MFC r336683:
Extend ranges of the critical sections to ensure that context switch
code never sees FPU pcb flags not consistent with the hardware state.

MFC r333368: Prepare DB# handler for deferred trigger of watchpoints.

Prepare DB# handler for deferred trigger of watchpoints.

Since pop %ss/mov %ss instructions defer all interrupts and exceptions
for the next instruction, it is possible that the userspace watchpoint
trap executes on the first instruction of the kernel entry for
syscall/bpt.

In this case, DB# should be treated similarly to NMI: on amd64 we must
always load GSBASE even if the trap comes from kernel mode, and load
the kernel page table root into %cr3. Moreover, the trap must
use the dedicated stack, because we are still on the user stack when
trapped on syscall entry.

For i386, we must reload %cr3. The syscall instruction is not configured,
so there is no issue with executing on user stack when trapping.

Due to some CPU erratas it is not always possible to detect that the
userspace watchpoint triggered by inspecting %dr6. In trap(), compare the
trap %rip with the known unsafe entry points and if matched pretend that
the watchpoint did not fire at all.

Thank you to the MSRC Incident Response Team, and in particular Greg
Lenti and Nate Warfield, for coordinating the response to this issue
across multiple vendors.

Thanks to Computer Recycling at The Working Center of Kitchener for
making hardware available to allow us to test the patch on additional
CPU families.

Reviewed by: jhb
Discussed with: Matthew Dillon
Tested by: emaste
Security: CVE-2018-8897
Security: FreeBSD-SA-18:06.debugreg
Sponsored by: The FreeBSD Foundation

MFC r325270:
Consistently ensure that we do not load MXCSR with reserved bits set.

MFC: r322323

Split identify_cpu() into two functions for amd64 as we do for i386. This
fixes a regression introduced in r322205.

Approved by: re (marius)

MFC: r322076

Detect hypervisor early so that we set lower hz on it.
> Description of fields to fill in above: 76 columns --|
> PR: If and which Problem Report is related.
> Submitted by: If someone else sent in the change.
> Reported by: If someone else reported the issue.
> Reviewed by: If someone else reviewed your modification.
> Approved by: If you needed approval for this commit.
> Obtained from: If the change is from a third party.
> MFC after: N [day[s]|week[s]|month[s]]. Request a reminder email.
> MFH: Ports tree branch name. Request approval for merge.
> Relnotes: Set to 'yes' for mention in release notes.
> Security: Vulnerability reference (one per line) or description.
> Sponsored by: If the change was sponsored by an organization.
> Differential Revision: https://reviews.freebsd.org/D### (*full* phabric URL needed).
> Empty fields above will be automatically removed.

_M .
M sys/amd64/amd64/machdep.c
M sys/amd64/include/md_var.h
M sys/i386/i386/machdep.c
M sys/i386/include/md_var.h
M sys/x86/x86/identcpu.c

MFC r314429:
Initialize pcb_save for thread0.

MFC r305939:
Remove trailing space.

MFC r293045, r293046:

Make the 'env' directive described in config(5) work on all architectures,
providing compiled-in static environment data that is used instead of any
data passed in from a boot loader.

Previously 'env' worked only on i386 and arm xscale systems, because it
required the MD startup code to examine the global envmode variable and
decide whether to use static_env or an environment obtained from the boot
loader, and set the global kern_envp accordingly. Most startup code wasn't
doing so. Making things even more complex, some mips startup code uses an
alternate scheme that involves calling init_static_kenv() to pass an empty
buffer and its size, then uses a series of kern_setenv() calls to populate
that buffer.

Now all MD startup code calls init_static_kenv(), and that routine provides
a single point where envmode is checked and the decision is made whether to
use the compiled-in static_kenv or the values provided by the MD code.

The routine also continues to serve its original purpose for mips; if a
non-zero buffer size is passed the routine installs the empty buffer ready
to accept kern_setenv() values. Now if the size is zero, the provided buffer
full of existing env data is installed. A NULL pointer can be passed if the
boot loader provides no env data; this allows the static env to be installed
if envmode is set to do so.

Most of the work here is a near-mechanical change to call the init function
instead of directly setting kern_envp. A notable exception is in xen/pv.c;
that code was originally installing a buffer full of preformatted env data
along with its non-zero size (like mips code does), which would have allowed
kern_setenv() calls to wipe out the preformatted data. Now it passes a zero
for the size so that the buffer of data it installs is treated as
non-writeable.

Also, revert accidental change that snuck into r293045.

MFC r283479:

The kernel sends signals to the processes via ABI specific sv_sendsig method.
Native ABI do not need signal conversion, only emulators may want this. Usually
emulators implements its own sv_sendsig method. For now only ibcs2 emulator does
not have own sv_sendsig implementation and depends on native sendsig() method.
So, remove any extra attempts to convert signal numbers from native sendsig()
methods except from i386 where ibsc2 is living.

MFC r277735 (by royger):

amd64: allow base memory segment to start at address different than 0

Current code requires that the first physical memory segment starts at 0,
but this is not really needed. We only need to make sure the bootstrap code
and page tables for APs are allocated below 4GB.

This patch removes this requirement and allows booting a Dell R710 from
UEFI, where the first physical memory segment starts at 0x10000.

Sponsored by: Citrix Systems R&D
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D1417

MFC r291948:
Use ANSI C definition.

MFC 285783:
Various changes to the registers displayed in DDB for x86.
- Fix segment registers to only display the low 16 bits.
- Remove unused handlers and entries for the debug registers.
- Display xcr0 (if valid) in 'show sysregs'.
- Add '0x' prefix to MSR values to match other values in 'show sysregs'.
- MFamd64: Display various MSRs in 'show sysregs'.
- Add a 'show dbregs' to display the value of debug registers.
- Dynamically size the column width for register values to properly
align columns on 64-bit platforms.
- Display %gs for i386 in 'show registers'.

MFC r286667 & r286723

Better support memory mapped console devices, such as VGA and EFI
frame buffers and memory mapped UARTs.

PR: 191564, 194952, 202276

MFC r258431: Disable amd64 boot time memory test by default

The page presence memory test takes a long time on large memory systems
and has little value on contemporary amd64 hardware.

Relnotes: Yes
Reviewed by: jhb, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D1544

MFC r281762:
Remove duplicate definitions of MWAIT_CX hints. Identical defines in
specialreg.h are enough.

MFC 276724:
On some Intel CPUs with a P-state but not C-state invariant TSC the TSC
may also halt in C2 and not just C3 (it seems that in some cases the BIOS
advertises its C3 state as a C2 state in _CST). Just play it safe and
disable both C2 and C3 states if a user forces the use of the TSC as the
timecounter on such CPUs.

PR: 192316

MFC r280781:
Make it possible for the signal handler to act on #ss. Load the
canonical user data segment' selector into %ss when calling the
handler.

MFC 277713:
If the boot-time memory test is enabled, output a dot ('.') for
each GB of RAM tested so people watching the console can see that
the machine is making progress and not hung.

PR: 196650

MFC r278001:
Do not qualify the mcontext_t *mcp argument for set_mcontext(9) as const.

MFC 260557,271076,271077,271082,271083,271098:
- Remove spaces from boot messages when we print the CPU ID/Family/Stepping
- Move prototypes for various functions into out of C files and into
<machine/md_var.h>.
- Reduce diffs between i386 and amd64 initcpu.c and identcpu.c files.
- Move blacklists of broken TSCs out of the printcpuinfo() function
and into the TSC probe routine.
- Merge the amd64 and i386 identcpu.c into a single x86 implementation.

MFC 270828,271487,271495:
Add sysctls to export the BIOS SMAP and EFI memory maps along with
handlers in the sysctl(8) binary to format them.

MFC r271149:
Apply known workarounds for less modern MacBooks.

The legacy USB circuit tends to give trouble on older MacBooks.
While the original report covered MacBook4, extend the fix
preemptively for the newer MacBookPro4 too.

PR: 191693
Reviewed by: emaste
Approved by: re

MFC r265014: Report boot method (BIOS/UEFI) via sysctl machdep.bootmethod

Approved by: re
Sponsored by: The FreeBSD Foundation

MFC automatic vt(4) selection for UEFI boot

r268158: Prefer vt(4) for UEFI boot

The UEFI framebuffer driver vt_efifb requires vt(4), so add a
mechanism for the startup routine to set the preferred console.
This change is ugly because console init happens very early in the
boot, making a cleaner interface difficult. This change is intended
only to facilitate the sc(4) / vt(4) transition, and can be reverted
once vt(4) is the default.

r268160: Fix typos in VTY constant names from r268158

r268982: Don't pass null kmdp to preload_search_info

On Xen PVH guests kmdp == NULL.

Sponsored by: The FreeBSD Foundation

MFC r263822: amd64: Parse the EFI memory map if present

With this change (and loader.efi from [HEAD]) we can now boot under
qemu using the OVMF UEFI firmware image with the limitation that a
serial console is required.

Sponsored by: The FreeBSD Foundation

MFC r258436: Refactor amd64 startup SMAP parsing

Extracted from the projects/uefi branch, this change is a reasonable
cleanup and will reduce the diffs to review when bringing in the
UEFI work.

MFC r258471: Don't abort SMAP processing after an entry of length 0

Length 0 is not special and should just be skipped. This is the same
behaviour as i386.

Sponsored by: The FreeBSD Foundation

MFC r268471:
For safety, ensure that any consumer of the set_regs() and
ptrace_set_pc() use the correct return to userspace using iret.

MFC 259782:
Add a resume hook for bhyve that runs a function on all CPUs during
resume. For Intel CPUs, invoke vmxon for CPUs that were in VMX mode
at the time of suspend.

MFC 258176:

Fix accounting for hw.realmem on the i386 and amd64 platforms.

sys/i386/i386/machdep.c:
sys/amd64/amd64/machdep.c:
The value reported by FreeBSD as "real memory" when booting
doesn't match what is later reported by sysctl as hw.realmem.
This is due to the fact that the value printed during the
boot process is fetched from smbios data (when possible),
and accounts for holes in physical memory. On the other
hand, the value of hw.realmem is unconditionally set to be
one larger than the highest page of the physical address
space.

Fix this by setting hw.realmem to the same value printed
during boot, this makes hw.realmem honour it's name and
account properly for physical memory present in the system.

Submitted by: Roger Pau Monné
Reviewed by: gibbs
Approved by: gibbs (mentor)
Approved by: re (gjb)

MFC r258135: x86: Allow users to change PSL_RF via ptrace(PT_SETREGS...)

Debuggers may need to change PSL_RF. Note that tf_eflags is already stored
in the signal context during signal handling and PSL_RF previously could
be modified via sigreturn, so this change should not provide any new
ability to userspace.

For background see the thread at:
http://lists.freebsd.org/pipermail/freebsd-i386/2007-September/005910.html

Reviewed by: jhb, kib

Sponsored by: DARPA, AFRL
Approved by: re (gjb)

MFC r286667 & r286723

Better support memory mapped console devices, such as VGA and EFI
frame buffers and memory mapped UARTs.

PR: 191564, 194952, 202276

MFC r258431: Disable amd64 boot time memory test by default

The page presence memory test takes a long time on large memory systems
and has little value on contemporary amd64 hardware.

Relnotes: Yes
Reviewed by: jhb, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D1544

MFC r281762:
Remove duplicate definitions of MWAIT_CX hints. Identical defines in
specialreg.h are enough.

MFC 276724:
On some Intel CPUs with a P-state but not C-state invariant TSC the TSC
may also halt in C2 and not just C3 (it seems that in some cases the BIOS
advertises its C3 state as a C2 state in _CST). Just play it safe and
disable both C2 and C3 states if a user forces the use of the TSC as the
timecounter on such CPUs.

PR: 192316

MFC r280781:
Make it possible for the signal handler to act on #ss. Load the
canonical user data segment' selector into %ss when calling the
handler.

MFC 277713:
If the boot-time memory test is enabled, output a dot ('.') for
each GB of RAM tested so people watching the console can see that
the machine is making progress and not hung.

PR: 196650

MFC r278001:
Do not qualify the mcontext_t *mcp argument for set_mcontext(9) as const.

MFC 260557,271076,271077,271082,271083,271098:
- Remove spaces from boot messages when we print the CPU ID/Family/Stepping
- Move prototypes for various functions into out of C files and into
<machine/md_var.h>.
- Reduce diffs between i386 and amd64 initcpu.c and identcpu.c files.
- Move blacklists of broken TSCs out of the printcpuinfo() function
and into the TSC probe routine.
- Merge the amd64 and i386 identcpu.c into a single x86 implementation.

MFC 270828,271487,271495:
Add sysctls to export the BIOS SMAP and EFI memory maps along with
handlers in the sysctl(8) binary to format them.

MFC r271149:
Apply known workarounds for less modern MacBooks.

The legacy USB circuit tends to give trouble on older MacBooks.
While the original report covered MacBook4, extend the fix
preemptively for the newer MacBookPro4 too.

PR: 191693
Reviewed by: emaste
Approved by: re

MFC r265014: Report boot method (BIOS/UEFI) via sysctl machdep.bootmethod

Approved by: re
Sponsored by: The FreeBSD Foundation

MFC automatic vt(4) selection for UEFI boot

r268158: Prefer vt(4) for UEFI boot

The UEFI framebuffer driver vt_efifb requires vt(4), so add a
mechanism for the startup routine to set the preferred console.
This change is ugly because console init happens very early in the
boot, making a cleaner interface difficult. This change is intended
only to facilitate the sc(4) / vt(4) transition, and can be reverted
once vt(4) is the default.

r268160: Fix typos in VTY constant names from r268158

r268982: Don't pass null kmdp to preload_search_info

On Xen PVH guests kmdp == NULL.

Sponsored by: The FreeBSD Foundation

MFC r263822: amd64: Parse the EFI memory map if present

With this change (and loader.efi from [HEAD]) we can now boot under
qemu using the OVMF UEFI firmware image with the limitation that a
serial console is required.

Sponsored by: The FreeBSD Foundation

MFC r258436: Refactor amd64 startup SMAP parsing

Extracted from the projects/uefi branch, this change is a reasonable
cleanup and will reduce the diffs to review when bringing in the
UEFI work.

MFC r258471: Don't abort SMAP processing after an entry of length 0

Length 0 is not special and should just be skipped. This is the same
behaviour as i386.

Sponsored by: The FreeBSD Foundation

MFC r268471:
For safety, ensure that any consumer of the set_regs() and
ptrace_set_pc() use the correct return to userspace using iret.

MFC 259782:
Add a resume hook for bhyve that runs a function on all CPUs during
resume. For Intel CPUs, invoke vmxon for CPUs that were in VMX mode
at the time of suspend.

MFC 258176:

Fix accounting for hw.realmem on the i386 and amd64 platforms.

sys/i386/i386/machdep.c:
sys/amd64/amd64/machdep.c:
The value reported by FreeBSD as "real memory" when booting
doesn't match what is later reported by sysctl as hw.realmem.
This is due to the fact that the value printed during the
boot process is fetched from smbios data (when possible),
and accounts for holes in physical memory. On the other
hand, the value of hw.realmem is unconditionally set to be
one larger than the highest page of the physical address
space.

Fix this by setting hw.realmem to the same value printed
during boot, this makes hw.realmem honour it's name and
account properly for physical memory present in the system.

Submitted by: Roger Pau Monné
Reviewed by: gibbs
Approved by: gibbs (mentor)
Approved by: re (gjb)

MFC r258135: x86: Allow users to change PSL_RF via ptrace(PT_SETREGS...)

Debuggers may need to change PSL_RF. Note that tf_eflags is already stored
in the signal context during signal handling and PSL_RF previously could
be modified via sigreturn, so this change should not provide any new
ability to userspace.

For background see the thread at:
http://lists.freebsd.org/pipermail/freebsd-i386/2007-September/005910.html

Reviewed by: jhb, kib

Sponsored by: DARPA, AFRL
Approved by: re (gjb)