - sources required for support of XEN in PV mode.
XENPVHVM - sources required for support for XEN in HVM mode.
XENPVH - sources required for support for XEN in PVH mode.

Fix editing screwup in previous... noted by Rin Okuyama (thanks!)

Hide differences between i386 and amd64 interrupt frames so XEN does
not need to know there is one. Hopefully unbreak i386 build.

branches: 1.18.4; 1.18.6;
add an lwp_trapframe() interface to return an LWP's user trapframe.
needed by dtrace.

branches: 1.17.6;
This doesn't need fpu.h, but should include ucontext.h

Move sys/arch/amd64/amd64/fpu.c and sys/arch/amd64/include/fpu.h
into sys/arch/x86 in preparation for using the same code for i386.

branches: 1.15.28; 1.15.38; 1.15.44;
put the contents of these header files around #ifdef __x86_64__, and
#include the <i386/foo.h> in the #else clause, making these files
largely bit-size independant.

branches: 1.14.6;
Remove clause 3 and 4 from TNF licenses

branches: 1.13.6; 1.13.8; 1.13.10;
Change the way that the trap/intr/syscall frames and the __gregset_t[]
indexes are defined so that only a single list of the registers is used.
The code no longer relies on the two structures matching.
There should be no binary change.

Define 'struct intrframe' in terms of 'struct trapframe' since the two are
assumed to match by a lot of code (including that which saves the regs).
This only slightly reduces the number of places the trapframe register
layout is defined.

Create the trap/syscall frame space for all the registers in one go.
Use the tramp-frame offsets (TF_foo) for all references to the registers.
Sort the saving of the GP registers into the same order as the trap frame
because consequetive memory accesses are liekly to be faster.

branches: 1.10.2; 1.10.4; 1.10.8;
Merge the ppcoea-renovation branch to HEAD.

This branch was a major cleanup and rototill of many of the various OEA
cpu based PPC ports that focused on sharing as much code as possible
between the various ports to eliminate near-identical copies of files in
every tree. Additionally there is a new PIC system that unifies the
interface to interrupt code for all different OEA ppc arches. The work
for this branch was done by a variety of people, too long to list here.

TODO:
bebox still needs work to complete the transition to -renovation.
ofppc still needs a bunch of work, which I will be looking at.
ev64260 still needs to be renovated
amigappc was not attempted.

NOTES:
pmppc was removed as an arch, and moved to a evbppc target.

branches: 1.9.10;
Correct comment - it's cpu_switchto now.

merge yamt-idlelwp branch. asked by core@. some ports still needs work.

from doc/BRANCHES:

idle lwp, and some changes depending on it.

1. separate context switching and thread scheduling.
(cf. gmcgarry_ctxsw)
2. implement idle lwp.
3. clean up related MD/MI interfaces.
4. make scheduler(s) modular.

branches: 1.7.26; 1.7.30; 1.7.32; 1.7.38;
merge ktrace-lwp.

branches: 1.6.16;
We should ensure stack alignment _after_ subtracting sizeof(sigframe).
Should fix PR bin/24948 by Wolfgang S. Rupprecht.
(nuke getframe() completely because its interface doesn't support this,
and it it used at one place only anyway)

only accept signal trampoline version 2, and remove "struct sigcontext"

Define all frame members as unsigned, to avoid any possibility of
sign extension on these values.

SIGINFO support.
Todo: 32bit compat support (COMPAT_NETBSD32 will not compile right now,
as it won't on other platforms).

Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22364, verified by myself.

branches: 1.1.2;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

sys/arch/amd64: remove trailing whitespace

remove any pathname for gdb's amd64nbsd-tdep.c, so it doesn't really
matter where it lives. PR#49859.

PR/49859: Kamil Rytarowski: Invalid path to amd64nbsd-tdep.c in a comment

branches: 1.5.2;
Improve grep'ability..

branches: 1.4.2; 1.4.56;
Update comment about 'struct reg' and __greg alignment, and clarify
the comment about the syscall/trap entry substituting %r10 for %rcx.

branches: 1.3.2; 1.3.4; 1.3.6;
Reorder the amd64 trapframe (swap rcx/r10 and add 4 spare slots after r9).
This allows the syscall code to pass the syscall args directly from the
trapframe instead of copying them to a separate structure.
It is still possible that some lurking code still assumes that
'struct trapframe', 'struct mcontext' and 'struct reg' all have the
registers in the same order, but I've fixed enough of them to get gdb working.

Repeat after me, don't edit files (even to update comments) between test
build and committing.

Change the way that the trap/intr/syscall frames and the __gregset_t[]
indexes are defined so that only a single list of the registers is used.
The code no longer relies on the two structures matching.
There should be no binary change.

x86: Eliminate mfence hotpatch for membar_sync.

The more-compatible LOCK ADD $0,-N(%rsp) turns out to be cheaper
than MFENCE anyway. Let's save some space and maintenance and rip
out the hotpatching for it.

x86: Every load is a load-acquire, so membar_consumer is a noop.

lfence is only needed for MD logic, such as operations on I/O memory
rather than normal cacheable memory, or special instructions like
RDTSC -- never for MI synchronization between threads/CPUs. No need
for hot-patching to do lfence here.

(The x86_lfence function might reasonably be patched on i386 to do
lfence for MD logic, but it isn't now and this doesn't change that.)

sys/arch/amd64: remove trailing whitespace

Revert most of ad's movs/stos change. Instead do a lot simpler: declare
svs_quad_copy() used by SVS only, with no need for instrumentation, because
SVS is disabled when sanitizers are on.

Fix comment

Reported-by: syzbot+6dd5a230d19f0cbc7814@syzkaller.appspotmail.com

Instrument STOS/MOVS for KMSAN to unbreak it.

Use the hotpatch framework for LFENCE/MFENCE.

Merge the bouyer-xenpvh branch, bringing in Xen PV drivers support under HVM
guests in GENERIC.
Xen support can be disabled at runtime with
boot -c
disable hypervisor

branches: 1.47.6;
Disable KCOV - by raising the interrupt level - in the TLB IPI handler,
because this is only noise.

Add support for Kernel Memory Sanitizer (kMSan). It detects uninitialized
memory used by the kernel at run time, and just like kASan and kCSan, it
is an excellent feature. It has already detected 38 uninitialized variables
in the kernel during my testing, which I have since discreetly fixed.

We use two shadows:
- "shad", to track uninitialized memory with a bit granularity (1:1).
Each bit set to 1 in the shad corresponds to one uninitialized bit of
real kernel memory.
- "orig", to track the origin of the memory with a 4-byte granularity
(1:1). Each uint32_t cell in the orig indicates the origin of the
associated uint32_t of real kernel memory.

The memory consumption of these shadows is consequent, so at least 4GB of
RAM is recommended to run kMSan.

The compiler inserts calls to specific __msan_* functions on each memory
access, to manage both the shad and the orig and detect uninitialized
memory accesses that change the execution flow (like an "if" on an
uninitialized variable).

We mark as uninit several types of memory buffers (stack, pools, kmem,
malloc, uvm_km), and check each buffer passed to copyout, copyoutstr,
bwrite, if_transmit_lock and DMA operations, to detect uninitialized memory
that leaves the system. This allows us to detect kernel info leaks in a way
that is more efficient and also more user-friendly than KLEAK.

Contrary to kASan, kMSan requires comprehensive coverage, ie we cannot
tolerate having one non-instrumented function, because this could cause
false positives. kMSan cannot instrument ASM functions, so I converted
most of them to __asm__ inlines, which kMSan is able to instrument. Those
that remain receive special treatment.

Contrary to kASan again, kMSan uses a TLS, so we must context-switch this
TLS during interrupts. We use different contexts depending on the interrupt
level.

The orig tracks precisely the origin of a buffer. We use a special encoding
for the orig values, and pack together in each uint32_t cell of the orig:
- a code designating the type of memory (Stack, Pool, etc), and
- a compressed pointer, which points either (1) to a string containing
the name of the variable associated with the cell, or (2) to an area
in the kernel .text section which we resolve to a symbol name + offset.

This encoding allows us not to consume extra memory for associating
information with each cell, and produces a precise output, that can tell
for example the name of an uninitialized variable on the stack, the
function in which it was pushed on the stack, and the function where we
accessed this uninitialized variable.

kMSan is available with LLVM, but not with GCC.

The code is organized in a way that is similar to kASan and kCSan, so it
means that other architectures than amd64 can be supported.

Rewrite the FPU code on x86. This greatly simplifies the logic and removes
the dependency on IPL_HIGH. NVMM is updated accordingly. Posted on
port-amd64 a week ago.

Bump the kernel version to 9.99.16.

Two changes in the CPU mitigations:

* Micro-optimize: put every mitigation in the same branch. This removes
two branches in each exc/int return path, and removes all branches in
the syscall return path.

* Modify the SpectreV2 mitigation to be compatible with SpectreV4. I
recently realized that both couldn't be enabled at the same time on
Intel. This is because initially, when there was just SpectreV2, we
could reset the whole IA32_SPEC_CTRL MSR. But then Intel added another
bit in it for SpectreV4, so it isn't right to reset it entirely
anymore. SSBD needs to stay.

Mitigation for INTEL-SA-00233: Microarchitectural Data Sampling (MDS).

It requires a microcode update, now available on the Intel website. The
microcode modifies the behavior of the VERW instruction, and makes it flush
internal CPU buffers. We hotpatch the return-to-userland path to add VERW.

Two sysctls are added:

machdep.mds.mitigated = {0/1} user-settable
machdep.mds.method = {string} constructed by the kernel

The kernel will automatically enable the mitigation if the updated
microcode is present. If the new microcode is not present, the user can
load it via cpuctl, and set machdep.mds.mitigated=1.

We reorganise definitions for XEN source support as follows:

XEN - common sources required for baseline XEN support.
XENPV - sources required for support of XEN in PV mode.
XENPVHVM - sources required for support for XEN in HVM mode.
XENPVH - sources required for support for XEN in PVH mode.

Move the PCPU area from slot 384 to slot 510, to avoid creating too much
fragmentation in the slot space (384 is in the middle of the kernel half
of the VA).

Provide empty SVS_ENTER_NMI/SVS_LEAVE_NMI for kernels w/o options SVS

Handle NMIs correctly when SVS is enabled. We store the kernel's CR3 at the
top of the NMI stack, and we unconditionally switch to it, because we don't
know with which page tables we received the NMI. Hotpatch the whole thing as
usual.

This restores the ability to use PMCs on Intel CPUs.

branches: 1.38.2;
Add the IBRS mitigation for SpectreV2 on amd64.

Different operations are performed during context transitions:

user->kernel: IBRS <- 1
kernel->user: IBRS <- 0

And during context switches:

user->user: IBPB <- 0
kernel->user: IBPB <- 0
[user->kernel:IBPB <- 0 this one may not be needed]

We use two macros, IBRS_ENTER and IBRS_LEAVE, to set the IBRS bit. The
thing is hotpatched for better performance, like SVS.

The idea is that IBRS is a "privileged" bit, which is set to 1 in kernel
mode and 0 in user mode. To protect the branch predictor between user
processes (which are of the same privilege), we use the IBPB barrier.

The Intel manual also talks about (MWAIT/HLT)+HyperThreading, and says
that when using either of the two instructions IBRS must be disabled for
better performance on the core. I'm not totally sure about this part, so
I'm not adding it now.

IBRS is available only when the Intel microcode update is applied. The
mitigation must be enabled manually with machdep.spectreV2.mitigated.

Tested by msaitoh a week ago (but I adapted a few things since). Probably
more changes to come.

branches: 1.37.2;
Remove INTRENTRY_L, it's not used anymore.

Make the machdep.svs_enabled sysctl writable, and add the kernel code
needed to disable SVS at runtime.

We set 'svs_enabled' to false, and hotpatch the kernel entry/exit points
to eliminate the context switch code.

We need to make sure there is no remote CPU that is executing the code we
are hotpatching. So we use two barriers:

* After the first one each CPU is guaranteed to be executing in
svs_disable_cpu with interrupts disabled (this way it can't leave this
place).

* After the second one it is guaranteed that SVS is disabled, so we flush
the cache, enable interrupts and continue execution normally.

Between the two barriers, cpu0 will disable SVS (svs_enabled=false and
hotpatch), and each CPU will restore the generic syscall entry point.

Three notes:

* We should call svs_pgg_update(true) afterwards, to put back PG_G on
the kernel pages (for better performance). This will be done in another
commit.

* The fact that we disable interrupts does not prevent us from receiving
an NMI, and it would be problematic. So we need to add some code to
verify that PMCs are disabled before hotpatching. This will be done
in another commit.

* In svs_disable() we expect each CPU to be online. We need to add a
check to make sure they indeed are.

The sysctl allows only a 1->0 transition. There is no point in doing 0->1
transitions anyway, and it would be complicated to implement because we
need to re-synchronize the CPU user page tables with the current ones (we
lost track of them in the last 1->0 transition).

Add a dynamic detection for SVS.

The SVS_* macros are now compiled as skip-noopt. When the system boots, if
the cpu is from Intel, they are hotpatched to their real content.
Typically:

jmp 1f
int3
int3
int3
... int3 ...
1:

gets hotpatched to:

movq SVS_UTLS+UTLS_KPDIRPA,%rax
movq %rax,%cr3
movq CPUVAR(KRSP0),%rsp

These two chunks of code being of the exact same size. We put int3 (0xCC)
to make sure we never execute there.

In the non-SVS (ie non-Intel) case, all it costs is one jump. Given that
the SVS_* macros are small, this jump will likely leave us in the same
icache line, so it's pretty fast.

The syscall entry point is special, because there we use a scratch uint64_t
not in curcpu but in the UTLS page, and it's difficult to hotpatch this
properly. So instead of hotpatching we declare the entry point as an ASM
macro, and define two functions: syscall and syscall_svs, the latter being
the one used in the SVS case.

While here 'syscall' is optimized not to contain an SVS_ENTER - this way
we don't even need to do a jump on the non-SVS case.

When adding pages in the user page tables, make sure we don't have PG_G,
now that it's dynamic.

A read-only sysctl is added, machdep.svs_enabled, that tells whether the
kernel uses SVS or not.

More changes to come, svs_init() is not very clean.

Put the default %cs value in INTR_RECURSE_HWFRAME. Pushing an immediate
costs less than reading the %cs register and pushing its value. This
value is not allowed to be != GSEL(GCODE_SEL,SEL_KPL) in all cases.

Declare and use INTR_RECURSE_ENTRY, an optimized version of INTRENTRY.
When processing deferred interrupts, we are always entering the new
handler in kernel mode, so there is no point performing the userland
checks.

Saves several instructions.

Remove DO_DEFERRED_SWITCH and DO_DEFERRED_SWITCH_RETRY, unused.

Unmap the kernel from userland in SVS, and leave only the needed
trampolines. As explained below, SVS should now completely mitigate
Meltdown on GENERIC kernels, even though it needs some more tweaking
for GENERIC_KASLR.

Until now the kernel entry points looked like:

FUNC(intr)
pushq $ERR
pushq $TRAPNO
INTRENTRY
... handle interrupt ...
INTRFASTEXIT
END(intr)

With this change they are split and become:

FUNC(handle)
... handle interrupt ...
INTRFASTEXIT
END(handle)

TEXT_USER_BEGIN
FUNC(intr)
pushq $ERR
pushq $TRAPNO
INTRENTRY
jmp handle
END(intr)
TEXT_USER_END

A new section is introduced, .text.user, that contains minimal kernel
entry/exit points. In order to choose what to put in this section, two
macros are introduced, TEXT_USER_BEGIN and TEXT_USER_END.

The section is mapped in userland with normal 4K pages.

In GENERIC, the section is 4K-page-aligned and embedded in .text, which
is mapped with large pages. That is to say, when an interrupt comes in,
the CPU has the user page tables loaded and executes the 'intr' functions
on 4K pages; after calling SVS_ENTER (in INTRENTRY) these 4K pages become
2MB large pages, and remain so when executing in kernel mode.

In GENERIC_KASLR, the section is 4K-page-aligned and independent from the
other kernel texts. The prekern just picks it up and maps it at a random
address.

In GENERIC, SVS should now completely mitigate Meltdown: what we put in
.text.user is not secret.

In GENERIC_KASLR, SVS would have to be improved a bit more: the
'jmp handle' instruction is actually secret, since it leaks the address
of the section we are jumping into. By exploiting Meltdown on Intel, this
theoretically allows a local user to reconstruct the address of the first
text section. But given that our KASLR produces several texts, and that
each section is not correlated with the others, the level of protection
KASLR provides is still good.

Use .pushsection/.popsection, we will soon embed macros in several layers
of nested sections.

Unmap the kernel heap from the user page tables (SVS).

This implementation is optimized and organized in such a way that we
don't need to copy the kernel stack to a safe place during user<->kernel
transitions. We create two VAs that point to the same physical page; one
will be mapped in userland and is offset in order to contain only the
trapframe, the other is mapped in the kernel and maps the entire stack.

Sent on tech-kern@ a week ago.

Declare new SVS_* variants: SVS_ENTER_NOSTACK and SVS_LEAVE_NOSTACK. Use
SVS_ENTER_NOSTACK in the syscall entry point, and put it before the code
that touches curlwp. (curlwp is located in the direct map.)

Then, disable __HAVE_CPU_UAREA_ROUTINES (to be removed later). This moves
the kernel stack into pmap_kernel(), and not the direct map. That's a
change I've always wanted to make: because of the direct map we can't add
a redzone on the stack, and basically, a stack overflow can go very far
in memory without being detected (as far as erasing all of the system's
memory).

Finally, unmap the direct map from userland.

Add a new option, SVS (for Separate Virtual Space), that unmaps kernel
pages when running in userland. For now, only the PTE area is unmapped.

Sent on tech-kern@.

Switch x86_retpatch[] -> HOTPATCH().

Switch x86_lockpatch[] -> HOTPATCH().

Implement a real hotpatch feature.

Define a HOTPATCH() macro, that puts a label and additional information
in the new .rodata.hotpatch kernel section. In patch.c, scan the section
and patch what needs to be. Now it is possible to hotpatch the content of
a macro.

SMAP is switched to use this new system; this saves a call+ret in each
kernel entry/exit point.

Many other operating systems do the same.

Have the cpu clear PSL_D automatically when entering the kernel via a
syscall. Then, don't clear PSL_D and PSL_AC in the syscall entry point,
they are now both cleared by the cpu (faster). However they still need to
be manually cleared in the interrupt/trap entry points.

Add support for SMAP on amd64.

PSL_AC is cleared from %rflags in each kernel entry point. In the copy
sections, a copy window is opened and the kernel can touch userland
pages. This window is closed when the kernel is done, either at the end
of the copy sections or in the fault-recover functions.

This implementation is not optimized yet, due to the fact that INTRENTRY
is a macro, and we can't hotpatch macros.

Sent on tech-kern@ a month or two ago, tested on a Kabylake.

Declare INTRFASTEXIT as a function, so that there is only one iretq in the
kernel. Then, check %rip against the address of this iretq instead of
disassembling (%rip) - which could fault again, or point at some random
address which happens to contain the iretq opcode. The same is true for gs
below, but I'll fix that in another commit.

branches: 1.20.2; 1.20.32;
Rename MDP_IRET to MDL_IRET since it is an lwp flag, not a proc one.
Add an MDL_COMPAT32 flag to the lwp's md_flags, set it for 32bit lwps
and use it to force 'return to user' with iret (as is done when
MDL_IRET is set).
Split the iret/sysret code paths much later.
Remove all the replicated code for 32bit system calls - which was only
needed so that iret was always used.
frameasm.h for XEN contains '#define swapgs', while XEN probable never
needs swapgs, this is likely to be confusing.
Add a SWAPGS which is a nop on XEN and swapgs otherwise.
(I've not yet checked all the swapgs in files that include frameasm.h)
Simple x86 programs still work.
Hijack 6.99.9 kernel bump (needed for compat32 modules)

Let the user of INTRENTRY_L() place a label on the 'swapgs' used
when faulting from user space.

Add a ';' that got deleted in a slight tidyup.

Move all the XEN differences to a single conditional.
Merge the XEN/non-XEN versions of INTRFASTEXIT and
INTR_RECURSE_HWFRAME by using extra defines.
Split INTRENTRY so that code can insert extra instructions
inside user/kernel conditional.

branches: 1.16.2; 1.16.6; 1.16.8;
Correct offset calculation for ci

branches: 1.15.6;
Allow use of traditional CPP to be set on a per platform base in sys.mk.
Honour this for dependency processing in bsd.dep.mk. Switch i386 and
amd64 assembly to use ISO C90 preprocessor concat and drop the
-traditional-cpp on this platform.

add the guts of TLS support on amd64. based on joerg's patch,
reworked by me to support 32-bit processes as well.
we now keep %fs and %gs loaded with the user values
while in the kernel, which means we don't need to
reload them when returning to user mode.

branches: 1.13.4; 1.13.6; 1.13.8;
PR port-amd64/39991 modules/compat_linux: build fix

branches: 1.12.2; 1.12.8; 1.12.10; 1.12.12; 1.12.14; 1.12.18;
Access Xen's vcpu info structure per-CPU.
Tested on i386 and amd64 (both dom0 and domU) by me.
Xen2 tested (both dom0 and domU) by bouyer.
OK bouyer

branches: 1.11.2;
don't bother to check curlwp==NULL.

branches: 1.10.2; 1.10.6;
Create the trap/syscall frame space for all the registers in one go.
Use the tramp-frame offsets (TF_foo) for all references to the registers.
Sort the saving of the GP registers into the same order as the trap frame
because consequetive memory accesses are liekly to be faster.

Change the xen CLI() and STI() defines to only use one scratch register.
As well as saving an instruction, in one place it saves a push/pop pair.

branches: 1.8.2; 1.8.6;
Pull up the bouyer-xenamd64 branch to HEAD. This brings in amd64 support
to NetBSD/Xen, both Dom0 and DomU.

Clear the direction flag on entry to the kernel.

branches: 1.6.2;
merge yamt-x86pmap branch.

- reduce differences between amd64 and i386. notably, share pmap.c
between them. it makes several i386 pmap improvements available to
amd64, including tlb shootdown reduction and bug fixes from Stephan Uphoff.
- implement deferred pmap switching for amd64.
- remove LARGEPAGES option. always use large pages if available.
also, make it work on amd64.

Merge the ppcoea-renovation branch to HEAD.

This branch was a major cleanup and rototill of many of the various OEA
cpu based PPC ports that focused on sharing as much code as possible
between the various ports to eliminate near-identical copies of files in
every tree. Additionally there is a new PIC system that unifies the
interface to interrupt code for all different OEA ppc arches. The work
for this branch was done by a variety of people, too long to list here.

TODO:
bebox still needs work to complete the transition to -renovation.
ofppc still needs a bunch of work, which I will be looking at.
ev64260 still needs to be renovated
amigappc was not attempted.

NOTES:
pmppc was removed as an arch, and moved to a evbppc target.

branches: 1.4.8; 1.4.10; 1.4.12; 1.4.14;
Revert fs/gs changes until I figure out issues with them.

Don't save/restore %fs and %gs in trapframe. The kernel won't touch them.
Instead, save/restore them on context switch. For 32bit processes, save/restore
the selector values only, for 64bit processes, save/restore the appropriate
MSRs. Iff the defaults have been changed.

branches: 1.2.2; 1.2.6; 1.2.8; 1.2.14;
Merge newlock2 to head.

branches: 1.1.18; 1.1.48;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Merge the x86 gdt function and constant definitions

Bump MAX_USERLDT_SIZE to the max size (wastes some memory). wine needs more
than PAGE_SIZE and fails spuriously.
XXX: Note the duplicate definition hacks. Should really create <x86/gdt.h>,
put the just the constants there and unify them.
This would also avoid the hack in: src/tests/lib/libi386/t_user_ldt.c#46

branches: 1.12.6;
Merge the bouyer-xenpvh branch, bringing in Xen PV drivers support under HVM
guests in GENERIC.
Xen support can be disabled at runtime with
boot -c
disable hypervisor

Give the ldt a fixed size of one page (512 slots), and drop the variable-
sized mechanism that was too complex.

This fixes a race between USER_LDT and SVS: during context switches, the
way SVS installs the new ldt relies on the ldt pointer AND the ldt size,
but both cannot be accessed atomically at the same time.

branches: 1.10.24;
Remove gdt_reload_cpu. GDTR takes a VA as base, and in our x86
implementation this VA is per-cpu and does not change; there is therefore
no need to remotely reload GDTR.

Localify, add a comment and merge some others.

branches: 1.8.2;
Make this area compile, even if we don't support USER_LDT on amd64.

branches: 1.7.18; 1.7.36; 1.7.40;
add the guts of TLS support on amd64. based on joerg's patch,
reworked by me to support 32-bit processes as well.
we now keep %fs and %gs loaded with the user values
while in the kernel, which means we don't need to
reload them when returning to user mode.

branches: 1.6.2; 1.6.4;
Remove all the __P() from sys (excluding sys/dist)
Diff checked with grep and MK1 eyeball.
i386 and amd64 GENERIC and sys still build.

branches: 1.5.8; 1.5.14;
Remove clause 3 and 4 from TNF licenses

branches: 1.4.6; 1.4.8; 1.4.10;
- make amd64 use per-cpu tss.
- fix iopl syscall for amd64+xen.

branches: 1.3.50; 1.3.56; 1.3.64;
merge ktrace-lwp.

branches: 1.2.12;
When converting GDT length units from segment structures to bytes for the
amd64 port, I converted MINGDTSIZ wrongly; it was not page aligned, causing
gdt_grow to corrupt the GDT. Fix this, and remove the extraneous definitions
of the sizes from gdt.c.

From OpenBSD.

branches: 1.1.2; 1.1.4;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

sys/arch/amd64: remove trailing whitespace

Don't write a 1 to the read only RIRR bit in the IOAPIC redirection
register to fix "tlp0: filter setup and transmit timeout" observed
on Hyper-V VMs with the Legacy Network Adapter.

From OpenBSD via PR kern/49323:

https://marc.info/?l=openbsd-cvs&m=146718035432599&w=2

| Modified files:
| sys/arch/amd64/amd64: ioapic.c
| sys/arch/amd64/include: i82093reg.h
|
| Log message:
| Don't write a 1 to the RIRR bit in the IOAPIC redirection register. This bit
| is R/O, and although it should not matter what value is written there,
| Hyper-V's emulated IOAPIC interprets a write of 1 in some unexpected way and
| subsequently blocks interrupt delivery. This primarily manifests itself as
| de(4) timeouts when using Hyper-V VMs with the "Legacy Network Adapter"
| interface.

Tested both amd64 and i386 on Client Hyper-V on Windows 10.

branches: 1.8.2;
x86: Add preliminary x2APIC support.

x2APIC is used only when x2APIC is enabled in BIOS/UEFI.
LAPIC ID is not supported above 256.

Move the virtual address of the LAPIC page out of the data segment on amd64
and i386. The old design was error-prone, and it didn't allow us to map the
data segment with large pages.

Now, the VA is allocated dynamically in the pmap bootstrap code, and entered
manually later. We go from using &local_apic to using *local_apic_va, and we
therefore need one more level of indirection in the asm code.

Discussed on tech-kern.

Use absolute addressing mode, just like the rest.

branches: 1.5.40; 1.5.58; 1.5.60; 1.5.62; 1.5.64; 1.5.68;
Remove "struct device" from "struct pic", where it was only real
for ioapics and faked up for others. Add it to "struct ioapic_softc"
for now, until device/softc get split.
This required all typecasts between "struct pic" and "struct ioapic_softc"
to be replaced, I hope I got them all.
functionally tested on i386, compile-tested on xen, untested on amd64

branches: 1.4.2; 1.4.4;
Fix pic locking to mirror simple_lock primitives.

branches: 1.3.104; 1.3.106; 1.3.108;
Reselect the ioapic register for each read or write.

Follow i386, and mask deferred level-triggered interrupts at the ioapic.

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Add generic versions of machine/int_*.h for compilers providing
appropiate macros for all necessary types.

branches: 1.4.18; 1.4.32;
fix wrong integer promotion rule(removed U suffix from UINT{8,16}_C).
see ISO/IEC 9899:1999 7.18.4.3.

branches: 1.3.8; 1.3.14; 1.3.16;
put the contents of these header files around #ifdef __x86_64__, and
#include the <i386/foo.h> in the #else clause, making these files
largely bit-size independant.

branches: 1.2.6;
Remove clause 3 and 4 from TNF licenses

branches: 1.1.104; 1.1.106; 1.1.108;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Add generic versions of machine/int_*.h for compilers providing
appropiate macros for all necessary types.

branches: 1.6.38; 1.6.54;
put the contents of these header files around #ifdef __x86_64__, and
#include the <i386/foo.h> in the #else clause, making these files
largely bit-size independant.

branches: 1.5.6;
Remove clause 3 and 4 from TNF licenses

branches: 1.4.74; 1.4.76; 1.4.78;
merge ktrace-lwp.

Change {u,}int_fast{8,16}_t to 32-bit types.

Note: While this is technically an ABI change I believe it is a
change that we can afford at this time (and to be pulled up to
2.0, which will be the first release for amd64). The types are
not widely used yet, and a survey of pkgsrc has not shown uses
that would be adversely affected by it.

branches: 1.2.2;
Update a few types and formats.

branches: 1.1.2;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

sys/arch/amd64: remove trailing whitespace

Add generic versions of machine/int_*.h for compilers providing
appropiate macros for all necessary types.

branches: 1.8.6; 1.8.20;
PR/45878: Nick Hudson: SIG_ATOMIC_{MAX,MIN} wrong for sig_atomic_t on amd64
sig_atomic_t is an int on amd64, put the proper limits there

branches: 1.7.28; 1.7.32;
put the contents of these header files around #ifdef __x86_64__, and
#include the <i386/foo.h> in the #else clause, making these files
largely bit-size independant.

branches: 1.6.6;
Remove clause 3 and 4 from TNF licenses

branches: 1.5.16; 1.5.18; 1.5.20;
Merge the ppcoea-renovation branch to HEAD.

This branch was a major cleanup and rototill of many of the various OEA
cpu based PPC ports that focused on sharing as much code as possible
between the various ports to eliminate near-identical copies of files in
every tree. Additionally there is a new PIC system that unifies the
interface to interrupt code for all different OEA ppc arches. The work
for this branch was done by a variety of people, too long to list here.

TODO:
bebox still needs work to complete the transition to -renovation.
ofppc still needs a bunch of work, which I will be looking at.
ev64260 still needs to be renovated
amigappc was not attempted.

NOTES:
pmppc was removed as an arch, and moved to a evbppc target.

Fix definitions of UCHAR_MAX/USHRT_MAX and related
types. C99 requires that these definitions promote to (signed/unsigned)
integer the same way as the types the definition is for. And since
unsigned char/short fit into an "int" on all our archs and thus promote
to signed int, the definitions must not be unsigned.
Fixes PR lib/31306 by Neil Booth.

branches: 1.3.30; 1.3.38; 1.3.44; 1.3.48; 1.3.50;
merge ktrace-lwp.

branches: 1.2.12;
Factor out W{CHAR,INT}_{MAX,MIN} into their own header file.

branches: 1.1.2;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Add generic versions of machine/int_*.h for compilers providing
appropiate macros for all necessary types.

branches: 1.7.38; 1.7.54;
put the contents of these header files around #ifdef __x86_64__, and
#include the <i386/foo.h> in the #else clause, making these files
largely bit-size independant.

branches: 1.6.6;
Remove clause 3 and 4 from TNF licenses

branches: 1.5.74; 1.5.76; 1.5.78;
Remove leading __ from __(const|inline|signed|volatile) -- it is obsolete.

merge ktrace-lwp.

branches: 1.3.12;
Change {u,}int_fast{8,16}_t to 32-bit types.

Note: While this is technically an ABI change I believe it is a
change that we can afford at this time (and to be pulled up to
2.0, which will be the first release for amd64). The types are
not widely used yet, and a survey of pkgsrc has not shown uses
that would be adversely affected by it.

branches: 1.2.2;
Update a few types and formats.

branches: 1.1.2;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Add generic versions of machine/int_*.h for compilers providing
appropiate macros for all necessary types.

branches: 1.6.38; 1.6.54;
put the contents of these header files around #ifdef __x86_64__, and
#include the <i386/foo.h> in the #else clause, making these files
largely bit-size independant.

branches: 1.5.74; 1.5.78; 1.5.84;
Remove leading __ from __(const|inline|signed|volatile) -- it is obsolete.

merge ktrace-lwp.

branches: 1.3.2;
Include <sys/cdefs.h> for __signed; related to lib/30072.

branches: 1.2.6; 1.2.14;
Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22364, verified by myself.

branches: 1.1.2;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Don't #include xen/intrdefs.h is !XEN.
Should fix third-party module builds (e.g. virtualbox)

Merge the bouyer-xenpvh branch, bringing in Xen PV drivers support under HVM
guests in GENERIC.
Xen support can be disabled at runtime with
boot -c
disable hypervisor

branches: 1.2.64;
Include Xen specific definitions.

branches: 1.1.122; 1.1.140;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

merge ktrace-lwp.

branches: 1.1.2; 1.1.4;
add a <machine/joystick.h> which just includes the new common one

Fix header guards.

branches: 1.2.38; 1.2.48;
use POSIX integer types

branches: 1.1.104;
Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

Retire KLEAK.

KLEAK was a nice feature and served its purpose; it allowed us to detect
dozens of info leaks on the kernel->userland boundary, and thanks to it we
tackled a good part of the infoleak problem 1.5 years ago.

Nowadays however, we have kMSan, which can detect uninitialized memory in
the kernel. kMSan supersedes KLEAK: it can detect what KLEAK was able to
detect, but in addition, (1) it operates in all of the kernel and not just
the kernel->userland boundary, (2) it requires no user interaction, and (3)
it is deterministic and not statistical.

That makes kMSan the feature of choice to detect info leaks nowadays;
people interested in detecting info leaks should boot a kMSan kernel and
just wait for the magic to happen.

KLEAK was a good ride, and a fun project, but now is time for it to go.

Discussed with several people, including Thomas Barabosch.

branches: 1.1.2; 1.1.6; 1.1.10;
Introduce KLEAK, a new feature that can detect kernel information leaks.

It works by tainting memory sources with marker values, letting the data
travel through the kernel, and scanning the kernel<->user frontier for
these marker values. Combined with compiler instrumentation and rotation
of the markers, it is able to yield relevant results with little effort.

We taint the pools and the stack, and scan copyout/copyoutstr. KLEAK is
supported on amd64 only for now, but it is not complicated to add more
architectures (just a matter of having the address of .text, and a stack
unwinder).

A userland tool is provided, that allows to execute a command in rounds
and monitor the leaks generated all the while.

KLEAK already detected directly 12 kernel info leaks, and prompted changes
that in total fixed 25+ leaks.

Based on an idea developed jointly with Thomas Barabosch (of Fraunhofer
FKIE).

Fix wrong scoping of {U,}LLONG_MAX.
PR 53298 from Roberto E. Vargas Caballero.

branches: 1.14.26; 1.14.28;
Since all our compilers support __DBL_* and __FLT_*, use them to define
{DBL,FLT}_{DIG,MIN,MAX}

branches: 1.13.4; 1.13.8;
add missing SSIZE_MIN

branches: 1.12.2;
- Normalize inclusion protection (remove)
- Move CHAR_{MIN,MAX} to a common file.
- Fix broken comments

branches: 1.11.8; 1.11.12;
1. MB_LEN_MAX switch MD to MI.
2. unfortunately hppa's MB_LEN_MAX is defined incorrectly 6 instead of 32
so we have to add more setlocale(3) __RENAME func, __setlocale50.
3. move setlocale1.c and setlocale32.c to lib/libc/compat/locale/*
prepareing for next libc major crunk.
4. bump libc minor version.

branches: 1.10.8; 1.10.14; 1.10.16;
put the contents of these header files around #ifdef __x86_64__, and
#include the <i386/foo.h> in the #else clause, making these files
largely bit-size independant.

branches: 1.9.16; 1.9.20; 1.9.26;
Merge the ppcoea-renovation branch to HEAD.

This branch was a major cleanup and rototill of many of the various OEA
cpu based PPC ports that focused on sharing as much code as possible
between the various ports to eliminate near-identical copies of files in
every tree. Additionally there is a new PIC system that unifies the
interface to interrupt code for all different OEA ppc arches. The work
for this branch was done by a variety of people, too long to list here.

TODO:
bebox still needs work to complete the transition to -renovation.
ofppc still needs a bunch of work, which I will be looking at.
ev64260 still needs to be renovated
amigappc was not attempted.

NOTES:
pmppc was removed as an arch, and moved to a evbppc target.

Fix definitions of UCHAR_MAX/USHRT_MAX and related
types. C99 requires that these definitions promote to (signed/unsigned)
integer the same way as the types the definition is for. And since
unsigned char/short fit into an "int" on all our archs and thus promote
to signed int, the definitions must not be unsigned.
Fixes PR lib/31306 by Neil Booth.

branches: 1.7.30; 1.7.38; 1.7.44; 1.7.48; 1.7.50;
merge ktrace-lwp.

branches: 1.6.16;
LONG_BIT should be 64. From Nicolas Joly.

Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22364, verified by myself.

branches: 1.4.2;
Correct a few maximum values.

Add a new feature-test macro, _NETBSD_SOURCE. If this is defined
by the application, all NetBSD interfaces are made visible, even
if some other feature-test macro (like _POSIX_C_SOURCE) is defined.
<sys/featuretest.h> defined _NETBSD_SOURCE if none of _ANSI_SOURCE,
_POSIX_C_SOURCE and _XOPEN_SOURCE is defined, so as to preserve
existing behaviour.

This has two major advantages:
+ Programs that require non-POSIX facilities but define _POSIX_C_SOURCE
can trivially be overruled by putting -D_NETBSD_SOURCE in their CFLAGS.
+ It makes most of the #ifs simpler, in that they're all now ORs of the
various macros, rather than having checks for (!defined(_ANSI_SOURCE) ||
!defined(_POSIX_C_SOURCE) || !defined(_XOPEN_SOURCE)) all over the place.

I've tried not to change the semantics of the headers in any case where
_NETBSD_SOURCE wasn't defined, but there were some places where the
current semantics were clearly mad, and retaining them was harder than
correcting them. In particular, I've mostly normalised things so that
_ANSI_SOURCE gets you the smallest set of stuff, then _POSIX_C_SOURCE,
_XOPEN_SOURCE and _NETBSD_SOURCE in that order.

Tested by building for vax, encouraged by thorpej, and uncontested in
tech-userlevel for a week.

Fix *LONGMAX values.

Rename the x86_64 port to amd64, as this is the actual name used for
the processor family now. x86_64 is kept as the MACHINE_ARCH value,
since it's already widely used (by e.g. the toolchain, etc), and
by other operating systems.

implement the *at() syscalls.
bring the unimplemented syscall list up to date.

branches: 1.2.10; 1.2.14;
include the new siginfo.h file

branches: 1.1.2; 1.1.10; 1.1.16; 1.1.22; 1.1.114;
Add initial (but unfinished) COMPAT_LINUX32 for amd64. This is good enough so
that the i386 license manager part of amd64 version of Fluent works.

While I'm here, add SysV IPC to COMPAT_LINUX/amd64