checks userland-parsing vs kernel parsing, we are hoping to spot another
bug..

calling it until those are fixed.

For now, this also still uses the existing realpath implmentation
and emits a syslog if we see differening results. Once we have run
with that for a little while we will remove the old code
ok deraadt@

Fixes malloc_conceal...freezero with malloc options C and/or G.

triggered by a question from Jan Stary <hans at stare dot cz> on misc@;
OK otto@

i.e. those other than LC_CTYPE, into the CAVEATS section, and
standardize wording somewhat.
OK jmc@

counterparts but return memory in pages marked MAP_CONCEAL and on
free() freezero() is actually called.

allocate pages, don't call abort() because of corefile data leakage
concerns, but simply _exit().  The reasoning is _rs_init() will only
fail if someone finds a way to apply specific pressure against this
failure point, for the purpose of leaking information into a core which
they can read.  We don't need a corefile in this instance to debug that.
So take this "lever" away from whoever in the future wants to do that.

patch from Peter Piwowarski <peterjpiwowarski at gmail dot com>

the wrong idiom. ok tedu@ but probably needs some tweakin

ok tedu@

ok deraadt@ tedu@

* mention LC_COLLATE;
* clarify that all these functions are infested, including the *_l() versions;
* avoid ENVIRONMENT, these functions don't inspect it;
* and point to the C library functions that change the locale.
OK millert@

clearly stating which arguments have to be avoided, and mention the
header files defining the constants required for the checks.
Feedback and OK guenther@, OK bluhm@.

CAVEATS pointing to the new CAVEATS section in setlocale(3).
Make those in wprintf(3) and wscanf(3) more concise
since duplicate information is a bad idea.
Incompleteness of information originally pointed out by millert@.
OK millert@

by me and others indicate that it is the optimum.

making the number of pools variable.  Do not document the malloc
conf settings atm, don't know yet if they will stay.  Thanks to all
the testers. ok deraadt@

tested by many; ok florian@

patch from Hiltjo Posthuma <hiltjo at codemadness dot org>

now that there is essentially no malloc.conf;
text tweaked by deraadt; ok otto deraadt

libs have it, it is a function that is considered harmful, so:
Delete malloc_usable_size(). It is a function that blurs the line
between malloc managed memory and application managed memory and
exposes some of the internal workings of malloc.  If an application
relies on that, it is likely to break using another implementation
of malloc.  If you want usable size x, just allocate x bytes. ok
deraadt@ and other devs

PROTO_NORMAL().  Problem noted by deraadt@

The C implementation of str{,r}chr are not linked to the build, because
assembly implementations are used, but change to code for easier reference.
At least the i386 and amd64 are checked and seem to do the correct thing.
Found thanks to the csh any/strchr change.
minor pointers and OK millert@

With advice from jca@
OK jca@ millert@

don't need to use sys/param.h at all, guess which one i believe is
greater namespace polution
ok otto

ok guenther kettenis

- Start with a full page of struct region_info's
- Save an mprotect in the init code: allocate 3 pages with none and
make the middle page r/w instead of a r/w allocation and two calls to make the
guard pages none

junked
- freezero(): only clear requested size

came also up with this diff. Simple, no bias and benchmarks show the extra
random calls disappear in te measurement noise.

but at that time ffs function calls were generated instead of the
compiler inlining the code.  Now that ffs is marked protected in
libc this is handled better.  Thanks to kshe who prompted me to
look at this again.

dance, mark it protected.  This works better for both gcc and clang: gcc
blocks overriding of internal calls, while clang permits inlining again.
ok otto@