Change sendsig() interface so that the MD code does not need to access
data from struct process anymore. This changes how siginfo and onstack
are accessed and make sendsig() more MP friendly.
With and OK semarie@ OK kettenis@

remove uneeded includes in md armv7 files

based on include-what-you-use suggestions

In case of failure, call sigexit() from trapsignal instead of sensig().

Simplify MD code and reduce the amount of recursion into the signal code
which helps when dealing with locks.

ok cheloha@, deraadt@

Move from sendsig() to its callers the initsiginfo() calls and
instead of passing sendsig() the code+type+val, pass a siginfo_t*
to copy from. Eliminate the indirection through struct emul for
sendsig(); we no longer have a SunOS4-compat version of sendsig()

ok deraadt@

Save and restore FPU registers around signal handlers.
Fixes the random crashes in sh(1).

ok guenther@

Implement MAP_STACK option for mmap(). Synchronous faults (pagefault and
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis

Bring SROP mitigation to arm64. Make some small modifications to the arm
code as well to improve diffability. Changes the types used in the arm64
"struct sigcontext" to avoid having to include <sys/types.h>.

ok deraadt@

hand-massage sendsig() and sys_sigreturn() to be much more similar.
ok guenther kettenis

SROP mitigation. sendsig() stores a (per-process ^ &sigcontext) cookie
inside the sigcontext. sigreturn(2) checks syscall entry was from the
exact PC addr in the (per-process ASLR) sigtramp, verifies the cookie,
and clears it to prevent sigcontext reuse.
not yet tested on landisk, sparc, *88k, socppc.
ok kettenis

Switch from PSR_X_bit and X32_bit PSR macro names to just PSR_X.
This matches FreeBSD and makes things a bit more consistent.
Discussed with Patrick.

Move p_emul and p_sigcode from proc to process.
Tweak the handling of ktrace EMUL when changing ktracing: only
generate one per process (not one per thread) and pass the correct
proc pointer down to the VFS layer. Permit generating of NAMI and
CSW records inside ktrace(2) itself.

ok deraadt@ millert@

Move p_sigacts from struct proc to struct process.

testing help mpi@

Remove an instruction cache sync which is not needed.

ok miod@

Determine whether we're currently on the alternative signal stack
dynamically, by comparing the stack pointer against the altstack
base and size, so that you get the correct answer if you longjmp
out of the signal handler, as tested by regress/sys/kern/stackjmp/.
Also, fix alt stack handling on vax, where it was completely broken.

Testing and corrections by miod@, krw@, tobiasu@, pirofti@

Late spring cleaning of the arm code for old dusty bits we do not want to
keep:
- remove bootconfig parameter passing feature (unused).
- unifdef __PROG32 and remove all remains of arm26 code.
- remove ARMFPE support (unused).
- remove support for ARM2, ARM2AS, ARM3, ARM6, ARM7, ARM7TDMI and StrongARM
processor families, and the related silicon bug workarounds (especially
the SA-110 STM^ bug).
- remove cpu_functions no longer necessary after previous removals.
- remove ARM32_DISABLE_ALIGNMENT_FAULTS option (unused).
- make FIQ support conditional on option FIQ (unused, but may be eventually).

Discussed with drahn@ and jasper@ long ago, I was sitting on this commit for
no good reason.

Recommit the reverted sigacts change now that the NFS use-after-free
problem has been tracked down. This fixes the sharing of the signal
handling state: shared bits go in sigacts, per-rthread bits goes in
struct proc.

ok deraadt@

Revert the sigacts diff: NFS can apparently retain pointers to processes
until they're zombies and then send them signals (for intr mounts). Until
that is untangled, the sigacts change is unsafe. sthen@ was the victim
for this one

another variable left after a commit

Correct the sharing of the signal handling state: stuff that should
be shared (p_sigignore, p_sigcatch, P_NOCLDSTOP, P_NOCLDWAIT) moves
to struct sigacts, wihle stuff that should be per rthread (ps_oldmask,
SAS_OLDMASK, ps_sigstk) moves to struct proc. Treat the coredumping
state bits (ps_sig, ps_code, ps_type, ps_sigval) as per-rthread
until our locking around coredumping is better.

Oh, and remove the old SunOS-compat ps_usertramp member.

"I like the sound of this" tedu@

branches: 1.2.2;
Correctly pass the siginfo_t structure to signal handlers.
ok drahn@

Arm port, NetBSD codebase stripped down, 32bit only support.

remove uneeded includes in md armv7 files

based on include-what-you-use suggestions

In case of failure, call sigexit() from trapsignal instead of sensig().

Simplify MD code and reduce the amount of recursion into the signal code
which helps when dealing with locks.

ok cheloha@, deraadt@

Move from sendsig() to its callers the initsiginfo() calls and
instead of passing sendsig() the code+type+val, pass a siginfo_t*
to copy from. Eliminate the indirection through struct emul for
sendsig(); we no longer have a SunOS4-compat version of sendsig()

ok deraadt@

Save and restore FPU registers around signal handlers.
Fixes the random crashes in sh(1).

ok guenther@

Implement MAP_STACK option for mmap(). Synchronous faults (pagefault and
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis

Bring SROP mitigation to arm64. Make some small modifications to the arm
code as well to improve diffability. Changes the types used in the arm64
"struct sigcontext" to avoid having to include <sys/types.h>.

ok deraadt@

hand-massage sendsig() and sys_sigreturn() to be much more similar.
ok guenther kettenis

SROP mitigation. sendsig() stores a (per-process ^ &sigcontext) cookie
inside the sigcontext. sigreturn(2) checks syscall entry was from the
exact PC addr in the (per-process ASLR) sigtramp, verifies the cookie,
and clears it to prevent sigcontext reuse.
not yet tested on landisk, sparc, *88k, socppc.
ok kettenis

Switch from PSR_X_bit and X32_bit PSR macro names to just PSR_X.
This matches FreeBSD and makes things a bit more consistent.
Discussed with Patrick.

Move p_emul and p_sigcode from proc to process.
Tweak the handling of ktrace EMUL when changing ktracing: only
generate one per process (not one per thread) and pass the correct
proc pointer down to the VFS layer. Permit generating of NAMI and
CSW records inside ktrace(2) itself.

ok deraadt@ millert@

Move p_sigacts from struct proc to struct process.

testing help mpi@

Remove an instruction cache sync which is not needed.

ok miod@

Determine whether we're currently on the alternative signal stack
dynamically, by comparing the stack pointer against the altstack
base and size, so that you get the correct answer if you longjmp
out of the signal handler, as tested by regress/sys/kern/stackjmp/.
Also, fix alt stack handling on vax, where it was completely broken.

Testing and corrections by miod@, krw@, tobiasu@, pirofti@

Late spring cleaning of the arm code for old dusty bits we do not want to
keep:
- remove bootconfig parameter passing feature (unused).
- unifdef __PROG32 and remove all remains of arm26 code.
- remove ARMFPE support (unused).
- remove support for ARM2, ARM2AS, ARM3, ARM6, ARM7, ARM7TDMI and StrongARM
processor families, and the related silicon bug workarounds (especially
the SA-110 STM^ bug).
- remove cpu_functions no longer necessary after previous removals.
- remove ARM32_DISABLE_ALIGNMENT_FAULTS option (unused).
- make FIQ support conditional on option FIQ (unused, but may be eventually).

Discussed with drahn@ and jasper@ long ago, I was sitting on this commit for
no good reason.

Recommit the reverted sigacts change now that the NFS use-after-free
problem has been tracked down. This fixes the sharing of the signal
handling state: shared bits go in sigacts, per-rthread bits goes in
struct proc.

ok deraadt@

Revert the sigacts diff: NFS can apparently retain pointers to processes
until they're zombies and then send them signals (for intr mounts). Until
that is untangled, the sigacts change is unsafe. sthen@ was the victim
for this one

another variable left after a commit

Correct the sharing of the signal handling state: stuff that should
be shared (p_sigignore, p_sigcatch, P_NOCLDSTOP, P_NOCLDWAIT) moves
to struct sigacts, wihle stuff that should be per rthread (ps_oldmask,
SAS_OLDMASK, ps_sigstk) moves to struct proc. Treat the coredumping
state bits (ps_sig, ps_code, ps_type, ps_sigval) as per-rthread
until our locking around coredumping is better.

Oh, and remove the old SunOS-compat ps_usertramp member.

"I like the sound of this" tedu@

branches: 1.2.2;
Correctly pass the siginfo_t structure to signal handlers.
ok drahn@

Arm port, NetBSD codebase stripped down, 32bit only support.

In case of failure, call sigexit() from trapsignal instead of sensig().

Simplify MD code and reduce the amount of recursion into the signal code
which helps when dealing with locks.

ok cheloha@, deraadt@

Move from sendsig() to its callers the initsiginfo() calls and
instead of passing sendsig() the code+type+val, pass a siginfo_t*
to copy from. Eliminate the indirection through struct emul for
sendsig(); we no longer have a SunOS4-compat version of sendsig()

ok deraadt@

Save and restore FPU registers around signal handlers.
Fixes the random crashes in sh(1).

ok guenther@

Implement MAP_STACK option for mmap(). Synchronous faults (pagefault and
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis

Bring SROP mitigation to arm64. Make some small modifications to the arm
code as well to improve diffability. Changes the types used in the arm64
"struct sigcontext" to avoid having to include <sys/types.h>.

ok deraadt@

hand-massage sendsig() and sys_sigreturn() to be much more similar.
ok guenther kettenis

SROP mitigation. sendsig() stores a (per-process ^ &sigcontext) cookie
inside the sigcontext. sigreturn(2) checks syscall entry was from the
exact PC addr in the (per-process ASLR) sigtramp, verifies the cookie,
and clears it to prevent sigcontext reuse.
not yet tested on landisk, sparc, *88k, socppc.
ok kettenis

Switch from PSR_X_bit and X32_bit PSR macro names to just PSR_X.
This matches FreeBSD and makes things a bit more consistent.
Discussed with Patrick.

Move p_emul and p_sigcode from proc to process.
Tweak the handling of ktrace EMUL when changing ktracing: only
generate one per process (not one per thread) and pass the correct
proc pointer down to the VFS layer. Permit generating of NAMI and
CSW records inside ktrace(2) itself.

ok deraadt@ millert@

Move p_sigacts from struct proc to struct process.

testing help mpi@

Remove an instruction cache sync which is not needed.

ok miod@

Determine whether we're currently on the alternative signal stack
dynamically, by comparing the stack pointer against the altstack
base and size, so that you get the correct answer if you longjmp
out of the signal handler, as tested by regress/sys/kern/stackjmp/.
Also, fix alt stack handling on vax, where it was completely broken.

Testing and corrections by miod@, krw@, tobiasu@, pirofti@

Late spring cleaning of the arm code for old dusty bits we do not want to
keep:
- remove bootconfig parameter passing feature (unused).
- unifdef __PROG32 and remove all remains of arm26 code.
- remove ARMFPE support (unused).
- remove support for ARM2, ARM2AS, ARM3, ARM6, ARM7, ARM7TDMI and StrongARM
processor families, and the related silicon bug workarounds (especially
the SA-110 STM^ bug).
- remove cpu_functions no longer necessary after previous removals.
- remove ARM32_DISABLE_ALIGNMENT_FAULTS option (unused).
- make FIQ support conditional on option FIQ (unused, but may be eventually).

Discussed with drahn@ and jasper@ long ago, I was sitting on this commit for
no good reason.

Recommit the reverted sigacts change now that the NFS use-after-free
problem has been tracked down. This fixes the sharing of the signal
handling state: shared bits go in sigacts, per-rthread bits goes in
struct proc.

ok deraadt@

Revert the sigacts diff: NFS can apparently retain pointers to processes
until they're zombies and then send them signals (for intr mounts). Until
that is untangled, the sigacts change is unsafe. sthen@ was the victim
for this one

another variable left after a commit

Correct the sharing of the signal handling state: stuff that should
be shared (p_sigignore, p_sigcatch, P_NOCLDSTOP, P_NOCLDWAIT) moves
to struct sigacts, wihle stuff that should be per rthread (ps_oldmask,
SAS_OLDMASK, ps_sigstk) moves to struct proc. Treat the coredumping
state bits (ps_sig, ps_code, ps_type, ps_sigval) as per-rthread
until our locking around coredumping is better.

Oh, and remove the old SunOS-compat ps_usertramp member.

"I like the sound of this" tedu@

branches: 1.2.2;
Correctly pass the siginfo_t structure to signal handlers.
ok drahn@

Arm port, NetBSD codebase stripped down, 32bit only support.

Move from sendsig() to its callers the initsiginfo() calls and
instead of passing sendsig() the code+type+val, pass a siginfo_t*
to copy from. Eliminate the indirection through struct emul for
sendsig(); we no longer have a SunOS4-compat version of sendsig()

ok deraadt@

Save and restore FPU registers around signal handlers.
Fixes the random crashes in sh(1).

ok guenther@

Implement MAP_STACK option for mmap(). Synchronous faults (pagefault and
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis

Bring SROP mitigation to arm64. Make some small modifications to the arm
code as well to improve diffability. Changes the types used in the arm64
"struct sigcontext" to avoid having to include <sys/types.h>.

ok deraadt@

hand-massage sendsig() and sys_sigreturn() to be much more similar.
ok guenther kettenis

SROP mitigation. sendsig() stores a (per-process ^ &sigcontext) cookie
inside the sigcontext. sigreturn(2) checks syscall entry was from the
exact PC addr in the (per-process ASLR) sigtramp, verifies the cookie,
and clears it to prevent sigcontext reuse.
not yet tested on landisk, sparc, *88k, socppc.
ok kettenis

Switch from PSR_X_bit and X32_bit PSR macro names to just PSR_X.
This matches FreeBSD and makes things a bit more consistent.
Discussed with Patrick.

Move p_emul and p_sigcode from proc to process.
Tweak the handling of ktrace EMUL when changing ktracing: only
generate one per process (not one per thread) and pass the correct
proc pointer down to the VFS layer. Permit generating of NAMI and
CSW records inside ktrace(2) itself.

ok deraadt@ millert@

Move p_sigacts from struct proc to struct process.

testing help mpi@

Remove an instruction cache sync which is not needed.

ok miod@

Determine whether we're currently on the alternative signal stack
dynamically, by comparing the stack pointer against the altstack
base and size, so that you get the correct answer if you longjmp
out of the signal handler, as tested by regress/sys/kern/stackjmp/.
Also, fix alt stack handling on vax, where it was completely broken.

Testing and corrections by miod@, krw@, tobiasu@, pirofti@

Late spring cleaning of the arm code for old dusty bits we do not want to
keep:
- remove bootconfig parameter passing feature (unused).
- unifdef __PROG32 and remove all remains of arm26 code.
- remove ARMFPE support (unused).
- remove support for ARM2, ARM2AS, ARM3, ARM6, ARM7, ARM7TDMI and StrongARM
processor families, and the related silicon bug workarounds (especially
the SA-110 STM^ bug).
- remove cpu_functions no longer necessary after previous removals.
- remove ARM32_DISABLE_ALIGNMENT_FAULTS option (unused).
- make FIQ support conditional on option FIQ (unused, but may be eventually).

Discussed with drahn@ and jasper@ long ago, I was sitting on this commit for
no good reason.

Recommit the reverted sigacts change now that the NFS use-after-free
problem has been tracked down. This fixes the sharing of the signal
handling state: shared bits go in sigacts, per-rthread bits goes in
struct proc.

ok deraadt@

Revert the sigacts diff: NFS can apparently retain pointers to processes
until they're zombies and then send them signals (for intr mounts). Until
that is untangled, the sigacts change is unsafe. sthen@ was the victim
for this one

another variable left after a commit

Correct the sharing of the signal handling state: stuff that should
be shared (p_sigignore, p_sigcatch, P_NOCLDSTOP, P_NOCLDWAIT) moves
to struct sigacts, wihle stuff that should be per rthread (ps_oldmask,
SAS_OLDMASK, ps_sigstk) moves to struct proc. Treat the coredumping
state bits (ps_sig, ps_code, ps_type, ps_sigval) as per-rthread
until our locking around coredumping is better.

Oh, and remove the old SunOS-compat ps_usertramp member.

"I like the sound of this" tedu@

branches: 1.2.2;
Correctly pass the siginfo_t structure to signal handlers.
ok drahn@

Arm port, NetBSD codebase stripped down, 32bit only support.

Save and restore FPU registers around signal handlers.
Fixes the random crashes in sh(1).

ok guenther@

Implement MAP_STACK option for mmap(). Synchronous faults (pagefault and
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis

Bring SROP mitigation to arm64. Make some small modifications to the arm
code as well to improve diffability. Changes the types used in the arm64
"struct sigcontext" to avoid having to include <sys/types.h>.

ok deraadt@

hand-massage sendsig() and sys_sigreturn() to be much more similar.
ok guenther kettenis

SROP mitigation. sendsig() stores a (per-process ^ &sigcontext) cookie
inside the sigcontext. sigreturn(2) checks syscall entry was from the
exact PC addr in the (per-process ASLR) sigtramp, verifies the cookie,
and clears it to prevent sigcontext reuse.
not yet tested on landisk, sparc, *88k, socppc.
ok kettenis

Switch from PSR_X_bit and X32_bit PSR macro names to just PSR_X.
This matches FreeBSD and makes things a bit more consistent.
Discussed with Patrick.

Move p_emul and p_sigcode from proc to process.
Tweak the handling of ktrace EMUL when changing ktracing: only
generate one per process (not one per thread) and pass the correct
proc pointer down to the VFS layer. Permit generating of NAMI and
CSW records inside ktrace(2) itself.

ok deraadt@ millert@

Move p_sigacts from struct proc to struct process.

testing help mpi@

Remove an instruction cache sync which is not needed.

ok miod@

Determine whether we're currently on the alternative signal stack
dynamically, by comparing the stack pointer against the altstack
base and size, so that you get the correct answer if you longjmp
out of the signal handler, as tested by regress/sys/kern/stackjmp/.
Also, fix alt stack handling on vax, where it was completely broken.

Testing and corrections by miod@, krw@, tobiasu@, pirofti@

Late spring cleaning of the arm code for old dusty bits we do not want to
keep:
- remove bootconfig parameter passing feature (unused).
- unifdef __PROG32 and remove all remains of arm26 code.
- remove ARMFPE support (unused).
- remove support for ARM2, ARM2AS, ARM3, ARM6, ARM7, ARM7TDMI and StrongARM
processor families, and the related silicon bug workarounds (especially
the SA-110 STM^ bug).
- remove cpu_functions no longer necessary after previous removals.
- remove ARM32_DISABLE_ALIGNMENT_FAULTS option (unused).
- make FIQ support conditional on option FIQ (unused, but may be eventually).

Discussed with drahn@ and jasper@ long ago, I was sitting on this commit for
no good reason.

Recommit the reverted sigacts change now that the NFS use-after-free
problem has been tracked down. This fixes the sharing of the signal
handling state: shared bits go in sigacts, per-rthread bits goes in
struct proc.

ok deraadt@

Revert the sigacts diff: NFS can apparently retain pointers to processes
until they're zombies and then send them signals (for intr mounts). Until
that is untangled, the sigacts change is unsafe. sthen@ was the victim
for this one

another variable left after a commit

Correct the sharing of the signal handling state: stuff that should
be shared (p_sigignore, p_sigcatch, P_NOCLDSTOP, P_NOCLDWAIT) moves
to struct sigacts, wihle stuff that should be per rthread (ps_oldmask,
SAS_OLDMASK, ps_sigstk) moves to struct proc. Treat the coredumping
state bits (ps_sig, ps_code, ps_type, ps_sigval) as per-rthread
until our locking around coredumping is better.

Oh, and remove the old SunOS-compat ps_usertramp member.

"I like the sound of this" tedu@

branches: 1.2.2;
Correctly pass the siginfo_t structure to signal handlers.
ok drahn@

Arm port, NetBSD codebase stripped down, 32bit only support.

Implement MAP_STACK option for mmap(). Synchronous faults (pagefault and
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis

Bring SROP mitigation to arm64. Make some small modifications to the arm
code as well to improve diffability. Changes the types used in the arm64
"struct sigcontext" to avoid having to include <sys/types.h>.

ok deraadt@

hand-massage sendsig() and sys_sigreturn() to be much more similar.
ok guenther kettenis

SROP mitigation. sendsig() stores a (per-process ^ &sigcontext) cookie
inside the sigcontext. sigreturn(2) checks syscall entry was from the
exact PC addr in the (per-process ASLR) sigtramp, verifies the cookie,
and clears it to prevent sigcontext reuse.
not yet tested on landisk, sparc, *88k, socppc.
ok kettenis

Switch from PSR_X_bit and X32_bit PSR macro names to just PSR_X.
This matches FreeBSD and makes things a bit more consistent.
Discussed with Patrick.

Move p_emul and p_sigcode from proc to process.
Tweak the handling of ktrace EMUL when changing ktracing: only
generate one per process (not one per thread) and pass the correct
proc pointer down to the VFS layer. Permit generating of NAMI and
CSW records inside ktrace(2) itself.

ok deraadt@ millert@

Move p_sigacts from struct proc to struct process.

testing help mpi@

Remove an instruction cache sync which is not needed.

ok miod@

Determine whether we're currently on the alternative signal stack
dynamically, by comparing the stack pointer against the altstack
base and size, so that you get the correct answer if you longjmp
out of the signal handler, as tested by regress/sys/kern/stackjmp/.
Also, fix alt stack handling on vax, where it was completely broken.

Testing and corrections by miod@, krw@, tobiasu@, pirofti@

Late spring cleaning of the arm code for old dusty bits we do not want to
keep:
- remove bootconfig parameter passing feature (unused).
- unifdef __PROG32 and remove all remains of arm26 code.
- remove ARMFPE support (unused).
- remove support for ARM2, ARM2AS, ARM3, ARM6, ARM7, ARM7TDMI and StrongARM
processor families, and the related silicon bug workarounds (especially
the SA-110 STM^ bug).
- remove cpu_functions no longer necessary after previous removals.
- remove ARM32_DISABLE_ALIGNMENT_FAULTS option (unused).
- make FIQ support conditional on option FIQ (unused, but may be eventually).

Discussed with drahn@ and jasper@ long ago, I was sitting on this commit for
no good reason.

Recommit the reverted sigacts change now that the NFS use-after-free
problem has been tracked down. This fixes the sharing of the signal
handling state: shared bits go in sigacts, per-rthread bits goes in
struct proc.

ok deraadt@

Revert the sigacts diff: NFS can apparently retain pointers to processes
until they're zombies and then send them signals (for intr mounts). Until
that is untangled, the sigacts change is unsafe. sthen@ was the victim
for this one

another variable left after a commit

Correct the sharing of the signal handling state: stuff that should
be shared (p_sigignore, p_sigcatch, P_NOCLDSTOP, P_NOCLDWAIT) moves
to struct sigacts, wihle stuff that should be per rthread (ps_oldmask,
SAS_OLDMASK, ps_sigstk) moves to struct proc. Treat the coredumping
state bits (ps_sig, ps_code, ps_type, ps_sigval) as per-rthread
until our locking around coredumping is better.

Oh, and remove the old SunOS-compat ps_usertramp member.

"I like the sound of this" tedu@

branches: 1.2.2;
Correctly pass the siginfo_t structure to signal handlers.
ok drahn@

Arm port, NetBSD codebase stripped down, 32bit only support.

Bring SROP mitigation to arm64. Make some small modifications to the arm
code as well to improve diffability. Changes the types used in the arm64
"struct sigcontext" to avoid having to include <sys/types.h>.

ok deraadt@

hand-massage sendsig() and sys_sigreturn() to be much more similar.
ok guenther kettenis

SROP mitigation. sendsig() stores a (per-process ^ &sigcontext) cookie
inside the sigcontext. sigreturn(2) checks syscall entry was from the
exact PC addr in the (per-process ASLR) sigtramp, verifies the cookie,
and clears it to prevent sigcontext reuse.
not yet tested on landisk, sparc, *88k, socppc.
ok kettenis

Switch from PSR_X_bit and X32_bit PSR macro names to just PSR_X.
This matches FreeBSD and makes things a bit more consistent.
Discussed with Patrick.

Move p_emul and p_sigcode from proc to process.
Tweak the handling of ktrace EMUL when changing ktracing: only
generate one per process (not one per thread) and pass the correct
proc pointer down to the VFS layer. Permit generating of NAMI and
CSW records inside ktrace(2) itself.

ok deraadt@ millert@

Move p_sigacts from struct proc to struct process.

testing help mpi@

Remove an instruction cache sync which is not needed.

ok miod@

Determine whether we're currently on the alternative signal stack
dynamically, by comparing the stack pointer against the altstack
base and size, so that you get the correct answer if you longjmp
out of the signal handler, as tested by regress/sys/kern/stackjmp/.
Also, fix alt stack handling on vax, where it was completely broken.

Testing and corrections by miod@, krw@, tobiasu@, pirofti@

Late spring cleaning of the arm code for old dusty bits we do not want to
keep:
- remove bootconfig parameter passing feature (unused).
- unifdef __PROG32 and remove all remains of arm26 code.
- remove ARMFPE support (unused).
- remove support for ARM2, ARM2AS, ARM3, ARM6, ARM7, ARM7TDMI and StrongARM
processor families, and the related silicon bug workarounds (especially
the SA-110 STM^ bug).
- remove cpu_functions no longer necessary after previous removals.
- remove ARM32_DISABLE_ALIGNMENT_FAULTS option (unused).
- make FIQ support conditional on option FIQ (unused, but may be eventually).

Discussed with drahn@ and jasper@ long ago, I was sitting on this commit for
no good reason.

Recommit the reverted sigacts change now that the NFS use-after-free
problem has been tracked down. This fixes the sharing of the signal
handling state: shared bits go in sigacts, per-rthread bits goes in
struct proc.

ok deraadt@

Revert the sigacts diff: NFS can apparently retain pointers to processes
until they're zombies and then send them signals (for intr mounts). Until
that is untangled, the sigacts change is unsafe. sthen@ was the victim
for this one

another variable left after a commit

Correct the sharing of the signal handling state: stuff that should
be shared (p_sigignore, p_sigcatch, P_NOCLDSTOP, P_NOCLDWAIT) moves
to struct sigacts, wihle stuff that should be per rthread (ps_oldmask,
SAS_OLDMASK, ps_sigstk) moves to struct proc. Treat the coredumping
state bits (ps_sig, ps_code, ps_type, ps_sigval) as per-rthread
until our locking around coredumping is better.

Oh, and remove the old SunOS-compat ps_usertramp member.

"I like the sound of this" tedu@

branches: 1.2.2;
Correctly pass the siginfo_t structure to signal handlers.
ok drahn@

Arm port, NetBSD codebase stripped down, 32bit only support.