MFC r337871, r339970, r342151, r342161, r343123-r343124, r344226, r344234,
r344248, r344387

r337871:
pkgfs_init: Initialize pkg

new_package may not set *pp if it errors out, leaving pkg uninitialized.

r339970:
Remove unnecessary include from libstand.

r342151:
loader: zfs reader should not probe partitionless disks

First of all, normal setups can not boot such pools as the tools
do not support installing boot programs.

Secondly, for proper pool configuration detection, we need to checks all
four label copies on disk, 2 from front and 2 from the end of the disk,
but zfs label does not contain the size of the disk - so we depend on
firmware to report the correct disk size or use information from the
partition table.

Without partition table, we only can rely on firmware to report and support
disk IO properly.

There is a specific case: 8TB disks are reported by BIOS to have 4294967295
sectors (0x00000000ffffffff), the sectors reported by OS is 15628053168
(0x00000003a3812ab0), so the reported size is less than actual but is hitting
32-bit max. Unfortuantely the real limit must be even lower because probing
this disk in this system will wnd up with hung system.

UEFI boot of this system seems not to be affected.

r342161:
loader: zfs reader should not probe partitionless disks (UEFI case)

With r342151 I did fix the BIOS version of zfs_probe_dev() from accessing
the whole disk, but the fix was not complete - we actually did not check
if the device name was really for whole disk. Since UEFI version
is only calling the zfs_probe_dev() with partitions and not with whole
disk, the UEFI loader was not able to find the zfs pools.

This update does correct the issue by calling archsw.arch_getdev() to
translate the device name back to dev_desc, and we have whole disk when both
partition and slice values are -1.

r343123:
loader should ignore active multi_vdev_crash_dump feature on zpool

Since the loader zfs reader does not need to read the dump zvol, we can
just enable the feature.

illumos issue #9051 https://www.illumos.org/issues/9051

r343124:
libsa: add asprintf()

asprintf() is a nice tool for string processing.

r344226:
Fix memory corruption bug introduced in r325310

The bug occurred when a bounce buffer was used and the requested read
size was greater than the size of the bounce buffer. This commit also
rewrites the read logic so that it is easier to systematically verify
all alignment and size cases.

r344234:
It turns out r344226 narrowed the overrun bug but did not eliminate it entirely

This commit fixes a remaining output buffer overrun in the
single-sector case when there is a non-zero tail.

r344248:
cd9660: dirmatch fails to unmatch when name is prefix for directory record

Loader does fail to properly match the file name in directory record and
does open file based on prefix match.

For fix, we check the name lengths first.

r344387:
loader: really fix cd9660 dirmatch

The cd9660_open() does pass whole path to dirmatch() and we need to
compare only the current path component, not full path.

Additinally, skip over duplicate / (if any) and check if the last component
in the path was meant to be directory (having trailing /). If it is in fact
a file, error out.

MFC various libsa fixes: r337037-r337039, r337065, r337412-r337413, r337874,
r338535, r338540, r339651, r339992-r339993, r340026

r337037:
libsa: pointer differs in signedness

A small cleanup, fix the argument type and while there, replace (char *)0 with
NULL.

r337038:
libsa: bootp is using pointers with different sign

Just change bp_file to char and same for variable s.

r337039:
libsa: assignment to char * from u_char *

Cast to char * instead of u_char *

r337065:
libsa: dereferencing type-punned pointer in cd9660

The warning is given by gcc build, but it is good to fix anyhow.
use bcopy instead of direct assignment.

r337412:
libsa: dos_checksum() should take unsigned chars

Fix pointers to integers with different sign issue.

r337413:
libsa: gzipfs.c converts pointers to integer types with different sign

Signed versus unsigned char.

r337874:
libsa: zfs_probe() needs to set spa to NULL

Silence the warning about possibly uninitialized use of spa.

r338535:
libsa: memory leak in tftp_open()

tftpfile is allocated just above and needs to be freed.

r338540:
libsa: validate tftp_makereq() after we did reset the read

The name check referred in the comment is not the only possible error source,
we need to validate the result.

r339651:
libsa: re-send ACK for older data packets in tftp

In current tftp code we drop out-of-order packets; however, we should play
nice and re-send ACK for older data packets we are receiving. This will
hopefully stop server repeating those packets we already have received.
Note we do not answer duplicates from "previous" session (that is, session
with different port number), those will eventually time out.

r339992:
libsa: tftp should not read past file end

When we have the file size via tsize option, use it to make sure we
will not attempt to read past file end.

r339993:
libsa: tftp should use calloc

instead of malloc() memset(), use calloc().

r340026:
libsa: cstyle cleanup tftp.c

No functinal changes intended.

MFC r332170, r332173: light cd9660 cleanup

r332170:
libsa: cd9660: warning: 'lenskip' may be used uninitialized in this function

We better provide value for lenskip in both instances.

r332173:
libsa: name is not used in dirmatch()

Seems like variable 'name' is leftover.

MFC r330056: libsa: replace remaining _write callbacks by null_write

There are some _write callbacks left only returning EROFS, replace them
by null_write. return EROFS from null_write().

MFC r329879, r329892

r329879:
libsa: Const-ify buffer argument of write(2) analog

r329892:
libsa: Change write(2)-alike prototype to match definition

Broken in r329879.

Apparently old GCC detects this, but modern GCC didn't. Mea culpa.

MFC Loader Fixes 2017q4p7: r324844,r326089,r326926,r326440,r326484,r326494,
r326588,r326708,r326784,r326914,r327390,r328446,r326090,r326143,r326144,
r326182,r326384,r326421,r326440,r326441,r326442,r326443,r326444,r326445,
r326446,r326447,r326448,r326484,r326485,r326486,r326487,r326488,r326490,
r326491,r326492,r326493,r326494,r326495,r326504,r326507,r326509,r326584,
r326585,r326586,r326587,r326588,r326589,r326590,r326591,r326592,r326593,
r326594,r326600,r326616,r326671,r326707,r326708,r326709,r326710,r326711,
r326712,r326714,r326720,r326768,r326772,r326784,r326792,r326812,r326854,
r326855,r326856,r326858,r326886,r326887,r326914,r326926,r326927,r326960,
r326961,r326962,r326963,r327351,r327453,r327390,r327523,r327524,r326489,
r327880,r328437,r328438,r328439,r328441,r328446,r328448,r328449,r328612,
r328613,r328615

While here, undo our libfdt hack of not including <stdlib.h> if we're
compiling _STANDALONE.

r324844: When building standalone, don't define errno. Let the definition from
stand.h override. This is similar to what we do in the kernel.

r326089: loader.efi: efipart does not recognize partitionless disks

r326090: net_parse_rootpath() has no parameters

r326143: Fix theoretical integer overflow issues. If the product here is

r326144: Mark the func pointer as __dead2. It looks up loader_main, which

r326182: Modify all FreeBSD bootloaders on PowerPC AIM (Book-S) systems

r326384: Use const pointers to avoid casting away constness.

r326421: loader.efi: efipart should exclude iPXE stub block protocol

r326440: Remove stale dependency on ufsread.c

r326441: Minor flags cleanup

r326442: Cleanup CFALGS usage here

r326443: We don't need both _STAND and _STANDALONE, use the latter.

r326444: Move geli to common DO32 stuff

r326445: Fix random() and srandom() prototypes to match the standard.

r326446: Undefine _STANDALONE since this is test code.

r326447: Tweaks to the beri boot loader so that it builds w/o warnings.

r326448: Fix all warnings related to geli and ZFS support on x86.

r326484: Const poison the propname.

r326485: Delcare md_load in libofw.h. Make all prototypes match for ofw

r326486: Include machine/md_var to pick up __syncicache prototype.

r326487: Cast mdp (a vm_offset_t) to void * to match prototype.

r326488: e_entry can be smaller than a pointer. Cast it to an intptr_t

r326490: Declare our strange brand of main().

r326491: Disconnet ps3 from the build. There's too many warnings to fix.

r326492: Cast void * pointer to char * so the arg matches the %s format.

r326493: Provide a md_load64 prototype.

r326494: Mark two things as unused (since they are only sometimes used)

r326495: Now it's safe to bump WARNS to 1.

r326504: Switch to proper MK_LOADER_GELI tests.

r326507: increase maximum size of zfsboot

r326509: loader.efi: add note about iPXE into the efipart.c

r326584: When building standalone, include stand.h rather than the kernel

r326585: Include ficl.h before anything else

r326586: No need to include the userland md5.h, the kernel one is just fine.

r326587: Use the kernel relative paths, rather than the userland relative
paths

r326588: Need to include skein in the include path

r326589: Make sure we include the right path for skein.h

r326590: Prefer stdint.h to inttypes.h

r326591: This isn't NetBSD specific code. Include these for any kernel /

r326592: Don't inherit CFLAGS. This a specialized test program.

r326593: Stop building with the standard system headers.

r326594: Now that we offer a semi-sane standards-ish set of #include files,
stop hacking includes with sed.

r326600: Since this is contrib code, create an upstreamable version of my

r326616: dhcp_try_rfc1048() is not used any more

r326671: Avoid setting -Wno-tentative-definition-incomplete-type with gcc.

r326707: Add partial support signal.h functioanlity. Pull in
machine/signal.h

r326708: Remove _KERNEL hack now that errno.h does the right thing when
built standalone.

r326709: Provide implementations for iscntrl, ispunct and isgraph.

r326710: Put the files we're copying over into a few variables and clean
hings up.

r326711: Const poison a couple of interfaces.

r326712: Create interp class.

r326714: boot1.c needs EFI_ZFS_BOOT too, so add it globally.

r326720: This path belongs in ficl/Makefile, not the common defines for
users

r326768: Fix a comment to be more accurate

r326772: Fix regression with lua import

r326784: Revert part of 362772. It was causing problems for includes

r326792: Attempt to unbreak buildworld

r326812: Revert r326792, r326784, r326772, r326712

r326854: libefi: make efichar.h more usable in stand code

r326855: Cargo cut a fix for the regressions r326585 caused.

r326856: Fix comments after bump in size.

r326858: Revert r326855: Cargo cut a fix for the regressions r326585 caused.

r326886: Panic in sbrk if setheap hasn't been called yet. This is preferable
o a mysterious crash

r326887: Remove the 'mini libstand in libstand' that util.[ch] provided.

r326914: Move loader-only defines to loader.mk from defs.mk

r326926: Move loader help file definitions to being 100% inside of
loader.mk.

r326927: libficl is only ever used in a loader (never a boot) program. Move
it.

r326960: Simplify things a little. The RETURN macro isn't required.

r326961: Interact is always called with NULL. Simplify code a little

r326962: Hoist btx include stuff to i386/Makefile.inc

r326963: No need to use relative paths like this here.

r327351: Fix ubldr. uboot/lib uses defines for the loader.

r327453: Add a validbcd() routine that uses the bcd2bin_data[] array

r327390: Garbage-collect loader.ps3. It is currently disconnected from the
build and kboot replaces.

r327523: Don't clobber system LDFLAGS for beri boot loaders.

r327524: Use 'extern uint8_t' instead of 'extern void' for external symbols.

r326489: Allow this file to be used in libsa without warning...

r327880: Move getsecs() prototype to stand.h from net.h so it can be used

r328437: Split panic routine

r328438: Implement abort() as a call to panic.

r328439: Provide abs form stdlib.h.

r328441: abort() should be marked __dead2 since it won't return.

r328446: Now that exit is __dead2, we need to tag ub_exit() as __dead2.

r328448: Make exit() never return until host_exit can be written.

r328449: Tag unreachable places as such. I left the while (1); in place

r328612: Move strtold wrapper from strtol.c to its own strtold.c.

r328613: Kill copies of strtol and strtoul.

r328615: Update stand.h for changes for strto*l

PR: 223969