arc4random() is slow, but it induces getpid() calls; also saves a
bit on stirring efforts

doesn't test it, so factor out the two places that test it into a
routine and do the refreshing there.  With this, arch4random_buf()
doesn't trigger superfluous calls to getpid() when filling large
buffers.
ok deraadt@, "looks nicer indeed" otto@

actual kernel page size.

from trhodes@freebsd, r200095;

macros for them. Avoids walking the lists and greatly enhances speed
of freeing chunks in reverse or random order at the cost of a little
space. Suggested by Fabien Romano and Jonathan Armani; ok djm@

from Fabien Romano and Jonathan Armani

Armani

noticed by Jonathan Armani & Fabien Romano
ugh+ok otto@

unmaintainable).  these days, people use source.  these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms

Okay deraadt@, otto@.

ecvt, fcvt, gcvt, *printf, strtof, strtod, strtold act per ieee
1003.1.  after these massive changes, remove unused files which
would not work now.  reported by Maksymilian Arciemowicz;  ok theo

ok ian@, millert@

to u_int32_t to do integer math with (in a situation where that is legit)
ok otto millert

Someone may have passed a read-only string to putenv() (I'm looking
at you cron!).

standard explicitly disallows passing setenv a name with a '=' in
it but historic BSD behavior is to allow this but to ignore the '='
and anything after it.

-DSHA256_ONLY in order to save space; ok deraadt@

argument if the argument is deemed to be optional ('::').
feedback and ok jmc@ and millert@

PAGE_(SIZE|SHIFT|MASK) defines that evaluate to variables on the
sparc architecture;
ok otto@ tested on my reanimated ss20

on sparc, it expands to something that just plain does not work,
because the page size can be variable.  Sorry we didn't spot this
before.  Backing it all out to allow sparc to build; please find a
different way to fix it.

(MALLOC_OPTIONS=L). It was too slow to turn on by default, and we
don't do optional security.
requested by deraadt@ grumbling ok otto@

Move all runtime options into a structure that is made read-only
(via mprotect) after initialisation to protect against attacks that
overwrite options to turn off malloc protections (e.g. use-after-free)
Allocate the main bookkeeping data (struct dir_info) using mmap(),
thereby giving it an unpredictable address. Place a PROT_NONE guard
page on either side to further frustrate attacks on it.
Add a new 'L' option that maps struct dir_info PROT_NONE except when
in the allocator code itself. Makes attacks on it basically impossible.
feedback tedu deraadt otto canacar
ok otto

as static const

the page as possible (i.e. make malloc option P a default).
ok art@ millert@ krw@

a page to 0. P default will be changed in a separate commit.
ok millert@ art@ krw@

a separate symbolic constant for the leeway we allow when moving
allocations towards the end of a page. No functional change.

(might catch errors closer to the trouble spot) and junk fill pages just
before reuse instead of immediate (we can't access the page anyway)
since we set PROT_NONE in the F case. ok djm@

ok jmc@

tried and how many actually succeeded.

threaded case) but much smaller working set; prompted by and ok deraadt@

non-syscalls, there's just too much code not doing the right thing on
error paths; prompted by and ok deraadt@

kurt@

mapping the region next to the existing one first; there's a pretty
high chance there's a hole there we can use; ok deraadt@ tedu@

too much pressure on the amaps. ok tedu@ deraadt@

from Thomas Pfaff.  ok millert@

from Loic Tortay via jmc@