[STYLE_FIX]

x64: SKIM window to mitigate Meltdown (CVE-2017-5754) on x86-64

Introduces a kernel option that, when enabled, reduces the kernel window in a user address
space to just be Static Kernel Image and Microstate (SKIM), instead of the full kernel
address space. This isolates the important kernel data from the user preventing a
Meltdown style attack being able to violate secrecy. The kernel text and read only data,
i.e. anything that is static from boot, is not secret and can be allowed in the SKIM window
and potentially read by the user. Additionally to switch to and from the actual kernel
address space a small amount of state needs to also be in the SKIM window.

This is only an implementation for x86-64, although the same design is applicable to ia32

x86: Separate definition for kernel vspace root

Introduces a separate definition for vspace root that the kernel runs on. Having this
be distinct from the global vspace root allows for potential future distinction
between the global root (that is copied into all user address spaces) and the address
space that the kernel runs in.

[STYLE_FIX]

x86: add framebuffer info of MBI2 via boot_info

x86: evaluate ACPI RSDP v1 multiboot 2 information

x86: validate RSDP pointer in try_boot_sys

instead of re-initializing it.

Issue #67

x86: Use ROUND_UP macro instead of align_up

The additional align_up helper is redundant and can be replaced with ROUND_UP

x86: Prevent format type warning

`sizeof` returns an `int` and not a `long` on ia32, casting prevents warnings

x86: Support for mulitboot2 compatible booting

Declares to a bootloader that we hare multiboot2 compliant and provides an additional
try_boot_sys_mbi2 function for processing a multiboot2 information header.

x86: Remove assumptions on multiboot1 style booting

This abstracts the existing try_boot_sys into two portions, one which pulls data out
of a multiboot1 style information header, and one which performs generic booting
without being multiboot1 specific.

x86: Provide copy of RSDP in bootinfo

This gives a rootserver a way to find the ACPI tables in cases where there is no BIOS region
to scan for an RSDP.

x86: Copy RSDP table in acpi_init instead of returning physical address of rsdt

The full RSDP is useful beyond just extracting the RSDT address out of it. In particular
this prepares us for being able to pass a copy of the RSDP to the rootserver.

The previous function signature might lead a user to believe that they were getting a
pointer to a useable acpi_rsdt_t structure. This was in fact not the case and was
actually returning the physical address, that may or may not be mapped in, of the rsdt
table. All of the other acpi *_scan functions would therefore immediately map in the physical
rsdt pointer they were given.

This commit changes acpi_init to return a boolean indicating whether it found a valid
rsdp, and then fills in a copy of the rsdp data. The copy is necessary as the rsdp
data may be at a temporary mapping.

As a result of changing acpi_init the boot code and state is changed to have a acpi_rsdt_t
instance that can be filled out.

Share linker.h between architectures

SMP: Introduce ENABLE_SMP_SUPPORT

- Make it more readable and less confusing compared to the 'CONFIG_MAX_NUM_NODES > 1' check

x86: Split large structs into portions

The C parser does not enjoy parsing structs with many fields

SELFOUR-865: Fix variable size errors

SELFOUR-865: Pass memory map information to user

x86: Correct multiboot info definition

The fields in the multiboot_info structure have precise sizes and should not use pointers
types as these sizes change between ia32 and x86_64 builds. This commit changes such
fields to be the correct fixed size uint32_t

smp: fix bugs when stalling remote core

- Restart TCB from inside the lock if it is waiting for anything other than IRQ
- Only replace the TCB with idle thread if it is in ThreadState_RunningVM state

Also, this makes the design generic to be shared with arm.

refactor: initialise common core state in one place

x86: Pass VBE information from multiboot through bootinfo

Remove assumption on 32-bit memory offsets

On 64-bit platforms physical address could be >2^32 offset from a virtual address. This
changes offsets to match the word size of the target architecture

x86: initialize ksActiveFPUState for APs

x86: Handling pending interrupts in kernel mode

This commit allows x86 to completely handle a pending interrupt without switching
out to user mode. To handle an interrupt on x86 the APIC *must* generate an exception,
prior to you being able to acknowledge it. Previously we only allow exceptions (i.e.
interrupts) to be generated outside of kernel mode when we are in user mode.

This change allows us to 'poll' for an interrupt and transition the APIC whilst in kernel
mode by enabling and taking interrupts at carefully defined points. A pending interrupt
will be stored by the exception handler, allowing us to then handle the interrupt and
acknowledge the hardware APIC. Handling is done by waiting until after we have 'left' the
kernel and are about to switch to user mode and then 'entering' the kernel again by jumping
to the interrupt entry point.

Handling interrupts entirely in kernel mode provides two advantages
* It will allow, in the future, the ability to handle kernel interrupts in situations
where we need to handle the interrupt before actually performing the hardware switch
back to user mode. This case happens where the user thread is using vt-x and so
pending interrupts do not generate an interrupt exception, but rather cause an exception
to be generated telling the system that there is a pending interrupt
* Where there are multiple pending interrupts it is more efficient to avoid additional
switches in and out of the user thread

Whilst this change does not enable pre-emption points to handle the interrupt before
returning out of `handleSyscall` it should be easily implementable with what is provided.

Unify kernel stack definition/declaration and share it between architecures/modes

Rather than defining a kernel stack in random places for each
architecure for each mode (32/64) and for single/SMP modes, make the
stack definition shareable between all of the above. This is also useful
for the future ARM SMP work.

SMP: move lock.h to architecture-independent include/smp

s/__sync_lock_test_and_set/__atomic_exchange_n in lock.h

x86: Explicitly define kernel stack size

This commit changes the previous hard coded 4K kernel stack size
to being a configurable power of 2 sized stack

Searching for large enough region to load user img

x86: Add Skylake-related info

x86: Add BSS regions for BOOT and PHYS code

Uninitialized data structures in BOOT and PHYS code currently get
placed in sections that are allocated in the file of the final image.
Whilst these sections will get reclaimed during kernel boot, so no
runtime memory is being wasted, it results in kernel images that
are much larger to load and transport than necesary.

This change adds explicit BSS regions for both BOOT and PHYS code
and moves all appropriate data structures into them

trival: initialize local variable in is_compiled_for_microarchitecture

[STYLE_FIX]

x86: check if kernel compiled for the host microarchitecture.
also move x86_cpuid_initialize from init_cpu as it has
nothing with initializing the cpu rather than just reading some info.
as well as being in cpu_init cause it to run multiple times in smp.

x64: Support multiple kernel stacks

Adds support for per-core kernel stacks through the use of
thread local storage and swapgs. In addition to the main
kernel stack the IRQ stack also needs to be made per core

x86: add logical id mapping for x2APIC IPI boradcasting

x86: updating the bootinfo for number of cores

Clean up x86KScurInterrupt:

1. Remove the locking dependancy on the value of x86KScurInterrupt
2. Remove confusing set/unset of x86KScurInterrupt

x86: Remove unused function

SELFOUR-635: support for TCB operations
This will update TCB invocations to consider multicore environment, this may include:
- adds the affinity invocation to transfer TCB between different cores and update TCB structure for core ID
- checking the thread/core state before performing TCB operation, e.g. deleting the runnable TCB, etc

Update SMP idle thread handling

x86: Refactor elf code

x64: 64-bit elf loading

SELFOUR-631: implement CLH lock and barrier infrastructure

x86: Generic setCurrentVSpaceRoot

Defines a generic setCurrentVSpaceRoot to replace setCurrentPD in
mode generic code

SELFOUR-630:preliminary booting application processors
- update core detection code and Kconfig file
- update kernel stack managment so that BSP does not use boot stack before IPI APs
- move arch dependant data to a single structure
- add cache line size to Kconfig
- add cpu indexing and apic id mapping
- boot APs to halting state
- add guard for kernel stack if there is only one core

SELFOUR-421 Introduce explicit device frames and untypeds

Kernel objects cannot be created from device untypeds, with the
exception of frames, which do not get zeroed and cannot be used
as an IPC buffer. Device untypeds additionally cannot be used
in the construction of ASID pools.

This then changes the API to the rootserver (i.e. bootinfo) to
send device untypeds instead of device frames. On ARM these
device untypeds are the same as the previously exported device
frame regions. On x86 PCI scanning is removed and all physical
memory addresses (that are not important for kernel integrity)
are released to the user.

In order to have bits in the frame and untyped caps on ARM the
number of software ASIDs had to be reduced from 2^18 to 2^17,
and the maximum untyped size reduced from 2^31 to 2^30

Revert "Merge pull request #358 in SEL4/sel4 from ~AZARRABI/sel4:multicore to master"

This reverts commit ce2f666bb811c5e4c779829fcb09d5a189ebcdbb, reversing
changes made to dc183f96b81f2344d7d0d910fc430f924eaae940.

Revert "[STYLE_FIX]"

This reverts commit d29f743bbcc3acff2f61b40dedb4fe0839db38b8.

[STYLE_FIX]

SELFOUR-630:preliminary booting application processors
- update core detection code and Kconfig file
- update kernel stack managment so that BSP does not use boot stack before IPI APs
- move arch dependant data to a single structure
- add cache line size to Kconfig
- add cpu indexing and apic id mapping
- boot APs to halting state
- add guard for kernel stack if there is only one core

Provide generic C entry/exit hook routines

It can be deseriable to run code before/after user mode, but
not have to write it in assembly. This commit adds such stubs
that get called as the first/last C code when coming in
and out of the kernel

x86: Use setCurrentPD instead of write_cr3

setCurrentPD caches a copy of the value that is written to cr3. This
value is used by other operations (such as invalidateTLB) to avoid
having to read cr3 in order to rewrite it.

This fixes a bug where if benchmarking is enabled invalidateTLB will be
called in boot code before setCurrentPD has ever been called, which will
result in writing a garbage value to cr3

x86: Rearrange init_cpu in boot code

The CPU should be initialized before calling init_sys_state, as
this attempts to manipulate things such as the FPU, which may
not be in a valid state before performing the full CPU init.
In order to perform init_cpu earlier, init_vm_state is also
moved into init_cpu, where it makes more sense to be to begin with

Further separate 'release' and 'verification' builds

Originally building the kernel was largely considered to be done in
one of two ways
1. Release build with no assertions, no debug symbols and no printing.
This was generally considered to be a 'verified' build
2. Debug build with assertions, debug symbols and printing

Since then various options were added, such as the 'code injection'
option, which we wanted on builds that did not have assertions or
other options that affected performance. As such it did not depend
upon a debug build and had large warning signs saying that enabling
this in a release build would not give you a verified or trusted
kernel.

Most recently the ability to print from the kernel in release mode
was added. For the same reason that tying the ability to print with
the performance reduction of various debugging was not always desireable.

This change attempts to unify the current state and have a single top
level option to enable a 'verification friendly' build. All other
options (assertions, printing, code injection) then depend upon
this configuration not being set.

x86: Correct link error with -fwhole-program

[boot] A trivial patch that checks `mod_count` before using it.

This patch just reorders the code, to actually do the check if there are any
modules (represented by `mod_count`) before any setup or lookup is done.

x86: Fix parse_mem_map to exclude physical memory not addressable on 32-bit systems if running on one

trivial: style

trivial: Fix printing on x86

x86: Populate the freemem list from the multiboot mem list

If the multiboot memory list exists, then it may contain more
than just the single contiguous memory region listed in 'mem_upper'
Therefore we use it to populate a more complete free memory list,
if it exists

x86: add kpptr_to_paddr

This commit introduces the idea of a 'kpptr', which is simply an
address that is a kernel symbol. This allows for, in the future, to
have two different translations (between pointers and physical addresses)
one for kernel symbols, and one for other memory

x86: Remove underscores from symbols as they are in violation of the C standard

x86: Move cpus to boot_state to avoid taking address of a local variable

Do not switch to the the root thread until after cpu initialization is done

x86: Port some of the IOMMU changes on the experimental branch

This changes the IOMMU from using passthrough devices and instead
directly mapping in the reserved regions that are needed for each
device.

x86: With multi-kernel support removed make the kernel PDs etc global instead of passing them around

x86: Correctly align the PDPT

x86: Do not conditionally compile IOMMU code, use build/run time checks

Guarding code with #ifdef's makes even cursor testing of 'does this code compile'
difficult due to code being hidden by the pre-processor. Using config_set in
regular C if statements is performant as the compiler can trivially detect
dead code at compile time, and at -O1 and above will not even link in symbols
referenced by dead code in these blocks, so this will not bloat image size

x86: Do not conditionally compile IRQ controller code, use build/run time checks

Guarding code with #ifdef's makes even cursor testing of 'does this code compile'
difficult due to code being hidden by the pre-processor. Using config_set in
regular C if statements is performant as the compiler can trivially detect
dead code at compile time, and at -O1 and above will not even link in symbols
referenced by dead code in these blocks, so this will not bloat image size

x86: Strip multi kernel support from the x86 kernel. This is not used and is conflicting with planned future features

x86: Define a KERNEL_BASE_OFFSET for translating the kernel image region

This definition is different to BASE_OFFSET in that it is only meant to
apply to the kernel image portion of the kernel window, and doesn't
assume that the entire window can be translated by a single offset

x86: Rename constants and functions to have X86 prefix instead of IA32 prefix

x86: Move APIC frequency calculation to APIC init, instead of doing it before we initialize paging

Update some printf's of loop counters that had their types changed

Change additional int->word_t due to interraction with the C parser to ease verification

x86: Cast, where appropriate, to word_t type to support 32 and 64 bit

Change casting from int->long to be compatible with both 32 and 64 bit compilations

Rationalize standard types

This commit aims to rationalize how we represent different types
for compatiblity between ARM and x86, as well as between 32 and
64 bit code. The choices being made here is to declare that a
uint32_t has a type of 'int', this allows uint32_t to be declared
consistently across 32 and 64 bit (at least in GCC).
The word_t type is declared using a 'long' (not a uint32_t or uint64_t) to
allow for a word_t to be backed by the same type on both 32 and 64 bit
All other types that want to be declared as the size of a native word
get declared in terms of a word_t

fix format strings for x86

generate warnings for incorrect format strings for kprintf, bring stdint.h
inline for x86 and arm and fix some format strings as a consequence

x86: Mark page directories and stacks as externally visible

The PD and stacks are referenced from assembly files and not
C. If these are not set to visible the linker may throw them
away. This has only been observed as a problem when building
with '-fwhole-program-optimizations'

xIntroduce RELEASE_PRINTF, which allows a renamed printf (release_printf) to be used in a release build of the kernel - userful for debugging tests that only fail on a release build of the kernel

x86: Make x86 the name of the architecture instead of IA32

IA32 is 32bit version of the x86 architecture. Whilst only IA32
is supported, much of the code is generic x86. Using a generic
x86 architecture will aid in future 64bit support