Copy stable/10@r272459 to releng/10.1 as part of
the 10.1-RELEASE process.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFC r268780

Nuke the never-used RF_TIMESHARE feature, reducing the complexity of the
code. The consensus on arch@ is that this feature might have been useful
in the distant past, but is now just unnecessary bloat.

The int_rman_activate_resource() and int_rman_deactivate_resource()
functions become trivial, so manually inline them.

The special deferred handling of RF_ACTIVE is no longer needed in
reserve_resource_bound(), so eliminate the associated code at the
end of the function.

These changes reduce the object file size by more than 500 bytes on i386.

Update the rman.9 man page to reflect the removal of the RF_TIMESHARE
feature.

MFC r268373

Declaration whitespace changes for style(9).

MFC r266814

Initialize r_flags the same way in all cases using a sanitized copy of
flags that has several bits cleared. The RF_WANTED and RF_FIRSTSHARE
bits are invalid in this context, and we want to defer setting RF_ACTIVE
in r_flags until later. This should make rman_get_flags() return
the correct answer in all cases.

Add a KASSERT() to catch callers which incorrectly pass the RF_WANTED
or RF_FIRSTSHARE flags.

Do a strict equality check on the share type bits of flags. In
particular, do an equality check on RF_PREFETCHABLE. The previous
code would allow one type of mismatch of RF_PREFETCHABLE but disallow
the other type of mismatch. Also, ignore the the RF_ALIGNMENT_MASK
bits since alignment validity should be handled by the amask check.
This field contains an integer value, but previous code did a strange
bitwise comparison on it.

Leave the original value of flags unmolested as a minor debug aid.

Change the start+amask overflow check to a KASSERT() since it is just
meant to catch a highly unlikely programming error in the caller.

Reviewed by: jhb

MFC r266426

Slightly restructure the final loop in rman_reserve_resource_bound().
Replace with the existing loop termination test with a similar
condition from the nested "if" that may terminate the loop a bit
sooner, but still not too early. This condition can then be removed
from the nested "if". Relocate an operator to be style(9) compliant.

Be even more paranoid about overflow.

Requested by: ache

Nuke a couple of unnecessary assigments. Nothing uses the values of rstart
and rend after this point.

MFC r265363

Avoid unsigned integer overflow which can cause
rman_reserve_resource_bound() to return incorrect results.

Continue the initial search until the first viable region is found.

Add a comment to explain the search termination test.

PR: kern/188534
Reviewed by: jhb (previous version)

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Unlock in the error path to prevent a lock leak.

PR: 162174
Submitted by: Ian Lepore
MFC after: 2 weeks

Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs.

The SYSCTL_NODE macro defines a list that stores all child-elements of
that node. If there's no SYSCTL_DECL macro anywhere else, there's no
reason why it shouldn't be static.

Clear the device_t pointer in 'struct resource' when releasing a device
as otherwise the sysctl to export rman info can dereference a stale
pointer.

PR: kern/115371
Submitted by: Arthur Hartwig
MFC after: 1 week

Extend the rman(9) API to support altering an existing resource.
Specifically, these changes allow a resource to back a relocatable and
resizable resource such as the I/O window decoders in PCI-PCI bridges.
- rman_adjust_resource() can adjust the start and end address of an
existing resource. It only succeeds if the newly requested address
space is already free. It also supports shrinking a resource in
which case the freed space will be marked unallocated in the rman.
- rman_first_free_region() and rman_last_free_region() return the
start and end addresses for the first or last unallocated region in
an rman, respectively. This can be used to determine by how much
the resource backing an rman must be adjusted to accomodate an
allocation request that does not fit into the existing rman.

While here, document the rm_start and rm_end fields in struct rman,
rman_is_region_manager(), the bound argument to
rman_reserve_resource_bound(), and rman_init_from_resource().

Change rman_manage_region() to actually honor the rm_start and rm_end
constraints on the rman and reject attempts to manage a region that is out
of range.
- Fix various places that set rm_end incorrectly (to ~0 or ~0u instead of
~0ul).
- To preserve existing behavior, change rman_init() to set rm_start and
rm_end to allow managing the full range (0 to ~0ul) if they are not set by
the caller when rman_init() is called.

Add a new DDB command, "show rmans", which will show the address and brief
details of each rman header, but not the contents of all rman structures
in the system. This is especially useful on platforms where some rmans
have many thousands of entries in rmans, making scrolling through the
output of "show all rman" impractical. Individual rmans can then be viewed
including their contents with "show rman 0xaddr" as usual.

Reviewed by: jhb

sysctl_rman: report shared resources to devinfo

shared uses of a resource are recorded on a sub-list hanging off
a main resource object on a main resource list;
without this change a shared resource (e.g. irq) is reported only
once by devinfo -r/-u;
with this change the resource is reported for each driver that
allocates it (which is even more than what vmstat -i -a reports).

Approved by: jhb (mentor)

rman_debug should be static, so make it static.

Trivially avoid a null pointer dereference when drivers
don't set the rman description. While drivers should set
it, a kernel panic is not the right behaviour when faced
without one.

Make ddb command registration dynamic so modules can extend
the command set (only so long as the module is present):
o add db_command_register and db_command_unregister to add and remove
commands, respectively
o replace linker sets with SYSINIT's (and SYSUINIT's) that register
commands
o expose 3 list heads: db_cmd_table, db_show_table, and db_show_all_table
for registering top-level commands, show operands, and show all operands,
respectively

While here also:
o sort command lists
o add DB_ALIAS, DB_SHOW_ALIAS, and DB_SHOW_ALL_ALIAS to add aliases
for existing commands
o add "show all trace" as an alias for "show alltrace"
o add "show all locks" as an alias for "show alllocks"

Submitted by: Guillaume Ballet <gballet@gmail.com> (original version)
Reviewed by: jhb
MFC after: 1 month

Resort a few accessor routines so that they are consistently grouped
with 'set_foo/get_foo' adjacent to each other.

Complete removal of restriction about overlaps to rman_manage_region:
remove comment and man page verbage...

Document return values for rman_init and rman_manage_region..

MFC after: 1 week

- Add a 'show rman <rm>' DDB command to dump the resources in a resource
manager similar to 'devinfo -u'.
- Add a 'show allrman' DDB command that effectively does 'show rman' on all
resource managers in the system.

Fix a case in rman_manage_region() where the resource list would get missorted.
This would in turn confuse rman_reserve_resource(). This was only seen for
MSI resources that can get allocated and deallocated after boot.

Fix an edge case in rman_manage_region() where it didn't handle a resource
ending at ULONG_MAX properly. While here, use TAILQ_FOREACH_SAFE().

Tested by: "Stephane E. Potvin" <sepotvin at videotron-ca>
MFC after: 1 week

- Fix rman_manage_region() to be a lot more intelligent. It now checks
for overlaps, but more importantly, it collapses adjacent free regions.
This is needed to cope with BIOSen that split up ports for system devices
(like IPMI controllers) across multiple system resource entries.
- Now that rman_manage_region() is not so dumb, remove extra logic in the
x86 nexus drivers to populate the IRQ rman that manually coalesced the
regions.

MFC after: 1 week

Report the correct function name in a DPRINTF.

Add a convenience function rman_init_from_resource for initializing
a rman from a resource.

Also, include _bus.h since the implementation of bus_space isn't
needed here, just the definitions of the types.

Remove the puc-specific hacks. The puc(4) driver now properly uses
the rman(9) interface.

r_spare1 and r_spare2 aren't needed. They aren't used. They can't be
accessed from outside of subr_rman.c. Remove them.

Reviewed by: jmg (in theory)

Prefer NULL to 0.
Add missing lock/unlock in sysctl handler.
Protect accessing NULL pointer when resource allocation was failed.
style(9)

Reviewed by: scottl
MFC after: 1 week

Eliminate __RMAN_RESOURCE_VISIBLE hack entirely by moving the struct
resource_ to subr_rman.c where it belongs.

puc(4) does strange things to resources in order to fool the
subdrivers to hook up.

It should probably be rewritten to implement a simple bus to which
the sub drivers attach using some kind of hint.

Until then, provide a couple of crutch functions with big warning
signs so it can survive the recent changes to struct resource.

Add rman_is_region_manager() for the benefit of an alpha hack.

Split struct resource in an external and internal part.

The external part is still called 'struct resource' but the contents
is now visible to drivers etc. This makes it part of the device
driver ABI so it not be changed lightly. A comment to this effect
is in place.

The internal part is called 'struct resource_i' and contain its external
counterpart as one field.

Move the bus_space tag+handle into the external struct resource, this
removes the need for device drivers to even know about these fields
in order to use bus_space to access hardware. (More in following commit).

If we are going to
1. Copy a NULL-terminated string into a fixed-length buffer, and
2. copyout that buffer to userland,
we really ought to
0. Zero the entire buffer
first.

Security: FreeBSD-SA-05:08.kmem

rman_set_device() seems to have been omitted by mistake. Implement it.

Move implementation of hw.bus.rman sysctl to subr_rman.c so that
subr_bus.c doesn't need to peek inside struct resource.

OK from: imp

Sometimes, when asked to return region A..C, we'd return A+N..C+N
instead of failing.

When looking for a region to allocate, we used to check to see if the
start address was < end. In the case where A..B is allocated already,
and one wants to allocate A..C (B < C), then this test would
improperly fail (which means we'd examine that region as a possible
one), and we'd return the region B+1..C+(B-A+1) rather than NULL.
Since C+(B-A+1) is necessarily larger than C (end argument), this is
incorrect behavior for rman_reserve_resource_bound().

The fix is to exclude those regions where r->r_start + count - 1 > end
rather than r->r_start > end. This bug has been in this code for a
very long time. I believe that all other tests against end are
correctly done.

This is why sio0 generated a message about interrupts not being
enabled properly for the device. When fdc had a bug that allocated
from 0x3f7 to 0x3fb, sio0 was then given 0x3fc-0x404 rather than the
0x3f8-0x3ff that it wanted. Now when fdc has the same bug, sio0 fails
to allocate its ports, which is the proper behavior. Since the probe
failed, we never saw the messed up resources reported.

I suspect that there are other places in the tree that have weird
looping or other odd work arounds to try to cope with the observed
weirdness this bug can introduce. These workarounds should be located
and eliminated.

Minor debug write fix to match the above test done as well.

'nice' by: mdodd
Sponsored by: timing solutions (http://www.timing.com/)

Fix a debugging printf. The order of start/end was inconsistant with
all the other start/end debugs, causing momentary confusion when the
output was examined.

/* -> /*- for copyright notices, minor format tweaks as necessary

Add a newline.

Add debugging to rman_manage_region() as well. This is useful since we
manage subregions in ACPI.

MFC after: 3 days

Fix the code in rman that merges adjacent unallocated resources to use a
better check for 'adjacent'. The old code assumed that if two resources
were adjacent in the linked list that they were also adjacent range wise.
This is not true when a resource manager has to manage disparate regions.
For example, the current interrupt code on i386/amd64 will instruct
irq_rman to manage two disjoint regions: 0-1 and 3-15 for the non-APIC
case. If IRQs 1 and 3 were allocated and then released, the old code
would coalesce across the 1 to 3 boundary because the resources were
adjacent in the linked list thus adding 2 to the area of resources that
irq_rman managed as a side effect. The fix adds extra checks so that
adjacent unallocated resources are only merged with the resource being
freed if the start and end values of the resources also match up. The
patch also consolidates the checks for adjacent resources being allocated.

Add ability to set start/end for rman

Hide struct resource and struct rman. You must define
__RMAN_RESOURCE_VISIBLE to see inside these now.

Reviewed by: dfr, njl (not njr)

Fix off by one error, twice.

Submitted by: Carlos Velasco (first one), jhb (second one)

Use __FBSDID().

Remove unused variable(s).

Found by: FlexeLint

Implement rman_get_device

# I though this was alredy implemented

Pointy hat on my head shown by: peter

Correct an off-by-one in the boundary check. Otherwise, resource
allocations would fail if the desired allocation size was equal to
the boundary.

Make the rman_{get,set}_* macros into real functions. The macros
create an ABI that encodes offsets and sizes of structures into client
drivers. The functions isolate the ABI from changes to the resource
structure. Since these are used very rarely (once at startup), the
speed penalty will be down in the noise.

Also, add r_rid to the structure so that clients can save the 'rid' of
the resource in the struct resource, plus accessor functions. Future
additions to newbus will make use of this to present a simplified
interface for resource specification.

Approved by: re (jhb)
Reviewed by: jhb, jake

Add debug.rman_debug sysctl MIB and loader tunable instead of broken
RMAN_DEBUG option.
This would be useful for debugging resource manager code.

Add sanity check seeing if adjusted start address exceeds end address
after boundary and alignment adjustment.

Change callers of mtx_init() to pass in an appropriate lock type name. In
most cases NULL is passed, but in some cases such as network driver locks
(which use the MTX_NETWORK_LOCK macro) and UMA zone locks, a name is used.

Tested on: i386, alpha, sparc64

Add a rman_reserve_resource_bound() function that takes an additional
argument specifying the boundary for the resource allocation.
Use ulmin()/ulmax() instead of min()/max() in some places to correctly
deal with the u_long resource range specifications.

- No need for resetting values to 0 when M_ZERO flag is used.

Approved: jhb

Use msleep() to avoid lost wakeup's instead of doing an ineffective
splhigh() before the mtx_unlock and tsleep(). The splhigh() was probably
correct in the original code using simplelocks but is not correct in
5.0-current.

Noticed by: Andrew Reiter <awr@FreeBSD.org>

Malloc mutexes pre-zero'd as random garbage (including 0xdeadcode) my
trigget the check to make sure we don't initalize a mutex twice.

Handle NULL struct device *s

Change and clean the mutex lock interface.

mtx_enter(lock, type) becomes:

mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks)
mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized)

similarily, for releasing a lock, we now have:

mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN.
We change the caller interface for the two different types of locks
because the semantics are entirely different for each case, and this
makes it explicitly clear and, at the same time, it rids us of the
extra `type' argument.

The enter->lock and exit->unlock change has been made with the idea
that we're "locking data" and not "entering locked code" in mind.

Further, remove all additional "flags" previously passed to the
lock acquire/release routines with the exception of two:

MTX_QUIET and MTX_NOSWITCH

The functionality of these flags is preserved and they can be passed
to the lock/unlock routines by calling the corresponding wrappers:

mtx_{lock, unlock}_flags(lock, flag(s)) and
mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN
locks, respectively.

Re-inline some lock acq/rel code; in the sleep lock case, we only
inline the _obtain_lock()s in order to ensure that the inlined code
fits into a cache line. In the spin lock case, we inline recursion and
actually only perform a function call if we need to spin. This change
has been made with the idea that we generally tend to avoid spin locks
and that also the spin locks that we do have and are heavily used
(i.e. sched_lock) do recurse, and therefore in an effort to reduce
function call overhead for some architectures (such as alpha), we
inline recursion for this case.

Create a new malloc type for the witness code and retire from using
the M_DEV type. The new type is called M_WITNESS and is only declared
if WITNESS is enabled.

Begin cleaning up some machdep/mutex.h code - specifically updated the
"optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN
and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently
need those.

Finally, caught up to the interface changes in all sys code.

Contributors: jake, jhb, jasone (in no particular order)

Convert all simplelocks to mutexes and remove the simplelock implementations.

Convert more malloc+bzero to malloc+M_ZERO.

Submitted by: josh@zipperup.org
Submitted by: Robert Drehmel <robd@gmx.net>

Bug fix for revision 1.14 on the replacement of CIRCLEQ with TAILQ.

Submitted by: Warner Losh <imp@village.org>

In preparation for deprecating CIRCLEQ macros in favor of TAILQ
macros which provide the same functionality and are a bit more
efficient, convert use of CIRCLEQ's in resource manager to TAILQ's.

Approved by: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>

Cleanup the rman_make_alignment_flags function to be much clearer and shorter
than the prior version.

Implement resource alignment as discussed in arch@ a long time ago.
This was implemented by Shigeru YAMAMOTO-san and Jonathan Chen. I've
cleaned them up somewhat and they seem to work well enough to boot
current (but given current's state it can be hard to tell). Doug
Rabson also reviewed the design and signed off on it.

Replace all the ifdef debugging spaghetti with a single ifdef and
a macro so that it is easier to read the flow of the code.

Commit the remaining part of PR14914:

Alot of the code in sys/kern directly accesses the *Q_HEAD and *Q_ENTRY
structures for list operations. This patch makes all list operations
in sys/kern use the queue(3) macros, rather than directly accessing the
*Q_{HEAD,ENTRY} structures.

Reviewed by: phk
Submitted by: Jake Burkholder <jake@checker.org>
PR: 14914

$Id$ -> $FreeBSD$

Make sure that we record the flags in all cases.

Submitted by: Bernd Walter <ticso@cicely.de>
PR: kern/12399

Bring the 'new-bus' to the i386. This extensively changes the way the
i386 platform boots, it is no longer ISA-centric, and is fully dynamic.
Most old drivers compile and run without modification via 'compatability
shims' to enable a smoother transition. eisa, isapnp and pccard* are
not yet using the new resource manager. Once fully converted, all drivers
will be loadable, including PCI and ISA.

(Some other changes appear to have snuck in, including a port of Soren's
ATA driver to the Alpha. Soren, back this out if you need to.)

This is a checkpoint of work-in-progress, but is quite functional.

The bulk of the work was done over the last few years by Doug Rabson and
Garrett Wollman.

Approved by: core

Staticize.

Fix a bug which prevented more than two clients from sharing a resource.

Ifdefed conditionally used simplock variables.

The "easy" fixes for compiling the kernel -Wunused: remove unreferenced static
and local variables, goto labels, and functions declared but not defined.

Fixed a missing include. `SYSININT(...);' garbage in gave null garbage out.

The new resource manager, hopefully in a reasonably stable form.